Commit Graph

267 Commits

Author SHA256 Message Date
a412ed9d8d - fixed url, added gpg signature
- added gpg signature and keyring from 
  http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh_gzsig_key.pub

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=108
2016-07-25 13:47:29 +00:00
Petr Cerny
6dac324cb7 Accepting request 407066 from home:pcerny:factory
- enable support for SSHv1 protocol and discourage its usage
  (bsc#983307)
- enable DSA by default for backward compatibility and discourage
  its usage (bsc#983784)
  [openssh-7.2p2-allow_DSS_by_default.patch]

- upgrade to 7.2p2
  upstream package without any SUSE patches
  Distilled upstream log:
- OpenSSH 6.7
  Potentially-incompatible changes:
  * sshd(8): The default set of ciphers and MACs has been
    altered to remove unsafe algorithms. In particular, CBC
    ciphers and arcfour* are disabled by default.
    The full set of algorithms remains available if configured
    explicitly via the Ciphers and MACs sshd_config options.
  * sshd(8): Support for tcpwrappers/libwrap has been removed.
  * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of
    connections using the curve25519-sha256@libssh.org KEX
    exchange method to fail when connecting with something that
    implements the specification correctly. OpenSSH 6.7 disables
    this KEX method when speaking to one of the affected
    versions.
  New Features:
  * ssh(1), sshd(8): Add support for Unix domain socket
    forwarding. A remote TCP port may be forwarded to a local
    Unix domain socket and vice versa or both ends may be a Unix
    domain socket.
  * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for
    ED25519 key types.

OBS-URL: https://build.opensuse.org/request/show/407066
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=107
2016-07-07 07:07:23 +00:00
Petr Cerny
b22c39e677 Accepting request 398992 from home:pcerny:factory
OBS-URL: https://build.opensuse.org/request/show/398992
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=106
2016-05-30 15:53:09 +00:00
Petr Cerny
ea9f2c011c Accepting request 398922 from home:pcerny:factory
(removing patches from previous version:
  * CVE-2016-0777_CVE-2016-0778.patch
  * openssh-6.6p1-X11-forwarding.patch
  * openssh-6.6p1-X_forward_with_disabled_ipv6.patch
  * openssh-6.6p1-audit1-remove_duplicit_audit.patch
  * openssh-6.6p1-audit2-better_audit_of_user_actions.patch
  * openssh-6.6p1-audit3-key_auth_usage-fips.patch
  * openssh-6.6p1-audit3-key_auth_usage.patch
  * openssh-6.6p1-audit4-kex_results-fips.patch
  * openssh-6.6p1-audit4-kex_results.patch
  * openssh-6.6p1-audit5-session_key_destruction.patch
  * openssh-6.6p1-audit6-server_key_destruction.patch
  * openssh-6.6p1-audit7-libaudit_compat.patch
  * openssh-6.6p1-audit8-libaudit_dns_timeouts.patch
  * openssh-6.6p1-blocksigalrm.patch
  * openssh-6.6p1-curve25519-6.6.1p1.patch
  * openssh-6.6p1-default-protocol.patch
  * openssh-6.6p1-disable-openssl-abi-check.patch
  * openssh-6.6p1-eal3.patch
  * openssh-6.6p1-fingerprint_hash.patch
  * openssh-6.6p1-fips-checks.patch
  * openssh-6.6p1-fips.patch
  * openssh-6.6p1-gssapi_key_exchange.patch
  * openssh-6.6p1-gssapimitm.patch
  * openssh-6.6p1-host_ident.patch
  * openssh-6.6p1-key-converter.patch
  * openssh-6.6p1-lastlog.patch
  * openssh-6.6p1-ldap.patch
  * openssh-6.6p1-login_options.patch
  * openssh-6.6p1-no_fork-no_pid_file.patch

OBS-URL: https://build.opensuse.org/request/show/398922
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=105
2016-05-30 11:00:44 +00:00
Petr Cerny
b006bb4b85 Accepting request 398857 from home:pcerny:factory
[openssh-7.2p2-X11_trusted_forwarding.patch]
- set UID for lastlog properly 
  [openssh-7.2p2-lastlog.patch]
- enable use of PAM by default 
  [openssh-7.2p2-enable_PAM_by_default.patch]
- copy command line arguments properly 
  [openssh-7.2p2-saveargv-fix.patch]
- do not use pthreads in PAM code 
  [openssh-7.2p2-dont_use_pthreads_in_PAM.patch]
- fix paths in documentation 
  [openssh-7.2p2-eal3.patch]
- prevent race consitions triggered by SIGALRM 
  [openssh-7.2p2-blocksigalrm.patch]
  [openssh-7.2p2-send_locale.patch]
  [openssh-7.2p2-hostname_changes_when_forwarding_X.patch]
  [openssh-7.2p2-remove_xauth_cookies_on_exit.patch]
  [openssh-7.2p2-pts_names_formatting.patch]
- check locked accounts when using PAM 
  [openssh-7.2p2-pam_check_locks.patch]
  [openssh-7.2p2-allow_root_password_login.patch]
  [openssh-7.2p2-disable_short_DH_parameters.patch]
  [openssh-7.2p2-seccomp_getuid.patch,
   openssh-7.2p2-seccomp_stat.patch]

OBS-URL: https://build.opensuse.org/request/show/398857
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=104
2016-05-30 08:23:00 +00:00
Petr Cerny
5093e42eaa Accepting request 398802 from home:pcerny:factory
- upgrade to 7.2p2

- changing license to 2-clause BSD to match source

- enable trusted X11 forwarding by default
  [-X11_trusted_forwarding]
- set UID for lastlog properly [-lastlog]
- enable use of PAM by default [-enable_PAM_by_default]
- copy command line arguments properly [-saveargv-fix]
- do not use pthreads in PAM code [-dont_use_pthreads_in_PAM]
- fix paths in documentation [-eal3]
- prevent race consitions triggered by SIGALRM [-blocksigalrm]
- do send and accept locale environment variables by default
  [-send_locale]
- handle hostnames changes during X forwarding
  [-hostname_changes_when_forwarding_X]
- try to remove xauth cookies on exit
  [-remove_xauth_cookies_on_exit]
- properly format pts names for ?tmp? log files
  [-pts_names_formatting]
- check locked accounts when using PAM [-pam_check_locks]
- chenge default PermitRootLogin to 'yes' to prevent unwanted
  surprises on updates from older versions.
  See README.SUSE for details
  [-allow_root_password_login]
- Disable DH parameters under 2048 bits by default and allow
  lowering the limit back to the RFC 4419 specified minimum
  through an option (bsc#932483, bsc#948902)
  [-disable_short_DH_parameters]
- Add getuid() and stat() syscalls to the seccomp filter

OBS-URL: https://build.opensuse.org/request/show/398802
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=103
2016-05-30 01:36:18 +00:00
Dominique Leuenberger
7c21c564dc Accepting request 392910 from network
fix broken seccomp sandbox (forwarded request 392909 from pcerny)

OBS-URL: https://build.opensuse.org/request/show/392910
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=105
2016-05-05 11:18:08 +00:00
Petr Cerny
252ed8ae18 Accepting request 392909 from home:pcerny:factory
fix broken seccomp sandbox

OBS-URL: https://build.opensuse.org/request/show/392909
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=101
2016-04-29 16:34:58 +00:00
Dominique Leuenberger
7f9fe1884f Accepting request 386262 from network
1

OBS-URL: https://build.opensuse.org/request/show/386262
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=104
2016-04-12 16:59:51 +00:00
6045514505 Accepting request 385260 from home:kukuk:branches:network
- openssh-6.6p1-ldap.patch: replace TRUE/FALSE with 1/0, since
  this defines did come via an indirect header inclusion and are
  not everywhere defined.

OBS-URL: https://build.opensuse.org/request/show/385260
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=99
2016-04-08 12:39:18 +00:00
13651d3d21 restore factory state, so we can fix bugs.
old stuff is still in the old revisions

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=98
2016-04-06 11:34:51 +00:00
Petr Cerny
c818e705ca bothed update, DO NOT TOUCH UNITL PROPERLY REVIEWED
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=97
2016-02-17 19:00:04 +00:00
Petr Cerny
b83f96744f Accepting request 358392 from home:elvigia:branches:network
- openssh-alloc_size.patch: anotate xmalloc.h with alloc_size
 attribute so the compiler knows these functions allocate memory
 so overflow or misuse can be detected sooner.
- openssh-allow_getrandom.patch; allow the getrandom(2) system
  call in the seccomp sandbox, upstream commit 26ad18247213
- openssh-fix-b64_xx-detection.patch: configure.ac has incorrect
  tests for b64_ntop, b64_pton on linux/glibc.

OBS-URL: https://build.opensuse.org/request/show/358392
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=96
2016-02-10 15:40:35 +00:00
Ismail Dönmez
642f5e8889 Accepting request 354941 from home:scarabeus_iv:branches:network
- Cleanup with spec-cleaner
- Update of the master OpenSSH to 7.1p2

- Take refreshed and updated audit patch from redhat
  * Remove our old patches:
    + openssh-6.6p1-audit1-remove_duplicit_audit.patch
    + openssh-6.6p1-audit2-better_audit_of_user_actions.patch
    + openssh-6.6p1-audit3-key_auth_usage-fips.patch
    + openssh-6.6p1-audit3-key_auth_usage.patch
    + openssh-6.6p1-audit4-kex_results-fips.patch
    + openssh-6.6p1-audit4-kex_results.patch
    + openssh-6.6p1-audit5-session_key_destruction.patch
    + openssh-6.6p1-audit6-server_key_destruction.patch
    + openssh-6.6p1-audit7-libaudit_compat.patch
    + openssh-6.6p1-audit8-libaudit_dns_timeouts.patch
  * add openssh-6.7p1-audit.patch
- Reenable the openssh-6.6p1-ldap.patch
- Update the fips patch from RH build openssh-6.6p1-fips.patch
- Update and refresh openssh-6.6p1-gssapi_key_exchange.patch
- Remove fips-check patch as it is merged to fips patch
  * openssh-6.6p1-fips-checks.patch
- Rebase and enable chroot patch:
  * openssh-6.6p1-sftp_homechroot.patch
- Reenable rebased patch for linux seed:
  * openssh-6.6p1-seed-prng.patch
- Reenable key converting patch:
  * openssh-6.6p1-key-converter.patch

- Version update to 7.1p2:
  * various upstream bugfixes and cleanups

OBS-URL: https://build.opensuse.org/request/show/354941
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=95
2016-01-21 07:28:30 +00:00
Dominique Leuenberger
52f32e2ae4 Accepting request 353732 from network
1

OBS-URL: https://build.opensuse.org/request/show/353732
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=103
2016-01-16 10:55:44 +00:00
Ismail Dönmez
1c5ff2cc6c Accepting request 353717 from home:AndreasStieger:branches:network
Security update for OpenSSH
CVE-2016-0777, bsc#961642, CVE-2016-0778, bsc#961645
https://lists.mindrot.org/pipermail/openssh-unix-announce/2016-January/000124.html

OBS-URL: https://build.opensuse.org/request/show/353717
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=93
2016-01-14 16:36:52 +00:00
Dominique Leuenberger
d41fccc195 Accepting request 282346 from network
Automatic submission by obs-autosubmit

OBS-URL: https://build.opensuse.org/request/show/282346
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=102
2015-01-23 15:19:13 +00:00
d9f8a6a210 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=91 2015-01-12 10:45:13 +00:00
a86956def1 - gpg signature and keyring added.
pub  3200R/6D920D30 2013-12-10 [expires: 2021-01-01]
  uid                            Damien Miller <djm@mindrot.org>
  sub  3200R/672A1105 2013-12-10 [expires: 2021-01-01]

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=90
2015-01-12 10:35:52 +00:00
Dominique Leuenberger
a152efbbef Accepting request 266606 from network
1

OBS-URL: https://build.opensuse.org/request/show/266606
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=101
2014-12-31 10:21:54 +00:00
c00691fb64 Accepting request 266550 from home:Ledest:bashisms
fix bashisms in sshd.init script

OBS-URL: https://build.opensuse.org/request/show/266550
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=88
2014-12-29 09:01:00 +00:00
Stephan Kulow
c1b4a427de Accepting request 255040 from network
1

OBS-URL: https://build.opensuse.org/request/show/255040
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=100
2014-10-14 11:24:33 +00:00
Andrey Karepin
de58418da6 Accepting request 254673 from home:WernerFink:branches:network
- Ensure that ssh can use the ssh support of the gpg-agent (boo#899647)

OBS-URL: https://build.opensuse.org/request/show/254673
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=86
2014-10-11 07:28:34 +00:00
Stephan Kulow
b60cc98eb2 Accepting request 241776 from network
Do not depend on insserv if the package build with systemd support;
  it's useless (forwarded request 241774 from posophe)

OBS-URL: https://build.opensuse.org/request/show/241776
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=98
2014-07-24 04:58:23 +00:00
Petr Cerny
9913e17746 Accepting request 241774 from home:posophe:branches:network
Do not depend on insserv if the package build with systemd support;
  it's useless

OBS-URL: https://build.opensuse.org/request/show/241774
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=84
2014-07-21 16:02:23 +00:00
Stephan Kulow
28b55ed663 Accepting request 234675 from network
- Remove tcpwrappers support now, This feature was removed
  in upstream code at the end of April and the underlying
  libraries are abandonware.
  See: http://comments.gmane.org/gmane.linux.suse.general/348119 (forwarded request 234473 from elvigia)

OBS-URL: https://build.opensuse.org/request/show/234675
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=97
2014-05-22 07:04:15 +00:00
Petr Cerny
4187c8a645 Accepting request 234473 from home:elvigia:branches:network
- Remove tcpwrappers support now, This feature was removed
  in upstream code at the end of April and the underlying
  libraries are abandonware.
  See: http://comments.gmane.org/gmane.linux.suse.general/348119

OBS-URL: https://build.opensuse.org/request/show/234473
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=82
2014-05-19 10:15:21 +00:00
Stephan Kulow
c7fda0bd32 Accepting request 231428 from network
- curve25519 key exchange fix (-curve25519-6.6.1p1.patch)
- patch re-ordering (-audit3-key_auth_usage-fips.patch,
    -audit4-kex_results-fips.patch) (forwarded request 231427 from pcerny)

OBS-URL: https://build.opensuse.org/request/show/231428
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=96
2014-04-26 15:02:02 +00:00
Petr Cerny
9fb40d132b Accepting request 231427 from home:pcerny:factory
- curve25519 key exchange fix (-curve25519-6.6.1p1.patch)
- patch re-ordering (-audit3-key_auth_usage-fips.patch,
    -audit4-kex_results-fips.patch)

OBS-URL: https://build.opensuse.org/request/show/231427
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=80
2014-04-25 13:11:58 +00:00
Andrey Karepin
4dd2bec462 Accepting request 230928 from home:namtrac:bugfix
- Add fix-curve25519-kex.patch to fix a key-exchange problem
  with curve25519-sha256@libssh.org, see
  http://marc.info/?l=openssh-unix-dev&m=139797807804698&w=2

OBS-URL: https://build.opensuse.org/request/show/230928
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=79
2014-04-24 10:08:13 +00:00
Tomáš Chvátal
8d7787adc5 Accepting request 230190 from network
- Update of the underlying OpenSSH to 6.6p1

- Remove uneeded dependency on the OpenLDAP server (openldap2)
  from openssh-helpers. openssh-helpers just depends on the 
  openldap client libraries, which will be auto-generated by rpm.

- update to 6.6p1
  Security:
  * sshd(8): when using environment passing with a sshd_config(5)
    AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could
    be tricked into accepting any enviornment variable that
    contains the characters before the wildcard character.
  Features since 6.5p1:
  * ssh(1), sshd(8): removal of the J-PAKE authentication code,
    which was experimental, never enabled and has been
    unmaintained for some time.
  * ssh(1): skip 'exec' clauses other clauses predicates failed
    to match while processing Match blocks.
  * ssh(1): if hostname canonicalisation is enabled and results
    in the destination hostname being changed, then re-parse
    ssh_config(5) files using the new destination hostname. This
    gives 'Host' and 'Match' directives that use the expanded
    hostname a chance to be applied.
  Bugfixes:
  * ssh(1): avoid spurious "getsockname failed: Bad file
    descriptor" in ssh -W. bz#2200, debian#738692
  * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and
    systrace sandbox modes, as it is reachable if the connection
    is terminated during the pre-auth phase.
  * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1

OBS-URL: https://build.opensuse.org/request/show/230190
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=95
2014-04-17 12:43:46 +00:00
Petr Cerny
5b66f43acd Accepting request 230167 from home:rhafer:branches:network
OBS-URL: https://build.opensuse.org/request/show/230167
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=77
2014-04-15 11:28:24 +00:00
Petr Cerny
efb05e6527 Accepting request 230097 from home:pcerny:factory
- Update of the underlying OpenSSH to 6.6p1

- update to 6.6p1
  Security:
  * sshd(8): when using environment passing with a sshd_config(5)
    AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could
    be tricked into accepting any enviornment variable that
    contains the characters before the wildcard character.
  Features since 6.5p1:
  * ssh(1), sshd(8): removal of the J-PAKE authentication code,
    which was experimental, never enabled and has been
    unmaintained for some time.
  * ssh(1): skip 'exec' clauses other clauses predicates failed
    to match while processing Match blocks.
  * ssh(1): if hostname canonicalisation is enabled and results
    in the destination hostname being changed, then re-parse
    ssh_config(5) files using the new destination hostname. This
    gives 'Host' and 'Match' directives that use the expanded
    hostname a chance to be applied.
  Bugfixes:
  * ssh(1): avoid spurious "getsockname failed: Bad file
    descriptor" in ssh -W. bz#2200, debian#738692
  * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and
    systrace sandbox modes, as it is reachable if the connection
    is terminated during the pre-auth phase.
  * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1
    bignum parsing. Minimum key length checks render this bug
    unexploitable to compromise SSH 1 sessions.
  * sshd_config(5): clarify behaviour of a keyword that appears
    in multiple matching Match blocks. bz#2184

OBS-URL: https://build.opensuse.org/request/show/230097
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=76
2014-04-14 21:53:01 +00:00
Stephan Kulow
0ea9e47b8b Accepting request 227709 from network
- Update openssh-6.5p1-audit4-kex_results.patch to ensure that
  we don't pass a NULL string to buffer_put_cstring. This happens
  when you have "Ciphers chacha20-poly1305@openssh.com" directive. (forwarded request 227423 from namtrac)

OBS-URL: https://build.opensuse.org/request/show/227709
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=94
2014-03-31 18:43:01 +00:00
f722726301 Accepting request 227423 from home:namtrac:bugfix
- Update openssh-6.5p1-audit4-kex_results.patch to ensure that
  we don't pass a NULL string to buffer_put_cstring. This happens
  when you have "Ciphers chacha20-poly1305@openssh.com" directive.

OBS-URL: https://build.opensuse.org/request/show/227423
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=74
2014-03-27 10:02:56 +00:00
Stephan Kulow
08c1d7d9f8 Accepting request 226335 from network
- re-enabling the GSSAPI Key Exchange patch 
!!! currently breaks anythng else than Factory (forwarded request 226334 from pcerny)

OBS-URL: https://build.opensuse.org/request/show/226335
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=93
2014-03-18 15:21:25 +00:00
Petr Cerny
5d4cc441c8 Accepting request 226334 from home:pcerny:factory
- re-enabling the GSSAPI Key Exchange patch 
!!! currently breaks anythng else than Factory

OBS-URL: https://build.opensuse.org/request/show/226334
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=72
2014-03-17 02:46:40 +00:00
Stephan Kulow
c8d3d86692 Accepting request 224303 from network
- re-enabling FIPS-enablement patch
- enable X11 forwarding when IPv6 is present but disabled on server
  (bnc#712683, FATE#31503; -X_forward_with_disabled_ipv6.patch) (forwarded request 224302 from pcerny)

OBS-URL: https://build.opensuse.org/request/show/224303
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=92
2014-03-01 20:20:10 +00:00
Petr Cerny
25f021b853 Accepting request 224302 from home:pcerny:factory
- re-enabling FIPS-enablement patch
- enable X11 forwarding when IPv6 is present but disabled on server
  (bnc#712683, FATE#31503; -X_forward_with_disabled_ipv6.patch)

OBS-URL: https://build.opensuse.org/request/show/224302
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=70
2014-03-01 00:05:55 +00:00
Stephan Kulow
36c921d588 Accepting request 223064 from network
- openssh-6.5p1-seccomp_getuid.patch: re-enabling the seccomp sandbox
  (allowing use of the getuid syscall) (bnc#864171)

OBS-URL: https://build.opensuse.org/request/show/223064
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=91
2014-02-21 18:52:29 +00:00
5f397d839b - openssh-6.5p1-seccomp_getuid.patch: re-enabling the seccomp sandbox
(allowing use of the getuid syscall) (bnc#864171)

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=68
2014-02-19 13:30:54 +00:00
5ada588ef0 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=67 2014-02-19 13:22:51 +00:00
Petr Cerny
f2774839fb Accepting request 222710 from home:pcerny:factory
- re-enabling the seccomp sandbox
  (allowing use of getuid the syscall)

OBS-URL: https://build.opensuse.org/request/show/222710
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=66
2014-02-18 13:04:57 +00:00
Petr Cerny
eedbb4ea75 Accepting request 222560 from home:pcerny:factory
- reverting to rlimit sandbox even for newer distributions, since
  it seems not to work properly (bnc#864171)

OBS-URL: https://build.opensuse.org/request/show/222560
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=65
2014-02-17 11:31:08 +00:00
Stephan Kulow
f53e0cfba2 Accepting request 222366 from network
- Update of the underlying OpenSSH to 6.5p1

- Update to 6.5p1
  Features since 6.4p1:
  * ssh(1), sshd(8): support for key exchange using ECDH in
    Daniel Bernstein's Curve25519; default when both the client
    and server support it.
  * ssh(1), sshd(8): support for Ed25519 as a public key type fo
    rboth server and client.  Ed25519 is an EC signature offering
    better security than ECDSA and DSA and good performance.
  * Add a new private key format that uses a bcrypt KDF to better
    protect keys at rest. Used unconditionally for Ed25519 keys,
    on demand for other key types via the -o ssh-keygen(1)
    option.  Intended to become default in the near future.
    Details documented in PROTOCOL.key.
  * ssh(1), sshd(8): new transport cipher
    "chacha20-poly1305@openssh.com" combining Daniel Bernstein's
    ChaCha20 stream cipher and Poly1305 MAC to build an
    authenticated encryption mode. Details documented
    PROTOCOL.chacha20poly1305.
  * ssh(1), sshd(8): refuse RSA keys from old proprietary clients
    and servers that use the obsolete RSA+MD5 signature scheme.
    It will still be possible to connect with these
    clients/servers but only DSA keys will be accepted, and
    OpenSSH will refuse connection entirely in a future release.
  * ssh(1), sshd(8): refuse old proprietary clients and servers
    that use a weaker key exchange hash calculation.
  * ssh(1): increase the size of the Diffie-Hellman groups
    requested for each symmetric key size. New values from NIST
    Special Publication 800-57 with the upper limit specified by (forwarded request 222365 from pcerny)

OBS-URL: https://build.opensuse.org/request/show/222366
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=90
2014-02-15 16:17:36 +00:00
Petr Cerny
08f9072513 Accepting request 222365 from home:pcerny:factory
- Update of the underlying OpenSSH to 6.5p1

- Update to 6.5p1
  Features since 6.4p1:
  * ssh(1), sshd(8): support for key exchange using ECDH in
    Daniel Bernstein's Curve25519; default when both the client
    and server support it.
  * ssh(1), sshd(8): support for Ed25519 as a public key type fo
    rboth server and client.  Ed25519 is an EC signature offering
    better security than ECDSA and DSA and good performance.
  * Add a new private key format that uses a bcrypt KDF to better
    protect keys at rest. Used unconditionally for Ed25519 keys,
    on demand for other key types via the -o ssh-keygen(1)
    option.  Intended to become default in the near future.
    Details documented in PROTOCOL.key.
  * ssh(1), sshd(8): new transport cipher
    "chacha20-poly1305@openssh.com" combining Daniel Bernstein's
    ChaCha20 stream cipher and Poly1305 MAC to build an
    authenticated encryption mode. Details documented
    PROTOCOL.chacha20poly1305.
  * ssh(1), sshd(8): refuse RSA keys from old proprietary clients
    and servers that use the obsolete RSA+MD5 signature scheme.
    It will still be possible to connect with these
    clients/servers but only DSA keys will be accepted, and
    OpenSSH will refuse connection entirely in a future release.
  * ssh(1), sshd(8): refuse old proprietary clients and servers
    that use a weaker key exchange hash calculation.
  * ssh(1): increase the size of the Diffie-Hellman groups
    requested for each symmetric key size. New values from NIST
    Special Publication 800-57 with the upper limit specified by

OBS-URL: https://build.opensuse.org/request/show/222365
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=63
2014-02-14 14:54:10 +00:00
b189026b63 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=62 2014-02-11 08:14:49 +00:00
e282a93fa2 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=61 2014-02-11 08:14:43 +00:00
db5db0c1c2 - add a rcsshd symlink to /usr/sbin/service
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=60
2014-02-11 07:43:47 +00:00
7d3e25f02e Accepting request 221224 from home:namtrac:bugfix
- Add openssh-6.2p1-forcepermissions.patch to implement a force
  permissions mode (fate#312774). The patch is based on
  http://marc.info/?l=openssh-unix-dev&m=128896838930893

OBS-URL: https://build.opensuse.org/request/show/221224
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=59
2014-02-08 10:47:01 +00:00