openSUSE Build Service

Overview Repositories Revisions Requests Users Attributes Meta

Revisions of openssh

Stephan Kulow (coolo) accepted request 234675 from

Petr Cerny (pcerny) almost 10 years ago (revision 97)

- Remove tcpwrappers support now, This feature was removed
  in upstream code at the end of April and the underlying
  libraries are abandonware.
  See: http://comments.gmane.org/gmane.linux.suse.general/348119 (forwarded request 234473 from elvigia)

Stephan Kulow (coolo) accepted request 231428 from

Petr Cerny (pcerny) about 10 years ago (revision 96)

- curve25519 key exchange fix (-curve25519-6.6.1p1.patch)
- patch re-ordering (-audit3-key_auth_usage-fips.patch,
    -audit4-kex_results-fips.patch) (forwarded request 231427 from pcerny)

Tomáš Chvátal (scarabeus_factory) accepted request 230190 from

Petr Cerny (pcerny) about 10 years ago (revision 95)

- Update of the underlying OpenSSH to 6.6p1

- Remove uneeded dependency on the OpenLDAP server (openldap2)
  from openssh-helpers. openssh-helpers just depends on the 
  openldap client libraries, which will be auto-generated by rpm.

- update to 6.6p1
  Security:
  * sshd(8): when using environment passing with a sshd_config(5)
    AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could
    be tricked into accepting any enviornment variable that
    contains the characters before the wildcard character.
  Features since 6.5p1:
  * ssh(1), sshd(8): removal of the J-PAKE authentication code,
    which was experimental, never enabled and has been
    unmaintained for some time.
  * ssh(1): skip 'exec' clauses other clauses predicates failed
    to match while processing Match blocks.
  * ssh(1): if hostname canonicalisation is enabled and results
    in the destination hostname being changed, then re-parse
    ssh_config(5) files using the new destination hostname. This
    gives 'Host' and 'Match' directives that use the expanded
    hostname a chance to be applied.
  Bugfixes:
  * ssh(1): avoid spurious "getsockname failed: Bad file
    descriptor" in ssh -W. bz#2200, debian#738692
  * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and
    systrace sandbox modes, as it is reachable if the connection
    is terminated during the pre-auth phase.
  * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1

Stephan Kulow (coolo) accepted request 227709 from

Marcus Meissner (msmeissn) about 10 years ago (revision 94)

- Update openssh-6.5p1-audit4-kex_results.patch to ensure that
  we don't pass a NULL string to buffer_put_cstring. This happens
  when you have "Ciphers chacha20-poly1305@openssh.com" directive. (forwarded request 227423 from namtrac)

Stephan Kulow (coolo) accepted request 226335 from

Petr Cerny (pcerny) about 10 years ago (revision 93)

- re-enabling the GSSAPI Key Exchange patch 
!!! currently breaks anythng else than Factory (forwarded request 226334 from pcerny)

Stephan Kulow (coolo) accepted request 224303 from

Petr Cerny (pcerny) about 10 years ago (revision 92)

- re-enabling FIPS-enablement patch
- enable X11 forwarding when IPv6 is present but disabled on server
  (bnc#712683, FATE#31503; -X_forward_with_disabled_ipv6.patch) (forwarded request 224302 from pcerny)

Stephan Kulow (coolo) accepted request 223064 from

Marcus Meissner (msmeissn) about 10 years ago (revision 91)

- openssh-6.5p1-seccomp_getuid.patch: re-enabling the seccomp sandbox
  (allowing use of the getuid syscall) (bnc#864171)

Stephan Kulow (coolo) accepted request 222366 from

Petr Cerny (pcerny) over 10 years ago (revision 90)

- Update of the underlying OpenSSH to 6.5p1

- Update to 6.5p1
  Features since 6.4p1:
  * ssh(1), sshd(8): support for key exchange using ECDH in
    Daniel Bernstein's Curve25519; default when both the client
    and server support it.
  * ssh(1), sshd(8): support for Ed25519 as a public key type fo
    rboth server and client.  Ed25519 is an EC signature offering
    better security than ECDSA and DSA and good performance.
  * Add a new private key format that uses a bcrypt KDF to better
    protect keys at rest. Used unconditionally for Ed25519 keys,
    on demand for other key types via the -o ssh-keygen(1)
    option.  Intended to become default in the near future.
    Details documented in PROTOCOL.key.
  * ssh(1), sshd(8): new transport cipher
    "chacha20-poly1305@openssh.com" combining Daniel Bernstein's
    ChaCha20 stream cipher and Poly1305 MAC to build an
    authenticated encryption mode. Details documented
    PROTOCOL.chacha20poly1305.
  * ssh(1), sshd(8): refuse RSA keys from old proprietary clients
    and servers that use the obsolete RSA+MD5 signature scheme.
    It will still be possible to connect with these
    clients/servers but only DSA keys will be accepted, and
    OpenSSH will refuse connection entirely in a future release.
  * ssh(1), sshd(8): refuse old proprietary clients and servers
    that use a weaker key exchange hash calculation.
  * ssh(1): increase the size of the Diffie-Hellman groups
    requested for each symmetric key size. New values from NIST
    Special Publication 800-57 with the upper limit specified by (forwarded request 222365 from pcerny)

Adrian Schröter (adrianSuSE) committed over 10 years ago (revision 89)

Split 13.1 from Factory

Stephan Kulow (coolo) accepted request 198435 from

Sascha Peilicke (saschpe) over 10 years ago (revision 88)

- fix the logic in openssh-nodaemon-nopid.patch which is broken
  and pid_file therefore still being created. (forwarded request 198380 from elvigia)

Stephan Kulow (coolo) accepted request 185890 from

Marcus Meissner (msmeissn) almost 11 years ago (revision 87)

- Update for 6.2p2 

- Update to version 6.2p2 
* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption
* ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes
* ssh(1)/sshd(8): Added support for the UMAC-128 MAC
* sshd(8): Added support for multiple required authentication
* sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists
* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
  now immediately sends its SSH protocol banner to the server without
  waiting to receive the server's banner, saving time when connecting.
* dozens of other changes, see http://www.openssh.org/txt/release-6.2 (forwarded request 185789 from elvigia)

Stephan Kulow (coolo) accepted request 181731 from

Marcus Meissner (msmeissn) almost 11 years ago (revision 86)

- avoid the build cycle between curl, krb5, libssh2_org and openssh
  by using krb5-mini-devel (forwarded request 181706 from coolo)

Stephan Kulow (coolo) accepted request 180225 from

Marcus Meissner (msmeissn) almost 11 years ago (revision 85)

- Recommend xauth, X11-forwarding won't work if it is not installed

- sshd.service: Do not order after syslog.target, it is 
 not required or recommended and that target does not even exist
 anymore.

Adrian Schröter (adrianSuSE) committed over 11 years ago (revision 84)

Split 12.3 from Factory

Stephan Kulow (coolo) accepted request 147498 from

Petr Cerny (pcerny) over 11 years ago (revision 83)

- use ssh-keygen(1) default keylengths in generating the host key
  instead of hardcoding it (forwarded request 147497 from dirkmueller)

Stephan Kulow (coolo) accepted request 141129 from

Marcus Meissner (msmeissn) over 11 years ago (revision 82)

- Updated to 6.1p1, a bugfix release
  Features:
 * sshd(8): This release turns on pre-auth sandboxing sshd by default for
   new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
 * ssh-keygen(1): Add options to specify starting line number and number of
   lines to process when screening moduli candidates, allowing processing
   of different parts of a candidate moduli file in parallel
 * sshd(8): The Match directive now supports matching on the local (listen)
   address and port upon which the incoming connection was received via
   LocalAddress and LocalPort clauses.
 * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
   and {Allow,Deny}{Users,Groups}
 * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
 * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
 * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
   an argument to refuse all port-forwarding requests.
 * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
 * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
 * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
   to append some arbitrary text to the server SSH protocol banner.
 Bugfixes:
 * ssh(1)/sshd(8): Don't spin in accept() in situations of file
   descriptor exhaustion. Instead back off for a while.
 * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
   they were removed from the specification. bz#2023,
 * sshd(8): Handle long comments in config files better. bz#2025
 * ssh(1): Delay setting tty_flag so RequestTTY options are correctly
   picked up. bz#1995
 * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
   on platforms that use login_cap.

Stephan Kulow (coolo) accepted request 139516 from

Marcus Meissner (msmeissn) over 11 years ago (revision 81)

- explicit buildrequire groff, needed for man pages (forwarded request 139460 from coolo)

Stephan Kulow (coolo) accepted request 139103 from

Factory Maintainer (factory-maintainer) over 11 years ago (revision 80)

Automatic submission by obs-autosubmit

Stephan Kulow (coolo) accepted request 134088 from

Factory Maintainer (factory-maintainer) over 11 years ago (revision 79)

Automatic submission by obs-autosubmit

Stephan Kulow (coolo) accepted request 126287 from

Marcus Meissner (msmeissn) almost 12 years ago (revision 78)

- the gnome askpass does not require the x11 askpass - especially not
  in the version of openssh (it's at 1.X) (forwarded request 126286 from coolo)

Displaying revisions 81 - 100 of 177

Places

Revisions of openssh

Places