rpms/openssh
7
0
Fork 2
Code Issues Pull Requests Releases Activity
1,282 Commits 15 Branches 118 Tags 11 MiB
78631c5777
Commit Graph

1282 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Koichiro Iwao
78631c5777 Unpatch Red Hat help message 2026-03-28 02:40:24 +00:00
Zoltan Fridrich
1ea96929c7 Fix typo in SPDX license name 
Resolves: RHEL-161464

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-27 09:46:13 +01:00
Koichiro Iwao
f16816a3e5 Unpatch Red Hat help message 2026-03-25 02:45:28 +00:00
Zoltan Fridrich
7c2c5a7cd0 Fix typo in GSSAPIProxyS4U2Services 
Related: RHEL-92932

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-23 09:36:21 +01:00
Zoltan Fridrich
ef90c25403 Fix duplicate audit log entry when destroying ed25519 private keys 
Resolves: RHEL-46782

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-20 15:04:10 +01:00
Zoltan Fridrich
3f5a4dc4f9 Don't negotiate non-FIPS algorithms in ssh-keyscan key exchange in FIPS mode 
Resolves: RHEL-88565

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-18 16:05:26 +01:00
Koichiro Iwao
b70f888f14 Unpatch Red Hat help message 2026-03-18 02:41:41 +00:00
Zoltan Fridrich
f5a6642da3 Fix CVE-2026-3497 
Fix information disclosure or denial of service due
to uninitialized variables in gssapi-keyex

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-13 12:58:59 +01:00
Zoltan Fridrich
5112fd1dbb Fix GSSAPI authentication indicator issues found by AI 
Resolves: RHEL-154309

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-12 16:44:06 +01:00
Zoltan Fridrich
952d882d0a Fix mistracking of MaxStartups process exits in some situations 
Resolves: RHEL-121768

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-12 16:44:06 +01:00
Zoltan Fridrich
394f1022a0 First property value in config should win 
Only the first value of MaxStartups, PerSourceNetBlockSize and
IPQoS in sshd_config should count when defined multiple times

Resolves: RHEL-150365

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-12 16:43:39 +01:00
Zoltan Fridrich
0a7a052f87 Remove recommendation of p11-kit 
Resolves: RHEL-139070

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-12 12:44:14 +01:00
Koichiro Iwao
4decb94699 Unpatch Red Hat help message 2026-03-12 02:47:54 +00:00
Dmitry Belyavskiy
f7363d9b66 Implement obtaining Kerberos tickets on behalf of user on SSH authentication 
Resolves: RHEL-92932
 2026-03-11 11:52:43 +01:00
Koichiro Iwao
e02b78773e Unpatch Red Hat help message 2026-02-28 03:01:46 +00:00
Dmitry Belyavskiy
40a368d891 Provide a way to skip unsupported ML-KEM hybrid algorithms in FIPS mode 
Resolves: RHEL-151579
 2026-02-27 11:39:42 +01:00
Koichiro Iwao
4a644c715b Unpatch Red Hat help message 2025-12-13 02:48:37 +00:00
Dmitry Belyavskiy
0eb85c5308 Support of hybrid MLKEM key exchange methods in FIPS mode 
Resolves: RHEL-125929
 2025-12-12 12:55:41 +01:00
Koichiro Iwao
f4d2799350 Unpatch Red Hat help message 2025-12-10 02:53:39 +00:00
Koichiro Iwao
5ee07b1b01 Unpatch Red Hat help message 2025-12-06 02:51:00 +00:00
Dmitry Belyavskiy
2c179221a3 Adding a mechanism to disable GSSAPIDelegateCredentials in sshd_config 
Resolves: RHEL-5281
 2025-12-05 16:36:17 +01:00
Zoltan Fridrich
40f5f26708 CVE-2025-61985: Reject URL-strings with NULL characters 
Resolves: RHEL-128388

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-12-05 10:27:33 +01:00
Zoltan Fridrich
3ed25d6be7 CVE-2025-61984: Reject usernames with control characters 
Resolves: RHEL-128399

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-12-05 10:24:20 +01:00
eabdullin
f9a7fc888c Bump release 2025-11-25 14:33:25 +03:00
Koichiro Iwao
bcbf9fa65f Unpatch Red Hat help message 2025-11-04 03:04:55 +00:00
Dmitry Belyavskiy
d6c153ae72 Implement mlkem768nistp256-sha256 and mlkem1024nistp384-sha384 KEX methods 
Resolves: RHEL-70824
 2025-11-03 12:56:38 +01:00
Koichiro Iwao
1617a4a445 Unpatch Red Hat help message 2025-10-31 03:05:48 +00:00
Zoltan Fridrich
bf1cef9a73 Canonicalize username when matching a user 
Resolves: RHEL-101440

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-10-29 16:05:17 +01:00
Zoltan Fridrich
24c1261105 Fix implicit destination path selection when source path ends with ".." 
Resolves: RHEL-118406

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-10-29 16:05:17 +01:00
Koichiro Iwao
9c68029c65 Unpatch Red Hat help message 2025-09-16 03:00:22 +00:00
Dmitry Belyavskiy
5be8bc1b40 Relax GSS Kex restriction in FIPS mode 
Resolves: RHEL-91181
 2025-09-15 15:36:27 +02:00
Koichiro Iwao
fedf440c48 Unpatch Red Hat help message 2025-09-03 03:01:48 +00:00
Dmitry Belyavskiy
ab204f7870 Allow non-cryptographical use of MD5 in GSS Kex in FIPS mode 
Related: RHEL-91181
 2025-09-02 12:41:17 +02:00
Koichiro Iwao
98ded40a18 Unpatch Red Hat help message 2025-08-29 02:53:40 +00:00
Dmitry Belyavskiy
79ecdd9f8c Relax GSS Kex restriction in FIPS mode 
Resolves: RHEL-91181
 2025-08-04 15:54:13 +02:00
Koichiro Iwao
dba7d2fcf4 Unpatch Red Hat help message 2025-07-29 18:20:32 +00:00
Zoltan Fridrich
2303b82ca8 Move the redhat help message to debug1 log level 
Resolves: RHEL-93957

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-07-17 15:02:56 +02:00
Koichiro Iwao
643c540c79 Unpatch Red Hat help message 2025-06-29 02:31:50 +00:00
Dmitry Belyavskiy
f897faab42 Support for authentication indicators in OpenSSH 
Resolves: RHEL-40790
 2025-06-26 17:00:42 +02:00
Andrew Lukoshko
37bb069838 Merge pull request 'Unpatch Red Hat help message' (#3) from metalefty/openssh:a10s-redhat-help into a10s 
Reviewed-on: #3
 2025-06-25 14:06:46 +00:00
Koichiro Iwao
8516705245 Unpatch Red Hat help message 2025-06-25 22:56:52 +09:00
Zoltan Fridrich
b5213cc0b3 Ignore bad hostkeys in known_hosts file 
Resolves: RHEL-83644

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-04-30 15:58:51 +02:00
Zoltan Fridrich
86023c8a72 Provide better error for non-supported private keys 
Resolves: RHEL-68124

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-04-29 12:32:20 +02:00
Zoltan Fridrich
f4e43bc272 CVE-2025-32728: Fix logic error in DisableForwarding option 
Resolves: RHEL-86819

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-04-29 12:32:10 +02:00
Dmitry Belyavskiy
f218c44b65 Supress systemd warning 
Resolves: RHEL-84816
 2025-04-17 11:55:01 +02:00
Dmitry Belyavskiy
5d9e98be09 Correct processing of Compression directive 
Resolves: RHEL-68346
 2025-03-20 13:42:58 +01:00
Dmitry Belyavskiy
02b3faa9d1 OpenSSH should not use its own implementation of MLKEM 
Resolves: RHEL-58252
 2025-03-20 12:23:04 +01:00
Dmitry Belyavskiy
747a4a8376 rebuilt 
Related: RHEL-78699
 2025-02-18 18:08:09 +01:00
Dmitry Belyavskiy
3b2fe2b8e6 OpenSSH error code issues 
Fix missing error codes set and invalid error code checks in OpenSSH. It
prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS
is on (CVE-2025-26465, CVE-2025-26466).

Resolves: RHEL-78699
Resolves: RHEL-78943
 2025-02-18 10:59:20 +01:00
Dmitry Belyavskiy
006127a476 Fix regression of Match directive processing 
Related: RHEL-76317
 2025-02-13 12:29:58 +01:00