08f9072513
- Update of the underlying OpenSSH to 6.5p1
- Update to 6.5p1
Features since 6.4p1:
* ssh(1), sshd(8): support for key exchange using ECDH in
Daniel Bernstein's Curve25519; default when both the client
and server support it.
* ssh(1), sshd(8): support for Ed25519 as a public key type fo
rboth server and client. Ed25519 is an EC signature offering
better security than ECDSA and DSA and good performance.
* Add a new private key format that uses a bcrypt KDF to better
protect keys at rest. Used unconditionally for Ed25519 keys,
on demand for other key types via the -o ssh-keygen(1)
option. Intended to become default in the near future.
Details documented in PROTOCOL.key.
* ssh(1), sshd(8): new transport cipher
"chacha20-poly1305@openssh.com" combining Daniel Bernstein's
ChaCha20 stream cipher and Poly1305 MAC to build an
authenticated encryption mode. Details documented
PROTOCOL.chacha20poly1305.
* ssh(1), sshd(8): refuse RSA keys from old proprietary clients
and servers that use the obsolete RSA+MD5 signature scheme.
It will still be possible to connect with these
clients/servers but only DSA keys will be accepted, and
OpenSSH will refuse connection entirely in a future release.
* ssh(1), sshd(8): refuse old proprietary clients and servers
that use a weaker key exchange hash calculation.
* ssh(1): increase the size of the Diffie-Hellman groups
requested for each symmetric key size. New values from NIST
Special Publication 800-57 with the upper limit specified by
OBS-URL: https://build.opensuse.org/request/show/222365
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=63
47 lines
1.4 KiB
Diff
47 lines
1.4 KiB
Diff
# use same lines naming as utempter (prevents problems with using different
|
|
# formats in ?tmp? files)
|
|
|
|
diff --git a/openssh-6.5p1/loginrec.c b/openssh-6.5p1/loginrec.c
|
|
--- a/openssh-6.5p1/loginrec.c
|
|
+++ b/openssh-6.5p1/loginrec.c
|
|
@@ -538,17 +538,17 @@ getlast_entry(struct logininfo *li)
|
|
/*
|
|
* 'line' string utility functions
|
|
*
|
|
* These functions process the 'line' string into one of three forms:
|
|
*
|
|
* 1. The full filename (including '/dev')
|
|
* 2. The stripped name (excluding '/dev')
|
|
* 3. The abbreviated name (e.g. /dev/ttyp00 -> yp00
|
|
- * /dev/pts/1 -> ts/1 )
|
|
+ * /dev/pts/1 -> /1 )
|
|
*
|
|
* Form 3 is used on some systems to identify a .tmp.? entry when
|
|
* attempting to remove it. Typically both addition and removal is
|
|
* performed by one application - say, sshd - so as long as the choice
|
|
* uniquely identifies a terminal it's ok.
|
|
*/
|
|
|
|
|
|
@@ -599,16 +599,20 @@ line_abbrevname(char *dst, const char *s
|
|
/* Always skip prefix if present */
|
|
if (strncmp(src, "/dev/", 5) == 0)
|
|
src += 5;
|
|
|
|
#ifdef WITH_ABBREV_NO_TTY
|
|
if (strncmp(src, "tty", 3) == 0)
|
|
src += 3;
|
|
#endif
|
|
+ if (strncmp(src, "pts/", 4) == 0) {
|
|
+ src += 3;
|
|
+ if (strlen(src) > 4) src++;
|
|
+ }
|
|
|
|
len = strlen(src);
|
|
|
|
if (len > 0) {
|
|
if (((int)len - dstsize) > 0)
|
|
src += ((int)len - dstsize);
|
|
|
|
/* note: _don't_ change this to strlcpy */
|