Accepting request 679869 from home:vitezslav_cizek:branches:network

- Remove the "KexDHMin" config keyword (bsc#1127180) It used to allow lowering of the minimal allowed DH group size, which was increased to 2048 by upstream in the light of the Logjam attack. The code was broken since the upgrade to 7.6p1, but nobody noticed. As apparently no one needs the functionality any more, let's drop the patch. It's still possible to use the fixed 1024-bit diffie-hellman-group1-sha1 key exchange method when working with legacy systems. - drop openssh-7.7p1-disable_short_DH_parameters.patch - updated patches: openssh-7.7p1-fips.patch openssh-7.7p1-fips_checks.patch openssh-7.7p1-gssapi_key_exchange.patch OBS-URL: https://build.opensuse.org/request/show/679869 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=181
2019-02-27 15:39:11 +00:00
parent afefdefb8a
commit 5fcc01190a
6 changed files with 204 additions and 727 deletions
--- a/openssh.changes
+++ b/openssh.changes
@@ -1,3 +1,21 @@
+-------------------------------------------------------------------
+Wed Feb 27 12:29:05 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
+
+- Remove the "KexDHMin" config keyword (bsc#1127180)
+  It used to allow lowering of the minimal allowed DH group size,
+  which was increased to 2048 by upstream in the light of the Logjam
+  attack.
+  The code was broken since the upgrade to 7.6p1, but nobody noticed.
+  As apparently no one needs the functionality any more, let's drop
+  the patch.
+  It's still possible to use the fixed 1024-bit diffie-hellman-group1-sha1
+  key exchange method when working with legacy systems.
+- drop openssh-7.7p1-disable_short_DH_parameters.patch
+- updated patches:
+  openssh-7.7p1-fips.patch
+  openssh-7.7p1-fips_checks.patch
+  openssh-7.7p1-gssapi_key_exchange.patch
+
 -------------------------------------------------------------------
 Mon Feb 18 10:01:45 UTC 2019 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>