Commit Graph

6 Commits

Author SHA256 Message Date
717dd2da2c - Don't force using gcc11 on SLFO/ALP which have a newer version.
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=280
2024-10-28 11:22:01 +00:00
33d804a345 - Add patches from upstream:
- To fix a copy&paste oversight in an ifdef :
  * 0001-fix-utmpx-ifdef.patch
  - To fix a regression introduced when the "Match" criteria
    tokenizer was modified since it stopped supporting the
    "Match criteria=argument" format:
  * 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch
  - To fix the previous patch which broke on negated Matches:
  * 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch
  - To fix the ML-KEM768x25519 kex algorithm on big-endian systems:
  * 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=279
2024-10-28 11:16:49 +00:00
219dd97d90 - Use %{with ...} instead of 0%{with ...}
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=278
2024-10-14 15:20:38 +00:00
77273f8679 Updated the patch with a suggestion from upstream.
- Add a patch to fix a regression introduced in 9.6 that makes X11
  forwarding very slow. Submitted to upstream in
  https://bugzilla.mindrot.org/show_bug.cgi?id=3655#c4 . Fixes
  bsc#1229449:
  * fix-x11-regression-bsc1229449.patch
- Remove empty line at the end of sshd-sle.pamd (bsc#1227456)

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=277
2024-10-14 06:33:00 +00:00
a77a72fabb - Add a const to the openssl 1.1/RSA section of sshkey_is_private
to keep it similar to what it used before the 9.9 rebase:
  * openssh-8.1p1-audit.patch
- Add a openssl11 bcond to the spec file for the SLE12 case
  instead of checking suse_version in different parts.
- Move conditional patches to a number >= 1000.

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=276
2024-09-25 11:55:37 +00:00
3f6eda5c88 - Update to openssh 9.9p1:
* No changes for askpass, see main package changelog for
    details.

- Update to openssh 9.9p1:
  = Future deprecation notice
  * OpenSSH plans to remove support for the DSA signature algorithm
    in early 2025. This release disables DSA by default at compile
    time. DSA, as specified in the SSHv2 protocol, is inherently
    weak - being limited to a 160 bit private key and use of the
    SHA1 digest. Its estimated security level is only 80 bits
    symmetric equivalent.
    OpenSSH has disabled DSA keys by default since 2015 but has
    retained run-time optional support for them. DSA was the only
    mandatory-to-implement algorithm in the SSHv2 RFCs, mostly
    because alternative algorithms were encumbered by patents when
    the SSHv2 protocol was specified.
    This has not been the case for decades at this point and better
    algorithms are well supported by all actively-maintained SSH
    implementations. We do not consider the costs of maintaining
    DSA in OpenSSH to be justified and hope that removing it from
    OpenSSH can accelerate its wider deprecation in supporting
    cryptography libraries.
  = Potentially-incompatible changes
  * ssh(1): remove support for pre-authentication compression.
    OpenSSH has only supported post-authentication compression in
    the server for some years. Compression before authentication
    significantly increases the attack surface of SSH servers and
    risks creating oracles that reveal information about
    information sent during authentication.

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=275
2024-09-25 08:42:29 +00:00