7f46693182
Unbreak seccomp filter on ARM ( #1796267 )
2020-02-03 00:50:34 +01:00
657d132847
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2020-01-29 20:24:49 +00:00
62361a761c
openssh-8.1p1-3 + 0.10.3-8
2019-11-27 11:16:26 +01:00
c28decf412
Unbreak the seccomp filter also on ARM ( #1777054 )
2019-11-27 11:15:00 +01:00
7254607b91
Do not extensively modify sshd_config -- DSA keys are not loaded for some time already
2019-11-19 13:16:28 +01:00
d26b44fe7f
openssh-8.1p1-2 + 0.10.3-8
2019-11-14 09:24:36 +01:00
6a2fce44b5
Unbreak seccomp filter with latest glibc ( #1771946 )
2019-11-14 09:18:41 +01:00
36fef5669a
openssh-8.1p1-1 + 0.10.3-8
2019-10-09 10:24:21 +02:00
5eb2d51328
Add missing hostkey certificate algorithms to the FIPS list
2019-07-26 09:27:52 +02:00
d19ba936f2
Do not attempt to generate DSA and ED25519 keys in FIPS mode
2019-07-26 09:27:52 +02:00
0ca1614ae2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
...
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
2019-07-25 23:35:32 +00:00
73b069e926
openssh-8.0p1-8 + 0.10.3-7
2019-07-23 09:50:20 +02:00
5d6a14bd4a
Use the upstream version of the PKCS#8 PEM support ( #1722285 )
2019-07-23 09:49:22 +02:00
30922f629c
openssh-8.0p1-7 + 0.10.3-7
2019-07-12 23:23:09 +02:00
358f62be8a
As agreed with anaconda team, they will provide a environment file under /etc/sysconfig ( #1722928 )
...
See anaconda pull request for discussion:
https://github.com/rhinstaller/anaconda/pull/2042
2019-07-12 23:20:56 +02:00
e9bd9a2128
openssh-8.0p1-6 + 0.10.3-7
2019-07-03 16:52:53 +02:00
0b10752bbc
Accept environment variable PERMITROOTLOGIN from anaconda drop-in service file ( #1722928 )
...
Anaconda pull request:
https://github.com/rhinstaller/anaconda/pull/2037
Fedora change:
https://fedoraproject.org/wiki/Changes/DisableRootPasswordLoginInSshd
2019-07-03 14:54:40 +02:00
36a44721c5
openssh-8.0p1-5 + 0.10.3-7
2019-06-26 14:06:48 +02:00
e9a555ffbf
Whitelist some annonying errors from rpmlint
2019-06-26 14:06:48 +02:00
58ee5c17a8
Drop INSTALL file from docs as recommended by rpmlint checks
2019-06-26 14:06:48 +02:00
eda4c070da
Drop unused unversioned Obsoletes and Provides, which are 5 or 10 years old now
2019-06-26 14:06:48 +02:00
4bd6cfb874
Disable root password logins ( #1722928 )
2019-06-26 14:06:37 +02:00
fdbd5bc6f9
Fix typos in manual pages related to crypto-policies
2019-06-19 15:56:25 +02:00
3153574729
tests: Make sure the user gets removed and the test pass
2019-06-17 13:31:57 +02:00
dad744a32b
openssh-8.0p1-4 + 0.10.3-7
2019-06-17 12:49:59 +02:00
56494b92a4
pkcs11: Allow to specify pin-value also for ssh-add
2019-06-17 12:42:15 +02:00
50e2b60d3f
Provide correct signature type for SHA2 certificates in agent
2019-06-17 12:40:12 +02:00
56fdfa2a52
Use the new OpenSSL API to export PEM files to avoid dependency on MD5
2019-05-30 11:29:43 +02:00
f15fbdc5fe
Whitelist another syscall variant for s390x cryptographic module (ibmca engine)
2019-05-30 11:28:11 +02:00
66e9887b15
Coverity warnings
2019-05-30 11:27:04 +02:00
7f1ad371a4
openssh-8.0p1-3 + 0.10.3-7
2019-05-27 10:23:08 +02:00
7a14283cba
Drop the problematic patch for updating pw structure after authentication
2019-05-23 15:34:17 +02:00
ae802a53d8
pkcs11: Do not require the labels on the public objects ( #1710832 )
2019-05-16 15:14:52 +02:00
53c9085316
openssh-8.0p1-2 + 0.10.3-7
2019-05-14 13:45:08 +02:00
f726e51d86
Use OpenSSL KDF
...
Resolves: rhbz#1631761
2019-05-14 13:35:14 +02:00
751cd9acc7
Use OpenSSL high-level API to produce and verify signatures
...
Resolves: rhbz#1707485
2019-05-14 13:32:04 +02:00
6caa973459
Mention crypto-policies in the manual pages instead of the hardcoded defaults
...
Resolves: rhbz#1668325
2019-05-13 14:22:21 +02:00
4feb6a973f
Verify SCP vulnerabilities are fixed in the package testsuite
2019-05-10 14:34:35 +02:00
b33caef080
Drop unused patch
2019-05-07 13:45:34 +02:00
f660e11adc
FIPS: Do not fail if FIPS-unsupported algorithm is provided in configuration or on command line
...
This effectively allows to use some previously denied algorithms
in FIPS mode, but they are not enabled in default hardcoded configuration
and disabled by FIPS crypto policy.
Additionally, there is no guarantee they will work in underlying OpenSSL.
Resolves: rhbz#1625318
2019-05-07 11:57:30 +02:00
ec02bb9685
tests: Make sure the user gets removed after the test
2019-04-29 15:16:44 +02:00
def1debf2e
openssh-8.0p1-1 + 0.10.3-7
...
Resolves rhbz#1701072
2019-04-29 14:12:13 +02:00
f51d092120
Remove unused parts of spec file
2019-03-27 13:20:32 +01:00
cb35953bec
The FIPS_mode() is in different header file
2019-03-21 17:02:28 +01:00
91aa3d4921
openssh-7.9p1-5 + 0.10.3.6
2019-03-12 15:16:35 +01:00
81a703d751
Do not allow negotiation of unknown primes with DG GEX in FIPS mode
2019-03-12 15:16:35 +01:00
c53a1d4e90
Ignore PKCS#11 label if no key is found with it ( #1671262 )
2019-03-12 15:16:35 +01:00
c694548168
Do not segfault when multiple pkcs11 providers is specified
2019-03-12 15:16:35 +01:00
3339efd12d
Do not fallback to sshd_net_t SELinux context
2019-03-12 15:16:35 +01:00
586cf149b5
Reformat SELinux patch
2019-03-11 17:17:49 +01:00
Jakub Jelen
Fedora Release Engineering