rpms/openssh
5
0
Fork 1
Code Issues Pull Requests Releases Activity
95 Commits 11 Branches 68 Tags 7.7 MiB
2a4cfc7fd4
Commit Graph

86 Commits

Author SHA1 Message Date
Dmitry Belyavskiy
2a4cfc7fd4 Correct error code processing 
Fix missing error codes set and invalid error code checks in OpenSSH. It
prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS
is on (CVE-2025-26465).

Resolves: RHEL-78700
 2025-02-18 11:35:06 +01:00
Dmitry Belyavskiy
76b570ae7c Allow duplicate Subsystem directive 
Resolves: RHEL-47112
 2024-10-21 13:38:05 +02:00
Dmitry Belyavskiy
2282e9f646 Provide details on crypto error instead of "error in libcrypto" 
Resolves: RHEL-52293
 2024-10-21 13:36:43 +02:00
Dmitry Belyavskiy
48c1a09ba9 Add extra help information on ssh early failure 
Resolves: RHEL-33809
 2024-10-21 11:14:09 +02:00
Dmitry Belyavskiy
2a5b657c60 Possible remote code execution due to a race condition (CVE-2024-6409) 
Resolves: RHEL-45741
 2024-07-09 16:54:56 +02:00
Dmitry Belyavskiy
96149ae84f Possible remote code execution due to a race condition (CVE-2024-6387) 
Resolves: RHEL-45348
 2024-07-04 09:40:52 +02:00
Dmitry Belyavskiy
6ca18e235a Fix ssh multiplexing connect timeout processing 
Resolves: RHEL-37748
 2024-06-03 12:12:04 +02:00
Zoltan Fridrich
01178d1eef Make default key sizes configurable in sshd-keygen 
Resolves: RHEL-26454

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-05-09 12:53:59 +02:00
Zoltan Fridrich
7fedb4cdc0 Correctly audit hostname and IP address 
Resolves: RHEL-22316

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-05-09 12:53:59 +02:00
Dmitry Belyavskiy
03eff3f0f1 Use FIPS-compatible API for key derivation 
Resolves: RHEL-32809
 2024-04-25 10:07:32 +02:00
Dmitry Belyavskiy
2c2ea1d489 Fix Terrapin attack 
Resolves: CVE-2023-48795
 2024-01-05 14:43:26 +01:00
Dmitry Belyavskiy
4c42338c08 Fix Terrapin attack 
Resolves: CVE-2023-48795
 2024-01-05 14:28:02 +01:00
Dmitry Belyavskiy
8a8fae36ce Rebuild 
Related: RHEL-19789
 2023-12-21 13:43:57 +01:00
Dmitry Belyavskiy
0521bb1a51 Forbid shell metasymbols in username/hostname 
Resolves: CVE-2023-51385
 2023-12-20 12:20:37 +01:00
Dmitry Belyavskiy
d18e1c1119 Relax OpenSSH build-time checks for OpenSSL version 
Related: RHEL-4734
 2023-12-20 11:31:43 +01:00
Dmitry Belyavskiy
54fc8050ff Fix Terrapin attack 
Resolves: CVE-2023-48795
 2023-12-20 11:26:41 +01:00
Dmitry Belyavskiy
5838d35972 Move users/groups creation logic to sysusers.d fragments 
Resolves: RHEL-5222
 2023-10-24 14:22:42 +02:00
Dmitry Belyavskiy
a43be164ec Limit artificial delays in sshd while login using AD user 
Resolves: RHEL-2469
 2023-10-23 13:33:49 +02:00
Dmitry Belyavskiy
d8b51e8341 Relax OpenSSH checks for OpenSSL version 
Resolves: RHEL-4734
 2023-10-23 12:59:46 +02:00
Dmitry Belyavskiy
edaf6c0fb4 Avoid remote code execution in ssh-agent PKCS#11 support 
Resolves: CVE-2023-38408
 2023-07-20 12:10:35 +02:00
Dmitry Belyavskiy
c5140cafa3 Allow specifying validity interval in UTC 
Resolves: rhbz#2115043
 2023-06-14 11:15:41 +02:00
Norbert Pocs
415f8e730b Clarify rhbz#2068423 on the ssh_config man page 
Resolves: rhbz#2209096

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-06-02 09:16:33 +02:00
Norbert Pocs
6b2353418c Fix regression in pkcs11 introduced in the previous patch 
Resolves: rhbz#2207793

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-05-25 09:22:24 +02:00
Norbert Pocs
1490ffd3e0 Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch 
- Check return values
- Use EVP API to get the size of DH

Related: rhbz#2091694

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-05-16 15:50:52 +02:00
Norbert Pocs
587d7b215f Add FIPS compliance efforts for dh, ecdh and signing 
Resolves: rhbz#2091694

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-05-03 15:52:40 +02:00
Dmitry Belyavskiy
b5ba5af997 Eliminating remnants of SHA1 usage in OpenSSH 
Resolves: rhbz#2070163
 2023-04-28 16:04:07 +02:00
Dmitry Belyavskiy
cc7d7a5730 Some non-terminating processes were listening on ports. 
Resolves: rhbz#2177768
 2023-04-20 17:29:37 +02:00
Dmitry Belyavskiy
f7003be68c Resolve possible self-DoS with some clients 
Resolves: rhbz#2186473
 2023-04-13 14:24:35 +02:00
Dmitry Belyavskiy
ebbbfce0aa Do not try to use SHA1 for host key ownership proof when we don't support it server-side 
Resolves: rhbz#2088750
 2023-01-12 16:16:08 +01:00
Zoltan Fridrich
5cfb97500b Add sk-dummy subpackage for test purposes 
Resolves: rhbz#2092780

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2023-01-12 11:23:15 +01:00
Dmitry Belyavskiy
6f747825fa Minor cleanups from upstream 
Fix one-byte overflow in SSH banner processing
Resolves: rhbz#2138345
Fix double free() in error path
Resolves: rhbz#2138347
 2023-01-06 11:57:27 +01:00
Dmitry Belyavskiy
b0f3205a21 - Build fix after OpenSSL rebase 
Resolves: rhbz#2153626
 2022-12-16 11:52:54 +01:00
Dmitry Belyavskiy
ad9644f74c Set minimal value of RSA key length via configuration option 
Added a support for our name as alias.

Resolves: rhbz#2128352
 2022-09-23 11:14:03 +02:00
Dmitry Belyavskiy
d4ff0b8809 Set minimal value of RSA key length via configuration option 
Resolves: rhbz#2128352
 2022-09-22 14:48:29 +02:00
Dmitry Belyavskiy
d925600c40 Set minimal value of RSA key length via configuration option 
Related: rhbz#2066882
 2022-08-16 19:33:50 +02:00
Dmitry Belyavskiy
a0db6b2b7f Avoid spirous message on connecting to the machine with ssh-rsa keys 
Related: rhbz#2115246
 2022-08-16 14:32:50 +02:00
Dmitry Belyavskiy
b53c538acd IBMCA workaround 
Related: rhbz#1976202
 2022-08-04 14:37:20 +02:00
Zoltan Fridrich
1d30b84a88 Fix openssh-8.7p1-scp-clears-file.patch 
Related: rhbz#2056884

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-26 16:14:15 +02:00
Dmitry Belyavskiy
9591af3b1d FIX pam_ssh_agent_auth auth for RSA keys 
Related: rhbz#2070113
 2022-07-15 16:52:19 +02:00
Zoltan Fridrich
9697eecfeb Fix new coverity issues 
Related: rhbz#2068423

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-15 10:20:09 +02:00
Dmitry Belyavskiy
d23afae05f Disable ed25519 and ed25519-sk keys in FIPS mode 
Related: rhbz#2087915
 2022-07-14 16:15:05 +02:00
Zoltan Fridrich
e8622f8c21 Don't propose disallowed algorithms during hostkey negotiation 
Resolves: rhbz#2068423

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-14 13:05:12 +02:00
Dmitry Belyavskiy
b17ff3bc91 Disable ed25519 and ed25519-sk keys in FIPS mode 
Related: rhbz#2087915
 2022-07-14 12:23:52 +02:00
Dmitry Belyavskiy
0d823b2f2a Disable ed25519 and ed25519-sk keys in FIPS mode 
Related: rhbz#2087915
 2022-07-13 16:24:55 +02:00
Zoltan Fridrich
821045a148 Add reference for policy customization in ssh/sshd_config manpages 
Resolves: rhbz#1984575

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 15:32:37 +02:00
Dmitry Belyavskiy
3990967629 Disable ed25519 and ed25519-sk keys in FIPS mode 
Related: rhbz#2087915
 2022-07-12 13:37:26 +02:00
Dmitry Belyavskiy
32a82650cf Disable sntrup761x25519-sha512 in FIPS mode 
Related: rhbz#2070628
 2022-07-12 13:37:24 +02:00
Zoltan Fridrich
fd0d5a4f44 Fix host-based authentication with rsa keys 
Resolves: rhbz#2088916

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 11:52:38 +02:00
Zoltan Fridrich
9bf7b4f39d Fix gssapi authentication failures 
Resolves: rhbz#2091023

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 11:52:38 +02:00
Zoltan Fridrich
585620b0f1 Fix several memory leaks 
Related: rhbz#2068423

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 11:52:38 +02:00