Commit Graph

4 Commits

Author SHA256 Message Date
Tomáš Chvátal
7bccbbd821 Accepting request 642573 from home:scarabeus_iv:branches:network
- Update to 7.8p1:
  * no actual changes for the askpass
- Format with spec-cleaner
- Respect cflags
- Use gtk3 rather than gtk2 which is being phased out

- Remove the mention of the SLE12 in the README.SUSE
- Install firewall rules only when really needed (<SLE15)

- Version update to 7.8p1:
  * For most details see release notes file
  * ssh-keygen(1): write OpenSSH format private keys by default
    instead of using OpenSSL's PEM format
- Rebase patches to apply on 7.8p1 release:
  * openssh-7.7p1-fips.patch
  * openssh-7.7p1-cavstest-kdf.patch
  * openssh-7.7p1-fips_checks.patch
  * openssh-7.7p1-gssapi_key_exchange.patch
  * openssh-7.7p1-audit.patch
  * openssh-7.7p1-openssl_1.1.0.patch
  * openssh-7.7p1-ldap.patch
  * openssh-7.7p1-IPv6_X_forwarding.patch
  * openssh-7.7p1-sftp_print_diagnostic_messages.patch
  * openssh-7.7p1-disable_short_DH_parameters.patch
  * openssh-7.7p1-hostname_changes_when_forwarding_X.patch
  * openssh-7.7p1-pam_check_locks.patch
  * openssh-7.7p1-seed-prng.patch
  * openssh-7.7p1-systemd-notify.patch
  * openssh-7.7p1-X11_trusted_forwarding.patch
- Dropped patches:

OBS-URL: https://build.opensuse.org/request/show/642573
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=153
2018-10-17 08:57:56 +00:00
Petr Cerny
a03a137de1 Accepting request 563724 from home:pcerny:factory
reworking packaging, gssapi kex patch

OBS-URL: https://build.opensuse.org/request/show/563724
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=128
2018-01-12 00:42:53 +00:00
Petr Cerny
b813991fe5 Accepting request 551548 from home:pcerny:factory
- upgrade to 7.6p1
  see main package changelog for details

- Replace references to /var/adm/fillup-templates with new 
  %_fillupdir macro (boo#1069468)

- Update to vanilla 7.6p1
  Most important changes (more details below):
  * complete removal of the ancient SSHv1 protocol
  * sshd(8) cannot run without privilege separation
  * removal of suport for arcfourm blowfish and CAST ciphers
    and RIPE-MD160 HMAC
  * refuse RSA keys shorter than 1024 bits
  Distilled upstream log:
- OpenSSH 7.3
  ---- Security
  * sshd(8): Mitigate a potential denial-of-service attack
    against the system's crypt(3) function via sshd(8). An
    attacker could send very long passwords that would cause
    excessive CPU use in crypt(3). sshd(8) now refuses to accept
    password authentication requests of length greater than 1024
    characters. Independently reported by Tomas Kuthan (Oracle),
    Andres Rojas and Javier Nieto.
  * sshd(8): Mitigate timing differences in password
    authentication that could be used to discern valid from
    invalid account names when long passwords were sent and
    particular password hashing algorithms are in use on the
    server. CVE-2016-6210, reported by EddieEzra.Harari at
    verint.com
  * ssh(1), sshd(8): Fix observable timing weakness in the CBC

OBS-URL: https://build.opensuse.org/request/show/551548
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=127
2017-12-05 12:47:07 +00:00
Petr Cerny
5093e42eaa Accepting request 398802 from home:pcerny:factory
- upgrade to 7.2p2

- changing license to 2-clause BSD to match source

- enable trusted X11 forwarding by default
  [-X11_trusted_forwarding]
- set UID for lastlog properly [-lastlog]
- enable use of PAM by default [-enable_PAM_by_default]
- copy command line arguments properly [-saveargv-fix]
- do not use pthreads in PAM code [-dont_use_pthreads_in_PAM]
- fix paths in documentation [-eal3]
- prevent race consitions triggered by SIGALRM [-blocksigalrm]
- do send and accept locale environment variables by default
  [-send_locale]
- handle hostnames changes during X forwarding
  [-hostname_changes_when_forwarding_X]
- try to remove xauth cookies on exit
  [-remove_xauth_cookies_on_exit]
- properly format pts names for ?tmp? log files
  [-pts_names_formatting]
- check locked accounts when using PAM [-pam_check_locks]
- chenge default PermitRootLogin to 'yes' to prevent unwanted
  surprises on updates from older versions.
  See README.SUSE for details
  [-allow_root_password_login]
- Disable DH parameters under 2048 bits by default and allow
  lowering the limit back to the RFC 4419 specified minimum
  through an option (bsc#932483, bsc#948902)
  [-disable_short_DH_parameters]
- Add getuid() and stat() syscalls to the seccomp filter

OBS-URL: https://build.opensuse.org/request/show/398802
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=103
2016-05-30 01:36:18 +00:00