------------------------------------------------------------------- Sat Dec 15 00:10:13 CET 2007 - anicka@suse.cz - add patch calling pam with root privileges [#334559] - drop pwname-home patch [#104773] ------------------------------------------------------------------- Fri Dec 7 22:28:40 CET 2007 - anicka@suse.cz - fix race condition in xauth patch ------------------------------------------------------------------- Wed Dec 5 10:45:36 CET 2007 - anicka@suse.cz - update to 4.7p1 * Add "-K" flag for ssh to set GSSAPIAuthentication=yes and GSSAPIDelegateCredentials=yes. This is symmetric with -k * make scp try to skip FIFOs rather than blocking when nothing is listening. * increase default channel windows * put the MAC list into a display * many bugfixes ------------------------------------------------------------------- Mon Oct 8 16:34:06 CEST 2007 - anicka@suse.cz - block SIGALRM only during calling syslog() [#331032] ------------------------------------------------------------------- Thu Sep 13 15:50:39 CEST 2007 - nadvornik@suse.cz - fixed checking of an untrusted cookie, CVE-2007-4752 [#308521] ------------------------------------------------------------------- Tue Aug 28 18:25:57 CEST 2007 - anicka@suse.cz - fix blocksigalrm patch to set old signal mask after writing the log in every case [#304819] ------------------------------------------------------------------- Tue Aug 21 04:51:45 CEST 2007 - anicka@suse.cz - avoid generating ssh keys when a non-standard location is configured [#281228] ------------------------------------------------------------------- Wed Jul 25 16:18:50 CEST 2007 - anicka@suse.cz - fixed typo in sshd.fw [#293764] ------------------------------------------------------------------- Mon Mar 19 19:14:26 CET 2007 - nadvornik@suse.cz - fixed default for ChallengeResponseAuthentication [#255374] ------------------------------------------------------------------- Mon Mar 12 10:56:31 CET 2007 - anicka@suse.cz - update to 4.6p1 * sshd now allows the enabling and disabling of authentication methods on a per user, group, host and network basis via the Match directive in sshd_config. * Allow multiple forwarding options to work when specified in a PermitOpen directive * Clear SIGALRM when restarting due to SIGHUP. Prevents stray signal from taking down sshd if a connection was pending at the time SIGHUP was received * hang on exit" when background processes are running at the time of exit on a ttyful/login session * some more bugfixes ------------------------------------------------------------------- Mon Mar 5 11:03:41 CET 2007 - anicka@suse.cz - fix path for firewall definition ------------------------------------------------------------------- Thu Mar 1 15:14:23 CET 2007 - anicka@suse.cz - add support for Linux audit (FATE #120269) ------------------------------------------------------------------- Wed Feb 21 11:21:48 CET 2007 - anicka@suse.cz - add firewall definition [#246921], FATE #300687, source: sshd.fw ------------------------------------------------------------------- Sat Jan 6 12:30:16 CET 2007 - anicka@suse.cz - disable SSHv1 protocol in default configuration [#231808] ------------------------------------------------------------------- Tue Dec 12 14:41:45 CET 2006 - anicka@suse.cz - update to 4.5p1 * Use privsep_pw if we have it, but only require it if we absolutely need it. * Correctly check for bad signatures in the monitor, otherwise the monitor and the unpriv process can get out of sync. * Clear errno before calling the strtol functions. * exit instead of doing a blocking tcp send if we detect a client/server timeout, since the tcp sendqueue might be already full (of alive requests) * include signal.h, errno.h, sys/in.h * some more bugfixes ------------------------------------------------------------------- Wed Nov 22 13:42:32 CET 2006 - anicka@suse.cz - fixed README.SuSE [#223025] ------------------------------------------------------------------- Thu Nov 9 13:59:35 CET 2006 - anicka@suse.cz - backport security fixes from openssh 4.5 (#219115) ------------------------------------------------------------------- Tue Nov 7 13:43:44 CET 2006 - ro@suse.de - fix manpage permissions ------------------------------------------------------------------- Tue Oct 31 14:04:52 CET 2006 - anicka@suse.cz - fix gssapi_krb5-fix patch [#215615] - fix xauth patch ------------------------------------------------------------------- Tue Oct 10 16:07:11 CEST 2006 - postadal@suse.cz - fixed building openssh from src.rpm [#176528] (gssapi_krb5-fix.patch) ------------------------------------------------------------------- Tue Oct 3 14:44:08 CEST 2006 - postadal@suse.cz - updated to version 4.4p1 [#208662] * fixed pre-authentication DoS, that would cause sshd(8) to spin until the login grace time expired * fixed unsafe signal hander, which was vulnerable to a race condition that could be exploited to perform a pre-authentication DoS * fixed a GSSAPI authentication abort that could be used to determine the validity of usernames on some platforms * implemented conditional configuration in sshd_config(5) using the "Match" directive * added support for Diffie-Hellman group exchange key agreement with a final hash of SHA256 * added a "ForceCommand", "PermitOpen" directive to sshd_config(5) * added optional logging of transactions to sftp-server(8) * ssh(1) will now record port numbers for hosts stored in ~/.ssh/authorized_keys when a non-standard port has been requested * added an "ExitOnForwardFailure" option to cause ssh(1) to exit (with a non-zero exit code) when requested port forwardings could not be established * extended sshd_config(5) "SubSystem" declarations to allow the specification of command-line arguments - removed obsoleted patches: autoconf-fix.patch, dos-fix.patch - fixed gcc issues (gcc-fix.patch) ------------------------------------------------------------------- Wed Sep 20 17:34:54 CEST 2006 - postadal@suse.cz - fixed DoS by CRC compensation attack detector [#206917] (dos-fix.patch) - fixed client NULL deref on protocol error - cosmetic fix in init script [#203826] ------------------------------------------------------------------- Fri Sep 1 14:14:52 CEST 2006 - kukuk@suse.de - sshd.pamd: Add pam_loginuid, move pam_nologin to a better position ------------------------------------------------------------------- Fri Aug 25 15:37:46 CEST 2006 - postadal@suse.cz - fixed path for xauth [#198676] ------------------------------------------------------------------- Thu Aug 3 15:07:41 CEST 2006 - postadal@suse.cz - fixed build with X11R7 ------------------------------------------------------------------- Thu Jul 20 17:25:27 CEST 2006 - postadal@suse.cz - updated to version 4.3p2 * experimental support for tunneling network packets via tun(4) - removed obsoleted patches: pam-error.patch, CVE-2006-0225.patch, scp.patch, sigalarm.patch ------------------------------------------------------------------- Mon Feb 13 12:54:28 CET 2006 - postadal@suse.cz - upstream fixes - fixed "scp a b c", when c is not directory (scp.patch) - eliminate some code duplicated in privsep and non-privsep paths, and explicitly clear SIGALRM handler (sigalarm.patch) ------------------------------------------------------------------- Fri Feb 3 19:02:49 CET 2006 - postadal@suse.cz - fixed local arbitrary command execution vulnerability [#143435] (CVE-2006-0225.patch) ------------------------------------------------------------------- Thu Feb 2 13:19:41 CET 2006 - postadal@suse.cz - fixed xauth.diff for disabled UsePrivilegeSeparation mode [#145809] - build on s390 without Smart card support (opensc) [#147383] ------------------------------------------------------------------- Mon Jan 30 16:25:01 CET 2006 - postadal@suse.cz - fixed patch xauth.diff [#145809] - fixed comments [#142989] ------------------------------------------------------------------- Wed Jan 25 21:39:06 CET 2006 - mls@suse.de - converted neededforbuild to BuildRequires ------------------------------------------------------------------- Mon Jan 16 18:05:44 CET 2006 - meissner@suse.de - added -fstack-protector. ------------------------------------------------------------------- Tue Jan 3 15:46:33 CET 2006 - postadal@suse.cz - updated to version 4.2p1 - removed obsoleted patches: upstream_fixes.diff, gssapi-secfix.patch ------------------------------------------------------------------- Tue Nov 15 17:51:07 CET 2005 - postadal@suse.cz - do not delegate GSSAPI credentials to log in with a different method than GSSAPI [#128928] (CAN-2005-2798, gssapi-secfix.patch) ------------------------------------------------------------------- Sun Oct 23 10:40:24 CEST 2005 - postadal@suse.cz - fixed PAM to send authentication failing mesaage to client [#130043] (pam-error.patch) ------------------------------------------------------------------- Wed Sep 14 16:58:14 CEST 2005 - postadal@suse.cz - fixed uninitialized variable in patch xauth.diff [#98815] ------------------------------------------------------------------- Thu Sep 8 15:56:37 CEST 2005 - postadal@suse.cz - don't strip ------------------------------------------------------------------- Mon Sep 5 20:04:04 CEST 2005 - postadal@suse.cz - added patch xauth.diff prevent from polluting xauthority file [#98815] ------------------------------------------------------------------- Mon Aug 22 18:12:20 CEST 2005 - postadal@suse.cz - fixed problem when multiple accounts have same UID [#104773] (pwname-home.diff) - added fixes from upstream (upstream_fixes.diff) ------------------------------------------------------------------- Thu Aug 18 17:50:46 CEST 2005 - postadal@suse.cz - added patch tmpdir.diff for using $TMPDIR by ssh-agent [#95731] ------------------------------------------------------------------- Thu Aug 4 11:29:38 CEST 2005 - uli@suse.de - parallelize build ------------------------------------------------------------------- Mon Aug 1 17:48:02 CEST 2005 - postadal@suse.cz - added patch resolving problems with hostname changes [#98627] (xauthlocalhostname.diff) ------------------------------------------------------------------- Wed Jun 22 18:42:57 CEST 2005 - kukuk@suse.de - Compile/link with -fpie/-pie ------------------------------------------------------------------- Wed Jun 15 17:41:24 CEST 2005 - meissner@suse.de - build x11-ask-pass with RPM_OPT_FLAGS. ------------------------------------------------------------------- Fri Jun 10 16:18:25 CEST 2005 - postadal@suse.cz - updated to version 4.1p1 - removed obsoleted patches: restore_terminal, pam-returnfromsession, timing-attacks-fix, krb5ccname, gssapi-pam, logdenysource, sendenv-fix, documentation-fix ------------------------------------------------------------------- Thu Mar 10 10:36:42 CET 2005 - postadal@suse.cz - fixed SendEnv config parsing bug - documented timeout on untrusted x11 forwarding sessions (openssh#849) - mentioned ForwardX11Trusted in ssh.1 (openssh#987) ------------------------------------------------------------------- Thu Mar 3 13:29:13 CET 2005 - postadal@suse.cz - enabled accepting and sending locale environment variables in protocol 2 [#65747, #50091] ------------------------------------------------------------------- Thu Feb 24 16:33:54 CET 2005 - postadal@suse.cz - added patches from cvs: gssapi-pam (openssh#918), krb5ccname (openssh#445), logdenysource (openssh#909) ------------------------------------------------------------------- Thu Feb 3 13:29:23 CET 2005 - postadal@suse.cz - fixed keyboard-interactive/pam/Kerberos leaks info about user existence [#48329] (openssh#971, CAN-2003-0190) ------------------------------------------------------------------- Wed Jan 19 15:58:07 CET 2005 - postadal@suse.cz - splited spec file to decreas number of build dependencies - fixed restoring terminal setting after Ctrl+C during password prompt in scp/sftp [#43309] - allowed users to see output from failing PAM session modules (openssh #890, pam-returnfromsession.patch) ------------------------------------------------------------------- Mon Nov 8 17:17:45 CET 2004 - kukuk@suse.de - Use common-* PAM config files for sshd PAM configuration ------------------------------------------------------------------- Mon Oct 25 15:14:49 CEST 2004 - postadal@suse.cz - switched heimdal-* to kerberos-devel-packages in #needforbuild ------------------------------------------------------------------- Fri Sep 3 15:03:01 CEST 2004 - ro@suse.de - fix lib64 issue ------------------------------------------------------------------- Tue Aug 31 16:03:54 CEST 2004 - postadal@suse.cz - updated to version 3.9p1 - removed obsoleted patches: scp-fix.diff and window_change-fix.diff ------------------------------------------------------------------- Thu Aug 26 15:40:53 CEST 2004 - postadal@suse.cz - added openssh-askpass-gnome subpackage - added ssh-askpass script for choosing askpass depending on windowmanager (by Robert Love ) - build with Smart card support (opensc) [#44289] ------------------------------------------------------------------- Tue Aug 17 15:52:20 CEST 2004 - postadal@suse.cz - removed old implementation of "Update Messages" [#36059] ------------------------------------------------------------------- Thu Aug 12 16:36:53 CEST 2004 - postadal@suse.cz - updated to version 3.8p1 - removed obsoleted patches: sftp-progress-fix and pam-fix4 ------------------------------------------------------------------- Mon Jun 28 16:56:23 CEST 2004 - meissner@suse.de - block sigalarm during syslog output or we might deadlock on recursively entering syslog(). (LTC#9523, SUSE#42354) ------------------------------------------------------------------- Wed May 26 15:27:32 CEST 2004 - postadal@suse.cz - fixed commented default value for GSSAPI ------------------------------------------------------------------- Thu May 20 21:23:27 CEST 2004 - mludvig@suse.cz - Load drivers for available hardware crypto accelerators. ------------------------------------------------------------------- Fri Apr 30 15:03:39 CEST 2004 - postadal@suse.cz - updated README.kerberos (GSSAPICleanupCreds renamed to GSSAPICleanupCredentials) ------------------------------------------------------------------- Mon Apr 19 14:41:01 CEST 2004 - postadal@suse.cz - updated README.SuSE (GSSAPICleanupCreds renamed to GSSAPICleanupCredentials) [#39010] ------------------------------------------------------------------- Fri Mar 26 17:24:45 CET 2004 - postadal@suse.cz - fixed sshd(8) and sshd_config(5) man pages (EAL3) - fixed spelling errors in README.SuSE [#37086] ------------------------------------------------------------------- Thu Mar 25 14:50:50 CET 2004 - postadal@suse.cz - fixed change window request [#33177] ------------------------------------------------------------------- Mon Mar 22 15:19:15 CET 2004 - postadal@suse.cz - updated README.SuSE - removed %verify from /usr/bin/ssh in specfile ------------------------------------------------------------------- Thu Mar 18 15:48:52 CET 2004 - postadal@suse.cz - fixed previous fix of security bug in scp [#35443] (CAN-2004-0175) (was too restrictive) - fixed permission of /usr/bin/ssh ------------------------------------------------------------------- Mon Mar 15 17:56:06 CET 2004 - postadal@suse.cz - fixed comments in sshd_config and ssh_config ------------------------------------------------------------------- Mon Mar 15 17:25:08 CET 2004 - postadal@suse.cz - enabled privilege separation mode (new version fixes a lot of problematic PAM calling [#30328]) - fixed security bug in scp [#35443] (CAN-2004-0175) - reverted to old behaviour of ForwardingX11 [#35836] (set ForwardX11Trusted to 'yes' by default) - updated README.SuSE - fixed pam code (pam-fix4.diff, backported from openssh-SNAP-20040311) ------------------------------------------------------------------- Fri Mar 05 13:10:55 CET 2004 - postadal@suse.cz - updated README.SuSE (Remote x11 clients are now untrusted by default) [#35368] - added gssapimitm patch (support for old GSSAPI) ------------------------------------------------------------------- Mon Mar 01 18:13:37 CET 2004 - postadal@suse.cz - updated to version 3.8p1 * The "gssapi" support has been replaced with the "gssapi-with-mic" to fix possible MITM attacks. These two versions are not compatible. - removed obsoleted patches: krb5.patch, dns-lookups.patch, pam-fix.diff, pam-end-fix.diff - used process forking instead pthreads (developers fixed bugs in pam calling and they recommended to don't use threads) ------------------------------------------------------------------- Tue Feb 24 11:37:17 CET 2004 - postadal@suse.cz - fixed the problem with save_argv in sshd.c re-apeared again in version 3.7.1p2 (it caused bad behaviour after receiving SIGHUP - used by reload of init script) [#34845] ------------------------------------------------------------------- Wed Feb 18 18:06:20 CET 2004 - kukuk@suse.de - Real strict-aliasing patch ------------------------------------------------------------------- Wed Feb 18 16:04:17 CET 2004 - postadal@suse.cz - fixed strict-aliasing patch [#34551] ------------------------------------------------------------------- Sat Feb 14 00:20:09 CET 2004 - adrian@suse.de - provide SLP registration file /etc/slp.reg.d/ssh.reg ------------------------------------------------------------------- Tue Feb 03 15:18:36 CET 2004 - postadal@suse.cz - used patch from pam-end-fix.diff [#33132] - fixed instalation openssh without documentation [#33937] - fixed auth-pam.c which breaks strict aliasing ------------------------------------------------------------------- Mon Jan 19 13:19:32 CET 2004 - meissner@suse.de - Added a ; to ssh-key-converter.c to fix gcc 3.4 build. ------------------------------------------------------------------- Fri Jan 16 12:57:41 CET 2004 - kukuk@suse.de - Add pam-devel to neededforbuild ------------------------------------------------------------------- Thu Nov 06 10:14:31 CET 2003 - postadal@suse.cz - added /usr/bin/slogin explicitly to %file list [#32921] ------------------------------------------------------------------- Sun Nov 2 21:10:35 CET 2003 - adrian@suse.de - add %run_permissions to fix build ------------------------------------------------------------------- Tue Oct 14 12:23:36 CEST 2003 - postadal@suse.cz - reverted value UsePAM to "yes" and set PasswordAuthentication to "no" in file /etc/ssh/sshd_config (the version 3.7.1p2 disabled PAM support by default) [#31749] ------------------------------------------------------------------- Tue Sep 23 15:02:00 CEST 2003 - draht@suse.de - New version 3.7.1p2; signature from 86FF9C48 Damien Miller verified for source tarball. Bugs fixed with this version: #31637 (CAN-2003-0786, CAN-2003-0786). Briefly: 1) SSH1 PAM challenge response auth ignored the result of the authentication (with privsep off) 2) The PAM conversation function trashed the stack, by referring to the **resp parameter as an array of pointers rather than as a pointer to an array of struct pam_responses. At least security bug 1) is exploitable. ------------------------------------------------------------------- Fri Sep 19 19:56:01 CEST 2003 - postadal@suse.cz - use pthreads instead process forking (it needs by pam modules) - fixed bug in calling pam_setcred [#31025] (pam-fix.diff - string "FILE:" added to begin of KRB5CCNAME) - updated README.SuSE - reverted ChallengeResponseAuthentication option to default value yes (necessary for pam authentication) [#31432] ------------------------------------------------------------------- Thu Sep 18 18:34:33 CEST 2003 - postadal@suse.cz - updated to version 3.7.1p1 (with security patches) - removed obsoleted patches: chauthtok.patch, krb-include-fix.diff, gssapi-fix.diff, saveargv-fix.diff, gssapi-20030430.diff, racecondition-fix - updated README.kerberos ------------------------------------------------------------------- Tue Sep 16 16:57:02 CEST 2003 - postadal@suse.cz - fixed race condition in allocating memory [#31025] (CAN-2003-0693) ------------------------------------------------------------------- Mon Sep 15 11:52:20 CEST 2003 - postadal@suse.cz - disabled privilege separation, which caused some problems [#30328] (updated README.SuSE) ------------------------------------------------------------------- Thu Sep 04 11:59:39 CEST 2003 - postadal@suse.cz - fixed bug in x11-ssh-askpass dialog [#25846] (askpass-fix.diff is workaround for gcc bug) ------------------------------------------------------------------- Fri Aug 29 11:39:40 CEST 2003 - kukuk@suse.de - Call useradd -r for system account [Bug #29611] ------------------------------------------------------------------- Mon Aug 25 10:40:37 CEST 2003 - postadal@suse.cz - use new stop_on_removal/restart_on_upate macros - fixed lib64 problem in /etc/ssh/sshd_config [#28766] ------------------------------------------------------------------- Tue Aug 19 11:21:33 CEST 2003 - mmj@suse.de - Add sysconfig metadata [#28943] ------------------------------------------------------------------- Fri Aug 1 01:57:08 CEST 2003 - ro@suse.de - add e2fsprogs-devel to neededforbuild ------------------------------------------------------------------- Thu Jul 24 19:47:14 CEST 2003 - postadal@suse.cz - updated to version 3.6.1p2 - added the new version of patch for GSSAPI (gssapi-20030430.diff), the older one was removed (gssapi.patch) - added README.kerberos to filelist ------------------------------------------------------------------- Tue Jun 3 00:41:08 CEST 2003 - mmj@suse.de - Remove files we don't package ------------------------------------------------------------------- Wed Apr 02 15:03:44 CEST 2003 - postadal@suse.cz - fixed bad behaviour after receiving SIGHUP (this bug caused not working reload of init script) ------------------------------------------------------------------- Tue Mar 18 14:25:08 CET 2003 - postadal@suse.cz - added $remote_fs to init.d script (needed if /usr is on remote fs [#25577]) ------------------------------------------------------------------- Thu Mar 13 17:02:52 CET 2003 - postadal@suse.cz - fixed segfault while using GSSAPI for authentication when connecting to localhost (took care about error value of ssh_gssapi_import_name() in function ssh_gssapi_client_ctx()) ------------------------------------------------------------------- Mon Mar 10 09:28:31 CET 2003 - kukuk@suse.de - Remove extra "/" from pid file path. ------------------------------------------------------------------- Mon Mar 03 16:49:24 CET 2003 - postadal@suse.cz - modified init.d script (now checking sshd.init.pid instead of port 22) [#24263] ------------------------------------------------------------------- Mon Mar 3 16:05:24 CET 2003 - okir@suse.de - added comment to /etc/pam.d/ssh on how to enable support for resmgr (#24363). ------------------------------------------------------------------- Fri Feb 21 18:52:05 CET 2003 - postadal@suse.cz - added ssh-copy-id shell script [#23745] ------------------------------------------------------------------- Fri Feb 14 13:42:14 CET 2003 - postadal@suse.cz - given back gssapi and dns-lookups patches ------------------------------------------------------------------- Wed Jan 22 23:05:35 CET 2003 - postadal@suse.cz - updated to version 3.5p1 - removed obsolete patches: owl-mm, forced-commands-only, krb - added patch krb5 (for heimdal) - temporarily removed gssapi patch and dns-lookups (needs rewriting) - fix sysconfig metadata ------------------------------------------------------------------- Thu Dec 5 10:52:41 CET 2002 - okir@suse.de - avoid Kerberos DNS lookups in the default config (#20395) - added README.kerberos ------------------------------------------------------------------- Thu Sep 19 11:00:46 CEST 2002 - postadal@suse.cz - added info about changes in the new version of openssh to README.SuSE [#19757] ------------------------------------------------------------------- Mon Sep 2 10:39:24 CEST 2002 - okir@suse.de - privsep directory now /var/lib/empty, which is provided by filesystem package (#17556) ------------------------------------------------------------------- Wed Aug 28 05:48:16 CEST 2002 - nashif@suse.de - Added insserv & co to PreReq ------------------------------------------------------------------- Mon Aug 26 11:57:20 CEST 2002 - okir@suse.de - applied patch that adds GSSAPI support in protocol version 2 (#18239) ------------------------------------------------------------------- Thu Aug 22 14:09:43 CEST 2002 - postadal@suse.cz - added the patch to fix malfunction of PermitRootLogin seted to forced-commands-only [#17149] ------------------------------------------------------------------- Fri Aug 9 14:41:30 CEST 2002 - okir@suse.de - syslog now reports kerberos auth method when logging in via kerberos (#17469) ------------------------------------------------------------------- Tue Jul 23 04:34:10 PDT 2002 - okir@suse.de - enabled kerberos support - added patch to support kerberos 5 authentication in privsep mode. - added missing section 5 manpages - added missing ssh-keysign to files list (new for privsep) ------------------------------------------------------------------- Mon Jul 22 14:16:54 CEST 2002 - okir@suse.de - fixed handling of expired passwords in privsep mode ------------------------------------------------------------------- Tue Jul 9 13:48:52 CEST 2002 - mmj@suse.de - Don't source rc.config ------------------------------------------------------------------- Wed Jul 3 01:01:24 CEST 2002 - draht@suse.de - ssh-keygen must be told to explicitly create type rsa1 keys in the start script. ------------------------------------------------------------------- Tue Jul 2 12:03:58 CEST 2002 - ro@suse.de - useradd/groupadd in preinstall to standardize ------------------------------------------------------------------- Sat Jun 29 10:33:18 CEST 2002 - ro@suse.de - updated patch from solar: zero out bytes for no longer used pages in mmap-fallback solution ------------------------------------------------------------------- Thu Jun 27 18:07:37 CEST 2002 - ro@suse.de - updated owl-fallback.diff from solar ------------------------------------------------------------------- Thu Jun 27 17:04:16 CEST 2002 - ro@suse.de - update to 3.4p1 o privilege separation support o overflow fix from ISS - unsplit openssh-server and openssh-client ------------------------------------------------------------------- Tue Jun 18 12:12:41 CEST 2002 - mmj@suse.de - Update to 3.2.3p1 which fixed following compared to 3.2.2p1 o a defect in the BSD_AUTH access control handling for o login/tty problems on Solaris (bug #245) o build problems on Cygwin systems - Split the package to openssh, openssh-server, openssh-client and openssh-askpass ------------------------------------------------------------------- Sun May 19 16:15:03 CEST 2002 - mmj@suse.de - Updated to 3.2.2p which includes security and several bugfixes. ------------------------------------------------------------------- Fri Mar 15 12:05:21 CET 2002 - ro@suse.de - added "Obsoletes: ssh" ------------------------------------------------------------------- Tue Mar 5 17:15:30 MET 2002 - draht@suse.de - security fix for bug in channels.c (channelbug.dif) ------------------------------------------------------------------- Fri Mar 1 15:40:59 CET 2002 - bk@suse.de - fix ssh-agent example to use eval `ssh-agent -s` and a typo. - add sentence on use of ssh-agent with startx ------------------------------------------------------------------- Tue Feb 26 12:31:21 CET 2002 - bk@suse.de - update README.SuSE to improve documentation on protocol version ------------------------------------------------------------------- Wed Feb 13 13:15:41 CET 2002 - cihlar@suse.cz - rewritten addrlist patch - "0.0.0.0" is removed from list after "::" is successful [#8951] ------------------------------------------------------------------- Mon Feb 11 15:17:32 CET 2002 - cihlar@suse.cz - added info about the change of the default protocol version to README.SuSE ------------------------------------------------------------------- Thu Feb 7 12:42:53 CET 2002 - cihlar@suse.cz - removed addrlist patch which fixed bug [#8951] as it breaks functionality on machines with kernel without IPv6 support, bug reopened, new solution will be find - switched to default protocol version 2 - added ssh-keyconvert (thanks Olaf Kirch ) - removed static linking against libcrypto, as crypt() was removed from it [#5333] ------------------------------------------------------------------- Tue Jan 22 15:43:33 CET 2002 - kukuk@suse.de - Add pam_nologin to account management (else it will not be called if user does not do password authentification) ------------------------------------------------------------------- Tue Jan 15 15:49:07 CET 2002 - egmont@suselinux.hu - removed colon from shutdown message ------------------------------------------------------------------- Thu Jan 10 09:27:50 CET 2002 - cihlar@suse.cz - use %{_lib} ------------------------------------------------------------------- Thu Dec 13 01:01:36 CET 2001 - ro@suse.de - moved rc.config.d -> sysconfig ------------------------------------------------------------------- Mon Dec 10 14:07:21 CET 2001 - cihlar@suse.cz - removed START_SSHD ------------------------------------------------------------------- Fri Dec 7 11:26:22 CET 2001 - cihlar@suse.cz - update to version 3.0.2p1: * CheckMail option in sshd_config is deprecated * X11 cookies are now stored in $HOME * fixed a vulnerability in the UseLogin option * /etc/ssh_known_hosts2 and ~/.ssh/known_hosts2 are obsolete, /etc/ssh_known_hosts and ~/.ssh/known_hosts can be used * several minor fixes - update x11-ssh-askpass to version 1.2.4.1: * fixed Imakefile.in - fixed bug in adresses "::" and "0.0.0.0" [#8951] ------------------------------------------------------------------- Fri Oct 5 07:34:11 CEST 2001 - cihlar@suse.cz - update to version 2.9.9p2 - removed obsolete clientloop and command patches - uncommented "HostKey /etc/ssh/ssh_host_rsa_key" in sshd_config - added German translation of e-mail to sysadmin - init script fixed to work when more listening sshd runs - added /bin/netstat to requires ------------------------------------------------------------------- Mon Sep 24 14:25:58 CEST 2001 - cihlar@suse.cz - fixed security problem with sftp & bypassing keypair auth restrictions - patch based on CVS - fixed status part of init script - it returned running even if there were only sshd of connections and no listening sshd [#11220] - fixed stop part of init script - when there was no /var/run/sshd.pid, all sshd were killed ------------------------------------------------------------------- Thu Sep 6 14:31:15 CEST 2001 - nadvornik@suse.cz - added patch for correct buffer flushing from CVS [bug #6450] ------------------------------------------------------------------- Fri Jul 27 09:05:24 CEST 2001 - cihlar@suse.cz - update x11-ssh-askpass to version 1.2.2 ------------------------------------------------------------------- Thu Jul 26 10:55:16 CEST 2001 - cihlar@suse.cz - update to version 2.9p2 - removed obsolete "cookies" patch ------------------------------------------------------------------- Mon Jun 11 11:21:22 CEST 2001 - cihlar@suse.cz - fixed to compile with new xmkmf ------------------------------------------------------------------- Thu Jun 7 09:42:23 CEST 2001 - cihlar@suse.cz - fixed security bug when any file "cookies" could be removed by anybody ------------------------------------------------------------------- Tue Jun 5 12:49:50 CEST 2001 - bjacke@suse.de - generate rsa host key in init script ------------------------------------------------------------------- Tue Jun 5 07:59:41 CEST 2001 - cihlar@suse.cz - removed complete path from PAM modules ------------------------------------------------------------------- Thu May 3 09:36:17 CEST 2001 - cihlar@suse.cz - update to version 2.9p1 - removed obsolete --with-openssl - removed obsolete man patch ------------------------------------------------------------------- Mon Apr 30 07:50:23 CEST 2001 - cihlar@suse.cz - enable PAM support ------------------------------------------------------------------- Fri Apr 13 11:50:26 CEST 2001 - ro@suse.de - fixed specfile for extra README.SuSE ------------------------------------------------------------------- Fri Apr 13 08:03:45 CEST 2001 - cihlar@suse.cz - fixed init script by new skeleton ------------------------------------------------------------------- Thu Mar 22 14:56:50 CET 2001 - cihlar@suse.cz - update to version 2.5.2p2 ------------------------------------------------------------------- Wed Mar 14 14:12:38 CET 2001 - cihlar@suse.cz - fixed ssh man page ------------------------------------------------------------------- Mon Mar 12 07:56:37 CET 2001 - cihlar@suse.cz - update to version 2.5.1p2 - added xf86 to neededforbuild ------------------------------------------------------------------- Fri Mar 9 15:16:59 CET 2001 - schwab@suse.de - Fix missing crypt declaration. ------------------------------------------------------------------- Fri Feb 23 08:57:55 CET 2001 - cihlar@suse.cz - update to version 2.5.1p1 - update x11-ssh-askpass to version 1.2.0 ------------------------------------------------------------------- Tue Feb 20 11:27:20 CET 2001 - cihlar@suse.cz - modified README.SuSE [#4365] - fixed start script to agree with skeleton - fixed start script so "stop" kills only sshd listening for connections - compiled with --with-openssl - "ListenAddress 0.0.0.0" in sshd_config commented out - listen on both ipv4 and ipv6 - fixed var/adm/notify/messages/openssh_update [#6406] ------------------------------------------------------------------- Thu Jan 25 15:02:01 CET 2001 - smid@suse.cz - startup script fixed [#5559] ------------------------------------------------------------------- Tue Jan 16 09:40:50 CET 2001 - nadvornik@suse.cz - libcrypto linked static [#5333] ------------------------------------------------------------------- Thu Jan 11 13:41:48 CET 2001 - cihlar@suse.cz - uncomment sftp-server part in sshd_config - added /usr/X11R6/lib/X11/app-defaults/SshAskpass to %files ------------------------------------------------------------------- Thu Jan 11 12:37:10 CET 2001 - cihlar@suse.cz - fixed %files [#5230] - fixed installation of x11-ssh-askpass to BuildRoot - added man pages of x11-ssh-askpass ------------------------------------------------------------------- Wed Jan 10 11:54:42 CET 2001 - smid@suse.cz - notice about how to enable ipv6 added to mail - for administrator [#5297] ------------------------------------------------------------------- Wed Dec 13 10:43:25 CET 2000 - smid@suse.cz - default ipv6 listennig disabled (problems with libc2.2) [#4588] ------------------------------------------------------------------- Tue Dec 5 14:03:35 CET 2000 - smid@suse.cz - notify message changed ------------------------------------------------------------------- Mon Dec 4 21:45:35 CET 2000 - lmuelle@suse.de - fixed provides/ conflicts to ssh ------------------------------------------------------------------- Thu Nov 30 16:03:34 CET 2000 - smid@suse.cz - path to ssh-askpass fixed - stop in %preun removed - new init style ------------------------------------------------------------------- Sun Nov 26 23:53:53 CET 2000 - schwab@suse.de - Restore rcsshd link. ------------------------------------------------------------------- Sun Nov 26 15:34:12 CET 2000 - kukuk@suse.de - Add openssl-devel to neededforbuild ------------------------------------------------------------------- Mon Nov 20 16:11:34 CET 2000 - smid@suse.cz - New version 2.3.0 ------------------------------------------------------------------- Wed Sep 6 12:52:06 CEST 2000 - smid@suse.cz - remove --with-ipv4-default option ------------------------------------------------------------------- Wed Jul 5 19:04:28 CEST 2000 - garloff@suse.de - ... and tell the sysadmin and user more about what they can do about it (schwab). ------------------------------------------------------------------- Wed Jul 5 00:55:37 CEST 2000 - garloff@suse.de - Inform the user (admin) about the fact that the default behaviour with respect to X11-forwarding has been changed to be disabled. ------------------------------------------------------------------- Wed Jun 28 13:11:08 CEST 2000 - smid@suse.cz - warning that generating DSA key can an take a long time. (bugzilla 3015) - writing to wtmp and lastlog fixed (bugzilla 3024) - reading config file (parameter Protocol) fixed ------------------------------------------------------------------- Fri Jun 16 10:42:52 CEST 2000 - garloff@suse.de - Added generation of ssh_host_dsa_key ------------------------------------------------------------------- Tue Jun 13 08:32:19 MEST 2000 - nadvornik@suse.cz - update to 2.1.1p1 ------------------------------------------------------------------- Thu Jun 8 10:10:55 MEST 2000 - cihlar@suse.cz - uncommented %clean ------------------------------------------------------------------- Fri May 5 13:08:15 CEST 2000 - smid@suse.cz - buildroot added - upgrade to 1.2.3 ------------------------------------------------------------------- Tue Mar 21 09:50:57 CET 2000 - kukuk@suse.de - Update to 1.2.2p1 ------------------------------------------------------------------- Mon Mar 6 12:03:49 CET 2000 - kukuk@suse.de - Fix the diff. ------------------------------------------------------------------- Sun Mar 5 18:22:07 CET 2000 - kukuk@suse.de - Add a README.SuSE with a short description how to use ssh-add ------------------------------------------------------------------- Tue Feb 29 21:03:50 CET 2000 - schwab@suse.de - Update config.{guess,sub}. ------------------------------------------------------------------- Fri Feb 25 11:01:24 CET 2000 - kukuk@suse.de - Fix need for build, add group tag. ------------------------------------------------------------------- Wed Feb 2 09:23:13 CET 2000 - kukuk@suse.de - Change new defaults back to old one ------------------------------------------------------------------- Sun Jan 30 12:51:49 CET 2000 - kukuk@suse.de - Add x11-ssh-askpass to filelist ------------------------------------------------------------------- Fri Jan 28 18:03:50 CET 2000 - kukuk@suse.de - Update to OpenSSH 1.2.2 - Add x11-ssh-askpass-1.0 ------------------------------------------------------------------- Tue Jan 25 15:57:09 CET 2000 - kukuk@suse.de - Add reload and status to /sbin/init.d/sshd [Bug 1747] ------------------------------------------------------------------- Thu Jan 20 17:26:02 CET 2000 - kukuk@suse.de - Update to 1.2.1pre27 with IPv6 support ------------------------------------------------------------------- Fri Dec 31 21:18:10 CET 1999 - kukuk@suse.de - Initial version