openSUSE Build Service

Vítězslav Čížek (vitezslav_cizek) accepted request 689347 from

Vítězslav Čížek (vitezslav_cizek) about 5 years ago (revision 187)

- Fix a double free() in the KDF CAVS testing tool (bsc#1065237)
  * modify openssh-7.7p1-cavstest-kdf.patch

buildservice-autocommit accepted request 684354 from

Vítězslav Čížek (vitezslav_cizek) about 5 years ago (revision 186)

baserev update by copy to link target

Vítězslav Čížek (vitezslav_cizek) accepted request 684353 from

Vítězslav Čížek (vitezslav_cizek) about 5 years ago (revision 185)

- Minor clean-up of the fips patches, modified
  openssh-7.7p1-fips.patch
  openssh-7.7p1-fips_checks.patch

Vítězslav Čížek (vitezslav_cizek) accepted request 684224 from

Vítězslav Čížek (vitezslav_cizek) about 5 years ago (revision 184)

- Fix two race conditions in sshd relating to SIGHUP (bsc#1119183)
  * 0001-upstream-Fix-two-race-conditions-in-sshd-relating-to.patch

buildservice-autocommit accepted request 680205 from

Tomáš Chvátal (scarabeus_iv) about 5 years ago (revision 183)

baserev update by copy to link target

Tomáš Chvátal (scarabeus_iv) accepted request 680202 from

Vítězslav Čížek (vitezslav_cizek) about 5 years ago (revision 182)

- Correctly filter out non-compliant algorithms when in FIPS mode
  (bsc#1126397)
  * A hunk was applied to a wrong place due to a patch fuzz when
    the fips patch was being ported to openssh 7.9p1
- update openssh-7.7p1-fips.patch

Tomáš Chvátal (scarabeus_iv) accepted request 679869 from

Vítězslav Čížek (vitezslav_cizek) about 5 years ago (revision 181)

- Remove the "KexDHMin" config keyword (bsc#1127180)
  It used to allow lowering of the minimal allowed DH group size,
  which was increased to 2048 by upstream in the light of the Logjam
  attack.
  The code was broken since the upgrade to 7.6p1, but nobody noticed.
  As apparently no one needs the functionality any more, let's drop
  the patch.
  It's still possible to use the fixed 1024-bit diffie-hellman-group1-sha1
  key exchange method when working with legacy systems.
- drop openssh-7.7p1-disable_short_DH_parameters.patch
- updated patches:
  openssh-7.7p1-fips.patch
  openssh-7.7p1-fips_checks.patch
  openssh-7.7p1-gssapi_key_exchange.patch

buildservice-autocommit accepted request 677282 from

Tomáš Chvátal (scarabeus_iv) about 5 years ago (revision 180)

baserev update by copy to link target

Tomáš Chvátal (scarabeus_iv) committed over 5 years ago (revision 179)

  * openssh-7.9p1-brace-expansion.patch

Tomáš Chvátal (scarabeus_iv) accepted request 677200 from

Pedro Monreal Gonzalez (pmonrealgonzalez) over 5 years ago (revision 178)

- Handle brace expansion in scp when checking that filenames sent
  by the server side match what the client requested [bsc#1125687]

Tomáš Chvátal (scarabeus_iv) accepted request 676348 from

Pedro Monreal Gonzalez (pmonrealgonzalez) over 5 years ago (revision 177)

- Updated security fixes:
  * [bsc#1121816, CVE-2019-6109] Sanitize scp filenames via snmprintf
    and have progressmeter force an update at the beginning and end
    of each transfer. Added patches:
    - openssh-CVE-2019-6109-sanitize-scp-filenames.patch
    - openssh-CVE-2019-6109-force-progressmeter-update.patch
  * [bsc#1121821, CVE-2019-6111] Check in scp client that filenames
    sent during remote->local directory copies satisfy the wildcard
    specified by the user. Added patch:
    - openssh-CVE-2019-6111-scp-client-wildcard.patch
  * Removed openssh-7.9p1-scp-name-validator.patch

Tomáš Chvátal (scarabeus_iv) committed over 5 years ago (revision 176)

- Supplement the openssh and libx11 together to ensure this package
  is installed on machines where there is X stack

Tomáš Chvátal (scarabeus_iv) committed over 5 years ago (revision 175)

- Change the askpass wrapper to not use x11 interface:
  * by default we use the -gnome UI (which is gtk3 only, no gnome dep)
  * if desktop is KDE/LxQt we use ksshaskpass

buildservice-autocommit accepted request 669023 from

Tomáš Chvátal (scarabeus_iv) over 5 years ago (revision 174)

baserev update by copy to link target

Tomáš Chvátal (scarabeus_iv) accepted request 669019 from

Pedro Monreal Gonzalez (pmonrealgonzalez) over 5 years ago (revision 173)

- Remove old conditionals

  * Mention the change in README.SUSE

Tomáš Chvátal (scarabeus_iv) accepted request 668656 from

Pedro Monreal Gonzalez (pmonrealgonzalez) over 5 years ago (revision 172)

- Move ssh-ldap* man pages into openssh-helpers [bsc#1051531]

- Allow root login by default [bsc#1118114, bsc#1121196]
  * Added/updated previous patch openssh-7.7p1-allow_root_password_login.patch

- Added SLE conditionals in the spec files:
  * Keep gtk2-devel in openssh-askpass-gnome in SLE
  * Keep krb5-mini-devel in SLE
- Removed obsolete configure options:
  * SSH protocol 1 --with-ssh1
  * Smart card --with-opensc
- Cleaned spec file with spec-cleaner

buildservice-autocommit accepted request 666632 from

Tomáš Chvátal (scarabeus_iv) over 5 years ago (revision 171)

baserev update by copy to link target

Tomáš Chvátal (scarabeus_iv) accepted request 666511 from

Pedro Monreal Gonzalez (pmonrealgonzalez) over 5 years ago (revision 170)

- Security fix:
  * [bsc#1121816, CVE-2019-6109] scp client spoofing via object name
  * [bsc#1121818, CVE-2019-6110] scp client spoofing via stderr
  * [bsc#1121821, CVE-2019-6111] scp client missing received object
    name validation
  * Added patch openssh-7.9p1-scp-name-validator.patch

Tomáš Chvátal (scarabeus_iv) accepted request 664725 from

Pedro Monreal Gonzalez (pmonrealgonzalez) over 5 years ago (revision 169)

- Security fix: [bsc#1121571, CVE-2018-20685]
  * The scp client allows remote SSH servers to bypass intended
    access restrictions
  * Added patch openssh-7.9p1-CVE-2018-20685.patch

buildservice-autocommit accepted request 662751 from

Tomáš Chvátal (scarabeus_iv) over 5 years ago (revision 168)

baserev update by copy to link target

Places

Revisions of openssh

Places