Miluse Bezo Konecna
acc18112a5
remove tests directory
2024-08-06 14:09:01 +02:00
Dmitry Belyavskiy
ba81972425
Reenabling self-test on rpm build
...
Related: RHEL-42635
2024-08-05 16:36:20 +02:00
Dmitry Belyavskiy
ce2e80c1d0
sshd doesn't propose to enter password again when a non-existing user is specified
...
Resolves: RHEL-11981
2024-08-05 13:03:20 +02:00
Miluse Bezo Konecna
a26f247c4f
Fix gating.yaml
2024-07-31 10:22:02 +02:00
Miluse Bezo Konecna
3d59a15439
gating CI - fix in plans
2024-07-31 08:08:00 +00:00
Dmitry Belyavskiy
f1bd13208d
Use FIPS-compatible API for key derivation RHEL-10
...
Resolves: RHEL-43592
2024-07-26 16:15:19 +02:00
Dmitry Belyavskiy
1c01acf847
Change ssh-keygen defaults in FIPS mode
...
Resolves: RHEL-37324
2024-07-26 13:18:20 +02:00
Dmitry Belyavskiy
7a357709f5
Temporary disabling self-test
...
Related: RHEL-42635
2024-07-25 19:43:02 +02:00
Dmitry Belyavskiy
089d798931
Rebase OpenSSH to 9.8p1
...
Resolves: RHEL-42635
2024-07-25 15:30:04 +02:00
Miluse Bezo Konecna
9195080dcb
add gating for RHEL-10
2024-07-19 16:21:47 +02:00
Zoltan Fridrich
2231e36337
Remove pam_ssh_agent_auth subpackage
...
Resolves: RHEL-45002
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-07-12 10:28:59 +02:00
Zoltan Fridrich
0f2df32d18
Build OpenSSH without ENGINE API
...
Resolves: RHEL-45507
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-07-12 10:28:08 +02:00
Troy Dawson
8f0ad5fe82
Bump release for June 2024 mass rebuild
2024-06-24 09:06:11 -07:00
Zoltan Fridrich
d23ed33031
Make default key sizes configurable in sshd-keygen
...
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-05-10 10:22:49 +02:00
Zoltan Fridrich
2e80dd6896
Correctly audit hostname and IP address
...
Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
2024-05-09 17:06:11 +02:00
Fedora Release Engineering
2f41ca7cd3
Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
2024-01-25 11:29:57 +00:00
Fedora Release Engineering
d089d5f71b
Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
2024-01-21 11:22:01 +00:00
Dmitry Belyavskiy
f238307bdf
Applying patches to rebase to OpenSSH 9.6p1
...
Based on Damien Milnes' PR
https://src.fedoraproject.org/rpms/openssh/pull-request/63
Also rebasing openssh-8.0p1-pkcs11-uri.patch to 9.6 by Dmitry Belyavskiy
2024-01-12 16:04:03 +01:00
Florian Weimer
87ae5d1d5a
Fix type errors in downstream gssapi-keyex patch
...
Related to:
<https://fedoraproject.org/wiki/Changes/PortingToModernC >
<https://fedoraproject.org/wiki/Toolchain/PortingToModernC >
2023-12-22 17:01:38 +01:00
Mattias Ellert
5c1da775a9
Fix issue with read-only ssh buffer during gssapi key exchange
...
(rhbz#1938224)
https://github.com/openssh-gsskex/openssh-gsskex/pull/19
2023-10-16 22:26:16 +02:00
Mattias Ellert
4f07bfcfe1
Fix FTBFS due to implicit declarations (rhbz#2241211)
2023-10-15 06:42:32 +02:00
Dmitry Belyavskiy
d3cd3f2851
migrated to SPDX license
2023-09-19 12:19:43 +02:00
Timothée Ravier
f98acbdc5d
Revert "Remove sshd.socket unit"
...
This reverts commit 8a294387d0
.
This change has been pushed to Fedora 40 and is pending discussion /
voting from FESCo.
See: https://pagure.io/fesco/issue/3062
See: https://fedoraproject.org/wiki/Changes/Drop_Sshd_Socket
2023-09-15 10:22:41 +02:00
Jakub Jelen
d77b1b790a
pkcs11: Add support for 'serial' in PKCS#11 URI
...
The patch was updated by the upstream MR
https://github.com/openssh/openssh-portable/pull/406
by npocs@redhat.com
2023-08-11 15:04:18 +02:00
Dmitry Belyavskiy
c7af8ecb76
Minor optimization of ssh_krb5_kuserok
...
Resolves: rhbz#2112501
2023-08-03 11:06:10 +02:00
Dmitry Belyavskiy
8a294387d0
Remove sshd.socket unit
...
Resolves: rhbz#2025716
2023-08-03 10:38:48 +02:00
Dmitry Belyavskiy
f4f5944e31
Disable forking of ssh-agent on startup
...
Resoves: rhbz#2148555
2023-08-03 10:32:24 +02:00
Dmitry Belyavskiy
ec2f61e2cf
Split including crypto-policies to a separate config
...
Resolves: rhbz#1970566
2023-08-03 10:25:50 +02:00
Dmitry Belyavskiy
147ab2eb19
relax checks of the OpenSSL version
2023-08-01 14:19:16 +02:00
Dmitry Belyavskiy
eb1b5e6755
relax checks of the OpenSSL version
2023-08-01 14:18:18 +02:00
Mattias Ellert
c04e468b07
Update gssapi-keyex patch for OpenSSH 9.0+
...
userauth_gsskeyex must have the same argument as userauth_gssapi
method_gsskeyex must have the same members as method_gssapi
2023-07-26 23:28:39 +02:00
Dmitry Belyavskiy
c3494feffe
Fix remote code execution in ssh-agent PKCS#11 support
...
Resolves: CVE-2023-38408
2023-07-21 17:00:23 +02:00
Fedora Release Engineering
9fd130d8eb
Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2023-07-20 18:12:08 +00:00
Norbert Pocs
8f5b8fd2c5
Revert "pkcs11: Add support for 'serial' in PKCS#11 URI"
...
This reverts commit e39f11e77c
.
The patch has some problems (the pkcs11 downstream test is failing)
and needs more investigation
2023-06-13 14:38:59 +02:00
Norbert Pocs
c5082a3f81
Merge gssapi-keyex and gssapi-auth
...
Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-06-08 13:58:01 +02:00
Norbert Pocs
2b67ec48c2
Merge manpage crypto-policies related patches
...
Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-06-08 13:57:42 +02:00
Norbert Pocs
fb40f0afda
Merge evp related patches
...
Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-06-08 13:57:23 +02:00
Norbert Pocs
141d7b2d4a
Remove deprecated usage of %patchN
...
Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-06-08 13:56:15 +02:00
Dmitry Belyavskiy
d5fd076ab3
Updating specfile
2023-06-07 12:15:31 +02:00
Dmitry Belyavskiy
18e9f31c42
Fix DSS verification problem
...
Resolves: rhbz#2212937
2023-06-07 12:12:46 +02:00
Dmitry Belyavskiy
29083ac442
Remove unused patch
2023-06-02 18:56:58 +02:00
Dmitry Belyavskiy
f561c68bdb
Rebasing OpenSSH from 9.0 to 9.3
2023-06-02 15:38:27 +02:00
Norbert Pocs
b129d6336e
Clarify HostKeyAlgorithms option on man page
...
Clarify HostkeyAlgorithms and crypto-policies relation on the ssh_config
man page
Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-05-29 13:58:15 +02:00
Jakub Jelen
e39f11e77c
pkcs11: Add support for 'serial' in PKCS#11 URI
2023-05-25 09:29:24 +02:00
Norbert Pocs
e8e01dc82e
Fix regression in pkcs11 introduced in the previous patch
...
Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-05-25 09:27:33 +02:00
Norbert Pocs
2341f1769d
Fix minor issues with openssh-9.0p1-evp-fips-dh.patch
...
- Check return values
- Use EVP API to get the size of DH
Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-05-25 09:27:33 +02:00
Dmitry Belyavskiy
6f7c765ed4
Audit logging patch was not applied
...
Resolves: rhbz#2177471
2023-04-14 10:38:37 +02:00
Dmitry Belyavskiy
1506e0825c
If SHA1 signatures are not permitted, try to fallback to SHA2
...
SHA1 is insecure now, and is forbidden in RHEL and will be forbidden in
several crypto-policies in Fedora in some future. This patch adds
detection of SHA1 signatures availability and, if not available,
enforces fallback to SHA2.
2023-04-14 10:32:06 +02:00
Norbert Pocs
b63272d9eb
Make the sign, dh, ecdh processes FIPS compliant
...
FIPS compliancy can be stated by using only compliant crypto
functions. This is achieved by using EVP API from openssl 3.0
version. The solution uses a non-intrusive approach - instead
of rewriting everything to use EVP API it converts the data
to it at the critical places.
Signed-off-by: Norbert Pocs <npocs@redhat.com>
2023-04-13 19:12:46 +02:00
Dmitry Belyavskiy
745da74ea2
Fix self-DoS
...
Resolves: CVE-2023-25136
Remove too aggressive coverity fix causing native tests failure
2023-04-13 18:14:19 +02:00