Go to file
Tomáš Chvátal 8d7787adc5 Accepting request 230190 from network
- Update of the underlying OpenSSH to 6.6p1

- Remove uneeded dependency on the OpenLDAP server (openldap2)
  from openssh-helpers. openssh-helpers just depends on the 
  openldap client libraries, which will be auto-generated by rpm.

- update to 6.6p1
  Security:
  * sshd(8): when using environment passing with a sshd_config(5)
    AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could
    be tricked into accepting any enviornment variable that
    contains the characters before the wildcard character.
  Features since 6.5p1:
  * ssh(1), sshd(8): removal of the J-PAKE authentication code,
    which was experimental, never enabled and has been
    unmaintained for some time.
  * ssh(1): skip 'exec' clauses other clauses predicates failed
    to match while processing Match blocks.
  * ssh(1): if hostname canonicalisation is enabled and results
    in the destination hostname being changed, then re-parse
    ssh_config(5) files using the new destination hostname. This
    gives 'Host' and 'Match' directives that use the expanded
    hostname a chance to be applied.
  Bugfixes:
  * ssh(1): avoid spurious "getsockname failed: Bad file
    descriptor" in ssh -W. bz#2200, debian#738692
  * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and
    systrace sandbox modes, as it is reachable if the connection
    is terminated during the pre-auth phase.
  * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1

OBS-URL: https://build.opensuse.org/request/show/230190
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=95
2014-04-17 12:43:46 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
openssh-6.6p1-audit1-remove_duplicit_audit.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-audit2-better_audit_of_user_actions.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-audit3_fips-key_auth_usage.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-audit3-key_auth_usage.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-audit4_fips-kex_results.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-audit4-kex_results.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-audit5-session_key_destruction.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-audit6-server_key_destruction.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-audit7-libaudit_compat.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-audit8-libaudit_dns_timeouts.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-blocksigalrm.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-default-protocol.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-disable-openssl-abi-check.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-eal3.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-fingerprint_hash.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-fips-checks.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-fips.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-gssapi_key_exchange.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-gssapimitm.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-host_ident.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-key-converter.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-lastlog.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-ldap.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-login_options.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-no_fork-no_pid_file.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-pam-check-locks.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-pam-fix2.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-pam-fix3.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-pts.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-saveargv-fix.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-seccomp_getuid.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-seed-prng.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-send_locale.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-sftp_force_permissions.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-sftp_homechroot.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-X11-forwarding.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-X_forward_with_disabled_ipv6.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-xauth.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1-xauthlocalhostname.patch Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-6.6p1.tar.gz Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-askpass-gnome.changes Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh-askpass-gnome.spec Accepting request 230097 from home:pcerny:factory 2014-04-14 21:53:01 +00:00
openssh.changes Accepting request 230167 from home:rhafer:branches:network 2014-04-15 11:28:24 +00:00
openssh.spec Accepting request 230167 from home:rhafer:branches:network 2014-04-15 11:28:24 +00:00
README.kerberos OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
README.SuSE Accepting request 48012 from Base:System 2010-09-17 19:02:24 +00:00
ssh-askpass Accepting request 199679 from home:pcerny:factory 2013-09-19 04:09:33 +00:00
ssh.reg OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
sshd-gen-keys-start Accepting request 199679 from home:pcerny:factory 2013-09-19 04:09:33 +00:00
sshd.fw OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=7 2007-07-27 00:01:43 +00:00
sshd.init Accepting request 222365 from home:pcerny:factory 2014-02-14 14:54:10 +00:00
sshd.pamd Accepting request 199679 from home:pcerny:factory 2013-09-19 04:09:33 +00:00
sshd.service Accepting request 222365 from home:pcerny:factory 2014-02-14 14:54:10 +00:00
sysconfig.ssh Accepting request 88642 from home:pcerny:factory 2011-10-19 02:18:13 +00:00

This is OpenSSH version 5.6p1.

There are following changes in default settings of ssh client: 

* Accepting and sending of locale environment variables in protocol 2 is
  enabled.

* New host keys will be hashed to and them unusable for malicious people or
  software trying to use known_hosts to find further hops.

* Tunneled clear text passwords are disabled.

* PAM authentication is enabled.

* Only support for protocol 2 is enabled.