a security release) are expected to use SFTP protocol by
default. This behavior (SFTP as a default transfer protocol for scp
utility) is backported to rawhide.
The same approach is planned for RHEL 9 GA,
Please let me know if you have any questions/problems.
Many thanks in advance!
--
Dmitry
Dear Richard,
On Mon, Oct 4, 2021 at 10:23 AM Richard W.M. Jones
wrote:
> On Wed, Sep 29, 2021 at 04:48:43PM +0200, Dmitry Belyavskiy wrote:
> > Dear colleagues,
> >
> > I recently added OpenSSH 8.7p1 to rawhide.
> > This version includes implementation of th
gain
> higher than in Fedora.
>
> --
> Miro Hrončok
> --
> Phone: +420777974800
> IRC: mhroncok
>
>
--
Dmitry Belyavskiy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.f
wrote:
> On Wed, Mar 16, 2022 at 10:04 AM Dmitry Belyavskiy
> wrote:
> >
> > Dear Peter, dear Miro,
> >
> > The immediate reason for the lack of update of OpenSSL in Fedora was a
> problem with kTLS in avmv7.
> > We tried to get some feedback but didn't
project.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
--
Dmitry Belyavskiy
__
n in an update of a stable Fedora release. So I do
> not think we need to enable it proactively.
>
> Being from Russia and having several years of interacting with Universal
Acceptance, I'd say IDN is a must nowadays.
--
Dmitry Belyavskiy
_
On Thu, Jan 20, 2022 at 6:49 PM Richard W.M. Jones
wrote:
> On Wed, Jan 19, 2022 at 01:30:54PM +0100, Dmitry Belyavskiy wrote:
> > On Wed, Jan 19, 2022 at 1:24 PM Sahana Prasad wrote:
> >
> > Hello everyone,
> >
> > Could anyone kindly help wi
hives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
--
Dmitry Belyavskiy
___
devel mailing list -- deve
Dear Peter,
On Mon, Oct 16, 2023 at 1:43 PM Peter Robinson wrote:
>
> On Mon, Oct 16, 2023 at 10:05 AM Dmitry Belyavskiy
> wrote:
> >
> > On Mon, Oct 16, 2023 at 10:21 AM Petr Pisar wrote:
> > >
> > > V Mon, Oct 16, 2023 at 08:55:12AM +0200,
Dear Miro,
On Tue, Oct 17, 2023 at 10:33 PM Miro Hrončok wrote:
>
> On 16. 10. 23 14:19, Dmitry Belyavskiy wrote:
> >> Why is it too late for F-40? Do you mean F-39?
> >
> > Thanks!
> > https://fedoraproject.org/wiki/Changes/RemoveOpensslCompat
>
> Could
n impact of the
> removal are these 3 components:
>
> gloo-0.5.0^git20230824.01a0c81-6.fc40.src.rpm
> opensmtpd-6.8.0p2-12.fc39.src.rpm
> python3.6-3.6.15-20.fc39.src.rpm
I'm afraid it's too late for removing the compat package in F40. If
not, I can raise the change proposal, otherwi
an sshd server, configured using socket
activation can cause the socket to be disabled permanently
("sshd.socket: Trigger limit hit, refusing further activation.").
On Mon, Aug 7, 2023 at 11:48 AM Lennart Poettering wrote:
>
> On Do, 03.08.23 11:29, Dmitry Belyavskiy (dbel
ist Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
--
Dmitry Belyavskiy
___
devel mailing list -- devel@lists.
ystem-wide proposals deadline?
Many thanks in advance!
--
Dmitry Belyavskiy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-
ct.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
--
Dmitry Belyavskiy
_
Dear Miro,
On Wed, Jun 29, 2022 at 5:27 PM Miro Hrončok wrote:
> On 29. 06. 22 17:11, Dmitry Belyavskiy wrote:
> > Dear colleagues,
> >
> > If I correctly follow the discussion, the biggest show-stopper is Python
> 2.*,
> > which has some incomplete patches to
ovide
strong enough motivation to get rid of the deprecating packages.
--
Dmitry Belyavskiy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fe
/cpython-2.7/Lib/ssl.py", line 828, in do_handshake
> self._sslobj.do_handshake()
> SSLError: [SSL: TLSV1_ALERT_INTERNAL_ERROR] tlsv1 alert internal error
> (_ssl.c:727)
>
> ==
> ERROR: test_starttls (test.te
On Fri, Jun 24, 2022 at 11:20 AM Daniel P. Berrangé
wrote:
> On Fri, Jun 24, 2022 at 11:13:13AM +0200, Dmitry Belyavskiy wrote:
> > On Wed, Jun 22, 2022 at 11:02 PM Miro Hrončok
> wrote:
> >
> > > On 22. 06. 22 21:05, Vipul Siddharth wrote:
> > > > We ar
rchives/list/devel@lists.fedoraproject.org
> Do not reply to spam on the list, report it:
> https://pagure.io/fedora-infrastructure
>
--
Dmitry Belyavskiy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to deve
in a similar
way as it is done in RHEL.
--
Dmitry Belyavskiy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project
e note rebasing to 3.0.7 or generally updating
> in Fedora with 3.x? It looks like 3.0.6 had CVE-2022-3358 which hasn't
> been addressed because we're still on .5
>
Applying a separate patch takes several minutes, and rebasing is some
process, usually much longer.
The rebase is going to ha
Dear colleagues,
I've just pushed the updates for OpenSSL fixing 2 CVEs evaluated as HIGH.
Could you please check the freshly pushed builds to get necessary karma
ASAP?
Many thanks!
--
Dmitry Belyavskiy
___
devel mailing list -- devel
PKCS#1 v1.5 decryption. This is a general protection against
issues like CVE-2020-25659 and CVE-2020-25657. This protection can be
disabled by calling
`EVP_PKEY_CTX_ctrl_str(ctx, "rsa_pkcs1_implicit_rejection". "0")`
in the RSA decryption context.
-
Dear Daniel,
Thanks for your feedback!
On Wed, Dec 7, 2022 at 2:55 PM Daniel P. Berrangé
wrote:
> On Wed, Dec 07, 2022 at 01:48:48PM +0100, Dmitry Belyavskiy wrote:
> > The problem we expect is that after reverting the patch we can lose the
> > remote access to the hos
On Thu, Dec 8, 2022 at 3:51 PM Daniel P. Berrangé
wrote:
> On Thu, Dec 08, 2022 at 03:41:32PM +0100, Dmitry Belyavskiy wrote:
> > Dear Daniel,
> > Thanks for your feedback!
> >
> > On Wed, Dec 7, 2022 at 2:55 PM Daniel P. Berrangé
> > wrote:
> >
> &g
://src.fedoraproject.org/rpms/openssh/pull-request/37
A separate question is whether we want to publish this announcement as a
Fedora change and at what level. For me it looks like a self-contained
change.
--
Dmitry Belyavskiy
___
devel mailing list
Which is better to fix the gdb or openldap?
>
> Jun
>
> On Mon, Mar 27, 2023 at 5:45 PM Dmitry Belyavskiy wrote:
> >
> > Dear Jan,
> >
> > Yes. gdb expects system openssl (providing this function)
> >
> > To workaround it, you have to provide the LD_SET_
aproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not
Dear Paul
On Thu, Feb 9, 2023 at 6:56 PM Paul Wouters wrote:
>
> On Thu, 9 Feb 2023, Dmitry Belyavskiy wrote:
>
> > I've just pushed updates of OpenSSL to the 3.0.8 version to f36/37.
> > I will also push to f38 and rawhide later today.
>
> Why is f36/f37 the
be rolled up earlier.
Many thanks in advance!
--
Dmitry Belyavskiy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project
Alexandre Salim
wrote:
>
> Hi Dmitry,
>
> On Thu, 2023-02-09 at 18:02 +0100, Dmitry Belyavskiy wrote:
> > Dear colleagues,
> >
> > I've just pushed updates of OpenSSL to the 3.0.8 version to f36/37.
> > I will also push to f38 and rawhide later today.
> >
/40b01fdbb270f8614fde30e65d30e9da18c02393/src/common/rand/rand_nist.c#L1-L15
What is the proper line for the spec file and what are my next steps
to evaluate the licenses, if necessary?
Many thanks in advance!
--
Dmitry Belyavskiy
___
devel mailing list
Dear Michel,
On Fri, Feb 10, 2023 at 7:06 PM Michel Alexandre Salim
wrote:
>
> Dear Dmitry,
>
> On Fri, 2023-02-10 at 09:55 +0100, Dmitry Belyavskiy wrote:
> > Dear Michel,
> >
> > In RHEL/CentOS we currently provide a double versioning for
> > OPENSS
or at least raise bugs upstream.
We also expect that there are both applications and protocol
specifications that are not capable of dealing with the keys that are
neither RSA nor EC/EdDDSA and also would like the issues to be raised.
--
Dmitry Belyavskiy
Dear Chris,
On Fri, Jun 2, 2023 at 4:42 PM Chris Adams wrote:
>
> Once upon a time, Dmitry Belyavskiy said:
> > I maintain OpenSSH that has a lot of heavy-interfering downstream
> > patches. I’d like to reduce the burden of rebase by combining some of
> > them.
>
&g
Dear Daniel,
On Fri, Jun 2, 2023 at 4:57 PM Daniel P. Berrangé wrote:
>
> On Fri, Jun 02, 2023 at 04:27:37PM +0200, Dmitry Belyavskiy wrote:
> > Dear colleagues,
> >
> > I maintain OpenSSH that has a lot of heavy-interfering downstream
> > patches. I’d like
?
I’m aware of quilt and git-absorb but it looks like they don’t help me much.
Many thanks!
--
Dmitry Belyavskiy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code
.
--
Dmitry Belyavskiy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https
elines
> List Archives:
> https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
--
Dmitry Belyavskiy
___
de
choice.
Any advice would be appreciated!
--
Dmitry Belyavskiy
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project
Dear Peter,
On Mon, May 15, 2023 at 1:06 PM Peter Robinson wrote:
>
> On Mon, May 15, 2023 at 11:39 AM Dmitry Belyavskiy
> wrote:
> >
> > Dear colleagues,
> >
> > What is the simplest way to get a rawhide i686 VM? I came across a
> > nasty architecture-s
taskID=113198856
>
> The tests pass locally in mock with openssl 3.1.4.
I can imagine the situation where upgrading to 3.2 could cause this failure
but the logs are too vague.
Could you please provide more details (e.g. openssl low-level diagnostics)
or even better a minimal repro
Dear Jun,
On Thu, Mar 21, 2024 at 11:04 AM Jun Aruga (he / him)
wrote:
> On Wed, Mar 20, 2024 at 2:36 PM Dmitry Belyavskiy
> wrote:
> >
> ...
> >> > == Detailed Description ==
> >> > We are going to build OpenSSL without engine support.
Dear Jun,
On Thu, Mar 21, 2024 at 2:29 PM Jun Aruga (he / him)
wrote:
> On Thu, Mar 21, 2024 at 12:16 PM Dmitry Belyavskiy
> wrote:
> >
> > Dear Jun,
> >
> >
> >
> > On Thu, Mar 21, 2024 at 11:04 AM Jun Aruga (he / him)
> wrote:
> >>
Dear Zbyszek,
On Thu, Mar 21, 2024 at 12:41 PM Zbigniew Jędrzejewski-Szmek <
zbys...@in.waw.pl> wrote:
> On Thu, Mar 21, 2024 at 12:15:43PM +0100, Dmitry Belyavskiy wrote:
>
> > > Hi Dmitry,
> > > Could you provide the upstream OpenSSL project's issue ticket(s)
>
> > == Summary ==
> > We disable support of engines in OpenSSL
> >
> > == Owner ==
> > * Name: [[User:Dbelyavs| Dmitry Belyavskiy]]
> > * Email: dbely...@redhat.com
> >
> > == Detailed Description ==
> > We are going to build OpenSSL wi
= Summary ==
> > We disable support of engines in OpenSSL
> >
> > == Owner ==
> > * Name: [[User:Dbelyavs| Dmitry Belyavskiy]]
> > * Email: dbely...@redhat.com
> >
> > == Detailed Description ==
> > We are going to build OpenSSL without engine support.
Dear Fabio,
On Wed, Mar 20, 2024 at 3:18 PM Fabio Valentini
wrote:
> On Wed, Mar 20, 2024 at 3:06 PM Daniel P. Berrangé
> wrote:
> >
> > On Wed, Mar 20, 2024 at 02:35:21PM +0100, Dmitry Belyavskiy wrote:
>
> (...)
>
> > > As I understand, upstream is goi
Dear Daniel,
On Wed, Mar 20, 2024 at 3:06 PM Daniel P. Berrangé
wrote:
> On Wed, Mar 20, 2024 at 02:35:21PM +0100, Dmitry Belyavskiy wrote:
> > Dear Daniel,
> >
> > On Wed, Mar 20, 2024 at 1:44 PM Daniel P. Berrangé
> > wrote:
> >
> > > On Fri, Mar 0
raproject.org
> To unsubscribe send an email to devel-le...@lists.fedoraproject.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https:/
is completely wrong. Having, say, a 30+ downstream patches
and declining to run upstream tests is the most effective way to break a
gazillion use-cases.
But the fuzzing tests look quite dangerous to me here and now. No one can
review a corpse of binary files :(
--
Dmitry Belyavskiy
of the other available approaches. Arch Linux is also systemd-based
> nowadays, but still does not link OpenSSH against libsystemd.
We have an upstream-adjusted version of this patch, see
https://bugzilla.mindrot.org/show_bug.cgi?id=2641
I'm OK to bring the updated version of th
Dear Zbyszek,
Thanks, I updated the Wiki page correspondingly.
On Wed, Apr 3, 2024 at 5:56 PM Zbigniew Jędrzejewski-Szmek <
zbys...@in.waw.pl> wrote:
> [Replying to two mails at once to conserve some electrons.]
>
> On Tue, Apr 02, 2024 at 04:03:31PM +0200, Dmitry Belyavskiy wr
reventing "providers" from working in all use cases in which
> "engines" work) is NOT reasonable.
>
You are 100% correct. That's why disabling this API is not on the table for
now anymore.
--
Dmitry Belyavskiy
--
___
devel mai
aware of any Yubikey issues, BTW.
Third-party engines may be a problem but as we don't break ABI, it's not a
problem of the moment.
--
Dmitry Belyavskiy
--
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to deve
Dear Gary,
On Tue, Apr 2, 2024 at 5:39 PM Gary Buhrmaster
wrote:
> On Tue, Apr 2, 2024 at 3:12 PM Dmitry Belyavskiy
> wrote:
>
> > Third-party engines may be a problem but as we don't break ABI, it's not
> a problem of the moment.
>
> The fact you are re
penssl-engine-devel, mark it as Provides: deprecated().
> Existing packages which need the engine headers can adjust to use the
> new header and new packages are prevented by the Packaging Guidelines
> from adding a dependency on deprecated packages.
>
Thanks! I like this idea and can
58 matches
Mail list logo