rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity
79 Commits 9 Branches 61 Tags 11 MiB
d18e1c1119
Commit Graph

79 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dmitry Belyavskiy
d18e1c1119 Relax OpenSSH build-time checks for OpenSSL version 
Related: RHEL-4734
 2023-12-20 11:31:43 +01:00
Dmitry Belyavskiy
54fc8050ff Fix Terrapin attack 
Resolves: CVE-2023-48795
 2023-12-20 11:26:41 +01:00
Dmitry Belyavskiy
5838d35972 Move users/groups creation logic to sysusers.d fragments 
Resolves: RHEL-5222
 2023-10-24 14:22:42 +02:00
Dmitry Belyavskiy
a43be164ec Limit artificial delays in sshd while login using AD user 
Resolves: RHEL-2469
 2023-10-23 13:33:49 +02:00
Dmitry Belyavskiy
d8b51e8341 Relax OpenSSH checks for OpenSSL version 
Resolves: RHEL-4734
 2023-10-23 12:59:46 +02:00
Dmitry Belyavskiy
edaf6c0fb4 Avoid remote code execution in ssh-agent PKCS#11 support 
Resolves: CVE-2023-38408
 2023-07-20 12:10:35 +02:00
Dmitry Belyavskiy
6fa799e1aa Avoid remote code execution in ssh-agent PKCS#11 support 
Resolves: CVE-2023-38408
 2023-07-20 12:02:42 +02:00
Dmitry Belyavskiy
c5140cafa3 Allow specifying validity interval in UTC 
Resolves: rhbz#2115043
 2023-06-14 11:15:41 +02:00
Norbert Pocs
415f8e730b Clarify rhbz#2068423 on the ssh_config man page 
Resolves: rhbz#2209096

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-06-02 09:16:33 +02:00
Norbert Pocs
6b2353418c Fix regression in pkcs11 introduced in the previous patch 
Resolves: rhbz#2207793

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-05-25 09:22:24 +02:00
Norbert Pocs
48718a1a72 Delete unneeded debug messages from fips-compl-dh patch 
Related: rhbz#2091694

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-05-25 09:17:38 +02:00
Norbert Pocs
1490ffd3e0 Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch 
- Check return values
- Use EVP API to get the size of DH

Related: rhbz#2091694

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-05-16 15:50:52 +02:00
Norbert Pocs
587d7b215f Add FIPS compliance efforts for dh, ecdh and signing 
Resolves: rhbz#2091694

Signed-off-by: Norbert Pocs <npocs@redhat.com>
 2023-05-03 15:52:40 +02:00
Dmitry Belyavskiy
b5ba5af997 Eliminating remnants of SHA1 usage in OpenSSH 
Resolves: rhbz#2070163
 2023-04-28 16:04:07 +02:00
Dmitry Belyavskiy
cc7d7a5730 Some non-terminating processes were listening on ports. 
Resolves: rhbz#2177768
 2023-04-20 17:29:37 +02:00
Dmitry Belyavskiy
f7003be68c Resolve possible self-DoS with some clients 
Resolves: rhbz#2186473
 2023-04-13 14:24:35 +02:00
Dmitry Belyavskiy
42aa6f597e Do not try to use SHA1 for host key ownership proof when we don't support it server-side 
Related: rhbz#2088750
 2023-01-13 15:24:38 +01:00
Dmitry Belyavskiy
ebbbfce0aa Do not try to use SHA1 for host key ownership proof when we don't support it server-side 
Resolves: rhbz#2088750
 2023-01-12 16:16:08 +01:00
Zoltan Fridrich
5cfb97500b Add sk-dummy subpackage for test purposes 
Resolves: rhbz#2092780

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2023-01-12 11:23:15 +01:00
Dmitry Belyavskiy
6f747825fa Minor cleanups from upstream 
Fix one-byte overflow in SSH banner processing
Resolves: rhbz#2138345
Fix double free() in error path
Resolves: rhbz#2138347
 2023-01-06 11:57:27 +01:00
Dmitry Belyavskiy
b0f3205a21 - Build fix after OpenSSL rebase 
Resolves: rhbz#2153626
 2022-12-16 11:52:54 +01:00
Dmitry Belyavskiy
ad9644f74c Set minimal value of RSA key length via configuration option 
Added a support for our name as alias.

Resolves: rhbz#2128352
 2022-09-23 11:14:03 +02:00
Dmitry Belyavskiy
d4ff0b8809 Set minimal value of RSA key length via configuration option 
Resolves: rhbz#2128352
 2022-09-22 14:48:29 +02:00
Dmitry Belyavskiy
d925600c40 Set minimal value of RSA key length via configuration option 
Related: rhbz#2066882
 2022-08-16 19:33:50 +02:00
Dmitry Belyavskiy
a0db6b2b7f Avoid spirous message on connecting to the machine with ssh-rsa keys 
Related: rhbz#2115246
 2022-08-16 14:32:50 +02:00
Dmitry Belyavskiy
b53c538acd IBMCA workaround 
Related: rhbz#1976202
 2022-08-04 14:37:20 +02:00
Zoltan Fridrich
1d30b84a88 Fix openssh-8.7p1-scp-clears-file.patch 
Related: rhbz#2056884

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-26 16:14:15 +02:00
Dmitry Belyavskiy
9591af3b1d FIX pam_ssh_agent_auth auth for RSA keys 
Related: rhbz#2070113
 2022-07-15 16:52:19 +02:00
Zoltan Fridrich
9697eecfeb Fix new coverity issues 
Related: rhbz#2068423

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-15 10:20:09 +02:00
Dmitry Belyavskiy
d23afae05f Disable ed25519 and ed25519-sk keys in FIPS mode 
Related: rhbz#2087915
 2022-07-14 16:15:05 +02:00
Zoltan Fridrich
e8622f8c21 Don't propose disallowed algorithms during hostkey negotiation 
Resolves: rhbz#2068423

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-14 13:05:12 +02:00
Dmitry Belyavskiy
b17ff3bc91 Disable ed25519 and ed25519-sk keys in FIPS mode 
Related: rhbz#2087915
 2022-07-14 12:23:52 +02:00
Dmitry Belyavskiy
0d823b2f2a Disable ed25519 and ed25519-sk keys in FIPS mode 
Related: rhbz#2087915
 2022-07-13 16:24:55 +02:00
Zoltan Fridrich
821045a148 Add reference for policy customization in ssh/sshd_config manpages 
Resolves: rhbz#1984575

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 15:32:37 +02:00
Dmitry Belyavskiy
3990967629 Disable ed25519 and ed25519-sk keys in FIPS mode 
Related: rhbz#2087915
 2022-07-12 13:37:26 +02:00
Dmitry Belyavskiy
32a82650cf Disable sntrup761x25519-sha512 in FIPS mode 
Related: rhbz#2070628
 2022-07-12 13:37:24 +02:00
Zoltan Fridrich
fd0d5a4f44 Fix host-based authentication with rsa keys 
Resolves: rhbz#2088916

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 11:52:38 +02:00
Zoltan Fridrich
9bf7b4f39d Fix gssapi authentication failures 
Resolves: rhbz#2091023

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 11:52:38 +02:00
Zoltan Fridrich
585620b0f1 Fix several memory leaks 
Related: rhbz#2068423

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 11:52:38 +02:00
Zoltan Fridrich
afede72d91 Add missing options from ssh_config into ssh manpage 
Resolves: rhbz#2033372

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 11:52:38 +02:00
Zoltan Fridrich
c958ea0a38 Fix scp clearing file when src and dest are the same 
Resolves: rhbz#2056884

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-11 15:35:31 +02:00
Dmitry Belyavskiy
d0bf0e31d9 Use EVP functions for RSA and EC key generation 
Related: rhbz#2087121
 2022-07-11 11:55:08 +02:00
Dmitry Belyavskiy
4b21ae5fcb Set minimal value of RSA key length via configuration option 
Related: rhbz#2066882
 2022-07-11 11:55:08 +02:00
Zoltan Fridrich
e11cd77fd3 Change log level of FIPS specific log message to verbose 
Resolves: rhbz#2102201

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-06-30 09:03:28 +02:00
Zoltan Fridrich
1325e1f087 Change product name from Fedora to RHEL in openssh-7.8p1-UsePAM-warning.patch 
Resolves: rhbz#2064338

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-06-30 09:03:28 +02:00
Zoltan Fridrich
abf0321b6d Update minimize-sha1-use.patch to use upstream code 
Related: rhbz#2031868, rhbz#2064338

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-06-30 09:02:44 +02:00
Dmitry Belyavskiy
cf05a27ed6 Workaround for RHEL 8 incompatibility in scp utility in SFTP mode 
Related: rhbz#2038854
 2022-02-22 13:06:07 +01:00
Dmitry Belyavskiy
14950508f7 Switch to SFTP protocol in scp utility by default - various improvements 
Workaround for RHEL 8 incompatibility in scp utility in SFTP mode
Related: rhbz#2001002
Related: rhbz#2038854
 2022-02-07 13:07:00 +01:00
Dmitry Belyavskiy
0b7faaf14a Switch to SFTP protocol in scp utility by default - upstream fixes 
Related: rhbz#2001002
 2022-02-02 16:26:40 +01:00
Dmitry Belyavskiy
829ee6e4ad Fix SSH connection to localhost not possible in FIPS 
Related: rhbz#2031868
 2021-12-21 12:02:25 +01:00