forked from pool/openssh
This commit is contained in:
parent
846c68acde
commit
bfe38b6150
@ -1,3 +1,3 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
version https://git-lfs.github.com/spec/v1
|
||||||
oid sha256:b28640ffbe61ece5631fc23516f0463c20d07f9ca698e1177d327c37cdbbfd17
|
oid sha256:547af632678b57ceb5c8cd2f72536581f56f2d58866c83537544be755f7824a0
|
||||||
size 1938
|
size 20480
|
||||||
|
@ -23,7 +23,7 @@ BuildRequires: gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-dev
|
|||||||
License: BSD 3-clause (or similar)
|
License: BSD 3-clause (or similar)
|
||||||
Group: Productivity/Networking/SSH
|
Group: Productivity/Networking/SSH
|
||||||
Version: 5.2p1
|
Version: 5.2p1
|
||||||
Release: 4
|
Release: 5
|
||||||
Requires: openssh = %{version} openssh-askpass = %{version}
|
Requires: openssh = %{version} openssh-askpass = %{version}
|
||||||
AutoReqProv: on
|
AutoReqProv: on
|
||||||
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
|
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
|
||||||
@ -118,72 +118,3 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%attr(0755,root,root) /usr/%_lib/ssh/gnome-ssh-askpass
|
%attr(0755,root,root) /usr/%_lib/ssh/gnome-ssh-askpass
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Mon Feb 23 2009 anicka@suse.cz
|
|
||||||
- update to 5.2p1
|
|
||||||
* Wed Apr 09 2008 anicka@suse.cz
|
|
||||||
- update to 5.0p1
|
|
||||||
* Wed Apr 02 2008 anicka@suse.cz
|
|
||||||
- update to 4.9p1
|
|
||||||
* Wed Dec 05 2007 anicka@suse.cz
|
|
||||||
- - update to 4.7p1
|
|
||||||
* Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
|
|
||||||
GSSAPIDelegateCredentials=yes. This is symmetric with -k
|
|
||||||
* make scp try to skip FIFOs rather than blocking when nothing is
|
|
||||||
listening.
|
|
||||||
* increase default channel windows
|
|
||||||
* put the MAC list into a display
|
|
||||||
* many bugfixes
|
|
||||||
* Tue Dec 12 2006 anicka@suse.cz
|
|
||||||
- update to 4.5p1
|
|
||||||
* Use privsep_pw if we have it, but only require it if we
|
|
||||||
absolutely need it.
|
|
||||||
* Correctly check for bad signatures in the monitor, otherwise
|
|
||||||
the monitor and the unpriv process can get out of sync.
|
|
||||||
* Clear errno before calling the strtol functions.
|
|
||||||
* exit instead of doing a blocking tcp send if we detect
|
|
||||||
a client/server timeout, since the tcp sendqueue might
|
|
||||||
be already full (of alive requests)
|
|
||||||
* include signal.h, errno.h, sys/in.h
|
|
||||||
* some more bugfixes
|
|
||||||
* Wed Oct 04 2006 postadal@suse.cz
|
|
||||||
- updated to version 4.4p1 [#208662]
|
|
||||||
* fixed pre-authentication DoS, that would cause sshd(8) to spin
|
|
||||||
until the login grace time expired
|
|
||||||
* fixed unsafe signal hander, which was vulnerable to a race condition
|
|
||||||
that could be exploited to perform a pre-authentication DoS
|
|
||||||
* fixed a GSSAPI authentication abort that could be used to determine
|
|
||||||
the validity of usernames on some platforms
|
|
||||||
* implemented conditional configuration in sshd_config(5) using the
|
|
||||||
"Match" directive
|
|
||||||
* added support for Diffie-Hellman group exchange key agreement with a
|
|
||||||
final hash of SHA256
|
|
||||||
* added a "ForceCommand", "PermitOpen" directive to sshd_config(5)
|
|
||||||
* added optional logging of transactions to sftp-server(8)
|
|
||||||
* ssh(1) will now record port numbers for hosts stored in
|
|
||||||
~/.ssh/authorized_keys when a non-standard port has been requested
|
|
||||||
* added an "ExitOnForwardFailure" option to cause ssh(1) to exit (with
|
|
||||||
a non-zero exit code) when requested port forwardings could not be
|
|
||||||
established
|
|
||||||
* extended sshd_config(5) "SubSystem" declarations to allow the
|
|
||||||
specification of command-line arguments
|
|
||||||
- removed obsoleted patches: autoconf-fix.patch
|
|
||||||
* Tue Jul 25 2006 schwab@suse.de
|
|
||||||
- Fix syntax error in configure script.
|
|
||||||
* Wed Jan 25 2006 mls@suse.de
|
|
||||||
- converted neededforbuild to BuildRequires
|
|
||||||
* Tue Jan 03 2006 postadal@suse.cz
|
|
||||||
- updated to version 4.2p1
|
|
||||||
- removed obsoleted patches: upstream_fixes.diff, gssapi-secfix.patch
|
|
||||||
* Thu Sep 08 2005 postadal@suse.cz
|
|
||||||
- don't strip
|
|
||||||
* Thu Aug 04 2005 uli@suse.de
|
|
||||||
- parallelize build
|
|
||||||
* Fri Jun 10 2005 postadal@suse.cz
|
|
||||||
- updated to version 4.1p1
|
|
||||||
- removed obsoleted patches: restore_terminal, pam-returnfromsession,
|
|
||||||
timing-attacks-fix, krb5ccname, gssapi-pam, logdenysource,
|
|
||||||
sendenv-fix, documentation-fix
|
|
||||||
* Wed Jan 19 2005 postadal@suse.cz
|
|
||||||
- renamed askpass-gnome package to openssh-askpass-gnome
|
|
||||||
* Wed Jan 19 2005 postadal@suse.cz
|
|
||||||
- splited spec file to decreas number of build dependencies
|
|
||||||
|
@ -1,3 +1,15 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Tue Jul 7 15:06:58 CEST 2009 - llunak@novell.com
|
||||||
|
|
||||||
|
- Added a hook for ksshaskpass
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Sun Jul 5 12:17:40 CEST 2009 - dmueller@novell.com
|
||||||
|
|
||||||
|
- readd -f to startproc and remove -p instead to
|
||||||
|
ensure that sshd is started even though old instances
|
||||||
|
are still running (e.e. being logged in from remote)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jun 19 10:35:46 CEST 2009 - coolo@novell.com
|
Fri Jun 19 10:35:46 CEST 2009 - coolo@novell.com
|
||||||
|
|
||||||
|
792
openssh.spec
792
openssh.spec
@ -38,7 +38,7 @@ PreReq: /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq %fillup_pr
|
|||||||
Conflicts: nonfreessh
|
Conflicts: nonfreessh
|
||||||
AutoReqProv: on
|
AutoReqProv: on
|
||||||
Version: 5.2p1
|
Version: 5.2p1
|
||||||
Release: 4
|
Release: 5
|
||||||
%define xversion 1.2.4.1
|
%define xversion 1.2.4.1
|
||||||
Summary: Secure Shell Client and Server (Remote Login Program)
|
Summary: Secure Shell Client and Server (Remote Login Program)
|
||||||
Url: http://www.openssh.com/
|
Url: http://www.openssh.com/
|
||||||
@ -308,793 +308,3 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%_appdefdir/SshAskpass
|
%_appdefdir/SshAskpass
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Jun 19 2009 coolo@novell.com
|
|
||||||
- disable as-needed for this package as it fails to build with it
|
|
||||||
* Tue May 26 2009 anicka@suse.cz
|
|
||||||
- disable -f in startproc to calm the warning (bnc#506831)
|
|
||||||
* Thu Apr 23 2009 lnussel@suse.de
|
|
||||||
- do not enable sshd by default
|
|
||||||
* Mon Feb 23 2009 anicka@suse.cz
|
|
||||||
- update to 5.2p1
|
|
||||||
* This release changes the default cipher order to prefer the AES CTR
|
|
||||||
modes and the revised "arcfour256" mode to CBC mode ciphers that are
|
|
||||||
susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH".
|
|
||||||
* This release also adds countermeasures to mitigate CPNI-957037-style
|
|
||||||
attacks against the SSH protocol's use of CBC-mode ciphers. Upon
|
|
||||||
detection of an invalid packet length or Message Authentication
|
|
||||||
Code, ssh/sshd will continue reading up to the maximum supported
|
|
||||||
packet length rather than immediately terminating the connection.
|
|
||||||
This eliminates most of the known differences in behaviour that
|
|
||||||
leaked information about the plaintext of injected data which formed
|
|
||||||
the basis of this attack. We believe that these attacks are rendered
|
|
||||||
infeasible by these changes.
|
|
||||||
* Added a -y option to ssh(1) to force logging to syslog rather than
|
|
||||||
stderr, which is useful when running daemonised (ssh -f)
|
|
||||||
* The sshd_config(5) ForceCommand directive now accepts commandline
|
|
||||||
arguments for the internal-sftp server.
|
|
||||||
* The ssh(1) ~C escape commandline now support runtime creation of
|
|
||||||
dynamic (-D) port forwards.
|
|
||||||
* Support the SOCKS4A protocol in ssh(1) dynamic (-D) forwards.
|
|
||||||
(bz#1482)
|
|
||||||
* Support remote port forwarding with a listen port of '0'. This
|
|
||||||
informs the server that it should dynamically allocate a listen
|
|
||||||
port and report it back to the client. (bz#1003)
|
|
||||||
* sshd(8) now supports setting PermitEmptyPasswords and
|
|
||||||
AllowAgentForwarding in Match blocks
|
|
||||||
* Repair a ssh(1) crash introduced in openssh-5.1 when the client is
|
|
||||||
sent a zero-length banner (bz#1496)
|
|
||||||
* Due to interoperability problems with certain
|
|
||||||
broken SSH implementations, the eow@openssh.com and
|
|
||||||
no-more-sessions@openssh.com protocol extensions are now only sent
|
|
||||||
to peers that identify themselves as OpenSSH.
|
|
||||||
* Make ssh(1) send the correct channel number for
|
|
||||||
SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to
|
|
||||||
avoid triggering 'Non-public channel' error messages on sshd(8) in
|
|
||||||
openssh-5.1.
|
|
||||||
* Avoid printing 'Non-public channel' warnings in sshd(8), since the
|
|
||||||
ssh(1) has sent incorrect channel numbers since ~2004 (this reverts
|
|
||||||
a behaviour introduced in openssh-5.1).
|
|
||||||
* Avoid double-free in ssh(1) ~C escape -L handler (bz#1539)
|
|
||||||
* Correct fail-on-error behaviour in sftp(1) batchmode for remote
|
|
||||||
stat operations. (bz#1541)
|
|
||||||
* Disable nonfunctional ssh(1) ~C escape handler in multiplex slave
|
|
||||||
connections. (bz#1543)
|
|
||||||
* Avoid hang in ssh(1) when attempting to connect to a server that
|
|
||||||
has MaxSessions=0 set.
|
|
||||||
* Multiple fixes to sshd(8) configuration test (-T) mode
|
|
||||||
* Several core and portable OpenSSH bugs fixed: 1380, 1412, 1418,
|
|
||||||
1419, 1421, 1490, 1491, 1492, 1514, 1515, 1518, 1520, 1538, 1540
|
|
||||||
* Many manual page improvements.
|
|
||||||
* Mon Dec 01 2008 anicka@suse.cz
|
|
||||||
- respect SSH_MAX_FORWARDS_PER_DIRECTION (bnc#448775)
|
|
||||||
* Mon Nov 10 2008 anicka@suse.cz
|
|
||||||
- fix printing banner (bnc#443380)
|
|
||||||
* Fri Oct 24 2008 anicka@suse.cz
|
|
||||||
- call pam functions in the right order (bnc#438292)
|
|
||||||
- mention default forwarding of locale settings in
|
|
||||||
README.SuSE (bnc#434799)
|
|
||||||
* Tue Sep 09 2008 anicka@suse.cz
|
|
||||||
- remove pam_resmgr from sshd.pamd (bnc#422619)
|
|
||||||
* Sun Aug 24 2008 coolo@suse.de
|
|
||||||
- fix fillup macro usage
|
|
||||||
* Fri Aug 22 2008 prusnak@suse.cz
|
|
||||||
- enabled SELinux support [Fate#303662]
|
|
||||||
* Tue Jul 22 2008 anicka@suse.cz
|
|
||||||
- update to 5.1p1
|
|
||||||
* sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly
|
|
||||||
other platforms) when X11UseLocalhost=no
|
|
||||||
* Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1)
|
|
||||||
and ssh-keygen(1). Visual fingerprinnt display is controlled by a new
|
|
||||||
ssh_config(5) option "VisualHostKey".
|
|
||||||
* sshd_config(5) now supports CIDR address/masklen matching in "Match
|
|
||||||
address" blocks, with a fallback to classic wildcard matching.
|
|
||||||
* sshd(8) now supports CIDR matching in ~/.ssh/authorized_keys
|
|
||||||
from="..." restrictions, also with a fallback to classic wildcard
|
|
||||||
matching.
|
|
||||||
* Added an extended test mode (-T) to sshd(8) to request that it write
|
|
||||||
its effective configuration to stdout and exit. Extended test mode
|
|
||||||
also supports the specification of connection parameters (username,
|
|
||||||
source address and hostname) to test the application of
|
|
||||||
sshd_config(5) Match rules.
|
|
||||||
* ssh(1) now prints the number of bytes transferred and the overall
|
|
||||||
connection throughput for SSH protocol 2 sessions when in verbose
|
|
||||||
mode (previously these statistics were displayed for protocol 1
|
|
||||||
connections only).
|
|
||||||
* sftp-server(8) now supports extension methods statvfs@openssh.com and
|
|
||||||
fstatvfs@openssh.com that implement statvfs(2)-like operations.
|
|
||||||
* sftp(1) now has a "df" command to the sftp client that uses the
|
|
||||||
statvfs@openssh.com to produce a df(1)-like display of filesystem
|
|
||||||
space and inode utilisation (requires statvfs@openssh.com support on
|
|
||||||
the server)
|
|
||||||
* Added a MaxSessions option to sshd_config(5) to allow control of the
|
|
||||||
number of multiplexed sessions supported over a single TCP connection.
|
|
||||||
This allows increasing the number of allowed sessions above the
|
|
||||||
previous default of 10, disabling connection multiplexing
|
|
||||||
(MaxSessions=1) or disallowing login/shell/subsystem sessions
|
|
||||||
entirely (MaxSessions=0).
|
|
||||||
* Added a no-more-sessions@openssh.com global request extension that is
|
|
||||||
sent from ssh(1) to sshd(8) when the client knows that it will never
|
|
||||||
request another session (i.e. when session multiplexing is disabled).
|
|
||||||
This allows a server to disallow further session requests and
|
|
||||||
terminate the session in cases where the client has been hijacked.
|
|
||||||
* ssh-keygen(1) now supports the use of the -l option in combination
|
|
||||||
with -F to search for a host in ~/.ssh/known_hosts and display its
|
|
||||||
fingerprint.
|
|
||||||
* ssh-keyscan(1) now defaults to "rsa" (protocol 2) keys, instead of
|
|
||||||
"rsa1".
|
|
||||||
* Added an AllowAgentForwarding option to sshd_config(8) to control
|
|
||||||
whether authentication agent forwarding is permitted. Note that this
|
|
||||||
is a loose control, as a client may install their own unofficial
|
|
||||||
forwarder.
|
|
||||||
* ssh(1) and sshd(8): avoid unnecessary malloc/copy/free when receiving
|
|
||||||
network data, resulting in a ~10%% speedup
|
|
||||||
* ssh(1) and sshd(8) will now try additional addresses when connecting
|
|
||||||
to a port forward destination whose DNS name resolves to more than
|
|
||||||
one address. The previous behaviour was to try the only first address
|
|
||||||
and give up if that failed. (bz#383)
|
|
||||||
* ssh(1) and sshd(8) now support signalling that channels are
|
|
||||||
half-closed for writing, through a channel protocol extension
|
|
||||||
notification "eow@openssh.com". This allows propagation of closed
|
|
||||||
file descriptors, so that commands such as:
|
|
||||||
"ssh -2 localhost od /bin/ls | true"
|
|
||||||
do not send unnecessary data over the wire. (bz#85)
|
|
||||||
* sshd(8): increased the default size of ssh protocol 1 ephemeral keys
|
|
||||||
from 768 to 1024 bits.
|
|
||||||
* When ssh(1) has been requested to fork after authentication
|
|
||||||
("ssh -f") with ExitOnForwardFailure enabled, delay the fork until
|
|
||||||
after replies for any -R forwards have been seen. Allows for robust
|
|
||||||
detection of -R forward failure when using -f. (bz#92)
|
|
||||||
* "Match group" blocks in sshd_config(5) now support negation of
|
|
||||||
groups. E.g. "Match group staff,!guests" (bz#1315)
|
|
||||||
* sftp(1) and sftp-server(8) now allow chmod-like operations to set
|
|
||||||
set[ug]id/sticky bits. (bz#1310)
|
|
||||||
* The MaxAuthTries option is now permitted in sshd_config(5) match
|
|
||||||
blocks.
|
|
||||||
* Multiplexed ssh(1) sessions now support a subset of the ~ escapes
|
|
||||||
that are available to a primary connection. (bz#1331)
|
|
||||||
* ssh(1) connection multiplexing will now fall back to creating a new
|
|
||||||
connection in most error cases. (bz#1439 bz#1329)
|
|
||||||
* Added some basic interoperability tests against Twisted Conch.
|
|
||||||
* Documented OpenSSH's extensions to and deviations from the published
|
|
||||||
SSH protocols (the PROTOCOL file in the distribution)
|
|
||||||
* Documented OpenSSH's ssh-agent protocol (PROTOCOL.agent).
|
|
||||||
* bugfixes
|
|
||||||
- remove gssapi_krb5-fix patch
|
|
||||||
* Fri Apr 18 2008 werner@suse.de
|
|
||||||
- Handle pts slave lines like utemper
|
|
||||||
* Wed Apr 09 2008 anicka@suse.cz
|
|
||||||
- update to 5.0p1
|
|
||||||
* CVE-2008-1483: Avoid possible hijacking of X11-forwarded
|
|
||||||
connections by refusing to listen on a port unless all address
|
|
||||||
families bind successfully.
|
|
||||||
- remove CVE-2008-1483 patch
|
|
||||||
* Wed Apr 02 2008 anicka@suse.cz
|
|
||||||
- update to 4.9p1
|
|
||||||
* Disable execution of ~/.ssh/rc for sessions where a command has been
|
|
||||||
forced by the sshd_config ForceCommand directive. Users who had
|
|
||||||
write access to this file could use it to execute abritrary commands.
|
|
||||||
This behaviour was documented, but was an unsafe default and an extra
|
|
||||||
hassle for administrators.
|
|
||||||
* Added chroot(2) support for sshd(8), controlled by a new option
|
|
||||||
"ChrootDirectory". Please refer to sshd_config(5) for details, and
|
|
||||||
please use this feature carefully. (bz#177 bz#1352)
|
|
||||||
* Linked sftp-server(8) into sshd(8). The internal sftp server is
|
|
||||||
used when the command "internal-sftp" is specified in a Subsystem
|
|
||||||
or ForceCommand declaration. When used with ChrootDirectory, the
|
|
||||||
internal sftp server requires no special configuration of files
|
|
||||||
inside the chroot environment. Please refer to sshd_config(5) for
|
|
||||||
more information.
|
|
||||||
* Added a "no-user-rc" option for authorized_keys to disable execution
|
|
||||||
of ~/.ssh/rc
|
|
||||||
* Added a protocol extension method "posix-rename@openssh.com" for
|
|
||||||
sftp-server(8) to perform POSIX atomic rename() operations.
|
|
||||||
(bz#1400)
|
|
||||||
* Removed the fixed limit of 100 file handles in sftp-server(8). The
|
|
||||||
server will now dynamically allocate handles up to the number of
|
|
||||||
available file descriptors. (bz#1397)
|
|
||||||
* ssh(8) will now skip generation of SSH protocol 1 ephemeral server
|
|
||||||
keys when in inetd mode and protocol 2 connections are negotiated.
|
|
||||||
This speeds up protocol 2 connections to inetd-mode servers that
|
|
||||||
also allow Protocol 1 (bz#440)
|
|
||||||
* Accept the PermitRootLogin directive in a sshd_config(5) Match
|
|
||||||
block. Allows for, e.g. permitting root only from the local
|
|
||||||
network.
|
|
||||||
* Reworked sftp(1) argument splitting and escaping to be more
|
|
||||||
internally consistent (i.e. between sftp commands) and more
|
|
||||||
consistent with sh(1). Please note that this will change the
|
|
||||||
interpretation of some quoted strings, especially those with
|
|
||||||
embedded backslash escape sequences. (bz#778)
|
|
||||||
* Support "Banner=none" in sshd_config(5) to disable sending of a
|
|
||||||
pre-login banner (e.g. in a Match block).
|
|
||||||
* ssh(1) ProxyCommands are now executed with $SHELL rather than
|
|
||||||
/bin/sh.
|
|
||||||
* ssh(1)'s ConnectTimeout option is now applied to both the TCP
|
|
||||||
connection and the SSH banner exchange (previously it just covered
|
|
||||||
the TCP connection). This allows callers of ssh(1) to better detect
|
|
||||||
and deal with stuck servers that accept a TCP connection but don't
|
|
||||||
progress the protocol, and also makes ConnectTimeout useful for
|
|
||||||
connections via a ProxyCommand.
|
|
||||||
* Many new regression tests, including interop tests against PuTTY's
|
|
||||||
plink.
|
|
||||||
* Support BSM auditing on Mac OS X
|
|
||||||
* bugfixes
|
|
||||||
- remove addrlist, pam_session_close, strict-aliasing-fix patches
|
|
||||||
(not needed anymore)
|
|
||||||
* Tue Mar 25 2008 anicka@suse.cz
|
|
||||||
- fix CVE-2008-1483 (bnc#373527)
|
|
||||||
* Fri Jan 04 2008 anicka@suse.cz
|
|
||||||
- fix privileges of a firewall definition file [#351193]
|
|
||||||
* Sat Dec 15 2007 anicka@suse.cz
|
|
||||||
- add patch calling pam with root privileges [#334559]
|
|
||||||
- drop pwname-home patch [#104773]
|
|
||||||
* Fri Dec 07 2007 anicka@suse.cz
|
|
||||||
- fix race condition in xauth patch
|
|
||||||
* Wed Dec 05 2007 anicka@suse.cz
|
|
||||||
- update to 4.7p1
|
|
||||||
* Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
|
|
||||||
GSSAPIDelegateCredentials=yes. This is symmetric with -k
|
|
||||||
* make scp try to skip FIFOs rather than blocking when nothing is
|
|
||||||
listening.
|
|
||||||
* increase default channel windows
|
|
||||||
* put the MAC list into a display
|
|
||||||
* many bugfixes
|
|
||||||
* Mon Oct 08 2007 anicka@suse.cz
|
|
||||||
- block SIGALRM only during calling syslog() [#331032]
|
|
||||||
* Thu Sep 13 2007 nadvornik@suse.cz
|
|
||||||
- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521]
|
|
||||||
* Tue Aug 28 2007 anicka@suse.cz
|
|
||||||
- fix blocksigalrm patch to set old signal mask after
|
|
||||||
writing the log in every case [#304819]
|
|
||||||
* Tue Aug 21 2007 anicka@suse.cz
|
|
||||||
- avoid generating ssh keys when a non-standard location
|
|
||||||
is configured [#281228]
|
|
||||||
* Wed Jul 25 2007 anicka@suse.cz
|
|
||||||
- fixed typo in sshd.fw [#293764]
|
|
||||||
* Mon Mar 19 2007 nadvornik@suse.cz
|
|
||||||
- fixed default for ChallengeResponseAuthentication [#255374]
|
|
||||||
* Mon Mar 12 2007 anicka@suse.cz
|
|
||||||
- update to 4.6p1
|
|
||||||
* sshd now allows the enabling and disabling of authentication
|
|
||||||
methods on a per user, group, host and network basis via the
|
|
||||||
Match directive in sshd_config.
|
|
||||||
* Allow multiple forwarding options to work when specified in a
|
|
||||||
PermitOpen directive
|
|
||||||
* Clear SIGALRM when restarting due to SIGHUP. Prevents stray
|
|
||||||
signal from taking down sshd if a connection was pending at
|
|
||||||
the time SIGHUP was received
|
|
||||||
* hang on exit" when background processes are running at the
|
|
||||||
time of exit on a ttyful/login session
|
|
||||||
* some more bugfixes
|
|
||||||
* Mon Mar 05 2007 anicka@suse.cz
|
|
||||||
- fix path for firewall definition
|
|
||||||
* Thu Mar 01 2007 anicka@suse.cz
|
|
||||||
- add support for Linux audit (FATE #120269)
|
|
||||||
* Wed Feb 21 2007 anicka@suse.cz
|
|
||||||
- add firewall definition [#246921], FATE #300687,
|
|
||||||
source: sshd.fw
|
|
||||||
* Sat Jan 06 2007 anicka@suse.cz
|
|
||||||
- disable SSHv1 protocol in default configuration [#231808]
|
|
||||||
* Tue Dec 12 2006 anicka@suse.cz
|
|
||||||
- update to 4.5p1
|
|
||||||
* Use privsep_pw if we have it, but only require it if we
|
|
||||||
absolutely need it.
|
|
||||||
* Correctly check for bad signatures in the monitor, otherwise
|
|
||||||
the monitor and the unpriv process can get out of sync.
|
|
||||||
* Clear errno before calling the strtol functions.
|
|
||||||
* exit instead of doing a blocking tcp send if we detect
|
|
||||||
a client/server timeout, since the tcp sendqueue might
|
|
||||||
be already full (of alive requests)
|
|
||||||
* include signal.h, errno.h, sys/in.h
|
|
||||||
* some more bugfixes
|
|
||||||
* Wed Nov 22 2006 anicka@suse.cz
|
|
||||||
- fixed README.SuSE [#223025]
|
|
||||||
* Thu Nov 09 2006 anicka@suse.cz
|
|
||||||
- backport security fixes from openssh 4.5 (#219115)
|
|
||||||
* Tue Nov 07 2006 ro@suse.de
|
|
||||||
- fix manpage permissions
|
|
||||||
* Tue Oct 31 2006 anicka@suse.cz
|
|
||||||
- fix gssapi_krb5-fix patch [#215615]
|
|
||||||
- fix xauth patch
|
|
||||||
* Tue Oct 10 2006 postadal@suse.cz
|
|
||||||
- fixed building openssh from src.rpm [#176528] (gssapi_krb5-fix.patch)
|
|
||||||
* Tue Oct 03 2006 postadal@suse.cz
|
|
||||||
- updated to version 4.4p1 [#208662]
|
|
||||||
* fixed pre-authentication DoS, that would cause sshd(8) to spin
|
|
||||||
until the login grace time expired
|
|
||||||
* fixed unsafe signal hander, which was vulnerable to a race condition
|
|
||||||
that could be exploited to perform a pre-authentication DoS
|
|
||||||
* fixed a GSSAPI authentication abort that could be used to determine
|
|
||||||
the validity of usernames on some platforms
|
|
||||||
* implemented conditional configuration in sshd_config(5) using the
|
|
||||||
"Match" directive
|
|
||||||
* added support for Diffie-Hellman group exchange key agreement with a
|
|
||||||
final hash of SHA256
|
|
||||||
* added a "ForceCommand", "PermitOpen" directive to sshd_config(5)
|
|
||||||
* added optional logging of transactions to sftp-server(8)
|
|
||||||
* ssh(1) will now record port numbers for hosts stored in
|
|
||||||
~/.ssh/authorized_keys when a non-standard port has been requested
|
|
||||||
* added an "ExitOnForwardFailure" option to cause ssh(1) to exit (with
|
|
||||||
a non-zero exit code) when requested port forwardings could not be
|
|
||||||
established
|
|
||||||
* extended sshd_config(5) "SubSystem" declarations to allow the
|
|
||||||
specification of command-line arguments
|
|
||||||
- removed obsoleted patches: autoconf-fix.patch, dos-fix.patch
|
|
||||||
- fixed gcc issues (gcc-fix.patch)
|
|
||||||
* Wed Sep 20 2006 postadal@suse.cz
|
|
||||||
- fixed DoS by CRC compensation attack detector [#206917] (dos-fix.patch)
|
|
||||||
- fixed client NULL deref on protocol error
|
|
||||||
- cosmetic fix in init script [#203826]
|
|
||||||
* Fri Sep 01 2006 kukuk@suse.de
|
|
||||||
- sshd.pamd: Add pam_loginuid, move pam_nologin to a better position
|
|
||||||
* Fri Aug 25 2006 postadal@suse.cz
|
|
||||||
- fixed path for xauth [#198676]
|
|
||||||
* Thu Aug 03 2006 postadal@suse.cz
|
|
||||||
- fixed build with X11R7
|
|
||||||
* Thu Jul 20 2006 postadal@suse.cz
|
|
||||||
- updated to version 4.3p2
|
|
||||||
* experimental support for tunneling network packets via tun(4)
|
|
||||||
- removed obsoleted patches: pam-error.patch, CVE-2006-0225.patch,
|
|
||||||
scp.patch, sigalarm.patch
|
|
||||||
* Mon Feb 13 2006 postadal@suse.cz
|
|
||||||
- upstream fixes
|
|
||||||
- fixed "scp a b c", when c is not directory (scp.patch)
|
|
||||||
- eliminate some code duplicated in privsep and non-privsep paths, and
|
|
||||||
explicitly clear SIGALRM handler (sigalarm.patch)
|
|
||||||
* Fri Feb 03 2006 postadal@suse.cz
|
|
||||||
- fixed local arbitrary command execution vulnerability [#143435]
|
|
||||||
(CVE-2006-0225.patch)
|
|
||||||
* Thu Feb 02 2006 postadal@suse.cz
|
|
||||||
- fixed xauth.diff for disabled UsePrivilegeSeparation mode [#145809]
|
|
||||||
- build on s390 without Smart card support (opensc) [#147383]
|
|
||||||
* Mon Jan 30 2006 postadal@suse.cz
|
|
||||||
- fixed patch xauth.diff [#145809]
|
|
||||||
- fixed comments [#142989]
|
|
||||||
* Wed Jan 25 2006 mls@suse.de
|
|
||||||
- converted neededforbuild to BuildRequires
|
|
||||||
* Mon Jan 16 2006 meissner@suse.de
|
|
||||||
- added -fstack-protector.
|
|
||||||
* Tue Jan 03 2006 postadal@suse.cz
|
|
||||||
- updated to version 4.2p1
|
|
||||||
- removed obsoleted patches: upstream_fixes.diff, gssapi-secfix.patch
|
|
||||||
* Tue Nov 15 2005 postadal@suse.cz
|
|
||||||
- do not delegate GSSAPI credentials to log in with a different method
|
|
||||||
than GSSAPI [#128928] (CAN-2005-2798, gssapi-secfix.patch)
|
|
||||||
* Sun Oct 23 2005 postadal@suse.cz
|
|
||||||
- fixed PAM to send authentication failing mesaage to client [#130043]
|
|
||||||
(pam-error.patch)
|
|
||||||
* Wed Sep 14 2005 postadal@suse.cz
|
|
||||||
- fixed uninitialized variable in patch xauth.diff [#98815]
|
|
||||||
* Thu Sep 08 2005 postadal@suse.cz
|
|
||||||
- don't strip
|
|
||||||
* Mon Sep 05 2005 postadal@suse.cz
|
|
||||||
- added patch xauth.diff prevent from polluting xauthority file [#98815]
|
|
||||||
* Mon Aug 22 2005 postadal@suse.cz
|
|
||||||
- fixed problem when multiple accounts have same UID [#104773]
|
|
||||||
(pwname-home.diff)
|
|
||||||
- added fixes from upstream (upstream_fixes.diff)
|
|
||||||
* Thu Aug 18 2005 postadal@suse.cz
|
|
||||||
- added patch tmpdir.diff for using $TMPDIR by ssh-agent [#95731]
|
|
||||||
* Thu Aug 04 2005 uli@suse.de
|
|
||||||
- parallelize build
|
|
||||||
* Mon Aug 01 2005 postadal@suse.cz
|
|
||||||
- added patch resolving problems with hostname changes [#98627]
|
|
||||||
(xauthlocalhostname.diff)
|
|
||||||
* Wed Jun 22 2005 kukuk@suse.de
|
|
||||||
- Compile/link with -fpie/-pie
|
|
||||||
* Wed Jun 15 2005 meissner@suse.de
|
|
||||||
- build x11-ask-pass with RPM_OPT_FLAGS.
|
|
||||||
* Fri Jun 10 2005 postadal@suse.cz
|
|
||||||
- updated to version 4.1p1
|
|
||||||
- removed obsoleted patches: restore_terminal, pam-returnfromsession,
|
|
||||||
timing-attacks-fix, krb5ccname, gssapi-pam, logdenysource,
|
|
||||||
sendenv-fix, documentation-fix
|
|
||||||
* Thu Mar 10 2005 postadal@suse.cz
|
|
||||||
- fixed SendEnv config parsing bug
|
|
||||||
- documented timeout on untrusted x11 forwarding sessions (openssh#849)
|
|
||||||
- mentioned ForwardX11Trusted in ssh.1 (openssh#987)
|
|
||||||
* Thu Mar 03 2005 postadal@suse.cz
|
|
||||||
- enabled accepting and sending locale environment variables in protocol 2
|
|
||||||
[#65747, #50091]
|
|
||||||
* Thu Feb 24 2005 postadal@suse.cz
|
|
||||||
- added patches from cvs: gssapi-pam (openssh#918),
|
|
||||||
krb5ccname (openssh#445), logdenysource (openssh#909)
|
|
||||||
* Thu Feb 03 2005 postadal@suse.cz
|
|
||||||
- fixed keyboard-interactive/pam/Kerberos leaks info about user existence
|
|
||||||
[#48329] (openssh#971, CAN-2003-0190)
|
|
||||||
* Wed Jan 19 2005 postadal@suse.cz
|
|
||||||
- splited spec file to decreas number of build dependencies
|
|
||||||
- fixed restoring terminal setting after Ctrl+C during password prompt in scp/sftp [#43309]
|
|
||||||
- allowed users to see output from failing PAM session modules (openssh #890,
|
|
||||||
pam-returnfromsession.patch)
|
|
||||||
* Mon Nov 08 2004 kukuk@suse.de
|
|
||||||
- Use common-* PAM config files for sshd PAM configuration
|
|
||||||
* Mon Oct 25 2004 postadal@suse.cz
|
|
||||||
- switched heimdal-* to kerberos-devel-packages in #needforbuild
|
|
||||||
* Fri Sep 03 2004 ro@suse.de
|
|
||||||
- fix lib64 issue
|
|
||||||
* Tue Aug 31 2004 postadal@suse.cz
|
|
||||||
- updated to version 3.9p1
|
|
||||||
- removed obsoleted patches: scp-fix.diff and window_change-fix.diff
|
|
||||||
* Thu Aug 26 2004 postadal@suse.cz
|
|
||||||
- added openssh-askpass-gnome subpackage
|
|
||||||
- added ssh-askpass script for choosing askpass depending on windowmanager
|
|
||||||
(by Robert Love <rml@novell.com>)
|
|
||||||
- build with Smart card support (opensc) [#44289]
|
|
||||||
* Tue Aug 17 2004 postadal@suse.cz
|
|
||||||
- removed old implementation of "Update Messages" [#36059]
|
|
||||||
* Thu Aug 12 2004 postadal@suse.cz
|
|
||||||
- updated to version 3.8p1
|
|
||||||
- removed obsoleted patches: sftp-progress-fix and pam-fix4
|
|
||||||
* Mon Jun 28 2004 meissner@suse.de
|
|
||||||
- block sigalarm during syslog output or we might deadlock
|
|
||||||
on recursively entering syslog(). (LTC#9523, SUSE#42354)
|
|
||||||
* Wed May 26 2004 postadal@suse.cz
|
|
||||||
- fixed commented default value for GSSAPI
|
|
||||||
* Thu May 20 2004 mludvig@suse.cz
|
|
||||||
- Load drivers for available hardware crypto accelerators.
|
|
||||||
* Fri Apr 30 2004 postadal@suse.cz
|
|
||||||
- updated README.kerberos (GSSAPICleanupCreds renamed to GSSAPICleanupCredentials)
|
|
||||||
* Mon Apr 19 2004 postadal@suse.cz
|
|
||||||
- updated README.SuSE (GSSAPICleanupCreds renamed to GSSAPICleanupCredentials)
|
|
||||||
[#39010]
|
|
||||||
* Fri Mar 26 2004 postadal@suse.cz
|
|
||||||
- fixed sshd(8) and sshd_config(5) man pages (EAL3)
|
|
||||||
- fixed spelling errors in README.SuSE [#37086]
|
|
||||||
* Thu Mar 25 2004 postadal@suse.cz
|
|
||||||
- fixed change window request [#33177]
|
|
||||||
* Mon Mar 22 2004 postadal@suse.cz
|
|
||||||
- updated README.SuSE
|
|
||||||
- removed %%verify from /usr/bin/ssh in specfile
|
|
||||||
* Thu Mar 18 2004 postadal@suse.cz
|
|
||||||
- fixed previous fix of security bug in scp [#35443] (CAN-2004-0175)
|
|
||||||
(was too restrictive)
|
|
||||||
- fixed permission of /usr/bin/ssh
|
|
||||||
* Mon Mar 15 2004 postadal@suse.cz
|
|
||||||
- fixed comments in sshd_config and ssh_config
|
|
||||||
* Mon Mar 15 2004 postadal@suse.cz
|
|
||||||
- enabled privilege separation mode (new version fixes a lot of problematic PAM
|
|
||||||
calling [#30328])
|
|
||||||
- fixed security bug in scp [#35443] (CAN-2004-0175)
|
|
||||||
- reverted to old behaviour of ForwardingX11 [#35836]
|
|
||||||
(set ForwardX11Trusted to 'yes' by default)
|
|
||||||
- updated README.SuSE
|
|
||||||
- fixed pam code (pam-fix4.diff, backported from openssh-SNAP-20040311)
|
|
||||||
* Fri Mar 05 2004 postadal@suse.cz
|
|
||||||
- updated README.SuSE (Remote x11 clients are now untrusted by default) [#35368]
|
|
||||||
- added gssapimitm patch (support for old GSSAPI)
|
|
||||||
* Mon Mar 01 2004 postadal@suse.cz
|
|
||||||
- updated to version 3.8p1
|
|
||||||
* The "gssapi" support has been replaced with the "gssapi-with-mic"
|
|
||||||
to fix possible MITM attacks. These two versions are not compatible.
|
|
||||||
- removed obsoleted patches: krb5.patch, dns-lookups.patch, pam-fix.diff,
|
|
||||||
pam-end-fix.diff
|
|
||||||
- used process forking instead pthreads
|
|
||||||
(developers fixed bugs in pam calling and they recommended to don't use threads)
|
|
||||||
* Tue Feb 24 2004 postadal@suse.cz
|
|
||||||
- fixed the problem with save_argv in sshd.c re-apeared again in version 3.7.1p2
|
|
||||||
(it caused bad behaviour after receiving SIGHUP - used by reload of init script)
|
|
||||||
[#34845]
|
|
||||||
* Wed Feb 18 2004 kukuk@suse.de
|
|
||||||
- Real strict-aliasing patch
|
|
||||||
* Wed Feb 18 2004 postadal@suse.cz
|
|
||||||
- fixed strict-aliasing patch [#34551]
|
|
||||||
* Sat Feb 14 2004 adrian@suse.de
|
|
||||||
- provide SLP registration file /etc/slp.reg.d/ssh.reg
|
|
||||||
* Tue Feb 03 2004 postadal@suse.cz
|
|
||||||
- used patch from pam-end-fix.diff [#33132]
|
|
||||||
- fixed instalation openssh without documentation [#33937]
|
|
||||||
- fixed auth-pam.c which breaks strict aliasing
|
|
||||||
* Mon Jan 19 2004 meissner@suse.de
|
|
||||||
- Added a ; to ssh-key-converter.c to fix gcc 3.4 build.
|
|
||||||
* Fri Jan 16 2004 kukuk@suse.de
|
|
||||||
- Add pam-devel to neededforbuild
|
|
||||||
* Thu Nov 06 2003 postadal@suse.cz
|
|
||||||
- added /usr/bin/slogin explicitly to %%file list [#32921]
|
|
||||||
* Sun Nov 02 2003 adrian@suse.de
|
|
||||||
- add %%run_permissions to fix build
|
|
||||||
* Tue Oct 14 2003 postadal@suse.cz
|
|
||||||
- reverted value UsePAM to "yes" and set PasswordAuthentication to "no"
|
|
||||||
in file /etc/ssh/sshd_config (the version 3.7.1p2 disabled PAM support
|
|
||||||
by default) [#31749]
|
|
||||||
* Tue Sep 23 2003 draht@suse.de
|
|
||||||
- New version 3.7.1p2; signature from 86FF9C48 Damien Miller
|
|
||||||
verified for source tarball. Bugs fixed with this version:
|
|
||||||
[#31637] (CAN-2003-0786, CAN-2003-0786). Briefly:
|
|
||||||
1) SSH1 PAM challenge response auth ignored the result of the
|
|
||||||
authentication (with privsep off)
|
|
||||||
2) The PAM conversation function trashed the stack, by referring
|
|
||||||
to the **resp parameter as an array of pointers rather than
|
|
||||||
as a pointer to an array of struct pam_responses.
|
|
||||||
At least security bug 1) is exploitable.
|
|
||||||
* Fri Sep 19 2003 postadal@suse.cz
|
|
||||||
- use pthreads instead process forking (it needs by pam modules)
|
|
||||||
- fixed bug in calling pam_setcred [#31025]
|
|
||||||
(pam-fix.diff - string "FILE:" added to begin of KRB5CCNAME)
|
|
||||||
- updated README.SuSE
|
|
||||||
- reverted ChallengeResponseAuthentication option to default value yes
|
|
||||||
(necessary for pam authentication) [#31432]
|
|
||||||
* Thu Sep 18 2003 postadal@suse.cz
|
|
||||||
- updated to version 3.7.1p1 (with security patches)
|
|
||||||
- removed obsoleted patches: chauthtok.patch, krb-include-fix.diff,
|
|
||||||
gssapi-fix.diff, saveargv-fix.diff, gssapi-20030430.diff, racecondition-fix
|
|
||||||
- updated README.kerberos
|
|
||||||
* Tue Sep 16 2003 postadal@suse.cz
|
|
||||||
- fixed race condition in allocating memory [#31025] (CAN-2003-0693)
|
|
||||||
* Mon Sep 15 2003 postadal@suse.cz
|
|
||||||
- disabled privilege separation, which caused some problems [#30328]
|
|
||||||
(updated README.SuSE)
|
|
||||||
* Thu Sep 04 2003 postadal@suse.cz
|
|
||||||
- fixed bug in x11-ssh-askpass dialog [#25846] (askpass-fix.diff is workaround for gcc bug)
|
|
||||||
* Fri Aug 29 2003 kukuk@suse.de
|
|
||||||
- Call useradd -r for system account [Bug #29611]
|
|
||||||
* Mon Aug 25 2003 postadal@suse.cz
|
|
||||||
- use new stop_on_removal/restart_on_upate macros
|
|
||||||
- fixed lib64 problem in /etc/ssh/sshd_config [#28766]
|
|
||||||
* Tue Aug 19 2003 mmj@suse.de
|
|
||||||
- Add sysconfig metadata [#28943]
|
|
||||||
* Fri Aug 01 2003 ro@suse.de
|
|
||||||
- add e2fsprogs-devel to neededforbuild
|
|
||||||
* Thu Jul 24 2003 postadal@suse.cz
|
|
||||||
- updated to version 3.6.1p2
|
|
||||||
- added the new version of patch for GSSAPI (gssapi-20030430.diff),
|
|
||||||
the older one was removed (gssapi.patch)
|
|
||||||
- added README.kerberos to filelist
|
|
||||||
* Tue Jun 03 2003 mmj@suse.de
|
|
||||||
- Remove files we don't package
|
|
||||||
* Wed Apr 02 2003 postadal@suse.cz
|
|
||||||
- fixed bad behaviour after receiving SIGHUP (this bug caused not working reload of init script)
|
|
||||||
* Tue Mar 18 2003 postadal@suse.cz
|
|
||||||
- added $remote_fs to init.d script (needed if /usr is on remote fs [#25577])
|
|
||||||
* Thu Mar 13 2003 postadal@suse.cz
|
|
||||||
- fixed segfault while using GSSAPI for authentication when connecting to localhost (took care about error value of ssh_gssapi_import_name() in function ssh_gssapi_client_ctx())
|
|
||||||
* Mon Mar 10 2003 kukuk@suse.de
|
|
||||||
- Remove extra "/" from pid file path.
|
|
||||||
* Mon Mar 03 2003 postadal@suse.cz
|
|
||||||
- modified init.d script (now checking sshd.init.pid instead of port 22) [#24263]
|
|
||||||
* Mon Mar 03 2003 okir@suse.de
|
|
||||||
- added comment to /etc/pam.d/ssh on how to enable
|
|
||||||
support for resmgr (#24363).
|
|
||||||
* Fri Feb 21 2003 postadal@suse.cz
|
|
||||||
- added ssh-copy-id shell script [#23745]
|
|
||||||
* Fri Feb 14 2003 postadal@suse.cz
|
|
||||||
- given back gssapi and dns-lookups patches
|
|
||||||
* Thu Jan 23 2003 postadal@suse.cz
|
|
||||||
- updated to version 3.5p1
|
|
||||||
- removed obsolete patches: owl-mm, forced-commands-only, krb
|
|
||||||
- added patch krb5 (for heimdal)
|
|
||||||
- temporarily removed gssapi patch and dns-lookups (needs rewriting)
|
|
||||||
- fix sysconfig metadata
|
|
||||||
* Thu Dec 05 2002 okir@suse.de
|
|
||||||
- avoid Kerberos DNS lookups in the default config (#20395)
|
|
||||||
- added README.kerberos
|
|
||||||
* Thu Sep 19 2002 postadal@suse.cz
|
|
||||||
- added info about changes in the new version of openssh
|
|
||||||
to README.SuSE [#19757]
|
|
||||||
* Mon Sep 02 2002 okir@suse.de
|
|
||||||
- privsep directory now /var/lib/empty, which is provided by
|
|
||||||
filesystem package (#17556)
|
|
||||||
* Wed Aug 28 2002 nashif@suse.de
|
|
||||||
- Added insserv & co to PreReq
|
|
||||||
* Mon Aug 26 2002 okir@suse.de
|
|
||||||
- applied patch that adds GSSAPI support in protocol version 2 (#18239)
|
|
||||||
* Thu Aug 22 2002 postadal@suse.cz
|
|
||||||
- added the patch to fix malfunction of PermitRootLogin seted to
|
|
||||||
forced-commands-only [#17149]
|
|
||||||
* Fri Aug 09 2002 okir@suse.de
|
|
||||||
- syslog now reports kerberos auth method when logging in via
|
|
||||||
kerberos (#17469)
|
|
||||||
* Tue Jul 23 2002 okir@suse.de
|
|
||||||
- enabled kerberos support
|
|
||||||
- added patch to support kerberos 5 authentication in privsep mode.
|
|
||||||
- added missing section 5 manpages
|
|
||||||
- added missing ssh-keysign to files list (new for privsep)
|
|
||||||
* Mon Jul 22 2002 okir@suse.de
|
|
||||||
- fixed handling of expired passwords in privsep mode
|
|
||||||
* Tue Jul 09 2002 mmj@suse.de
|
|
||||||
- Don't source rc.config
|
|
||||||
* Wed Jul 03 2002 draht@suse.de
|
|
||||||
- ssh-keygen must be told to explicitly create type rsa1 keys
|
|
||||||
in the start script.
|
|
||||||
* Tue Jul 02 2002 ro@suse.de
|
|
||||||
- useradd/groupadd in preinstall to standardize
|
|
||||||
* Sat Jun 29 2002 ro@suse.de
|
|
||||||
- updated patch from solar: zero out bytes for no longer used pages
|
|
||||||
in mmap-fallback solution
|
|
||||||
* Thu Jun 27 2002 ro@suse.de
|
|
||||||
- updated owl-fallback.diff from solar
|
|
||||||
* Thu Jun 27 2002 ro@suse.de
|
|
||||||
- update to 3.4p1
|
|
||||||
o privilege separation support
|
|
||||||
o overflow fix from ISS
|
|
||||||
- unsplit openssh-server and openssh-client
|
|
||||||
* Tue Jun 18 2002 mmj@suse.de
|
|
||||||
- Update to 3.2.3p1 which fixed following compared to 3.2.2p1
|
|
||||||
o a defect in the BSD_AUTH access control handling for
|
|
||||||
o login/tty problems on Solaris (bug #245)
|
|
||||||
o build problems on Cygwin systems
|
|
||||||
- Split the package to openssh, openssh-server, openssh-client and
|
|
||||||
openssh-askpass
|
|
||||||
* Sun May 19 2002 mmj@suse.de
|
|
||||||
- Updated to 3.2.2p which includes security and several bugfixes.
|
|
||||||
* Fri Mar 15 2002 ro@suse.de
|
|
||||||
- added "Obsoletes: ssh"
|
|
||||||
* Tue Mar 05 2002 draht@suse.de
|
|
||||||
- security fix for bug in channels.c (channelbug.dif)
|
|
||||||
* Fri Mar 01 2002 bk@suse.de
|
|
||||||
- fix ssh-agent example to use eval `ssh-agent -s` and a typo.
|
|
||||||
- add sentence on use of ssh-agent with startx
|
|
||||||
* Tue Feb 26 2002 bk@suse.de
|
|
||||||
- update README.SuSE to improve documentation on protocol version
|
|
||||||
* Wed Feb 13 2002 cihlar@suse.cz
|
|
||||||
- rewritten addrlist patch - "0.0.0.0" is removed from list
|
|
||||||
after "::" is successful [#8951]
|
|
||||||
* Mon Feb 11 2002 cihlar@suse.cz
|
|
||||||
- added info about the change of the default protocol version
|
|
||||||
to README.SuSE
|
|
||||||
* Thu Feb 07 2002 cihlar@suse.cz
|
|
||||||
- removed addrlist patch which fixed bug [#8951] as it breaks
|
|
||||||
functionality on machines with kernel without IPv6 support,
|
|
||||||
bug reopened, new solution will be find
|
|
||||||
- switched to default protocol version 2
|
|
||||||
- added ssh-keyconvert (thanks Olaf Kirch <okir@suse.de>)
|
|
||||||
- removed static linking against libcrypto, as crypt() was removed
|
|
||||||
from it [#5333]
|
|
||||||
* Tue Jan 22 2002 kukuk@suse.de
|
|
||||||
- Add pam_nologin to account management (else it will not be
|
|
||||||
called if user does not do password authentification)
|
|
||||||
* Tue Jan 15 2002 egmont@suselinux.hu
|
|
||||||
- removed colon from shutdown message
|
|
||||||
* Thu Jan 10 2002 cihlar@suse.cz
|
|
||||||
- use %%{_lib}
|
|
||||||
* Thu Dec 13 2001 ro@suse.de
|
|
||||||
- moved rc.config.d -> sysconfig
|
|
||||||
* Mon Dec 10 2001 cihlar@suse.cz
|
|
||||||
- removed START_SSHD
|
|
||||||
* Fri Dec 07 2001 cihlar@suse.cz
|
|
||||||
- update to version 3.0.2p1:
|
|
||||||
* CheckMail option in sshd_config is deprecated
|
|
||||||
* X11 cookies are now stored in $HOME
|
|
||||||
* fixed a vulnerability in the UseLogin option
|
|
||||||
* /etc/ssh_known_hosts2 and ~/.ssh/known_hosts2 are obsolete,
|
|
||||||
/etc/ssh_known_hosts and ~/.ssh/known_hosts can be used
|
|
||||||
* several minor fixes
|
|
||||||
- update x11-ssh-askpass to version 1.2.4.1:
|
|
||||||
* fixed Imakefile.in
|
|
||||||
- fixed bug in adresses "::" and "0.0.0.0" [#8951]
|
|
||||||
* Fri Oct 05 2001 cihlar@suse.cz
|
|
||||||
- update to version 2.9.9p2
|
|
||||||
- removed obsolete clientloop and command patches
|
|
||||||
- uncommented "HostKey /etc/ssh/ssh_host_rsa_key" in sshd_config
|
|
||||||
- added German translation of e-mail to sysadmin
|
|
||||||
- init script fixed to work when more listening sshd runs
|
|
||||||
- added /bin/netstat to requires
|
|
||||||
* Mon Sep 24 2001 cihlar@suse.cz
|
|
||||||
- fixed security problem with sftp & bypassing
|
|
||||||
keypair auth restrictions - patch based on CVS
|
|
||||||
- fixed status part of init script - it returned
|
|
||||||
running even if there were only sshd of connections
|
|
||||||
and no listening sshd [#11220]
|
|
||||||
- fixed stop part of init script - when there was no
|
|
||||||
/var/run/sshd.pid, all sshd were killed
|
|
||||||
* Thu Sep 06 2001 nadvornik@suse.cz
|
|
||||||
- added patch for correct buffer flushing from CVS [bug #6450]
|
|
||||||
* Fri Jul 27 2001 cihlar@suse.cz
|
|
||||||
- update x11-ssh-askpass to version 1.2.2
|
|
||||||
* Thu Jul 26 2001 cihlar@suse.cz
|
|
||||||
- update to version 2.9p2
|
|
||||||
- removed obsolete "cookies" patch
|
|
||||||
* Mon Jun 11 2001 cihlar@suse.cz
|
|
||||||
- fixed to compile with new xmkmf
|
|
||||||
* Thu Jun 07 2001 cihlar@suse.cz
|
|
||||||
- fixed security bug when any file "cookies" could
|
|
||||||
be removed by anybody
|
|
||||||
* Tue Jun 05 2001 bjacke@suse.de
|
|
||||||
- generate rsa host key in init script
|
|
||||||
* Tue Jun 05 2001 cihlar@suse.cz
|
|
||||||
- removed complete path from PAM modules
|
|
||||||
* Thu May 03 2001 cihlar@suse.cz
|
|
||||||
- update to version 2.9p1
|
|
||||||
- removed obsolete --with-openssl
|
|
||||||
- removed obsolete man patch
|
|
||||||
* Mon Apr 30 2001 cihlar@suse.cz
|
|
||||||
- enable PAM support
|
|
||||||
* Fri Apr 13 2001 ro@suse.de
|
|
||||||
- fixed specfile for extra README.SuSE
|
|
||||||
* Fri Apr 13 2001 cihlar@suse.cz
|
|
||||||
- fixed init script by new skeleton
|
|
||||||
* Thu Mar 22 2001 cihlar@suse.cz
|
|
||||||
- update to version 2.5.2p2
|
|
||||||
* Wed Mar 14 2001 cihlar@suse.cz
|
|
||||||
- fixed ssh man page
|
|
||||||
* Mon Mar 12 2001 cihlar@suse.cz
|
|
||||||
- update to version 2.5.1p2
|
|
||||||
- added xf86 to neededforbuild
|
|
||||||
* Fri Mar 09 2001 schwab@suse.de
|
|
||||||
- Fix missing crypt declaration.
|
|
||||||
* Fri Feb 23 2001 cihlar@suse.cz
|
|
||||||
- update to version 2.5.1p1
|
|
||||||
- update x11-ssh-askpass to version 1.2.0
|
|
||||||
* Tue Feb 20 2001 cihlar@suse.cz
|
|
||||||
- modified README.SuSE [#4365]
|
|
||||||
- fixed start script to agree with skeleton
|
|
||||||
- fixed start script so "stop" kills only sshd
|
|
||||||
listening for connections
|
|
||||||
- compiled with --with-openssl
|
|
||||||
- "ListenAddress 0.0.0.0" in sshd_config commented out -
|
|
||||||
listen on both ipv4 and ipv6
|
|
||||||
- fixed var/adm/notify/messages/openssh_update [#6406]
|
|
||||||
* Thu Jan 25 2001 smid@suse.cz
|
|
||||||
- startup script fixed [#5559]
|
|
||||||
* Tue Jan 16 2001 nadvornik@suse.cz
|
|
||||||
- libcrypto linked static [#5333]
|
|
||||||
* Thu Jan 11 2001 cihlar@suse.cz
|
|
||||||
- uncomment sftp-server part in sshd_config
|
|
||||||
- added /usr/X11R6/lib/X11/app-defaults/SshAskpass to %%files
|
|
||||||
* Thu Jan 11 2001 cihlar@suse.cz
|
|
||||||
- fixed %%files [#5230]
|
|
||||||
- fixed installation of x11-ssh-askpass to BuildRoot
|
|
||||||
- added man pages of x11-ssh-askpass
|
|
||||||
* Wed Jan 10 2001 smid@suse.cz
|
|
||||||
- notice about how to enable ipv6 added to mail
|
|
||||||
- for administrator [#5297]
|
|
||||||
* Wed Dec 13 2000 smid@suse.cz
|
|
||||||
- default ipv6 listennig disabled (problems with libc2.2) [#4588]
|
|
||||||
* Tue Dec 05 2000 smid@suse.cz
|
|
||||||
- notify message changed
|
|
||||||
* Mon Dec 04 2000 lmuelle@suse.de
|
|
||||||
- fixed provides/ conflicts to ssh
|
|
||||||
* Thu Nov 30 2000 smid@suse.cz
|
|
||||||
- path to ssh-askpass fixed
|
|
||||||
- stop in %%preun removed
|
|
||||||
- new init style
|
|
||||||
* Mon Nov 27 2000 schwab@suse.de
|
|
||||||
- Restore rcsshd link.
|
|
||||||
* Sun Nov 26 2000 kukuk@suse.de
|
|
||||||
- Add openssl-devel to neededforbuild
|
|
||||||
* Mon Nov 20 2000 smid@suse.cz
|
|
||||||
- New version 2.3.0
|
|
||||||
* Wed Sep 06 2000 smid@suse.cz
|
|
||||||
- remove --with-ipv4-default option
|
|
||||||
* Wed Jul 05 2000 garloff@suse.de
|
|
||||||
- ... and tell the sysadmin and user more about what they can do
|
|
||||||
about it (schwab).
|
|
||||||
* Wed Jul 05 2000 garloff@suse.de
|
|
||||||
- Inform the user (admin) about the fact that the default behaviour
|
|
||||||
with respect to X11-forwarding has been changed to be disabled.
|
|
||||||
* Wed Jun 28 2000 smid@suse.cz
|
|
||||||
- warning that generating DSA key can an take a long time.
|
|
||||||
(bugzilla 3015)
|
|
||||||
- writing to wtmp and lastlog fixed (bugzilla 3024)
|
|
||||||
- reading config file (parameter Protocol) fixed
|
|
||||||
* Fri Jun 16 2000 garloff@suse.de
|
|
||||||
- Added generation of ssh_host_dsa_key
|
|
||||||
* Tue Jun 13 2000 nadvornik@suse.cz
|
|
||||||
- update to 2.1.1p1
|
|
||||||
* Thu Jun 08 2000 cihlar@suse.cz
|
|
||||||
- uncommented %%clean
|
|
||||||
* Fri May 05 2000 smid@suse.cz
|
|
||||||
- buildroot added
|
|
||||||
- upgrade to 1.2.3
|
|
||||||
* Tue Mar 21 2000 kukuk@suse.de
|
|
||||||
- Update to 1.2.2p1
|
|
||||||
* Mon Mar 06 2000 kukuk@suse.de
|
|
||||||
- Fix the diff.
|
|
||||||
* Sun Mar 05 2000 kukuk@suse.de
|
|
||||||
- Add a README.SuSE with a short description how to use ssh-add
|
|
||||||
* Tue Feb 29 2000 schwab@suse.de
|
|
||||||
- Update config.{guess,sub}.
|
|
||||||
* Fri Feb 25 2000 kukuk@suse.de
|
|
||||||
- Fix need for build, add group tag.
|
|
||||||
* Wed Feb 02 2000 kukuk@suse.de
|
|
||||||
- Change new defaults back to old one
|
|
||||||
* Sun Jan 30 2000 kukuk@suse.de
|
|
||||||
- Add x11-ssh-askpass to filelist
|
|
||||||
* Fri Jan 28 2000 kukuk@suse.de
|
|
||||||
- Update to OpenSSH 1.2.2
|
|
||||||
- Add x11-ssh-askpass-1.0
|
|
||||||
* Tue Jan 25 2000 kukuk@suse.de
|
|
||||||
- Add reload and status to /sbin/init.d/sshd [Bug 1747]
|
|
||||||
* Thu Jan 20 2000 kukuk@suse.de
|
|
||||||
- Update to 1.2.1pre27 with IPv6 support
|
|
||||||
* Fri Dec 31 1999 kukuk@suse.de
|
|
||||||
- Initial version
|
|
||||||
|
10
ssh-askpass
10
ssh-askpass
@ -25,10 +25,9 @@ if [ -z "$SESSION" ] ; then
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
GNOME_SSH_ASKPASS="/usr/lib/ssh/gnome-ssh-askpass"
|
GNOME_SSH_ASKPASS="/usr/lib/ssh/gnome-ssh-askpass"
|
||||||
|
KDE_SSH_ASKPASS="/usr/lib/ssh/ksshaskpass"
|
||||||
X11_SSH_ASKPASS="/usr/lib/ssh/x11-ssh-askpass"
|
X11_SSH_ASKPASS="/usr/lib/ssh/x11-ssh-askpass"
|
||||||
|
|
||||||
# note: if there is ever a kde-ssh-askpass, just add it based on SESSION=kde
|
|
||||||
|
|
||||||
case "$SESSION" in
|
case "$SESSION" in
|
||||||
gnome)
|
gnome)
|
||||||
if [ -f $GNOME_SSH_ASKPASS ]; then
|
if [ -f $GNOME_SSH_ASKPASS ]; then
|
||||||
@ -37,6 +36,13 @@ case "$SESSION" in
|
|||||||
exec $X11_SSH_ASKPASS ${1+"$@"}
|
exec $X11_SSH_ASKPASS ${1+"$@"}
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
|
kde)
|
||||||
|
if [ -f $KDE_SSH_ASKPASS ]; then
|
||||||
|
exec $KDE_SSH_ASKPASS ${1+"$@"}
|
||||||
|
else
|
||||||
|
exec $X11_SSH_ASKPASS ${1+"$@"}
|
||||||
|
fi
|
||||||
|
;;
|
||||||
*)
|
*)
|
||||||
exec $X11_SSH_ASKPASS ${1+"$@"}
|
exec $X11_SSH_ASKPASS ${1+"$@"}
|
||||||
;;
|
;;
|
||||||
|
Loading…
Reference in New Issue
Block a user