pool/openssh
SHA256
17
0
Fork 1
Code Issues Pull Requests Activity

Commit Graph

  • 79ac6aec98 Install config to %distconfdir, bsc#1254374 slfo-main Hans Petter Jansson 2025-12-15 20:03:48 +01:00
  • 2dba52c3bf Accepting request 1322252 from network factory Ana Guerrero 2025-12-15 10:45:10 +00:00
  • 1d01146336 Accepting request 1322250 from home:hpjansson:branches:network Hans Petter Jansson 2025-12-11 17:14:43 +00:00
  • 0b11be1c02 Accepting request 1322246 from home:hpjansson:branches:network Hans Petter Jansson 2025-12-11 16:44:58 +00:00
  • ee2cb50958 Add fixes for CVE-2025-61984 and CVE-2025-61985 slfo-1.2 Hans Petter Jansson 2025-11-07 23:16:24 +01:00
  • 7c848a72a5 Accepting request 1313013 from network Dominique Leuenberger 2025-11-01 22:34:10 +00:00
  • 9e7097ab26 Accepting request 1313012 from home:alarrosa:branches:network Antonio Larrosa 2025-10-22 07:55:59 +00:00
  • b54837afd9 Accepting request 1311450 from home:alarrosa:branches:network Antonio Larrosa 2025-10-15 11:05:19 +00:00
  • d20a7193ac Accepting request 1306629 from network Ana Guerrero 2025-09-23 18:47:02 +00:00
  • ad5a43d019 Accepting request 1306458 from home:alarrosa:branches:network Marcus Meissner 2025-09-22 11:57:41 +00:00
  • e9dd878d4a Accepting request 1304676 from network Ana Guerrero 2025-09-15 17:50:24 +00:00
  • de7e9eb432 Accepting request 1304675 from home:hpjansson:branches:network Hans Petter Jansson 2025-09-14 19:59:36 +00:00
  • 739aa15d50 Accepting request 1303317 from home:ldragon:branches:network Hans Petter Jansson 2025-09-10 14:47:12 +00:00
  • f31eacd216 Accepting request 1277188 from network Ana Guerrero 2025-05-15 14:59:35 +00:00
  • 3f765a9f36 Accepting request 1277186 from home:alarrosa:branches:network:openssh Antonio Larrosa 2025-05-13 15:12:56 +00:00
  • 19a564c163 Accepting request 1272617 from network Ana Guerrero 2025-04-25 20:18:22 +00:00
  • 6f3f9af988 Accepting request 1272617 from network Ana Guerrero 2025-04-25 20:18:22 +00:00
  • e33b294c28 Accepting request 1272616 from home:alarrosa:branches:network Antonio Larrosa 2025-04-25 08:52:00 +00:00
  • 047599f17a Accepting request 1272616 from home:alarrosa:branches:network Antonio Larrosa 2025-04-25 08:52:00 +00:00
  • 7808b8b65c Accepting request 1271991 from home:hpjansson:branches:network Antonio Larrosa 2025-04-23 13:19:09 +00:00
  • 2a3b9467bf Accepting request 1271991 from home:hpjansson:branches:network Antonio Larrosa 2025-04-23 13:19:09 +00:00
  • 2eacf2cfde Accepting request 1268318 from home:alarrosa:branches:network Antonio Larrosa 2025-04-10 08:34:48 +00:00
  • b959300e38 Accepting request 1268318 from home:alarrosa:branches:network Antonio Larrosa 2025-04-10 08:34:48 +00:00
  • 28522f6381 Accepting request 1268313 from home:alarrosa:branches:network Antonio Larrosa 2025-04-10 08:29:39 +00:00
  • 57da6e38d0 Accepting request 1268313 from home:alarrosa:branches:network Antonio Larrosa 2025-04-10 08:29:39 +00:00
  • 291502af75 Accepting request 1268307 from home:alarrosa:branches:network Antonio Larrosa 2025-04-10 08:25:01 +00:00
  • d7c0e6582d Accepting request 1268307 from home:alarrosa:branches:network Antonio Larrosa 2025-04-10 08:25:01 +00:00
  • 0636d865dc Accepting request 1268142 from home:alarrosa:branches:network Antonio Larrosa 2025-04-09 11:17:47 +00:00
  • 5f4c611aa2 Accepting request 1268142 from home:alarrosa:branches:network Antonio Larrosa 2025-04-09 11:17:47 +00:00
  • 52583b8481 Accepting request 1268126 from home:alarrosa:branches:network Antonio Larrosa 2025-04-09 10:49:15 +00:00
  • b8f5e88ace Accepting request 1268126 from home:alarrosa:branches:network Antonio Larrosa 2025-04-09 10:49:15 +00:00
  • b867c42e05 Accepting request 1267606 from network Ana Guerrero 2025-04-08 15:50:42 +00:00
  • 9b98897fa5 Accepting request 1267606 from network Ana Guerrero 2025-04-08 15:50:42 +00:00
  • 92eb08400f - Disable seccomp_filter and rlimitsandbox sandbox for loongarch. seccomp_filter and rlimitsandbox not supported on loongarch64 yet. Antonio Larrosa 2025-04-07 10:00:08 +00:00
  • 69ce3dda1b Accepting request 1255379 from home:hillwood:branches:network Antonio Larrosa 2025-04-07 10:00:08 +00:00
  • 5697319adc Accepting request 1246976 from network Ana Guerrero 2025-02-20 15:27:08 +00:00
  • d355023437 Accepting request 1246976 from network Ana Guerrero 2025-02-20 15:27:08 +00:00
  • 5ccb79f3f3 Accepting request 1246973 from home:alarrosa:branches:network:openssh Antonio Larrosa 2025-02-19 09:31:07 +00:00
  • e0df6f2027 Accepting request 1246973 from home:alarrosa:branches:network:openssh Antonio Larrosa 2025-02-19 09:31:07 +00:00
  • 865baddeec Accepting request 1246612 from network Ana Guerrero 2025-02-18 18:08:49 +00:00
  • f6f46c8964 Accepting request 1246612 from network Ana Guerrero 2025-02-18 18:08:49 +00:00
  • d77e0c9092 - Update to openssh 9.9p2: = Security * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be mitigated using the existing PerSourcePenalties feature. Both vulnerabilities were discovered and demonstrated to be exploitable by the Qualys Security Advisory team. The openSSH team thanks them for their detailed review of OpenSSH. = Bugfixes * ssh(1), sshd(8): fix regression in Match directive that caused failures when predicates and their arguments were separated by '=' characters instead of whitespace (bz3739). * sshd(8): fix the "Match invalid-user" predicate, which was matching incorrectly in the initial pass of config evaluation. * ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key exchange on big-endian systems. * Fix a number of build problems on particular operating systems and configurations. - Remove patches that are already included in 9.9p2: * 0001-fix-utmpx-ifdef.patch * 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch * 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch * 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch Antonio Larrosa 2025-02-18 09:56:28 +00:00
  • f339972869 Accepting request 1246611 from home:alarrosa:branches:openssh-9.9 Antonio Larrosa 2025-02-18 09:56:28 +00:00
  • d7201bdb47 - Fix a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client and a DoS attack against OpenSSH's client and server (bsc#1237040, CVE-2025-26465, bsc#1237041, CVE-2025-26466): * fix-CVE-2025-26465-and-CVE-2025-26466.patch Antonio Larrosa 2025-02-18 09:10:29 +00:00
  • 22f1706ec3 Accepting request 1246591 from home:alarrosa:branches:openssh-9.9 Antonio Larrosa 2025-02-18 09:10:29 +00:00
  • 964d8415a2 Accepting request 1244734 from network Ana Guerrero 2025-02-11 20:20:54 +00:00
  • 995b065381 Accepting request 1244734 from network Ana Guerrero 2025-02-11 20:20:54 +00:00
  • 5b8687e2a3 - Drop rcFOO symlinks for CODE16 (PED-266). Antonio Larrosa 2025-02-10 11:55:37 +00:00
  • add4626a51 Accepting request 1239575 from home:dimstar:Factory Antonio Larrosa 2025-02-10 11:55:37 +00:00
  • 67e6fdb025 Accepting request 1218789 from network Ana Guerrero 2024-10-29 13:31:58 +00:00
  • 61d891fade Accepting request 1218789 from network Ana Guerrero 2024-10-29 13:31:58 +00:00
  • 717dd2da2c - Don't force using gcc11 on SLFO/ALP which have a newer version. Antonio Larrosa 2024-10-28 11:22:01 +00:00
  • 051e180f88 Accepting request 1218787 from home:alarrosa:branches:network:openssh Antonio Larrosa 2024-10-28 11:22:01 +00:00
  • 33d804a345 - Add patches from upstream: - To fix a copy&paste oversight in an ifdef : * 0001-fix-utmpx-ifdef.patch - To fix a regression introduced when the "Match" criteria tokenizer was modified since it stopped supporting the "Match criteria=argument" format: * 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch - To fix the previous patch which broke on negated Matches: * 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch - To fix the ML-KEM768x25519 kex algorithm on big-endian systems: * 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch Antonio Larrosa 2024-10-28 11:16:49 +00:00
  • 2c8525e1db Accepting request 1218784 from home:alarrosa:branches:network:openssh Antonio Larrosa 2024-10-28 11:16:49 +00:00
  • 01365117e3 Accepting request 1207974 from network Ana Guerrero 2024-10-15 12:57:58 +00:00
  • bcb2667cc6 Accepting request 1207974 from network Ana Guerrero 2024-10-15 12:57:58 +00:00
  • 219dd97d90 - Use %{with ...} instead of 0%{with ...} Antonio Larrosa 2024-10-14 15:20:38 +00:00
  • ef827d0687 Accepting request 1207973 from home:alarrosa:branches:network:openssh Antonio Larrosa 2024-10-14 15:20:38 +00:00
  • 77745960a4 Accepting request 1207806 from network Dominique Leuenberger 2024-10-14 11:06:29 +00:00
  • e646e40a19 Accepting request 1207806 from network Dominique Leuenberger 2024-10-14 11:06:29 +00:00
  • 77273f8679 Updated the patch with a suggestion from upstream. Antonio Larrosa 2024-10-14 06:33:00 +00:00
  • 2dc91d93a7 Accepting request 1207644 from home:alarrosa:branches:network:openssh Antonio Larrosa 2024-10-14 06:33:00 +00:00
  • fef82d94da Accepting request 1203550 from network Ana Guerrero 2024-09-26 16:52:30 +00:00
  • b739f7b79a Accepting request 1203550 from network Ana Guerrero 2024-09-26 16:52:30 +00:00
  • a77a72fabb - Add a const to the openssl 1.1/RSA section of sshkey_is_private to keep it similar to what it used before the 9.9 rebase: * openssh-8.1p1-audit.patch - Add a openssl11 bcond to the spec file for the SLE12 case instead of checking suse_version in different parts. - Move conditional patches to a number >= 1000. Antonio Larrosa 2024-09-25 11:55:37 +00:00
  • fadb689fba Accepting request 1203549 from home:alarrosa:branches:network:openssh Antonio Larrosa 2024-09-25 11:55:37 +00:00
  • 3f6eda5c88 - Update to openssh 9.9p1: * No changes for askpass, see main package changelog for details. Marcus Meissner 2024-09-25 08:42:29 +00:00
  • b07c141055 Accepting request 1202729 from home:alarrosa:branches:network:openssh Marcus Meissner 2024-09-25 08:42:29 +00:00
  • f15242edbd Accepting request 1200282 from network Ana Guerrero 2024-09-13 12:26:08 +00:00
  • 4c7b461ba5 Accepting request 1200282 from network Ana Guerrero 2024-09-13 12:26:08 +00:00
  • fef1b16e66 - Drop most of openssh-6.6p1-keycat.patch (actually, it was just commented out). The keycat binary isn't really installed nor supported, so we can drop it, except for the code that is used by other SELinux patches, which is what I kept from that patch (boo#1229072). - Add patch submitted to upstream to fix RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (boo#1229010). * 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch Antonio Larrosa 2024-09-12 10:24:41 +00:00
  • a674f65c97 Accepting request 1200272 from home:alarrosa:branches:network:openssh Antonio Larrosa 2024-09-12 10:24:41 +00:00
  • fbdd7af379 Accepting request 1196434 from network Dominique Leuenberger 2024-08-29 13:42:55 +00:00
  • dd0b90d773 Accepting request 1196434 from network Dominique Leuenberger 2024-08-29 13:42:55 +00:00
  • dd9c4b9bb1 - Add patch to fix sshd not logging in the audit failed login attempts (submitted to upstream in https://github.com/openssh/openssh-portable/pull/516): * fix-audit-fail-attempt.patch - Use --enable-dsa-keys when building openssh. It's required if the user sets the crypto-policy mode to LEGACY, where DSA keys should be allowed. The option was added by upstream in 9.7 and set to disabled by default. - These two changes fix 2 of the 3 issues reported in bsc#1229650. Antonio Larrosa 2024-08-23 12:36:12 +00:00
  • 1569d989cc Accepting request 1195723 from home:alarrosa:branches:network:openssh Antonio Larrosa 2024-08-23 12:36:12 +00:00
  • e7740396e0 https://bugzilla.opensuse.org/show_bug.cgi?id=1229650 Ana Guerrero 2024-08-22 10:34:42 +00:00
  • 4250fc3556 https://bugzilla.opensuse.org/show_bug.cgi?id=1229650 Ana Guerrero 2024-08-22 10:34:42 +00:00
  • 8a8ed57387 Accepting request 1194679 from network Ana Guerrero 2024-08-21 21:24:44 +00:00
  • ba4e65df9d Accepting request 1194679 from network Ana Guerrero 2024-08-21 21:24:44 +00:00
  • da2c6cc517 - Update to openssh 9.8p1: * No changes for askpass, see main package changelog for details. Antonio Larrosa 2024-08-12 09:54:46 +00:00
  • 06eb772e55 Accepting request 1193382 from home:alarrosa:branches:network:openssh-9.8 Antonio Larrosa 2024-08-12 09:54:46 +00:00
  • d5d292d413 Accepting request 1185823 from network Ana Guerrero 2024-07-08 17:06:54 +00:00
  • 0a7eb65981 Accepting request 1185823 from network Ana Guerrero 2024-07-08 17:06:54 +00:00
  • 869b2ae788 - Add patch from upstream to fix proxy multiplexing mode: * 0001-upstream-fix-proxy-multiplexing-mode_-broken-when-keystroke.patch - Add patch from upstream to restore correctly sigprocmask * 0001-upstream-correctly-restore-sigprocmask-around-ppoll.patch - Add patch from upstream to fix a logic error in ObscureKeystrokeTiming that rendered this feature ineffective, allowing a passive observer to detect which network packets contained real keystrokes (bsc#1227318, CVE-2024-39894): * 0001-upstream-when-sending-ObscureKeystrokeTiming-chaff-packets_.patch Antonio Larrosa 2024-07-05 19:01:36 +00:00
  • 23e8b1f01b Accepting request 1185821 from home:alarrosa:branches:network:openssh Antonio Larrosa 2024-07-05 19:01:36 +00:00
  • 45f6d17800 - Add obsoletes for openssh-server-config-rootlogin since that package existed for a brief period of time during SLE 15 SP6/ Leap 15.6 development but even if it was removed from the repositories before GM, some users might have it in their systems from having tried a beta/RC release (boo#1227350). Antonio Larrosa 2024-07-05 11:34:53 +00:00
  • ccaaac730e Accepting request 1185775 from home:alarrosa:branches:network:openssh Antonio Larrosa 2024-07-05 11:34:53 +00:00
  • 414e74b526 Accepting request 1184302 from network Ana Guerrero 2024-07-02 16:16:12 +00:00
  • f6cca364c3 Accepting request 1184302 from network Ana Guerrero 2024-07-02 16:16:12 +00:00
  • 0aa4b1876f - Add patch to fix a race condition in a signal handler by removing the async-signal-unsafe code (CVE-2024-6387, bsc#1226642): * fix-CVE-2024-6387.patch Antonio Larrosa 2024-07-01 11:50:15 +00:00
  • c52d629a6f Accepting request 1184301 from home:alarrosa:branches:network:openssh Antonio Larrosa 2024-07-01 11:50:15 +00:00
  • 909e5eb8e7 Accepting request 1179624 from network Ana Guerrero 2024-06-10 15:37:06 +00:00
  • c08866da7b Accepting request 1179624 from network Ana Guerrero 2024-06-10 15:37:06 +00:00
  • b4dab4a6f7 Accepting request 1179619 from home:alarrosa:branches:network:openssh Dirk Mueller 2024-06-10 07:34:57 +00:00
  • c3f8894285 Accepting request 1179619 from home:alarrosa:branches:network:openssh Dirk Mueller 2024-06-10 07:34:57 +00:00
  • 9b110f7def Accepting request 1174781 from network Ana Guerrero 2024-05-17 18:03:57 +00:00
  • a7035cff02 Accepting request 1174781 from network Ana Guerrero 2024-05-17 18:03:57 +00:00
  • e11bee9499 Accepting request 1174779 from home:alarrosa:branches:network:openssh-permit-root-login Antonio Larrosa 2024-05-17 08:01:30 +00:00