rpms/openssh
5
0
Fork 1
Code Issues Pull Requests Releases Activity
1,234 Commits 11 Branches 68 Tags 7.7 MiB
3b2fe2b8e6
Commit Graph

1234 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dmitry Belyavskiy
3b2fe2b8e6 OpenSSH error code issues 
Fix missing error codes set and invalid error code checks in OpenSSH. It
prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS
is on (CVE-2025-26465, CVE-2025-26466).

Resolves: RHEL-78699
Resolves: RHEL-78943
 2025-02-18 10:59:20 +01:00
Dmitry Belyavskiy
006127a476 Fix regression of Match directive processing 
Related: RHEL-76317
 2025-02-13 12:29:58 +01:00
Dmitry Belyavskiy
b182959e95 Avoid linking issues for openssl logging 
Related: RHEL-63190
 2025-01-27 13:25:09 +01:00
Dmitry Belyavskiy
35bf325387 Fix regression of Match directive processing 
Resolves: RHEL-76317
 2025-01-27 12:38:23 +01:00
Troy Dawson
84c0936017 Bump release for October 2024 mass rebuild: 
Resolves: RHEL-64018
 2024-10-29 08:53:07 -07:00
Dmitry Belyavskiy
15a3247272 Fix MLKEM for BE platforms 
Related: RHEL-60564
 2024-10-28 17:49:18 +01:00
Dmitry Belyavskiy
6ec986a4e3 Provide details on crypto error instead of "error in libcrypto" 
Resolves: RHEL-63190
 2024-10-22 11:57:53 +02:00
Dmitry Belyavskiy
ebb51c8cab Extra help information should not be printed if stderr is not a TTY 
Resolves: RHEL-63061
 2024-10-18 16:14:10 +02:00
Dmitry Belyavskiy
84ad70de57 Add extra help information on ssh early failure 
Resolves: RHEL-62718
 2024-10-15 13:47:43 +02:00
Dmitry Belyavskiy
ebf2d5fd08 Resolve memory management issues after rebase 
Related: RHEL-60564
 2024-10-15 13:46:17 +02:00
Zoltan Fridrich
384febcdc2 Gssapi-keyex: fix issues found by static analysis 
Related: RHEL-60564

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-10-14 16:05:48 +02:00
Dmitry Belyavskiy
0802365f07 Use FIPS KEX defaults in FIPS mode 
Resolves: RHEL-58986
 2024-10-11 14:15:51 +02:00
Dmitry Belyavskiy
2a4f84e7ce Separate ssh-keysign to a dedicated package 
Resolves: RHEL-62112
 2024-10-11 12:19:11 +02:00
Dmitry Belyavskiy
07172f36c4 Update to OpenSSH 9.9p1 
Resolves: RHEL-60564
 2024-10-10 12:30:39 +02:00
Dmitry Belyavskiy
d84f5f5164 Rebuilt 
Related: RHEL-59024
 2024-09-16 17:31:52 +02:00
Dmitry Belyavskiy
01503ba517 Remove redundant patches 
Related: RHEL-42635
 2024-08-29 21:18:20 +02:00
Dmitry Belyavskiy
262bb33bcb "publickey-hostbound@openssh.com" extension makes no sense with GSS 
Related: RHEL-42635
 2024-08-29 21:18:20 +02:00
Zoltan Fridrich
5c31606342 Merge patches from gsskex regressions 
Related: RHEL-42635

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-08-28 13:10:19 +02:00
Zoltan Fridrich
fc550bd771 Add missing gsskeyex authentication method 
Related: RHEL-42635

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-08-28 10:49:04 +02:00
Dmitry Belyavskiy
78bb33ab57 Restore GSS connectivity when no hostkeys are present 
Related: RHEL-42635
 2024-08-27 13:57:46 +02:00
Dmitry Belyavskiy
303ff5b834 Remove obsoleted patches 
Related: RHEL-42635
 2024-08-16 13:23:18 +02:00
Dmitry Belyavskiy
dd7a5a9d22 Address SAST scan issues 
Resolves: RHEL-36766
 2024-08-16 12:26:57 +02:00
Miluse Bezo Konecna
acc18112a5 remove tests directory 2024-08-06 14:09:01 +02:00
Dmitry Belyavskiy
ba81972425 Reenabling self-test on rpm build 
Related: RHEL-42635
 2024-08-05 16:36:20 +02:00
Dmitry Belyavskiy
ce2e80c1d0 sshd doesn't propose to enter password again when a non-existing user is specified 
Resolves: RHEL-11981
 2024-08-05 13:03:20 +02:00
Miluse Bezo Konecna
a26f247c4f Fix gating.yaml 2024-07-31 10:22:02 +02:00
Miluse Bezo Konecna
3d59a15439 gating CI - fix in plans 2024-07-31 08:08:00 +00:00
Dmitry Belyavskiy
f1bd13208d Use FIPS-compatible API for key derivation RHEL-10 
Resolves: RHEL-43592
 2024-07-26 16:15:19 +02:00
Dmitry Belyavskiy
1c01acf847 Change ssh-keygen defaults in FIPS mode 
Resolves: RHEL-37324
 2024-07-26 13:18:20 +02:00
Dmitry Belyavskiy
7a357709f5 Temporary disabling self-test 
Related: RHEL-42635
 2024-07-25 19:43:02 +02:00
Dmitry Belyavskiy
089d798931 Rebase OpenSSH to 9.8p1 
Resolves: RHEL-42635
 2024-07-25 15:30:04 +02:00
Miluse Bezo Konecna
9195080dcb add gating for RHEL-10 2024-07-19 16:21:47 +02:00
Zoltan Fridrich
2231e36337 Remove pam_ssh_agent_auth subpackage 
Resolves: RHEL-45002

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-07-12 10:28:59 +02:00
Zoltan Fridrich
0f2df32d18 Build OpenSSH without ENGINE API 
Resolves: RHEL-45507

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-07-12 10:28:08 +02:00
Troy Dawson
8f0ad5fe82 Bump release for June 2024 mass rebuild 2024-06-24 09:06:11 -07:00
Zoltan Fridrich
d23ed33031 Make default key sizes configurable in sshd-keygen 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-05-10 10:22:49 +02:00
Zoltan Fridrich
2e80dd6896 Correctly audit hostname and IP address 
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2024-05-09 17:06:11 +02:00
Fedora Release Engineering
2f41ca7cd3 Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-25 11:29:57 +00:00
Fedora Release Engineering
d089d5f71b Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild 2024-01-21 11:22:01 +00:00
Dmitry Belyavskiy
f238307bdf Applying patches to rebase to OpenSSH 9.6p1 
Based on Damien Milnes' PR
https://src.fedoraproject.org/rpms/openssh/pull-request/63

Also rebasing openssh-8.0p1-pkcs11-uri.patch to 9.6 by Dmitry Belyavskiy
 2024-01-12 16:04:03 +01:00
Florian Weimer
87ae5d1d5a Fix type errors in downstream gssapi-keyex patch 
Related to:

  <https://fedoraproject.org/wiki/Changes/PortingToModernC>
  <https://fedoraproject.org/wiki/Toolchain/PortingToModernC>
 2023-12-22 17:01:38 +01:00
Mattias Ellert
5c1da775a9 Fix issue with read-only ssh buffer during gssapi key exchange 
(rhbz#1938224)
https://github.com/openssh-gsskex/openssh-gsskex/pull/19
 2023-10-16 22:26:16 +02:00
Mattias Ellert
4f07bfcfe1 Fix FTBFS due to implicit declarations (rhbz#2241211) 2023-10-15 06:42:32 +02:00
Dmitry Belyavskiy
d3cd3f2851 migrated to SPDX license 2023-09-19 12:19:43 +02:00
Timothée Ravier
f98acbdc5d Revert "Remove sshd.socket unit" 
This reverts commit 8a294387d0.

This change has been pushed to Fedora 40 and is pending discussion /
voting from FESCo.

See: https://pagure.io/fesco/issue/3062
See: https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket
 2023-09-15 10:22:41 +02:00
Jakub Jelen
d77b1b790a pkcs11: Add support for 'serial' in PKCS#11 URI 
The patch was updated by the upstream MR
https://github.com/openssh/openssh-portable/pull/406
by npocs@redhat.com
 2023-08-11 15:04:18 +02:00
Dmitry Belyavskiy
c7af8ecb76 Minor optimization of ssh_krb5_kuserok 
Resolves: rhbz#2112501
 2023-08-03 11:06:10 +02:00
Dmitry Belyavskiy
8a294387d0 Remove sshd.socket unit 
Resolves: rhbz#2025716
 2023-08-03 10:38:48 +02:00
Dmitry Belyavskiy
f4f5944e31 Disable forking of ssh-agent on startup 
Resoves: rhbz#2148555
 2023-08-03 10:32:24 +02:00
Dmitry Belyavskiy
ec2f61e2cf Split including crypto-policies to a separate config 
Resolves: rhbz#1970566
 2023-08-03 10:25:50 +02:00