Accepting request 611071 from network
- Upgrade to 7.7p1 (bsc#1094068) - Upgrade to 7.7p1 (bsc#1094068) Most important changes (more details below): * Drop compatibility support for pre-2001 SSH implementations * sshd(1) does not load DSA keys by default Distilled upstream log: ---- Potentially-incompatible changes * ssh(1)/sshd(8): Drop compatibility support for some very old SSH implementations, including ssh.com <=2.* and OpenSSH <= 3.*. These versions were all released in or before 2001 and predate the final SSH RFCs. The support in question isn't necessary for RFC-compliant SSH implementations. ---- New Features * experimental support for PQC XMSS keys (Extended Hash-Based Signatures), not compiled in by default. * sshd(8): Add a "rdomain" criteria for the sshd_config Match keyword to allow conditional configuration that depends on which routing domain a connection was received on (currently supported on OpenBSD and Linux). * sshd_config(5): Add an optional rdomain qualifier to the ListenAddress directive to allow listening on different routing domains. This is supported only on OpenBSD and Linux at present. * sshd_config(5): Add RDomain directive to allow the authenticated session to be placed in an explicit routing domain. This is only supported on OpenBSD at present. * sshd(8): Add "expiry-time" option for authorized_keys files to allow for expiring keys. * ssh(1): Add a BindInterface option to allow binding the (forwarded request 611002 from pcerny) OBS-URL: https://build.opensuse.org/request/show/611071 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=118
This commit is contained in:
commit
ab0dcdb4fc
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:13854b50b2b34c148cab87ea676226342d871d11d4670fe2f93514d61fbcf9b1
|
||||
size 151540
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723
|
||||
size 1489788
|
@ -1,14 +0,0 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAlnTtXUACgkQ0+X1a22S
|
||||
DTCQxgx+MJ1JjIWwVjXUxwpFfjj4aBv5xSqiKqwzGgVjnlmwtpTn+tqdGiACts3K
|
||||
46fh/8ujknJJ5lBIlWKBfqhKzC7A+gCBaFiLoXiad8Q3NIESbXGxRkuMe6jxFtR7
|
||||
SHidUjRqmn1kLCy1TSkj8mqg0/UZ5UZAJcsldQTmEAnxFVbK1l8CLB7vn4rJnj+v
|
||||
PdbtsSdw8ZHtakkoNHiqQD+mwy+FXY5QcN7IUEX2/E0hKx0wou1S/36j8k89UQf8
|
||||
Jbntg31N4EUOQ0fRwuxdRkHSUrJJpPgwWO4XgHw4u9yghsOCYr+X9Pa1+LCtL4PE
|
||||
o4+08UoD92VORzRETH5Cbtv1XmdUWrpHVHUjVORTgYxVgXbbnoDuzxfsrbfJRRLE
|
||||
NBsFxodltDxfdljL27PReBqpneWBxNJd6ruaY5wYxhu1qTEcszCGXuSd583TJ49b
|
||||
hhkWrk5+knErwFdDbtOy+l3L1pvxXvuyIuWl/aXaoVSPDwtPFui94Dl2G7QbSeEb
|
||||
PQDWU6PReeP+SRsMyYJSoxwgbZIzaQ==
|
||||
=K6iy
|
||||
-----END PGP SIGNATURE-----
|
3
openssh-7.7p1-SUSE_patches.tar.gz
Normal file
3
openssh-7.7p1-SUSE_patches.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:87754e4234f7ed87e145cc61ea4c1e71121dd0ff10e28e86336f95033b8f7300
|
||||
size 147974
|
3
openssh-7.7p1.tar.gz
Normal file
3
openssh-7.7p1.tar.gz
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f
|
||||
size 1536900
|
14
openssh-7.7p1.tar.gz.asc
Normal file
14
openssh-7.7p1.tar.gz.asc
Normal file
@ -0,0 +1,14 @@
|
||||
-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAlrBwh4ACgkQ0+X1a22S
|
||||
DTCqGwyAgQuR+5b6dAEK3PV3WnzuPSJ8KKnw3/HlqQw40QfWotVOX4+On3+yOYy+
|
||||
txjAWkbocjHa5/6IzKVU0y9GD3A0H7XwJAwjqqQg3pKD3kXyl7Lz5nkwWWICN0z+
|
||||
fU8HUwJv3SOhilD7XRZqWHUfSL69AR5CbYPraurMQWDNwHY0i4n3vDFp1WrSJx8q
|
||||
mcSgAEwucKavr3+PDm0MbmYINAqgqn1USVDalGy8U6ICnCyzXvu4o8gMuiGGwwKR
|
||||
Jlt2zCs5CBnF2LAaFgawwNh6NO/TOLvvNrW3zUm3s3DzLKqYtl4Jfs39Coii9LEE
|
||||
PqF8YFhgbzm+JPPe9/k5zBSEZOWwkzu33cXm7nC1rypt4PQVZLB8BvRE5HXE9QOx
|
||||
xpGi+BFVeMIMqjsW+nOAAdl4S+FNtzR/OABAhwRveLGMPMFRQ9/GqN5B1L9Wezut
|
||||
V/6SUUzQUyf5Kn6Gjo+ktJB1i7ufPTLSjH9eYjS/7Fn5cMdjF5iezOAzp3FNWXln
|
||||
cDZzHkVgrwqYqTKkekDFTwJD+q/QJQ==
|
||||
=gz3x
|
||||
-----END PGP SIGNATURE-----
|
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon May 21 15:19:03 UTC 2018 - pcerny@suse.com
|
||||
|
||||
- Upgrade to 7.7p1 (bsc#1094068)
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jan 31 22:54:55 UTC 2018 - pcerny@suse.com
|
||||
|
||||
|
@ -19,7 +19,7 @@
|
||||
%define _name openssh
|
||||
Name: openssh-askpass-gnome
|
||||
BuildRequires: gtk2-devel
|
||||
Version: 7.6p1
|
||||
Version: 7.7p1
|
||||
Release: 0
|
||||
Requires: %{_name} = %{version}
|
||||
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
|
||||
|
106
openssh.changes
106
openssh.changes
@ -1,3 +1,109 @@
|
||||
-------------------------------------------------------------------
|
||||
Mon May 21 15:19:03 UTC 2018 - pcerny@suse.com
|
||||
|
||||
- Upgrade to 7.7p1 (bsc#1094068)
|
||||
Most important changes (more details below):
|
||||
* Drop compatibility support for pre-2001 SSH implementations
|
||||
* sshd(1) does not load DSA keys by default
|
||||
Distilled upstream log:
|
||||
---- Potentially-incompatible changes
|
||||
* ssh(1)/sshd(8): Drop compatibility support for some very old
|
||||
SSH implementations, including ssh.com <=2.* and OpenSSH <=
|
||||
3.*. These versions were all released in or before 2001 and
|
||||
predate the final SSH RFCs. The support in question isn't
|
||||
necessary for RFC-compliant SSH implementations.
|
||||
---- New Features
|
||||
* experimental support for PQC XMSS keys (Extended Hash-Based
|
||||
Signatures), not compiled in by default.
|
||||
* sshd(8): Add a "rdomain" criteria for the sshd_config Match
|
||||
keyword to allow conditional configuration that depends on
|
||||
which routing domain a connection was received on (currently
|
||||
supported on OpenBSD and Linux).
|
||||
* sshd_config(5): Add an optional rdomain qualifier to the
|
||||
ListenAddress directive to allow listening on different
|
||||
routing domains. This is supported only on OpenBSD and Linux
|
||||
at present.
|
||||
* sshd_config(5): Add RDomain directive to allow the
|
||||
authenticated session to be placed in an explicit routing
|
||||
domain. This is only supported on OpenBSD at present.
|
||||
* sshd(8): Add "expiry-time" option for authorized_keys files
|
||||
to allow for expiring keys.
|
||||
* ssh(1): Add a BindInterface option to allow binding the
|
||||
outgoing connection to an interface's address (basically a
|
||||
more usable BindAddress)
|
||||
* ssh(1): Expose device allocated for tun/tap forwarding via a
|
||||
new %T expansion for LocalCommand. This allows LocalCommand
|
||||
to be %used to prepare the interface.
|
||||
* sshd(8): Expose the device allocated for tun/tap forwarding
|
||||
via a new SSH_TUNNEL environment variable. This allows
|
||||
automatic setup of the interface and surrounding network
|
||||
configuration automatically on the server.
|
||||
* ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp,
|
||||
e.g. ssh://user@host or sftp://user@host/path. Additional
|
||||
connection parameters that use deporecated MD5 are not
|
||||
implemented.
|
||||
* ssh-keygen(1): Allow certificate validity intervals that
|
||||
specify only a start or stop time (instead of both or
|
||||
neither).
|
||||
* sftp(1): Allow "cd" and "lcd" commands with no explicit path
|
||||
argument. lcd will change to the local user's home directory
|
||||
as usual. cd will change to the starting directory for
|
||||
session (because the protocol offers no way to obtain the
|
||||
remote user's home directory). bz#2760
|
||||
* sshd(8): When doing a config test with sshd -T, only require
|
||||
the attributes that are actually used in Match criteria
|
||||
rather than (an incomplete list of) all criteria.
|
||||
---- Bugfixes
|
||||
* ssh(1)/sshd(8): More strictly check signature types during
|
||||
key exchange against what was negotiated. Prevents downgrade
|
||||
of RSA signatures made with SHA-256/512 to SHA-1.
|
||||
* sshd(8): Fix support for client that advertise a protocol
|
||||
version of "1.99" (indicating that they are prepared to
|
||||
accept both SSHv1 and SSHv2). This was broken in OpenSSH 7.6
|
||||
during the removal of SSHv1 support. bz#2810
|
||||
* ssh(1): Warn when the agent returns a ssh-rsa (SHA1)
|
||||
signature when a rsa-sha2-256/512 signature was requested.
|
||||
This condition is possible when an old or non-OpenSSH agent
|
||||
is in use. bz#2799
|
||||
* ssh-agent(1): Fix regression introduced in 7.6 that caused
|
||||
ssh-agent to fatally exit if presented an invalid signature
|
||||
request message.
|
||||
* sshd_config(5): Accept yes/no flag options
|
||||
case-insensitively, as has been the case in ssh_config(5) for
|
||||
a long time. bz#2664
|
||||
* ssh(1): Improve error reporting for failures during
|
||||
connection. Under some circumstances misleading errors were
|
||||
being shown. bz#2814
|
||||
* ssh-keyscan(1): Add -D option to allow printing of results
|
||||
directly in SSHFP format. bz#2821
|
||||
* regress tests: fix PuTTY interop test broken in last
|
||||
release's SSHv1 removal. bz#2823
|
||||
* ssh(1): Compatibility fix for some servers that erroneously
|
||||
drop the connection when the IUTF8 (RFC8160) option is sent.
|
||||
* scp(1): Disable RemoteCommand and RequestTTY in the ssh
|
||||
session started by scp (sftp was already doing this.)
|
||||
* ssh-keygen(1): Refuse to create a certificate with an
|
||||
unusable number of principals.
|
||||
* ssh-keygen(1): Fatally exit if ssh-keygen is unable to write
|
||||
all the public key during key generation. Previously it would
|
||||
silently ignore errors writing the comment and terminating
|
||||
newline.
|
||||
* ssh(1): Do not modify hostname arguments that are addresses
|
||||
by automatically forcing them to lower-case. Instead
|
||||
canonicalise them to resolve ambiguities (e.g. ::0001 => ::1)
|
||||
before they are matched against known_hosts. bz#2763
|
||||
* ssh(1): Don't accept junk after "yes" or "no" responses to
|
||||
hostkey prompts. bz#2803
|
||||
* sftp(1): Have sftp print a warning about shell cleanliness
|
||||
when decoding the first packet fails, which is usually caused
|
||||
by shells polluting stdout of non-interactive startups.
|
||||
bz#2800
|
||||
* ssh(1)/sshd(8): Switch timers in packet code from using
|
||||
wall-clock time to monotonic time, allowing the packet layer
|
||||
to better function over a clock step and avoiding possible
|
||||
integer overflows during steps.
|
||||
* Numerous manual page fixes and improvements.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed May 2 08:14:41 UTC 2018 - dimstar@opensuse.org
|
||||
|
||||
|
@ -101,7 +101,7 @@ PreReq: pwdutils %{fillup_prereq} coreutils
|
||||
%if ! %{uses_systemd}
|
||||
PreReq: %{insserv_prereq}
|
||||
%endif
|
||||
Version: 7.6p1
|
||||
Version: 7.7p1
|
||||
Release: 0
|
||||
Summary: Secure Shell Client and Server (Remote Login Program)
|
||||
License: BSD-2-Clause AND MIT
|
||||
@ -190,7 +190,7 @@ done
|
||||
# set libexec dir in the LDAP patch
|
||||
sed -i.libexec 's,@LIBEXECDIR@,%{_libexecdir}/ssh,' \
|
||||
$( grep -Rl @LIBEXECDIR@ \
|
||||
$( grep "^+++" $PATCH_DIR/openssh-7.6p1-ldap.patch | sed -r 's@^.+/([^/\t ]+).*$@\1@' )
|
||||
$( grep "^+++" $PATCH_DIR/openssh-7.7p1-ldap.patch | sed -r 's@^.+/([^/\t ]+).*$@\1@' )
|
||||
)
|
||||
|
||||
%build
|
||||
|
Loading…
Reference in New Issue
Block a user