Troy Dawson
|
84c0936017
|
Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
|
2024-10-29 08:53:07 -07:00 |
|
Dmitry Belyavskiy
|
15a3247272
|
Fix MLKEM for BE platforms
Related: RHEL-60564
|
2024-10-28 17:49:18 +01:00 |
|
Dmitry Belyavskiy
|
6ec986a4e3
|
Provide details on crypto error instead of "error in libcrypto"
Resolves: RHEL-63190
|
2024-10-22 11:57:53 +02:00 |
|
Dmitry Belyavskiy
|
ebb51c8cab
|
Extra help information should not be printed if stderr is not a TTY
Resolves: RHEL-63061
|
2024-10-18 16:14:10 +02:00 |
|
Dmitry Belyavskiy
|
84ad70de57
|
Add extra help information on ssh early failure
Resolves: RHEL-62718
|
2024-10-15 13:47:43 +02:00 |
|
Dmitry Belyavskiy
|
ebf2d5fd08
|
Resolve memory management issues after rebase
Related: RHEL-60564
|
2024-10-15 13:46:17 +02:00 |
|
Dmitry Belyavskiy
|
0802365f07
|
Use FIPS KEX defaults in FIPS mode
Resolves: RHEL-58986
|
2024-10-11 14:15:51 +02:00 |
|
Dmitry Belyavskiy
|
2a4f84e7ce
|
Separate ssh-keysign to a dedicated package
Resolves: RHEL-62112
|
2024-10-11 12:19:11 +02:00 |
|
Dmitry Belyavskiy
|
07172f36c4
|
Update to OpenSSH 9.9p1
Resolves: RHEL-60564
|
2024-10-10 12:30:39 +02:00 |
|
Dmitry Belyavskiy
|
d84f5f5164
|
Rebuilt
Related: RHEL-59024
|
2024-09-16 17:31:52 +02:00 |
|
Dmitry Belyavskiy
|
262bb33bcb
|
"publickey-hostbound@openssh.com" extension makes no sense with GSS
Related: RHEL-42635
|
2024-08-29 21:18:20 +02:00 |
|
Zoltan Fridrich
|
5c31606342
|
Merge patches from gsskex regressions
Related: RHEL-42635
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2024-08-28 13:10:19 +02:00 |
|
Zoltan Fridrich
|
fc550bd771
|
Add missing gsskeyex authentication method
Related: RHEL-42635
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2024-08-28 10:49:04 +02:00 |
|
Dmitry Belyavskiy
|
78bb33ab57
|
Restore GSS connectivity when no hostkeys are present
Related: RHEL-42635
|
2024-08-27 13:57:46 +02:00 |
|
Dmitry Belyavskiy
|
303ff5b834
|
Remove obsoleted patches
Related: RHEL-42635
|
2024-08-16 13:23:18 +02:00 |
|
Dmitry Belyavskiy
|
dd7a5a9d22
|
Address SAST scan issues
Resolves: RHEL-36766
|
2024-08-16 12:26:57 +02:00 |
|
Dmitry Belyavskiy
|
ba81972425
|
Reenabling self-test on rpm build
Related: RHEL-42635
|
2024-08-05 16:36:20 +02:00 |
|
Dmitry Belyavskiy
|
ce2e80c1d0
|
sshd doesn't propose to enter password again when a non-existing user is specified
Resolves: RHEL-11981
|
2024-08-05 13:03:20 +02:00 |
|
Dmitry Belyavskiy
|
f1bd13208d
|
Use FIPS-compatible API for key derivation RHEL-10
Resolves: RHEL-43592
|
2024-07-26 16:15:19 +02:00 |
|
Dmitry Belyavskiy
|
1c01acf847
|
Change ssh-keygen defaults in FIPS mode
Resolves: RHEL-37324
|
2024-07-26 13:18:20 +02:00 |
|
Dmitry Belyavskiy
|
7a357709f5
|
Temporary disabling self-test
Related: RHEL-42635
|
2024-07-25 19:43:02 +02:00 |
|
Dmitry Belyavskiy
|
089d798931
|
Rebase OpenSSH to 9.8p1
Resolves: RHEL-42635
|
2024-07-25 15:30:04 +02:00 |
|
Zoltan Fridrich
|
2231e36337
|
Remove pam_ssh_agent_auth subpackage
Resolves: RHEL-45002
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2024-07-12 10:28:59 +02:00 |
|
Zoltan Fridrich
|
0f2df32d18
|
Build OpenSSH without ENGINE API
Resolves: RHEL-45507
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2024-07-12 10:28:08 +02:00 |
|
Troy Dawson
|
8f0ad5fe82
|
Bump release for June 2024 mass rebuild
|
2024-06-24 09:06:11 -07:00 |
|
Zoltan Fridrich
|
d23ed33031
|
Make default key sizes configurable in sshd-keygen
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2024-05-10 10:22:49 +02:00 |
|
Zoltan Fridrich
|
2e80dd6896
|
Correctly audit hostname and IP address
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2024-05-09 17:06:11 +02:00 |
|
Fedora Release Engineering
|
2f41ca7cd3
|
Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
2024-01-25 11:29:57 +00:00 |
|
Fedora Release Engineering
|
d089d5f71b
|
Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
|
2024-01-21 11:22:01 +00:00 |
|
Dmitry Belyavskiy
|
f238307bdf
|
Applying patches to rebase to OpenSSH 9.6p1
Based on Damien Milnes' PR
https://src.fedoraproject.org/rpms/openssh/pull-request/63
Also rebasing openssh-8.0p1-pkcs11-uri.patch to 9.6 by Dmitry Belyavskiy
|
2024-01-12 16:04:03 +01:00 |
|
Florian Weimer
|
87ae5d1d5a
|
Fix type errors in downstream gssapi-keyex patch
Related to:
<https://fedoraproject.org/wiki/Changes/PortingToModernC>
<https://fedoraproject.org/wiki/Toolchain/PortingToModernC>
|
2023-12-22 17:01:38 +01:00 |
|
Mattias Ellert
|
5c1da775a9
|
Fix issue with read-only ssh buffer during gssapi key exchange
(rhbz#1938224)
https://github.com/openssh-gsskex/openssh-gsskex/pull/19
|
2023-10-16 22:26:16 +02:00 |
|
Mattias Ellert
|
4f07bfcfe1
|
Fix FTBFS due to implicit declarations (rhbz#2241211)
|
2023-10-15 06:42:32 +02:00 |
|
Dmitry Belyavskiy
|
d3cd3f2851
|
migrated to SPDX license
|
2023-09-19 12:19:43 +02:00 |
|
Timothée Ravier
|
f98acbdc5d
|
Revert "Remove sshd.socket unit"
This reverts commit 8a294387d0 .
This change has been pushed to Fedora 40 and is pending discussion /
voting from FESCo.
See: https://pagure.io/fesco/issue/3062
See: https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket
|
2023-09-15 10:22:41 +02:00 |
|
Jakub Jelen
|
d77b1b790a
|
pkcs11: Add support for 'serial' in PKCS#11 URI
The patch was updated by the upstream MR
https://github.com/openssh/openssh-portable/pull/406
by npocs@redhat.com
|
2023-08-11 15:04:18 +02:00 |
|
Dmitry Belyavskiy
|
c7af8ecb76
|
Minor optimization of ssh_krb5_kuserok
Resolves: rhbz#2112501
|
2023-08-03 11:06:10 +02:00 |
|
Dmitry Belyavskiy
|
8a294387d0
|
Remove sshd.socket unit
Resolves: rhbz#2025716
|
2023-08-03 10:38:48 +02:00 |
|
Dmitry Belyavskiy
|
f4f5944e31
|
Disable forking of ssh-agent on startup
Resoves: rhbz#2148555
|
2023-08-03 10:32:24 +02:00 |
|
Dmitry Belyavskiy
|
ec2f61e2cf
|
Split including crypto-policies to a separate config
Resolves: rhbz#1970566
|
2023-08-03 10:25:50 +02:00 |
|
Dmitry Belyavskiy
|
147ab2eb19
|
relax checks of the OpenSSL version
|
2023-08-01 14:19:16 +02:00 |
|
Mattias Ellert
|
c04e468b07
|
Update gssapi-keyex patch for OpenSSH 9.0+
userauth_gsskeyex must have the same argument as userauth_gssapi
method_gsskeyex must have the same members as method_gssapi
|
2023-07-26 23:28:39 +02:00 |
|
Dmitry Belyavskiy
|
c3494feffe
|
Fix remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
|
2023-07-21 17:00:23 +02:00 |
|
Fedora Release Engineering
|
9fd130d8eb
|
Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
|
2023-07-20 18:12:08 +00:00 |
|
Norbert Pocs
|
8f5b8fd2c5
|
Revert "pkcs11: Add support for 'serial' in PKCS#11 URI"
This reverts commit e39f11e77c .
The patch has some problems (the pkcs11 downstream test is failing)
and needs more investigation
|
2023-06-13 14:38:59 +02:00 |
|
Norbert Pocs
|
c5082a3f81
|
Merge gssapi-keyex and gssapi-auth
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-06-08 13:58:01 +02:00 |
|
Norbert Pocs
|
2b67ec48c2
|
Merge manpage crypto-policies related patches
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-06-08 13:57:42 +02:00 |
|
Norbert Pocs
|
fb40f0afda
|
Merge evp related patches
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-06-08 13:57:23 +02:00 |
|
Norbert Pocs
|
141d7b2d4a
|
Remove deprecated usage of %patchN
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-06-08 13:56:15 +02:00 |
|
Dmitry Belyavskiy
|
d5fd076ab3
|
Updating specfile
|
2023-06-07 12:15:31 +02:00 |
|