9dbec70c9c
Sync FIPS patch with RHEL
2017-06-30 12:18:02 +02:00
eb751fd1d3
In FIPS mode do not append bogus comma after the kex list
2017-04-26 14:26:50 +02:00
17b491b307
openssh-7.5p1-1 + 0.10.3-2
2017-03-20 16:00:16 +01:00
fd58b9eabb
Add new DH kex into the FIPS-allowed list
2017-03-08 14:37:07 +01:00
bdb932c46a
new pam_ssh_agent_auth-0.10.3 release
2017-02-22 14:55:59 +01:00
6cf9b8e61b
rebase to openssh-7.4p1-1
...
* Drop unaccepted (unapplying) coverity patches
* Drop server support for SSH1 (server)
* Workaround #2641 for systemd
* UseLogin is gone
* Drop upstream commit 28652bca
* Tighten seccomp filter (cache credentials before entering sandbox) (#1395288 )
2017-01-03 14:31:20 +01:00
a711d3c82f
openssh-7.3p1-1 + 0.10.2-4
2016-08-04 13:57:21 +02:00
b487a6d746
Move old canohost.h API to shared place, so it can be used by audit and gssapi (states)
2016-08-04 11:00:00 +02:00
5878ebb50e
Most of the coverity patch applied upstream, context changes for rebase
2016-08-04 10:59:59 +02:00
209c7a8aea
Expose more information to PAM
2016-07-18 13:30:51 +02:00
84d3989ec8
Coverity -> FIPS patch
2016-06-03 12:54:03 +02:00
3d2c14680b
Soft-deny socket() syscall in seccomp sandbox ( #1324493 )
...
* Used for ecdh-sha2-nistp* key exchange methods in FIPS mode
2016-04-11 16:14:25 +02:00
0509c6c977
Remove *sha1 Kex in FIPS mode ( #1324493 )
2016-04-11 13:16:52 +02:00
117a730ded
Remove *gcm ciphers in FIPS mode ( #1324493 )
2016-04-11 13:16:44 +02:00
bda184b249
pam_ssh_agent_auth: prevent using MD5 in Fips mode
2016-03-16 09:40:35 +01:00
13bf5bef36
Forgotten rebased FIPS patch
2016-02-29 15:16:45 +01:00
Jakub Jelen