rpms/openssh
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
1,061 Commits 32 Branches 239 Tags 9.6 MiB
1cc7c87af2
Commit Graph

1061 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jakub Jelen
1cc7c87af2 Enable SHA2-based GSSAPI key exchange algorithms by default (#1666781) 2020-03-30 16:38:36 +02:00
Jakub Jelen
fbd5f1bee2 Print FIPS mode initialized in debug mode after the configuration is processed 
Amends ee9cb00
 2020-03-30 16:38:36 +02:00
Jakub Jelen
57ba1bd853 Restore gssapi-canohost.patch (#1749862) 
This is useful when connecting through proxyjump in combination with
GSSAPITrustDNS yes, because we can not get remote address of such socket.

https://src.fedoraproject.org/rpms/openssh/blob/f29/f/openssh-6.1p1-gssapi-canohost.patch
 2020-03-30 16:38:36 +02:00
Jakub Jelen
3e611d91bb Simplify references to crypto policies in configuration files (#1812854) 2020-03-30 14:19:17 +02:00
Jakub Jelen
b2417553a2 openssh-8.2p1-2 + 0.10.3-9 2020-02-20 10:34:01 +01:00
Jakub Jelen
82f9421fb4 Build properly with integrated u2f support (#1803948) 2020-02-20 10:32:48 +01:00
Jakub Jelen
51f5c1c99f openssh-8.2p1-1 + 0.10.3-9 2020-02-17 14:34:41 +01:00
Jakub Jelen
ee9cb005b3 Do not write information about FIPS mode to stderr (#1778224) 2020-02-17 14:34:04 +01:00
Jakub Jelen
2b86acd332 Correctly report invalid key permissions (#1801459) 2020-02-17 14:28:10 +01:00
Jakub Jelen
a2cffc6e9b openssh-8.1p1-4 + 0.10.3-8 2020-02-03 00:51:53 +01:00
Jakub Jelen
7f46693182 Unbreak seccomp filter on ARM (#1796267) 2020-02-03 00:50:34 +01:00
Fedora Release Engineering
657d132847 - Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2020-01-29 20:24:49 +00:00
Jakub Jelen
62361a761c openssh-8.1p1-3 + 0.10.3-8 2019-11-27 11:16:26 +01:00
Jakub Jelen
c28decf412 Unbreak the seccomp filter also on ARM (#1777054) 2019-11-27 11:15:00 +01:00
Jakub Jelen
7254607b91 Do not extensively modify sshd_config -- DSA keys are not loaded for some time already 2019-11-19 13:16:28 +01:00
Jakub Jelen
d26b44fe7f openssh-8.1p1-2 + 0.10.3-8 2019-11-14 09:24:36 +01:00
Jakub Jelen
6a2fce44b5 Unbreak seccomp filter with latest glibc (#1771946) 2019-11-14 09:18:41 +01:00
Jakub Jelen
36fef5669a openssh-8.1p1-1 + 0.10.3-8 2019-10-09 10:24:21 +02:00
Jakub Jelen
5eb2d51328 Add missing hostkey certificate algorithms to the FIPS list 2019-07-26 09:27:52 +02:00
Jakub Jelen
d19ba936f2 Do not attempt to generate DSA and ED25519 keys in FIPS mode 2019-07-26 09:27:52 +02:00
Fedora Release Engineering
0ca1614ae2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild 
Signed-off-by: Fedora Release Engineering <releng@fedoraproject.org>
 2019-07-25 23:35:32 +00:00
Jakub Jelen
73b069e926 openssh-8.0p1-8 + 0.10.3-7 2019-07-23 09:50:20 +02:00
Jakub Jelen
5d6a14bd4a Use the upstream version of the PKCS#8 PEM support (#1722285) 2019-07-23 09:49:22 +02:00
Jakub Jelen
30922f629c openssh-8.0p1-7 + 0.10.3-7 2019-07-12 23:23:09 +02:00
Jakub Jelen
358f62be8a As agreed with anaconda team, they will provide a environment file under /etc/sysconfig (#1722928) 
See anaconda pull request for discussion:

https://github.com/rhinstaller/anaconda/pull/2042
 2019-07-12 23:20:56 +02:00
Jakub Jelen
e9bd9a2128 openssh-8.0p1-6 + 0.10.3-7 2019-07-03 16:52:53 +02:00
Jakub Jelen
0b10752bbc Accept environment variable PERMITROOTLOGIN from anaconda drop-in service file (#1722928) 
Anaconda pull request:
https://github.com/rhinstaller/anaconda/pull/2037

Fedora change:
https://fedoraproject.org/wiki/Changes/DisableRootPasswordLoginInSshd
 2019-07-03 14:54:40 +02:00
Jakub Jelen
36a44721c5 openssh-8.0p1-5 + 0.10.3-7 2019-06-26 14:06:48 +02:00
Jakub Jelen
e9a555ffbf Whitelist some annonying errors from rpmlint 2019-06-26 14:06:48 +02:00
Jakub Jelen
58ee5c17a8 Drop INSTALL file from docs as recommended by rpmlint checks 2019-06-26 14:06:48 +02:00
Jakub Jelen
eda4c070da Drop unused unversioned Obsoletes and Provides, which are 5 or 10 years old now 2019-06-26 14:06:48 +02:00
Jakub Jelen
4bd6cfb874 Disable root password logins (#1722928) 2019-06-26 14:06:37 +02:00
Jakub Jelen
fdbd5bc6f9 Fix typos in manual pages related to crypto-policies 2019-06-19 15:56:25 +02:00
Jakub Jelen
3153574729 tests: Make sure the user gets removed and the test pass 2019-06-17 13:31:57 +02:00
Jakub Jelen
dad744a32b openssh-8.0p1-4 + 0.10.3-7 2019-06-17 12:49:59 +02:00
Jakub Jelen
56494b92a4 pkcs11: Allow to specify pin-value also for ssh-add 2019-06-17 12:42:15 +02:00
Jakub Jelen
50e2b60d3f Provide correct signature type for SHA2 certificates in agent 2019-06-17 12:40:12 +02:00
Jakub Jelen
56fdfa2a52 Use the new OpenSSL API to export PEM files to avoid dependency on MD5 2019-05-30 11:29:43 +02:00
Jakub Jelen
f15fbdc5fe Whitelist another syscall variant for s390x cryptographic module (ibmca engine) 2019-05-30 11:28:11 +02:00
Jakub Jelen
66e9887b15 Coverity warnings 2019-05-30 11:27:04 +02:00
Jakub Jelen
7f1ad371a4 openssh-8.0p1-3 + 0.10.3-7 2019-05-27 10:23:08 +02:00
Jakub Jelen
7a14283cba Drop the problematic patch for updating pw structure after authentication 2019-05-23 15:34:17 +02:00
Jakub Jelen
ae802a53d8 pkcs11: Do not require the labels on the public objects (#1710832) 2019-05-16 15:14:52 +02:00
Jakub Jelen
53c9085316 openssh-8.0p1-2 + 0.10.3-7 2019-05-14 13:45:08 +02:00
Jakub Jelen
f726e51d86 Use OpenSSL KDF 
Resolves: rhbz#1631761
 2019-05-14 13:35:14 +02:00
Jakub Jelen
751cd9acc7 Use OpenSSL high-level API to produce and verify signatures 
Resolves: rhbz#1707485
 2019-05-14 13:32:04 +02:00
Jakub Jelen
6caa973459 Mention crypto-policies in the manual pages instead of the hardcoded defaults 
Resolves: rhbz#1668325
 2019-05-13 14:22:21 +02:00
Jakub Jelen
4feb6a973f Verify SCP vulnerabilities are fixed in the package testsuite 2019-05-10 14:34:35 +02:00
Jakub Jelen
b33caef080 Drop unused patch 2019-05-07 13:45:34 +02:00
Jakub Jelen
f660e11adc FIPS: Do not fail if FIPS-unsupported algorithm is provided in configuration or on command line 
This effectively allows to use some previously denied algorithms
in FIPS mode, but they are not enabled in default hardcoded configuration
and disabled by FIPS crypto policy.

Additionally, there is no guarantee they will work in underlying OpenSSL.

Resolves: rhbz#1625318
 2019-05-07 11:57:30 +02:00