Commit Graph

368 Commits

Author SHA256 Message Date
Ana Guerrero
d5d292d413 Accepting request 1185823 from network
OBS-URL: https://build.opensuse.org/request/show/1185823
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=180
2024-07-08 17:06:54 +00:00
869b2ae788 - Add patch from upstream to fix proxy multiplexing mode:
* 0001-upstream-fix-proxy-multiplexing-mode_-broken-when-keystroke.patch
- Add patch from upstream to restore correctly sigprocmask
  * 0001-upstream-correctly-restore-sigprocmask-around-ppoll.patch
- Add patch from upstream to fix a logic error in
  ObscureKeystrokeTiming that rendered this feature ineffective,
  allowing a passive observer to detect which network packets
  contained real keystrokes (bsc#1227318, CVE-2024-39894):
  * 0001-upstream-when-sending-ObscureKeystrokeTiming-chaff-packets_.patch

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=271
2024-07-05 19:01:36 +00:00
45f6d17800 - Add obsoletes for openssh-server-config-rootlogin since that
package existed for a brief period of time during SLE 15 SP6/
  Leap 15.6 development but even if it was removed from the
  repositories before GM, some users might have it in their
  systems from having tried a beta/RC release (boo#1227350).

    quoting was present in the user-supplied ssh_config(5) directive
    (bsc#1218215, CVE-2023-51385).

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=270
2024-07-05 11:34:53 +00:00
Ana Guerrero
414e74b526 Accepting request 1184302 from network
OBS-URL: https://build.opensuse.org/request/show/1184302
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=179
2024-07-02 16:16:12 +00:00
0aa4b1876f - Add patch to fix a race condition in a signal handler by removing
the async-signal-unsafe code (CVE-2024-6387, bsc#1226642):
  * fix-CVE-2024-6387.patch

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=269
2024-07-01 11:50:15 +00:00
Ana Guerrero
909e5eb8e7 Accepting request 1179624 from network
OBS-URL: https://build.opensuse.org/request/show/1179624
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=178
2024-06-10 15:37:06 +00:00
b4dab4a6f7 Accepting request 1179619 from home:alarrosa:branches:network:openssh
- Add #include <stdlib.h> in some files added by the ldap patch to
  fix build with gcc14 (boo#1225904).
  * openssh-7.7p1-ldap.patch

OBS-URL: https://build.opensuse.org/request/show/1179619
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=268
2024-06-10 07:34:57 +00:00
Ana Guerrero
9b110f7def Accepting request 1174781 from network
OBS-URL: https://build.opensuse.org/request/show/1174781
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=177
2024-05-17 18:03:57 +00:00
e11bee9499 Accepting request 1174779 from home:alarrosa:branches:network:openssh-permit-root-login
- Remove the recommendation for openssh-server-config-rootlogin
  from openssh-server. Since the default for that config option
  was changed in SLE it's not needed anymore in SLE nor in TW
  (boo#1224392).

- Add a warning in %post of openssh-clients, openssh-server and 
  openssh-server-config-disallow-rootlogin to warn the user if
  the /etc/ssh/(ssh_config.d|sshd_config.d) directories are not
  being used (bsc#1223486).

OBS-URL: https://build.opensuse.org/request/show/1174779
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=267
2024-05-17 08:01:30 +00:00
Dominique Leuenberger
b81f1e76c1 https://bugzilla.opensuse.org/show_bug.cgi?id=1224392
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=176
2024-05-17 07:34:04 +00:00
Ana Guerrero
5d0cbae36f Accepting request 1173885 from network
OBS-URL: https://build.opensuse.org/request/show/1173885
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=175
2024-05-15 19:25:44 +00:00
f2379e82ce Accepting request 1173783 from home:alarrosa:branches:network:openssh-permit-root-login
- Only for SLE15, restore the patch file removed in
  Thu Feb 18 13:54:44 UTC 2021 to restore the previous behaviour
  from SP5 of having root password login allowed by default
  (fixes bsc#1223486, related to bsc#1173067):
  * openssh-7.7p1-allow_root_password_login.patch
- Since the default value for this config option is now set to
  permit root to use password logins in SLE15, the
  openssh-server-config-rootlogin subpackage isn't useful there so 
  we now create an openssh-server-config-disallow-rootlogin
  subpackage that sets the configuration the other way around
  than openssh-server-config-rootlogin.

OBS-URL: https://build.opensuse.org/request/show/1173783
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=266
2024-05-14 06:52:13 +00:00
Ana Guerrero
04d08a5024 Accepting request 1167856 from network
OBS-URL: https://build.opensuse.org/request/show/1167856
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=174
2024-04-16 18:03:15 +00:00
9d3cbd48d5 Accepting request 1167855 from home:alarrosa:branches:network
Add bugzilla reference to bsc#1221005

OBS-URL: https://build.opensuse.org/request/show/1167855
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=265
2024-04-15 17:00:32 +00:00
6016b8b08a Accepting request 1167816 from home:msmeissn:branches:network
- openssh-8.0p1-gssapi-keyex.patch: Added missing struct initializer,
  added missing parameter (bsc#1222840)

OBS-URL: https://build.opensuse.org/request/show/1167816
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=264
2024-04-15 15:41:38 +00:00
1f2a4cd9cc Accepting request 1167038 from home:alarrosa:branches:network
- Make openssh-server recommend the openssh-server-config-rootlogin
  package in SLE in order to keep the same behaviour of previous
  SPs where the PermitRootLogin default was set to yes.
- Fix crypto-policies requirement to be set by openssh-server, not
  the config-rootlogin subpackage.
- Add back %config(noreplace) tag for more config files that were
  already set like this in previous SPs.

OBS-URL: https://build.opensuse.org/request/show/1167038
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=263
2024-04-15 06:21:11 +00:00
Ana Guerrero
e40d53fa8e Accepting request 1166980 from network
OBS-URL: https://build.opensuse.org/request/show/1166980
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=173
2024-04-14 09:53:40 +00:00
83215f33b6 Accepting request 1166764 from home:Arnavion
- Fix duplicate loading of dropins. (boo#1222467)

OBS-URL: https://build.opensuse.org/request/show/1166764
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=262
2024-04-12 06:38:08 +00:00
Ana Guerrero
6b2f2760ef Accepting request 1166157 from network
OBS-URL: https://build.opensuse.org/request/show/1166157
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=172
2024-04-08 15:37:41 +00:00
2793e0783a Accepting request 1166156 from home:alarrosa:branches:network
Add one more bsc/CVE reference

OBS-URL: https://build.opensuse.org/request/show/1166156
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=261
2024-04-08 11:15:17 +00:00
2f5a8dd315 Accepting request 1165554 from home:alarrosa:branches:network
- Add missing bugzilla/CVE references to the changelog

OBS-URL: https://build.opensuse.org/request/show/1165554
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=260
2024-04-05 11:11:29 +00:00
b0b10ece31 Accepting request 1165549 from home:alarrosa:branches:network2
- Add patch from SLE which was missing in Factory:
  * Mon Jun  7 20:54:09 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
- Add openssh-mitigate-lingering-secrets.patch (bsc#1186673), which
  attempts to mitigate instances of secrets lingering in memory
  after a session exits. (bsc#1213004 bsc#1213008) 
- Rebase patch:
  * openssh-6.6p1-privsep-selinux.patch

OBS-URL: https://build.opensuse.org/request/show/1165549
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=259
2024-04-05 11:08:11 +00:00
2399b4e4c2 Accepting request 1165438 from home:alarrosa:branches:network2
Forward a fix for a patch from SLE
   
- Rebase openssh-7.7p1-fips.patch (bsc#1221928) 
  Remove OPENSSL_HAVE_EVPGCM-ifdef, which is no longer supported by
  upstream

OBS-URL: https://build.opensuse.org/request/show/1165438
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=258
2024-04-05 07:57:21 +00:00
Ana Guerrero
bf408fc2b0 Accepting request 1164536 from network
OBS-URL: https://build.opensuse.org/request/show/1164536
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=171
2024-04-04 20:24:47 +00:00
c133b2d567 Accepting request 1164145 from home:alarrosa:branches:network
- Use %config(noreplace) for sshd_config . In any case, it's
  recommended to drop a file in sshd_config.d instead of editing
  sshd_config (bsc#1221063)
- Use %{_libexecdir} when removing ssh-keycat instead of the
  hardcoded path so it works in TW and SLE.

OBS-URL: https://build.opensuse.org/request/show/1164145
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=257
2024-04-04 09:11:43 +00:00
5252cd62e2 Accepting request 1155471 from home:pmonrealgonzalez:branches:network
- Add crypto-policies support [bsc#1211301]
  * Add patches:
    - openssh-9.6p1-crypto-policies.patch
    - openssh-9.6p1-crypto-policies-man.patch

OBS-URL: https://build.opensuse.org/request/show/1155471
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=256
2024-04-04 09:11:25 +00:00
Ana Guerrero
2446674e73 Accepting request 1150501 from network
- Update to openssh 9.6p1:
  * No changes for askpass, see main package changelog for
    details.

- Update to openssh 9.6p1:
  = Security
  * ssh(1), sshd(8): implement protocol extensions to thwart the
    so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
    Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
    limited break of the integrity of the early encrypted SSH transport
    protocol by sending extra messages prior to the commencement of
    encryption, and deleting an equal number of consecutive messages
    immediately after encryption starts. A peer SSH client/server
    would not be able to detect that messages were deleted.
  * ssh-agent(1): when adding PKCS#11-hosted private keys while
    specifying destination constraints, if the PKCS#11 token returned
    multiple keys then only the first key had the constraints applied.
    Use of regular private keys, FIDO tokens and unconstrained keys
    are unaffected.
  * ssh(1): if an invalid user or hostname that contained shell
    metacharacters was passed to ssh(1), and a ProxyCommand,
    LocalCommand directive or "match exec" predicate referenced the
    user or hostname via %u, %h or similar expansion token, then
    an attacker who could supply arbitrary user/hostnames to ssh(1)
    could potentially perform command injection depending on what
    quoting was present in the user-supplied ssh_config(5) directive.
  = Potentially incompatible changes
  * ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
    a TCP-like window mechanism that limits the amount of data that
    can be sent without acceptance from the peer. In cases where this (forwarded request 1150500 from hpjansson)

OBS-URL: https://build.opensuse.org/request/show/1150501
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=170
2024-02-27 21:43:12 +00:00
Hans Petter Jansson
b3ff99ae3c Accepting request 1150500 from home:hpjansson:branches:network
- Update to openssh 9.6p1:
  * No changes for askpass, see main package changelog for
    details.

- Update to openssh 9.6p1:
  = Security
  * ssh(1), sshd(8): implement protocol extensions to thwart the
    so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
    Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
    limited break of the integrity of the early encrypted SSH transport
    protocol by sending extra messages prior to the commencement of
    encryption, and deleting an equal number of consecutive messages
    immediately after encryption starts. A peer SSH client/server
    would not be able to detect that messages were deleted.
  * ssh-agent(1): when adding PKCS#11-hosted private keys while
    specifying destination constraints, if the PKCS#11 token returned
    multiple keys then only the first key had the constraints applied.
    Use of regular private keys, FIDO tokens and unconstrained keys
    are unaffected.
  * ssh(1): if an invalid user or hostname that contained shell
    metacharacters was passed to ssh(1), and a ProxyCommand,
    LocalCommand directive or "match exec" predicate referenced the
    user or hostname via %u, %h or similar expansion token, then
    an attacker who could supply arbitrary user/hostnames to ssh(1)
    could potentially perform command injection depending on what
    quoting was present in the user-supplied ssh_config(5) directive.
  = Potentially incompatible changes
  * ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
    a TCP-like window mechanism that limits the amount of data that
    can be sent without acceptance from the peer. In cases where this

OBS-URL: https://build.opensuse.org/request/show/1150500
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=255
2024-02-25 18:43:17 +00:00
Ana Guerrero
b339dda6d3 Accepting request 1133933 from network
Added openssh-cve-2023-48795.patch (forwarded request 1133932 from hpjansson)

OBS-URL: https://build.opensuse.org/request/show/1133933
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=169
2023-12-19 22:15:40 +00:00
Hans Petter Jansson
9778084948 Accepting request 1133932 from home:hpjansson:branches:network
Added openssh-cve-2023-48795.patch

OBS-URL: https://build.opensuse.org/request/show/1133932
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=254
2023-12-19 01:54:09 +00:00
Hans Petter Jansson
f716c85e71 Accepting request 1113799 from home:kukuk:branches:network
- Disable SLP by default for Factory and ALP (bsc#1214884)

OBS-URL: https://build.opensuse.org/request/show/1113799
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=253
2023-12-19 01:39:20 +00:00
Ana Guerrero
cb6e8d7fb0 Accepting request 1129646 from network
OBS-URL: https://build.opensuse.org/request/show/1129646
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=168
2023-11-30 20:59:01 +00:00
Hans Petter Jansson
74e20db9ed Accepting request 1123220 from home:jsegitz:branches:network
- Enhanced SELinux functionality. Added Fedora patches:
  * openssh-7.8p1-role-mls.patch
    Proper handling of MLS systems and basis for other SELinux
    improvements
  * openssh-6.6p1-privsep-selinux.patch
    Properly set contexts during privilege separation
  * openssh-6.6p1-keycat.patch
    Add ssh-keycat command to allow retrival of authorized_keys
    on MLS setups with polyinstantiation
  * openssh-6.6.1p1-selinux-contexts.patch
    Additional changes to set the proper context during privilege 
    separation
  * openssh-7.6p1-cleanup-selinux.patch
    Various changes and putting the pieces together
  For now we don't ship the ssh-keycat command, but we need the patch
  for the other SELinux infrastructure
  This change fixes issues like bsc#1214788, where the ssh daemon 
  needs to act on behalf of a user and needs a proper context for this

OBS-URL: https://build.opensuse.org/request/show/1123220
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=252
2023-11-28 16:35:34 +00:00
Ana Guerrero
e66925b0bb Accepting request 1120184 from network
OBS-URL: https://build.opensuse.org/request/show/1120184
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=167
2023-10-25 16:02:04 +00:00
ac7d1e8af4 Accepting request 1119952 from home:dimstar:Factory
- Add cb4ed12f.patch: Fix build using zlib 1.3. The check expected
  a version in the form a.b.c[.d], which no longer matches 1.3.

See failure with zlib 1.3 in Staging:N

OBS-URL: https://build.opensuse.org/request/show/1119952
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=251
2023-10-25 07:33:22 +00:00
Ana Guerrero
4fe7f3bfa0 Accepting request 1112087 from network
Teach openssh to tell logind the TTY, else tools like wall will stop working now with the new systemd v254 and util-linux (and who, w, ... will not show a tty) (forwarded request 1110800 from kukuk)

OBS-URL: https://build.opensuse.org/request/show/1112087
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=166
2023-09-22 19:46:58 +00:00
Hans Petter Jansson
a4dae544f0 Accepting request 1110800 from home:kukuk:no-utmp
Teach openssh to tell logind the TTY, else tools like wall will stop working now with the new systemd v254 and util-linux (and who, w, ... will not show a tty)

OBS-URL: https://build.opensuse.org/request/show/1110800
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=250
2023-09-18 22:02:17 +00:00
Ana Guerrero
b77a1e6444 Accepting request 1099856 from network
- Update to openssh 9.3p2
  * No changes for askpass, see main package changelog for
    details
- Update to openssh 9.3p2 (bsc#1213504, CVE-2023-38408):
  Security
  ========
  Fix CVE-2023-38408 - a condition where specific libaries loaded via
  ssh-agent(1)'s PKCS#11 support could be abused to achieve remote
  code execution via a forwarded agent socket if the following
  conditions are met:
  * Exploitation requires the presence of specific libraries on
    the victim system.
  * Remote exploitation requires that the agent was forwarded
    to an attacker-controlled system.
  Exploitation can also be prevented by starting ssh-agent(1) with an
  empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring
  an allowlist that contains only specific provider libraries.
  This vulnerability was discovered and demonstrated to be exploitable
  by the Qualys Security Advisory team. 
 
  In addition to removing the main precondition for exploitation,
  this release removes the ability for remote ssh-agent(1) clients
  to load PKCS#11 modules by default (see below).
  Potentially-incompatible changes
  --------------------------------
   * ssh-agent(8): the agent will now refuse requests to load PKCS#11
     modules issued by remote clients by default. A flag has been added
     to restore the previous behaviour "-Oallow-remote-pkcs11".
     Note that ssh-agent(8) depends on the SSH client to identify
     requests that are remote. The OpenSSH >=8.9 ssh(1) client does
     this, but forwarding access to an agent socket using other tools
     may circumvent this restriction. (forwarded request 1099810 from simotek)

OBS-URL: https://build.opensuse.org/request/show/1099856
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=165
2023-07-24 16:11:47 +00:00
67a17999e6 Accepting request 1099810 from home:simotek:branches:network
- Update to openssh 9.3p2
  * No changes for askpass, see main package changelog for
    details
- Update to openssh 9.3p2 (bsc#1213504, CVE-2023-38408):
  Security
  ========
  Fix CVE-2023-38408 - a condition where specific libaries loaded via
  ssh-agent(1)'s PKCS#11 support could be abused to achieve remote
  code execution via a forwarded agent socket if the following
  conditions are met:
  * Exploitation requires the presence of specific libraries on
    the victim system.
  * Remote exploitation requires that the agent was forwarded
    to an attacker-controlled system.
  Exploitation can also be prevented by starting ssh-agent(1) with an
  empty PKCS#11/FIDO allowlist (ssh-agent -P '') or by configuring
  an allowlist that contains only specific provider libraries.
  This vulnerability was discovered and demonstrated to be exploitable
  by the Qualys Security Advisory team. 
 
  In addition to removing the main precondition for exploitation,
  this release removes the ability for remote ssh-agent(1) clients
  to load PKCS#11 modules by default (see below).
  Potentially-incompatible changes
  --------------------------------
   * ssh-agent(8): the agent will now refuse requests to load PKCS#11
     modules issued by remote clients by default. A flag has been added
     to restore the previous behaviour "-Oallow-remote-pkcs11".
     Note that ssh-agent(8) depends on the SSH client to identify
     requests that are remote. The OpenSSH >=8.9 ssh(1) client does
     this, but forwarding access to an agent socket using other tools
     may circumvent this restriction.

OBS-URL: https://build.opensuse.org/request/show/1099810
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=249
2023-07-21 07:35:33 +00:00
Dominique Leuenberger
af4711fbad Accepting request 1090577 from network
OBS-URL: https://build.opensuse.org/request/show/1090577
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=164
2023-06-06 17:54:55 +00:00
6c6fb17632 Accepting request 1089432 from home:AndreasStieger:branches:network
- openssh-askpass-gnome: require only openssh-clients, not the full
  openssh (including -server), to avoid pulling in excessive
  dependencies when installing git on Gnome (boo#1211446)

OBS-URL: https://build.opensuse.org/request/show/1089432
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=248
2023-06-02 21:14:12 +00:00
Hans Petter Jansson
03fc1a6def Accepting request 1087770 from home:alarrosa:branches:network
- Update to openssh 9.3p1
  * No changes for askpass, see main package changelog for
    details

- Update to openssh 9.3p1:
  = Security
  * ssh-add(1): when adding smartcard keys to ssh-agent(1) with the
   per-hop destination constraints (ssh-add -h ...) added in
   OpenSSH 8.9, a logic error prevented the constraints from being
   communicated to the agent. This resulted in the keys being added
   without constraints. The common cases of non-smartcard keys and
   keys without destination constraints are unaffected. This
   problem was reported by Luci Stanescu.
 * ssh(1): Portable OpenSSH provides an implementation of the
   getrrsetbyname(3) function if the standard library does not
   provide it, for use by the VerifyHostKeyDNS feature. A
   specifically crafted DNS response could cause this function to
   perform an out-of-bounds read of adjacent stack data, but this
   condition does not appear to be exploitable beyond denial-of-
   service to the ssh(1) client.
   The getrrsetbyname(3) replacement is only included if the
   system's standard library lacks this function and portable
   OpenSSH was not compiled with the ldns library (--with-ldns).
   getrrsetbyname(3) is only invoked if using VerifyHostKeyDNS to
   fetch SSHFP records. This problem was found by the Coverity
   static analyzer.
  = New features
  * ssh-keygen(1), ssh-keyscan(1): accept -Ohashalg=sha1|sha256
    when outputting SSHFP fingerprints to allow algorithm
    selection. bz3493

OBS-URL: https://build.opensuse.org/request/show/1087770
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=247
2023-05-22 19:32:26 +00:00
Dominique Leuenberger
827852cf8f Accepting request 1079298 from network
- Rename sshd.pamd to sshd-sle.pamd and fix order of pam_keyinit
- Add new sshd.pamd including postlogin-* config files (forwarded request 1074609 from kukuk)

OBS-URL: https://build.opensuse.org/request/show/1079298
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=163
2023-04-15 20:32:04 +00:00
Hans Petter Jansson
789436c617 Accepting request 1074609 from home:kukuk:branches:network
- Rename sshd.pamd to sshd-sle.pamd and fix order of pam_keyinit
- Add new sshd.pamd including postlogin-* config files

OBS-URL: https://build.opensuse.org/request/show/1074609
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=246
2023-04-13 21:23:05 +00:00
Dominique Leuenberger
3fa7ba428e Accepting request 1074486 from network
OBS-URL: https://build.opensuse.org/request/show/1074486
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=162
2023-03-28 15:48:40 +00:00
a004ad47ca Accepting request 1065922 from home:kukuk:branches:network
- Remove BuildRequires for libtirpc, we don't use it
- Remove pam_lastlog from sshd PAM config. sshd is doing the same,
  too, which leads to e.g. duplicate entries in wtmp [bsc#1208243]

OBS-URL: https://build.opensuse.org/request/show/1065922
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=245
2023-03-26 16:59:52 +00:00
Dominique Leuenberger
d44fd05f6e Accepting request 1044051 from network
OBS-URL: https://build.opensuse.org/request/show/1044051
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=161
2022-12-23 09:20:44 +00:00
988310371c Accepting request 1043949 from home:ohollmann:branches:network
- Adapt OpenSSH to build with OpenSSL 3, use new KDF API (bsc#1205042)
  Add openssh-openssl-3.patch

OBS-URL: https://build.opensuse.org/request/show/1043949
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=244
2022-12-21 10:48:51 +00:00
Dominique Leuenberger
00be3aea91 Accepting request 1043180 from network
- limit to openssl < 3.0 as this version is not compatible (bsc#1205042)
  next version update will fix it

OBS-URL: https://build.opensuse.org/request/show/1043180
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=160
2022-12-16 16:51:30 +00:00
e92e6f5af4 - limit to openssl < 3.0 as this version is not compatible (bsc#1205042)
next version update will fix it

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=243
2022-12-15 16:35:54 +00:00