Accepting request 407066 from home:pcerny:factory

- enable support for SSHv1 protocol and discourage its usage
  (bsc#983307)
- enable DSA by default for backward compatibility and discourage
  its usage (bsc#983784)
  [openssh-7.2p2-allow_DSS_by_default.patch]

- upgrade to 7.2p2
  upstream package without any SUSE patches
  Distilled upstream log:
- OpenSSH 6.7
  Potentially-incompatible changes:
  * sshd(8): The default set of ciphers and MACs has been
    altered to remove unsafe algorithms. In particular, CBC
    ciphers and arcfour* are disabled by default.
    The full set of algorithms remains available if configured
    explicitly via the Ciphers and MACs sshd_config options.
  * sshd(8): Support for tcpwrappers/libwrap has been removed.
  * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of
    connections using the curve25519-sha256@libssh.org KEX
    exchange method to fail when connecting with something that
    implements the specification correctly. OpenSSH 6.7 disables
    this KEX method when speaking to one of the affected
    versions.
  New Features:
  * ssh(1), sshd(8): Add support for Unix domain socket
    forwarding. A remote TCP port may be forwarded to a local
    Unix domain socket and vice versa or both ends may be a Unix
    domain socket.
  * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for
    ED25519 key types.

OBS-URL: https://build.opensuse.org/request/show/407066
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=107

README.SUSE

@@ -13,5 +13,14 @@ There are following changes in default settings of ssh client and server:
   either "prohibit-password" or even better to "no" (which disables direct
   remote root login entirely).
 
+* SSH protocol version 1 is enabled for maximum compatibility.
+  NOTE: do not use protocol version 1. It is less secure then v2 and should
+  generally be phased out.
+
+* DSA authentication is enabled by default for maximum compatibility.
+  NOTE: do not use DSA authentication since it is being phased out for a reason
+  - the size of DSA keys is limited by the standard to 1024 bits which cannot
+  be considered safe any more.
+
 For more information on differences in SUSE OpenSSH package see README.FIPS
 

openssh-7.2p2-X11_trusted_forwarding.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  e75958369c26f618744c229ef1a9925d8ccb1dcb
+# Parent  48bbbfeff186061b7fd4795bff15f15f571e2c8f
 # enable trusted X11 forwarding by default in both sshd and sshsystem-wide
 # configuration
 # bnc#50836 (was suse #35836)

openssh-7.2p2-allow_DSS_by_default.patch

@@ -0,0 +1,129 @@
+# HG changeset patch
+# Parent  2730f36bee0d6e141d8391b414a702e1add5a853
+Enable DSS authentication by default to maintain compatibility with older
+versions.
+
+bsc#983784
+
+diff --git a/openssh-7.2p2/myproposal.h b/openssh-7.2p2/myproposal.h
+--- a/openssh-7.2p2/myproposal.h
++++ b/openssh-7.2p2/myproposal.h
+@@ -94,21 +94,23 @@
+ #define KEX_CLIENT_KEX KEX_COMMON_KEX \
+ 	"diffie-hellman-group-exchange-sha1," \
+ 	"diffie-hellman-group14-sha1"
+ 
+ #define	KEX_DEFAULT_PK_ALG	\
+ 	HOSTKEY_ECDSA_CERT_METHODS \
+ 	"ssh-ed25519-cert-v01@openssh.com," \
+ 	"ssh-rsa-cert-v01@openssh.com," \
++	"ssh-dss-cert-v01@openssh.com," \
+ 	HOSTKEY_ECDSA_METHODS \
+ 	"ssh-ed25519," \
+ 	"rsa-sha2-512," \
+ 	"rsa-sha2-256," \
+-	"ssh-rsa"
++	"ssh-rsa," \
++	"ssh-dss"
+ 
+ /* the actual algorithms */
+ 
+ #define KEX_SERVER_ENCRYPT \
+ 	"chacha20-poly1305@openssh.com," \
+ 	"aes128-ctr,aes192-ctr,aes256-ctr" \
+ 	AESGCM_CIPHER_MODES
+ 
+diff --git a/openssh-7.2p2/ssh_config.5 b/openssh-7.2p2/ssh_config.5
+--- a/openssh-7.2p2/ssh_config.5
++++ b/openssh-7.2p2/ssh_config.5
+@@ -887,19 +887,19 @@ Alternately if the specified value begin
+ character, then the specified key types will be appended to the default set
+ instead of replacing them.
+ The default for this option is:
+ .Bd -literal -offset 3n
+ ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ ssh-ed25519-cert-v01@openssh.com,
+-ssh-rsa-cert-v01@openssh.com,
++ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
+ ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,ssh-rsa
++ssh-ed25519,ssh-rsa,ssh-dss
+ .Ed
+ .Pp
+ If hostkeys are known for the destination host then this default is modified
+ to prefer their algorithms.
+ .Pp
+ The list of available key types may also be obtained using the
+ .Fl Q
+ option of
+@@ -1325,19 +1325,19 @@ Alternately if the specified value begin
+ character, then the key types after it will be appended to the default
+ instead of replacing it.
+ The default for this option is:
+ .Bd -literal -offset 3n
+ ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ ssh-ed25519-cert-v01@openssh.com,
+-ssh-rsa-cert-v01@openssh.com,
++ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
+ ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,ssh-rsa
++ssh-ed25519,ssh-rsa,ssh-dss
+ .Ed
+ .Pp
+ The
+ .Fl Q
+ option of
+ .Xr ssh 1
+ may be used to list supported key types.
+ .It Cm PubkeyAuthentication
+diff --git a/openssh-7.2p2/sshd_config.5 b/openssh-7.2p2/sshd_config.5
+--- a/openssh-7.2p2/sshd_config.5
++++ b/openssh-7.2p2/sshd_config.5
+@@ -651,19 +651,19 @@ Alternately if the specified value begin
+ character, then the specified key types will be appended to the default set
+ instead of replacing them.
+ The default for this option is:
+ .Bd -literal -offset 3n
+ ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ ssh-ed25519-cert-v01@openssh.com,
+-ssh-rsa-cert-v01@openssh.com,
++ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
+ ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,ssh-rsa
++ssh-ed25519,ssh-rsa,ssh-dss
+ .Ed
+ .Pp
+ The
+ .Fl Q
+ option of
+ .Xr ssh 1
+ may be used to list supported key types.
+ .It Cm HostbasedAuthentication
+@@ -743,19 +743,19 @@ environment variable.
+ Specifies the host key algorithms
+ that the server offers.
+ The default for this option is:
+ .Bd -literal -offset 3n
+ ecdsa-sha2-nistp256-cert-v01@openssh.com,
+ ecdsa-sha2-nistp384-cert-v01@openssh.com,
+ ecdsa-sha2-nistp521-cert-v01@openssh.com,
+ ssh-ed25519-cert-v01@openssh.com,
+-ssh-rsa-cert-v01@openssh.com,
++ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
+ ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
+-ssh-ed25519,ssh-rsa
++ssh-ed25519,ssh-rsa,ssh-dss
+ .Ed
+ .Pp
+ The list of available key types may also be obtained using the
+ .Fl Q
+ option of
+ .Xr ssh 1
+ with an argument of
+ .Dq key .

openssh-7.2p2-allow_root_password_login.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  dff5e86b989543049cc51bb57e75a63c1942cda3
+# Parent  8cf6984812ab2211ce60c0a9156892b3a7ee3aaf
 Allow root login with password by default. While less secure than upstream
 default of forbidding access to the root account with a password, we are
 temporarily introducing this change to keep the default used in older OpenSSH

openssh-7.2p2-blocksigalrm.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  a80e23747c8fbba7302c5a7ccb6b206d96093e42
+# Parent  5469eb754184144e42c341ccc038309e2880cadc
 block SIGALRM while logging through syslog to prevent deadlocks
 (through grace_alarm_handler())
 

openssh-7.2p2-disable_short_DH_parameters.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  7e46491ef372d47617499c58acf2ea66216858d2
+# Parent  c924f46e3639b3646e42dd7505c206d43d7180fa
 
 Raise minimal size of DH group parameters to 2048 bits like upstream did in
 7.2. 1024b values are believed to be in breaking range for state adversaries

openssh-7.2p2-dont_use_pthreads_in_PAM.patch

@@ -1,7 +1,8 @@
 # HG changeset patch
-# Parent  779a907d59d4907d10a8f0b3f52a38d8bdf115b6
+# Parent  2aa634b7522f34ddbd380c96df4e750df0608604
 # posix threads are generally not supported nor safe
 # (see upstream log from 2005-05-24)
+# --used to be called '-pam-fix3'
 
 diff --git a/openssh-7.2p2/auth-pam.c b/openssh-7.2p2/auth-pam.c
 --- a/openssh-7.2p2/auth-pam.c

openssh-7.2p2-eal3.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  8a9b47df710e3a0bbea4af0f9274bb175944a8a9
+# Parent  bbb49b3f344cf24e9bbd7eb7a7c40fea21be77eb
 fix paths and references in sshd man pages
 
 diff --git a/openssh-7.2p2/sshd.8 b/openssh-7.2p2/sshd.8

openssh-7.2p2-enable_PAM_by_default.patch

@@ -1,7 +1,8 @@
 # HG changeset patch
-# Parent  40536816550c893d5ee67f90f3a917e79f73a163
+# Parent  477d43e9a3889d36b58ff19cf3cb9583e1abf9ce
 # force PAM in defaullt install (this was removed from upstream in 3.8p1)
 # bnc#46749
+# --used to be called '-pam-fix2'
 
 diff --git a/openssh-7.2p2/sshd_config b/openssh-7.2p2/sshd_config
 --- a/openssh-7.2p2/sshd_config

openssh-7.2p2-hostname_changes_when_forwarding_X.patch

@@ -1,5 +1,6 @@
 # HG changeset patch
-# Parent  d5e9457ee640bdd816edb9c67792cddb00c229b9
+# Parent  b5245fb016a3b83611d4b4ae0c1fe3423cadd6fe
+# -- uset do be called '-xauthlocalhostname'
 handle hostname changes when forwarding X
 
 bnc#98627

openssh-7.2p2-lastlog.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  9b5b0f2772591aaeb0ecd4c982a9d64242ed6c8b
+# Parent  2ee086fa64dd40d0d50b13fa3a784717bfdd7e4b
 # set uid for functions that use it to seek in lastlog and wtmp files
 # bnc#18024 (was suse #3024)
 

openssh-7.2p2-pam_check_locks.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  9b211a1de83fa39e4b7bb36c8bd1b5fdc2bd8085
+# Parent  5b217a9abc32fa963a125ae29c766c015db53bde
 new option UsePAMCheckLocks to enforce checking for locked accounts while
 UsePAM is used
 

openssh-7.2p2-pts_names_formatting.patch

@@ -1,7 +1,8 @@
 # HG changeset patch
-# Parent  94fb9a9ff763462af43304fc73c2913a07829226
+# Parent  870f97b01b9ed00bac9ff0b8014a998434a6161b
 # use same lines naming as utempter (prevents problems with using different
 # formats in ?tmp? files)
+# --used to be called '-pts'
 
 diff --git a/openssh-7.2p2/loginrec.c b/openssh-7.2p2/loginrec.c
 --- a/openssh-7.2p2/loginrec.c

openssh-7.2p2-remove_xauth_cookies_on_exit.patch

@@ -1,5 +1,6 @@
 # HG changeset patch
-# Parent  c7d5ac7548d3bc695559aee7e28569e422b6aadf
+# Parent  07998e381c9867b8b6f7b9205261811934bef40f
+# --used to be called '-xauth'
 try to remove xauth cookies on logout
 
 bnc#98815

openssh-7.2p2-seccomp_getuid.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  4f03a27aa55b0beebf232844353779e182cd2497
+# Parent  3582dd949a01d8eca2816986ca4bc0c87c96bed3
 add 'getuid' syscall to list of allowed ones to prevent the sanboxed thread
 from being killed by the seccomp filter
 

openssh-7.2p2-seccomp_stat.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  51a94ce61ff5c6908d747d8bc5806e18c6f5c114
+# Parent  d3afe6b01f8769713bde6c175e29a50412799e27
 Allow the stat() syscall for OpenSSL re-seed patch
 (which causes OpenSSL use stat() on some file)
 

openssh-7.2p2-send_locale.patch

@@ -1,5 +1,5 @@
 # HG changeset patch
-# Parent  fdeedfd2266d642837d86b9b7b3cdc6c00e9535d
+# Parent  505927e61d1a7848f0003adb3619cc726b8e5d15
 send locales in default configuration
 bnc#65747
 

openssh.changes

@@ -1,3 +1,12 @@
+-------------------------------------------------------------------
+Tue Jun  7 16:52:45 UTC 2016 - pcerny@suse.com
+
+- enable support for SSHv1 protocol and discourage its usage
+  (bsc#983307)
+- enable DSA by default for backward compatibility and discourage
+  its usage (bsc#983784)
+  [openssh-7.2p2-allow_DSS_by_default.patch]
+
 -------------------------------------------------------------------
 Mon May 30 00:30:16 UTC 2016 - pcerny@suse.com
 
@@ -41,7 +50,499 @@ Mon May 30 00:30:16 UTC 2016 - pcerny@suse.com
 -------------------------------------------------------------------
 Fri May 27 23:27:51 UTC 2016 - pcerny@suse.com
 
-- upgrade to 7.2p2 - upstream package without any SUSE patches
+- upgrade to 7.2p2
+  upstream package without any SUSE patches
+  Distilled upstream log:
+- OpenSSH 6.7
+  Potentially-incompatible changes:
+  * sshd(8): The default set of ciphers and MACs has been
+    altered to remove unsafe algorithms. In particular, CBC
+    ciphers and arcfour* are disabled by default.
+    The full set of algorithms remains available if configured
+    explicitly via the Ciphers and MACs sshd_config options.
+  * sshd(8): Support for tcpwrappers/libwrap has been removed.
+  * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of
+    connections using the curve25519-sha256@libssh.org KEX
+    exchange method to fail when connecting with something that
+    implements the specification correctly. OpenSSH 6.7 disables
+    this KEX method when speaking to one of the affected
+    versions.
+  New Features:
+  * ssh(1), sshd(8): Add support for Unix domain socket
+    forwarding. A remote TCP port may be forwarded to a local
+    Unix domain socket and vice versa or both ends may be a Unix
+    domain socket.
+  * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for
+    ED25519 key types.
+  * sftp(1): Allow resumption of interrupted uploads.
+  * ssh(1): When rekeying, skip file/DNS lookups of the hostkey
+    if it is the same as the one sent during initial key exchange
+  * sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind
+    addresses when GatewayPorts=no; allows client to choose
+    address family
+  * sshd(8): Add a sshd_config PermitUserRC option to control
+    whether ~/.ssh/rc is executed, mirroring the no-user-rc
+    authorized_keys option
+  * ssh(1): Add a %C escape sequence for LocalCommand and
+    ControlPath that expands to a unique identifer based on a
+    hash of the tuple of (local host, remote user, hostname,
+    port). Helps avoid exceeding miserly pathname limits for Unix
+    domain sockets in multiplexing control paths
+  * sshd(8): Make the "Too many authentication failures" message
+    include the user, source address, port and protocol in a
+    format similar to the authentication success / failure
+    messages
+  Bugfixes:
+  * sshd(8): Fix remote forwarding with the same listen port but
+    different listen address.
+  * ssh(1): Fix inverted test that caused PKCS#11 keys that were
+    explicitly listed in ssh_config or on the commandline not to
+    be preferred.
+  * ssh-keygen(1): Fix bug in KRL generation: multiple
+    consecutive revoked certificate serial number ranges could be
+    serialised to an invalid format. Readers of a broken KRL
+    caused by this bug will fail closed, so no
+    should-have-been-revoked key will be accepted.
+  * ssh(1): Reflect stdio-forward ("ssh -W host:port ...")
+    failures in exit status. Previously we were always returning 0
+  * ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly
+    in the randomart border
+  * ssh-agent(1): Only cleanup agent socket in the main agent
+    process and not in any subprocesses it may have started (e.g.
+    forked askpass). Fixes agent sockets being zapped when
+    askpass processes fatal()
+  * ssh-add(1): Make stdout line-buffered; saves partial output
+    getting lost when ssh-add fatal()s part-way through (e.g.
+    when listing keys from an agent that supports key types that
+    ssh-add doesn't)
+  * ssh-keygen(1): When hashing or removing hosts, don't choke on
+    @revoked markers and don't remove @cert-authority markers
+  * ssh(1): Don't fatal when hostname canonicalisation fails and
+    a ProxyCommand is in use; continue and allow the ProxyCommand
+    to connect anyway (e.g. to a host with a name outside the DNS
+    behind a bastion)
+  * scp(1): When copying local->remote fails during read, don't
+    send uninitialised heap to the remote end.
+  * sftp(1): Fix fatal "el_insertstr failed" errors when
+    tab-completing filenames with  a single quote char somewhere
+    in the string
+  * ssh-keyscan(1): Scan for Ed25519 keys by default.
+  * ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver,
+    down-convert any certificate keys to plain keys and attempt
+    SSHFP resolution.  Prevents a server from skipping SSHFP
+    lookup and forcing a new-hostkey dialog by offering only
+    certificate keys.
+- OpenSSH 6.8
+  Potentially-incompatible changes:
+  * sshd(8): UseDNS now defaults to 'no'. Configurations that
+    match against the client host name (via sshd_config or
+    authorized_keys) may need to re-enable it or convert to
+    matching against addresses.
+  New Features:
+  * Add FingerprintHash option to ssh(1) and sshd(8), and
+    equivalent command-line flags to the other tools to control
+    algorithm used for key fingerprints. The default changes from
+    MD5 to SHA256 and format from hex to base64.
+    Fingerprints now have the hash algorithm prepended. An
+    example of the new format:
+    SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE Please
+    note that visual host keys will also be different.
+  * ssh(1), sshd(8): Experimental host key rotation support. Add
+    a protocol extension for a server to inform a client of all
+    its available host keys after authentication has completed.
+    The client may record the keys in known_hosts, allowing it to
+    upgrade to better host key algorithms and a server to
+    gracefully rotate its keys.
+    The client side of this is controlled by a UpdateHostkeys
+    config option (default off).
+  * ssh(1): Add a ssh_config HostbasedKeyType option to control
+    which host public key types are tried during host-based
+    authentication.
+  * ssh(1), sshd(8): fix connection-killing host key mismatch
+    errors when sshd offers multiple ECDSA keys of different
+    lengths.
+  * ssh(1): when host name canonicalisation is enabled, try to
+    parse host names as addresses before looking them up for
+    canonicalisation. fixes bz#2074 and avoiding needless DNS
+    lookups in some cases.
+  * ssh-keygen(1), sshd(8): Key Revocation Lists (KRLs) no longer
+    require OpenSSH to be compiled with OpenSSL support.
+  * ssh(1), ssh-keysign(8): Make ed25519 keys work for host based
+    authentication.
+  * sshd(8): SSH protocol v.1 workaround for the Meyer, et al,
+    Bleichenbacher Side Channel Attack. Fake up a bignum key
+    before RSA decryption.
+  * sshd(8): Remember which public keys have been used for
+    authentication and refuse to accept previously-used keys.
+    This allows AuthenticationMethods=publickey,publickey to
+    require that users authenticate using two _different_ public
+    keys.
+  * sshd(8): add sshd_config HostbasedAcceptedKeyTypes and
+    PubkeyAcceptedKeyTypes options to allow sshd to control what
+    public key types will be accepted. Currently defaults to all.
+  * sshd(8): Don't count partial authentication success as a
+    failure against MaxAuthTries.
+  * ssh(1): Add RevokedHostKeys option for the client to allow
+    text-file or KRL-based revocation of host keys.
+  * ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates
+    by serial number or key ID without scoping to a particular
+    CA.
+  * ssh(1): Add a "Match canonical" criteria that allows
+    ssh_config Match blocks to trigger only in the second config
+    pass.
+  * ssh(1): Add a -G option to ssh that causes it to parse its
+    configuration and dump the result to stdout, similar to
+    "sshd -T".
+  * ssh(1): Allow Match criteria to be negated.
+    E.g. "Match !host".
+  * The regression test suite has been extended to cover more
+    OpenSSH features. The unit tests have been expanded and now
+    cover key exchange.
+  Bugfixes:
+  * ssh-keyscan(1): ssh-keyscan has been made much more robust
+    again servers that hang or violate the SSH protocol.
+  * ssh(1), ssh-keygen(1): Fix regression: Key path names were
+    being lost as comment fields.
+  * ssh(1): Allow ssh_config Port options set in the second
+    config parse phase to be applied (they were being ignored).
+  * ssh(1): Tweak config re-parsing with host canonicalisation - make
+    the second pass through the config files always run when host name
+    canonicalisation is enabled (and not whenever the host name
+    changes)
+  * ssh(1): Fix passing of wildcard forward bind addresses when
+    connection multiplexing is in use
+  * ssh-keygen(1): Fix broken private key conversion from
+    non-OpenSSH formats.
+  * ssh-keygen(1): Fix KRL generation bug when multiple CAs are
+    in use.
+  * Various fixes to manual pages
+- OpenSSH 6.9
+  Security:
+  * ssh(1): when forwarding X11 connections with
+    ForwardX11Trusted=no, connections made after
+    ForwardX11Timeout expired could be permitted and no longer
+    subject to XSECURITY restrictions because of an ineffective
+    timeout check in ssh(1) coupled with "fail open" behaviour in
+    the X11 server when clients attempted connections with
+    expired credentials. This problem was reported by Jann Horn.
+  * ssh-agent(1): fix weakness of agent locking (ssh-add -x) to
+    password guessing by implementing an increasing failure
+    delay, storing a salted hash of the password rather than the
+    password itself and using a timing-safe comparison function
+    for verifying unlock attempts. This problem was reported by
+    Ryan Castellucci.
+  New Features:
+  * ssh(1), sshd(8): promote chacha20-poly1305@openssh.com to be
+    the default cipher
+  * sshd(8): support admin-specified arguments to
+    AuthorizedKeysCommand
+  * sshd(8): add AuthorizedPrincipalsCommand that allows
+    retrieving authorized principals information from a
+    subprocess rather than a file.
+  * ssh(1), ssh-add(1): support PKCS#11 devices with external PIN
+    entry devices
+  * sshd(8): allow GSSAPI host credential check to be relaxed for
+    multihomed hosts via GSSAPIStrictAcceptorCheck option
+  * ssh-keygen(1): support "ssh-keygen -lF hostname" to search
+    known_hosts and print key hashes rather than full keys.
+  * ssh-agent(1): add -D flag to leave ssh-agent in foreground
+    without enabling debug mode
+  Bugfixes:
+  * ssh(1), sshd(8): deprecate legacy
+    SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message and do not try to use
+    it against some 3rd-party SSH implementations that use it
+    (older PuTTY, WinSCP).
+  * Many fixes for problems caused by compile-time deactivation
+    of SSH1 support (including bz#2369)
+  * ssh(1), sshd(8): cap DH-GEX group size at 4Kbits for Cisco
+    implementations as some would fail when attempting to use
+    group sizes >4K
+  * ssh(1): fix out-of-bound read in EscapeChar configuration
+    option parsing
+  * sshd(8): fix application of PermitTunnel, LoginGraceTime,
+    AuthenticationMethods and StreamLocalBindMask options in
+    Match blocks
+  * ssh(1), sshd(8): improve disconnection message on TCP reset;
+    bz#2257
+  * ssh(1): remove failed remote forwards established by
+    muliplexing from the list of active forwards
+  * sshd(8): make parsing of authorized_keys "environment="
+    options independent of PermitUserEnv being enabled
+  * sshd(8): fix post-auth crash with permitopen=none
+  * ssh(1), ssh-add(1), ssh-keygen(1): allow new-format private
+    keys to be encrypted with AEAD ciphers
+  * ssh(1): allow ListenAddress, Port and AddressFamily
+    configuration options to appear in any order
+  * sshd(8): check for and reject missing arguments for
+    VersionAddendum and ForceCommand
+  * ssh(1), sshd(8): don't treat unknown certificate extensions
+    as fatal
+  * ssh-keygen(1): make stdout and stderr output consistent
+  * ssh(1): mention missing DISPLAY environment in debug log when
+    X11 forwarding requested
+  * sshd(8): correctly record login when UseLogin is set
+  * sshd(8): Add some missing options to sshd -T output and fix
+    output of VersionAddendum and HostCertificate. bz#2346
+  * Document and improve consistency of options that accept a
+    "none" argument" TrustedUserCAKeys, RevokedKeys (bz#2382),
+    AuthorizedPrincipalsFile (bz#2288)
+  * ssh(1): include remote username in debug output
+  * sshd(8): avoid compatibility problem with some versions of
+    Tera Term, which would crash when they received the hostkeys
+    notification message (hostkeys-00@openssh.com)
+  * sshd(8): mention ssh-keygen -E as useful when comparing
+    legacy MD5 host key fingerprints
+  * ssh(1): clarify pseudo-terminal request behaviour and use
+    make manual language consistent
+  * ssh(1): document that the TERM environment variable is not
+    subject to SendEnv and AcceptEnv
+- OpenSSH 7.0:
+  This focuses primarily on deprecating weak, legacy and/or
+  unsafe cryptography.
+  Security:
+  * sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be
+    world- writable. Local attackers may be able to write
+    arbitrary messages to logged-in users, including terminal
+    escape sequences.  Reported by Nikolay Edigaryev.
+  * sshd(8): Portable OpenSSH only: Fixed a privilege separation
+    weakness related to PAM support. Attackers who could
+    successfully compromise the pre-authentication process for
+    remote code execution and who had valid credentials on the
+    host could impersonate other users.  Reported by Moritz
+    Jodeit.
+  * sshd(8): Portable OpenSSH only: Fixed a use-after-free bug
+    related to PAM support that was reachable by attackers who
+    could compromise the pre-authentication process for remote
+    code execution. Also reported by Moritz Jodeit.
+  * sshd(8): fix circumvention of MaxAuthTries using keyboard-
+    interactive authentication. By specifying a long, repeating
+    keyboard-interactive "devices" string, an attacker could
+    request the same authentication method be tried thousands of
+    times in a single pass. The LoginGraceTime timeout in sshd(8)
+    and any authentication failure delays implemented by the
+    authentication mechanism itself were still applied. Found by
+    Kingcope.
+  Potentially-incompatible Changes:
+  * Support for the legacy SSH version 1 protocol is disabled by
+    default at compile time.
+  * Support for the 1024-bit diffie-hellman-group1-sha1 key
+    exchange is disabled by default at run-time. It may be
+    re-enabled using the instructions in README.legacy or
+    http://www.openssh.com/legacy.html
+  * Support for ssh-dss, ssh-dss-cert-* host and user keys is
+    disabled by default at run-time. These may be re-enabled
+    using the instructions at http://www.openssh.com/legacy.html
+  * Support for the legacy v00 cert format has been removed.
+  * The default for the sshd_config(5) PermitRootLogin option has
+    changed from "yes" to "prohibit-password".
+  * PermitRootLogin=without-password/prohibit-password now bans
+    all interactive authentication methods, allowing only
+    public-key, hostbased and GSSAPI authentication (previously
+    it permitted keyboard-interactive and password-less
+    authentication if those were enabled).
+  New Features:
+  * ssh_config(5): add PubkeyAcceptedKeyTypes option to control
+    which public key types are available for user authentication.
+  * sshd_config(5): add HostKeyAlgorithms option to control which
+    public key types are offered for host authentications.
+  * ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms,
+    HostKeyAlgorithms, PubkeyAcceptedKeyTypes and
+    HostbasedKeyTypes options to allow appending to the default
+    set of algorithms instead of replacing it. Options may now be
+    prefixed with a '+' to append to the default, e.g.
+    "HostKeyAlgorithms=+ssh-dss".
+  * sshd_config(5): PermitRootLogin now accepts an argument of
+    'prohibit-password' as a less-ambiguous synonym of 'without-
+    password'.
+  Bugfixes:
+  * ssh(1), sshd(8): add compatability workarounds for Cisco and
+    more PuTTY versions.
+  * Fix some omissions and errors in the PROTOCOL and
+    PROTOCOL.mux documentation relating to Unix domain socket
+    forwarding
+  * ssh(1): Improve the ssh(1) manual page to include a better
+    description of Unix domain socket forwarding
+  * ssh(1), ssh-agent(1): skip uninitialised PKCS#11 slots,
+    fixing failures to load keys when they are present.
+  * ssh(1), ssh-agent(1): do not ignore PKCS#11 hosted keys that
+    wth empty CKA_ID
+  * sshd(8): clarify documentation for UseDNS option
+- OpenSSH 7.1:
+  Security:
+  * sshd(8): OpenSSH 7.0 contained a logic error in
+    PermitRootLogin= prohibit-password/without-password that
+    could, depending on compile-time configuration, permit
+    password authentication to root while preventing other forms
+    of authentication. This problem was reported by Mantas
+    Mikulenas.
+  Bugfixes:
+  * ssh(1), sshd(8): add compatability workarounds for FuTTY
+  * ssh(1), sshd(8): refine compatability workarounds for WinSCP
+  * Fix a number of memory faults (double-free, free of
+    uninitialised memory, etc) in ssh(1) and ssh-keygen(1).
+    Reported by Mateusz Kocielski.
+- OpenSSH 7.1p2:
+  * SECURITY: ssh(1): The OpenSSH client code between 5.4 and 7.1
+    contains experimential support for resuming SSH-connections
+    (roaming).
+    The matching server code has never been shipped, but the
+    client code was enabled by default and could be tricked by a
+    malicious server into leaking client memory to the server,
+    including private client user keys.
+    The authentication of the server host key prevents
+    exploitation by a man-in-the-middle, so this information leak
+    is restricted to connections to malicious or compromised
+    servers.
+    MITIGATION: For OpenSSH >= 5.4 the vulnerable code in the
+    client can be completely disabled by adding 'UseRoaming no'
+    to the gobal ssh_config(5) file, or to user configuration in
+    ~/.ssh/config, or by passing -oUseRoaming=no on the command
+    line.
+    PATCH: See below for a patch to disable this feature
+    (Disabling Roaming in the Source Code).
+    This problem was reported by the Qualys Security Advisory
+    team.
+  * SECURITY: Eliminate the fallback from untrusted
+    X11-forwarding to trusted forwarding for cases when the X
+    server disables the SECURITY extension. Reported by Thomas
+    Hoger.
+  * SECURITY: Fix an out of-bound read access in the packet
+    handling code. Reported by Ben Hawkes.
+  * PROTOCOL: Correctly interpret the 'first_kex_follows' option
+    during the intial key exchange. Reported by Matt Johnston.
+  * Further use of explicit_bzero has been added in various
+    buffer handling code paths to guard against compilers
+    aggressively doing dead-store removal.
+  Potentially-incompatible changes:
+  * This release disables a number of legacy cryptographic
+    algorithms by default in ssh:
+    + Several ciphers blowfish-cbc, cast128-cbc, all arcfour
+      variants and the rijndael-cbc aliases for AES.
+    + MD5-based and truncated HMAC algorithms.
+- OpenSSH 7.2:
+  Security:
+  * ssh(1), sshd(8): remove unfinished and unused roaming code
+    (was already forcibly disabled in OpenSSH 7.1p2).
+  * ssh(1): eliminate fallback from untrusted X11 forwarding to
+    trusted forwarding when the X server disables the SECURITY
+    extension.
+  * ssh(1), sshd(8): increase the minimum modulus size supported
+    for diffie-hellman-group-exchange to 2048 bits.
+  * sshd(8): pre-auth sandboxing is now enabled by default
+    (previous releases enabled it for new installations via
+    sshd_config).
+  New Features:
+  * all: add support for RSA signatures using SHA-256/512 hash
+    algorithms based on draft-rsa-dsa-sha2-256-03.txt and
+    draft-ssh-ext-info-04.txt.
+  * ssh(1): Add an AddKeysToAgent client option which can be set
+    to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'.
+    When enabled, a private key that is used during
+    authentication will be added to ssh-agent if it is running
+    (with confirmation enabled if set to 'confirm').
+  * sshd(8): add a new authorized_keys option "restrict" that
+    includes all current and future key restrictions
+    (no-*-forwarding, etc.).  Also add permissive versions of the
+    existing restrictions, e.g.  "no-pty" -> "pty". This
+    simplifies the task of setting up restricted keys and ensures
+    they are maximally-restricted, regardless of any permissions
+    we might implement in the future.
+  * ssh(1): add ssh_config CertificateFile option to explicitly
+    list certificates. bz#2436
+  * ssh-keygen(1): allow ssh-keygen to change the key comment for
+    all supported formats.
+  * ssh-keygen(1): allow fingerprinting from standard input, e.g.
+    "ssh-keygen -lf -"
+  * ssh-keygen(1): allow fingerprinting multiple public keys in a
+    file, e.g. "ssh-keygen -lf ~/.ssh/authorized_keys" bz#1319
+  * sshd(8): support "none" as an argument for sshd_config
+    Foreground and ChrootDirectory. Useful inside Match blocks to
+    override a global default. bz#2486
+  * ssh-keygen(1): support multiple certificates (one per line)
+    and reading from standard input (using "-f -") for
+    "ssh-keygen -L"
+  * ssh-keyscan(1): add "ssh-keyscan -c ..." flag to allow
+    fetching certificates instead of plain keys.
+  * ssh(1): better handle anchored FQDNs (e.g. 'cvs.openbsd.org')
+    in hostname canonicalisation - treat them as already
+    canonical and remove the trailing '.' before matching
+    ssh_config.
+  Bugfixes:
+  * sftp(1): existing destination directories should not
+    terminate recursive uploads (regression in openssh 6.8)
+  * ssh(1), sshd(8): correctly send back SSH2_MSG_UNIMPLEMENTED
+    replies to unexpected messages during key exchange.
+  * ssh(1): refuse attempts to set ConnectionAttempts=0, which
+    does not make sense and would cause ssh to print an
+    uninitialised stack variable.
+  * ssh(1): fix errors when attempting to connect to scoped IPv6
+    addresses with hostname canonicalisation enabled.
+  * sshd_config(5): list a couple more options usable in Match
+    blocks.
+  * sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match
+    block.
+  * ssh(1): expand tilde characters in filenames passed to -i
+    options before checking whether or not the identity file
+    exists. Avoids confusion for cases where shell doesn't expand
+    (e.g. "-i ~/file" vs. "-i~/file").
+  * ssh(1): do not prepend "exec" to the shell command run by
+    "Match exec" in a config file, which could cause some
+    commands to fail in certain environments.
+  * ssh-keyscan(1): fix output for multiple hosts/addrs on one
+    line when host hashing or a non standard port is in use
+  * sshd(8): skip "Could not chdir to home directory" message
+    when ChrootDirectory is active.
+  * ssh(1): include PubkeyAcceptedKeyTypes in ssh -G config dump.
+  * sshd(8): avoid changing TunnelForwarding device flags if they
+    are already what is needed; makes it possible to use tun/tap
+    networking as non-root user if device permissions and
+    interface flags are pre-established
+  * ssh(1), sshd(8): RekeyLimits could be exceeded by one packet.
+  * ssh(1): fix multiplexing master failure to notice client
+    exit.
+  * ssh(1), ssh-agent(1): avoid fatal() for PKCS11 tokens that
+    present empty key IDs.
+  * sshd(8): avoid printf of NULL argument.
+  * ssh(1), sshd(8): allow RekeyLimits larger than 4GB.
+  * ssh-keygen(1): sshd(8): fix several bugs in (unused) KRL
+    signature support.
+  * ssh(1), sshd(8): fix connections with peers that use the key
+    exchange guess feature of the protocol.
+  * sshd(8): include remote port number in log messages.
+  * ssh(1): don't try to load SSHv1 private key when compiled
+    without SSHv1 support.
+  * ssh-agent(1), ssh(1): fix incorrect error messages during key
+    loading and signing errors.
+  * ssh-keygen(1): don't leave empty temporary files when
+    performing known_hosts file edits when known_hosts doesn't
+    exist.
+  * sshd(8): correct packet format for tcpip-forward replies for
+    requests that don't allocate a port
+  * ssh(1), sshd(8): fix possible hang on closed output.
+  * ssh(1): expand %i in ControlPath to UID.
+  * ssh(1), sshd(8): fix return type of openssh_RSA_verify.
+  * ssh(1), sshd(8): fix some option parsing memory leaks.
+  * ssh(1): add a some debug output before DNS resolution; it's a
+    place where ssh could previously silently stall in cases of
+    unresponsive DNS servers.
+  * ssh(1): remove spurious newline in visual hostkey.
+  * ssh(1): fix printing (ssh -G ...) of HostKeyAlgorithms=+...
+  * ssh(1): fix expansion of HostkeyAlgorithms=+...
+  Documentation:
+  * ssh_config(5), sshd_config(5): update default algorithm lists
+    to match current reality.
+  * ssh(1): mention -Q key-plain and -Q key-cert query options.
+  * sshd_config(8): more clearly describe what
+    AuthorizedKeysFile=none does.
+  * ssh_config(5): better document ExitOnForwardFailure.
+  * sshd(5): mention internal DH-GEX fallback groups in manual.
+  * sshd_config(5): better description for MaxSessions option.
+  Portability:
+  * sshd(8): fix multiple authentication using S/Key.
+- OpenSSH 7.2p2:
+  Security:
+  * sshd(8): sanitise X11 authentication credentials to avoid
+    xauth command injection when X11Forwarding is enabled.
   (removing patches from previous version:
   * CVE-2016-0777_CVE-2016-0778.patch
   * openssh-6.6p1-X11-forwarding.patch

openssh.spec

@@ -109,20 +109,21 @@ Source10:       sshd.service
 Source11:       README.FIPS
 Source12:       cavs_driver-ssh.pl
 Patch00:        openssh-7.2p2-allow_root_password_login.patch
-Patch01:        openssh-7.2p2-X11_trusted_forwarding.patch
-Patch02:        openssh-7.2p2-lastlog.patch
-Patch03:        openssh-7.2p2-enable_PAM_by_default.patch
-Patch04:        openssh-7.2p2-dont_use_pthreads_in_PAM.patch
-Patch05:        openssh-7.2p2-eal3.patch
-Patch06:        openssh-7.2p2-blocksigalrm.patch
-Patch07:        openssh-7.2p2-send_locale.patch
-Patch08:        openssh-7.2p2-hostname_changes_when_forwarding_X.patch
-Patch09:        openssh-7.2p2-remove_xauth_cookies_on_exit.patch
-Patch10:        openssh-7.2p2-pts_names_formatting.patch
-Patch11:        openssh-7.2p2-pam_check_locks.patch
-Patch12:        openssh-7.2p2-disable_short_DH_parameters.patch
-Patch13:        openssh-7.2p2-seccomp_getuid.patch
-Patch14:        openssh-7.2p2-seccomp_stat.patch
+Patch01:        openssh-7.2p2-allow_DSS_by_default.patch
+Patch02:        openssh-7.2p2-X11_trusted_forwarding.patch
+Patch03:        openssh-7.2p2-lastlog.patch
+Patch04:        openssh-7.2p2-enable_PAM_by_default.patch
+Patch05:        openssh-7.2p2-dont_use_pthreads_in_PAM.patch
+Patch06:        openssh-7.2p2-eal3.patch
+Patch07:        openssh-7.2p2-blocksigalrm.patch
+Patch08:        openssh-7.2p2-send_locale.patch
+Patch09:        openssh-7.2p2-hostname_changes_when_forwarding_X.patch
+Patch10:        openssh-7.2p2-remove_xauth_cookies_on_exit.patch
+Patch11:        openssh-7.2p2-pts_names_formatting.patch
+Patch12:        openssh-7.2p2-pam_check_locks.patch
+Patch13:        openssh-7.2p2-disable_short_DH_parameters.patch
+Patch14:        openssh-7.2p2-seccomp_getuid.patch
+Patch15:        openssh-7.2p2-seccomp_stat.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 Conflicts:      nonfreessh
 Recommends:     audit
@@ -189,6 +190,7 @@ FIPS140 CAVS tests related parts of the OpenSSH package
 %patch12 -p2
 %patch13 -p2
 %patch14 -p2
+%patch15 -p2
 cp %{SOURCE3} %{SOURCE4} %{SOURCE11} .
 
 %build
@@ -241,6 +243,7 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS
 %if %{needs_libedit}
     --with-libedit \
 %endif
+    --with-ssh1 \
     --target=%{_target_cpu}-suse-linux \
 
 ### configure end