Dmitry Belyavskiy
|
42aa6f597e
|
Do not try to use SHA1 for host key ownership proof when we don't support it server-side
Related: rhbz#2088750
|
2023-01-13 15:24:38 +01:00 |
|
Dmitry Belyavskiy
|
ebbbfce0aa
|
Do not try to use SHA1 for host key ownership proof when we don't support it server-side
Resolves: rhbz#2088750
|
2023-01-12 16:16:08 +01:00 |
|
Zoltan Fridrich
|
5cfb97500b
|
Add sk-dummy subpackage for test purposes
Resolves: rhbz#2092780
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2023-01-12 11:23:15 +01:00 |
|
Dmitry Belyavskiy
|
6f747825fa
|
Minor cleanups from upstream
Fix one-byte overflow in SSH banner processing
Resolves: rhbz#2138345
Fix double free() in error path
Resolves: rhbz#2138347
|
2023-01-06 11:57:27 +01:00 |
|
Dmitry Belyavskiy
|
b0f3205a21
|
- Build fix after OpenSSL rebase
Resolves: rhbz#2153626
|
2022-12-16 11:52:54 +01:00 |
|
Dmitry Belyavskiy
|
ad9644f74c
|
Set minimal value of RSA key length via configuration option
Added a support for our name as alias.
Resolves: rhbz#2128352
|
2022-09-23 11:14:03 +02:00 |
|
Dmitry Belyavskiy
|
d4ff0b8809
|
Set minimal value of RSA key length via configuration option
Resolves: rhbz#2128352
|
2022-09-22 14:48:29 +02:00 |
|
Dmitry Belyavskiy
|
d925600c40
|
Set minimal value of RSA key length via configuration option
Related: rhbz#2066882
|
2022-08-16 19:33:50 +02:00 |
|
Dmitry Belyavskiy
|
a0db6b2b7f
|
Avoid spirous message on connecting to the machine with ssh-rsa keys
Related: rhbz#2115246
|
2022-08-16 14:32:50 +02:00 |
|
Dmitry Belyavskiy
|
b53c538acd
|
IBMCA workaround
Related: rhbz#1976202
|
2022-08-04 14:37:20 +02:00 |
|
Zoltan Fridrich
|
1d30b84a88
|
Fix openssh-8.7p1-scp-clears-file.patch
Related: rhbz#2056884
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-26 16:14:15 +02:00 |
|
Dmitry Belyavskiy
|
9591af3b1d
|
FIX pam_ssh_agent_auth auth for RSA keys
Related: rhbz#2070113
|
2022-07-15 16:52:19 +02:00 |
|
Zoltan Fridrich
|
9697eecfeb
|
Fix new coverity issues
Related: rhbz#2068423
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-15 10:20:09 +02:00 |
|
Dmitry Belyavskiy
|
d23afae05f
|
Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
|
2022-07-14 16:15:05 +02:00 |
|
Zoltan Fridrich
|
e8622f8c21
|
Don't propose disallowed algorithms during hostkey negotiation
Resolves: rhbz#2068423
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-14 13:05:12 +02:00 |
|
Dmitry Belyavskiy
|
b17ff3bc91
|
Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
|
2022-07-14 12:23:52 +02:00 |
|
Dmitry Belyavskiy
|
0d823b2f2a
|
Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
|
2022-07-13 16:24:55 +02:00 |
|
Zoltan Fridrich
|
821045a148
|
Add reference for policy customization in ssh/sshd_config manpages
Resolves: rhbz#1984575
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 15:32:37 +02:00 |
|
Dmitry Belyavskiy
|
3990967629
|
Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
|
2022-07-12 13:37:26 +02:00 |
|
Dmitry Belyavskiy
|
32a82650cf
|
Disable sntrup761x25519-sha512 in FIPS mode
Related: rhbz#2070628
|
2022-07-12 13:37:24 +02:00 |
|
Zoltan Fridrich
|
fd0d5a4f44
|
Fix host-based authentication with rsa keys
Resolves: rhbz#2088916
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 11:52:38 +02:00 |
|
Zoltan Fridrich
|
9bf7b4f39d
|
Fix gssapi authentication failures
Resolves: rhbz#2091023
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 11:52:38 +02:00 |
|
Zoltan Fridrich
|
585620b0f1
|
Fix several memory leaks
Related: rhbz#2068423
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 11:52:38 +02:00 |
|
Zoltan Fridrich
|
afede72d91
|
Add missing options from ssh_config into ssh manpage
Resolves: rhbz#2033372
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 11:52:38 +02:00 |
|
Zoltan Fridrich
|
c958ea0a38
|
Fix scp clearing file when src and dest are the same
Resolves: rhbz#2056884
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-11 15:35:31 +02:00 |
|
Dmitry Belyavskiy
|
d0bf0e31d9
|
Use EVP functions for RSA and EC key generation
Related: rhbz#2087121
|
2022-07-11 11:55:08 +02:00 |
|
Dmitry Belyavskiy
|
4b21ae5fcb
|
Set minimal value of RSA key length via configuration option
Related: rhbz#2066882
|
2022-07-11 11:55:08 +02:00 |
|
Zoltan Fridrich
|
e11cd77fd3
|
Change log level of FIPS specific log message to verbose
Resolves: rhbz#2102201
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-06-30 09:03:28 +02:00 |
|
Zoltan Fridrich
|
1325e1f087
|
Change product name from Fedora to RHEL in openssh-7.8p1-UsePAM-warning.patch
Resolves: rhbz#2064338
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-06-30 09:03:28 +02:00 |
|
Zoltan Fridrich
|
abf0321b6d
|
Update minimize-sha1-use.patch to use upstream code
Related: rhbz#2031868, rhbz#2064338
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-06-30 09:02:44 +02:00 |
|
Dmitry Belyavskiy
|
cf05a27ed6
|
Workaround for RHEL 8 incompatibility in scp utility in SFTP mode
Related: rhbz#2038854
|
2022-02-22 13:06:07 +01:00 |
|
Dmitry Belyavskiy
|
14950508f7
|
Switch to SFTP protocol in scp utility by default - various improvements
Workaround for RHEL 8 incompatibility in scp utility in SFTP mode
Related: rhbz#2001002
Related: rhbz#2038854
|
2022-02-07 13:07:00 +01:00 |
|
Dmitry Belyavskiy
|
0b7faaf14a
|
Switch to SFTP protocol in scp utility by default - upstream fixes
Related: rhbz#2001002
|
2022-02-02 16:26:40 +01:00 |
|
Dmitry Belyavskiy
|
829ee6e4ad
|
Fix SSH connection to localhost not possible in FIPS
Related: rhbz#2031868
|
2021-12-21 12:02:25 +01:00 |
|
Dmitry Belyavskiy
|
bf1985329d
|
- Fix ssh-keygen -Y find-principals -f /dev/null -s /dev/null segfault
Related: rhbz#2024902
|
2021-11-29 16:16:28 +01:00 |
|
Dmitry Belyavskiy
|
581a7d826d
|
Fix memory leaks introduced in OpenSSH 8.7
Related: rhbz#2001002
|
2021-10-25 11:16:17 +02:00 |
|
Dmitry Belyavskiy
|
6e19d4fb57
|
Disable locale forwarding in default configurations
Related: rhbz#2002734
|
2021-10-19 15:24:12 +02:00 |
|
Dmitry Belyavskiy
|
aa1b338db7
|
Upstream fix for CVE-2021-41617
Resolves: rhbz#2008886
|
2021-10-01 13:27:42 +02:00 |
|
Dmitry Belyavskiy
|
f32839a5e4
|
Disabling SCP protocol as much as possible
Resolves: rhbz#2001002
|
2021-09-24 16:51:04 +02:00 |
|
Dmitry Belyavskiy
|
f9e5ded9dd
|
Rebasing to OpenSSH 8.7p1
Resolves: rhbz#2001002
|
2021-09-24 16:19:18 +02:00 |
|
Dmitry Belyavskiy
|
62d88b35f1
|
Sources and spec changes
Resolves: rhbz#2001002
|
2021-09-24 15:39:42 +02:00 |
|
Mohan Boddu
|
64353fc305
|
Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
|
2021-08-09 22:44:13 +00:00 |
|
Florian Weimer
|
92c05eeef4
|
Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
Related: #1984097
|
2021-07-28 12:14:58 +02:00 |
|
Aleksandra Fedorova
|
0ae3cbf206
|
Add RHEL gating configuration
|
2021-07-15 03:21:40 +02:00 |
|
Dmitry Belyavskiy
|
b82d680780
|
Upstream patch for restoring nonblock state
Resolves: rhbz#1952957
|
2021-06-21 12:42:32 +02:00 |
|
Mohan Boddu
|
ff6bdd331f
|
Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
|
2021-06-16 03:34:28 +00:00 |
|
Dmitry Belyavskiy
|
0695fda02c
|
Remove the recommendation of p11-kit
As p11-kit is installed anyway and is not a hard requirement, it is
removed from the list of Recommended packages.
Resolves: rhbz#1947904
|
2021-06-03 13:26:44 +02:00 |
|
Dmitry Belyavskiy
|
d1f2edbe8b
|
Avoid warnings about deprecated functions
Resolves: rhbz#1952451
|
2021-06-01 16:40:12 +02:00 |
|
Dmitry Belyavskiy
|
9b598f2165
|
Hostbased ssh authentication fails if session ID contains a '/'
Resolves: rhbz#1963058
|
2021-05-21 18:13:23 +02:00 |
|
Dmitry Belyavskiy
|
d0754b1a8d
|
Hostbased ssh authentication fails if session ID contains a '/'
Resolves: rhbz#1963058
|
2021-05-21 17:48:40 +02:00 |
|