Jakub Jelen
4e3553bf2a
openssh-8.2p1-3 + 0.10.3-9
2020-04-08 10:27:07 +02:00
Jakub Jelen
a848054c8a
Clarify crypto policies documentation in manual pages
...
* All the options that are affected by crypto policies will mention that + and -
work with built-in defaults and not the crypto-policies ones.
* The line mentioning crypto policies will be the first one in the option description.
2020-03-30 16:38:36 +02:00
Jakub Jelen
eb546ec1a7
Drop fipscheck dependency and non-standard fips checks
2020-03-30 16:38:36 +02:00
Jakub Jelen
02af5cfa17
Do not break X11 forwarding without IPv6
2020-03-30 16:38:36 +02:00
Jakub Jelen
1cc7c87af2
Enable SHA2-based GSSAPI key exchange algorithms by default ( #1666781 )
2020-03-30 16:38:36 +02:00
Jakub Jelen
fbd5f1bee2
Print FIPS mode initialized in debug mode after the configuration is processed
...
Amends ee9cb00
2020-03-30 16:38:36 +02:00
Jakub Jelen
57ba1bd853
Restore gssapi-canohost.patch ( #1749862 )
...
This is useful when connecting through proxyjump in combination with
GSSAPITrustDNS yes, because we can not get remote address of such socket.
https://src.fedoraproject.org/rpms/openssh/blob/f29/f/openssh-6.1p1-gssapi-canohost.patch
2020-03-30 16:38:36 +02:00
Jakub Jelen
3e611d91bb
Simplify references to crypto policies in configuration files ( #1812854 )
2020-03-30 14:19:17 +02:00
Jakub Jelen
b2417553a2
openssh-8.2p1-2 + 0.10.3-9
2020-02-20 10:34:01 +01:00
Jakub Jelen
82f9421fb4
Build properly with integrated u2f support ( #1803948 )
2020-02-20 10:32:48 +01:00
Jakub Jelen
51f5c1c99f
openssh-8.2p1-1 + 0.10.3-9
2020-02-17 14:34:41 +01:00
Jakub Jelen
ee9cb005b3
Do not write information about FIPS mode to stderr ( #1778224 )
2020-02-17 14:34:04 +01:00
Jakub Jelen
2b86acd332
Correctly report invalid key permissions ( #1801459 )
2020-02-17 14:28:10 +01:00
Jakub Jelen
a2cffc6e9b
openssh-8.1p1-4 + 0.10.3-8
2020-02-03 00:51:53 +01:00
Jakub Jelen
7f46693182
Unbreak seccomp filter on ARM ( #1796267 )
2020-02-03 00:50:34 +01:00
Fedora Release Engineering
657d132847
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-29 20:24:49 +00:00
Jakub Jelen
62361a761c
openssh-8.1p1-3 + 0.10.3-8
2019-11-27 11:16:26 +01:00
Jakub Jelen
c28decf412
Unbreak the seccomp filter also on ARM ( #1777054 )
2019-11-27 11:15:00 +01:00
Jakub Jelen
7254607b91
Do not extensively modify sshd_config -- DSA keys are not loaded for some time already
2019-11-19 13:16:28 +01:00
Jakub Jelen
d26b44fe7f
openssh-8.1p1-2 + 0.10.3-8
2019-11-14 09:24:36 +01:00
Jakub Jelen
6a2fce44b5
Unbreak seccomp filter with latest glibc ( #1771946 )
2019-11-14 09:18:41 +01:00
Jakub Jelen
36fef5669a
openssh-8.1p1-1 + 0.10.3-8
2019-10-09 10:24:21 +02:00
Jakub Jelen
5eb2d51328
Add missing hostkey certificate algorithms to the FIPS list
2019-07-26 09:27:52 +02:00
Jakub Jelen
d19ba936f2
Do not attempt to generate DSA and ED25519 keys in FIPS mode
2019-07-26 09:27:52 +02:00
Fedora Release Engineering
0ca1614ae2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 23:35:32 +00:00
Jakub Jelen
73b069e926
openssh-8.0p1-8 + 0.10.3-7
2019-07-23 09:50:20 +02:00
Jakub Jelen
5d6a14bd4a
Use the upstream version of the PKCS#8 PEM support ( #1722285 )
2019-07-23 09:49:22 +02:00
Jakub Jelen
30922f629c
openssh-8.0p1-7 + 0.10.3-7
2019-07-12 23:23:09 +02:00
Jakub Jelen
358f62be8a
As agreed with anaconda team, they will provide a environment file under /etc/sysconfig ( #1722928 )
...
See anaconda pull request for discussion:
https://github.com/rhinstaller/anaconda/pull/2042
2019-07-12 23:20:56 +02:00
Jakub Jelen
e9bd9a2128
openssh-8.0p1-6 + 0.10.3-7
2019-07-03 16:52:53 +02:00
Jakub Jelen
0b10752bbc
Accept environment variable PERMITROOTLOGIN from anaconda drop-in service file ( #1722928 )
...
Anaconda pull request:
https://github.com/rhinstaller/anaconda/pull/2037
Fedora change:
https://fedoraproject.org/wiki/Changes/DisableRootPasswordLoginInSshd
2019-07-03 14:54:40 +02:00
Jakub Jelen
36a44721c5
openssh-8.0p1-5 + 0.10.3-7
2019-06-26 14:06:48 +02:00
Jakub Jelen
e9a555ffbf
Whitelist some annonying errors from rpmlint
2019-06-26 14:06:48 +02:00
Jakub Jelen
58ee5c17a8
Drop INSTALL file from docs as recommended by rpmlint checks
2019-06-26 14:06:48 +02:00
Jakub Jelen
eda4c070da
Drop unused unversioned Obsoletes and Provides, which are 5 or 10 years old now
2019-06-26 14:06:48 +02:00
Jakub Jelen
4bd6cfb874
Disable root password logins ( #1722928 )
2019-06-26 14:06:37 +02:00
Jakub Jelen
fdbd5bc6f9
Fix typos in manual pages related to crypto-policies
2019-06-19 15:56:25 +02:00
Jakub Jelen
3153574729
tests: Make sure the user gets removed and the test pass
2019-06-17 13:31:57 +02:00
Jakub Jelen
dad744a32b
openssh-8.0p1-4 + 0.10.3-7
2019-06-17 12:49:59 +02:00
Jakub Jelen
56494b92a4
pkcs11: Allow to specify pin-value also for ssh-add
2019-06-17 12:42:15 +02:00
Jakub Jelen
50e2b60d3f
Provide correct signature type for SHA2 certificates in agent
2019-06-17 12:40:12 +02:00
Jakub Jelen
56fdfa2a52
Use the new OpenSSL API to export PEM files to avoid dependency on MD5
2019-05-30 11:29:43 +02:00
Jakub Jelen
f15fbdc5fe
Whitelist another syscall variant for s390x cryptographic module (ibmca engine)
2019-05-30 11:28:11 +02:00
Jakub Jelen
66e9887b15
Coverity warnings
2019-05-30 11:27:04 +02:00
Jakub Jelen
7f1ad371a4
openssh-8.0p1-3 + 0.10.3-7
2019-05-27 10:23:08 +02:00
Jakub Jelen
7a14283cba
Drop the problematic patch for updating pw structure after authentication
2019-05-23 15:34:17 +02:00
Jakub Jelen
ae802a53d8
pkcs11: Do not require the labels on the public objects ( #1710832 )
2019-05-16 15:14:52 +02:00
Jakub Jelen
53c9085316
openssh-8.0p1-2 + 0.10.3-7
2019-05-14 13:45:08 +02:00
Jakub Jelen
f726e51d86
Use OpenSSL KDF
...
Resolves: rhbz#1631761
2019-05-14 13:35:14 +02:00
Jakub Jelen
751cd9acc7
Use OpenSSL high-level API to produce and verify signatures
...
Resolves: rhbz#1707485
2019-05-14 13:32:04 +02:00