rpms
/
openssh
7
0
Fork 0
Code Issues Pull Requests Releases Activity
62 Commits 7 Branches 46 Tags 2 MiB
Commit Graph

58 Commits

Author SHA1 Message Date
Dmitry Belyavskiy ebbbfce0aa Do not try to use SHA1 for host key ownership proof when we don't support it server-side 
Resolves: rhbz#2088750
 2023-01-12 16:16:08 +01:00
Zoltan Fridrich 5cfb97500b Add sk-dummy subpackage for test purposes 
Resolves: rhbz#2092780

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2023-01-12 11:23:15 +01:00
Dmitry Belyavskiy 6f747825fa Minor cleanups from upstream 
Fix one-byte overflow in SSH banner processing
Resolves: rhbz#2138345
Fix double free() in error path
Resolves: rhbz#2138347
 2023-01-06 11:57:27 +01:00
Dmitry Belyavskiy b0f3205a21 - Build fix after OpenSSL rebase 
Resolves: rhbz#2153626
 2022-12-16 11:52:54 +01:00
Dmitry Belyavskiy ad9644f74c Set minimal value of RSA key length via configuration option 
Added a support for our name as alias.

Resolves: rhbz#2128352
 2022-09-23 11:14:03 +02:00
Dmitry Belyavskiy d4ff0b8809 Set minimal value of RSA key length via configuration option 
Resolves: rhbz#2128352
 2022-09-22 14:48:29 +02:00
Dmitry Belyavskiy d925600c40 Set minimal value of RSA key length via configuration option 
Related: rhbz#2066882
 2022-08-16 19:33:50 +02:00
Dmitry Belyavskiy a0db6b2b7f Avoid spirous message on connecting to the machine with ssh-rsa keys 
Related: rhbz#2115246
 2022-08-16 14:32:50 +02:00
Dmitry Belyavskiy b53c538acd IBMCA workaround 
Related: rhbz#1976202
 2022-08-04 14:37:20 +02:00
Zoltan Fridrich 1d30b84a88 Fix openssh-8.7p1-scp-clears-file.patch 
Related: rhbz#2056884

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-26 16:14:15 +02:00
Dmitry Belyavskiy 9591af3b1d FIX pam_ssh_agent_auth auth for RSA keys 
Related: rhbz#2070113
 2022-07-15 16:52:19 +02:00
Zoltan Fridrich 9697eecfeb Fix new coverity issues 
Related: rhbz#2068423

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-15 10:20:09 +02:00
Dmitry Belyavskiy d23afae05f Disable ed25519 and ed25519-sk keys in FIPS mode 
Related: rhbz#2087915
 2022-07-14 16:15:05 +02:00
Zoltan Fridrich e8622f8c21 Don't propose disallowed algorithms during hostkey negotiation 
Resolves: rhbz#2068423

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-14 13:05:12 +02:00
Dmitry Belyavskiy b17ff3bc91 Disable ed25519 and ed25519-sk keys in FIPS mode 
Related: rhbz#2087915
 2022-07-14 12:23:52 +02:00
Dmitry Belyavskiy 0d823b2f2a Disable ed25519 and ed25519-sk keys in FIPS mode 
Related: rhbz#2087915
 2022-07-13 16:24:55 +02:00
Zoltan Fridrich 821045a148 Add reference for policy customization in ssh/sshd_config manpages 
Resolves: rhbz#1984575

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 15:32:37 +02:00
Dmitry Belyavskiy 3990967629 Disable ed25519 and ed25519-sk keys in FIPS mode 
Related: rhbz#2087915
 2022-07-12 13:37:26 +02:00
Dmitry Belyavskiy 32a82650cf Disable sntrup761x25519-sha512 in FIPS mode 
Related: rhbz#2070628
 2022-07-12 13:37:24 +02:00
Zoltan Fridrich fd0d5a4f44 Fix host-based authentication with rsa keys 
Resolves: rhbz#2088916

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 11:52:38 +02:00
Zoltan Fridrich 9bf7b4f39d Fix gssapi authentication failures 
Resolves: rhbz#2091023

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 11:52:38 +02:00
Zoltan Fridrich 585620b0f1 Fix several memory leaks 
Related: rhbz#2068423

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 11:52:38 +02:00
Zoltan Fridrich afede72d91 Add missing options from ssh_config into ssh manpage 
Resolves: rhbz#2033372

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-12 11:52:38 +02:00
Zoltan Fridrich c958ea0a38 Fix scp clearing file when src and dest are the same 
Resolves: rhbz#2056884

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-07-11 15:35:31 +02:00
Dmitry Belyavskiy d0bf0e31d9 Use EVP functions for RSA and EC key generation 
Related: rhbz#2087121
 2022-07-11 11:55:08 +02:00
Dmitry Belyavskiy 4b21ae5fcb Set minimal value of RSA key length via configuration option 
Related: rhbz#2066882
 2022-07-11 11:55:08 +02:00
Zoltan Fridrich e11cd77fd3 Change log level of FIPS specific log message to verbose 
Resolves: rhbz#2102201

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-06-30 09:03:28 +02:00
Zoltan Fridrich 1325e1f087 Change product name from Fedora to RHEL in openssh-7.8p1-UsePAM-warning.patch 
Resolves: rhbz#2064338

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-06-30 09:03:28 +02:00
Zoltan Fridrich abf0321b6d Update minimize-sha1-use.patch to use upstream code 
Related: rhbz#2031868, rhbz#2064338

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
 2022-06-30 09:02:44 +02:00
Dmitry Belyavskiy cf05a27ed6 Workaround for RHEL 8 incompatibility in scp utility in SFTP mode 
Related: rhbz#2038854
 2022-02-22 13:06:07 +01:00
Dmitry Belyavskiy 14950508f7 Switch to SFTP protocol in scp utility by default - various improvements 
Workaround for RHEL 8 incompatibility in scp utility in SFTP mode
Related: rhbz#2001002
Related: rhbz#2038854
 2022-02-07 13:07:00 +01:00
Dmitry Belyavskiy 0b7faaf14a Switch to SFTP protocol in scp utility by default - upstream fixes 
Related: rhbz#2001002
 2022-02-02 16:26:40 +01:00
Dmitry Belyavskiy 829ee6e4ad Fix SSH connection to localhost not possible in FIPS 
Related: rhbz#2031868
 2021-12-21 12:02:25 +01:00
Dmitry Belyavskiy bf1985329d - Fix `ssh-keygen -Y find-principals -f /dev/null -s /dev/null` segfault 
Related: rhbz#2024902
 2021-11-29 16:16:28 +01:00
Dmitry Belyavskiy 581a7d826d Fix memory leaks introduced in OpenSSH 8.7 
Related: rhbz#2001002
 2021-10-25 11:16:17 +02:00
Dmitry Belyavskiy 6e19d4fb57 Disable locale forwarding in default configurations 
Related: rhbz#2002734
 2021-10-19 15:24:12 +02:00
Dmitry Belyavskiy aa1b338db7 Upstream fix for CVE-2021-41617 
Resolves: rhbz#2008886
 2021-10-01 13:27:42 +02:00
Dmitry Belyavskiy f32839a5e4 Disabling SCP protocol as much as possible 
Resolves: rhbz#2001002
 2021-09-24 16:51:04 +02:00
Dmitry Belyavskiy 62d88b35f1 Sources and spec changes 
Resolves: rhbz#2001002
 2021-09-24 15:39:42 +02:00
Mohan Boddu 64353fc305 Rebuilt for IMA sigs, glibc 2.34, aarch64 flags 
Related: rhbz#1991688
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-08-09 22:44:13 +00:00
Florian Weimer 92c05eeef4 Rebuild to pick up OpenSSL 3.0 Beta ABI (#1984097) 
Related: #1984097
 2021-07-28 12:14:58 +02:00
Dmitry Belyavskiy b82d680780 Upstream patch for restoring nonblock state 
Resolves: rhbz#1952957
 2021-06-21 12:42:32 +02:00
Mohan Boddu ff6bdd331f Rebuilt for RHEL 9 BETA for openssl 3.0 
Related: rhbz#1971065
Signed-off-by: Mohan Boddu <mboddu@redhat.com>
 2021-06-16 03:34:28 +00:00
Dmitry Belyavskiy 0695fda02c Remove the recommendation of p11-kit 
As p11-kit is installed anyway and is not a hard requirement, it is
removed from the list of Recommended packages.

Resolves: rhbz#1947904
 2021-06-03 13:26:44 +02:00
Dmitry Belyavskiy d1f2edbe8b Avoid warnings about deprecated functions 
Resolves: rhbz#1952451
 2021-06-01 16:40:12 +02:00
Dmitry Belyavskiy 9b598f2165 Hostbased ssh authentication fails if session ID contains a '/' 
Resolves: rhbz#1963058
 2021-05-21 18:13:23 +02:00
Dmitry Belyavskiy d0754b1a8d Hostbased ssh authentication fails if session ID contains a '/' 
Resolves: rhbz#1963058
 2021-05-21 17:48:40 +02:00
Dmitry Belyavskiy c3e6e4a2e6 Missing patch 
Resolves: rhbz#1952957
 2021-05-10 11:20:08 +02:00
Dmitry Belyavskiy d075fa1cd6 Fixing broken GSS KEX beginning with (GSI-)OpenSSH 8.0p1 
Resolves: rhbz#1957306
 2021-05-06 16:19:14 +02:00
Dmitry Belyavskiy 9dff9c0419 Rebase from openssh 8.5p1 to 8.6p1 
Resolves: rhbz#1952957
 2021-05-06 16:19:14 +02:00