Commit Graph

56 Commits

Author SHA1 Message Date
Dmitry Belyavskiy
d925600c40 Set minimal value of RSA key length via configuration option
Related: rhbz#2066882
2022-08-16 19:33:50 +02:00
Dmitry Belyavskiy
a0db6b2b7f Avoid spirous message on connecting to the machine with ssh-rsa keys
Related: rhbz#2115246
2022-08-16 14:32:50 +02:00
Dmitry Belyavskiy
b53c538acd IBMCA workaround
Related: rhbz#1976202
2022-08-04 14:37:20 +02:00
Zoltan Fridrich
1d30b84a88 Fix openssh-8.7p1-scp-clears-file.patch
Related: rhbz#2056884

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-07-26 16:14:15 +02:00
Dmitry Belyavskiy
9591af3b1d FIX pam_ssh_agent_auth auth for RSA keys
Related: rhbz#2070113
2022-07-15 16:52:19 +02:00
Zoltan Fridrich
9697eecfeb Fix new coverity issues
Related: rhbz#2068423

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-07-15 10:20:09 +02:00
Dmitry Belyavskiy
d23afae05f Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
2022-07-14 16:15:05 +02:00
Zoltan Fridrich
e8622f8c21 Don't propose disallowed algorithms during hostkey negotiation
Resolves: rhbz#2068423

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-07-14 13:05:12 +02:00
Dmitry Belyavskiy
b17ff3bc91 Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
2022-07-14 12:23:52 +02:00
Dmitry Belyavskiy
0d823b2f2a Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
2022-07-13 16:24:55 +02:00
Zoltan Fridrich
821045a148 Add reference for policy customization in ssh/sshd_config manpages
Resolves: rhbz#1984575

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-07-12 15:32:37 +02:00
Dmitry Belyavskiy
3990967629 Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
2022-07-12 13:37:26 +02:00
Dmitry Belyavskiy
32a82650cf Disable sntrup761x25519-sha512 in FIPS mode
Related: rhbz#2070628
2022-07-12 13:37:24 +02:00
Zoltan Fridrich
fd0d5a4f44 Fix host-based authentication with rsa keys
Resolves: rhbz#2088916

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-07-12 11:52:38 +02:00
Zoltan Fridrich
9bf7b4f39d Fix gssapi authentication failures
Resolves: rhbz#2091023

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-07-12 11:52:38 +02:00
Zoltan Fridrich
585620b0f1 Fix several memory leaks
Related: rhbz#2068423

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-07-12 11:52:38 +02:00
Zoltan Fridrich
afede72d91 Add missing options from ssh_config into ssh manpage
Resolves: rhbz#2033372

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-07-12 11:52:38 +02:00
Zoltan Fridrich
c958ea0a38 Fix scp clearing file when src and dest are the same
Resolves: rhbz#2056884

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-07-11 15:35:31 +02:00
Dmitry Belyavskiy
d0bf0e31d9 Use EVP functions for RSA and EC key generation
Related: rhbz#2087121
2022-07-11 11:55:08 +02:00
Dmitry Belyavskiy
4b21ae5fcb Set minimal value of RSA key length via configuration option
Related: rhbz#2066882
2022-07-11 11:55:08 +02:00
Zoltan Fridrich
e11cd77fd3 Change log level of FIPS specific log message to verbose
Resolves: rhbz#2102201

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-06-30 09:03:28 +02:00
Zoltan Fridrich
1325e1f087 Change product name from Fedora to RHEL in openssh-7.8p1-UsePAM-warning.patch
Resolves: rhbz#2064338

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-06-30 09:03:28 +02:00
Zoltan Fridrich
abf0321b6d Update minimize-sha1-use.patch to use upstream code
Related: rhbz#2031868, rhbz#2064338

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2022-06-30 09:02:44 +02:00
Dmitry Belyavskiy
cf05a27ed6 Workaround for RHEL 8 incompatibility in scp utility in SFTP mode
Related: rhbz#2038854
2022-02-22 13:06:07 +01:00
Dmitry Belyavskiy
14950508f7 Switch to SFTP protocol in scp utility by default - various improvements
Workaround for RHEL 8 incompatibility in scp utility in SFTP mode
Related: rhbz#2001002
Related: rhbz#2038854
2022-02-07 13:07:00 +01:00
Dmitry Belyavskiy
0b7faaf14a Switch to SFTP protocol in scp utility by default - upstream fixes
Related: rhbz#2001002
2022-02-02 16:26:40 +01:00
Dmitry Belyavskiy
829ee6e4ad Fix SSH connection to localhost not possible in FIPS
Related: rhbz#2031868
2021-12-21 12:02:25 +01:00
Dmitry Belyavskiy
bf1985329d - Fix ssh-keygen -Y find-principals -f /dev/null -s /dev/null segfault
Related: rhbz#2024902
2021-11-29 16:16:28 +01:00
Dmitry Belyavskiy
581a7d826d Fix memory leaks introduced in OpenSSH 8.7
Related: rhbz#2001002
2021-10-25 11:16:17 +02:00
Dmitry Belyavskiy
6e19d4fb57 Disable locale forwarding in default configurations
Related: rhbz#2002734
2021-10-19 15:24:12 +02:00
Dmitry Belyavskiy
aa1b338db7 Upstream fix for CVE-2021-41617
Resolves: rhbz#2008886
2021-10-01 13:27:42 +02:00
Dmitry Belyavskiy
f32839a5e4 Disabling SCP protocol as much as possible
Resolves: rhbz#2001002
2021-09-24 16:51:04 +02:00
Dmitry Belyavskiy
f9e5ded9dd Rebasing to OpenSSH 8.7p1
Resolves: rhbz#2001002
2021-09-24 16:19:18 +02:00
Dmitry Belyavskiy
62d88b35f1 Sources and spec changes
Resolves: rhbz#2001002
2021-09-24 15:39:42 +02:00
Mohan Boddu
64353fc305 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-08-09 22:44:13 +00:00
Florian Weimer
92c05eeef4 Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097)
Related: #1984097
2021-07-28 12:14:58 +02:00
Aleksandra Fedorova
0ae3cbf206 Add RHEL gating configuration 2021-07-15 03:21:40 +02:00
Dmitry Belyavskiy
b82d680780 Upstream patch for restoring nonblock state
Resolves: rhbz#1952957
2021-06-21 12:42:32 +02:00
Mohan Boddu
ff6bdd331f Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-06-16 03:34:28 +00:00
Dmitry Belyavskiy
0695fda02c Remove the recommendation of p11-kit
As p11-kit is installed anyway and is not a hard requirement, it is
removed from the list of Recommended packages.

Resolves: rhbz#1947904
2021-06-03 13:26:44 +02:00
Dmitry Belyavskiy
d1f2edbe8b Avoid warnings about deprecated functions
Resolves: rhbz#1952451
2021-06-01 16:40:12 +02:00
Dmitry Belyavskiy
9b598f2165 Hostbased ssh authentication fails if session ID contains a '/'
Resolves: rhbz#1963058
2021-05-21 18:13:23 +02:00
Dmitry Belyavskiy
d0754b1a8d Hostbased ssh authentication fails if session ID contains a '/'
Resolves: rhbz#1963058
2021-05-21 17:48:40 +02:00
Dmitry Belyavskiy
c3e6e4a2e6 Missing patch
Resolves: rhbz#1952957
2021-05-10 11:20:08 +02:00
Dmitry Belyavskiy
d075fa1cd6 Fixing broken GSS KEX beginning with (GSI-)OpenSSH 8.0p1
Resolves: rhbz#1957306
2021-05-06 16:19:14 +02:00
Dmitry Belyavskiy
9dff9c0419 Rebase from openssh 8.5p1 to 8.6p1
Resolves: rhbz#1952957
2021-05-06 16:19:14 +02:00
Mohan Boddu
dd942e6d52 - Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
2021-04-16 02:42:35 +00:00
Dmitry Belyavskiy
9254840e21 Coverity fixes for 8.5p1 (#1938831)
Resolves: #1938831
2021-04-13 13:31:46 +02:00
DistroBaker
d029bb77ce Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssh.git#44aae310bd4e0f19369ea1c91ada03334f29c843
2021-03-22 10:10:25 +00:00
DistroBaker
fa840d638a Merged update from upstream sources
This is an automated DistroBaker update from upstream sources.
If you do not know what this is about or would like to opt out,
contact the OSCI team.

Source: https://src.fedoraproject.org/rpms/openssh.git#7347a743857953a9b79c93e166117fbe0173e6a3
2021-02-03 01:51:54 +00:00