rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity
138 Commits 9 Branches 61 Tags 11 MiB
ff6d597308
Commit Graph

135 Commits

Author SHA1 Message Date
Tomáš Mráz
ff6d597308 - enable use of ssl engines (#481100) 2009-01-30 15:44:41 +00:00
Tomáš Mráz
6a5e296ba7 - remove obsolete --with-rsh (#478298) 
- add pam_sepermit to allow blocking confined users in permissive mode
    (#471746)
- move system-auth after pam_selinux in the session stack
 2009-01-15 10:52:07 +00:00
Tomáš Mráz
9e5c6ecd02 - set FD_CLOEXEC on channel sockets (#475866) 
- adjust summary
- adjust nss-keys patch so it is applicable without selinux patches
    (#470859)
 2008-12-11 21:48:41 +00:00
Tomáš Mráz
b9a07ad737 - fix compatibility with some servers (#466818) 2008-10-17 08:34:36 +00:00
Tomáš Mráz
578f0d08a9 - fixed zero length banner problem (#457326) 2008-07-31 09:22:18 +00:00
Tomáš Mráz
ec5276165c - rediff for no fuzz 2008-07-23 17:33:16 +00:00
Tomáš Mráz
09510adc7c - rediff for zero fuzz tolerance 2008-07-23 16:30:14 +00:00
Tomáš Mráz
93a4744539 - upgrade to new upstream release 
- fixed a problem with public key authentication and explicitely specified
    SELinux role
 2008-07-23 14:50:23 +00:00
Tomáš Mráz
077dad7320 - pass the connection socket to ssh-keysign (#447680) 2008-05-21 08:16:23 +00:00
Tomáš Mráz
1961bc12e6 - add LANGUAGE to accepted/sent environment variables (#443231) 
- use pam_selinux to obtain the user context instead of doing it itself
- unbreak server keep alive settings (patch from upstream)
- small addition to scp manpage
 2008-05-19 16:53:29 +00:00
Tomáš Mráz
ca47f63941 - upgrade to new upstream (#441066) 
- prevent initscript from killing itself on halt with upstart (#438449)
- initscript status should show that the daemon is running only when the
    main daemon is still alive (#430882)
 2008-04-07 20:14:31 +00:00
Tomáš Mráz
2cb0e73a4e - set FD_CLOEXEC on client socket 
- apply real fix for window size problem (#286181) from upstream
- apply fix for the spurious failed bind from upstream
- apply open handle leak in sftp fix from upstream
 2008-02-29 16:34:03 +00:00
Dennis Gilmore
91bdf496cd we build sparc32 sparcv9 by default now it needed adding to the -fPIE list 2008-02-13 03:52:43 +00:00
Tomáš Mráz
993dd1a3db - fix gssapi auth with explicit selinux role requested (#427303) - patch by 
Nalin Dahyabhai
 2008-01-03 17:45:59 +00:00
Tomáš Mráz
3457e3e00f - explicitly source krb5-devel profile script 2007-12-04 19:03:49 +00:00
Tomáš Mráz
2cc09c66ed - explicitly source krb5-devel profile script 
- rebuild for openssl bump
 2007-12-04 18:58:25 +00:00
Jesse Keating
9eac427785 - Rebuild for openssl bump 2007-12-04 18:47:33 +00:00
Tomáš Mráz
320a1c8f0e - localtime in chroot no longer needed 2007-11-20 18:38:37 +00:00
Tomáš Mráz
0a9a4072ef - must require ncurses-devel for libedit 2007-11-20 18:26:30 +00:00
Tomáš Mráz
b1ffa00b4c - version bump 2007-11-20 15:04:37 +00:00
Tomáš Mráz
8b8c4dc83c - do not copy /etc/localtime into the chroot as it is not necessary anymore 
(#193184)
- call setkeycreatecon when selinux context is established
- test for NULL privk when freeing key (#391871) - patch by Pierre Ossman
 2007-11-20 14:53:45 +00:00
Tomáš Mráz
95be083504 - revert default window size adjustments (#286181) 2007-09-17 21:33:02 +00:00
Tomáš Mráz
c9833c96a4 - upgrade to latest upstream 
- use libedit in sftp (#203009)
- fixed audit log injection problem (CVE-2007-3102)
 2007-09-06 19:49:16 +00:00
Tomáš Mráz
f370730d3b - fix sftp client problems on write error (#247802) 
- allow disabling autocreation of server keys (#235466)
 2007-08-09 18:33:41 +00:00
Tomáš Mráz
fc2f31df03 - oops committed testing only change 2007-06-20 19:33:53 +00:00
Tomáš Mráz
0092bbd526 - add buildrequires nss-devel to build with the nss-keys patch 2007-06-20 19:11:49 +00:00
Tomáš Mráz
c3274ccb32 - experimental NSS keys support 
- correctly setup context when empty level requested (#234951)
 2007-06-20 17:47:18 +00:00
Tomáš Mráz
7210c0162a - mls level check must be done with default role same as requested 2007-03-20 09:13:40 +00:00
Tomáš Mráz
b40baab181 - make profile.d/gnome-ssh-askpass.* regular files (#226218) 2007-03-19 11:57:36 +00:00
Tomáš Mráz
546fdd9f47 - reject connection if requested mls range is not obtained (#229278) 2007-03-01 08:28:22 +00:00
Tomáš Mráz
9d725bd1ab - improve Buildroot 
- remove duplicate /etc/ssh from files
 2007-02-22 13:00:51 +00:00
Tomáš Mráz
c2b35d09c0 - support mls on labeled networks (#220487) 
- support mls level selection on unlabeled networks
- allow / in usernames in scp (only beginning /, ./, and ../ is special)
 2007-01-16 20:58:00 +00:00
Tomáš Mráz
45f17da853 - buildrequire tcp_wrappers-devel 2006-12-21 13:59:55 +00:00
Tomáš Mráz
ad07b998ed - update to 4.5p1 (#212606) 2006-12-21 13:42:47 +00:00
Tomáš Mráz
914284ff3f - fix gssapi with DNS loadbalanced clusters (#216857) 2006-11-30 10:50:12 +00:00
Tomáš Mráz
d63dc67db7 - improved pam_session patch so it doesn't regress, the patch is necessary 
for the pam_session_close to be called correctly as uid 0
 2006-11-28 21:14:50 +00:00
Tomáš Mráz
ad61b116d1 - CVE-2006-5794 - properly detect failed key verify in monitor (#214641) 2006-11-10 10:00:04 +00:00
Tomáš Mráz
19675afc7c - merge sshd initscript patches 
- kill all ssh sessions when stop is called in halt or reboot runlevel
- remove -TERM option from killproc so we don't race on sshd restart
 2006-11-02 13:33:37 +00:00
Tomáš Mráz
7114c4238b - improve gssapi-no-spnego patch (#208102) 
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
- CVE-2006-5051 - don't call cleanups from signal handler (#208459)
 2006-10-02 17:35:50 +00:00
Tomáš Mráz
ac4818c499 - don't report duplicate syslog messages, use correct local time (#189158) 
- don't allow spnego as gssapi mechanism (from upstream)
- fixed memleaks found by Coverity (from upstream)
- allow ip options except source routing (#202856) (patch by HP)
 2006-08-23 21:06:38 +00:00
Tomáš Mráz
c12d6ba86c - drop the pam-session patch from the previous build (#201341) 
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
 2006-08-08 11:58:33 +00:00
Tomáš Mráz
762e407bd5 - dropped old ssh obsoletes 
- call the pam_session_open/close from the monitor when privsep is enabled
    so it is always called as root (patch by Darren Tucker)
 2006-07-20 11:06:42 +00:00
Tomáš Mráz
ef32423955 - improve selinux patch (by Jan Kiszka) 
- upstream patch for buffer append space error (#191940)
- fixed typo in configure.ac (#198986)
- added pam_keyinit to pam configuration (#198628)
- improved error message when askpass dialog cannot grab keyboard input
    (#198332)
- buildrequires xauth instead of xorg-x11-xauth
- fixed a few rpmlint warnings
 2006-07-17 14:09:15 +00:00
Jesse Keating
d446e97b50 bumped for rebuild 2006-07-12 07:35:41 +00:00
Tomáš Mráz
7e1c558992 - don't request pseudoterminal allocation if stdin is not tty (#188983) 2006-04-14 08:26:10 +00:00
Tomáš Mráz
5f29aca399 - allow access if audit is not compiled in kernel (#183243) 2006-03-02 21:37:28 +00:00
Tomáš Mráz
e01ed66930 - enable the subprocess in chroot to send messages to system log 
- sshd should prevent login if audit call fails
 2006-02-24 14:07:41 +00:00
Tomáš Mráz
b5e849f024 - print error from scp if not remote (patch by Bjorn Augustsson #178923) 2006-02-21 16:00:42 +00:00
Tomáš Mráz
f16d34eebb - new version 2006-02-13 14:11:41 +00:00
Jesse Keating
3de0ff3efe bump for bug in double-long on ppc(64) 2006-02-11 04:53:48 +00:00