Overview
Request 230190 accepted
- Update of the underlying OpenSSH to 6.6p1
- Remove uneeded dependency on the OpenLDAP server (openldap2)
from openssh-helpers. openssh-helpers just depends on the
openldap client libraries, which will be auto-generated by rpm.
- update to 6.6p1
Security:
* sshd(8): when using environment passing with a sshd_config(5)
AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could
be tricked into accepting any enviornment variable that
contains the characters before the wildcard character.
Features since 6.5p1:
* ssh(1), sshd(8): removal of the J-PAKE authentication code,
which was experimental, never enabled and has been
unmaintained for some time.
* ssh(1): skip 'exec' clauses other clauses predicates failed
to match while processing Match blocks.
* ssh(1): if hostname canonicalisation is enabled and results
in the destination hostname being changed, then re-parse
ssh_config(5) files using the new destination hostname. This
gives 'Host' and 'Match' directives that use the expanded
hostname a chance to be applied.
Bugfixes:
* ssh(1): avoid spurious "getsockname failed: Bad file
descriptor" in ssh -W. bz#2200, debian#738692
* sshd(8): allow the shutdown(2) syscall in seccomp-bpf and
systrace sandbox modes, as it is reachable if the connection
is terminated during the pre-auth phase.
* ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1
Request History
pcerny created request
- Update of the underlying OpenSSH to 6.6p1
- Remove uneeded dependency on the OpenLDAP server (openldap2)
from openssh-helpers. openssh-helpers just depends on the
openldap client libraries, which will be auto-generated by rpm.
- update to 6.6p1
Security:
* sshd(8): when using environment passing with a sshd_config(5)
AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could
be tricked into accepting any enviornment variable that
contains the characters before the wildcard character.
Features since 6.5p1:
* ssh(1), sshd(8): removal of the J-PAKE authentication code,
which was experimental, never enabled and has been
unmaintained for some time.
* ssh(1): skip 'exec' clauses other clauses predicates failed
to match while processing Match blocks.
* ssh(1): if hostname canonicalisation is enabled and results
in the destination hostname being changed, then re-parse
ssh_config(5) files using the new destination hostname. This
gives 'Host' and 'Match' directives that use the expanded
hostname a chance to be applied.
Bugfixes:
* ssh(1): avoid spurious "getsockname failed: Bad file
descriptor" in ssh -W. bz#2200, debian#738692
* sshd(8): allow the shutdown(2) syscall in seccomp-bpf and
systrace sandbox modes, as it is reachable if the connection
is terminated during the pre-auth phase.
* ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1
licensedigger accepted review
{"approve": "version update 6.5p1 -> 6.6p1 covered by ldb"}
factory-auto added a reviewer
Please review sources
factory-auto added a reviewer
Please review build success
factory-auto accepted review
Check script succeeded
factory-auto added a reviewer
Pick Staging Project
factory-repo-checker accepted review
Builds for repo openSUSE_Factory
scarabeus_iv added a reviewer
Being evaluated by staging project "openSUSE:Factory:Staging:B"
scarabeus_iv accepted review
Picked openSUSE:Factory:Staging:B
tittiatcoke accepted review
ok
scarabeus_iv approved review
ready to accept
scarabeus_iv accepted review
ready to accept
scarabeus_factory accepted request
checkin