Commit Graph

909 Commits

Author SHA1 Message Date
Troy Dawson
84c0936017 Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
2024-10-29 08:53:07 -07:00
Dmitry Belyavskiy
15a3247272 Fix MLKEM for BE platforms
Related: RHEL-60564
2024-10-28 17:49:18 +01:00
Dmitry Belyavskiy
6ec986a4e3 Provide details on crypto error instead of "error in libcrypto"
Resolves: RHEL-63190
2024-10-22 11:57:53 +02:00
Dmitry Belyavskiy
ebb51c8cab Extra help information should not be printed if stderr is not a TTY
Resolves: RHEL-63061
2024-10-18 16:14:10 +02:00
Dmitry Belyavskiy
84ad70de57 Add extra help information on ssh early failure
Resolves: RHEL-62718
2024-10-15 13:47:43 +02:00
Dmitry Belyavskiy
ebf2d5fd08 Resolve memory management issues after rebase
Related: RHEL-60564
2024-10-15 13:46:17 +02:00
Dmitry Belyavskiy
0802365f07 Use FIPS KEX defaults in FIPS mode
Resolves: RHEL-58986
2024-10-11 14:15:51 +02:00
Dmitry Belyavskiy
2a4f84e7ce Separate ssh-keysign to a dedicated package
Resolves: RHEL-62112
2024-10-11 12:19:11 +02:00
Dmitry Belyavskiy
07172f36c4 Update to OpenSSH 9.9p1
Resolves: RHEL-60564
2024-10-10 12:30:39 +02:00
Dmitry Belyavskiy
d84f5f5164 Rebuilt
Related: RHEL-59024
2024-09-16 17:31:52 +02:00
Dmitry Belyavskiy
262bb33bcb "publickey-hostbound@openssh.com" extension makes no sense with GSS
Related: RHEL-42635
2024-08-29 21:18:20 +02:00
Zoltan Fridrich
5c31606342 Merge patches from gsskex regressions
Related: RHEL-42635

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-08-28 13:10:19 +02:00
Zoltan Fridrich
fc550bd771 Add missing gsskeyex authentication method
Related: RHEL-42635

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-08-28 10:49:04 +02:00
Dmitry Belyavskiy
78bb33ab57 Restore GSS connectivity when no hostkeys are present
Related: RHEL-42635
2024-08-27 13:57:46 +02:00
Dmitry Belyavskiy
303ff5b834 Remove obsoleted patches
Related: RHEL-42635
2024-08-16 13:23:18 +02:00
Dmitry Belyavskiy
dd7a5a9d22 Address SAST scan issues
Resolves: RHEL-36766
2024-08-16 12:26:57 +02:00
Dmitry Belyavskiy
ba81972425 Reenabling self-test on rpm build
Related: RHEL-42635
2024-08-05 16:36:20 +02:00
Dmitry Belyavskiy
ce2e80c1d0 sshd doesn't propose to enter password again when a non-existing user is specified
Resolves: RHEL-11981
2024-08-05 13:03:20 +02:00
Dmitry Belyavskiy
f1bd13208d Use FIPS-compatible API for key derivation RHEL-10
Resolves: RHEL-43592
2024-07-26 16:15:19 +02:00
Dmitry Belyavskiy
1c01acf847 Change ssh-keygen defaults in FIPS mode
Resolves: RHEL-37324
2024-07-26 13:18:20 +02:00
Dmitry Belyavskiy
7a357709f5 Temporary disabling self-test
Related: RHEL-42635
2024-07-25 19:43:02 +02:00
Dmitry Belyavskiy
089d798931 Rebase OpenSSH to 9.8p1
Resolves: RHEL-42635
2024-07-25 15:30:04 +02:00
Zoltan Fridrich
2231e36337 Remove pam_ssh_agent_auth subpackage
Resolves: RHEL-45002

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-07-12 10:28:59 +02:00
Zoltan Fridrich
0f2df32d18 Build OpenSSH without ENGINE API
Resolves: RHEL-45507

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-07-12 10:28:08 +02:00
Troy Dawson
8f0ad5fe82 Bump release for June 2024 mass rebuild 2024-06-24 09:06:11 -07:00
Zoltan Fridrich
d23ed33031 Make default key sizes configurable in sshd-keygen
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-05-10 10:22:49 +02:00
Zoltan Fridrich
2e80dd6896 Correctly audit hostname and IP address
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-05-09 17:06:11 +02:00
Fedora Release Engineering
2f41ca7cd3 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-25 11:29:57 +00:00
Fedora Release Engineering
d089d5f71b Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-21 11:22:01 +00:00
Dmitry Belyavskiy
f238307bdf Applying patches to rebase to OpenSSH 9.6p1
Based on Damien Milnes' PR
https://src.fedoraproject.org/rpms/openssh/pull-request/63

Also rebasing openssh-8.0p1-pkcs11-uri.patch to 9.6 by Dmitry Belyavskiy
2024-01-12 16:04:03 +01:00
Florian Weimer
87ae5d1d5a Fix type errors in downstream gssapi-keyex patch
Related to:

  <https://fedoraproject.org/wiki/Changes/PortingToModernC>
  <https://fedoraproject.org/wiki/Toolchain/PortingToModernC>
2023-12-22 17:01:38 +01:00
Mattias Ellert
5c1da775a9 Fix issue with read-only ssh buffer during gssapi key exchange
(rhbz#1938224)
https://github.com/openssh-gsskex/openssh-gsskex/pull/19
2023-10-16 22:26:16 +02:00
Mattias Ellert
4f07bfcfe1 Fix FTBFS due to implicit declarations (rhbz#2241211) 2023-10-15 06:42:32 +02:00
Dmitry Belyavskiy
d3cd3f2851 migrated to SPDX license 2023-09-19 12:19:43 +02:00
Timothée Ravier
f98acbdc5d Revert "Remove sshd.socket unit"
This reverts commit 8a294387d0.

This change has been pushed to Fedora 40 and is pending discussion /
voting from FESCo.

See: https://pagure.io/fesco/issue/3062
See: https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket
2023-09-15 10:22:41 +02:00
Jakub Jelen
d77b1b790a pkcs11: Add support for 'serial' in PKCS#11 URI
The patch was updated by the upstream MR
https://github.com/openssh/openssh-portable/pull/406
by npocs@redhat.com
2023-08-11 15:04:18 +02:00
Dmitry Belyavskiy
c7af8ecb76 Minor optimization of ssh_krb5_kuserok
Resolves: rhbz#2112501
2023-08-03 11:06:10 +02:00
Dmitry Belyavskiy
8a294387d0 Remove sshd.socket unit
Resolves: rhbz#2025716
2023-08-03 10:38:48 +02:00
Dmitry Belyavskiy
f4f5944e31 Disable forking of ssh-agent on startup
Resoves: rhbz#2148555
2023-08-03 10:32:24 +02:00
Dmitry Belyavskiy
ec2f61e2cf Split including crypto-policies to a separate config
Resolves: rhbz#1970566
2023-08-03 10:25:50 +02:00
Dmitry Belyavskiy
147ab2eb19 relax checks of the OpenSSL version 2023-08-01 14:19:16 +02:00
Mattias Ellert
c04e468b07 Update gssapi-keyex patch for OpenSSH 9.0+
userauth_gsskeyex must have the same argument as userauth_gssapi
method_gsskeyex must have the same members as method_gssapi
2023-07-26 23:28:39 +02:00
Dmitry Belyavskiy
c3494feffe Fix remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
2023-07-21 17:00:23 +02:00
Fedora Release Engineering
9fd130d8eb Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-20 18:12:08 +00:00
Norbert Pocs
8f5b8fd2c5 Revert "pkcs11: Add support for 'serial' in PKCS#11 URI"
This reverts commit e39f11e77c.

The patch has some problems (the pkcs11 downstream test is failing)
and needs more investigation
2023-06-13 14:38:59 +02:00
Norbert Pocs
c5082a3f81 Merge gssapi-keyex and gssapi-auth
Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-06-08 13:58:01 +02:00
Norbert Pocs
2b67ec48c2 Merge manpage crypto-policies related patches
Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-06-08 13:57:42 +02:00
Norbert Pocs
fb40f0afda Merge evp related patches
Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-06-08 13:57:23 +02:00
Norbert Pocs
141d7b2d4a Remove deprecated usage of %patchN
Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-06-08 13:56:15 +02:00
Dmitry Belyavskiy
d5fd076ab3 Updating specfile 2023-06-07 12:15:31 +02:00