From b189026b63770c18a8f811a1294b7c39cd32a09ddd7c7f2ad77b6ea944b7ddb7 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 11 Feb 2014 08:14:49 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=62 --- ....changes.reb47944ec2d587d73f8e2ef1dd4caf5d | 2001 ----------------- 1 file changed, 2001 deletions(-) delete mode 100644 openssh.changes.reb47944ec2d587d73f8e2ef1dd4caf5d diff --git a/openssh.changes.reb47944ec2d587d73f8e2ef1dd4caf5d b/openssh.changes.reb47944ec2d587d73f8e2ef1dd4caf5d deleted file mode 100644 index 53027ea..0000000 --- a/openssh.changes.reb47944ec2d587d73f8e2ef1dd4caf5d +++ /dev/null @@ -1,2001 +0,0 @@ -------------------------------------------------------------------- -Wed Feb 5 08:38:11 UTC 2014 - idonmez@suse.com - -- Add openssh-6.2p1-forcepermissions.patch to implement a force - permissions mode (fate#312774). The patch is based on - http://marc.info/?l=openssh-unix-dev&m=128896838930893 - -------------------------------------------------------------------- -Fri Jan 24 15:13:09 UTC 2014 - pcerny@suse.com - -- Update to 6.4p1 - Features since 6.2p2: - * ssh-agent(1) support in sshd(8); allows encrypted hostkeys, or - hostkeys on smartcards. - * ssh(1)/sshd(8): allow optional time-based rekeying via a - second argument to the existing RekeyLimit option. RekeyLimit - is now supported in sshd_config as well as on the client. - * sshd(8): standardise logging of information during user - authentication. - * The presented key/cert and the remote username (if available) - is now logged in the authentication success/failure message on - the same log line as the local username, remote host/port and - protocol in use. Certificates contents and the key - fingerprint of the signing CA are logged too. - * ssh(1) ability to query what cryptographic algorithms are - supported in the binary. - * ssh(1): ProxyCommand=- for cases where stdin and stdout - already point to the proxy. - * ssh(1): allow IdentityFile=none - * ssh(1)/sshd(8): -E option to append debugging logs to a - specified file instead of stderr or syslog. - * sftp(1): support resuming partial downloads with the "reget" - command and on the sftp commandline or on the "get" - commandline with the "-a" (append) option. - * ssh(1): "IgnoreUnknown" configuration option to selectively - suppress errors arising from unknown configuration directives. - * sshd(8): support for submethods to be appended to required - authentication methods listed via AuthenticationMethods. - Bugfixes since 6.2p2: - * sshd(8): fix refusal to accept certificate if a key of a - different type to the CA key appeared in authorized_keys - before the CA key. - * ssh(1)/ssh-agent(1)/sshd(8): Use a monotonic time source for - timers so that things like keepalives and rekeying will work - properly over clock steps. - * sftp(1): update progressmeter when data is acknowledged, not - when it's sent. bz#2108 - * ssh(1)/ssh-keygen(1): improve error messages when the current - user does not exist in /etc/passwd; bz#2125 - * ssh(1): reset the order in which public keys are tried after - partial authentication success. - * ssh-agent(1): clean up socket files after SIGINT when in debug - mode; bz#2120 - * ssh(1) and others: avoid confusing error messages in the case - of broken system resolver configurations; bz#2122 - * ssh(1): set TCP nodelay for connections started with -N; - bz#2124 - * ssh(1): correct manual for permission requirements on - ~/.ssh/config; bz#2078 - * ssh(1): fix ControlPersist timeout not triggering in cases - where TCP connections have hung. bz#1917 - * ssh(1): properly deatch a ControlPersist master from its - controlling terminal. - * sftp(1): avoid crashes in libedit when it has been compiled - with multi- byte character support. bz#1990 - * sshd(8): when running sshd -D, close stderr unless we have - explicitly requested logging to stderr. bz#1976, - * ssh(1): fix incomplete bzero; bz#2100 - * sshd(8): log and error and exit if ChrootDirectory is - specified and running without root privileges. - * Many improvements to the regression test suite. In particular - log files are now saved from ssh and sshd after failures. - * Fix a number of memory leaks. bz#1967 bz#2096 and others - * sshd(8): fix public key authentication when a :style is - appended to the requested username. - * ssh(1): do not fatally exit when attempting to cleanup - multiplexing- created channels that are incompletely opened. - bz#2079 - * sshd(8): fix a memory corruption problem triggered during - rekeying when an AES-GCM cipher is selected - * Fix unaligned accesses in umac.c for strict-alignment - architectures. bz#2101 - * Fix broken incorrect commandline reporting errors. bz#1448 - * Only include SHA256 and ECC-based key exchange methods if - libcrypto has the required support. - * Fix crash in SOCKS5 dynamic forwarding code on - strict-alignment architectures. - - FIPS and GSSKEX patched disabled for now - -------------------------------------------------------------------- -Fri Oct 4 17:50:32 UTC 2013 - pcerny@suse.com - -- fix server crashes when using AES-GCM -- removed superfluous build dependency on X - -------------------------------------------------------------------- -Thu Sep 19 02:02:56 UTC 2013 - pcerny@suse.com - -- spec file and patch cleanup - * key converter is now in the -key-converter.patch - * openssh-nodaemon-nopid.patch is -no_fork-no_pid_file.patch - * openssh-nocrazyabicheck.patch is - -disable-openssl-abi-check.patch - * removing obsolete -engines.diff patch -- patches from SLE11 - * use auditing infrastructure extending upstream hooks - (-auditX-*.patch) instead of the single old patch - (-audit.patch) - * FIPS enablement (currently disabled) - (-fingerprint_hash.patch, -fips.patch) - * GSSAPI key exchange - (bnc#784689, fate#313068, -gssapi_key_exchange.patch) - * SysV init script update - 'stop' now terminates all sshd - processes and closes all connections, 'soft-stop' only - terminates the listener process (keeps active sessions intact) - (fate#314243) - * helper application for retrieving users' public keys from - an LDAP server (bnc#683733, fate#302144, -ldap.patch) - - subpackage openssh-akc-ldap - * several bugfixes: - - login invocation - (bnc#833605, -login_options.patch) - - disable locked accounts when using PAM - (bnc#708678, fate#312033, -pam-check-locks.patch) - - fix wtmp handling - (bnc#18024, -lastlog.patch) -- init script is moved into documentation for openSUSE 12.3+ - (as it confused systemd) - -------------------------------------------------------------------- -Tue Sep 10 21:15:59 UTC 2013 - crrodriguez@opensuse.org - -- fix the logic in openssh-nodaemon-nopid.patch which is broken - and pid_file therefore still being created. - -------------------------------------------------------------------- -Sat Aug 3 17:57:06 UTC 2013 - crrodriguez@opensuse.org - -- Update to version 6.2p2 -* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption -* ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes -* ssh(1)/sshd(8): Added support for the UMAC-128 MAC -* sshd(8): Added support for multiple required authentication -* sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists -* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1) - now immediately sends its SSH protocol banner to the server without - waiting to receive the server's banner, saving time when connecting. -* dozens of other changes, see http://www.openssh.org/txt/release-6.2 - -------------------------------------------------------------------- -Mon Jul 1 18:54:31 UTC 2013 - coolo@suse.com - -- avoid the build cycle between curl, krb5, libssh2_org and openssh - by using krb5-mini-devel - -------------------------------------------------------------------- -Wed Jun 19 09:50:25 UTC 2013 - speilicke@suse.com - -- Recommend xauth, X11-forwarding won't work if it is not installed - -------------------------------------------------------------------- -Sun Apr 14 19:02:32 UTC 2013 - crrodriguez@opensuse.org - -- sshd.service: Do not order after syslog.target, it is - not required or recommended and that target does not even exist - anymore. - -------------------------------------------------------------------- -Tue Jan 8 10:16:45 UTC 2013 - dmueller@suse.com - -- use ssh-keygen(1) default keylengths in generating the host key - instead of hardcoding it - -------------------------------------------------------------------- -Tue Nov 13 10:26:37 UTC 2012 - meissner@suse.com - -- Updated to 6.1p1, a bugfix release - Features: - * sshd(8): This release turns on pre-auth sandboxing sshd by default for - new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config. - * ssh-keygen(1): Add options to specify starting line number and number of - lines to process when screening moduli candidates, allowing processing - of different parts of a candidate moduli file in parallel - * sshd(8): The Match directive now supports matching on the local (listen) - address and port upon which the incoming connection was received via - LocalAddress and LocalPort clauses. - * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv - and {Allow,Deny}{Users,Groups} - * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978 - * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8 - * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as - an argument to refuse all port-forwarding requests. - * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile - * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971 - * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators - to append some arbitrary text to the server SSH protocol banner. - Bugfixes: - * ssh(1)/sshd(8): Don't spin in accept() in situations of file - descriptor exhaustion. Instead back off for a while. - * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as - they were removed from the specification. bz#2023, - * sshd(8): Handle long comments in config files better. bz#2025 - * ssh(1): Delay setting tty_flag so RequestTTY options are correctly - picked up. bz#1995 - * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root - on platforms that use login_cap. - Portable OpenSSH: - * sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit - sandbox from the Linux SECCOMP filter sandbox when the latter is - not available in the kernel. - * ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to - retrieve a CNAME SSHFP record. - * Fix cross-compilation problems related to pkg-config. bz#1996 - -------------------------------------------------------------------- -Tue Nov 13 10:26:16 CET 2012 - kukuk@suse.de - -- Fix groupadd arguments -- Add LSB tag to sshd init script - -------------------------------------------------------------------- -Fri Oct 26 15:01:21 UTC 2012 - coolo@suse.com - -- explicit buildrequire groff, needed for man pages - -------------------------------------------------------------------- -Tue Oct 16 12:29:36 UTC 2012 - coolo@suse.com - -- buildrequire systemd through pkgconfig to break cycle - -------------------------------------------------------------------- -Wed Aug 15 19:25:08 UTC 2012 - crrodriguez@opensuse.org - -- When not daemonizing, such is used with systemd, no not - create a PID file - -------------------------------------------------------------------- -Mon Jun 18 11:34:51 UTC 2012 - coolo@suse.com - -- do not buildrequire xorg-x11, the askpass is an extra package - and should build from a different package - -------------------------------------------------------------------- -Tue May 29 07:14:36 UTC 2012 - meissner@suse.com - -- use correct download url and tarball format. - -------------------------------------------------------------------- -Tue May 29 06:52:13 UTC 2012 - crrodriguez@opensuse.org - -- Update to version 6.0, large list of changes, seen - http://www.openssh.org/txt/release-6.0 for detail. - -------------------------------------------------------------------- -Thu May 10 20:50:33 UTC 2012 - crrodriguez@opensuse.org - -- By default openSSH checks at *runtime* if the openssl - API version matches with the running library, that might - be good if you are compiling SSH yourself but it is a totally - insane way to check for binary/source compatibility in a distribution. - -------------------------------------------------------------------- -Mon Feb 20 08:29:17 UTC 2012 - meissner@suse.com - -- include X11 app default dir - -------------------------------------------------------------------- -Fri Dec 23 08:27:08 UTC 2011 - brian@aljex.com - -- Fix building for OS 11.0, 10.3, 10.2 -* Don't require selinux on OS 11.0 or lower - -------------------------------------------------------------------- -Fri Dec 23 06:34:28 UTC 2011 - brian@aljex.com - -- Fix building for OS 11.2 and 11.1 -- Cleanup remove remaining litteral /etc/init.d 's - -------------------------------------------------------------------- -Wed Dec 21 10:38:59 UTC 2011 - coolo@suse.com - -- add autoconf as buildrequire to avoid implicit dependency - -------------------------------------------------------------------- -Tue Nov 29 19:48:29 UTC 2011 - crrodriguez@opensuse.org - -- Add systemd startup units - -------------------------------------------------------------------- -Sat Oct 29 22:41:55 UTC 2011 - pcerny@suse.com - -- finalising libexecdir change (bnc#726712) - -------------------------------------------------------------------- -Wed Oct 19 00:32:20 UTC 2011 - pcerny@suse.com - -- Update to 5.9p1 - * sandboxing privsep child through rlimit - -------------------------------------------------------------------- -Fri Sep 16 09:43:47 UTC 2011 - jengelh@medozas.de - -- Avoid overriding libexecdir with %_lib (bnc#712025) -- Clean up the specfile by request of Minh Ngo, details entail: -* remove norootforbuild comments, redundant %clean section -* run spec-beautifier over it -- Add PIEFLAGS to compilation of askpass; fails otherwise - -------------------------------------------------------------------- -Mon Aug 29 23:47:58 UTC 2011 - crrodriguez@opensuse.org - -- Update to verison 5.8p2 -* Fixed vuln in systems without dev/random, we arenot affected -* Fixes problems building with selinux enabled -- Fix build with as-needed and no-add-needed - -------------------------------------------------------------------- -Sat Aug 13 20:46:17 UTC 2011 - crrodriguez@opensuse.org - -- Enable libedit/autocompletion support in sftp - -------------------------------------------------------------------- -Tue May 10 15:08:17 UTC 2011 - meissner@novell.com - -- Change default keysizes of rsa and dsa from 1024 to 2048 - to match ssh-keygen manpage recommendations. - -------------------------------------------------------------------- -Fri Feb 4 11:19:25 UTC 2011 - lchiquitto@novell.com - -- Update to 5.8p1 - * Fix vulnerability in legacy certificate signing introduced in - OpenSSH-5.6 and found by Mateusz Kocielski. - * Fix compilation failure when enableing SELinux support. - * Do not attempt to call SELinux functions when SELinux is - disabled. -- Remove patch that is now upstream: - * openssh-5.7p1-selinux.diff - -------------------------------------------------------------------- -Thu Feb 3 16:42:01 UTC 2011 - pcerny@novell.com - -- specfile/patches cleanup - -------------------------------------------------------------------- -Mon Jan 24 11:24:59 UTC 2011 - lchiquitto@novell.com - -- Update to 5.7p1 - * Implement Elliptic Curve Cryptography modes for key exchange (ECDH) - and host/user keys (ECDSA) as specified by RFC5656. - * sftp(1)/sftp-server(8): add a protocol extension to support a hard - link operation. - * scp(1): Add a new -3 option to scp: Copies between two remote hosts - are transferred through the local host. - * ssh(1): automatically order the hostkeys requested by the client - based on which hostkeys are already recorded in known_hosts. - * ssh(1)/sshd(8): add a new IPQoS option to specify arbitrary - TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. - * sftp(1): the sftp client is now significantly faster at performing - directory listings, using OpenBSD glob(3) extensions to preserve - the results of stat(3) operations performed in the course of its - execution rather than performing expensive round trips to fetch - them again afterwards. - * ssh(1): "atomically" create the listening mux socket by binding it on - a temporary name and then linking it into position after listen() has - succeeded. - * ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server - configuration to allow selection of which key exchange methods are - used by ssh(1) and sshd(8) and their order of preference. - * sftp(1)/scp(1): factor out bandwidth limiting code from scp(1) into - a generic bandwidth limiter that can be attached using the atomicio - callback mechanism and use it to add a bandwidth limit option to - sftp(1). - * Support building against openssl-1.0.0a. - * Bug fixes. -- Remove patches that are now upstream: - * openssh-5.6p1-tmpdir.diff - * openssh-linux-new-oomkill.patch -- Add upstream patch to fix build with SELinux enabled. - -------------------------------------------------------------------- -Wed Jan 12 13:37:38 CET 2011 - sbrabec@suse.cz - -- Removed relics of no more implemented opensc support. - -------------------------------------------------------------------- -Thu Nov 18 12:20:59 UTC 2010 - lnussel@suse.de - -- add pam_lastlog to show failed login attempts -- remove permissions handling, no special handling needed - -------------------------------------------------------------------- -Tue Nov 16 14:45:14 UTC 2010 - cristian.rodriguez@opensuse.org - -- Use upstream oom_adj is deprecated patch - -------------------------------------------------------------------- -Tue Nov 2 13:25:19 UTC 2010 - coolo@novell.com - -- remove the code trying to patch X11 paths - which was broken - for a very long time and was useless anyway as the Makefiles - do this correctly themselves - -------------------------------------------------------------------- -Sun Oct 31 12:37:02 UTC 2010 - jengelh@medozas.de - -- Use %_smp_mflags - -------------------------------------------------------------------- -Thu Oct 14 16:00:19 UTC 2010 - crrodriguez@opensuse.org - -- Fix warning "oom_adj is deprecated use oom_score_adj instead" - -------------------------------------------------------------------- -Mon Sep 13 14:47:10 CEST 2010 - anicka@suse.cz - -- actualize README.SuSE (bnc#638893) - -------------------------------------------------------------------- -Tue Aug 24 15:43:08 CEST 2010 - anicka@suse.cz - -- update to 5.6p1 - * Added a ControlPersist option to ssh_config(5) that automatically - starts a background ssh(1) multiplex master when connecting. - * Hostbased authentication may now use certificate host keys. - * ssh-keygen(1) now supports signing certificate using a CA key that - has been stored in a PKCS#11 token. - * ssh(1) will now log the hostname and address that we connected to at - LogLevel=verbose after authentication is successful to mitigate - "phishing" attacks by servers with trusted keys that accept - authentication silently and automatically before presenting fake - password/passphrase prompts. - * Expand %h to the hostname in ssh_config Hostname options. - * Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 - keys in addition to RFC4716 (SSH.COM) encodings via a new -m option - * sshd(8) will now queue debug messages for bad ownership or - permissions on the user's keyfiles encountered during authentication - and will send them after authentication has successfully completed. - * ssh(1) connection multiplexing now supports remote forwarding with - dynamic port allocation and can report the allocated port back to - the user - * sshd(8) now supports indirection in matching of principal names - listed in certificates. - * sshd(8) now has a new AuthorizedPrincipalsFile option to specify a - file containing a list of names that may be accepted in place of the - username when authorizing a certificate trusted via the - sshd_config(5) TrustedCAKeys option. - * Additional sshd_config(5) options are now valid inside Match blocks - * Revised the format of certificate keys. - * bugfixes -- removed -forward patch (SSH_MAX_FORWARDS_PER_DIRECTION not hard-coded - any more), removed memory leak fix (fixed in upstream) - -------------------------------------------------------------------- -Fri Aug 20 13:00:43 CEST 2010 - anicka@suse.cz - -- hint user how to remove offending keys (bnc#625552) - -------------------------------------------------------------------- -Thu Jul 22 17:58:09 CEST 2010 - anicka@suse.cz - -- update to 5.5p1 - -------------------------------------------------------------------- -Tue Jul 20 17:19:24 CEST 2010 - anicka@suse.cz - -- update to 5.5p1 - * Allow ChrootDirectory to work in SELinux platforms. - * bugfixes - -------------------------------------------------------------------- -Wed Jun 30 16:01:30 CEST 2010 - meissner@suse.de - -- Disable visual hostkey support again, after discussion on - its usefulness. - -------------------------------------------------------------------- -Mon May 17 18:11:33 UTC 2010 - cristian.rodriguez@opensuse.org - -- Hardware crypto is supported and patched but never - enabled, need to use --with-ssl-engine explicitely - -------------------------------------------------------------------- -Fri May 14 16:03:17 CEST 2010 - anicka@suse.cz - -- fixed memory leak in sftp (bnc#604274) - -------------------------------------------------------------------- -Fri Apr 23 12:01:50 CEST 2010 - anicka@suse.cz - -- honour /etc/nologin (bnc#530885) - -------------------------------------------------------------------- -Thu Mar 25 11:00:00 CET 2010 - meissner@suse.de - -- Enable VisualHostKey (ascii art of the hostkey fingerprint) and - HashHostKeys (hardening measure to make them unusable for worms/malicious - users for further host hopping). - -------------------------------------------------------------------- -Tue Mar 23 18:57:07 CET 2010 - anicka@suse.cz - -- update to 5.4p1 - * After a transition period of about 10 years, this release disables - SSH protocol 1 by default. Clients and servers that need to use the - legacy protocol must explicitly enable it in ssh_config / sshd_config - or on the command-line. - * Remove the libsectok/OpenSC-based smartcard code and add support for - PKCS#11 tokens. This support is automatically enabled on all - platforms that support dlopen(3) and was inspired by patches written - by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages. - * Add support for certificate authentication of users and hosts using a - new, minimal OpenSSH certificate format (not X.509). Certificates - contain a public key, identity information and some validity - constraints and are signed with a standard SSH public key using - ssh-keygen(1). CA keys may be marked as trusted in authorized_keys - or via a TrustedUserCAKeys option in sshd_config(5) (for user - authentication), or in known_hosts (for host authentication). - Documentation for certificate support may be found in ssh-keygen(1), - sshd(8) and ssh(1) and a description of the protocol extensions in - PROTOCOL.certkeys. - * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects - stdio on the client to a single port forward on the server. This - allows, for example, using ssh as a ProxyCommand to route connections - via intermediate servers. bz#1618 - * Add the ability to revoke keys in sshd(8) and ssh(1). User keys may - be revoked using a new sshd_config(5) option "RevokedKeys". Host keys - are revoked through known_hosts (details in the sshd(8) man page). - Revoked keys cannot be used for user or host authentication and will - trigger a warning if used. - * Rewrite the ssh(1) multiplexing support to support non-blocking - operation of the mux master, improve the resilience of the master to - malformed messages sent to it by the slave and add support for - requesting port- forwardings via the multiplex protocol. The new - stdio-to-local forward mode ("ssh -W host:port ...") is also - supported. The revised multiplexing protocol is documented in the - file PROTOCOL.mux in the source distribution. - * Add a 'read-only' mode to sftp-server(8) that disables open in write - mode and all other fs-modifying protocol methods. bz#430 - * Allow setting an explicit umask on the sftp-server(8) commandline to - override whatever default the user has. bz#1229 - * Many improvements to the sftp(1) client, many of which were - implemented by Carlos Silva through the Google Summer of Code - program: - - Support the "-h" (human-readable units) flag for ls - - Implement tab-completion of commands, local and remote filenames - - Support most of scp(1)'s commandline arguments in sftp(1), as a - first step towards making sftp(1) a drop-in replacement for scp(1). - Note that the rarely-used "-P sftp_server_path" option has been - moved to "-D sftp_server_path" to make way for "-P port" to match - scp(1). - - Add recursive transfer support for get/put and on the commandline - * New RSA keys will be generated with a public exponent of RSA_F4 == - (2**16)+1 == 65537 instead of the previous value 35. - * Passphrase-protected SSH protocol 2 private keys are now protected - with AES-128 instead of 3DES. This applied to newly-generated keys - as well as keys that are reencrypted (e.g. by changing their - passphrase). -- cleanup in patches - -------------------------------------------------------------------- -Tue Mar 2 09:09:18 UTC 2010 - coolo@novell.com - -- do not use paths at all, but prereq packages - -------------------------------------------------------------------- -Sat Feb 27 20:35:01 UTC 2010 - aj@suse.de - -- Use complete path for groupadd and useradd in pre section. - -------------------------------------------------------------------- -Tue Feb 23 15:45:06 CET 2010 - anicka@suse.cz - -- audit patch: add fix for bnc#545271 - -------------------------------------------------------------------- -Mon Feb 22 17:15:22 CET 2010 - anicka@suse.cz - -- do not fix uid/gid anymore (bnc#536564) - -------------------------------------------------------------------- -Tue Dec 15 11:04:00 CET 2009 - jengelh@medozas.de - -- select large PIE for SPARC, it is required to avoid - "relocation truncated to fit: R_SPARC_GOT13 against symbol xyz - defined in COMMON section in sshd.o" - -------------------------------------------------------------------- -Mon Sep 21 14:40:51 CEST 2009 - anicka@suse.cz - -- add new version of homechroot patch (added documentation, added - check for nodev and nosuid) -- remove Provides and Obsoletes ssh - -------------------------------------------------------------------- -Thu Aug 20 16:54:08 CEST 2009 - anicka@suse.cz - -- make sftp in chroot users life easier (ie. bnc#518238), - many thanks jchadima@redhat.com for a patch - -------------------------------------------------------------------- -Sun Jul 12 21:43:21 CEST 2009 - coolo@novell.com - -- readd $SSHD_BIN so that sshd starts at all - -------------------------------------------------------------------- -Tue Jul 7 15:06:58 CEST 2009 - llunak@novell.com - -- Added a hook for ksshaskpass - -------------------------------------------------------------------- -Sun Jul 5 12:17:40 CEST 2009 - dmueller@novell.com - -- readd -f to startproc and remove -p instead to - ensure that sshd is started even though old instances - are still running (e.e. being logged in from remote) - -------------------------------------------------------------------- -Fri Jun 19 10:35:46 CEST 2009 - coolo@novell.com - -- disable as-needed for this package as it fails to build with it - -------------------------------------------------------------------- -Tue May 26 11:56:20 CEST 2009 - anicka@suse.cz - -- disable -f in startproc to calm the warning (bnc#506831) - -------------------------------------------------------------------- -Thu Apr 23 09:44:07 CEST 2009 - lnussel@suse.de - -- do not enable sshd by default - -------------------------------------------------------------------- -Mon Feb 23 17:27:45 CET 2009 - anicka@suse.cz - -- update to 5.2p1 - * This release changes the default cipher order to prefer the AES CTR - modes and the revised "arcfour256" mode to CBC mode ciphers that are - susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH". - * This release also adds countermeasures to mitigate CPNI-957037-style - attacks against the SSH protocol's use of CBC-mode ciphers. Upon - detection of an invalid packet length or Message Authentication - Code, ssh/sshd will continue reading up to the maximum supported - packet length rather than immediately terminating the connection. - This eliminates most of the known differences in behaviour that - leaked information about the plaintext of injected data which formed - the basis of this attack. We believe that these attacks are rendered - infeasible by these changes. - * Added a -y option to ssh(1) to force logging to syslog rather than - stderr, which is useful when running daemonised (ssh -f) - * The sshd_config(5) ForceCommand directive now accepts commandline - arguments for the internal-sftp server. - * The ssh(1) ~C escape commandline now support runtime creation of - dynamic (-D) port forwards. - * Support the SOCKS4A protocol in ssh(1) dynamic (-D) forwards. - (bz#1482) - * Support remote port forwarding with a listen port of '0'. This - informs the server that it should dynamically allocate a listen - port and report it back to the client. (bz#1003) - * sshd(8) now supports setting PermitEmptyPasswords and - AllowAgentForwarding in Match blocks - * Repair a ssh(1) crash introduced in openssh-5.1 when the client is - sent a zero-length banner (bz#1496) - * Due to interoperability problems with certain - broken SSH implementations, the eow@openssh.com and - no-more-sessions@openssh.com protocol extensions are now only sent - to peers that identify themselves as OpenSSH. - * Make ssh(1) send the correct channel number for - SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to - avoid triggering 'Non-public channel' error messages on sshd(8) in - openssh-5.1. - * Avoid printing 'Non-public channel' warnings in sshd(8), since the - ssh(1) has sent incorrect channel numbers since ~2004 (this reverts - a behaviour introduced in openssh-5.1). - * Avoid double-free in ssh(1) ~C escape -L handler (bz#1539) - * Correct fail-on-error behaviour in sftp(1) batchmode for remote - stat operations. (bz#1541) - * Disable nonfunctional ssh(1) ~C escape handler in multiplex slave - connections. (bz#1543) - * Avoid hang in ssh(1) when attempting to connect to a server that - has MaxSessions=0 set. - * Multiple fixes to sshd(8) configuration test (-T) mode - * Several core and portable OpenSSH bugs fixed: 1380, 1412, 1418, - 1419, 1421, 1490, 1491, 1492, 1514, 1515, 1518, 1520, 1538, 1540 - * Many manual page improvements. - -------------------------------------------------------------------- -Mon Dec 1 15:43:14 CET 2008 - anicka@suse.cz - -- respect SSH_MAX_FORWARDS_PER_DIRECTION (bnc#448775) - -------------------------------------------------------------------- -Mon Nov 10 16:01:27 CET 2008 - anicka@suse.cz - -- fix printing banner (bnc#443380) - -------------------------------------------------------------------- -Fri Oct 24 16:24:34 CEST 2008 - anicka@suse.cz - -- call pam functions in the right order (bnc#438292) -- mention default forwarding of locale settings in - README.SuSE (bnc#434799) - -------------------------------------------------------------------- -Tue Sep 9 17:55:29 CEST 2008 - anicka@suse.cz - -- remove pam_resmgr from sshd.pamd (bnc#422619) - -------------------------------------------------------------------- -Sun Aug 24 08:26:05 CEST 2008 - coolo@suse.de - -- fix fillup macro usage - -------------------------------------------------------------------- -Fri Aug 22 11:51:12 CEST 2008 - prusnak@suse.cz - -- enabled SELinux support [Fate#303662] - -------------------------------------------------------------------- -Tue Jul 22 20:39:29 CEST 2008 - anicka@suse.cz - -- update to 5.1p1 - * sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly - other platforms) when X11UseLocalhost=no - * Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1) - and ssh-keygen(1). Visual fingerprinnt display is controlled by a new - ssh_config(5) option "VisualHostKey". - * sshd_config(5) now supports CIDR address/masklen matching in "Match - address" blocks, with a fallback to classic wildcard matching. - * sshd(8) now supports CIDR matching in ~/.ssh/authorized_keys - from="..." restrictions, also with a fallback to classic wildcard - matching. - * Added an extended test mode (-T) to sshd(8) to request that it write - its effective configuration to stdout and exit. Extended test mode - also supports the specification of connection parameters (username, - source address and hostname) to test the application of - sshd_config(5) Match rules. - * ssh(1) now prints the number of bytes transferred and the overall - connection throughput for SSH protocol 2 sessions when in verbose - mode (previously these statistics were displayed for protocol 1 - connections only). - * sftp-server(8) now supports extension methods statvfs@openssh.com and - fstatvfs@openssh.com that implement statvfs(2)-like operations. - * sftp(1) now has a "df" command to the sftp client that uses the - statvfs@openssh.com to produce a df(1)-like display of filesystem - space and inode utilisation (requires statvfs@openssh.com support on - the server) - * Added a MaxSessions option to sshd_config(5) to allow control of the - number of multiplexed sessions supported over a single TCP connection. - This allows increasing the number of allowed sessions above the - previous default of 10, disabling connection multiplexing - (MaxSessions=1) or disallowing login/shell/subsystem sessions - entirely (MaxSessions=0). - * Added a no-more-sessions@openssh.com global request extension that is - sent from ssh(1) to sshd(8) when the client knows that it will never - request another session (i.e. when session multiplexing is disabled). - This allows a server to disallow further session requests and - terminate the session in cases where the client has been hijacked. - * ssh-keygen(1) now supports the use of the -l option in combination - with -F to search for a host in ~/.ssh/known_hosts and display its - fingerprint. - * ssh-keyscan(1) now defaults to "rsa" (protocol 2) keys, instead of - "rsa1". - * Added an AllowAgentForwarding option to sshd_config(8) to control - whether authentication agent forwarding is permitted. Note that this - is a loose control, as a client may install their own unofficial - forwarder. - * ssh(1) and sshd(8): avoid unnecessary malloc/copy/free when receiving - network data, resulting in a ~10% speedup - * ssh(1) and sshd(8) will now try additional addresses when connecting - to a port forward destination whose DNS name resolves to more than - one address. The previous behaviour was to try the only first address - and give up if that failed. (bz#383) - * ssh(1) and sshd(8) now support signalling that channels are - half-closed for writing, through a channel protocol extension - notification "eow@openssh.com". This allows propagation of closed - file descriptors, so that commands such as: - "ssh -2 localhost od /bin/ls | true" - do not send unnecessary data over the wire. (bz#85) - * sshd(8): increased the default size of ssh protocol 1 ephemeral keys - from 768 to 1024 bits. - * When ssh(1) has been requested to fork after authentication - ("ssh -f") with ExitOnForwardFailure enabled, delay the fork until - after replies for any -R forwards have been seen. Allows for robust - detection of -R forward failure when using -f. (bz#92) - * "Match group" blocks in sshd_config(5) now support negation of - groups. E.g. "Match group staff,!guests" (bz#1315) - * sftp(1) and sftp-server(8) now allow chmod-like operations to set - set[ug]id/sticky bits. (bz#1310) - * The MaxAuthTries option is now permitted in sshd_config(5) match - blocks. - * Multiplexed ssh(1) sessions now support a subset of the ~ escapes - that are available to a primary connection. (bz#1331) - * ssh(1) connection multiplexing will now fall back to creating a new - connection in most error cases. (bz#1439 bz#1329) - * Added some basic interoperability tests against Twisted Conch. - * Documented OpenSSH's extensions to and deviations from the published - SSH protocols (the PROTOCOL file in the distribution) - * Documented OpenSSH's ssh-agent protocol (PROTOCOL.agent). - * bugfixes -- remove gssapi_krb5-fix patch - -------------------------------------------------------------------- -Fri Apr 18 17:53:30 CEST 2008 - werner@suse.de - -- Handle pts slave lines like utemper - -------------------------------------------------------------------- -Wed Apr 9 14:37:57 CEST 2008 - anicka@suse.cz - -- update to 5.0p1 - * CVE-2008-1483: Avoid possible hijacking of X11-forwarded - connections by refusing to listen on a port unless all address - families bind successfully. -- remove CVE-2008-1483 patch - -------------------------------------------------------------------- -Wed Apr 2 14:57:26 CEST 2008 - anicka@suse.cz - -- update to 4.9p1 - * Disable execution of ~/.ssh/rc for sessions where a command has been - forced by the sshd_config ForceCommand directive. Users who had - write access to this file could use it to execute abritrary commands. - This behaviour was documented, but was an unsafe default and an extra - hassle for administrators. - * Added chroot(2) support for sshd(8), controlled by a new option - "ChrootDirectory". Please refer to sshd_config(5) for details, and - please use this feature carefully. (bz#177 bz#1352) - * Linked sftp-server(8) into sshd(8). The internal sftp server is - used when the command "internal-sftp" is specified in a Subsystem - or ForceCommand declaration. When used with ChrootDirectory, the - internal sftp server requires no special configuration of files - inside the chroot environment. Please refer to sshd_config(5) for - more information. - * Added a "no-user-rc" option for authorized_keys to disable execution - of ~/.ssh/rc - * Added a protocol extension method "posix-rename@openssh.com" for - sftp-server(8) to perform POSIX atomic rename() operations. - (bz#1400) - * Removed the fixed limit of 100 file handles in sftp-server(8). The - server will now dynamically allocate handles up to the number of - available file descriptors. (bz#1397) - * ssh(8) will now skip generation of SSH protocol 1 ephemeral server - keys when in inetd mode and protocol 2 connections are negotiated. - This speeds up protocol 2 connections to inetd-mode servers that - also allow Protocol 1 (bz#440) - * Accept the PermitRootLogin directive in a sshd_config(5) Match - block. Allows for, e.g. permitting root only from the local - network. - * Reworked sftp(1) argument splitting and escaping to be more - internally consistent (i.e. between sftp commands) and more - consistent with sh(1). Please note that this will change the - interpretation of some quoted strings, especially those with - embedded backslash escape sequences. (bz#778) - * Support "Banner=none" in sshd_config(5) to disable sending of a - pre-login banner (e.g. in a Match block). - * ssh(1) ProxyCommands are now executed with $SHELL rather than - /bin/sh. - * ssh(1)'s ConnectTimeout option is now applied to both the TCP - connection and the SSH banner exchange (previously it just covered - the TCP connection). This allows callers of ssh(1) to better detect - and deal with stuck servers that accept a TCP connection but don't - progress the protocol, and also makes ConnectTimeout useful for - connections via a ProxyCommand. - * Many new regression tests, including interop tests against PuTTY's - plink. - * Support BSM auditing on Mac OS X - * bugfixes -- remove addrlist, pam_session_close, strict-aliasing-fix patches - (not needed anymore) - -------------------------------------------------------------------- -Tue Mar 25 11:10:14 CET 2008 - anicka@suse.cz - -- fix CVE-2008-1483 (bnc#373527) - -------------------------------------------------------------------- -Fri Jan 4 11:11:52 CET 2008 - anicka@suse.cz - -- fix privileges of a firewall definition file [#351193] - -------------------------------------------------------------------- -Sat Dec 15 00:10:13 CET 2007 - anicka@suse.cz - -- add patch calling pam with root privileges [#334559] -- drop pwname-home patch [#104773] - -------------------------------------------------------------------- -Fri Dec 7 22:28:40 CET 2007 - anicka@suse.cz - -- fix race condition in xauth patch - -------------------------------------------------------------------- -Wed Dec 5 10:45:36 CET 2007 - anicka@suse.cz - -- update to 4.7p1 - * Add "-K" flag for ssh to set GSSAPIAuthentication=yes and - GSSAPIDelegateCredentials=yes. This is symmetric with -k - * make scp try to skip FIFOs rather than blocking when nothing is - listening. - * increase default channel windows - * put the MAC list into a display - * many bugfixes - -------------------------------------------------------------------- -Mon Oct 8 16:34:06 CEST 2007 - anicka@suse.cz - -- block SIGALRM only during calling syslog() [#331032] - -------------------------------------------------------------------- -Thu Sep 13 15:50:39 CEST 2007 - nadvornik@suse.cz - -- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521] - -------------------------------------------------------------------- -Tue Aug 28 18:25:57 CEST 2007 - anicka@suse.cz - -- fix blocksigalrm patch to set old signal mask after - writing the log in every case [#304819] - -------------------------------------------------------------------- -Tue Aug 21 04:51:45 CEST 2007 - anicka@suse.cz - -- avoid generating ssh keys when a non-standard location - is configured [#281228] - -------------------------------------------------------------------- -Wed Jul 25 16:18:50 CEST 2007 - anicka@suse.cz - -- fixed typo in sshd.fw [#293764] - -------------------------------------------------------------------- -Mon Mar 19 19:14:26 CET 2007 - nadvornik@suse.cz - -- fixed default for ChallengeResponseAuthentication [#255374] - -------------------------------------------------------------------- -Mon Mar 12 10:56:31 CET 2007 - anicka@suse.cz - -- update to 4.6p1 - * sshd now allows the enabling and disabling of authentication - methods on a per user, group, host and network basis via the - Match directive in sshd_config. - * Allow multiple forwarding options to work when specified in a - PermitOpen directive - * Clear SIGALRM when restarting due to SIGHUP. Prevents stray - signal from taking down sshd if a connection was pending at - the time SIGHUP was received - * hang on exit" when background processes are running at the - time of exit on a ttyful/login session - * some more bugfixes - -------------------------------------------------------------------- -Mon Mar 5 11:03:41 CET 2007 - anicka@suse.cz - -- fix path for firewall definition - -------------------------------------------------------------------- -Thu Mar 1 15:14:23 CET 2007 - anicka@suse.cz - -- add support for Linux audit (FATE #120269) - -------------------------------------------------------------------- -Wed Feb 21 11:21:48 CET 2007 - anicka@suse.cz - -- add firewall definition [#246921], FATE #300687, - source: sshd.fw - -------------------------------------------------------------------- -Sat Jan 6 12:30:16 CET 2007 - anicka@suse.cz - -- disable SSHv1 protocol in default configuration [#231808] - -------------------------------------------------------------------- -Tue Dec 12 14:41:45 CET 2006 - anicka@suse.cz - -- update to 4.5p1 - * Use privsep_pw if we have it, but only require it if we - absolutely need it. - * Correctly check for bad signatures in the monitor, otherwise - the monitor and the unpriv process can get out of sync. - * Clear errno before calling the strtol functions. - * exit instead of doing a blocking tcp send if we detect - a client/server timeout, since the tcp sendqueue might - be already full (of alive requests) - * include signal.h, errno.h, sys/in.h - * some more bugfixes - -------------------------------------------------------------------- -Wed Nov 22 13:42:32 CET 2006 - anicka@suse.cz - -- fixed README.SuSE [#223025] - -------------------------------------------------------------------- -Thu Nov 9 13:59:35 CET 2006 - anicka@suse.cz - -- backport security fixes from openssh 4.5 (#219115) - -------------------------------------------------------------------- -Tue Nov 7 13:43:44 CET 2006 - ro@suse.de - -- fix manpage permissions - -------------------------------------------------------------------- -Tue Oct 31 14:04:52 CET 2006 - anicka@suse.cz - -- fix gssapi_krb5-fix patch [#215615] -- fix xauth patch - -------------------------------------------------------------------- -Tue Oct 10 16:07:11 CEST 2006 - postadal@suse.cz - -- fixed building openssh from src.rpm [#176528] (gssapi_krb5-fix.patch) - -------------------------------------------------------------------- -Tue Oct 3 14:44:08 CEST 2006 - postadal@suse.cz - -- updated to version 4.4p1 [#208662] - * fixed pre-authentication DoS, that would cause sshd(8) to spin - until the login grace time expired - * fixed unsafe signal hander, which was vulnerable to a race condition - that could be exploited to perform a pre-authentication DoS - * fixed a GSSAPI authentication abort that could be used to determine - the validity of usernames on some platforms - * implemented conditional configuration in sshd_config(5) using the - "Match" directive - * added support for Diffie-Hellman group exchange key agreement with a - final hash of SHA256 - * added a "ForceCommand", "PermitOpen" directive to sshd_config(5) - * added optional logging of transactions to sftp-server(8) - * ssh(1) will now record port numbers for hosts stored in - ~/.ssh/authorized_keys when a non-standard port has been requested - * added an "ExitOnForwardFailure" option to cause ssh(1) to exit (with - a non-zero exit code) when requested port forwardings could not be - established - * extended sshd_config(5) "SubSystem" declarations to allow the - specification of command-line arguments -- removed obsoleted patches: autoconf-fix.patch, dos-fix.patch -- fixed gcc issues (gcc-fix.patch) - -------------------------------------------------------------------- -Wed Sep 20 17:34:54 CEST 2006 - postadal@suse.cz - -- fixed DoS by CRC compensation attack detector [#206917] (dos-fix.patch) -- fixed client NULL deref on protocol error -- cosmetic fix in init script [#203826] - -------------------------------------------------------------------- -Fri Sep 1 14:14:52 CEST 2006 - kukuk@suse.de - -- sshd.pamd: Add pam_loginuid, move pam_nologin to a better position - -------------------------------------------------------------------- -Fri Aug 25 15:37:46 CEST 2006 - postadal@suse.cz - -- fixed path for xauth [#198676] - -------------------------------------------------------------------- -Thu Aug 3 15:07:41 CEST 2006 - postadal@suse.cz - -- fixed build with X11R7 - -------------------------------------------------------------------- -Thu Jul 20 17:25:27 CEST 2006 - postadal@suse.cz - -- updated to version 4.3p2 - * experimental support for tunneling network packets via tun(4) -- removed obsoleted patches: pam-error.patch, CVE-2006-0225.patch, - scp.patch, sigalarm.patch - -------------------------------------------------------------------- -Mon Feb 13 12:54:28 CET 2006 - postadal@suse.cz - -- upstream fixes - - fixed "scp a b c", when c is not directory (scp.patch) - - eliminate some code duplicated in privsep and non-privsep paths, and - explicitly clear SIGALRM handler (sigalarm.patch) - -------------------------------------------------------------------- -Fri Feb 3 19:02:49 CET 2006 - postadal@suse.cz - -- fixed local arbitrary command execution vulnerability [#143435] - (CVE-2006-0225.patch) - -------------------------------------------------------------------- -Thu Feb 2 13:19:41 CET 2006 - postadal@suse.cz - -- fixed xauth.diff for disabled UsePrivilegeSeparation mode [#145809] -- build on s390 without Smart card support (opensc) [#147383] - -------------------------------------------------------------------- -Mon Jan 30 16:25:01 CET 2006 - postadal@suse.cz - -- fixed patch xauth.diff [#145809] -- fixed comments [#142989] - -------------------------------------------------------------------- -Wed Jan 25 21:39:06 CET 2006 - mls@suse.de - -- converted neededforbuild to BuildRequires - -------------------------------------------------------------------- -Mon Jan 16 18:05:44 CET 2006 - meissner@suse.de - -- added -fstack-protector. - -------------------------------------------------------------------- -Tue Jan 3 15:46:33 CET 2006 - postadal@suse.cz - -- updated to version 4.2p1 -- removed obsoleted patches: upstream_fixes.diff, gssapi-secfix.patch - -------------------------------------------------------------------- -Tue Nov 15 17:51:07 CET 2005 - postadal@suse.cz - -- do not delegate GSSAPI credentials to log in with a different method - than GSSAPI [#128928] (CAN-2005-2798, gssapi-secfix.patch) - -------------------------------------------------------------------- -Sun Oct 23 10:40:24 CEST 2005 - postadal@suse.cz - -- fixed PAM to send authentication failing mesaage to client [#130043] - (pam-error.patch) - -------------------------------------------------------------------- -Wed Sep 14 16:58:14 CEST 2005 - postadal@suse.cz - -- fixed uninitialized variable in patch xauth.diff [#98815] - -------------------------------------------------------------------- -Thu Sep 8 15:56:37 CEST 2005 - postadal@suse.cz - -- don't strip - -------------------------------------------------------------------- -Mon Sep 5 20:04:04 CEST 2005 - postadal@suse.cz - -- added patch xauth.diff prevent from polluting xauthority file [#98815] - -------------------------------------------------------------------- -Mon Aug 22 18:12:20 CEST 2005 - postadal@suse.cz - -- fixed problem when multiple accounts have same UID [#104773] - (pwname-home.diff) -- added fixes from upstream (upstream_fixes.diff) - -------------------------------------------------------------------- -Thu Aug 18 17:50:46 CEST 2005 - postadal@suse.cz - -- added patch tmpdir.diff for using $TMPDIR by ssh-agent [#95731] - -------------------------------------------------------------------- -Thu Aug 4 11:29:38 CEST 2005 - uli@suse.de - -- parallelize build - -------------------------------------------------------------------- -Mon Aug 1 17:48:02 CEST 2005 - postadal@suse.cz - -- added patch resolving problems with hostname changes [#98627] - (xauthlocalhostname.diff) - -------------------------------------------------------------------- -Wed Jun 22 18:42:57 CEST 2005 - kukuk@suse.de - -- Compile/link with -fpie/-pie - -------------------------------------------------------------------- -Wed Jun 15 17:41:24 CEST 2005 - meissner@suse.de - -- build x11-ask-pass with RPM_OPT_FLAGS. - -------------------------------------------------------------------- -Fri Jun 10 16:18:25 CEST 2005 - postadal@suse.cz - -- updated to version 4.1p1 -- removed obsoleted patches: restore_terminal, pam-returnfromsession, - timing-attacks-fix, krb5ccname, gssapi-pam, logdenysource, - sendenv-fix, documentation-fix - -------------------------------------------------------------------- -Thu Mar 10 10:36:42 CET 2005 - postadal@suse.cz - -- fixed SendEnv config parsing bug -- documented timeout on untrusted x11 forwarding sessions (openssh#849) -- mentioned ForwardX11Trusted in ssh.1 (openssh#987) - -------------------------------------------------------------------- -Thu Mar 3 13:29:13 CET 2005 - postadal@suse.cz - -- enabled accepting and sending locale environment variables in protocol 2 - [#65747, #50091] - -------------------------------------------------------------------- -Thu Feb 24 16:33:54 CET 2005 - postadal@suse.cz - -- added patches from cvs: gssapi-pam (openssh#918), - krb5ccname (openssh#445), logdenysource (openssh#909) - -------------------------------------------------------------------- -Thu Feb 3 13:29:23 CET 2005 - postadal@suse.cz - -- fixed keyboard-interactive/pam/Kerberos leaks info about user existence - [#48329] (openssh#971, CAN-2003-0190) - -------------------------------------------------------------------- -Wed Jan 19 15:58:07 CET 2005 - postadal@suse.cz - -- splited spec file to decreas number of build dependencies -- fixed restoring terminal setting after Ctrl+C during password prompt in scp/sftp [#43309] -- allowed users to see output from failing PAM session modules (openssh #890, - pam-returnfromsession.patch) - -------------------------------------------------------------------- -Mon Nov 8 17:17:45 CET 2004 - kukuk@suse.de - -- Use common-* PAM config files for sshd PAM configuration - -------------------------------------------------------------------- -Mon Oct 25 15:14:49 CEST 2004 - postadal@suse.cz - -- switched heimdal-* to kerberos-devel-packages in #needforbuild - -------------------------------------------------------------------- -Fri Sep 3 15:03:01 CEST 2004 - ro@suse.de - -- fix lib64 issue - -------------------------------------------------------------------- -Tue Aug 31 16:03:54 CEST 2004 - postadal@suse.cz - -- updated to version 3.9p1 - -- removed obsoleted patches: scp-fix.diff and window_change-fix.diff - -------------------------------------------------------------------- -Thu Aug 26 15:40:53 CEST 2004 - postadal@suse.cz - -- added openssh-askpass-gnome subpackage -- added ssh-askpass script for choosing askpass depending on windowmanager - (by Robert Love ) -- build with Smart card support (opensc) [#44289] - -------------------------------------------------------------------- -Tue Aug 17 15:52:20 CEST 2004 - postadal@suse.cz - -- removed old implementation of "Update Messages" [#36059] - -------------------------------------------------------------------- -Thu Aug 12 16:36:53 CEST 2004 - postadal@suse.cz - -- updated to version 3.8p1 - -- removed obsoleted patches: sftp-progress-fix and pam-fix4 - -------------------------------------------------------------------- -Mon Jun 28 16:56:23 CEST 2004 - meissner@suse.de - -- block sigalarm during syslog output or we might deadlock - on recursively entering syslog(). (LTC#9523, SUSE#42354) - -------------------------------------------------------------------- -Wed May 26 15:27:32 CEST 2004 - postadal@suse.cz - -- fixed commented default value for GSSAPI - -------------------------------------------------------------------- -Thu May 20 21:23:27 CEST 2004 - mludvig@suse.cz - -- Load drivers for available hardware crypto accelerators. - -------------------------------------------------------------------- -Fri Apr 30 15:03:39 CEST 2004 - postadal@suse.cz - -- updated README.kerberos (GSSAPICleanupCreds renamed to GSSAPICleanupCredentials) - -------------------------------------------------------------------- -Mon Apr 19 14:41:01 CEST 2004 - postadal@suse.cz - -- updated README.SuSE (GSSAPICleanupCreds renamed to GSSAPICleanupCredentials) - [#39010] - -------------------------------------------------------------------- -Fri Mar 26 17:24:45 CET 2004 - postadal@suse.cz - -- fixed sshd(8) and sshd_config(5) man pages (EAL3) -- fixed spelling errors in README.SuSE [#37086] - -------------------------------------------------------------------- -Thu Mar 25 14:50:50 CET 2004 - postadal@suse.cz - -- fixed change window request [#33177] - -------------------------------------------------------------------- -Mon Mar 22 15:19:15 CET 2004 - postadal@suse.cz - -- updated README.SuSE -- removed %verify from /usr/bin/ssh in specfile - -------------------------------------------------------------------- -Thu Mar 18 15:48:52 CET 2004 - postadal@suse.cz - -- fixed previous fix of security bug in scp [#35443] (CAN-2004-0175) - (was too restrictive) -- fixed permission of /usr/bin/ssh - -------------------------------------------------------------------- -Mon Mar 15 17:56:06 CET 2004 - postadal@suse.cz - -- fixed comments in sshd_config and ssh_config - -------------------------------------------------------------------- -Mon Mar 15 17:25:08 CET 2004 - postadal@suse.cz - -- enabled privilege separation mode (new version fixes a lot of problematic PAM - calling [#30328]) -- fixed security bug in scp [#35443] (CAN-2004-0175) -- reverted to old behaviour of ForwardingX11 [#35836] - (set ForwardX11Trusted to 'yes' by default) -- updated README.SuSE -- fixed pam code (pam-fix4.diff, backported from openssh-SNAP-20040311) - -------------------------------------------------------------------- -Fri Mar 05 13:10:55 CET 2004 - postadal@suse.cz - -- updated README.SuSE (Remote x11 clients are now untrusted by default) [#35368] -- added gssapimitm patch (support for old GSSAPI) - -------------------------------------------------------------------- -Mon Mar 01 18:13:37 CET 2004 - postadal@suse.cz - -- updated to version 3.8p1 - * The "gssapi" support has been replaced with the "gssapi-with-mic" - to fix possible MITM attacks. These two versions are not compatible. - -- removed obsoleted patches: krb5.patch, dns-lookups.patch, pam-fix.diff, - pam-end-fix.diff -- used process forking instead pthreads - (developers fixed bugs in pam calling and they recommended to don't use threads) - -------------------------------------------------------------------- -Tue Feb 24 11:37:17 CET 2004 - postadal@suse.cz - -- fixed the problem with save_argv in sshd.c re-apeared again in version 3.7.1p2 - (it caused bad behaviour after receiving SIGHUP - used by reload of init script) - [#34845] - -------------------------------------------------------------------- -Wed Feb 18 18:06:20 CET 2004 - kukuk@suse.de - -- Real strict-aliasing patch - -------------------------------------------------------------------- -Wed Feb 18 16:04:17 CET 2004 - postadal@suse.cz - -- fixed strict-aliasing patch [#34551] - -------------------------------------------------------------------- -Sat Feb 14 00:20:09 CET 2004 - adrian@suse.de - -- provide SLP registration file /etc/slp.reg.d/ssh.reg - -------------------------------------------------------------------- -Tue Feb 03 15:18:36 CET 2004 - postadal@suse.cz - -- used patch from pam-end-fix.diff [#33132] -- fixed instalation openssh without documentation [#33937] -- fixed auth-pam.c which breaks strict aliasing - -------------------------------------------------------------------- -Mon Jan 19 13:19:32 CET 2004 - meissner@suse.de - -- Added a ; to ssh-key-converter.c to fix gcc 3.4 build. - -------------------------------------------------------------------- -Fri Jan 16 12:57:41 CET 2004 - kukuk@suse.de - -- Add pam-devel to neededforbuild - -------------------------------------------------------------------- -Thu Nov 06 10:14:31 CET 2003 - postadal@suse.cz - -- added /usr/bin/slogin explicitly to %file list [#32921] - -------------------------------------------------------------------- -Sun Nov 2 21:10:35 CET 2003 - adrian@suse.de - -- add %run_permissions to fix build - -------------------------------------------------------------------- -Tue Oct 14 12:23:36 CEST 2003 - postadal@suse.cz - -- reverted value UsePAM to "yes" and set PasswordAuthentication to "no" - in file /etc/ssh/sshd_config (the version 3.7.1p2 disabled PAM support - by default) [#31749] - -------------------------------------------------------------------- -Tue Sep 23 15:02:00 CEST 2003 - draht@suse.de - -- New version 3.7.1p2; signature from 86FF9C48 Damien Miller - verified for source tarball. Bugs fixed with this version: - #31637 (CAN-2003-0786, CAN-2003-0786). Briefly: - 1) SSH1 PAM challenge response auth ignored the result of the - authentication (with privsep off) - 2) The PAM conversation function trashed the stack, by referring - to the **resp parameter as an array of pointers rather than - as a pointer to an array of struct pam_responses. - At least security bug 1) is exploitable. - -------------------------------------------------------------------- -Fri Sep 19 19:56:01 CEST 2003 - postadal@suse.cz - -- use pthreads instead process forking (it needs by pam modules) -- fixed bug in calling pam_setcred [#31025] - (pam-fix.diff - string "FILE:" added to begin of KRB5CCNAME) -- updated README.SuSE -- reverted ChallengeResponseAuthentication option to default value yes - (necessary for pam authentication) [#31432] - -------------------------------------------------------------------- -Thu Sep 18 18:34:33 CEST 2003 - postadal@suse.cz - -- updated to version 3.7.1p1 (with security patches) -- removed obsoleted patches: chauthtok.patch, krb-include-fix.diff, - gssapi-fix.diff, saveargv-fix.diff, gssapi-20030430.diff, racecondition-fix -- updated README.kerberos - -------------------------------------------------------------------- -Tue Sep 16 16:57:02 CEST 2003 - postadal@suse.cz - -- fixed race condition in allocating memory [#31025] (CAN-2003-0693) - -------------------------------------------------------------------- -Mon Sep 15 11:52:20 CEST 2003 - postadal@suse.cz - -- disabled privilege separation, which caused some problems [#30328] - (updated README.SuSE) - -------------------------------------------------------------------- -Thu Sep 04 11:59:39 CEST 2003 - postadal@suse.cz - -- fixed bug in x11-ssh-askpass dialog [#25846] (askpass-fix.diff is workaround for gcc bug) - -------------------------------------------------------------------- -Fri Aug 29 11:39:40 CEST 2003 - kukuk@suse.de - -- Call useradd -r for system account [Bug #29611] - -------------------------------------------------------------------- -Mon Aug 25 10:40:37 CEST 2003 - postadal@suse.cz - -- use new stop_on_removal/restart_on_upate macros -- fixed lib64 problem in /etc/ssh/sshd_config [#28766] - -------------------------------------------------------------------- -Tue Aug 19 11:21:33 CEST 2003 - mmj@suse.de - -- Add sysconfig metadata [#28943] - -------------------------------------------------------------------- -Fri Aug 1 01:57:08 CEST 2003 - ro@suse.de - -- add e2fsprogs-devel to neededforbuild - -------------------------------------------------------------------- -Thu Jul 24 19:47:14 CEST 2003 - postadal@suse.cz - -- updated to version 3.6.1p2 -- added the new version of patch for GSSAPI (gssapi-20030430.diff), - the older one was removed (gssapi.patch) -- added README.kerberos to filelist - -------------------------------------------------------------------- -Tue Jun 3 00:41:08 CEST 2003 - mmj@suse.de - -- Remove files we don't package - -------------------------------------------------------------------- -Wed Apr 02 15:03:44 CEST 2003 - postadal@suse.cz - -- fixed bad behaviour after receiving SIGHUP (this bug caused not working reload of init script) - -------------------------------------------------------------------- -Tue Mar 18 14:25:08 CET 2003 - postadal@suse.cz - -- added $remote_fs to init.d script (needed if /usr is on remote fs [#25577]) - -------------------------------------------------------------------- -Thu Mar 13 17:02:52 CET 2003 - postadal@suse.cz - -- fixed segfault while using GSSAPI for authentication when connecting to localhost (took care about error value of ssh_gssapi_import_name() in function ssh_gssapi_client_ctx()) - -------------------------------------------------------------------- -Mon Mar 10 09:28:31 CET 2003 - kukuk@suse.de - -- Remove extra "/" from pid file path. - -------------------------------------------------------------------- -Mon Mar 03 16:49:24 CET 2003 - postadal@suse.cz - -- modified init.d script (now checking sshd.init.pid instead of port 22) [#24263] - -------------------------------------------------------------------- -Mon Mar 3 16:05:24 CET 2003 - okir@suse.de - -- added comment to /etc/pam.d/ssh on how to enable - support for resmgr (#24363). - -------------------------------------------------------------------- -Fri Feb 21 18:52:05 CET 2003 - postadal@suse.cz - -- added ssh-copy-id shell script [#23745] - -------------------------------------------------------------------- -Fri Feb 14 13:42:14 CET 2003 - postadal@suse.cz - -- given back gssapi and dns-lookups patches - -------------------------------------------------------------------- -Wed Jan 22 23:05:35 CET 2003 - postadal@suse.cz - -- updated to version 3.5p1 -- removed obsolete patches: owl-mm, forced-commands-only, krb -- added patch krb5 (for heimdal) -- temporarily removed gssapi patch and dns-lookups (needs rewriting) -- fix sysconfig metadata - -------------------------------------------------------------------- -Thu Dec 5 10:52:41 CET 2002 - okir@suse.de - -- avoid Kerberos DNS lookups in the default config (#20395) -- added README.kerberos - -------------------------------------------------------------------- -Thu Sep 19 11:00:46 CEST 2002 - postadal@suse.cz - -- added info about changes in the new version of openssh - to README.SuSE [#19757] - -------------------------------------------------------------------- -Mon Sep 2 10:39:24 CEST 2002 - okir@suse.de - -- privsep directory now /var/lib/empty, which is provided by - filesystem package (#17556) - -------------------------------------------------------------------- -Wed Aug 28 05:48:16 CEST 2002 - nashif@suse.de - -- Added insserv & co to PreReq - -------------------------------------------------------------------- -Mon Aug 26 11:57:20 CEST 2002 - okir@suse.de - -- applied patch that adds GSSAPI support in protocol version 2 (#18239) - -------------------------------------------------------------------- -Thu Aug 22 14:09:43 CEST 2002 - postadal@suse.cz - -- added the patch to fix malfunction of PermitRootLogin seted to - forced-commands-only [#17149] - -------------------------------------------------------------------- -Fri Aug 9 14:41:30 CEST 2002 - okir@suse.de - -- syslog now reports kerberos auth method when logging in via - kerberos (#17469) - -------------------------------------------------------------------- -Tue Jul 23 04:34:10 PDT 2002 - okir@suse.de - -- enabled kerberos support -- added patch to support kerberos 5 authentication in privsep mode. -- added missing section 5 manpages -- added missing ssh-keysign to files list (new for privsep) - -------------------------------------------------------------------- -Mon Jul 22 14:16:54 CEST 2002 - okir@suse.de - -- fixed handling of expired passwords in privsep mode - -------------------------------------------------------------------- -Tue Jul 9 13:48:52 CEST 2002 - mmj@suse.de - -- Don't source rc.config - -------------------------------------------------------------------- -Wed Jul 3 01:01:24 CEST 2002 - draht@suse.de - -- ssh-keygen must be told to explicitly create type rsa1 keys - in the start script. - -------------------------------------------------------------------- -Tue Jul 2 12:03:58 CEST 2002 - ro@suse.de - -- useradd/groupadd in preinstall to standardize - -------------------------------------------------------------------- -Sat Jun 29 10:33:18 CEST 2002 - ro@suse.de - -- updated patch from solar: zero out bytes for no longer used pages - in mmap-fallback solution - -------------------------------------------------------------------- -Thu Jun 27 18:07:37 CEST 2002 - ro@suse.de - -- updated owl-fallback.diff from solar - -------------------------------------------------------------------- -Thu Jun 27 17:04:16 CEST 2002 - ro@suse.de - -- update to 3.4p1 - o privilege separation support - o overflow fix from ISS -- unsplit openssh-server and openssh-client - -------------------------------------------------------------------- -Tue Jun 18 12:12:41 CEST 2002 - mmj@suse.de - -- Update to 3.2.3p1 which fixed following compared to 3.2.2p1 - o a defect in the BSD_AUTH access control handling for - o login/tty problems on Solaris (bug #245) - o build problems on Cygwin systems - -- Split the package to openssh, openssh-server, openssh-client and - openssh-askpass - -------------------------------------------------------------------- -Sun May 19 16:15:03 CEST 2002 - mmj@suse.de - -- Updated to 3.2.2p which includes security and several bugfixes. - -------------------------------------------------------------------- -Fri Mar 15 12:05:21 CET 2002 - ro@suse.de - -- added "Obsoletes: ssh" - -------------------------------------------------------------------- -Tue Mar 5 17:15:30 MET 2002 - draht@suse.de - -- security fix for bug in channels.c (channelbug.dif) - -------------------------------------------------------------------- -Fri Mar 1 15:40:59 CET 2002 - bk@suse.de - -- fix ssh-agent example to use eval `ssh-agent -s` and a typo. -- add sentence on use of ssh-agent with startx - -------------------------------------------------------------------- -Tue Feb 26 12:31:21 CET 2002 - bk@suse.de - -- update README.SuSE to improve documentation on protocol version - -------------------------------------------------------------------- -Wed Feb 13 13:15:41 CET 2002 - cihlar@suse.cz - -- rewritten addrlist patch - "0.0.0.0" is removed from list - after "::" is successful [#8951] - -------------------------------------------------------------------- -Mon Feb 11 15:17:32 CET 2002 - cihlar@suse.cz - -- added info about the change of the default protocol version - to README.SuSE - -------------------------------------------------------------------- -Thu Feb 7 12:42:53 CET 2002 - cihlar@suse.cz - -- removed addrlist patch which fixed bug [#8951] as it breaks - functionality on machines with kernel without IPv6 support, - bug reopened, new solution will be find -- switched to default protocol version 2 -- added ssh-keyconvert (thanks Olaf Kirch ) -- removed static linking against libcrypto, as crypt() was removed - from it [#5333] - -------------------------------------------------------------------- -Tue Jan 22 15:43:33 CET 2002 - kukuk@suse.de - -- Add pam_nologin to account management (else it will not be - called if user does not do password authentification) - -------------------------------------------------------------------- -Tue Jan 15 15:49:07 CET 2002 - egmont@suselinux.hu - -- removed colon from shutdown message - -------------------------------------------------------------------- -Thu Jan 10 09:27:50 CET 2002 - cihlar@suse.cz - -- use %{_lib} - -------------------------------------------------------------------- -Thu Dec 13 01:01:36 CET 2001 - ro@suse.de - -- moved rc.config.d -> sysconfig - -------------------------------------------------------------------- -Mon Dec 10 14:07:21 CET 2001 - cihlar@suse.cz - -- removed START_SSHD - -------------------------------------------------------------------- -Fri Dec 7 11:26:22 CET 2001 - cihlar@suse.cz - -- update to version 3.0.2p1: - * CheckMail option in sshd_config is deprecated - * X11 cookies are now stored in $HOME - * fixed a vulnerability in the UseLogin option - * /etc/ssh_known_hosts2 and ~/.ssh/known_hosts2 are obsolete, - /etc/ssh_known_hosts and ~/.ssh/known_hosts can be used - * several minor fixes -- update x11-ssh-askpass to version 1.2.4.1: - * fixed Imakefile.in -- fixed bug in adresses "::" and "0.0.0.0" [#8951] - -------------------------------------------------------------------- -Fri Oct 5 07:34:11 CEST 2001 - cihlar@suse.cz - -- update to version 2.9.9p2 -- removed obsolete clientloop and command patches -- uncommented "HostKey /etc/ssh/ssh_host_rsa_key" in sshd_config -- added German translation of e-mail to sysadmin -- init script fixed to work when more listening sshd runs -- added /bin/netstat to requires - -------------------------------------------------------------------- -Mon Sep 24 14:25:58 CEST 2001 - cihlar@suse.cz - -- fixed security problem with sftp & bypassing - keypair auth restrictions - patch based on CVS -- fixed status part of init script - it returned - running even if there were only sshd of connections - and no listening sshd [#11220] -- fixed stop part of init script - when there was no - /var/run/sshd.pid, all sshd were killed - -------------------------------------------------------------------- -Thu Sep 6 14:31:15 CEST 2001 - nadvornik@suse.cz - -- added patch for correct buffer flushing from CVS [bug #6450] - -------------------------------------------------------------------- -Fri Jul 27 09:05:24 CEST 2001 - cihlar@suse.cz - -- update x11-ssh-askpass to version 1.2.2 - -------------------------------------------------------------------- -Thu Jul 26 10:55:16 CEST 2001 - cihlar@suse.cz - -- update to version 2.9p2 -- removed obsolete "cookies" patch - -------------------------------------------------------------------- -Mon Jun 11 11:21:22 CEST 2001 - cihlar@suse.cz - -- fixed to compile with new xmkmf - -------------------------------------------------------------------- -Thu Jun 7 09:42:23 CEST 2001 - cihlar@suse.cz - -- fixed security bug when any file "cookies" could - be removed by anybody - -------------------------------------------------------------------- -Tue Jun 5 12:49:50 CEST 2001 - bjacke@suse.de - -- generate rsa host key in init script - -------------------------------------------------------------------- -Tue Jun 5 07:59:41 CEST 2001 - cihlar@suse.cz - -- removed complete path from PAM modules - -------------------------------------------------------------------- -Thu May 3 09:36:17 CEST 2001 - cihlar@suse.cz - -- update to version 2.9p1 -- removed obsolete --with-openssl -- removed obsolete man patch - -------------------------------------------------------------------- -Mon Apr 30 07:50:23 CEST 2001 - cihlar@suse.cz - -- enable PAM support - -------------------------------------------------------------------- -Fri Apr 13 11:50:26 CEST 2001 - ro@suse.de - -- fixed specfile for extra README.SuSE - -------------------------------------------------------------------- -Fri Apr 13 08:03:45 CEST 2001 - cihlar@suse.cz - -- fixed init script by new skeleton - -------------------------------------------------------------------- -Thu Mar 22 14:56:50 CET 2001 - cihlar@suse.cz - -- update to version 2.5.2p2 - -------------------------------------------------------------------- -Wed Mar 14 14:12:38 CET 2001 - cihlar@suse.cz - -- fixed ssh man page - -------------------------------------------------------------------- -Mon Mar 12 07:56:37 CET 2001 - cihlar@suse.cz - -- update to version 2.5.1p2 -- added xf86 to neededforbuild - -------------------------------------------------------------------- -Fri Mar 9 15:16:59 CET 2001 - schwab@suse.de - -- Fix missing crypt declaration. - -------------------------------------------------------------------- -Fri Feb 23 08:57:55 CET 2001 - cihlar@suse.cz - -- update to version 2.5.1p1 -- update x11-ssh-askpass to version 1.2.0 - -------------------------------------------------------------------- -Tue Feb 20 11:27:20 CET 2001 - cihlar@suse.cz - -- modified README.SuSE [#4365] -- fixed start script to agree with skeleton -- fixed start script so "stop" kills only sshd - listening for connections -- compiled with --with-openssl -- "ListenAddress 0.0.0.0" in sshd_config commented out - - listen on both ipv4 and ipv6 -- fixed var/adm/notify/messages/openssh_update [#6406] - -------------------------------------------------------------------- -Thu Jan 25 15:02:01 CET 2001 - smid@suse.cz - -- startup script fixed [#5559] - -------------------------------------------------------------------- -Tue Jan 16 09:40:50 CET 2001 - nadvornik@suse.cz - -- libcrypto linked static [#5333] - -------------------------------------------------------------------- -Thu Jan 11 13:41:48 CET 2001 - cihlar@suse.cz - -- uncomment sftp-server part in sshd_config -- added /usr/X11R6/lib/X11/app-defaults/SshAskpass to %files - -------------------------------------------------------------------- -Thu Jan 11 12:37:10 CET 2001 - cihlar@suse.cz - -- fixed %files [#5230] -- fixed installation of x11-ssh-askpass to BuildRoot -- added man pages of x11-ssh-askpass - -------------------------------------------------------------------- -Wed Jan 10 11:54:42 CET 2001 - smid@suse.cz - -- notice about how to enable ipv6 added to mail -- for administrator [#5297] - -------------------------------------------------------------------- -Wed Dec 13 10:43:25 CET 2000 - smid@suse.cz - -- default ipv6 listennig disabled (problems with libc2.2) [#4588] - -------------------------------------------------------------------- -Tue Dec 5 14:03:35 CET 2000 - smid@suse.cz - -- notify message changed - -------------------------------------------------------------------- -Mon Dec 4 21:45:35 CET 2000 - lmuelle@suse.de - -- fixed provides/ conflicts to ssh - -------------------------------------------------------------------- -Thu Nov 30 16:03:34 CET 2000 - smid@suse.cz - -- path to ssh-askpass fixed -- stop in %preun removed -- new init style - -------------------------------------------------------------------- -Sun Nov 26 23:53:53 CET 2000 - schwab@suse.de - -- Restore rcsshd link. - -------------------------------------------------------------------- -Sun Nov 26 15:34:12 CET 2000 - kukuk@suse.de - -- Add openssl-devel to neededforbuild - -------------------------------------------------------------------- -Mon Nov 20 16:11:34 CET 2000 - smid@suse.cz - -- New version 2.3.0 - -------------------------------------------------------------------- -Wed Sep 6 12:52:06 CEST 2000 - smid@suse.cz - -- remove --with-ipv4-default option - -------------------------------------------------------------------- -Wed Jul 5 19:04:28 CEST 2000 - garloff@suse.de - -- ... and tell the sysadmin and user more about what they can do - about it (schwab). - -------------------------------------------------------------------- -Wed Jul 5 00:55:37 CEST 2000 - garloff@suse.de - -- Inform the user (admin) about the fact that the default behaviour - with respect to X11-forwarding has been changed to be disabled. - -------------------------------------------------------------------- -Wed Jun 28 13:11:08 CEST 2000 - smid@suse.cz - -- warning that generating DSA key can an take a long time. - (bugzilla 3015) -- writing to wtmp and lastlog fixed (bugzilla 3024) -- reading config file (parameter Protocol) fixed - -------------------------------------------------------------------- -Fri Jun 16 10:42:52 CEST 2000 - garloff@suse.de - -- Added generation of ssh_host_dsa_key - -------------------------------------------------------------------- -Tue Jun 13 08:32:19 MEST 2000 - nadvornik@suse.cz - -- update to 2.1.1p1 - -------------------------------------------------------------------- -Thu Jun 8 10:10:55 MEST 2000 - cihlar@suse.cz - -- uncommented %clean - -------------------------------------------------------------------- -Fri May 5 13:08:15 CEST 2000 - smid@suse.cz - -- buildroot added -- upgrade to 1.2.3 - -------------------------------------------------------------------- -Tue Mar 21 09:50:57 CET 2000 - kukuk@suse.de - -- Update to 1.2.2p1 - -------------------------------------------------------------------- -Mon Mar 6 12:03:49 CET 2000 - kukuk@suse.de - -- Fix the diff. - -------------------------------------------------------------------- -Sun Mar 5 18:22:07 CET 2000 - kukuk@suse.de - -- Add a README.SuSE with a short description how to use ssh-add - -------------------------------------------------------------------- -Tue Feb 29 21:03:50 CET 2000 - schwab@suse.de - -- Update config.{guess,sub}. - -------------------------------------------------------------------- -Fri Feb 25 11:01:24 CET 2000 - kukuk@suse.de - -- Fix need for build, add group tag. - -------------------------------------------------------------------- -Wed Feb 2 09:23:13 CET 2000 - kukuk@suse.de - -- Change new defaults back to old one - -------------------------------------------------------------------- -Sun Jan 30 12:51:49 CET 2000 - kukuk@suse.de - -- Add x11-ssh-askpass to filelist - -------------------------------------------------------------------- -Fri Jan 28 18:03:50 CET 2000 - kukuk@suse.de - -- Update to OpenSSH 1.2.2 -- Add x11-ssh-askpass-1.0 - -------------------------------------------------------------------- -Tue Jan 25 15:57:09 CET 2000 - kukuk@suse.de - -- Add reload and status to /sbin/init.d/sshd [Bug 1747] - -------------------------------------------------------------------- -Thu Jan 20 17:26:02 CET 2000 - kukuk@suse.de - -- Update to 1.2.1pre27 with IPv6 support - -------------------------------------------------------------------- -Fri Dec 31 21:18:10 CET 1999 - kukuk@suse.de - -- Initial version