From 22f435a6cbbd9c23feae30a6b1be012fd3e11dc6a34ad7ff32feed1de0780e35 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 13 Nov 2012 10:18:36 +0000 Subject: [PATCH 1/2] Accepting request 141090 from home:kukuk:branches:network - Fix groupadd arguments - Add LSB tag to sshd init script OBS-URL: https://build.opensuse.org/request/show/141090 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=41 --- openssh.changes | 6 ++++++ openssh.spec | 2 +- sshd.init | 1 + 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/openssh.changes b/openssh.changes index 58acdd6..933a37c 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Tue Nov 13 10:26:16 CET 2012 - kukuk@suse.de + +- Fix groupadd arguments +- Add LSB tag to sshd init script + ------------------------------------------------------------------- Fri Oct 26 15:01:21 UTC 2012 - coolo@suse.com diff --git a/openssh.spec b/openssh.spec index b9df6b1..2e4e94e 100644 --- a/openssh.spec +++ b/openssh.spec @@ -177,7 +177,7 @@ install -D -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/sshd.service %endif %pre -getent group sshd >/dev/null || %{_sbindir}/groupadd -o -r sshd +getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd %if 0%{?has_systemd} %service_add_pre sshd.service diff --git a/sshd.init b/sshd.init index 86ce3ba..d5b5a1a 100644 --- a/sshd.init +++ b/sshd.init @@ -16,6 +16,7 @@ # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Description: Start the sshd daemon +# Short-Description: Start the sshd daemon ### END INIT INFO SSHD_BIN=/usr/sbin/sshd From 41221d925c444faa1e8305d8dea0d69fe80e19c583d05af86e0f4489bddf7a3f Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Tue, 13 Nov 2012 10:50:53 +0000 Subject: [PATCH 2/2] - Updated to 6.1p1, a bugfix release Features: * sshd(8): This release turns on pre-auth sandboxing sshd by default for new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config. * ssh-keygen(1): Add options to specify starting line number and number of lines to process when screening moduli candidates, allowing processing of different parts of a candidate moduli file in parallel * sshd(8): The Match directive now supports matching on the local (listen) address and port upon which the incoming connection was received via LocalAddress and LocalPort clauses. * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv and {Allow,Deny}{Users,Groups} * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978 * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8 * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as an argument to refuse all port-forwarding requests. * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971 * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators to append some arbitrary text to the server SSH protocol banner. Bugfixes: * ssh(1)/sshd(8): Don't spin in accept() in situations of file descriptor exhaustion. Instead back off for a while. * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as they were removed from the specification. bz#2023, * sshd(8): Handle long comments in config files better. bz#2025 * ssh(1): Delay setting tty_flag so RequestTTY options are correctly picked up. bz#1995 * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root on platforms that use login_cap. OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=42 --- openssh-6.0p1.tar.gz | 3 --- openssh-6.1p1.tar.gz | 3 +++ openssh-askpass-gnome.changes | 41 +++++++++++++++++++++++++++++++++++ openssh-askpass-gnome.spec | 2 +- openssh.changes | 41 +++++++++++++++++++++++++++++++++++ openssh.spec | 2 +- 6 files changed, 87 insertions(+), 5 deletions(-) delete mode 100644 openssh-6.0p1.tar.gz create mode 100644 openssh-6.1p1.tar.gz diff --git a/openssh-6.0p1.tar.gz b/openssh-6.0p1.tar.gz deleted file mode 100644 index 8aa2046..0000000 --- a/openssh-6.0p1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:589d48e952d6c017e667873486b5df63222f9133d417d0002bd6429d9bd882de -size 1126034 diff --git a/openssh-6.1p1.tar.gz b/openssh-6.1p1.tar.gz new file mode 100644 index 0000000..b200e48 --- /dev/null +++ b/openssh-6.1p1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411 +size 1134820 diff --git a/openssh-askpass-gnome.changes b/openssh-askpass-gnome.changes index 6b817af..d108c12 100644 --- a/openssh-askpass-gnome.changes +++ b/openssh-askpass-gnome.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Tue Nov 13 10:51:12 UTC 2012 - meissner@suse.com + +- Updated to 6.1p1, a bugfix release + Features: + * sshd(8): This release turns on pre-auth sandboxing sshd by default for + new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config. + * ssh-keygen(1): Add options to specify starting line number and number of + lines to process when screening moduli candidates, allowing processing + of different parts of a candidate moduli file in parallel + * sshd(8): The Match directive now supports matching on the local (listen) + address and port upon which the incoming connection was received via + LocalAddress and LocalPort clauses. + * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv + and {Allow,Deny}{Users,Groups} + * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978 + * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8 + * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as + an argument to refuse all port-forwarding requests. + * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile + * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971 + * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators + to append some arbitrary text to the server SSH protocol banner. + Bugfixes: + * ssh(1)/sshd(8): Don't spin in accept() in situations of file + descriptor exhaustion. Instead back off for a while. + * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as + they were removed from the specification. bz#2023, + * sshd(8): Handle long comments in config files better. bz#2025 + * ssh(1): Delay setting tty_flag so RequestTTY options are correctly + picked up. bz#1995 + * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root + on platforms that use login_cap. + Portable OpenSSH: + * sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit + sandbox from the Linux SECCOMP filter sandbox when the latter is + not available in the kernel. + * ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to + retrieve a CNAME SSHFP record. + * Fix cross-compilation problems related to pkg-config. bz#1996 + ------------------------------------------------------------------- Wed Jun 27 09:51:19 UTC 2012 - coolo@suse.com diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index 33294fa..7ccc316 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -26,7 +26,7 @@ BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: tcpd-devel BuildRequires: update-desktop-files -Version: 6.0p1 +Version: 6.1p1 Release: 0 Requires: openssh = %{version} Summary: A GNOME-Based Passphrase Dialog for OpenSSH diff --git a/openssh.changes b/openssh.changes index 933a37c..b481d76 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,44 @@ +------------------------------------------------------------------- +Tue Nov 13 10:26:37 UTC 2012 - meissner@suse.com + +- Updated to 6.1p1, a bugfix release + Features: + * sshd(8): This release turns on pre-auth sandboxing sshd by default for + new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config. + * ssh-keygen(1): Add options to specify starting line number and number of + lines to process when screening moduli candidates, allowing processing + of different parts of a candidate moduli file in parallel + * sshd(8): The Match directive now supports matching on the local (listen) + address and port upon which the incoming connection was received via + LocalAddress and LocalPort clauses. + * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv + and {Allow,Deny}{Users,Groups} + * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978 + * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8 + * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as + an argument to refuse all port-forwarding requests. + * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile + * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971 + * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators + to append some arbitrary text to the server SSH protocol banner. + Bugfixes: + * ssh(1)/sshd(8): Don't spin in accept() in situations of file + descriptor exhaustion. Instead back off for a while. + * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as + they were removed from the specification. bz#2023, + * sshd(8): Handle long comments in config files better. bz#2025 + * ssh(1): Delay setting tty_flag so RequestTTY options are correctly + picked up. bz#1995 + * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root + on platforms that use login_cap. + Portable OpenSSH: + * sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit + sandbox from the Linux SECCOMP filter sandbox when the latter is + not available in the kernel. + * ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to + retrieve a CNAME SSHFP record. + * Fix cross-compilation problems related to pkg-config. bz#1996 + ------------------------------------------------------------------- Tue Nov 13 10:26:16 CET 2012 - kukuk@suse.de diff --git a/openssh.spec b/openssh.spec index 2e4e94e..115dac8 100644 --- a/openssh.spec +++ b/openssh.spec @@ -33,7 +33,7 @@ BuildRequires: tcpd-devel Requires: /bin/netstat PreReq: pwdutils %{insserv_prereq} %{fillup_prereq} coreutils Conflicts: nonfreessh -Version: 6.0p1 +Version: 6.1p1 Release: 0 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program)