rpms/openssh
7
0
Fork 2
Code Issues Pull Requests Releases Activity
1,292 Commits 16 Branches 129 Tags 12 MiB
caf511a782
Commit Graph

1292 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Koichiro Iwao
caf511a782 Unpatch Red Hat help message 2026-04-15 02:41:16 +00:00
Dmitry Belyavskiy
125c748cc9 Add missing NULL check for server key generation in ML-KEM hybrids 
Resolves: RHEL-168106
 2026-04-14 16:24:03 +02:00
Dmitry Belyavskiy
b35a30acc7 Improve keytab detection when obtaining Kerberos tickets on behalf of user on SSH authentication 
Related: RHEL-92932
 2026-04-14 16:19:58 +02:00
Zoltan Fridrich
8edc05030d Fix CVE-2026-35386 
Add validation rules to usernames and hostnames
set for ProxyJump/-J on the commandline

Resolves: RHEL-166207

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-10 16:20:30 +02:00
Zoltan Fridrich
88128fdefa Fix CVE-2026-35414 
Fix mishandling of authorized_keys principals option

Resolves: RHEL-166191

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-10 13:19:44 +02:00
Zoltan Fridrich
418d6a85be Fix CVE-2026-35387 
Fix incomplete application of PubkeyAcceptedAlgorithms
and HostbasedAcceptedAlgorithms with regard to ECDSA keys

Resolves: RHEL-166223

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-10 13:09:18 +02:00
Zoltan Fridrich
b39c465ad2 Fix CVE-2026-35388 
Add connection multiplexing confirmation for proxy-mode
multiplexing sessions

Resolves: RHEL-166239

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-10 13:05:15 +02:00
Zoltan Fridrich
4ca20e1c2c Fix CVE-2026-35385 
Fix privilege escalation via scp legacy protocol
when not in preserving file mode

Resolves: RHEL-164740

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-07 16:33:04 +02:00
Zoltan Fridrich
27f5b6826e Ssh should refuse connection when mlkem kex is specified in FIPS 
Resolves: RHEL-155178

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-02 16:47:11 +02:00
Zoltan Fridrich
7f2ed42778 Fix static analysis issues 
Resolves: RHEL-163365

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-04-01 16:04:15 +02:00
Koichiro Iwao
78631c5777 Unpatch Red Hat help message 2026-03-28 02:40:24 +00:00
Zoltan Fridrich
1ea96929c7 Fix typo in SPDX license name 
Resolves: RHEL-161464

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-27 09:46:13 +01:00
Koichiro Iwao
f16816a3e5 Unpatch Red Hat help message 2026-03-25 02:45:28 +00:00
Zoltan Fridrich
7c2c5a7cd0 Fix typo in GSSAPIProxyS4U2Services 
Related: RHEL-92932

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-23 09:36:21 +01:00
Zoltan Fridrich
ef90c25403 Fix duplicate audit log entry when destroying ed25519 private keys 
Resolves: RHEL-46782

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-20 15:04:10 +01:00
Zoltan Fridrich
3f5a4dc4f9 Don't negotiate non-FIPS algorithms in ssh-keyscan key exchange in FIPS mode 
Resolves: RHEL-88565

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-18 16:05:26 +01:00
Koichiro Iwao
b70f888f14 Unpatch Red Hat help message 2026-03-18 02:41:41 +00:00
Zoltan Fridrich
f5a6642da3 Fix CVE-2026-3497 
Fix information disclosure or denial of service due
to uninitialized variables in gssapi-keyex

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-13 12:58:59 +01:00
Zoltan Fridrich
5112fd1dbb Fix GSSAPI authentication indicator issues found by AI 
Resolves: RHEL-154309

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-12 16:44:06 +01:00
Zoltan Fridrich
952d882d0a Fix mistracking of MaxStartups process exits in some situations 
Resolves: RHEL-121768

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-12 16:44:06 +01:00
Zoltan Fridrich
394f1022a0 First property value in config should win 
Only the first value of MaxStartups, PerSourceNetBlockSize and
IPQoS in sshd_config should count when defined multiple times

Resolves: RHEL-150365

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-12 16:43:39 +01:00
Zoltan Fridrich
0a7a052f87 Remove recommendation of p11-kit 
Resolves: RHEL-139070

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2026-03-12 12:44:14 +01:00
Koichiro Iwao
4decb94699 Unpatch Red Hat help message 2026-03-12 02:47:54 +00:00
Dmitry Belyavskiy
f7363d9b66 Implement obtaining Kerberos tickets on behalf of user on SSH authentication 
Resolves: RHEL-92932
 2026-03-11 11:52:43 +01:00
Koichiro Iwao
e02b78773e Unpatch Red Hat help message 2026-02-28 03:01:46 +00:00
Dmitry Belyavskiy
40a368d891 Provide a way to skip unsupported ML-KEM hybrid algorithms in FIPS mode 
Resolves: RHEL-151579
 2026-02-27 11:39:42 +01:00
Koichiro Iwao
4a644c715b Unpatch Red Hat help message 2025-12-13 02:48:37 +00:00
Dmitry Belyavskiy
0eb85c5308 Support of hybrid MLKEM key exchange methods in FIPS mode 
Resolves: RHEL-125929
 2025-12-12 12:55:41 +01:00
Koichiro Iwao
f4d2799350 Unpatch Red Hat help message 2025-12-10 02:53:39 +00:00
Koichiro Iwao
5ee07b1b01 Unpatch Red Hat help message 2025-12-06 02:51:00 +00:00
Dmitry Belyavskiy
2c179221a3 Adding a mechanism to disable GSSAPIDelegateCredentials in sshd_config 
Resolves: RHEL-5281
 2025-12-05 16:36:17 +01:00
Zoltan Fridrich
40f5f26708 CVE-2025-61985: Reject URL-strings with NULL characters 
Resolves: RHEL-128388

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-12-05 10:27:33 +01:00
Zoltan Fridrich
3ed25d6be7 CVE-2025-61984: Reject usernames with control characters 
Resolves: RHEL-128399

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-12-05 10:24:20 +01:00
eabdullin
f9a7fc888c Bump release 2025-11-25 14:33:25 +03:00
Koichiro Iwao
bcbf9fa65f Unpatch Red Hat help message 2025-11-04 03:04:55 +00:00
Dmitry Belyavskiy
d6c153ae72 Implement mlkem768nistp256-sha256 and mlkem1024nistp384-sha384 KEX methods 
Resolves: RHEL-70824
 2025-11-03 12:56:38 +01:00
Koichiro Iwao
1617a4a445 Unpatch Red Hat help message 2025-10-31 03:05:48 +00:00
Zoltan Fridrich
bf1cef9a73 Canonicalize username when matching a user 
Resolves: RHEL-101440

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-10-29 16:05:17 +01:00
Zoltan Fridrich
24c1261105 Fix implicit destination path selection when source path ends with ".." 
Resolves: RHEL-118406

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-10-29 16:05:17 +01:00
Koichiro Iwao
9c68029c65 Unpatch Red Hat help message 2025-09-16 03:00:22 +00:00
Dmitry Belyavskiy
5be8bc1b40 Relax GSS Kex restriction in FIPS mode 
Resolves: RHEL-91181
 2025-09-15 15:36:27 +02:00
Koichiro Iwao
fedf440c48 Unpatch Red Hat help message 2025-09-03 03:01:48 +00:00
Dmitry Belyavskiy
ab204f7870 Allow non-cryptographical use of MD5 in GSS Kex in FIPS mode 
Related: RHEL-91181
 2025-09-02 12:41:17 +02:00
Koichiro Iwao
98ded40a18 Unpatch Red Hat help message 2025-08-29 02:53:40 +00:00
Dmitry Belyavskiy
79ecdd9f8c Relax GSS Kex restriction in FIPS mode 
Resolves: RHEL-91181
 2025-08-04 15:54:13 +02:00
Koichiro Iwao
dba7d2fcf4 Unpatch Red Hat help message 2025-07-29 18:20:32 +00:00
Zoltan Fridrich
2303b82ca8 Move the redhat help message to debug1 log level 
Resolves: RHEL-93957

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2025-07-17 15:02:56 +02:00
Koichiro Iwao
643c540c79 Unpatch Red Hat help message 2025-06-29 02:31:50 +00:00
Dmitry Belyavskiy
f897faab42 Support for authentication indicators in OpenSSH 
Resolves: RHEL-40790
 2025-06-26 17:00:42 +02:00
Andrew Lukoshko
37bb069838 Merge pull request 'Unpatch Red Hat help message' (#3) from metalefty/openssh:a10s-redhat-help into a10s 
Reviewed-on: #3
 2025-06-25 14:06:46 +00:00