Overview Repositories Revisions Requests Users Attributes Meta

Revisions of openssh

Stephan Kulow's avatar Stephan Kulow (coolo) accepted request 677282 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 128) 
- Supplement the openssh and libx11 together to ensure this package
  is installed on machines where there is X stack

- Handle brace expansion in scp when checking that filenames sent
  by the server side match what the client requested [bsc#1125687]
  * openssh-7.9p1-brace-expansion.patch

- Updated security fixes:
  * [bsc#1121816, CVE-2019-6109] Sanitize scp filenames via snmprintf
    and have progressmeter force an update at the beginning and end
    of each transfer. Added patches:
    - openssh-CVE-2019-6109-sanitize-scp-filenames.patch
    - openssh-CVE-2019-6109-force-progressmeter-update.patch
  * [bsc#1121821, CVE-2019-6111] Check in scp client that filenames
    sent during remote->local directory copies satisfy the wildcard
    specified by the user. Added patch:
    - openssh-CVE-2019-6111-scp-client-wildcard.patch
  * Removed openssh-7.9p1-scp-name-validator.patch

- Change the askpass wrapper to not use x11 interface:
  * by default we use the -gnome UI (which is gtk3 only, no gnome dep)
  * if desktop is KDE/LxQt we use ksshaskpass
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 642574 from Tomáš Chvátal's avatar Tomáš Chvátal (scarabeus_iv) (revision 122) 
- Update to 7.8p1:
  * no actual changes for the askpass
- Format with spec-cleaner
- Respect cflags
- Use gtk3 rather than gtk2 which is being phased out

- Remove the mention of the SLE12 in the README.SUSE
- Install firewall rules only when really needed (<SLE15)

- Version update to 7.8p1:
  * For most details see release notes file
  * ssh-keygen(1): write OpenSSH format private keys by default
    instead of using OpenSSL's PEM format
- Rebase patches to apply on 7.8p1 release:
  * openssh-7.7p1-fips.patch
  * openssh-7.7p1-cavstest-kdf.patch
  * openssh-7.7p1-fips_checks.patch
  * openssh-7.7p1-gssapi_key_exchange.patch
  * openssh-7.7p1-audit.patch
  * openssh-7.7p1-openssl_1.1.0.patch
  * openssh-7.7p1-ldap.patch
  * openssh-7.7p1-IPv6_X_forwarding.patch
  * openssh-7.7p1-sftp_print_diagnostic_messages.patch
  * openssh-7.7p1-disable_short_DH_parameters.patch
  * openssh-7.7p1-hostname_changes_when_forwarding_X.patch
  * openssh-7.7p1-pam_check_locks.patch
  * openssh-7.7p1-seed-prng.patch
  * openssh-7.7p1-systemd-notify.patch
  * openssh-7.7p1-X11_trusted_forwarding.patch
- Dropped patches: (forwarded request 642573 from scarabeus_iv)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 611071 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 118) 
- Upgrade to 7.7p1 (bsc#1094068)

- Upgrade to 7.7p1 (bsc#1094068)
  Most important changes (more details below):
  * Drop compatibility support for pre-2001 SSH implementations
  * sshd(1) does not load DSA keys by default
  Distilled upstream log:
  ---- Potentially-incompatible changes
  * ssh(1)/sshd(8): Drop compatibility support for some very old
    SSH implementations, including ssh.com <=2.* and OpenSSH <=
    3.*.  These versions were all released in or before 2001 and
    predate the final SSH RFCs. The support in question isn't
    necessary for RFC-compliant SSH implementations.
  ---- New Features
  * experimental support for PQC XMSS keys (Extended Hash-Based
    Signatures), not compiled in by default.
  * sshd(8): Add a "rdomain" criteria for the sshd_config Match
    keyword to allow conditional configuration that depends on
    which routing domain a connection was received on (currently
    supported on OpenBSD and Linux).
  * sshd_config(5): Add an optional rdomain qualifier to the
    ListenAddress directive to allow listening on different
    routing domains. This is supported only on OpenBSD and Linux
    at present.
  * sshd_config(5): Add RDomain directive to allow the
    authenticated session to be placed in an explicit routing
    domain. This is only supported on OpenBSD at present.
  * sshd(8): Add "expiry-time" option for authorized_keys files
    to allow for expiring keys.
  * ssh(1): Add a BindInterface option to allow binding the (forwarded request 611002 from pcerny)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 603107 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 117) 
- Use TIRPC on suse_version >= 1500: sunrpc is deprecated and
  should be replaced by TIRPC.

This has several effects:
* We get RPC support back... from build log in oS:F/standard:

[   48s] checking rpc/types.h usability... no
[   48s] checking rpc/types.h presence... no
[   48s] checking for rpc/types.h... no

vs this branch:
[   50s] checking rpc/types.h usability... yes
[   50s] checking rpc/types.h presence... yes
[   50s] checking for rpc/types.h... yes

AND as a side-effect, FALSE for ldapbody.c is now defined (not the
  nicest of side-effects, but seems that ldap patch relies on RPC
  headers to be included.

So all in all: this fixes the build failures for openSUSE Tumblewee (forwarded request 602971 from dimstar)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 583081 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 115) 
- add OpenSSL 1.0 to 1.1 shim to remove dependency on old OpenSSL
  (update tracker: bsc#1080779)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 571577 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 114) 
- .spec file cleanup

- upgrade to 7.6p1
  see main package changelog for details

- Add missing crypto hardware enablement patches for IBM mainframes
  (FATE#323902)

- add missing part of systemd integration (unit type) (forwarded request 571576 from pcerny)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 563834 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 112) 
- Replace forgotten references to /var/adm/fillup-templates
  with new %_fillupdir macro (boo#1069468)
- tighten configuration access rights (forwarded request 563833 from pcerny)
Dominique Leuenberger's avatar Dominique Leuenberger (dimstar_suse) accepted request 500282 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 110) 
- require OpenSSL < 1.1 where that one is a default (forwarded request 500281 from pcerny)
Displaying revisions 61 - 80 of 188
openSUSE Build Service is sponsored by
Places