- Updated to 6.1p1, a bugfix release

Features:
 * sshd(8): This release turns on pre-auth sandboxing sshd by default for
   new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
 * ssh-keygen(1): Add options to specify starting line number and number of
   lines to process when screening moduli candidates, allowing processing
   of different parts of a candidate moduli file in parallel
 * sshd(8): The Match directive now supports matching on the local (listen)
   address and port upon which the incoming connection was received via
   LocalAddress and LocalPort clauses.
 * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
   and {Allow,Deny}{Users,Groups}
 * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
 * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
 * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
   an argument to refuse all port-forwarding requests.
 * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
 * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
 * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
   to append some arbitrary text to the server SSH protocol banner.
 Bugfixes:
 * ssh(1)/sshd(8): Don't spin in accept() in situations of file
   descriptor exhaustion. Instead back off for a while.
 * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
   they were removed from the specification. bz#2023,
 * sshd(8): Handle long comments in config files better. bz#2025
 * ssh(1): Delay setting tty_flag so RequestTTY options are correctly
   picked up. bz#1995
 * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
   on platforms that use login_cap.

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=42

openssh-6.0p1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:589d48e952d6c017e667873486b5df63222f9133d417d0002bd6429d9bd882de
-size 1126034

openssh-6.1p1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411
+size 1134820

openssh-askpass-gnome.changes

@@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Tue Nov 13 10:51:12 UTC 2012 - meissner@suse.com
+
+- Updated to 6.1p1, a bugfix release
+  Features:
+ * sshd(8): This release turns on pre-auth sandboxing sshd by default for
+   new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
+ * ssh-keygen(1): Add options to specify starting line number and number of
+   lines to process when screening moduli candidates, allowing processing
+   of different parts of a candidate moduli file in parallel
+ * sshd(8): The Match directive now supports matching on the local (listen)
+   address and port upon which the incoming connection was received via
+   LocalAddress and LocalPort clauses.
+ * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
+   and {Allow,Deny}{Users,Groups}
+ * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
+ * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
+ * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
+   an argument to refuse all port-forwarding requests.
+ * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
+ * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
+ * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
+   to append some arbitrary text to the server SSH protocol banner.
+ Bugfixes:
+ * ssh(1)/sshd(8): Don't spin in accept() in situations of file
+   descriptor exhaustion. Instead back off for a while.
+ * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
+   they were removed from the specification. bz#2023,
+ * sshd(8): Handle long comments in config files better. bz#2025
+ * ssh(1): Delay setting tty_flag so RequestTTY options are correctly
+   picked up. bz#1995
+ * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
+   on platforms that use login_cap.
+ Portable OpenSSH:
+ * sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit
+   sandbox from the Linux SECCOMP filter sandbox when the latter is
+   not available in the kernel.
+ * ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to
+   retrieve a CNAME SSHFP record.
+ * Fix cross-compilation problems related to pkg-config. bz#1996
+
 -------------------------------------------------------------------
 Wed Jun 27 09:51:19 UTC 2012 - coolo@suse.com
 

openssh-askpass-gnome.spec

@@ -26,7 +26,7 @@ BuildRequires:  openssl-devel
 BuildRequires:  pam-devel
 BuildRequires:  tcpd-devel
 BuildRequires:  update-desktop-files
-Version:        6.0p1
+Version:        6.1p1
 Release:        0
 Requires:       openssh = %{version}
 Summary:        A GNOME-Based Passphrase Dialog for OpenSSH

openssh.changes

@@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Tue Nov 13 10:26:37 UTC 2012 - meissner@suse.com
+
+- Updated to 6.1p1, a bugfix release
+  Features:
+ * sshd(8): This release turns on pre-auth sandboxing sshd by default for
+   new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
+ * ssh-keygen(1): Add options to specify starting line number and number of
+   lines to process when screening moduli candidates, allowing processing
+   of different parts of a candidate moduli file in parallel
+ * sshd(8): The Match directive now supports matching on the local (listen)
+   address and port upon which the incoming connection was received via
+   LocalAddress and LocalPort clauses.
+ * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
+   and {Allow,Deny}{Users,Groups}
+ * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
+ * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
+ * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
+   an argument to refuse all port-forwarding requests.
+ * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
+ * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
+ * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
+   to append some arbitrary text to the server SSH protocol banner.
+ Bugfixes:
+ * ssh(1)/sshd(8): Don't spin in accept() in situations of file
+   descriptor exhaustion. Instead back off for a while.
+ * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
+   they were removed from the specification. bz#2023,
+ * sshd(8): Handle long comments in config files better. bz#2025
+ * ssh(1): Delay setting tty_flag so RequestTTY options are correctly
+   picked up. bz#1995
+ * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
+   on platforms that use login_cap.
+ Portable OpenSSH:
+ * sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit
+   sandbox from the Linux SECCOMP filter sandbox when the latter is
+   not available in the kernel.
+ * ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to
+   retrieve a CNAME SSHFP record.
+ * Fix cross-compilation problems related to pkg-config. bz#1996
+
 -------------------------------------------------------------------
 Tue Nov 13 10:26:16 CET 2012 - kukuk@suse.de
 

openssh.spec

@@ -33,7 +33,7 @@ BuildRequires:  tcpd-devel
 Requires:       /bin/netstat
 PreReq:         pwdutils %{insserv_prereq} %{fillup_prereq} coreutils
 Conflicts:      nonfreessh
-Version:        6.0p1
+Version:        6.1p1
 Release:        0
 %define xversion 1.2.4.1
 Summary:        Secure Shell Client and Server (Remote Login Program)