From db5db0c1c29e476e22c3e120dc29abfe97e10def687c758736fbee756db77ffb Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 11 Feb 2014 07:43:47 +0000 Subject: [PATCH] - add a rcsshd symlink to /usr/sbin/service OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=60 --- openssh.changes | 5 + ....changes.reb47944ec2d587d73f8e2ef1dd4caf5d | 2001 +++++++++++++++++ openssh.spec | 1 + 3 files changed, 2007 insertions(+) create mode 100644 openssh.changes.reb47944ec2d587d73f8e2ef1dd4caf5d diff --git a/openssh.changes b/openssh.changes index 53027ea..350dc56 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Feb 11 07:42:09 UTC 2014 - meissner@suse.com + +- add a rcsshd symlink to /usr/sbin/service + ------------------------------------------------------------------- Wed Feb 5 08:38:11 UTC 2014 - idonmez@suse.com diff --git a/openssh.changes.reb47944ec2d587d73f8e2ef1dd4caf5d b/openssh.changes.reb47944ec2d587d73f8e2ef1dd4caf5d new file mode 100644 index 0000000..53027ea --- /dev/null +++ b/openssh.changes.reb47944ec2d587d73f8e2ef1dd4caf5d @@ -0,0 +1,2001 @@ +------------------------------------------------------------------- +Wed Feb 5 08:38:11 UTC 2014 - idonmez@suse.com + +- Add openssh-6.2p1-forcepermissions.patch to implement a force + permissions mode (fate#312774). The patch is based on + http://marc.info/?l=openssh-unix-dev&m=128896838930893 + +------------------------------------------------------------------- +Fri Jan 24 15:13:09 UTC 2014 - pcerny@suse.com + +- Update to 6.4p1 + Features since 6.2p2: + * ssh-agent(1) support in sshd(8); allows encrypted hostkeys, or + hostkeys on smartcards. + * ssh(1)/sshd(8): allow optional time-based rekeying via a + second argument to the existing RekeyLimit option. RekeyLimit + is now supported in sshd_config as well as on the client. + * sshd(8): standardise logging of information during user + authentication. + * The presented key/cert and the remote username (if available) + is now logged in the authentication success/failure message on + the same log line as the local username, remote host/port and + protocol in use. Certificates contents and the key + fingerprint of the signing CA are logged too. + * ssh(1) ability to query what cryptographic algorithms are + supported in the binary. + * ssh(1): ProxyCommand=- for cases where stdin and stdout + already point to the proxy. + * ssh(1): allow IdentityFile=none + * ssh(1)/sshd(8): -E option to append debugging logs to a + specified file instead of stderr or syslog. + * sftp(1): support resuming partial downloads with the "reget" + command and on the sftp commandline or on the "get" + commandline with the "-a" (append) option. + * ssh(1): "IgnoreUnknown" configuration option to selectively + suppress errors arising from unknown configuration directives. + * sshd(8): support for submethods to be appended to required + authentication methods listed via AuthenticationMethods. + Bugfixes since 6.2p2: + * sshd(8): fix refusal to accept certificate if a key of a + different type to the CA key appeared in authorized_keys + before the CA key. + * ssh(1)/ssh-agent(1)/sshd(8): Use a monotonic time source for + timers so that things like keepalives and rekeying will work + properly over clock steps. + * sftp(1): update progressmeter when data is acknowledged, not + when it's sent. bz#2108 + * ssh(1)/ssh-keygen(1): improve error messages when the current + user does not exist in /etc/passwd; bz#2125 + * ssh(1): reset the order in which public keys are tried after + partial authentication success. + * ssh-agent(1): clean up socket files after SIGINT when in debug + mode; bz#2120 + * ssh(1) and others: avoid confusing error messages in the case + of broken system resolver configurations; bz#2122 + * ssh(1): set TCP nodelay for connections started with -N; + bz#2124 + * ssh(1): correct manual for permission requirements on + ~/.ssh/config; bz#2078 + * ssh(1): fix ControlPersist timeout not triggering in cases + where TCP connections have hung. bz#1917 + * ssh(1): properly deatch a ControlPersist master from its + controlling terminal. + * sftp(1): avoid crashes in libedit when it has been compiled + with multi- byte character support. bz#1990 + * sshd(8): when running sshd -D, close stderr unless we have + explicitly requested logging to stderr. bz#1976, + * ssh(1): fix incomplete bzero; bz#2100 + * sshd(8): log and error and exit if ChrootDirectory is + specified and running without root privileges. + * Many improvements to the regression test suite. In particular + log files are now saved from ssh and sshd after failures. + * Fix a number of memory leaks. bz#1967 bz#2096 and others + * sshd(8): fix public key authentication when a :style is + appended to the requested username. + * ssh(1): do not fatally exit when attempting to cleanup + multiplexing- created channels that are incompletely opened. + bz#2079 + * sshd(8): fix a memory corruption problem triggered during + rekeying when an AES-GCM cipher is selected + * Fix unaligned accesses in umac.c for strict-alignment + architectures. bz#2101 + * Fix broken incorrect commandline reporting errors. bz#1448 + * Only include SHA256 and ECC-based key exchange methods if + libcrypto has the required support. + * Fix crash in SOCKS5 dynamic forwarding code on + strict-alignment architectures. + - FIPS and GSSKEX patched disabled for now + +------------------------------------------------------------------- +Fri Oct 4 17:50:32 UTC 2013 - pcerny@suse.com + +- fix server crashes when using AES-GCM +- removed superfluous build dependency on X + +------------------------------------------------------------------- +Thu Sep 19 02:02:56 UTC 2013 - pcerny@suse.com + +- spec file and patch cleanup + * key converter is now in the -key-converter.patch + * openssh-nodaemon-nopid.patch is -no_fork-no_pid_file.patch + * openssh-nocrazyabicheck.patch is + -disable-openssl-abi-check.patch + * removing obsolete -engines.diff patch +- patches from SLE11 + * use auditing infrastructure extending upstream hooks + (-auditX-*.patch) instead of the single old patch + (-audit.patch) + * FIPS enablement (currently disabled) + (-fingerprint_hash.patch, -fips.patch) + * GSSAPI key exchange + (bnc#784689, fate#313068, -gssapi_key_exchange.patch) + * SysV init script update - 'stop' now terminates all sshd + processes and closes all connections, 'soft-stop' only + terminates the listener process (keeps active sessions intact) + (fate#314243) + * helper application for retrieving users' public keys from + an LDAP server (bnc#683733, fate#302144, -ldap.patch) + - subpackage openssh-akc-ldap + * several bugfixes: + - login invocation + (bnc#833605, -login_options.patch) + - disable locked accounts when using PAM + (bnc#708678, fate#312033, -pam-check-locks.patch) + - fix wtmp handling + (bnc#18024, -lastlog.patch) +- init script is moved into documentation for openSUSE 12.3+ + (as it confused systemd) + +------------------------------------------------------------------- +Tue Sep 10 21:15:59 UTC 2013 - crrodriguez@opensuse.org + +- fix the logic in openssh-nodaemon-nopid.patch which is broken + and pid_file therefore still being created. + +------------------------------------------------------------------- +Sat Aug 3 17:57:06 UTC 2013 - crrodriguez@opensuse.org + +- Update to version 6.2p2 +* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption +* ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes +* ssh(1)/sshd(8): Added support for the UMAC-128 MAC +* sshd(8): Added support for multiple required authentication +* sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists +* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1) + now immediately sends its SSH protocol banner to the server without + waiting to receive the server's banner, saving time when connecting. +* dozens of other changes, see http://www.openssh.org/txt/release-6.2 + +------------------------------------------------------------------- +Mon Jul 1 18:54:31 UTC 2013 - coolo@suse.com + +- avoid the build cycle between curl, krb5, libssh2_org and openssh + by using krb5-mini-devel + +------------------------------------------------------------------- +Wed Jun 19 09:50:25 UTC 2013 - speilicke@suse.com + +- Recommend xauth, X11-forwarding won't work if it is not installed + +------------------------------------------------------------------- +Sun Apr 14 19:02:32 UTC 2013 - crrodriguez@opensuse.org + +- sshd.service: Do not order after syslog.target, it is + not required or recommended and that target does not even exist + anymore. + +------------------------------------------------------------------- +Tue Jan 8 10:16:45 UTC 2013 - dmueller@suse.com + +- use ssh-keygen(1) default keylengths in generating the host key + instead of hardcoding it + +------------------------------------------------------------------- +Tue Nov 13 10:26:37 UTC 2012 - meissner@suse.com + +- Updated to 6.1p1, a bugfix release + Features: + * sshd(8): This release turns on pre-auth sandboxing sshd by default for + new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config. + * ssh-keygen(1): Add options to specify starting line number and number of + lines to process when screening moduli candidates, allowing processing + of different parts of a candidate moduli file in parallel + * sshd(8): The Match directive now supports matching on the local (listen) + address and port upon which the incoming connection was received via + LocalAddress and LocalPort clauses. + * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv + and {Allow,Deny}{Users,Groups} + * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978 + * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8 + * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as + an argument to refuse all port-forwarding requests. + * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile + * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971 + * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators + to append some arbitrary text to the server SSH protocol banner. + Bugfixes: + * ssh(1)/sshd(8): Don't spin in accept() in situations of file + descriptor exhaustion. Instead back off for a while. + * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as + they were removed from the specification. bz#2023, + * sshd(8): Handle long comments in config files better. bz#2025 + * ssh(1): Delay setting tty_flag so RequestTTY options are correctly + picked up. bz#1995 + * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root + on platforms that use login_cap. + Portable OpenSSH: + * sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit + sandbox from the Linux SECCOMP filter sandbox when the latter is + not available in the kernel. + * ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to + retrieve a CNAME SSHFP record. + * Fix cross-compilation problems related to pkg-config. bz#1996 + +------------------------------------------------------------------- +Tue Nov 13 10:26:16 CET 2012 - kukuk@suse.de + +- Fix groupadd arguments +- Add LSB tag to sshd init script + +------------------------------------------------------------------- +Fri Oct 26 15:01:21 UTC 2012 - coolo@suse.com + +- explicit buildrequire groff, needed for man pages + +------------------------------------------------------------------- +Tue Oct 16 12:29:36 UTC 2012 - coolo@suse.com + +- buildrequire systemd through pkgconfig to break cycle + +------------------------------------------------------------------- +Wed Aug 15 19:25:08 UTC 2012 - crrodriguez@opensuse.org + +- When not daemonizing, such is used with systemd, no not + create a PID file + +------------------------------------------------------------------- +Mon Jun 18 11:34:51 UTC 2012 - coolo@suse.com + +- do not buildrequire xorg-x11, the askpass is an extra package + and should build from a different package + +------------------------------------------------------------------- +Tue May 29 07:14:36 UTC 2012 - meissner@suse.com + +- use correct download url and tarball format. + +------------------------------------------------------------------- +Tue May 29 06:52:13 UTC 2012 - crrodriguez@opensuse.org + +- Update to version 6.0, large list of changes, seen + http://www.openssh.org/txt/release-6.0 for detail. + +------------------------------------------------------------------- +Thu May 10 20:50:33 UTC 2012 - crrodriguez@opensuse.org + +- By default openSSH checks at *runtime* if the openssl + API version matches with the running library, that might + be good if you are compiling SSH yourself but it is a totally + insane way to check for binary/source compatibility in a distribution. + +------------------------------------------------------------------- +Mon Feb 20 08:29:17 UTC 2012 - meissner@suse.com + +- include X11 app default dir + +------------------------------------------------------------------- +Fri Dec 23 08:27:08 UTC 2011 - brian@aljex.com + +- Fix building for OS 11.0, 10.3, 10.2 +* Don't require selinux on OS 11.0 or lower + +------------------------------------------------------------------- +Fri Dec 23 06:34:28 UTC 2011 - brian@aljex.com + +- Fix building for OS 11.2 and 11.1 +- Cleanup remove remaining litteral /etc/init.d 's + +------------------------------------------------------------------- +Wed Dec 21 10:38:59 UTC 2011 - coolo@suse.com + +- add autoconf as buildrequire to avoid implicit dependency + +------------------------------------------------------------------- +Tue Nov 29 19:48:29 UTC 2011 - crrodriguez@opensuse.org + +- Add systemd startup units + +------------------------------------------------------------------- +Sat Oct 29 22:41:55 UTC 2011 - pcerny@suse.com + +- finalising libexecdir change (bnc#726712) + +------------------------------------------------------------------- +Wed Oct 19 00:32:20 UTC 2011 - pcerny@suse.com + +- Update to 5.9p1 + * sandboxing privsep child through rlimit + +------------------------------------------------------------------- +Fri Sep 16 09:43:47 UTC 2011 - jengelh@medozas.de + +- Avoid overriding libexecdir with %_lib (bnc#712025) +- Clean up the specfile by request of Minh Ngo, details entail: +* remove norootforbuild comments, redundant %clean section +* run spec-beautifier over it +- Add PIEFLAGS to compilation of askpass; fails otherwise + +------------------------------------------------------------------- +Mon Aug 29 23:47:58 UTC 2011 - crrodriguez@opensuse.org + +- Update to verison 5.8p2 +* Fixed vuln in systems without dev/random, we arenot affected +* Fixes problems building with selinux enabled +- Fix build with as-needed and no-add-needed + +------------------------------------------------------------------- +Sat Aug 13 20:46:17 UTC 2011 - crrodriguez@opensuse.org + +- Enable libedit/autocompletion support in sftp + +------------------------------------------------------------------- +Tue May 10 15:08:17 UTC 2011 - meissner@novell.com + +- Change default keysizes of rsa and dsa from 1024 to 2048 + to match ssh-keygen manpage recommendations. + +------------------------------------------------------------------- +Fri Feb 4 11:19:25 UTC 2011 - lchiquitto@novell.com + +- Update to 5.8p1 + * Fix vulnerability in legacy certificate signing introduced in + OpenSSH-5.6 and found by Mateusz Kocielski. + * Fix compilation failure when enableing SELinux support. + * Do not attempt to call SELinux functions when SELinux is + disabled. +- Remove patch that is now upstream: + * openssh-5.7p1-selinux.diff + +------------------------------------------------------------------- +Thu Feb 3 16:42:01 UTC 2011 - pcerny@novell.com + +- specfile/patches cleanup + +------------------------------------------------------------------- +Mon Jan 24 11:24:59 UTC 2011 - lchiquitto@novell.com + +- Update to 5.7p1 + * Implement Elliptic Curve Cryptography modes for key exchange (ECDH) + and host/user keys (ECDSA) as specified by RFC5656. + * sftp(1)/sftp-server(8): add a protocol extension to support a hard + link operation. + * scp(1): Add a new -3 option to scp: Copies between two remote hosts + are transferred through the local host. + * ssh(1): automatically order the hostkeys requested by the client + based on which hostkeys are already recorded in known_hosts. + * ssh(1)/sshd(8): add a new IPQoS option to specify arbitrary + TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. + * sftp(1): the sftp client is now significantly faster at performing + directory listings, using OpenBSD glob(3) extensions to preserve + the results of stat(3) operations performed in the course of its + execution rather than performing expensive round trips to fetch + them again afterwards. + * ssh(1): "atomically" create the listening mux socket by binding it on + a temporary name and then linking it into position after listen() has + succeeded. + * ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server + configuration to allow selection of which key exchange methods are + used by ssh(1) and sshd(8) and their order of preference. + * sftp(1)/scp(1): factor out bandwidth limiting code from scp(1) into + a generic bandwidth limiter that can be attached using the atomicio + callback mechanism and use it to add a bandwidth limit option to + sftp(1). + * Support building against openssl-1.0.0a. + * Bug fixes. +- Remove patches that are now upstream: + * openssh-5.6p1-tmpdir.diff + * openssh-linux-new-oomkill.patch +- Add upstream patch to fix build with SELinux enabled. + +------------------------------------------------------------------- +Wed Jan 12 13:37:38 CET 2011 - sbrabec@suse.cz + +- Removed relics of no more implemented opensc support. + +------------------------------------------------------------------- +Thu Nov 18 12:20:59 UTC 2010 - lnussel@suse.de + +- add pam_lastlog to show failed login attempts +- remove permissions handling, no special handling needed + +------------------------------------------------------------------- +Tue Nov 16 14:45:14 UTC 2010 - cristian.rodriguez@opensuse.org + +- Use upstream oom_adj is deprecated patch + +------------------------------------------------------------------- +Tue Nov 2 13:25:19 UTC 2010 - coolo@novell.com + +- remove the code trying to patch X11 paths - which was broken + for a very long time and was useless anyway as the Makefiles + do this correctly themselves + +------------------------------------------------------------------- +Sun Oct 31 12:37:02 UTC 2010 - jengelh@medozas.de + +- Use %_smp_mflags + +------------------------------------------------------------------- +Thu Oct 14 16:00:19 UTC 2010 - crrodriguez@opensuse.org + +- Fix warning "oom_adj is deprecated use oom_score_adj instead" + +------------------------------------------------------------------- +Mon Sep 13 14:47:10 CEST 2010 - anicka@suse.cz + +- actualize README.SuSE (bnc#638893) + +------------------------------------------------------------------- +Tue Aug 24 15:43:08 CEST 2010 - anicka@suse.cz + +- update to 5.6p1 + * Added a ControlPersist option to ssh_config(5) that automatically + starts a background ssh(1) multiplex master when connecting. + * Hostbased authentication may now use certificate host keys. + * ssh-keygen(1) now supports signing certificate using a CA key that + has been stored in a PKCS#11 token. + * ssh(1) will now log the hostname and address that we connected to at + LogLevel=verbose after authentication is successful to mitigate + "phishing" attacks by servers with trusted keys that accept + authentication silently and automatically before presenting fake + password/passphrase prompts. + * Expand %h to the hostname in ssh_config Hostname options. + * Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 + keys in addition to RFC4716 (SSH.COM) encodings via a new -m option + * sshd(8) will now queue debug messages for bad ownership or + permissions on the user's keyfiles encountered during authentication + and will send them after authentication has successfully completed. + * ssh(1) connection multiplexing now supports remote forwarding with + dynamic port allocation and can report the allocated port back to + the user + * sshd(8) now supports indirection in matching of principal names + listed in certificates. + * sshd(8) now has a new AuthorizedPrincipalsFile option to specify a + file containing a list of names that may be accepted in place of the + username when authorizing a certificate trusted via the + sshd_config(5) TrustedCAKeys option. + * Additional sshd_config(5) options are now valid inside Match blocks + * Revised the format of certificate keys. + * bugfixes +- removed -forward patch (SSH_MAX_FORWARDS_PER_DIRECTION not hard-coded + any more), removed memory leak fix (fixed in upstream) + +------------------------------------------------------------------- +Fri Aug 20 13:00:43 CEST 2010 - anicka@suse.cz + +- hint user how to remove offending keys (bnc#625552) + +------------------------------------------------------------------- +Thu Jul 22 17:58:09 CEST 2010 - anicka@suse.cz + +- update to 5.5p1 + +------------------------------------------------------------------- +Tue Jul 20 17:19:24 CEST 2010 - anicka@suse.cz + +- update to 5.5p1 + * Allow ChrootDirectory to work in SELinux platforms. + * bugfixes + +------------------------------------------------------------------- +Wed Jun 30 16:01:30 CEST 2010 - meissner@suse.de + +- Disable visual hostkey support again, after discussion on + its usefulness. + +------------------------------------------------------------------- +Mon May 17 18:11:33 UTC 2010 - cristian.rodriguez@opensuse.org + +- Hardware crypto is supported and patched but never + enabled, need to use --with-ssl-engine explicitely + +------------------------------------------------------------------- +Fri May 14 16:03:17 CEST 2010 - anicka@suse.cz + +- fixed memory leak in sftp (bnc#604274) + +------------------------------------------------------------------- +Fri Apr 23 12:01:50 CEST 2010 - anicka@suse.cz + +- honour /etc/nologin (bnc#530885) + +------------------------------------------------------------------- +Thu Mar 25 11:00:00 CET 2010 - meissner@suse.de + +- Enable VisualHostKey (ascii art of the hostkey fingerprint) and + HashHostKeys (hardening measure to make them unusable for worms/malicious + users for further host hopping). + +------------------------------------------------------------------- +Tue Mar 23 18:57:07 CET 2010 - anicka@suse.cz + +- update to 5.4p1 + * After a transition period of about 10 years, this release disables + SSH protocol 1 by default. Clients and servers that need to use the + legacy protocol must explicitly enable it in ssh_config / sshd_config + or on the command-line. + * Remove the libsectok/OpenSC-based smartcard code and add support for + PKCS#11 tokens. This support is automatically enabled on all + platforms that support dlopen(3) and was inspired by patches written + by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages. + * Add support for certificate authentication of users and hosts using a + new, minimal OpenSSH certificate format (not X.509). Certificates + contain a public key, identity information and some validity + constraints and are signed with a standard SSH public key using + ssh-keygen(1). CA keys may be marked as trusted in authorized_keys + or via a TrustedUserCAKeys option in sshd_config(5) (for user + authentication), or in known_hosts (for host authentication). + Documentation for certificate support may be found in ssh-keygen(1), + sshd(8) and ssh(1) and a description of the protocol extensions in + PROTOCOL.certkeys. + * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects + stdio on the client to a single port forward on the server. This + allows, for example, using ssh as a ProxyCommand to route connections + via intermediate servers. bz#1618 + * Add the ability to revoke keys in sshd(8) and ssh(1). User keys may + be revoked using a new sshd_config(5) option "RevokedKeys". Host keys + are revoked through known_hosts (details in the sshd(8) man page). + Revoked keys cannot be used for user or host authentication and will + trigger a warning if used. + * Rewrite the ssh(1) multiplexing support to support non-blocking + operation of the mux master, improve the resilience of the master to + malformed messages sent to it by the slave and add support for + requesting port- forwardings via the multiplex protocol. The new + stdio-to-local forward mode ("ssh -W host:port ...") is also + supported. The revised multiplexing protocol is documented in the + file PROTOCOL.mux in the source distribution. + * Add a 'read-only' mode to sftp-server(8) that disables open in write + mode and all other fs-modifying protocol methods. bz#430 + * Allow setting an explicit umask on the sftp-server(8) commandline to + override whatever default the user has. bz#1229 + * Many improvements to the sftp(1) client, many of which were + implemented by Carlos Silva through the Google Summer of Code + program: + - Support the "-h" (human-readable units) flag for ls + - Implement tab-completion of commands, local and remote filenames + - Support most of scp(1)'s commandline arguments in sftp(1), as a + first step towards making sftp(1) a drop-in replacement for scp(1). + Note that the rarely-used "-P sftp_server_path" option has been + moved to "-D sftp_server_path" to make way for "-P port" to match + scp(1). + - Add recursive transfer support for get/put and on the commandline + * New RSA keys will be generated with a public exponent of RSA_F4 == + (2**16)+1 == 65537 instead of the previous value 35. + * Passphrase-protected SSH protocol 2 private keys are now protected + with AES-128 instead of 3DES. This applied to newly-generated keys + as well as keys that are reencrypted (e.g. by changing their + passphrase). +- cleanup in patches + +------------------------------------------------------------------- +Tue Mar 2 09:09:18 UTC 2010 - coolo@novell.com + +- do not use paths at all, but prereq packages + +------------------------------------------------------------------- +Sat Feb 27 20:35:01 UTC 2010 - aj@suse.de + +- Use complete path for groupadd and useradd in pre section. + +------------------------------------------------------------------- +Tue Feb 23 15:45:06 CET 2010 - anicka@suse.cz + +- audit patch: add fix for bnc#545271 + +------------------------------------------------------------------- +Mon Feb 22 17:15:22 CET 2010 - anicka@suse.cz + +- do not fix uid/gid anymore (bnc#536564) + +------------------------------------------------------------------- +Tue Dec 15 11:04:00 CET 2009 - jengelh@medozas.de + +- select large PIE for SPARC, it is required to avoid + "relocation truncated to fit: R_SPARC_GOT13 against symbol xyz + defined in COMMON section in sshd.o" + +------------------------------------------------------------------- +Mon Sep 21 14:40:51 CEST 2009 - anicka@suse.cz + +- add new version of homechroot patch (added documentation, added + check for nodev and nosuid) +- remove Provides and Obsoletes ssh + +------------------------------------------------------------------- +Thu Aug 20 16:54:08 CEST 2009 - anicka@suse.cz + +- make sftp in chroot users life easier (ie. bnc#518238), + many thanks jchadima@redhat.com for a patch + +------------------------------------------------------------------- +Sun Jul 12 21:43:21 CEST 2009 - coolo@novell.com + +- readd $SSHD_BIN so that sshd starts at all + +------------------------------------------------------------------- +Tue Jul 7 15:06:58 CEST 2009 - llunak@novell.com + +- Added a hook for ksshaskpass + +------------------------------------------------------------------- +Sun Jul 5 12:17:40 CEST 2009 - dmueller@novell.com + +- readd -f to startproc and remove -p instead to + ensure that sshd is started even though old instances + are still running (e.e. being logged in from remote) + +------------------------------------------------------------------- +Fri Jun 19 10:35:46 CEST 2009 - coolo@novell.com + +- disable as-needed for this package as it fails to build with it + +------------------------------------------------------------------- +Tue May 26 11:56:20 CEST 2009 - anicka@suse.cz + +- disable -f in startproc to calm the warning (bnc#506831) + +------------------------------------------------------------------- +Thu Apr 23 09:44:07 CEST 2009 - lnussel@suse.de + +- do not enable sshd by default + +------------------------------------------------------------------- +Mon Feb 23 17:27:45 CET 2009 - anicka@suse.cz + +- update to 5.2p1 + * This release changes the default cipher order to prefer the AES CTR + modes and the revised "arcfour256" mode to CBC mode ciphers that are + susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH". + * This release also adds countermeasures to mitigate CPNI-957037-style + attacks against the SSH protocol's use of CBC-mode ciphers. Upon + detection of an invalid packet length or Message Authentication + Code, ssh/sshd will continue reading up to the maximum supported + packet length rather than immediately terminating the connection. + This eliminates most of the known differences in behaviour that + leaked information about the plaintext of injected data which formed + the basis of this attack. We believe that these attacks are rendered + infeasible by these changes. + * Added a -y option to ssh(1) to force logging to syslog rather than + stderr, which is useful when running daemonised (ssh -f) + * The sshd_config(5) ForceCommand directive now accepts commandline + arguments for the internal-sftp server. + * The ssh(1) ~C escape commandline now support runtime creation of + dynamic (-D) port forwards. + * Support the SOCKS4A protocol in ssh(1) dynamic (-D) forwards. + (bz#1482) + * Support remote port forwarding with a listen port of '0'. This + informs the server that it should dynamically allocate a listen + port and report it back to the client. (bz#1003) + * sshd(8) now supports setting PermitEmptyPasswords and + AllowAgentForwarding in Match blocks + * Repair a ssh(1) crash introduced in openssh-5.1 when the client is + sent a zero-length banner (bz#1496) + * Due to interoperability problems with certain + broken SSH implementations, the eow@openssh.com and + no-more-sessions@openssh.com protocol extensions are now only sent + to peers that identify themselves as OpenSSH. + * Make ssh(1) send the correct channel number for + SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to + avoid triggering 'Non-public channel' error messages on sshd(8) in + openssh-5.1. + * Avoid printing 'Non-public channel' warnings in sshd(8), since the + ssh(1) has sent incorrect channel numbers since ~2004 (this reverts + a behaviour introduced in openssh-5.1). + * Avoid double-free in ssh(1) ~C escape -L handler (bz#1539) + * Correct fail-on-error behaviour in sftp(1) batchmode for remote + stat operations. (bz#1541) + * Disable nonfunctional ssh(1) ~C escape handler in multiplex slave + connections. (bz#1543) + * Avoid hang in ssh(1) when attempting to connect to a server that + has MaxSessions=0 set. + * Multiple fixes to sshd(8) configuration test (-T) mode + * Several core and portable OpenSSH bugs fixed: 1380, 1412, 1418, + 1419, 1421, 1490, 1491, 1492, 1514, 1515, 1518, 1520, 1538, 1540 + * Many manual page improvements. + +------------------------------------------------------------------- +Mon Dec 1 15:43:14 CET 2008 - anicka@suse.cz + +- respect SSH_MAX_FORWARDS_PER_DIRECTION (bnc#448775) + +------------------------------------------------------------------- +Mon Nov 10 16:01:27 CET 2008 - anicka@suse.cz + +- fix printing banner (bnc#443380) + +------------------------------------------------------------------- +Fri Oct 24 16:24:34 CEST 2008 - anicka@suse.cz + +- call pam functions in the right order (bnc#438292) +- mention default forwarding of locale settings in + README.SuSE (bnc#434799) + +------------------------------------------------------------------- +Tue Sep 9 17:55:29 CEST 2008 - anicka@suse.cz + +- remove pam_resmgr from sshd.pamd (bnc#422619) + +------------------------------------------------------------------- +Sun Aug 24 08:26:05 CEST 2008 - coolo@suse.de + +- fix fillup macro usage + +------------------------------------------------------------------- +Fri Aug 22 11:51:12 CEST 2008 - prusnak@suse.cz + +- enabled SELinux support [Fate#303662] + +------------------------------------------------------------------- +Tue Jul 22 20:39:29 CEST 2008 - anicka@suse.cz + +- update to 5.1p1 + * sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly + other platforms) when X11UseLocalhost=no + * Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1) + and ssh-keygen(1). Visual fingerprinnt display is controlled by a new + ssh_config(5) option "VisualHostKey". + * sshd_config(5) now supports CIDR address/masklen matching in "Match + address" blocks, with a fallback to classic wildcard matching. + * sshd(8) now supports CIDR matching in ~/.ssh/authorized_keys + from="..." restrictions, also with a fallback to classic wildcard + matching. + * Added an extended test mode (-T) to sshd(8) to request that it write + its effective configuration to stdout and exit. Extended test mode + also supports the specification of connection parameters (username, + source address and hostname) to test the application of + sshd_config(5) Match rules. + * ssh(1) now prints the number of bytes transferred and the overall + connection throughput for SSH protocol 2 sessions when in verbose + mode (previously these statistics were displayed for protocol 1 + connections only). + * sftp-server(8) now supports extension methods statvfs@openssh.com and + fstatvfs@openssh.com that implement statvfs(2)-like operations. + * sftp(1) now has a "df" command to the sftp client that uses the + statvfs@openssh.com to produce a df(1)-like display of filesystem + space and inode utilisation (requires statvfs@openssh.com support on + the server) + * Added a MaxSessions option to sshd_config(5) to allow control of the + number of multiplexed sessions supported over a single TCP connection. + This allows increasing the number of allowed sessions above the + previous default of 10, disabling connection multiplexing + (MaxSessions=1) or disallowing login/shell/subsystem sessions + entirely (MaxSessions=0). + * Added a no-more-sessions@openssh.com global request extension that is + sent from ssh(1) to sshd(8) when the client knows that it will never + request another session (i.e. when session multiplexing is disabled). + This allows a server to disallow further session requests and + terminate the session in cases where the client has been hijacked. + * ssh-keygen(1) now supports the use of the -l option in combination + with -F to search for a host in ~/.ssh/known_hosts and display its + fingerprint. + * ssh-keyscan(1) now defaults to "rsa" (protocol 2) keys, instead of + "rsa1". + * Added an AllowAgentForwarding option to sshd_config(8) to control + whether authentication agent forwarding is permitted. Note that this + is a loose control, as a client may install their own unofficial + forwarder. + * ssh(1) and sshd(8): avoid unnecessary malloc/copy/free when receiving + network data, resulting in a ~10% speedup + * ssh(1) and sshd(8) will now try additional addresses when connecting + to a port forward destination whose DNS name resolves to more than + one address. The previous behaviour was to try the only first address + and give up if that failed. (bz#383) + * ssh(1) and sshd(8) now support signalling that channels are + half-closed for writing, through a channel protocol extension + notification "eow@openssh.com". This allows propagation of closed + file descriptors, so that commands such as: + "ssh -2 localhost od /bin/ls | true" + do not send unnecessary data over the wire. (bz#85) + * sshd(8): increased the default size of ssh protocol 1 ephemeral keys + from 768 to 1024 bits. + * When ssh(1) has been requested to fork after authentication + ("ssh -f") with ExitOnForwardFailure enabled, delay the fork until + after replies for any -R forwards have been seen. Allows for robust + detection of -R forward failure when using -f. (bz#92) + * "Match group" blocks in sshd_config(5) now support negation of + groups. E.g. "Match group staff,!guests" (bz#1315) + * sftp(1) and sftp-server(8) now allow chmod-like operations to set + set[ug]id/sticky bits. (bz#1310) + * The MaxAuthTries option is now permitted in sshd_config(5) match + blocks. + * Multiplexed ssh(1) sessions now support a subset of the ~ escapes + that are available to a primary connection. (bz#1331) + * ssh(1) connection multiplexing will now fall back to creating a new + connection in most error cases. (bz#1439 bz#1329) + * Added some basic interoperability tests against Twisted Conch. + * Documented OpenSSH's extensions to and deviations from the published + SSH protocols (the PROTOCOL file in the distribution) + * Documented OpenSSH's ssh-agent protocol (PROTOCOL.agent). + * bugfixes +- remove gssapi_krb5-fix patch + +------------------------------------------------------------------- +Fri Apr 18 17:53:30 CEST 2008 - werner@suse.de + +- Handle pts slave lines like utemper + +------------------------------------------------------------------- +Wed Apr 9 14:37:57 CEST 2008 - anicka@suse.cz + +- update to 5.0p1 + * CVE-2008-1483: Avoid possible hijacking of X11-forwarded + connections by refusing to listen on a port unless all address + families bind successfully. +- remove CVE-2008-1483 patch + +------------------------------------------------------------------- +Wed Apr 2 14:57:26 CEST 2008 - anicka@suse.cz + +- update to 4.9p1 + * Disable execution of ~/.ssh/rc for sessions where a command has been + forced by the sshd_config ForceCommand directive. Users who had + write access to this file could use it to execute abritrary commands. + This behaviour was documented, but was an unsafe default and an extra + hassle for administrators. + * Added chroot(2) support for sshd(8), controlled by a new option + "ChrootDirectory". Please refer to sshd_config(5) for details, and + please use this feature carefully. (bz#177 bz#1352) + * Linked sftp-server(8) into sshd(8). The internal sftp server is + used when the command "internal-sftp" is specified in a Subsystem + or ForceCommand declaration. When used with ChrootDirectory, the + internal sftp server requires no special configuration of files + inside the chroot environment. Please refer to sshd_config(5) for + more information. + * Added a "no-user-rc" option for authorized_keys to disable execution + of ~/.ssh/rc + * Added a protocol extension method "posix-rename@openssh.com" for + sftp-server(8) to perform POSIX atomic rename() operations. + (bz#1400) + * Removed the fixed limit of 100 file handles in sftp-server(8). The + server will now dynamically allocate handles up to the number of + available file descriptors. (bz#1397) + * ssh(8) will now skip generation of SSH protocol 1 ephemeral server + keys when in inetd mode and protocol 2 connections are negotiated. + This speeds up protocol 2 connections to inetd-mode servers that + also allow Protocol 1 (bz#440) + * Accept the PermitRootLogin directive in a sshd_config(5) Match + block. Allows for, e.g. permitting root only from the local + network. + * Reworked sftp(1) argument splitting and escaping to be more + internally consistent (i.e. between sftp commands) and more + consistent with sh(1). Please note that this will change the + interpretation of some quoted strings, especially those with + embedded backslash escape sequences. (bz#778) + * Support "Banner=none" in sshd_config(5) to disable sending of a + pre-login banner (e.g. in a Match block). + * ssh(1) ProxyCommands are now executed with $SHELL rather than + /bin/sh. + * ssh(1)'s ConnectTimeout option is now applied to both the TCP + connection and the SSH banner exchange (previously it just covered + the TCP connection). This allows callers of ssh(1) to better detect + and deal with stuck servers that accept a TCP connection but don't + progress the protocol, and also makes ConnectTimeout useful for + connections via a ProxyCommand. + * Many new regression tests, including interop tests against PuTTY's + plink. + * Support BSM auditing on Mac OS X + * bugfixes +- remove addrlist, pam_session_close, strict-aliasing-fix patches + (not needed anymore) + +------------------------------------------------------------------- +Tue Mar 25 11:10:14 CET 2008 - anicka@suse.cz + +- fix CVE-2008-1483 (bnc#373527) + +------------------------------------------------------------------- +Fri Jan 4 11:11:52 CET 2008 - anicka@suse.cz + +- fix privileges of a firewall definition file [#351193] + +------------------------------------------------------------------- +Sat Dec 15 00:10:13 CET 2007 - anicka@suse.cz + +- add patch calling pam with root privileges [#334559] +- drop pwname-home patch [#104773] + +------------------------------------------------------------------- +Fri Dec 7 22:28:40 CET 2007 - anicka@suse.cz + +- fix race condition in xauth patch + +------------------------------------------------------------------- +Wed Dec 5 10:45:36 CET 2007 - anicka@suse.cz + +- update to 4.7p1 + * Add "-K" flag for ssh to set GSSAPIAuthentication=yes and + GSSAPIDelegateCredentials=yes. This is symmetric with -k + * make scp try to skip FIFOs rather than blocking when nothing is + listening. + * increase default channel windows + * put the MAC list into a display + * many bugfixes + +------------------------------------------------------------------- +Mon Oct 8 16:34:06 CEST 2007 - anicka@suse.cz + +- block SIGALRM only during calling syslog() [#331032] + +------------------------------------------------------------------- +Thu Sep 13 15:50:39 CEST 2007 - nadvornik@suse.cz + +- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521] + +------------------------------------------------------------------- +Tue Aug 28 18:25:57 CEST 2007 - anicka@suse.cz + +- fix blocksigalrm patch to set old signal mask after + writing the log in every case [#304819] + +------------------------------------------------------------------- +Tue Aug 21 04:51:45 CEST 2007 - anicka@suse.cz + +- avoid generating ssh keys when a non-standard location + is configured [#281228] + +------------------------------------------------------------------- +Wed Jul 25 16:18:50 CEST 2007 - anicka@suse.cz + +- fixed typo in sshd.fw [#293764] + +------------------------------------------------------------------- +Mon Mar 19 19:14:26 CET 2007 - nadvornik@suse.cz + +- fixed default for ChallengeResponseAuthentication [#255374] + +------------------------------------------------------------------- +Mon Mar 12 10:56:31 CET 2007 - anicka@suse.cz + +- update to 4.6p1 + * sshd now allows the enabling and disabling of authentication + methods on a per user, group, host and network basis via the + Match directive in sshd_config. + * Allow multiple forwarding options to work when specified in a + PermitOpen directive + * Clear SIGALRM when restarting due to SIGHUP. Prevents stray + signal from taking down sshd if a connection was pending at + the time SIGHUP was received + * hang on exit" when background processes are running at the + time of exit on a ttyful/login session + * some more bugfixes + +------------------------------------------------------------------- +Mon Mar 5 11:03:41 CET 2007 - anicka@suse.cz + +- fix path for firewall definition + +------------------------------------------------------------------- +Thu Mar 1 15:14:23 CET 2007 - anicka@suse.cz + +- add support for Linux audit (FATE #120269) + +------------------------------------------------------------------- +Wed Feb 21 11:21:48 CET 2007 - anicka@suse.cz + +- add firewall definition [#246921], FATE #300687, + source: sshd.fw + +------------------------------------------------------------------- +Sat Jan 6 12:30:16 CET 2007 - anicka@suse.cz + +- disable SSHv1 protocol in default configuration [#231808] + +------------------------------------------------------------------- +Tue Dec 12 14:41:45 CET 2006 - anicka@suse.cz + +- update to 4.5p1 + * Use privsep_pw if we have it, but only require it if we + absolutely need it. + * Correctly check for bad signatures in the monitor, otherwise + the monitor and the unpriv process can get out of sync. + * Clear errno before calling the strtol functions. + * exit instead of doing a blocking tcp send if we detect + a client/server timeout, since the tcp sendqueue might + be already full (of alive requests) + * include signal.h, errno.h, sys/in.h + * some more bugfixes + +------------------------------------------------------------------- +Wed Nov 22 13:42:32 CET 2006 - anicka@suse.cz + +- fixed README.SuSE [#223025] + +------------------------------------------------------------------- +Thu Nov 9 13:59:35 CET 2006 - anicka@suse.cz + +- backport security fixes from openssh 4.5 (#219115) + +------------------------------------------------------------------- +Tue Nov 7 13:43:44 CET 2006 - ro@suse.de + +- fix manpage permissions + +------------------------------------------------------------------- +Tue Oct 31 14:04:52 CET 2006 - anicka@suse.cz + +- fix gssapi_krb5-fix patch [#215615] +- fix xauth patch + +------------------------------------------------------------------- +Tue Oct 10 16:07:11 CEST 2006 - postadal@suse.cz + +- fixed building openssh from src.rpm [#176528] (gssapi_krb5-fix.patch) + +------------------------------------------------------------------- +Tue Oct 3 14:44:08 CEST 2006 - postadal@suse.cz + +- updated to version 4.4p1 [#208662] + * fixed pre-authentication DoS, that would cause sshd(8) to spin + until the login grace time expired + * fixed unsafe signal hander, which was vulnerable to a race condition + that could be exploited to perform a pre-authentication DoS + * fixed a GSSAPI authentication abort that could be used to determine + the validity of usernames on some platforms + * implemented conditional configuration in sshd_config(5) using the + "Match" directive + * added support for Diffie-Hellman group exchange key agreement with a + final hash of SHA256 + * added a "ForceCommand", "PermitOpen" directive to sshd_config(5) + * added optional logging of transactions to sftp-server(8) + * ssh(1) will now record port numbers for hosts stored in + ~/.ssh/authorized_keys when a non-standard port has been requested + * added an "ExitOnForwardFailure" option to cause ssh(1) to exit (with + a non-zero exit code) when requested port forwardings could not be + established + * extended sshd_config(5) "SubSystem" declarations to allow the + specification of command-line arguments +- removed obsoleted patches: autoconf-fix.patch, dos-fix.patch +- fixed gcc issues (gcc-fix.patch) + +------------------------------------------------------------------- +Wed Sep 20 17:34:54 CEST 2006 - postadal@suse.cz + +- fixed DoS by CRC compensation attack detector [#206917] (dos-fix.patch) +- fixed client NULL deref on protocol error +- cosmetic fix in init script [#203826] + +------------------------------------------------------------------- +Fri Sep 1 14:14:52 CEST 2006 - kukuk@suse.de + +- sshd.pamd: Add pam_loginuid, move pam_nologin to a better position + +------------------------------------------------------------------- +Fri Aug 25 15:37:46 CEST 2006 - postadal@suse.cz + +- fixed path for xauth [#198676] + +------------------------------------------------------------------- +Thu Aug 3 15:07:41 CEST 2006 - postadal@suse.cz + +- fixed build with X11R7 + +------------------------------------------------------------------- +Thu Jul 20 17:25:27 CEST 2006 - postadal@suse.cz + +- updated to version 4.3p2 + * experimental support for tunneling network packets via tun(4) +- removed obsoleted patches: pam-error.patch, CVE-2006-0225.patch, + scp.patch, sigalarm.patch + +------------------------------------------------------------------- +Mon Feb 13 12:54:28 CET 2006 - postadal@suse.cz + +- upstream fixes + - fixed "scp a b c", when c is not directory (scp.patch) + - eliminate some code duplicated in privsep and non-privsep paths, and + explicitly clear SIGALRM handler (sigalarm.patch) + +------------------------------------------------------------------- +Fri Feb 3 19:02:49 CET 2006 - postadal@suse.cz + +- fixed local arbitrary command execution vulnerability [#143435] + (CVE-2006-0225.patch) + +------------------------------------------------------------------- +Thu Feb 2 13:19:41 CET 2006 - postadal@suse.cz + +- fixed xauth.diff for disabled UsePrivilegeSeparation mode [#145809] +- build on s390 without Smart card support (opensc) [#147383] + +------------------------------------------------------------------- +Mon Jan 30 16:25:01 CET 2006 - postadal@suse.cz + +- fixed patch xauth.diff [#145809] +- fixed comments [#142989] + +------------------------------------------------------------------- +Wed Jan 25 21:39:06 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Mon Jan 16 18:05:44 CET 2006 - meissner@suse.de + +- added -fstack-protector. + +------------------------------------------------------------------- +Tue Jan 3 15:46:33 CET 2006 - postadal@suse.cz + +- updated to version 4.2p1 +- removed obsoleted patches: upstream_fixes.diff, gssapi-secfix.patch + +------------------------------------------------------------------- +Tue Nov 15 17:51:07 CET 2005 - postadal@suse.cz + +- do not delegate GSSAPI credentials to log in with a different method + than GSSAPI [#128928] (CAN-2005-2798, gssapi-secfix.patch) + +------------------------------------------------------------------- +Sun Oct 23 10:40:24 CEST 2005 - postadal@suse.cz + +- fixed PAM to send authentication failing mesaage to client [#130043] + (pam-error.patch) + +------------------------------------------------------------------- +Wed Sep 14 16:58:14 CEST 2005 - postadal@suse.cz + +- fixed uninitialized variable in patch xauth.diff [#98815] + +------------------------------------------------------------------- +Thu Sep 8 15:56:37 CEST 2005 - postadal@suse.cz + +- don't strip + +------------------------------------------------------------------- +Mon Sep 5 20:04:04 CEST 2005 - postadal@suse.cz + +- added patch xauth.diff prevent from polluting xauthority file [#98815] + +------------------------------------------------------------------- +Mon Aug 22 18:12:20 CEST 2005 - postadal@suse.cz + +- fixed problem when multiple accounts have same UID [#104773] + (pwname-home.diff) +- added fixes from upstream (upstream_fixes.diff) + +------------------------------------------------------------------- +Thu Aug 18 17:50:46 CEST 2005 - postadal@suse.cz + +- added patch tmpdir.diff for using $TMPDIR by ssh-agent [#95731] + +------------------------------------------------------------------- +Thu Aug 4 11:29:38 CEST 2005 - uli@suse.de + +- parallelize build + +------------------------------------------------------------------- +Mon Aug 1 17:48:02 CEST 2005 - postadal@suse.cz + +- added patch resolving problems with hostname changes [#98627] + (xauthlocalhostname.diff) + +------------------------------------------------------------------- +Wed Jun 22 18:42:57 CEST 2005 - kukuk@suse.de + +- Compile/link with -fpie/-pie + +------------------------------------------------------------------- +Wed Jun 15 17:41:24 CEST 2005 - meissner@suse.de + +- build x11-ask-pass with RPM_OPT_FLAGS. + +------------------------------------------------------------------- +Fri Jun 10 16:18:25 CEST 2005 - postadal@suse.cz + +- updated to version 4.1p1 +- removed obsoleted patches: restore_terminal, pam-returnfromsession, + timing-attacks-fix, krb5ccname, gssapi-pam, logdenysource, + sendenv-fix, documentation-fix + +------------------------------------------------------------------- +Thu Mar 10 10:36:42 CET 2005 - postadal@suse.cz + +- fixed SendEnv config parsing bug +- documented timeout on untrusted x11 forwarding sessions (openssh#849) +- mentioned ForwardX11Trusted in ssh.1 (openssh#987) + +------------------------------------------------------------------- +Thu Mar 3 13:29:13 CET 2005 - postadal@suse.cz + +- enabled accepting and sending locale environment variables in protocol 2 + [#65747, #50091] + +------------------------------------------------------------------- +Thu Feb 24 16:33:54 CET 2005 - postadal@suse.cz + +- added patches from cvs: gssapi-pam (openssh#918), + krb5ccname (openssh#445), logdenysource (openssh#909) + +------------------------------------------------------------------- +Thu Feb 3 13:29:23 CET 2005 - postadal@suse.cz + +- fixed keyboard-interactive/pam/Kerberos leaks info about user existence + [#48329] (openssh#971, CAN-2003-0190) + +------------------------------------------------------------------- +Wed Jan 19 15:58:07 CET 2005 - postadal@suse.cz + +- splited spec file to decreas number of build dependencies +- fixed restoring terminal setting after Ctrl+C during password prompt in scp/sftp [#43309] +- allowed users to see output from failing PAM session modules (openssh #890, + pam-returnfromsession.patch) + +------------------------------------------------------------------- +Mon Nov 8 17:17:45 CET 2004 - kukuk@suse.de + +- Use common-* PAM config files for sshd PAM configuration + +------------------------------------------------------------------- +Mon Oct 25 15:14:49 CEST 2004 - postadal@suse.cz + +- switched heimdal-* to kerberos-devel-packages in #needforbuild + +------------------------------------------------------------------- +Fri Sep 3 15:03:01 CEST 2004 - ro@suse.de + +- fix lib64 issue + +------------------------------------------------------------------- +Tue Aug 31 16:03:54 CEST 2004 - postadal@suse.cz + +- updated to version 3.9p1 + +- removed obsoleted patches: scp-fix.diff and window_change-fix.diff + +------------------------------------------------------------------- +Thu Aug 26 15:40:53 CEST 2004 - postadal@suse.cz + +- added openssh-askpass-gnome subpackage +- added ssh-askpass script for choosing askpass depending on windowmanager + (by Robert Love ) +- build with Smart card support (opensc) [#44289] + +------------------------------------------------------------------- +Tue Aug 17 15:52:20 CEST 2004 - postadal@suse.cz + +- removed old implementation of "Update Messages" [#36059] + +------------------------------------------------------------------- +Thu Aug 12 16:36:53 CEST 2004 - postadal@suse.cz + +- updated to version 3.8p1 + +- removed obsoleted patches: sftp-progress-fix and pam-fix4 + +------------------------------------------------------------------- +Mon Jun 28 16:56:23 CEST 2004 - meissner@suse.de + +- block sigalarm during syslog output or we might deadlock + on recursively entering syslog(). (LTC#9523, SUSE#42354) + +------------------------------------------------------------------- +Wed May 26 15:27:32 CEST 2004 - postadal@suse.cz + +- fixed commented default value for GSSAPI + +------------------------------------------------------------------- +Thu May 20 21:23:27 CEST 2004 - mludvig@suse.cz + +- Load drivers for available hardware crypto accelerators. + +------------------------------------------------------------------- +Fri Apr 30 15:03:39 CEST 2004 - postadal@suse.cz + +- updated README.kerberos (GSSAPICleanupCreds renamed to GSSAPICleanupCredentials) + +------------------------------------------------------------------- +Mon Apr 19 14:41:01 CEST 2004 - postadal@suse.cz + +- updated README.SuSE (GSSAPICleanupCreds renamed to GSSAPICleanupCredentials) + [#39010] + +------------------------------------------------------------------- +Fri Mar 26 17:24:45 CET 2004 - postadal@suse.cz + +- fixed sshd(8) and sshd_config(5) man pages (EAL3) +- fixed spelling errors in README.SuSE [#37086] + +------------------------------------------------------------------- +Thu Mar 25 14:50:50 CET 2004 - postadal@suse.cz + +- fixed change window request [#33177] + +------------------------------------------------------------------- +Mon Mar 22 15:19:15 CET 2004 - postadal@suse.cz + +- updated README.SuSE +- removed %verify from /usr/bin/ssh in specfile + +------------------------------------------------------------------- +Thu Mar 18 15:48:52 CET 2004 - postadal@suse.cz + +- fixed previous fix of security bug in scp [#35443] (CAN-2004-0175) + (was too restrictive) +- fixed permission of /usr/bin/ssh + +------------------------------------------------------------------- +Mon Mar 15 17:56:06 CET 2004 - postadal@suse.cz + +- fixed comments in sshd_config and ssh_config + +------------------------------------------------------------------- +Mon Mar 15 17:25:08 CET 2004 - postadal@suse.cz + +- enabled privilege separation mode (new version fixes a lot of problematic PAM + calling [#30328]) +- fixed security bug in scp [#35443] (CAN-2004-0175) +- reverted to old behaviour of ForwardingX11 [#35836] + (set ForwardX11Trusted to 'yes' by default) +- updated README.SuSE +- fixed pam code (pam-fix4.diff, backported from openssh-SNAP-20040311) + +------------------------------------------------------------------- +Fri Mar 05 13:10:55 CET 2004 - postadal@suse.cz + +- updated README.SuSE (Remote x11 clients are now untrusted by default) [#35368] +- added gssapimitm patch (support for old GSSAPI) + +------------------------------------------------------------------- +Mon Mar 01 18:13:37 CET 2004 - postadal@suse.cz + +- updated to version 3.8p1 + * The "gssapi" support has been replaced with the "gssapi-with-mic" + to fix possible MITM attacks. These two versions are not compatible. + +- removed obsoleted patches: krb5.patch, dns-lookups.patch, pam-fix.diff, + pam-end-fix.diff +- used process forking instead pthreads + (developers fixed bugs in pam calling and they recommended to don't use threads) + +------------------------------------------------------------------- +Tue Feb 24 11:37:17 CET 2004 - postadal@suse.cz + +- fixed the problem with save_argv in sshd.c re-apeared again in version 3.7.1p2 + (it caused bad behaviour after receiving SIGHUP - used by reload of init script) + [#34845] + +------------------------------------------------------------------- +Wed Feb 18 18:06:20 CET 2004 - kukuk@suse.de + +- Real strict-aliasing patch + +------------------------------------------------------------------- +Wed Feb 18 16:04:17 CET 2004 - postadal@suse.cz + +- fixed strict-aliasing patch [#34551] + +------------------------------------------------------------------- +Sat Feb 14 00:20:09 CET 2004 - adrian@suse.de + +- provide SLP registration file /etc/slp.reg.d/ssh.reg + +------------------------------------------------------------------- +Tue Feb 03 15:18:36 CET 2004 - postadal@suse.cz + +- used patch from pam-end-fix.diff [#33132] +- fixed instalation openssh without documentation [#33937] +- fixed auth-pam.c which breaks strict aliasing + +------------------------------------------------------------------- +Mon Jan 19 13:19:32 CET 2004 - meissner@suse.de + +- Added a ; to ssh-key-converter.c to fix gcc 3.4 build. + +------------------------------------------------------------------- +Fri Jan 16 12:57:41 CET 2004 - kukuk@suse.de + +- Add pam-devel to neededforbuild + +------------------------------------------------------------------- +Thu Nov 06 10:14:31 CET 2003 - postadal@suse.cz + +- added /usr/bin/slogin explicitly to %file list [#32921] + +------------------------------------------------------------------- +Sun Nov 2 21:10:35 CET 2003 - adrian@suse.de + +- add %run_permissions to fix build + +------------------------------------------------------------------- +Tue Oct 14 12:23:36 CEST 2003 - postadal@suse.cz + +- reverted value UsePAM to "yes" and set PasswordAuthentication to "no" + in file /etc/ssh/sshd_config (the version 3.7.1p2 disabled PAM support + by default) [#31749] + +------------------------------------------------------------------- +Tue Sep 23 15:02:00 CEST 2003 - draht@suse.de + +- New version 3.7.1p2; signature from 86FF9C48 Damien Miller + verified for source tarball. Bugs fixed with this version: + #31637 (CAN-2003-0786, CAN-2003-0786). Briefly: + 1) SSH1 PAM challenge response auth ignored the result of the + authentication (with privsep off) + 2) The PAM conversation function trashed the stack, by referring + to the **resp parameter as an array of pointers rather than + as a pointer to an array of struct pam_responses. + At least security bug 1) is exploitable. + +------------------------------------------------------------------- +Fri Sep 19 19:56:01 CEST 2003 - postadal@suse.cz + +- use pthreads instead process forking (it needs by pam modules) +- fixed bug in calling pam_setcred [#31025] + (pam-fix.diff - string "FILE:" added to begin of KRB5CCNAME) +- updated README.SuSE +- reverted ChallengeResponseAuthentication option to default value yes + (necessary for pam authentication) [#31432] + +------------------------------------------------------------------- +Thu Sep 18 18:34:33 CEST 2003 - postadal@suse.cz + +- updated to version 3.7.1p1 (with security patches) +- removed obsoleted patches: chauthtok.patch, krb-include-fix.diff, + gssapi-fix.diff, saveargv-fix.diff, gssapi-20030430.diff, racecondition-fix +- updated README.kerberos + +------------------------------------------------------------------- +Tue Sep 16 16:57:02 CEST 2003 - postadal@suse.cz + +- fixed race condition in allocating memory [#31025] (CAN-2003-0693) + +------------------------------------------------------------------- +Mon Sep 15 11:52:20 CEST 2003 - postadal@suse.cz + +- disabled privilege separation, which caused some problems [#30328] + (updated README.SuSE) + +------------------------------------------------------------------- +Thu Sep 04 11:59:39 CEST 2003 - postadal@suse.cz + +- fixed bug in x11-ssh-askpass dialog [#25846] (askpass-fix.diff is workaround for gcc bug) + +------------------------------------------------------------------- +Fri Aug 29 11:39:40 CEST 2003 - kukuk@suse.de + +- Call useradd -r for system account [Bug #29611] + +------------------------------------------------------------------- +Mon Aug 25 10:40:37 CEST 2003 - postadal@suse.cz + +- use new stop_on_removal/restart_on_upate macros +- fixed lib64 problem in /etc/ssh/sshd_config [#28766] + +------------------------------------------------------------------- +Tue Aug 19 11:21:33 CEST 2003 - mmj@suse.de + +- Add sysconfig metadata [#28943] + +------------------------------------------------------------------- +Fri Aug 1 01:57:08 CEST 2003 - ro@suse.de + +- add e2fsprogs-devel to neededforbuild + +------------------------------------------------------------------- +Thu Jul 24 19:47:14 CEST 2003 - postadal@suse.cz + +- updated to version 3.6.1p2 +- added the new version of patch for GSSAPI (gssapi-20030430.diff), + the older one was removed (gssapi.patch) +- added README.kerberos to filelist + +------------------------------------------------------------------- +Tue Jun 3 00:41:08 CEST 2003 - mmj@suse.de + +- Remove files we don't package + +------------------------------------------------------------------- +Wed Apr 02 15:03:44 CEST 2003 - postadal@suse.cz + +- fixed bad behaviour after receiving SIGHUP (this bug caused not working reload of init script) + +------------------------------------------------------------------- +Tue Mar 18 14:25:08 CET 2003 - postadal@suse.cz + +- added $remote_fs to init.d script (needed if /usr is on remote fs [#25577]) + +------------------------------------------------------------------- +Thu Mar 13 17:02:52 CET 2003 - postadal@suse.cz + +- fixed segfault while using GSSAPI for authentication when connecting to localhost (took care about error value of ssh_gssapi_import_name() in function ssh_gssapi_client_ctx()) + +------------------------------------------------------------------- +Mon Mar 10 09:28:31 CET 2003 - kukuk@suse.de + +- Remove extra "/" from pid file path. + +------------------------------------------------------------------- +Mon Mar 03 16:49:24 CET 2003 - postadal@suse.cz + +- modified init.d script (now checking sshd.init.pid instead of port 22) [#24263] + +------------------------------------------------------------------- +Mon Mar 3 16:05:24 CET 2003 - okir@suse.de + +- added comment to /etc/pam.d/ssh on how to enable + support for resmgr (#24363). + +------------------------------------------------------------------- +Fri Feb 21 18:52:05 CET 2003 - postadal@suse.cz + +- added ssh-copy-id shell script [#23745] + +------------------------------------------------------------------- +Fri Feb 14 13:42:14 CET 2003 - postadal@suse.cz + +- given back gssapi and dns-lookups patches + +------------------------------------------------------------------- +Wed Jan 22 23:05:35 CET 2003 - postadal@suse.cz + +- updated to version 3.5p1 +- removed obsolete patches: owl-mm, forced-commands-only, krb +- added patch krb5 (for heimdal) +- temporarily removed gssapi patch and dns-lookups (needs rewriting) +- fix sysconfig metadata + +------------------------------------------------------------------- +Thu Dec 5 10:52:41 CET 2002 - okir@suse.de + +- avoid Kerberos DNS lookups in the default config (#20395) +- added README.kerberos + +------------------------------------------------------------------- +Thu Sep 19 11:00:46 CEST 2002 - postadal@suse.cz + +- added info about changes in the new version of openssh + to README.SuSE [#19757] + +------------------------------------------------------------------- +Mon Sep 2 10:39:24 CEST 2002 - okir@suse.de + +- privsep directory now /var/lib/empty, which is provided by + filesystem package (#17556) + +------------------------------------------------------------------- +Wed Aug 28 05:48:16 CEST 2002 - nashif@suse.de + +- Added insserv & co to PreReq + +------------------------------------------------------------------- +Mon Aug 26 11:57:20 CEST 2002 - okir@suse.de + +- applied patch that adds GSSAPI support in protocol version 2 (#18239) + +------------------------------------------------------------------- +Thu Aug 22 14:09:43 CEST 2002 - postadal@suse.cz + +- added the patch to fix malfunction of PermitRootLogin seted to + forced-commands-only [#17149] + +------------------------------------------------------------------- +Fri Aug 9 14:41:30 CEST 2002 - okir@suse.de + +- syslog now reports kerberos auth method when logging in via + kerberos (#17469) + +------------------------------------------------------------------- +Tue Jul 23 04:34:10 PDT 2002 - okir@suse.de + +- enabled kerberos support +- added patch to support kerberos 5 authentication in privsep mode. +- added missing section 5 manpages +- added missing ssh-keysign to files list (new for privsep) + +------------------------------------------------------------------- +Mon Jul 22 14:16:54 CEST 2002 - okir@suse.de + +- fixed handling of expired passwords in privsep mode + +------------------------------------------------------------------- +Tue Jul 9 13:48:52 CEST 2002 - mmj@suse.de + +- Don't source rc.config + +------------------------------------------------------------------- +Wed Jul 3 01:01:24 CEST 2002 - draht@suse.de + +- ssh-keygen must be told to explicitly create type rsa1 keys + in the start script. + +------------------------------------------------------------------- +Tue Jul 2 12:03:58 CEST 2002 - ro@suse.de + +- useradd/groupadd in preinstall to standardize + +------------------------------------------------------------------- +Sat Jun 29 10:33:18 CEST 2002 - ro@suse.de + +- updated patch from solar: zero out bytes for no longer used pages + in mmap-fallback solution + +------------------------------------------------------------------- +Thu Jun 27 18:07:37 CEST 2002 - ro@suse.de + +- updated owl-fallback.diff from solar + +------------------------------------------------------------------- +Thu Jun 27 17:04:16 CEST 2002 - ro@suse.de + +- update to 3.4p1 + o privilege separation support + o overflow fix from ISS +- unsplit openssh-server and openssh-client + +------------------------------------------------------------------- +Tue Jun 18 12:12:41 CEST 2002 - mmj@suse.de + +- Update to 3.2.3p1 which fixed following compared to 3.2.2p1 + o a defect in the BSD_AUTH access control handling for + o login/tty problems on Solaris (bug #245) + o build problems on Cygwin systems + +- Split the package to openssh, openssh-server, openssh-client and + openssh-askpass + +------------------------------------------------------------------- +Sun May 19 16:15:03 CEST 2002 - mmj@suse.de + +- Updated to 3.2.2p which includes security and several bugfixes. + +------------------------------------------------------------------- +Fri Mar 15 12:05:21 CET 2002 - ro@suse.de + +- added "Obsoletes: ssh" + +------------------------------------------------------------------- +Tue Mar 5 17:15:30 MET 2002 - draht@suse.de + +- security fix for bug in channels.c (channelbug.dif) + +------------------------------------------------------------------- +Fri Mar 1 15:40:59 CET 2002 - bk@suse.de + +- fix ssh-agent example to use eval `ssh-agent -s` and a typo. +- add sentence on use of ssh-agent with startx + +------------------------------------------------------------------- +Tue Feb 26 12:31:21 CET 2002 - bk@suse.de + +- update README.SuSE to improve documentation on protocol version + +------------------------------------------------------------------- +Wed Feb 13 13:15:41 CET 2002 - cihlar@suse.cz + +- rewritten addrlist patch - "0.0.0.0" is removed from list + after "::" is successful [#8951] + +------------------------------------------------------------------- +Mon Feb 11 15:17:32 CET 2002 - cihlar@suse.cz + +- added info about the change of the default protocol version + to README.SuSE + +------------------------------------------------------------------- +Thu Feb 7 12:42:53 CET 2002 - cihlar@suse.cz + +- removed addrlist patch which fixed bug [#8951] as it breaks + functionality on machines with kernel without IPv6 support, + bug reopened, new solution will be find +- switched to default protocol version 2 +- added ssh-keyconvert (thanks Olaf Kirch ) +- removed static linking against libcrypto, as crypt() was removed + from it [#5333] + +------------------------------------------------------------------- +Tue Jan 22 15:43:33 CET 2002 - kukuk@suse.de + +- Add pam_nologin to account management (else it will not be + called if user does not do password authentification) + +------------------------------------------------------------------- +Tue Jan 15 15:49:07 CET 2002 - egmont@suselinux.hu + +- removed colon from shutdown message + +------------------------------------------------------------------- +Thu Jan 10 09:27:50 CET 2002 - cihlar@suse.cz + +- use %{_lib} + +------------------------------------------------------------------- +Thu Dec 13 01:01:36 CET 2001 - ro@suse.de + +- moved rc.config.d -> sysconfig + +------------------------------------------------------------------- +Mon Dec 10 14:07:21 CET 2001 - cihlar@suse.cz + +- removed START_SSHD + +------------------------------------------------------------------- +Fri Dec 7 11:26:22 CET 2001 - cihlar@suse.cz + +- update to version 3.0.2p1: + * CheckMail option in sshd_config is deprecated + * X11 cookies are now stored in $HOME + * fixed a vulnerability in the UseLogin option + * /etc/ssh_known_hosts2 and ~/.ssh/known_hosts2 are obsolete, + /etc/ssh_known_hosts and ~/.ssh/known_hosts can be used + * several minor fixes +- update x11-ssh-askpass to version 1.2.4.1: + * fixed Imakefile.in +- fixed bug in adresses "::" and "0.0.0.0" [#8951] + +------------------------------------------------------------------- +Fri Oct 5 07:34:11 CEST 2001 - cihlar@suse.cz + +- update to version 2.9.9p2 +- removed obsolete clientloop and command patches +- uncommented "HostKey /etc/ssh/ssh_host_rsa_key" in sshd_config +- added German translation of e-mail to sysadmin +- init script fixed to work when more listening sshd runs +- added /bin/netstat to requires + +------------------------------------------------------------------- +Mon Sep 24 14:25:58 CEST 2001 - cihlar@suse.cz + +- fixed security problem with sftp & bypassing + keypair auth restrictions - patch based on CVS +- fixed status part of init script - it returned + running even if there were only sshd of connections + and no listening sshd [#11220] +- fixed stop part of init script - when there was no + /var/run/sshd.pid, all sshd were killed + +------------------------------------------------------------------- +Thu Sep 6 14:31:15 CEST 2001 - nadvornik@suse.cz + +- added patch for correct buffer flushing from CVS [bug #6450] + +------------------------------------------------------------------- +Fri Jul 27 09:05:24 CEST 2001 - cihlar@suse.cz + +- update x11-ssh-askpass to version 1.2.2 + +------------------------------------------------------------------- +Thu Jul 26 10:55:16 CEST 2001 - cihlar@suse.cz + +- update to version 2.9p2 +- removed obsolete "cookies" patch + +------------------------------------------------------------------- +Mon Jun 11 11:21:22 CEST 2001 - cihlar@suse.cz + +- fixed to compile with new xmkmf + +------------------------------------------------------------------- +Thu Jun 7 09:42:23 CEST 2001 - cihlar@suse.cz + +- fixed security bug when any file "cookies" could + be removed by anybody + +------------------------------------------------------------------- +Tue Jun 5 12:49:50 CEST 2001 - bjacke@suse.de + +- generate rsa host key in init script + +------------------------------------------------------------------- +Tue Jun 5 07:59:41 CEST 2001 - cihlar@suse.cz + +- removed complete path from PAM modules + +------------------------------------------------------------------- +Thu May 3 09:36:17 CEST 2001 - cihlar@suse.cz + +- update to version 2.9p1 +- removed obsolete --with-openssl +- removed obsolete man patch + +------------------------------------------------------------------- +Mon Apr 30 07:50:23 CEST 2001 - cihlar@suse.cz + +- enable PAM support + +------------------------------------------------------------------- +Fri Apr 13 11:50:26 CEST 2001 - ro@suse.de + +- fixed specfile for extra README.SuSE + +------------------------------------------------------------------- +Fri Apr 13 08:03:45 CEST 2001 - cihlar@suse.cz + +- fixed init script by new skeleton + +------------------------------------------------------------------- +Thu Mar 22 14:56:50 CET 2001 - cihlar@suse.cz + +- update to version 2.5.2p2 + +------------------------------------------------------------------- +Wed Mar 14 14:12:38 CET 2001 - cihlar@suse.cz + +- fixed ssh man page + +------------------------------------------------------------------- +Mon Mar 12 07:56:37 CET 2001 - cihlar@suse.cz + +- update to version 2.5.1p2 +- added xf86 to neededforbuild + +------------------------------------------------------------------- +Fri Mar 9 15:16:59 CET 2001 - schwab@suse.de + +- Fix missing crypt declaration. + +------------------------------------------------------------------- +Fri Feb 23 08:57:55 CET 2001 - cihlar@suse.cz + +- update to version 2.5.1p1 +- update x11-ssh-askpass to version 1.2.0 + +------------------------------------------------------------------- +Tue Feb 20 11:27:20 CET 2001 - cihlar@suse.cz + +- modified README.SuSE [#4365] +- fixed start script to agree with skeleton +- fixed start script so "stop" kills only sshd + listening for connections +- compiled with --with-openssl +- "ListenAddress 0.0.0.0" in sshd_config commented out - + listen on both ipv4 and ipv6 +- fixed var/adm/notify/messages/openssh_update [#6406] + +------------------------------------------------------------------- +Thu Jan 25 15:02:01 CET 2001 - smid@suse.cz + +- startup script fixed [#5559] + +------------------------------------------------------------------- +Tue Jan 16 09:40:50 CET 2001 - nadvornik@suse.cz + +- libcrypto linked static [#5333] + +------------------------------------------------------------------- +Thu Jan 11 13:41:48 CET 2001 - cihlar@suse.cz + +- uncomment sftp-server part in sshd_config +- added /usr/X11R6/lib/X11/app-defaults/SshAskpass to %files + +------------------------------------------------------------------- +Thu Jan 11 12:37:10 CET 2001 - cihlar@suse.cz + +- fixed %files [#5230] +- fixed installation of x11-ssh-askpass to BuildRoot +- added man pages of x11-ssh-askpass + +------------------------------------------------------------------- +Wed Jan 10 11:54:42 CET 2001 - smid@suse.cz + +- notice about how to enable ipv6 added to mail +- for administrator [#5297] + +------------------------------------------------------------------- +Wed Dec 13 10:43:25 CET 2000 - smid@suse.cz + +- default ipv6 listennig disabled (problems with libc2.2) [#4588] + +------------------------------------------------------------------- +Tue Dec 5 14:03:35 CET 2000 - smid@suse.cz + +- notify message changed + +------------------------------------------------------------------- +Mon Dec 4 21:45:35 CET 2000 - lmuelle@suse.de + +- fixed provides/ conflicts to ssh + +------------------------------------------------------------------- +Thu Nov 30 16:03:34 CET 2000 - smid@suse.cz + +- path to ssh-askpass fixed +- stop in %preun removed +- new init style + +------------------------------------------------------------------- +Sun Nov 26 23:53:53 CET 2000 - schwab@suse.de + +- Restore rcsshd link. + +------------------------------------------------------------------- +Sun Nov 26 15:34:12 CET 2000 - kukuk@suse.de + +- Add openssl-devel to neededforbuild + +------------------------------------------------------------------- +Mon Nov 20 16:11:34 CET 2000 - smid@suse.cz + +- New version 2.3.0 + +------------------------------------------------------------------- +Wed Sep 6 12:52:06 CEST 2000 - smid@suse.cz + +- remove --with-ipv4-default option + +------------------------------------------------------------------- +Wed Jul 5 19:04:28 CEST 2000 - garloff@suse.de + +- ... and tell the sysadmin and user more about what they can do + about it (schwab). + +------------------------------------------------------------------- +Wed Jul 5 00:55:37 CEST 2000 - garloff@suse.de + +- Inform the user (admin) about the fact that the default behaviour + with respect to X11-forwarding has been changed to be disabled. + +------------------------------------------------------------------- +Wed Jun 28 13:11:08 CEST 2000 - smid@suse.cz + +- warning that generating DSA key can an take a long time. + (bugzilla 3015) +- writing to wtmp and lastlog fixed (bugzilla 3024) +- reading config file (parameter Protocol) fixed + +------------------------------------------------------------------- +Fri Jun 16 10:42:52 CEST 2000 - garloff@suse.de + +- Added generation of ssh_host_dsa_key + +------------------------------------------------------------------- +Tue Jun 13 08:32:19 MEST 2000 - nadvornik@suse.cz + +- update to 2.1.1p1 + +------------------------------------------------------------------- +Thu Jun 8 10:10:55 MEST 2000 - cihlar@suse.cz + +- uncommented %clean + +------------------------------------------------------------------- +Fri May 5 13:08:15 CEST 2000 - smid@suse.cz + +- buildroot added +- upgrade to 1.2.3 + +------------------------------------------------------------------- +Tue Mar 21 09:50:57 CET 2000 - kukuk@suse.de + +- Update to 1.2.2p1 + +------------------------------------------------------------------- +Mon Mar 6 12:03:49 CET 2000 - kukuk@suse.de + +- Fix the diff. + +------------------------------------------------------------------- +Sun Mar 5 18:22:07 CET 2000 - kukuk@suse.de + +- Add a README.SuSE with a short description how to use ssh-add + +------------------------------------------------------------------- +Tue Feb 29 21:03:50 CET 2000 - schwab@suse.de + +- Update config.{guess,sub}. + +------------------------------------------------------------------- +Fri Feb 25 11:01:24 CET 2000 - kukuk@suse.de + +- Fix need for build, add group tag. + +------------------------------------------------------------------- +Wed Feb 2 09:23:13 CET 2000 - kukuk@suse.de + +- Change new defaults back to old one + +------------------------------------------------------------------- +Sun Jan 30 12:51:49 CET 2000 - kukuk@suse.de + +- Add x11-ssh-askpass to filelist + +------------------------------------------------------------------- +Fri Jan 28 18:03:50 CET 2000 - kukuk@suse.de + +- Update to OpenSSH 1.2.2 +- Add x11-ssh-askpass-1.0 + +------------------------------------------------------------------- +Tue Jan 25 15:57:09 CET 2000 - kukuk@suse.de + +- Add reload and status to /sbin/init.d/sshd [Bug 1747] + +------------------------------------------------------------------- +Thu Jan 20 17:26:02 CET 2000 - kukuk@suse.de + +- Update to 1.2.1pre27 with IPv6 support + +------------------------------------------------------------------- +Fri Dec 31 21:18:10 CET 1999 - kukuk@suse.de + +- Initial version diff --git a/openssh.spec b/openssh.spec index 496a319..e346b9c 100644 --- a/openssh.spec +++ b/openssh.spec @@ -293,6 +293,7 @@ rm -f %{buildroot}%{_datadir}/Ssh.bin %if %{has_systemd} install -D -m 0755 %{SOURCE9} %{buildroot}%{_sbindir}/sshd-gen-keys-start install -D -m 0644 %{SOURCE10} %{buildroot}%{_unitdir}/sshd.service +ln -s /usr/sbin/service buildroot}%{_sbindir}/rcsshd %endif %pre