Norbert Pocs 
							
						 
					 
					
						
						
						
						
							
						
						
							2341f1769d 
							
						 
					 
					
						
						
							
							Fix minor issues with openssh-9.0p1-evp-fips-dh.patch  
						
						... 
						
						
						
						- Check return values
- Use EVP API to get the size of DH
Signed-off-by: Norbert Pocs <npocs@redhat.com> 
						
					 
					
						2023-05-25 09:27:33 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							6f7c765ed4 
							
						 
					 
					
						
						
							
							Audit logging patch was not applied  
						
						... 
						
						
						
						Resolves: rhbz#2177471 
						
					 
					
						2023-04-14 10:38:37 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							1506e0825c 
							
						 
					 
					
						
						
							
							If SHA1 signatures are not permitted, try to fallback to SHA2  
						
						... 
						
						
						
						SHA1 is insecure now, and is forbidden in RHEL and will be forbidden in
several crypto-policies in Fedora in some future. This patch adds
detection of SHA1 signatures availability and, if not available,
enforces fallback to SHA2. 
						
					 
					
						2023-04-14 10:32:06 +02:00 
						 
				 
			
				
					
						
							
							
								Norbert Pocs 
							
						 
					 
					
						
						
						
						
							
						
						
							b63272d9eb 
							
						 
					 
					
						
						
							
							Make the sign, dh, ecdh processes FIPS compliant  
						
						... 
						
						
						
						FIPS compliancy can be stated by using only compliant crypto
functions. This is achieved by using EVP API from openssl 3.0
version. The solution uses a non-intrusive approach - instead
of rewriting everything to use EVP API it converts the data
to it at the critical places.
Signed-off-by: Norbert Pocs <npocs@redhat.com> 
						
					 
					
						2023-04-13 19:12:46 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							745da74ea2 
							
						 
					 
					
						
						
							
							Fix self-DoS  
						
						... 
						
						
						
						Resolves: CVE-2023-25136
Remove too aggressive coverity fix causing native tests failure 
						
					 
					
						2023-04-13 18:14:19 +02:00 
						 
				 
			
				
					
						
							
							
								Florian Weimer 
							
						 
					 
					
						
						
						
						
							
						
						
							d5591fb5ab 
							
						 
					 
					
						
						
							
							C99 compatiblity fixes  
						
						... 
						
						
						
						Apply upstream patches from the portable OpenSSH project to fix
C99 compatibility issues in the configure script.
For the PAM agent integration, apply a custom downstream fix,
as the proposed upstream changes have not been merged yet.
Related to:
  <https://fedoraproject.org/wiki/Changes/PortingToModernC >
  <https://fedoraproject.org/wiki/Toolchain/PortingToModernC > 
						
					 
					
						2023-04-12 12:07:21 +02:00 
						 
				 
			
				
					
						
							
							
								Timothée Ravier 
							
						 
					 
					
						
						
						
						
							
						
						
							e3597c03f1 
							
						 
					 
					
						
						
							
							Make sshd & sshd@ units want ssh-host-keys-migration.service  
						
						... 
						
						
						
						Enabling the unit via the presets does not enable it on
Silverblue/Kinoite/Sericea & IoT as we don't re-preset all units like
it's done in Fedora CoreOS.
See: https://pagure.io/workstation-ostree-config/pull-request/246 
Instead, have the sshd & sshd@ service unit `Wants` the
ssh-host-keys-migration service unit so that it's pulled-in only when
sshd is effectively enabled and in all cases.
See: https://src.fedoraproject.org/rpms/fedora-release/pull-request/253 
See: https://bugzilla.redhat.com/show_bug.cgi?id=2172956 
See: https://src.fedoraproject.org/rpms/fedora-release/pull-request/252  
						
					 
					
						2023-03-14 17:17:24 +01:00 
						 
				 
			
				
					
						
							
							
								Zoltan Fridrich 
							
						 
					 
					
						
						
						
						
							
						
						
							3a98e6f607 
							
						 
					 
					
						
						
							
							Add sk-dummy subpackage for test purposes  
						
						... 
						
						
						
						Resolves: rhbz#2176795
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com> 
						
					 
					
						2023-03-13 13:22:28 +01:00 
						 
				 
			
				
					
						
							
							
								Dusty Mabe 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							21fd6bef5b 
							
						 
					 
					
						
						
							
							Make ssh-host key migration less conditional  
						
						... 
						
						
						
						If there is a case where some host keys don't have correct
permissions then they won't get migrated. Let's make the
migration script attempt migration for the rest of the keys
too. 
						
					 
					
						2023-03-06 09:55:13 -05:00 
						 
				 
			
				
					
						
							
							
								Dusty Mabe 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							1076e61bfd 
							
						 
					 
					
						
						
							
							Mark /var/lib/.ssh-host-keys-migration as %ghost file  
						
						
						
					 
					
						2023-03-06 09:55:13 -05:00 
						 
				 
			
				
					
						
							
							
								Dusty Mabe 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							08d842d5e8 
							
						 
					 
					
						
						
							
							Use a service unit to strip ssh_keys group from host keys (rhbz#2172956)  
						
						... 
						
						
						
						Use a systemd service unit to strip the ssh_keys group and change the
mode for host keys. This ensure that this migration is done right before
the openssh server startup on all kind of systems, either RPM or
rpm-ostree based.
Use a marker file to only do this once. We need to keep this service
unit for two Fedora releases so we will be able to remove it in Fedora
40.
See: https://fedoraproject.org/wiki/Changes/SSHKeySignSuidBit 
Fixes: 7a21555https://bugzilla.redhat.com/show_bug.cgi?id=2172956 
Co-authored-by: Timothée Ravier <tim@siosm.fr> 
						
					 
					
						2023-03-03 09:56:51 -05:00 
						 
				 
			
				
					
						
							
							
								Dusty Mabe 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							937ee4760a 
							
						 
					 
					
						
						
							
							update date in changelog entry  
						
						... 
						
						
						
						This entry is out of chronological order, which means we get a
warning/error every time. I'm just updating here to the commitdate
of the commit, which puts everything back in chronological order. 
						
					 
					
						2023-03-02 11:57:38 -05:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							45028601a3 
							
						 
					 
					
						
						
							
							We dont install openssh.conf file  
						
						
						
					 
					
						2023-01-23 16:01:47 +01:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							7a21555354 
							
						 
					 
					
						
						
							
							Get rid of ssh_keys group for new installations  
						
						
						
					 
					
						2023-01-23 16:01:47 +01:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							b615362fd0 
							
						 
					 
					
						
						
							
							Restore upstream default host key permissions (rhbz#2141272)  
						
						
						
					 
					
						2023-01-23 16:01:47 +01:00 
						 
				 
			
				
					
						
							
							
								Fedora Release Engineering 
							
						 
					 
					
						
						
						
						
							
						
						
							cc56e874e8 
							
						 
					 
					
						
						
							
							Rebuilt for  https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild  
						
						... 
						
						
						
						Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org> 
						
					 
					
						2023-01-19 22:57:59 +00:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							c9904c7c8a 
							
						 
					 
					
						
						
							
							Fix build against updated OpenSSL  
						
						... 
						
						
						
						Resolves: rhbz#2158966 
						
					 
					
						2023-01-09 12:48:20 +01:00 
						 
				 
			
				
					
						
							
							
								Norbert Pocs 
							
						 
					 
					
						
						
						
						
							
						
						
							ebc2a70dee 
							
						 
					 
					
						
						
							
							Add additional audit loggin  
						
						... 
						
						
						
						Additional information audited about the SSH key used to log in
Resolves: rhbz#2049947
Signed-off-by: Norbert Pocs <npocs@redhat.com> 
						
					 
					
						2022-10-24 19:22:09 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							f79c122b0b 
							
						 
					 
					
						
						
							
							Check IP opts length  
						
						... 
						
						
						
						Resolves: rhbz#1960015 
						
					 
					
						2022-10-21 17:53:00 +02:00 
						 
				 
			
				
					
						
							
							
								Anthony Rabbito 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							09b309fe0e 
							
						 
					 
					
						
						
							
							bump release after rebase  
						
						... 
						
						
						
						Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com> 
						
					 
					
						2022-10-05 20:01:41 -04:00 
						 
				 
			
				
					
						
							
							
								Anthony Rabbito 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							499c2eb7ec 
							
						 
					 
					
						
						
							
							fix: source order  
						
						... 
						
						
						
						Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com> 
						
					 
					
						2022-10-05 19:58:14 -04:00 
						 
				 
			
				
					
						
							
							
								Anthony Rabbito 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							11b8701db9 
							
						 
					 
					
						
						
							
							fix(ssh-agent): remove the socket in ExecStartPre  
						
						... 
						
						
						
						Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com> 
						
					 
					
						2022-10-05 19:58:14 -04:00 
						 
				 
			
				
					
						
							
							
								Anthony Rabbito 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							9417892cb7 
							
						 
					 
					
						
						
							
							openssh-clients: create a user socket unit for ssh-agent (rhbz#2125576)  
						
						... 
						
						
						
						Signed-off-by: Anthony Rabbito <hello@anthonyrabbito.com> 
						
					 
					
						2022-10-05 19:58:11 -04:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							aa843e85ee 
							
						 
					 
					
						
						
							
							RSAMinSize => RequiredRSASize  
						
						
						
					 
					
						2022-09-29 15:42:34 +02:00 
						 
				 
			
				
					
						
							
							
								Luca BRUNO 
							
						 
					 
					
						
						
						
						
							
						
						
							26c275d66e 
							
						 
					 
					
						
						
							
							openssh: move users/groups creation logic to sysusers.d fragments  
						
						... 
						
						
						
						See https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation  
						
					 
					
						2022-09-02 14:47:11 +00:00 
						 
				 
			
				
					
						
							
							
								Alexander Sosedkin 
							
						 
					 
					
						
						
						
						
							
						
						
							42b22d9ad2 
							
						 
					 
					
						
						
							
							Mark HostbasedAcceptedAlgorithms as governed by crypto-policies  
						
						
						
					 
					
						2022-08-24 13:11:22 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							483723014e 
							
						 
					 
					
						
						
							
							Port patches from CentOS - RSAMinSize  
						
						... 
						
						
						
						Related: rhbz#2117264 
						
					 
					
						2022-08-17 10:06:13 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							03150f6281 
							
						 
					 
					
						
						
							
							OpenSSH Rebase to 9.0p1  
						
						... 
						
						
						
						Related: rhbz#2057466 
						
					 
					
						2022-08-15 09:28:25 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							9fd6981674 
							
						 
					 
					
						
						
							
							Add patches from CentOS/RHEL9.1  
						
						... 
						
						
						
						Related: rhbz#2117264 
						
					 
					
						2022-08-10 19:58:47 +02:00 
						 
				 
			
				
					
						
							
							
								Luca BRUNO 
							
						 
					 
					
						
						
						
						
							
						
						
							14d7b86a50 
							
						 
					 
					
						
						
							
							openssh: use allocated static GID for 'ssh_keys' group (rhbz#2104595)  
						
						... 
						
						
						
						This uses the static GID 101 allocated for group `ssh_keys`.
See FPC ticket for discussion/approval.
Ref: https://pagure.io/packaging-committee/issue/1188 
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2104595  
						
					 
					
						2022-08-01 15:15:08 +00:00 
						 
				 
			
				
					
						
							
							
								Fedora Release Engineering 
							
						 
					 
					
						
						
						
						
							
						
						
							5b072577e1 
							
						 
					 
					
						
						
							
							Rebuilt for  https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild  
						
						... 
						
						
						
						Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org> 
						
					 
					
						2022-07-22 02:14:56 +00:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							ae82569b18 
							
						 
					 
					
						
						
							
							Disable locale forwarding in OpenSSH  
						
						... 
						
						
						
						Resolves: rhbz#2002739 
						
					 
					
						2022-04-29 11:43:53 +02:00 
						 
				 
			
				
					
						
							
							
								Cedric Staniewski 
							
						 
					 
					
						
						
						
						
							
						
						
							95d45cee50 
							
						 
					 
					
						
						
							
							Build gnome-ssh-askpass against gtk3  
						
						
						
					 
					
						2022-03-02 21:59:26 +01:00 
						 
				 
			
				
					
						
							
							
								Jay W 
							
						 
					 
					
						
						
						
						
							
						
						
							bffeef3c12 
							
						 
					 
					
						
						
							
							Update openssh.spec to allow flatpak builds  
						
						
						
					 
					
						2022-02-09 16:10:10 +00:00 
						 
				 
			
				
					
						
							
							
								Fedora Release Engineering 
							
						 
					 
					
						
						
						
						
							
						
						
							6c5dd84a55 
							
						 
					 
					
						
						
							
							- Rebuilt for  https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild  
						
						... 
						
						
						
						Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org> 
						
					 
					
						2022-01-20 22:29:14 +00:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							4dc9d9b4f9 
							
						 
					 
					
						
						
							
							Correct order of source files  
						
						... 
						
						
						
						Related: 2007967 
						
					 
					
						2021-11-29 15:39:14 +01:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							7b76af5292 
							
						 
					 
					
						
						
							
							OpenSSH 8.8p1 rebase  
						
						... 
						
						
						
						Related: rhbz#2007967 
						
					 
					
						2021-11-29 14:37:28 +01:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							c5e4c28ae1 
							
						 
					 
					
						
						
							
							Upstream fix for CVE-2021-41617  
						
						... 
						
						
						
						Resolves: rhbz#2008292 
						
					 
					
						2021-09-29 13:39:26 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							72aea69dd8 
							
						 
					 
					
						
						
							
							fixup! OpenSSH 8.7p1 patches rebase  
						
						
						
					 
					
						2021-09-16 16:13:20 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							640f2450c4 
							
						 
					 
					
						
						
							
							fixup! OpenSSH 8.7p1 patches rebase  
						
						
						
					 
					
						2021-09-16 16:04:36 +02:00 
						 
				 
			
				
					
						
							
							
								Sahana Prasad 
							
						 
					 
					
						
						
						
						
							
						
						
							4d585ee5a4 
							
						 
					 
					
						
						
							
							Rebuilt with OpenSSL 3.0.0  
						
						
						
					 
					
						2021-09-14 19:10:22 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							8f4d190341 
							
						 
					 
					
						
						
							
							OpenSSH 8.7p1 patches rebase  
						
						
						
					 
					
						2021-09-01 16:35:39 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							b8319d7f17 
							
						 
					 
					
						
						
							
							spec and sources updated  
						
						
						
					 
					
						2021-09-01 16:35:39 +02:00 
						 
				 
			
				
					
						
							
							
								Fedora Release Engineering 
							
						 
					 
					
						
						
						
						
							
						
						
							bdde8987e3 
							
						 
					 
					
						
						
							
							- Rebuilt for  https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild  
						
						... 
						
						
						
						Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org> 
						
					 
					
						2021-07-22 17:20:35 +00:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							d761d9a626 
							
						 
					 
					
						
						
							
							restore the blocking mode on standard output - upstream  
						
						... 
						
						
						
						Resolves: rhbz#1942901 
						
					 
					
						2021-06-21 13:12:47 +02:00 
						 
				 
			
				
					
						
							
							
								Timm Bäder 
							
						 
					 
					
						
						
						
						
							
						
						
							2f2c30932e 
							
						 
					 
					
						
						
							
							Use %set_build_flags to set build flags  
						
						... 
						
						
						
						The previous version fo the spec file was trying to append flags to e.g.
LDFLAGS, but those are empty without doing a %set_build_flags first.
Use %set_build_flags to populate all build flags. 
						
					 
					
						2021-05-25 08:10:41 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							5e2b7dfb9e 
							
						 
					 
					
						
						
							
							Missing version bump  
						
						... 
						
						
						
						Resolves: rhbz#1963059 
						
					 
					
						2021-05-21 18:09:44 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							fddba54ba2 
							
						 
					 
					
						
						
							
							Hostbased ssh authentication fails if session ID contains a '/'  
						
						... 
						
						
						
						Resolves: rhbz#1963059 
						
					 
					
						2021-05-21 17:57:13 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							4d4feb650d 
							
						 
					 
					
						
						
							
							restore the blocking mode on standard output  
						
						... 
						
						
						
						Resolves rhbz#1942901 
						
					 
					
						2021-05-10 11:30:58 +02:00 
						 
				 
			
				
					
						
							
							
								Dmitry Belyavskiy 
							
						 
					 
					
						
						
						
						
							
						
						
							ac2648baae 
							
						 
					 
					
						
						
							
							pam_auth version bump  
						
						
						
					 
					
						2021-04-30 17:06:28 +02:00