Dmitry Belyavskiy
|
3b9345d0dc
|
Version bump
|
2023-07-25 02:54:36 +00:00 |
|
Dmitry Belyavskiy
|
edaf6c0fb4
|
Avoid remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
|
2023-07-20 12:10:35 +02:00 |
|
Dmitry Belyavskiy
|
6fa799e1aa
|
Avoid remote code execution in ssh-agent PKCS#11 support
Resolves: CVE-2023-38408
|
2023-07-20 12:02:42 +02:00 |
|
Dmitry Belyavskiy
|
c5140cafa3
|
Allow specifying validity interval in UTC
Resolves: rhbz#2115043
|
2023-06-14 11:15:41 +02:00 |
Norbert Pocs
|
415f8e730b
|
Clarify rhbz#2068423 on the ssh_config man page
Resolves: rhbz#2209096
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-06-02 09:16:33 +02:00 |
|
Norbert Pocs
|
6b2353418c
|
Fix regression in pkcs11 introduced in the previous patch
Resolves: rhbz#2207793
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-05-25 09:22:24 +02:00 |
|
Norbert Pocs
|
48718a1a72
|
Delete unneeded debug messages from fips-compl-dh patch
Related: rhbz#2091694
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-05-25 09:17:38 +02:00 |
|
Norbert Pocs
|
1490ffd3e0
|
Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch
- Check return values
- Use EVP API to get the size of DH
Related: rhbz#2091694
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-05-16 15:50:52 +02:00 |
|
Norbert Pocs
|
587d7b215f
|
Add FIPS compliance efforts for dh, ecdh and signing
Resolves: rhbz#2091694
Signed-off-by: Norbert Pocs <npocs@redhat.com>
|
2023-05-03 15:52:40 +02:00 |
|
Dmitry Belyavskiy
|
b5ba5af997
|
Eliminating remnants of SHA1 usage in OpenSSH
Resolves: rhbz#2070163
|
2023-04-28 16:04:07 +02:00 |
|
Dmitry Belyavskiy
|
cc7d7a5730
|
Some non-terminating processes were listening on ports.
Resolves: rhbz#2177768
|
2023-04-20 17:29:37 +02:00 |
|
Dmitry Belyavskiy
|
f7003be68c
|
Resolve possible self-DoS with some clients
Resolves: rhbz#2186473
|
2023-04-13 14:24:35 +02:00 |
|
Dmitry Belyavskiy
|
42aa6f597e
|
Do not try to use SHA1 for host key ownership proof when we don't support it server-side
Related: rhbz#2088750
|
2023-01-13 15:24:38 +01:00 |
|
Dmitry Belyavskiy
|
ebbbfce0aa
|
Do not try to use SHA1 for host key ownership proof when we don't support it server-side
Resolves: rhbz#2088750
|
2023-01-12 16:16:08 +01:00 |
Zoltan Fridrich
|
5cfb97500b
|
Add sk-dummy subpackage for test purposes
Resolves: rhbz#2092780
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2023-01-12 11:23:15 +01:00 |
|
Dmitry Belyavskiy
|
6f747825fa
|
Minor cleanups from upstream
Fix one-byte overflow in SSH banner processing
Resolves: rhbz#2138345
Fix double free() in error path
Resolves: rhbz#2138347
|
2023-01-06 11:57:27 +01:00 |
|
Dmitry Belyavskiy
|
b0f3205a21
|
- Build fix after OpenSSL rebase
Resolves: rhbz#2153626
|
2022-12-16 11:52:54 +01:00 |
|
Dmitry Belyavskiy
|
ad9644f74c
|
Set minimal value of RSA key length via configuration option
Added a support for our name as alias.
Resolves: rhbz#2128352
|
2022-09-23 11:14:03 +02:00 |
|
Dmitry Belyavskiy
|
d4ff0b8809
|
Set minimal value of RSA key length via configuration option
Resolves: rhbz#2128352
|
2022-09-22 14:48:29 +02:00 |
|
Dmitry Belyavskiy
|
d925600c40
|
Set minimal value of RSA key length via configuration option
Related: rhbz#2066882
|
2022-08-16 19:33:50 +02:00 |
|
Dmitry Belyavskiy
|
a0db6b2b7f
|
Avoid spirous message on connecting to the machine with ssh-rsa keys
Related: rhbz#2115246
|
2022-08-16 14:32:50 +02:00 |
|
Dmitry Belyavskiy
|
b53c538acd
|
IBMCA workaround
Related: rhbz#1976202
|
2022-08-04 14:37:20 +02:00 |
|
Zoltan Fridrich
|
1d30b84a88
|
Fix openssh-8.7p1-scp-clears-file.patch
Related: rhbz#2056884
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-26 16:14:15 +02:00 |
|
Dmitry Belyavskiy
|
9591af3b1d
|
FIX pam_ssh_agent_auth auth for RSA keys
Related: rhbz#2070113
|
2022-07-15 16:52:19 +02:00 |
|
Zoltan Fridrich
|
9697eecfeb
|
Fix new coverity issues
Related: rhbz#2068423
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-15 10:20:09 +02:00 |
|
Dmitry Belyavskiy
|
d23afae05f
|
Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
|
2022-07-14 16:15:05 +02:00 |
|
Zoltan Fridrich
|
e8622f8c21
|
Don't propose disallowed algorithms during hostkey negotiation
Resolves: rhbz#2068423
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-14 13:05:12 +02:00 |
|
Dmitry Belyavskiy
|
b17ff3bc91
|
Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
|
2022-07-14 12:23:52 +02:00 |
|
Dmitry Belyavskiy
|
0d823b2f2a
|
Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
|
2022-07-13 16:24:55 +02:00 |
|
Zoltan Fridrich
|
821045a148
|
Add reference for policy customization in ssh/sshd_config manpages
Resolves: rhbz#1984575
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 15:32:37 +02:00 |
|
Dmitry Belyavskiy
|
3990967629
|
Disable ed25519 and ed25519-sk keys in FIPS mode
Related: rhbz#2087915
|
2022-07-12 13:37:26 +02:00 |
|
Dmitry Belyavskiy
|
32a82650cf
|
Disable sntrup761x25519-sha512 in FIPS mode
Related: rhbz#2070628
|
2022-07-12 13:37:24 +02:00 |
|
Zoltan Fridrich
|
fd0d5a4f44
|
Fix host-based authentication with rsa keys
Resolves: rhbz#2088916
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 11:52:38 +02:00 |
|
Zoltan Fridrich
|
9bf7b4f39d
|
Fix gssapi authentication failures
Resolves: rhbz#2091023
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 11:52:38 +02:00 |
|
Zoltan Fridrich
|
585620b0f1
|
Fix several memory leaks
Related: rhbz#2068423
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 11:52:38 +02:00 |
|
Zoltan Fridrich
|
afede72d91
|
Add missing options from ssh_config into ssh manpage
Resolves: rhbz#2033372
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-12 11:52:38 +02:00 |
|
Zoltan Fridrich
|
c958ea0a38
|
Fix scp clearing file when src and dest are the same
Resolves: rhbz#2056884
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-07-11 15:35:31 +02:00 |
|
Dmitry Belyavskiy
|
d0bf0e31d9
|
Use EVP functions for RSA and EC key generation
Related: rhbz#2087121
|
2022-07-11 11:55:08 +02:00 |
|
Dmitry Belyavskiy
|
4b21ae5fcb
|
Set minimal value of RSA key length via configuration option
Related: rhbz#2066882
|
2022-07-11 11:55:08 +02:00 |
|
Zoltan Fridrich
|
e11cd77fd3
|
Change log level of FIPS specific log message to verbose
Resolves: rhbz#2102201
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-06-30 09:03:28 +02:00 |
|
Zoltan Fridrich
|
1325e1f087
|
Change product name from Fedora to RHEL in openssh-7.8p1-UsePAM-warning.patch
Resolves: rhbz#2064338
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-06-30 09:03:28 +02:00 |
|
Zoltan Fridrich
|
abf0321b6d
|
Update minimize-sha1-use.patch to use upstream code
Related: rhbz#2031868, rhbz#2064338
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
|
2022-06-30 09:02:44 +02:00 |
|
Dmitry Belyavskiy
|
cf05a27ed6
|
Workaround for RHEL 8 incompatibility in scp utility in SFTP mode
Related: rhbz#2038854
|
2022-02-22 13:06:07 +01:00 |
|
Dmitry Belyavskiy
|
14950508f7
|
Switch to SFTP protocol in scp utility by default - various improvements
Workaround for RHEL 8 incompatibility in scp utility in SFTP mode
Related: rhbz#2001002
Related: rhbz#2038854
|
2022-02-07 13:07:00 +01:00 |
|
Dmitry Belyavskiy
|
0b7faaf14a
|
Switch to SFTP protocol in scp utility by default - upstream fixes
Related: rhbz#2001002
|
2022-02-02 16:26:40 +01:00 |
|
Dmitry Belyavskiy
|
829ee6e4ad
|
Fix SSH connection to localhost not possible in FIPS
Related: rhbz#2031868
|
2021-12-21 12:02:25 +01:00 |
|
Dmitry Belyavskiy
|
bf1985329d
|
- Fix `ssh-keygen -Y find-principals -f /dev/null -s /dev/null` segfault
Related: rhbz#2024902
|
2021-11-29 16:16:28 +01:00 |
|
Dmitry Belyavskiy
|
581a7d826d
|
Fix memory leaks introduced in OpenSSH 8.7
Related: rhbz#2001002
|
2021-10-25 11:16:17 +02:00 |
|
Dmitry Belyavskiy
|
6e19d4fb57
|
Disable locale forwarding in default configurations
Related: rhbz#2002734
|
2021-10-19 15:24:12 +02:00 |
|
Dmitry Belyavskiy
|
aa1b338db7
|
Upstream fix for CVE-2021-41617
Resolves: rhbz#2008886
|
2021-10-01 13:27:42 +02:00 |