Accepting request 611071 from network

- Upgrade to 7.7p1 (bsc#1094068)

- Upgrade to 7.7p1 (bsc#1094068)
  Most important changes (more details below):
  * Drop compatibility support for pre-2001 SSH implementations
  * sshd(1) does not load DSA keys by default
  Distilled upstream log:
  ---- Potentially-incompatible changes
  * ssh(1)/sshd(8): Drop compatibility support for some very old
    SSH implementations, including ssh.com <=2.* and OpenSSH <=
    3.*.  These versions were all released in or before 2001 and
    predate the final SSH RFCs. The support in question isn't
    necessary for RFC-compliant SSH implementations.
  ---- New Features
  * experimental support for PQC XMSS keys (Extended Hash-Based
    Signatures), not compiled in by default.
  * sshd(8): Add a "rdomain" criteria for the sshd_config Match
    keyword to allow conditional configuration that depends on
    which routing domain a connection was received on (currently
    supported on OpenBSD and Linux).
  * sshd_config(5): Add an optional rdomain qualifier to the
    ListenAddress directive to allow listening on different
    routing domains. This is supported only on OpenBSD and Linux
    at present.
  * sshd_config(5): Add RDomain directive to allow the
    authenticated session to be placed in an explicit routing
    domain. This is only supported on OpenBSD at present.
  * sshd(8): Add "expiry-time" option for authorized_keys files
    to allow for expiring keys.
  * ssh(1): Add a BindInterface option to allow binding the (forwarded request 611002 from pcerny)

OBS-URL: https://build.opensuse.org/request/show/611071
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=118
This commit is contained in:
Dominique Leuenberger 2018-05-25 19:36:00 +00:00 committed by Git OBS Bridge
commit ab0dcdb4fc
10 changed files with 134 additions and 23 deletions

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:13854b50b2b34c148cab87ea676226342d871d11d4670fe2f93514d61fbcf9b1
size 151540

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a323caeeddfe145baaa0db16e98d784b1fbc7dd436a6bf1f479dfd5cd1d21723
size 1489788

View File

@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAlnTtXUACgkQ0+X1a22S
DTCQxgx+MJ1JjIWwVjXUxwpFfjj4aBv5xSqiKqwzGgVjnlmwtpTn+tqdGiACts3K
46fh/8ujknJJ5lBIlWKBfqhKzC7A+gCBaFiLoXiad8Q3NIESbXGxRkuMe6jxFtR7
SHidUjRqmn1kLCy1TSkj8mqg0/UZ5UZAJcsldQTmEAnxFVbK1l8CLB7vn4rJnj+v
PdbtsSdw8ZHtakkoNHiqQD+mwy+FXY5QcN7IUEX2/E0hKx0wou1S/36j8k89UQf8
Jbntg31N4EUOQ0fRwuxdRkHSUrJJpPgwWO4XgHw4u9yghsOCYr+X9Pa1+LCtL4PE
o4+08UoD92VORzRETH5Cbtv1XmdUWrpHVHUjVORTgYxVgXbbnoDuzxfsrbfJRRLE
NBsFxodltDxfdljL27PReBqpneWBxNJd6ruaY5wYxhu1qTEcszCGXuSd583TJ49b
hhkWrk5+knErwFdDbtOy+l3L1pvxXvuyIuWl/aXaoVSPDwtPFui94Dl2G7QbSeEb
PQDWU6PReeP+SRsMyYJSoxwgbZIzaQ==
=K6iy
-----END PGP SIGNATURE-----

View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:87754e4234f7ed87e145cc61ea4c1e71121dd0ff10e28e86336f95033b8f7300
size 147974

3
openssh-7.7p1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d73be7e684e99efcd024be15a30bffcbe41b012b2f7b3c9084aed621775e6b8f
size 1536900

14
openssh-7.7p1.tar.gz.asc Normal file
View File

@ -0,0 +1,14 @@
-----BEGIN PGP SIGNATURE-----
iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAlrBwh4ACgkQ0+X1a22S
DTCqGwyAgQuR+5b6dAEK3PV3WnzuPSJ8KKnw3/HlqQw40QfWotVOX4+On3+yOYy+
txjAWkbocjHa5/6IzKVU0y9GD3A0H7XwJAwjqqQg3pKD3kXyl7Lz5nkwWWICN0z+
fU8HUwJv3SOhilD7XRZqWHUfSL69AR5CbYPraurMQWDNwHY0i4n3vDFp1WrSJx8q
mcSgAEwucKavr3+PDm0MbmYINAqgqn1USVDalGy8U6ICnCyzXvu4o8gMuiGGwwKR
Jlt2zCs5CBnF2LAaFgawwNh6NO/TOLvvNrW3zUm3s3DzLKqYtl4Jfs39Coii9LEE
PqF8YFhgbzm+JPPe9/k5zBSEZOWwkzu33cXm7nC1rypt4PQVZLB8BvRE5HXE9QOx
xpGi+BFVeMIMqjsW+nOAAdl4S+FNtzR/OABAhwRveLGMPMFRQ9/GqN5B1L9Wezut
V/6SUUzQUyf5Kn6Gjo+ktJB1i7ufPTLSjH9eYjS/7Fn5cMdjF5iezOAzp3FNWXln
cDZzHkVgrwqYqTKkekDFTwJD+q/QJQ==
=gz3x
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon May 21 15:19:03 UTC 2018 - pcerny@suse.com
- Upgrade to 7.7p1 (bsc#1094068)
-------------------------------------------------------------------
Wed Jan 31 22:54:55 UTC 2018 - pcerny@suse.com

View File

@ -19,7 +19,7 @@
%define _name openssh
Name: openssh-askpass-gnome
BuildRequires: gtk2-devel
Version: 7.6p1
Version: 7.7p1
Release: 0
Requires: %{_name} = %{version}
Summary: A GNOME-Based Passphrase Dialog for OpenSSH

View File

@ -1,3 +1,109 @@
-------------------------------------------------------------------
Mon May 21 15:19:03 UTC 2018 - pcerny@suse.com
- Upgrade to 7.7p1 (bsc#1094068)
Most important changes (more details below):
* Drop compatibility support for pre-2001 SSH implementations
* sshd(1) does not load DSA keys by default
Distilled upstream log:
---- Potentially-incompatible changes
* ssh(1)/sshd(8): Drop compatibility support for some very old
SSH implementations, including ssh.com <=2.* and OpenSSH <=
3.*. These versions were all released in or before 2001 and
predate the final SSH RFCs. The support in question isn't
necessary for RFC-compliant SSH implementations.
---- New Features
* experimental support for PQC XMSS keys (Extended Hash-Based
Signatures), not compiled in by default.
* sshd(8): Add a "rdomain" criteria for the sshd_config Match
keyword to allow conditional configuration that depends on
which routing domain a connection was received on (currently
supported on OpenBSD and Linux).
* sshd_config(5): Add an optional rdomain qualifier to the
ListenAddress directive to allow listening on different
routing domains. This is supported only on OpenBSD and Linux
at present.
* sshd_config(5): Add RDomain directive to allow the
authenticated session to be placed in an explicit routing
domain. This is only supported on OpenBSD at present.
* sshd(8): Add "expiry-time" option for authorized_keys files
to allow for expiring keys.
* ssh(1): Add a BindInterface option to allow binding the
outgoing connection to an interface's address (basically a
more usable BindAddress)
* ssh(1): Expose device allocated for tun/tap forwarding via a
new %T expansion for LocalCommand. This allows LocalCommand
to be %used to prepare the interface.
* sshd(8): Expose the device allocated for tun/tap forwarding
via a new SSH_TUNNEL environment variable. This allows
automatic setup of the interface and surrounding network
configuration automatically on the server.
* ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp,
e.g. ssh://user@host or sftp://user@host/path. Additional
connection parameters that use deporecated MD5 are not
implemented.
* ssh-keygen(1): Allow certificate validity intervals that
specify only a start or stop time (instead of both or
neither).
* sftp(1): Allow "cd" and "lcd" commands with no explicit path
argument. lcd will change to the local user's home directory
as usual. cd will change to the starting directory for
session (because the protocol offers no way to obtain the
remote user's home directory). bz#2760
* sshd(8): When doing a config test with sshd -T, only require
the attributes that are actually used in Match criteria
rather than (an incomplete list of) all criteria.
---- Bugfixes
* ssh(1)/sshd(8): More strictly check signature types during
key exchange against what was negotiated. Prevents downgrade
of RSA signatures made with SHA-256/512 to SHA-1.
* sshd(8): Fix support for client that advertise a protocol
version of "1.99" (indicating that they are prepared to
accept both SSHv1 and SSHv2). This was broken in OpenSSH 7.6
during the removal of SSHv1 support. bz#2810
* ssh(1): Warn when the agent returns a ssh-rsa (SHA1)
signature when a rsa-sha2-256/512 signature was requested.
This condition is possible when an old or non-OpenSSH agent
is in use. bz#2799
* ssh-agent(1): Fix regression introduced in 7.6 that caused
ssh-agent to fatally exit if presented an invalid signature
request message.
* sshd_config(5): Accept yes/no flag options
case-insensitively, as has been the case in ssh_config(5) for
a long time. bz#2664
* ssh(1): Improve error reporting for failures during
connection. Under some circumstances misleading errors were
being shown. bz#2814
* ssh-keyscan(1): Add -D option to allow printing of results
directly in SSHFP format. bz#2821
* regress tests: fix PuTTY interop test broken in last
release's SSHv1 removal. bz#2823
* ssh(1): Compatibility fix for some servers that erroneously
drop the connection when the IUTF8 (RFC8160) option is sent.
* scp(1): Disable RemoteCommand and RequestTTY in the ssh
session started by scp (sftp was already doing this.)
* ssh-keygen(1): Refuse to create a certificate with an
unusable number of principals.
* ssh-keygen(1): Fatally exit if ssh-keygen is unable to write
all the public key during key generation. Previously it would
silently ignore errors writing the comment and terminating
newline.
* ssh(1): Do not modify hostname arguments that are addresses
by automatically forcing them to lower-case. Instead
canonicalise them to resolve ambiguities (e.g. ::0001 => ::1)
before they are matched against known_hosts. bz#2763
* ssh(1): Don't accept junk after "yes" or "no" responses to
hostkey prompts. bz#2803
* sftp(1): Have sftp print a warning about shell cleanliness
when decoding the first packet fails, which is usually caused
by shells polluting stdout of non-interactive startups.
bz#2800
* ssh(1)/sshd(8): Switch timers in packet code from using
wall-clock time to monotonic time, allowing the packet layer
to better function over a clock step and avoiding possible
integer overflows during steps.
* Numerous manual page fixes and improvements.
-------------------------------------------------------------------
Wed May 2 08:14:41 UTC 2018 - dimstar@opensuse.org

View File

@ -101,7 +101,7 @@ PreReq: pwdutils %{fillup_prereq} coreutils
%if ! %{uses_systemd}
PreReq: %{insserv_prereq}
%endif
Version: 7.6p1
Version: 7.7p1
Release: 0
Summary: Secure Shell Client and Server (Remote Login Program)
License: BSD-2-Clause AND MIT
@ -190,7 +190,7 @@ done
# set libexec dir in the LDAP patch
sed -i.libexec 's,@LIBEXECDIR@,%{_libexecdir}/ssh,' \
$( grep -Rl @LIBEXECDIR@ \
$( grep "^+++" $PATCH_DIR/openssh-7.6p1-ldap.patch | sed -r 's@^.+/([^/\t ]+).*$@\1@' )
$( grep "^+++" $PATCH_DIR/openssh-7.7p1-ldap.patch | sed -r 's@^.+/([^/\t ]+).*$@\1@' )
)
%build