Accepting request 611071 from network
- Upgrade to 7.7p1 (bsc#1094068) - Upgrade to 7.7p1 (bsc#1094068) Most important changes (more details below): * Drop compatibility support for pre-2001 SSH implementations * sshd(1) does not load DSA keys by default Distilled upstream log: ---- Potentially-incompatible changes * ssh(1)/sshd(8): Drop compatibility support for some very old SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The support in question isn't necessary for RFC-compliant SSH implementations. ---- New Features * experimental support for PQC XMSS keys (Extended Hash-Based Signatures), not compiled in by default. * sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword to allow conditional configuration that depends on which routing domain a connection was received on (currently supported on OpenBSD and Linux). * sshd_config(5): Add an optional rdomain qualifier to the ListenAddress directive to allow listening on different routing domains. This is supported only on OpenBSD and Linux at present. * sshd_config(5): Add RDomain directive to allow the authenticated session to be placed in an explicit routing domain. This is only supported on OpenBSD at present. * sshd(8): Add "expiry-time" option for authorized_keys files to allow for expiring keys. * ssh(1): Add a BindInterface option to allow binding the (forwarded request 611002 from pcerny) OBS-URL: https://build.opensuse.org/request/show/611071 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=118
This commit is contained in:
commit
ab0dcdb4fc
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:13854b50b2b34c148cab87ea676226342d871d11d4670fe2f93514d61fbcf9b1
|
|
||||||
size 151540
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723
|
|
||||||
size 1489788
|
|
@ -1,14 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAlnTtXUACgkQ0+X1a22S
|
|
||||||
DTCQxgx+MJ1JjIWwVjXUxwpFfjj4aBv5xSqiKqwzGgVjnlmwtpTn+tqdGiACts3K
|
|
||||||
46fh/8ujknJJ5lBIlWKBfqhKzC7A+gCBaFiLoXiad8Q3NIESbXGxRkuMe6jxFtR7
|
|
||||||
SHidUjRqmn1kLCy1TSkj8mqg0/UZ5UZAJcsldQTmEAnxFVbK1l8CLB7vn4rJnj+v
|
|
||||||
PdbtsSdw8ZHtakkoNHiqQD+mwy+FXY5QcN7IUEX2/E0hKx0wou1S/36j8k89UQf8
|
|
||||||
Jbntg31N4EUOQ0fRwuxdRkHSUrJJpPgwWO4XgHw4u9yghsOCYr+X9Pa1+LCtL4PE
|
|
||||||
o4+08UoD92VORzRETH5Cbtv1XmdUWrpHVHUjVORTgYxVgXbbnoDuzxfsrbfJRRLE
|
|
||||||
NBsFxodltDxfdljL27PReBqpneWBxNJd6ruaY5wYxhu1qTEcszCGXuSd583TJ49b
|
|
||||||
hhkWrk5+knErwFdDbtOy+l3L1pvxXvuyIuWl/aXaoVSPDwtPFui94Dl2G7QbSeEb
|
|
||||||
PQDWU6PReeP+SRsMyYJSoxwgbZIzaQ==
|
|
||||||
=K6iy
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
openssh-7.7p1-SUSE_patches.tar.gz
Normal file
3
openssh-7.7p1-SUSE_patches.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:87754e4234f7ed87e145cc61ea4c1e71121dd0ff10e28e86336f95033b8f7300
|
||||||
|
size 147974
|
3
openssh-7.7p1.tar.gz
Normal file
3
openssh-7.7p1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f
|
||||||
|
size 1536900
|
14
openssh-7.7p1.tar.gz.asc
Normal file
14
openssh-7.7p1.tar.gz.asc
Normal file
@ -0,0 +1,14 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAlrBwh4ACgkQ0+X1a22S
|
||||||
|
DTCqGwyAgQuR+5b6dAEK3PV3WnzuPSJ8KKnw3/HlqQw40QfWotVOX4+On3+yOYy+
|
||||||
|
txjAWkbocjHa5/6IzKVU0y9GD3A0H7XwJAwjqqQg3pKD3kXyl7Lz5nkwWWICN0z+
|
||||||
|
fU8HUwJv3SOhilD7XRZqWHUfSL69AR5CbYPraurMQWDNwHY0i4n3vDFp1WrSJx8q
|
||||||
|
mcSgAEwucKavr3+PDm0MbmYINAqgqn1USVDalGy8U6ICnCyzXvu4o8gMuiGGwwKR
|
||||||
|
Jlt2zCs5CBnF2LAaFgawwNh6NO/TOLvvNrW3zUm3s3DzLKqYtl4Jfs39Coii9LEE
|
||||||
|
PqF8YFhgbzm+JPPe9/k5zBSEZOWwkzu33cXm7nC1rypt4PQVZLB8BvRE5HXE9QOx
|
||||||
|
xpGi+BFVeMIMqjsW+nOAAdl4S+FNtzR/OABAhwRveLGMPMFRQ9/GqN5B1L9Wezut
|
||||||
|
V/6SUUzQUyf5Kn6Gjo+ktJB1i7ufPTLSjH9eYjS/7Fn5cMdjF5iezOAzp3FNWXln
|
||||||
|
cDZzHkVgrwqYqTKkekDFTwJD+q/QJQ==
|
||||||
|
=gz3x
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 21 15:19:03 UTC 2018 - pcerny@suse.com
|
||||||
|
|
||||||
|
- Upgrade to 7.7p1 (bsc#1094068)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 31 22:54:55 UTC 2018 - pcerny@suse.com
|
Wed Jan 31 22:54:55 UTC 2018 - pcerny@suse.com
|
||||||
|
|
||||||
|
@ -19,7 +19,7 @@
|
|||||||
%define _name openssh
|
%define _name openssh
|
||||||
Name: openssh-askpass-gnome
|
Name: openssh-askpass-gnome
|
||||||
BuildRequires: gtk2-devel
|
BuildRequires: gtk2-devel
|
||||||
Version: 7.6p1
|
Version: 7.7p1
|
||||||
Release: 0
|
Release: 0
|
||||||
Requires: %{_name} = %{version}
|
Requires: %{_name} = %{version}
|
||||||
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
|
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
|
||||||
|
106
openssh.changes
106
openssh.changes
@ -1,3 +1,109 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon May 21 15:19:03 UTC 2018 - pcerny@suse.com
|
||||||
|
|
||||||
|
- Upgrade to 7.7p1 (bsc#1094068)
|
||||||
|
Most important changes (more details below):
|
||||||
|
* Drop compatibility support for pre-2001 SSH implementations
|
||||||
|
* sshd(1) does not load DSA keys by default
|
||||||
|
Distilled upstream log:
|
||||||
|
---- Potentially-incompatible changes
|
||||||
|
* ssh(1)/sshd(8): Drop compatibility support for some very old
|
||||||
|
SSH implementations, including ssh.com <=2.* and OpenSSH <=
|
||||||
|
3.*. These versions were all released in or before 2001 and
|
||||||
|
predate the final SSH RFCs. The support in question isn't
|
||||||
|
necessary for RFC-compliant SSH implementations.
|
||||||
|
---- New Features
|
||||||
|
* experimental support for PQC XMSS keys (Extended Hash-Based
|
||||||
|
Signatures), not compiled in by default.
|
||||||
|
* sshd(8): Add a "rdomain" criteria for the sshd_config Match
|
||||||
|
keyword to allow conditional configuration that depends on
|
||||||
|
which routing domain a connection was received on (currently
|
||||||
|
supported on OpenBSD and Linux).
|
||||||
|
* sshd_config(5): Add an optional rdomain qualifier to the
|
||||||
|
ListenAddress directive to allow listening on different
|
||||||
|
routing domains. This is supported only on OpenBSD and Linux
|
||||||
|
at present.
|
||||||
|
* sshd_config(5): Add RDomain directive to allow the
|
||||||
|
authenticated session to be placed in an explicit routing
|
||||||
|
domain. This is only supported on OpenBSD at present.
|
||||||
|
* sshd(8): Add "expiry-time" option for authorized_keys files
|
||||||
|
to allow for expiring keys.
|
||||||
|
* ssh(1): Add a BindInterface option to allow binding the
|
||||||
|
outgoing connection to an interface's address (basically a
|
||||||
|
more usable BindAddress)
|
||||||
|
* ssh(1): Expose device allocated for tun/tap forwarding via a
|
||||||
|
new %T expansion for LocalCommand. This allows LocalCommand
|
||||||
|
to be %used to prepare the interface.
|
||||||
|
* sshd(8): Expose the device allocated for tun/tap forwarding
|
||||||
|
via a new SSH_TUNNEL environment variable. This allows
|
||||||
|
automatic setup of the interface and surrounding network
|
||||||
|
configuration automatically on the server.
|
||||||
|
* ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp,
|
||||||
|
e.g. ssh://user@host or sftp://user@host/path. Additional
|
||||||
|
connection parameters that use deporecated MD5 are not
|
||||||
|
implemented.
|
||||||
|
* ssh-keygen(1): Allow certificate validity intervals that
|
||||||
|
specify only a start or stop time (instead of both or
|
||||||
|
neither).
|
||||||
|
* sftp(1): Allow "cd" and "lcd" commands with no explicit path
|
||||||
|
argument. lcd will change to the local user's home directory
|
||||||
|
as usual. cd will change to the starting directory for
|
||||||
|
session (because the protocol offers no way to obtain the
|
||||||
|
remote user's home directory). bz#2760
|
||||||
|
* sshd(8): When doing a config test with sshd -T, only require
|
||||||
|
the attributes that are actually used in Match criteria
|
||||||
|
rather than (an incomplete list of) all criteria.
|
||||||
|
---- Bugfixes
|
||||||
|
* ssh(1)/sshd(8): More strictly check signature types during
|
||||||
|
key exchange against what was negotiated. Prevents downgrade
|
||||||
|
of RSA signatures made with SHA-256/512 to SHA-1.
|
||||||
|
* sshd(8): Fix support for client that advertise a protocol
|
||||||
|
version of "1.99" (indicating that they are prepared to
|
||||||
|
accept both SSHv1 and SSHv2). This was broken in OpenSSH 7.6
|
||||||
|
during the removal of SSHv1 support. bz#2810
|
||||||
|
* ssh(1): Warn when the agent returns a ssh-rsa (SHA1)
|
||||||
|
signature when a rsa-sha2-256/512 signature was requested.
|
||||||
|
This condition is possible when an old or non-OpenSSH agent
|
||||||
|
is in use. bz#2799
|
||||||
|
* ssh-agent(1): Fix regression introduced in 7.6 that caused
|
||||||
|
ssh-agent to fatally exit if presented an invalid signature
|
||||||
|
request message.
|
||||||
|
* sshd_config(5): Accept yes/no flag options
|
||||||
|
case-insensitively, as has been the case in ssh_config(5) for
|
||||||
|
a long time. bz#2664
|
||||||
|
* ssh(1): Improve error reporting for failures during
|
||||||
|
connection. Under some circumstances misleading errors were
|
||||||
|
being shown. bz#2814
|
||||||
|
* ssh-keyscan(1): Add -D option to allow printing of results
|
||||||
|
directly in SSHFP format. bz#2821
|
||||||
|
* regress tests: fix PuTTY interop test broken in last
|
||||||
|
release's SSHv1 removal. bz#2823
|
||||||
|
* ssh(1): Compatibility fix for some servers that erroneously
|
||||||
|
drop the connection when the IUTF8 (RFC8160) option is sent.
|
||||||
|
* scp(1): Disable RemoteCommand and RequestTTY in the ssh
|
||||||
|
session started by scp (sftp was already doing this.)
|
||||||
|
* ssh-keygen(1): Refuse to create a certificate with an
|
||||||
|
unusable number of principals.
|
||||||
|
* ssh-keygen(1): Fatally exit if ssh-keygen is unable to write
|
||||||
|
all the public key during key generation. Previously it would
|
||||||
|
silently ignore errors writing the comment and terminating
|
||||||
|
newline.
|
||||||
|
* ssh(1): Do not modify hostname arguments that are addresses
|
||||||
|
by automatically forcing them to lower-case. Instead
|
||||||
|
canonicalise them to resolve ambiguities (e.g. ::0001 => ::1)
|
||||||
|
before they are matched against known_hosts. bz#2763
|
||||||
|
* ssh(1): Don't accept junk after "yes" or "no" responses to
|
||||||
|
hostkey prompts. bz#2803
|
||||||
|
* sftp(1): Have sftp print a warning about shell cleanliness
|
||||||
|
when decoding the first packet fails, which is usually caused
|
||||||
|
by shells polluting stdout of non-interactive startups.
|
||||||
|
bz#2800
|
||||||
|
* ssh(1)/sshd(8): Switch timers in packet code from using
|
||||||
|
wall-clock time to monotonic time, allowing the packet layer
|
||||||
|
to better function over a clock step and avoiding possible
|
||||||
|
integer overflows during steps.
|
||||||
|
* Numerous manual page fixes and improvements.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 2 08:14:41 UTC 2018 - dimstar@opensuse.org
|
Wed May 2 08:14:41 UTC 2018 - dimstar@opensuse.org
|
||||||
|
|
||||||
|
@ -101,7 +101,7 @@ PreReq: pwdutils %{fillup_prereq} coreutils
|
|||||||
%if ! %{uses_systemd}
|
%if ! %{uses_systemd}
|
||||||
PreReq: %{insserv_prereq}
|
PreReq: %{insserv_prereq}
|
||||||
%endif
|
%endif
|
||||||
Version: 7.6p1
|
Version: 7.7p1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Secure Shell Client and Server (Remote Login Program)
|
Summary: Secure Shell Client and Server (Remote Login Program)
|
||||||
License: BSD-2-Clause AND MIT
|
License: BSD-2-Clause AND MIT
|
||||||
@ -190,7 +190,7 @@ done
|
|||||||
# set libexec dir in the LDAP patch
|
# set libexec dir in the LDAP patch
|
||||||
sed -i.libexec 's,@LIBEXECDIR@,%{_libexecdir}/ssh,' \
|
sed -i.libexec 's,@LIBEXECDIR@,%{_libexecdir}/ssh,' \
|
||||||
$( grep -Rl @LIBEXECDIR@ \
|
$( grep -Rl @LIBEXECDIR@ \
|
||||||
$( grep "^+++" $PATCH_DIR/openssh-7.6p1-ldap.patch | sed -r 's@^.+/([^/\t ]+).*$@\1@' )
|
$( grep "^+++" $PATCH_DIR/openssh-7.7p1-ldap.patch | sed -r 's@^.+/([^/\t ]+).*$@\1@' )
|
||||||
)
|
)
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
Loading…
Reference in New Issue
Block a user