openssh

Author	SHA1	Message	Date
Jakub Jelen	5eb2d51328	Add missing hostkey certificate algorithms to the FIPS list	2019-07-26 09:27:52 +02:00
Jakub Jelen	d19ba936f2	Do not attempt to generate DSA and ED25519 keys in FIPS mode	2019-07-26 09:27:52 +02:00
Fedora Release Engineering	0ca1614ae2	- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>	2019-07-25 23:35:32 +00:00
Jakub Jelen	73b069e926	openssh-8.0p1-8 + 0.10.3-7	2019-07-23 09:50:20 +02:00
Jakub Jelen	5d6a14bd4a	Use the upstream version of the PKCS#8 PEM support (#1722285 )	2019-07-23 09:49:22 +02:00
Jakub Jelen	30922f629c	openssh-8.0p1-7 + 0.10.3-7	2019-07-12 23:23:09 +02:00
Jakub Jelen	358f62be8a	As agreed with anaconda team, they will provide a environment file under /etc/sysconfig (#1722928 ) See anaconda pull request for discussion: https://github.com/rhinstaller/anaconda/pull/2042	2019-07-12 23:20:56 +02:00
Jakub Jelen	e9bd9a2128	openssh-8.0p1-6 + 0.10.3-7	2019-07-03 16:52:53 +02:00
Jakub Jelen	0b10752bbc	Accept environment variable PERMITROOTLOGIN from anaconda drop-in service file (#1722928 ) Anaconda pull request: https://github.com/rhinstaller/anaconda/pull/2037 Fedora change: https://fedoraproject.org/wiki/Changes/DisableRootPasswordLoginInSshd	2019-07-03 14:54:40 +02:00
Jakub Jelen	36a44721c5	openssh-8.0p1-5 + 0.10.3-7	2019-06-26 14:06:48 +02:00
Jakub Jelen	e9a555ffbf	Whitelist some annonying errors from rpmlint	2019-06-26 14:06:48 +02:00
Jakub Jelen	58ee5c17a8	Drop INSTALL file from docs as recommended by rpmlint checks	2019-06-26 14:06:48 +02:00
Jakub Jelen	eda4c070da	Drop unused unversioned Obsoletes and Provides, which are 5 or 10 years old now	2019-06-26 14:06:48 +02:00
Jakub Jelen	4bd6cfb874	Disable root password logins (#1722928 )	2019-06-26 14:06:37 +02:00
Jakub Jelen	fdbd5bc6f9	Fix typos in manual pages related to crypto-policies	2019-06-19 15:56:25 +02:00
Jakub Jelen	3153574729	tests: Make sure the user gets removed and the test pass	2019-06-17 13:31:57 +02:00
Jakub Jelen	dad744a32b	openssh-8.0p1-4 + 0.10.3-7	2019-06-17 12:49:59 +02:00
Jakub Jelen	56494b92a4	pkcs11: Allow to specify pin-value also for ssh-add	2019-06-17 12:42:15 +02:00
Jakub Jelen	50e2b60d3f	Provide correct signature type for SHA2 certificates in agent	2019-06-17 12:40:12 +02:00
Jakub Jelen	56fdfa2a52	Use the new OpenSSL API to export PEM files to avoid dependency on MD5	2019-05-30 11:29:43 +02:00
Jakub Jelen	f15fbdc5fe	Whitelist another syscall variant for s390x cryptographic module (ibmca engine)	2019-05-30 11:28:11 +02:00
Jakub Jelen	66e9887b15	Coverity warnings	2019-05-30 11:27:04 +02:00
Jakub Jelen	7f1ad371a4	openssh-8.0p1-3 + 0.10.3-7	2019-05-27 10:23:08 +02:00
Jakub Jelen	7a14283cba	Drop the problematic patch for updating pw structure after authentication	2019-05-23 15:34:17 +02:00
Jakub Jelen	ae802a53d8	pkcs11: Do not require the labels on the public objects (#1710832 )	2019-05-16 15:14:52 +02:00
Jakub Jelen	53c9085316	openssh-8.0p1-2 + 0.10.3-7	2019-05-14 13:45:08 +02:00
Jakub Jelen	f726e51d86	Use OpenSSL KDF Resolves: rhbz#1631761	2019-05-14 13:35:14 +02:00
Jakub Jelen	751cd9acc7	Use OpenSSL high-level API to produce and verify signatures Resolves: rhbz#1707485	2019-05-14 13:32:04 +02:00
Jakub Jelen	6caa973459	Mention crypto-policies in the manual pages instead of the hardcoded defaults Resolves: rhbz#1668325	2019-05-13 14:22:21 +02:00
Jakub Jelen	4feb6a973f	Verify SCP vulnerabilities are fixed in the package testsuite	2019-05-10 14:34:35 +02:00
Jakub Jelen	b33caef080	Drop unused patch	2019-05-07 13:45:34 +02:00
Jakub Jelen	f660e11adc	FIPS: Do not fail if FIPS-unsupported algorithm is provided in configuration or on command line This effectively allows to use some previously denied algorithms in FIPS mode, but they are not enabled in default hardcoded configuration and disabled by FIPS crypto policy. Additionally, there is no guarantee they will work in underlying OpenSSL. Resolves: rhbz#1625318	2019-05-07 11:57:30 +02:00
Jakub Jelen	ec02bb9685	tests: Make sure the user gets removed after the test	2019-04-29 15:16:44 +02:00
Jakub Jelen	def1debf2e	openssh-8.0p1-1 + 0.10.3-7 Resolves rhbz#1701072	2019-04-29 14:12:13 +02:00
Jakub Jelen	f51d092120	Remove unused parts of spec file	2019-03-27 13:20:32 +01:00
Jakub Jelen	cb35953bec	The FIPS_mode() is in different header file	2019-03-21 17:02:28 +01:00
Jakub Jelen	91aa3d4921	openssh-7.9p1-5 + 0.10.3.6	2019-03-12 15:16:35 +01:00
Jakub Jelen	81a703d751	Do not allow negotiation of unknown primes with DG GEX in FIPS mode	2019-03-12 15:16:35 +01:00
Jakub Jelen	c53a1d4e90	Ignore PKCS#11 label if no key is found with it (#1671262 )	2019-03-12 15:16:35 +01:00
Jakub Jelen	c694548168	Do not segfault when multiple pkcs11 providers is specified	2019-03-12 15:16:35 +01:00
Jakub Jelen	3339efd12d	Do not fallback to sshd_net_t SELinux context	2019-03-12 15:16:35 +01:00
Jakub Jelen	586cf149b5	Reformat SELinux patch	2019-03-11 17:17:49 +01:00
Jakub Jelen	1341391c78	Update cached passwd structure after PAM authentication	2019-03-11 17:17:49 +01:00
Jakub Jelen	3722267e80	Make sure the kerberos cleanup procedures are properly invoked	2019-03-11 17:17:49 +01:00
Jakub Jelen	ae07017120	Use correct function name in the debug log	2019-03-01 11:33:25 +01:00
Jakub Jelen	7295e97cd1	openssh-7.9p1-4 + 0.10.3.6	2019-02-06 17:19:52 +01:00
Jakub Jelen	d711f557f7	Log when a client requests an interactive session and only sftp is allowed	2019-02-06 17:18:30 +01:00
Jakub Jelen	e8524ac3f4	ssh-copy-id: Minor issues found by shellcheck	2019-02-06 17:18:30 +01:00
Jakub Jelen	8622e384ef	ssh-copy-id: Do not fail in case remote system is out of space	2019-02-06 17:18:30 +01:00
Jakub Jelen	ffb1787c07	Enclose redhat specific configuration with Match final block This allows users to specify options in user configuration files overwriting the defaults we propose without ovewriting them in the shipped configuration file and without opting out from the crypto policy altogether. Resolves: rhbz#1438326 rhbz#1630166	2019-02-06 17:18:30 +01:00

1 2 3 4 5 ...

1043 Commits