6dac324cb7
- enable support for SSHv1 protocol and discourage its usage (bsc#983307) - enable DSA by default for backward compatibility and discourage its usage (bsc#983784) [openssh-7.2p2-allow_DSS_by_default.patch] - upgrade to 7.2p2 upstream package without any SUSE patches Distilled upstream log: - OpenSSH 6.7 Potentially-incompatible changes: * sshd(8): The default set of ciphers and MACs has been altered to remove unsafe algorithms. In particular, CBC ciphers and arcfour* are disabled by default. The full set of algorithms remains available if configured explicitly via the Ciphers and MACs sshd_config options. * sshd(8): Support for tcpwrappers/libwrap has been removed. * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of connections using the curve25519-sha256@libssh.org KEX exchange method to fail when connecting with something that implements the specification correctly. OpenSSH 6.7 disables this KEX method when speaking to one of the affected versions. New Features: * ssh(1), sshd(8): Add support for Unix domain socket forwarding. A remote TCP port may be forwarded to a local Unix domain socket and vice versa or both ends may be a Unix domain socket. * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for ED25519 key types. OBS-URL: https://build.opensuse.org/request/show/407066 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=107
30 lines
949 B
Diff
30 lines
949 B
Diff
# HG changeset patch
|
|
# Parent 2aa634b7522f34ddbd380c96df4e750df0608604
|
|
# posix threads are generally not supported nor safe
|
|
# (see upstream log from 2005-05-24)
|
|
# --used to be called '-pam-fix3'
|
|
|
|
diff --git a/openssh-7.2p2/auth-pam.c b/openssh-7.2p2/auth-pam.c
|
|
--- a/openssh-7.2p2/auth-pam.c
|
|
+++ b/openssh-7.2p2/auth-pam.c
|
|
@@ -782,17 +782,19 @@ sshpam_query(void *ctx, char **name, cha
|
|
}
|
|
if (type == PAM_SUCCESS) {
|
|
if (!sshpam_authctxt->valid ||
|
|
(sshpam_authctxt->pw->pw_uid == 0 &&
|
|
options.permit_root_login != PERMIT_YES))
|
|
fatal("Internal error: PAM auth "
|
|
"succeeded when it should have "
|
|
"failed");
|
|
+#ifndef UNSUPPORTED_POSIX_THREADS_HACK
|
|
import_environments(&buffer);
|
|
+#endif
|
|
*num = 0;
|
|
**echo_on = 0;
|
|
ctxt->pam_done = 1;
|
|
free(msg);
|
|
return (0);
|
|
}
|
|
error("PAM: %s for %s%.100s from %.100s", msg,
|
|
sshpam_authctxt->valid ? "" : "illegal user ",
|