Jakub Jelen
0b10752bbc
Accept environment variable PERMITROOTLOGIN from anaconda drop-in service file ( #1722928 )
...
Anaconda pull request:
https://github.com/rhinstaller/anaconda/pull/2037
Fedora change:
https://fedoraproject.org/wiki/Changes/DisableRootPasswordLoginInSshd
2019-07-03 14:54:40 +02:00
Jakub Jelen
36a44721c5
openssh-8.0p1-5 + 0.10.3-7
2019-06-26 14:06:48 +02:00
Jakub Jelen
e9a555ffbf
Whitelist some annonying errors from rpmlint
2019-06-26 14:06:48 +02:00
Jakub Jelen
58ee5c17a8
Drop INSTALL file from docs as recommended by rpmlint checks
2019-06-26 14:06:48 +02:00
Jakub Jelen
eda4c070da
Drop unused unversioned Obsoletes and Provides, which are 5 or 10 years old now
2019-06-26 14:06:48 +02:00
Jakub Jelen
4bd6cfb874
Disable root password logins ( #1722928 )
2019-06-26 14:06:37 +02:00
Jakub Jelen
fdbd5bc6f9
Fix typos in manual pages related to crypto-policies
2019-06-19 15:56:25 +02:00
Jakub Jelen
3153574729
tests: Make sure the user gets removed and the test pass
2019-06-17 13:31:57 +02:00
Jakub Jelen
dad744a32b
openssh-8.0p1-4 + 0.10.3-7
2019-06-17 12:49:59 +02:00
Jakub Jelen
56494b92a4
pkcs11: Allow to specify pin-value also for ssh-add
2019-06-17 12:42:15 +02:00
Jakub Jelen
50e2b60d3f
Provide correct signature type for SHA2 certificates in agent
2019-06-17 12:40:12 +02:00
Jakub Jelen
56fdfa2a52
Use the new OpenSSL API to export PEM files to avoid dependency on MD5
2019-05-30 11:29:43 +02:00
Jakub Jelen
f15fbdc5fe
Whitelist another syscall variant for s390x cryptographic module (ibmca engine)
2019-05-30 11:28:11 +02:00
Jakub Jelen
66e9887b15
Coverity warnings
2019-05-30 11:27:04 +02:00
Jakub Jelen
7f1ad371a4
openssh-8.0p1-3 + 0.10.3-7
2019-05-27 10:23:08 +02:00
Jakub Jelen
7a14283cba
Drop the problematic patch for updating pw structure after authentication
2019-05-23 15:34:17 +02:00
Jakub Jelen
ae802a53d8
pkcs11: Do not require the labels on the public objects ( #1710832 )
2019-05-16 15:14:52 +02:00
Jakub Jelen
53c9085316
openssh-8.0p1-2 + 0.10.3-7
2019-05-14 13:45:08 +02:00
Jakub Jelen
f726e51d86
Use OpenSSL KDF
...
Resolves: rhbz#1631761
2019-05-14 13:35:14 +02:00
Jakub Jelen
751cd9acc7
Use OpenSSL high-level API to produce and verify signatures
...
Resolves: rhbz#1707485
2019-05-14 13:32:04 +02:00
Jakub Jelen
6caa973459
Mention crypto-policies in the manual pages instead of the hardcoded defaults
...
Resolves: rhbz#1668325
2019-05-13 14:22:21 +02:00
Jakub Jelen
4feb6a973f
Verify SCP vulnerabilities are fixed in the package testsuite
2019-05-10 14:34:35 +02:00
Jakub Jelen
b33caef080
Drop unused patch
2019-05-07 13:45:34 +02:00
Jakub Jelen
f660e11adc
FIPS: Do not fail if FIPS-unsupported algorithm is provided in configuration or on command line
...
This effectively allows to use some previously denied algorithms
in FIPS mode, but they are not enabled in default hardcoded configuration
and disabled by FIPS crypto policy.
Additionally, there is no guarantee they will work in underlying OpenSSL.
Resolves: rhbz#1625318
2019-05-07 11:57:30 +02:00
Jakub Jelen
ec02bb9685
tests: Make sure the user gets removed after the test
2019-04-29 15:16:44 +02:00
Jakub Jelen
def1debf2e
openssh-8.0p1-1 + 0.10.3-7
...
Resolves rhbz#1701072
2019-04-29 14:12:13 +02:00
Jakub Jelen
f51d092120
Remove unused parts of spec file
2019-03-27 13:20:32 +01:00
Jakub Jelen
cb35953bec
The FIPS_mode() is in different header file
2019-03-21 17:02:28 +01:00
Jakub Jelen
91aa3d4921
openssh-7.9p1-5 + 0.10.3.6
2019-03-12 15:16:35 +01:00
Jakub Jelen
81a703d751
Do not allow negotiation of unknown primes with DG GEX in FIPS mode
2019-03-12 15:16:35 +01:00
Jakub Jelen
c53a1d4e90
Ignore PKCS#11 label if no key is found with it ( #1671262 )
2019-03-12 15:16:35 +01:00
Jakub Jelen
c694548168
Do not segfault when multiple pkcs11 providers is specified
2019-03-12 15:16:35 +01:00
Jakub Jelen
3339efd12d
Do not fallback to sshd_net_t SELinux context
2019-03-12 15:16:35 +01:00
Jakub Jelen
586cf149b5
Reformat SELinux patch
2019-03-11 17:17:49 +01:00
Jakub Jelen
1341391c78
Update cached passwd structure after PAM authentication
2019-03-11 17:17:49 +01:00
Jakub Jelen
3722267e80
Make sure the kerberos cleanup procedures are properly invoked
2019-03-11 17:17:49 +01:00
Jakub Jelen
ae07017120
Use correct function name in the debug log
2019-03-01 11:33:25 +01:00
Jakub Jelen
7295e97cd1
openssh-7.9p1-4 + 0.10.3.6
2019-02-06 17:19:52 +01:00
Jakub Jelen
d711f557f7
Log when a client requests an interactive session and only sftp is allowed
2019-02-06 17:18:30 +01:00
Jakub Jelen
e8524ac3f4
ssh-copy-id: Minor issues found by shellcheck
2019-02-06 17:18:30 +01:00
Jakub Jelen
8622e384ef
ssh-copy-id: Do not fail in case remote system is out of space
2019-02-06 17:18:30 +01:00
Jakub Jelen
ffb1787c07
Enclose redhat specific configuration with Match final block
...
This allows users to specify options in user configuration files overwriting
the defaults we propose without ovewriting them in the shipped configuration
file and without opting out from the crypto policy altogether.
Resolves: rhbz#1438326 rhbz#1630166
2019-02-06 17:18:30 +01:00
Fedora Release Engineering
4e5f61c2a0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-02-01 17:32:05 +00:00
Igor Gnatenko
7c726e0a13
Remove obsolete Group tag
...
References: https://fedoraproject.org/wiki/Changes/Remove_Group_Tag
2019-01-28 20:24:24 +01:00
Björn Esser
018ac8d1d9
Rebuilt for libcrypt.so.2 ( #1666033 )
2019-01-14 19:11:16 +01:00
Jakub Jelen
311908c042
openssh-7.9p1-3 + 0.10.3-6
2019-01-14 15:39:08 +01:00
Jakub Jelen
1b0cc8ff3b
Correctly initialize ECDSA key structures from PKCS#11
2019-01-14 15:39:08 +01:00
Jakub Jelen
ba99e00fe8
tests: Do not expect /var/log/secure to be there
2019-01-14 15:39:08 +01:00
Jakub Jelen
40d2a04909
CVE-2018-20685 ( #1665786 )
2019-01-14 11:05:35 +01:00
Jakub Jelen
322896958a
Backport several fixes from 7_9 branch ( #1665611 )
2019-01-14 11:05:35 +01:00