rpms/openssh
6
0
Fork 2
Code Issues Pull Requests Releases Activity
1,253 Commits 15 Branches 108 Tags 10 MiB
c10s
Commit Graph

1253 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dmitry Belyavskiy
0eb85c5308 Support of hybrid MLKEM key exchange methods in FIPS mode 
Resolves: RHEL-125929
 2025-12-12 12:55:41 +01:00
Dmitry Belyavskiy
2c179221a3 Adding a mechanism to disable GSSAPIDelegateCredentials in sshd_config 
Resolves: RHEL-5281
 2025-12-05 16:36:17 +01:00
Zoltan Fridrich
40f5f26708 CVE-2025-61985: Reject URL-strings with NULL characters 
Resolves: RHEL-128388

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-12-05 10:27:33 +01:00
Zoltan Fridrich
3ed25d6be7 CVE-2025-61984: Reject usernames with control characters 
Resolves: RHEL-128399

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-12-05 10:24:20 +01:00
Dmitry Belyavskiy
d6c153ae72 Implement mlkem768nistp256-sha256 and mlkem1024nistp384-sha384 KEX methods 
Resolves: RHEL-70824
 2025-11-03 12:56:38 +01:00
Zoltan Fridrich
bf1cef9a73 Canonicalize username when matching a user 
Resolves: RHEL-101440

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-10-29 16:05:17 +01:00
Zoltan Fridrich
24c1261105 Fix implicit destination path selection when source path ends with ".." 
Resolves: RHEL-118406

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-10-29 16:05:17 +01:00
Dmitry Belyavskiy
5be8bc1b40 Relax GSS Kex restriction in FIPS mode 
Resolves: RHEL-91181
 2025-09-15 15:36:27 +02:00
Dmitry Belyavskiy
ab204f7870 Allow non-cryptographical use of MD5 in GSS Kex in FIPS mode 
Related: RHEL-91181
 2025-09-02 12:41:17 +02:00
Dmitry Belyavskiy
79ecdd9f8c Relax GSS Kex restriction in FIPS mode 
Resolves: RHEL-91181
 2025-08-04 15:54:13 +02:00
Zoltan Fridrich
2303b82ca8 Move the redhat help message to debug1 log level 
Resolves: RHEL-93957

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-07-17 15:02:56 +02:00
Dmitry Belyavskiy
f897faab42 Support for authentication indicators in OpenSSH 
Resolves: RHEL-40790
 2025-06-26 17:00:42 +02:00
Zoltan Fridrich
b5213cc0b3 Ignore bad hostkeys in known_hosts file 
Resolves: RHEL-83644

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-04-30 15:58:51 +02:00
Zoltan Fridrich
86023c8a72 Provide better error for non-supported private keys 
Resolves: RHEL-68124

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-04-29 12:32:20 +02:00
Zoltan Fridrich
f4e43bc272 CVE-2025-32728: Fix logic error in DisableForwarding option 
Resolves: RHEL-86819

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-04-29 12:32:10 +02:00
Dmitry Belyavskiy
f218c44b65 Supress systemd warning 
Resolves: RHEL-84816
 2025-04-17 11:55:01 +02:00
Dmitry Belyavskiy
5d9e98be09 Correct processing of Compression directive 
Resolves: RHEL-68346
 2025-03-20 13:42:58 +01:00
Dmitry Belyavskiy
02b3faa9d1 OpenSSH should not use its own implementation of MLKEM 
Resolves: RHEL-58252
 2025-03-20 12:23:04 +01:00
Dmitry Belyavskiy
747a4a8376 rebuilt 
Related: RHEL-78699
 2025-02-18 18:08:09 +01:00
Dmitry Belyavskiy
3b2fe2b8e6 OpenSSH error code issues 
Fix missing error codes set and invalid error code checks in OpenSSH. It
prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS
is on (CVE-2025-26465, CVE-2025-26466).

Resolves: RHEL-78699
Resolves: RHEL-78943
 2025-02-18 10:59:20 +01:00
Dmitry Belyavskiy
006127a476 Fix regression of Match directive processing 
Related: RHEL-76317
 2025-02-13 12:29:58 +01:00
Dmitry Belyavskiy
b182959e95 Avoid linking issues for openssl logging 
Related: RHEL-63190
 2025-01-27 13:25:09 +01:00
Dmitry Belyavskiy
35bf325387 Fix regression of Match directive processing 
Resolves: RHEL-76317
 2025-01-27 12:38:23 +01:00
Troy Dawson
84c0936017 Bump release for October 2024 mass rebuild: 
Resolves: RHEL-64018
 2024-10-29 08:53:07 -07:00
Dmitry Belyavskiy
15a3247272 Fix MLKEM for BE platforms 
Related: RHEL-60564
 2024-10-28 17:49:18 +01:00
Dmitry Belyavskiy
6ec986a4e3 Provide details on crypto error instead of "error in libcrypto" 
Resolves: RHEL-63190
 2024-10-22 11:57:53 +02:00
Dmitry Belyavskiy
ebb51c8cab Extra help information should not be printed if stderr is not a TTY 
Resolves: RHEL-63061
 2024-10-18 16:14:10 +02:00
Dmitry Belyavskiy
84ad70de57 Add extra help information on ssh early failure 
Resolves: RHEL-62718
 2024-10-15 13:47:43 +02:00
Dmitry Belyavskiy
ebf2d5fd08 Resolve memory management issues after rebase 
Related: RHEL-60564
 2024-10-15 13:46:17 +02:00
Zoltan Fridrich
384febcdc2 Gssapi-keyex: fix issues found by static analysis 
Related: RHEL-60564

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-10-14 16:05:48 +02:00
Dmitry Belyavskiy
0802365f07 Use FIPS KEX defaults in FIPS mode 
Resolves: RHEL-58986
 2024-10-11 14:15:51 +02:00
Dmitry Belyavskiy
2a4f84e7ce Separate ssh-keysign to a dedicated package 
Resolves: RHEL-62112
 2024-10-11 12:19:11 +02:00
Dmitry Belyavskiy
07172f36c4 Update to OpenSSH 9.9p1 
Resolves: RHEL-60564
 2024-10-10 12:30:39 +02:00
Dmitry Belyavskiy
d84f5f5164 Rebuilt 
Related: RHEL-59024
 2024-09-16 17:31:52 +02:00
Dmitry Belyavskiy
01503ba517 Remove redundant patches 
Related: RHEL-42635
 2024-08-29 21:18:20 +02:00
Dmitry Belyavskiy
262bb33bcb "publickey-hostbound@openssh.com" extension makes no sense with GSS 
Related: RHEL-42635
 2024-08-29 21:18:20 +02:00
Zoltan Fridrich
5c31606342 Merge patches from gsskex regressions 
Related: RHEL-42635

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-08-28 13:10:19 +02:00
Zoltan Fridrich
fc550bd771 Add missing gsskeyex authentication method 
Related: RHEL-42635

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-08-28 10:49:04 +02:00
Dmitry Belyavskiy
78bb33ab57 Restore GSS connectivity when no hostkeys are present 
Related: RHEL-42635
 2024-08-27 13:57:46 +02:00
Dmitry Belyavskiy
303ff5b834 Remove obsoleted patches 
Related: RHEL-42635
 2024-08-16 13:23:18 +02:00
Dmitry Belyavskiy
dd7a5a9d22 Address SAST scan issues 
Resolves: RHEL-36766
 2024-08-16 12:26:57 +02:00
Miluse Bezo Konecna
acc18112a5 remove tests directory 2024-08-06 14:09:01 +02:00
Dmitry Belyavskiy
ba81972425 Reenabling self-test on rpm build 
Related: RHEL-42635
 2024-08-05 16:36:20 +02:00
Dmitry Belyavskiy
ce2e80c1d0 sshd doesn't propose to enter password again when a non-existing user is specified 
Resolves: RHEL-11981
 2024-08-05 13:03:20 +02:00
Miluse Bezo Konecna
a26f247c4f Fix gating.yaml 2024-07-31 10:22:02 +02:00
Miluse Bezo Konecna
3d59a15439 gating CI - fix in plans 2024-07-31 08:08:00 +00:00
Dmitry Belyavskiy
f1bd13208d Use FIPS-compatible API for key derivation RHEL-10 
Resolves: RHEL-43592
 2024-07-26 16:15:19 +02:00
Dmitry Belyavskiy
1c01acf847 Change ssh-keygen defaults in FIPS mode 
Resolves: RHEL-37324
 2024-07-26 13:18:20 +02:00
Dmitry Belyavskiy
7a357709f5 Temporary disabling self-test 
Related: RHEL-42635
 2024-07-25 19:43:02 +02:00
Dmitry Belyavskiy
089d798931 Rebase OpenSSH to 9.8p1 
Resolves: RHEL-42635
 2024-07-25 15:30:04 +02:00