Accepting request 141129 from network

- Updated to 6.1p1, a bugfix release
  Features:
 * sshd(8): This release turns on pre-auth sandboxing sshd by default for
   new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
 * ssh-keygen(1): Add options to specify starting line number and number of
   lines to process when screening moduli candidates, allowing processing
   of different parts of a candidate moduli file in parallel
 * sshd(8): The Match directive now supports matching on the local (listen)
   address and port upon which the incoming connection was received via
   LocalAddress and LocalPort clauses.
 * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
   and {Allow,Deny}{Users,Groups}
 * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
 * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
 * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
   an argument to refuse all port-forwarding requests.
 * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
 * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
 * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
   to append some arbitrary text to the server SSH protocol banner.
 Bugfixes:
 * ssh(1)/sshd(8): Don't spin in accept() in situations of file
   descriptor exhaustion. Instead back off for a while.
 * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
   they were removed from the specification. bz#2023,
 * sshd(8): Handle long comments in config files better. bz#2025
 * ssh(1): Delay setting tty_flag so RequestTTY options are correctly
   picked up. bz#1995
 * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
   on platforms that use login_cap.

OBS-URL: https://build.opensuse.org/request/show/141129
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=82

openssh-6.0p1.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:589d48e952d6c017e667873486b5df63222f9133d417d0002bd6429d9bd882de
-size 1126034

openssh-6.1p1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411
+size 1134820

openssh-askpass-gnome.changes

@@ -1,3 +1,44 @@
+-------------------------------------------------------------------
+Tue Nov 13 10:51:12 UTC 2012 - meissner@suse.com
+
+- Updated to 6.1p1, a bugfix release
+  Features:
+ * sshd(8): This release turns on pre-auth sandboxing sshd by default for
+   new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
+ * ssh-keygen(1): Add options to specify starting line number and number of
+   lines to process when screening moduli candidates, allowing processing
+   of different parts of a candidate moduli file in parallel
+ * sshd(8): The Match directive now supports matching on the local (listen)
+   address and port upon which the incoming connection was received via
+   LocalAddress and LocalPort clauses.
+ * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
+   and {Allow,Deny}{Users,Groups}
+ * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
+ * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
+ * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
+   an argument to refuse all port-forwarding requests.
+ * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
+ * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
+ * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
+   to append some arbitrary text to the server SSH protocol banner.
+ Bugfixes:
+ * ssh(1)/sshd(8): Don't spin in accept() in situations of file
+   descriptor exhaustion. Instead back off for a while.
+ * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
+   they were removed from the specification. bz#2023,
+ * sshd(8): Handle long comments in config files better. bz#2025
+ * ssh(1): Delay setting tty_flag so RequestTTY options are correctly
+   picked up. bz#1995
+ * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
+   on platforms that use login_cap.
+ Portable OpenSSH:
+ * sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit
+   sandbox from the Linux SECCOMP filter sandbox when the latter is
+   not available in the kernel.
+ * ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to
+   retrieve a CNAME SSHFP record.
+ * Fix cross-compilation problems related to pkg-config. bz#1996
+
 -------------------------------------------------------------------
 Wed Jun 27 09:51:19 UTC 2012 - coolo@suse.com
 

openssh-askpass-gnome.spec

@@ -26,7 +26,7 @@ BuildRequires:  openssl-devel
 BuildRequires:  pam-devel
 BuildRequires:  tcpd-devel
 BuildRequires:  update-desktop-files
-Version:        6.0p1
+Version:        6.1p1
 Release:        0
 Requires:       openssh = %{version}
 Summary:        A GNOME-Based Passphrase Dialog for OpenSSH

openssh.changes

@@ -1,3 +1,50 @@
+-------------------------------------------------------------------
+Tue Nov 13 10:26:37 UTC 2012 - meissner@suse.com
+
+- Updated to 6.1p1, a bugfix release
+  Features:
+ * sshd(8): This release turns on pre-auth sandboxing sshd by default for
+   new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
+ * ssh-keygen(1): Add options to specify starting line number and number of
+   lines to process when screening moduli candidates, allowing processing
+   of different parts of a candidate moduli file in parallel
+ * sshd(8): The Match directive now supports matching on the local (listen)
+   address and port upon which the incoming connection was received via
+   LocalAddress and LocalPort clauses.
+ * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
+   and {Allow,Deny}{Users,Groups}
+ * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
+ * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
+ * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
+   an argument to refuse all port-forwarding requests.
+ * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
+ * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
+ * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
+   to append some arbitrary text to the server SSH protocol banner.
+ Bugfixes:
+ * ssh(1)/sshd(8): Don't spin in accept() in situations of file
+   descriptor exhaustion. Instead back off for a while.
+ * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
+   they were removed from the specification. bz#2023,
+ * sshd(8): Handle long comments in config files better. bz#2025
+ * ssh(1): Delay setting tty_flag so RequestTTY options are correctly
+   picked up. bz#1995
+ * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
+   on platforms that use login_cap.
+ Portable OpenSSH:
+ * sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit
+   sandbox from the Linux SECCOMP filter sandbox when the latter is
+   not available in the kernel.
+ * ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to
+   retrieve a CNAME SSHFP record.
+ * Fix cross-compilation problems related to pkg-config. bz#1996
+
+-------------------------------------------------------------------
+Tue Nov 13 10:26:16 CET 2012 - kukuk@suse.de
+
+- Fix groupadd arguments
+- Add LSB tag to sshd init script
+
 -------------------------------------------------------------------
 Fri Oct 26 15:01:21 UTC 2012 - coolo@suse.com
 

openssh.spec

@@ -33,7 +33,7 @@ BuildRequires:  tcpd-devel
 Requires:       /bin/netstat
 PreReq:         pwdutils %{insserv_prereq} %{fillup_prereq} coreutils
 Conflicts:      nonfreessh
-Version:        6.0p1
+Version:        6.1p1
 Release:        0
 %define xversion 1.2.4.1
 Summary:        Secure Shell Client and Server (Remote Login Program)
@@ -177,7 +177,7 @@ install -D -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/sshd.service
 %endif
 
 %pre
-getent group sshd >/dev/null || %{_sbindir}/groupadd -o -r sshd
+getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd
 getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd
 %if 0%{?has_systemd}
 %service_add_pre sshd.service

sshd.init

@@ -16,6 +16,7 @@
 # Default-Start: 3 5
 # Default-Stop: 0 1 2 6
 # Description: Start the sshd daemon
+# Short-Description: Start the sshd daemon
 ### END INIT INFO
 
 SSHD_BIN=/usr/sbin/sshd