Dmitry Belyavskiy
c9904c7c8a
Fix build against updated OpenSSL
...
Resolves: rhbz#2158966
2023-01-09 12:48:20 +01:00
Dmitry Belyavskiy
03150f6281
OpenSSH Rebase to 9.0p1
...
Related: rhbz#2057466
2022-08-15 09:28:25 +02:00
Dmitry Belyavskiy
9fd6981674
Add patches from CentOS/RHEL9.1
...
Related: rhbz#2117264
2022-08-10 19:58:47 +02:00
Dmitry Belyavskiy
7b76af5292
OpenSSH 8.8p1 rebase
...
Related: rhbz#2007967
2021-11-29 14:37:28 +01:00
Dmitry Belyavskiy
f32b842272
OpenSSH release update
...
Resolves: rhbz#1950819
8.5p1 => 8.6p1
2021-04-29 16:37:35 +02:00
Jakub Jelen
25c16c68f5
openssh-8.5p1-1 + 0.10.4-2
2021-03-03 11:08:52 +01:00
Jakub Jelen
bd35168662
8.4p1-1 + 0.10.4-1
2020-09-29 14:53:14 +02:00
Jakub Jelen
5cd9552fc4
8.3p1-1 + 0.10.3-10
2020-05-27 09:57:29 +02:00
Jakub Jelen
eb546ec1a7
Drop fipscheck dependency and non-standard fips checks
2020-03-30 16:38:36 +02:00
Jakub Jelen
fbd5f1bee2
Print FIPS mode initialized in debug mode after the configuration is processed
...
Amends ee9cb00
2020-03-30 16:38:36 +02:00
Jakub Jelen
57ba1bd853
Restore gssapi-canohost.patch ( #1749862 )
...
This is useful when connecting through proxyjump in combination with
GSSAPITrustDNS yes, because we can not get remote address of such socket.
https://src.fedoraproject.org/rpms/openssh/blob/f29/f/openssh-6.1p1-gssapi-canohost.patch
2020-03-30 16:38:36 +02:00
Jakub Jelen
51f5c1c99f
openssh-8.2p1-1 + 0.10.3-9
2020-02-17 14:34:41 +01:00
Jakub Jelen
ee9cb005b3
Do not write information about FIPS mode to stderr ( #1778224 )
2020-02-17 14:34:04 +01:00
Jakub Jelen
36fef5669a
openssh-8.1p1-1 + 0.10.3-8
2019-10-09 10:24:21 +02:00
Jakub Jelen
5eb2d51328
Add missing hostkey certificate algorithms to the FIPS list
2019-07-26 09:27:52 +02:00
Jakub Jelen
d19ba936f2
Do not attempt to generate DSA and ED25519 keys in FIPS mode
2019-07-26 09:27:52 +02:00
Jakub Jelen
f660e11adc
FIPS: Do not fail if FIPS-unsupported algorithm is provided in configuration or on command line
...
This effectively allows to use some previously denied algorithms
in FIPS mode, but they are not enabled in default hardcoded configuration
and disabled by FIPS crypto policy.
Additionally, there is no guarantee they will work in underlying OpenSSL.
Resolves: rhbz#1625318
2019-05-07 11:57:30 +02:00
Jakub Jelen
def1debf2e
openssh-8.0p1-1 + 0.10.3-7
...
Resolves rhbz#1701072
2019-04-29 14:12:13 +02:00
Jakub Jelen
cb35953bec
The FIPS_mode() is in different header file
2019-03-21 17:02:28 +01:00
Jakub Jelen
81a703d751
Do not allow negotiation of unknown primes with DG GEX in FIPS mode
2019-03-12 15:16:35 +01:00
Jakub Jelen
e8876f1b1f
Honor GSSAPIServerIdentity for GSSAPI Key Exchange ( #1637167 )
2018-10-19 11:41:34 +02:00
Jakub Jelen
eaa7af2e41
rebase patches to openssh-7.9p1
2018-10-19 11:41:07 +02:00
Jakub Jelen
bbf61daf97
openssh-7.8p1-1 + 0.10.3-5
...
New upstream release including:
* Dropping entropy patch
* Remove default support for MD5 fingerprints
* Porting all the downstream patches and pam_ssh_agent_auth
to new sshbuf and sshkey API
* pam_ssh_agent_auth is no longer using MD5 fingerprints
2018-08-24 23:16:24 +02:00
Jakub Jelen
44e2032a0a
fips: Show real list of kex algoritms in FIPS
2018-08-08 10:18:27 +02:00