-
Mon Jun 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-10
- sshd -T requires -C when "Match" is used in sshd_config (#1836277)
-
Wed Jun 02 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-9
- CVE-2020-14145 openssh: Observable Discrepancy leading to an information
leak in the algorithm negotiation (#1882252)
- Hostbased ssh authentication fails if session ID contains a '/' (#1944125)
-
Mon Apr 26 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-8
- ssh doesn't restore the blocking mode on standard output (#1942901)
-
Fri Apr 09 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-7 + 0.10.3-7
- SFTP sort upon the modification time (#1909988)
- ssh-keygen printing fingerprint issue with Windows keys (#1901518)
- PIN is lost when iterating over tokens when adding pkcs11 keys to ssh-agent (#1843372)
- ssh-agent segfaults during ssh-add -s pkcs11 (#1868996)
- ssh-copy-id could not resolve ipv6 address ends with colon (#1933517)
- sshd provides PAM an incorrect error code (#1879503)
-
Tue Mar 16 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-6 + 0.10.3-7
- Openssh client window fix (#1913041)
-
Tue Mar 24 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-5 + 0.10.3-7
- Do not print "no slots" warning by default (#1744220)
- Unbreak connecting using gssapi through proxy commands (#1749862)
- Document in manual pages that CASignatureAlgorithms are handled by crypto policies (#1790604)
- Use SHA2-based signature algorithms by default for signing certificates (#1790610)
- Prevent simple ProxyJump loops in configuration files (#1804099)
- Teach ssh-keyscan to use SHA2 RSA variants (#1744108)
- Do not fail hard if getrandom() is not available and no SSH_USE_STRONG_RNG is specified (#1812120)
- Improve wording of crypto policies references in manual pages (#1812854)
- Do not break X11 forwarding if IPv6 is disabled (#1662189)
- Enable SHA2-based GSSAPI key exchange algorithms by default (#1816226)
- Mark RDomain server configuration option unsupported in RHEL (#1807686)
- Clarify crypto policies defaults in manual pages (#1724195)
- Mention RSA SHA2 variants in ssh-keygen manual page (#1665900)
-
Wed Jan 08 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-4 + 0.10.3-7
- Restore entropy patch for CC certification (#1785655)
-
Tue Jul 23 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-3 + 0.10.3-7
- Fix typos in manual pages (#1668325)
- Use the upstream support for PKCS#8 PEM files alongside with the legacy PEM files (#1712436)
- Unbreak ssh-keygen -A in FIPS mode (#1732424)
- Add missing RSA certificate types to offered hostkey types in FIPS mode (#1732449)
-
Wed Jun 12 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-2 + 0.10.3-7
- Allow specifying a pin-value in PKCS #11 URI in ssh-add (#1639698)
- Whitelist another syscall variant for s390x cryptographic module (ibmca engine) (#1714915)
-
Tue May 14 2019 Jakub Jelen <jjelen@redhat.com> - 8.0p1-1 + 0.10.3-7
- New upstream release (#1691045)
- Remove support for unused VendorPatchLevel configuration option
- Fix kerberos cleanup procedures (#1683295)
- Do not negotiate arbitrary primes with DH GEX in FIPS (#1685096)
- Several GSSAPI key exchange improvements and sync with Debian
- Allow to use labels in PKCS#11 URIs even if they do not match on private key (#1671262)
- Do not fall back to sshd_net_t SELinux context (#1678695)
- Use FIPS compliant high-level signature OpenSSL API and KDF
- Mention crypto-policies in manual pages
- Do not fail if non-FIPS approved algorithm is enabled in FIPS
- Generate the PEM files in new PKCS#8 format without the need of MD5 (#1712436)