OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=16

openssh.changes

@@ -1,3 +1,72 @@
+-------------------------------------------------------------------
+Wed Apr  9 14:37:57 CEST 2008 - anicka@suse.cz
+
+- update to 5.0p1
+ * CVE-2008-1483: Avoid possible hijacking of X11-forwarded 
+   connections by refusing to listen on a port unless all address 
+   families bind successfully.
+- remove CVE-2008-1483 patch
+
+-------------------------------------------------------------------
+Wed Apr  2 14:57:26 CEST 2008 - anicka@suse.cz
+
+- update to 4.9p1 
+  * Disable execution of ~/.ssh/rc for sessions where a command has been
+    forced by the sshd_config ForceCommand directive. Users who had
+    write access to this file could use it to execute abritrary commands.
+    This behaviour was documented, but was an unsafe default and an extra
+    hassle for administrators.
+  * Added chroot(2) support for sshd(8), controlled by a new option
+    "ChrootDirectory". Please refer to sshd_config(5) for details, and
+    please use this feature carefully. (bz#177 bz#1352)
+  * Linked sftp-server(8) into sshd(8). The internal sftp server is
+    used when the command "internal-sftp" is specified in a Subsystem
+    or ForceCommand declaration. When used with ChrootDirectory, the
+    internal sftp server requires no special configuration of files
+    inside the chroot environment. Please refer to sshd_config(5) for
+    more information.
+  * Added a "no-user-rc" option for authorized_keys to disable execution
+    of ~/.ssh/rc
+  * Added a protocol extension method "posix-rename@openssh.com" for
+    sftp-server(8) to perform POSIX atomic rename() operations.
+    (bz#1400)
+  * Removed the fixed limit of 100 file handles in sftp-server(8). The
+    server will now dynamically allocate handles up to the number of
+    available file descriptors. (bz#1397)
+  * ssh(8) will now skip generation of SSH protocol 1 ephemeral server
+    keys when in inetd mode and protocol 2 connections are negotiated.
+    This speeds up protocol 2 connections to inetd-mode servers that
+    also allow Protocol 1 (bz#440)
+  * Accept the PermitRootLogin directive in a sshd_config(5) Match
+    block. Allows for, e.g. permitting root only from the local
+    network.
+  * Reworked sftp(1) argument splitting and escaping to be more
+    internally consistent (i.e. between sftp commands) and more
+    consistent with sh(1). Please note that this will change the
+    interpretation of some quoted strings, especially those with
+    embedded backslash escape sequences. (bz#778)
+  * Support "Banner=none" in sshd_config(5) to disable sending of a
+    pre-login banner (e.g. in a Match block).
+  * ssh(1) ProxyCommands are now executed with $SHELL rather than
+    /bin/sh.
+  * ssh(1)'s ConnectTimeout option is now applied to both the TCP
+    connection and the SSH banner exchange (previously it just covered
+    the TCP connection). This allows callers of ssh(1) to better detect
+    and deal with stuck servers that accept a TCP connection but don't
+    progress the protocol, and also makes ConnectTimeout useful for
+    connections via a ProxyCommand.
+  * Many new regression tests, including interop tests against PuTTY's
+    plink.
+  * Support BSM auditing on Mac OS X
+  * bugfixes
+- remove addrlist, pam_session_close, strict-aliasing-fix patches 
+  (not needed anymore)
+
+-------------------------------------------------------------------
+Tue Mar 25 11:10:14 CET 2008 - anicka@suse.cz
+
+- fix CVE-2008-1483 (bnc#373527) 
+
 -------------------------------------------------------------------
 Fri Jan  4 11:11:52 CET 2008 - anicka@suse.cz