SHA256
1
0
forked from pool/openssh
Commit Graph

267 Commits

Author SHA256 Message Date
Dominique Leuenberger
1b216e5454 Accepting request 780476 from network
OBS-URL: https://build.opensuse.org/request/show/780476
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=138
2020-03-01 20:26:18 +00:00
Tomáš Chvátal
9a4705bd68 Accepting request 780330 from home:lnussel:branches:network
- Don't recommend xauth to avoid pulling in X.

OBS-URL: https://build.opensuse.org/request/show/780330
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=207
2020-02-29 10:06:47 +00:00
Vítězslav Čížek
7fc5bd5b80 Add missing piece of changelog:
- Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574).
  This attempts to preserve the permissions of any existing
  known_hosts file when modified by ssh-keygen (for instance,
  with -R).

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=206
2020-02-28 12:29:57 +00:00
Vítězslav Čížek
302f567739 Accepting request 779739 from home:hpjansson:branches:network
Add openssh-8.1p1-use-openssl-kdf.patch (jsc#SLE-9443). This
  performs key derivation using OpenSSL's SSHKDF facility, which
  allows OpenSSH to benefit from the former's FIPS certification
  status.

Make sure ssh-keygen runs if SSHD_AUTO_KEYGEN variable is unset
  or contains an unrecognized value (bsc#1157176).

OBS-URL: https://build.opensuse.org/request/show/779739
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=205
2020-02-28 12:19:42 +00:00
Dominique Leuenberger
350e5efcfa Accepting request 775238 from network
OBS-URL: https://build.opensuse.org/request/show/775238
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=137
2020-02-18 15:18:19 +00:00
Dominique Leuenberger
b71bd2f41b Accepting request 775237 from home:favogt:branches:network
- Add patches to fix the sandbox blocking glibc on 32bit platforms
  (boo#1164061):
  * openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
  * openssh-8.1p1-seccomp-clock_gettime64.patch

OBS-URL: https://build.opensuse.org/request/show/775237
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=203
2020-02-18 15:10:09 +00:00
Dominique Leuenberger
dfab09de91 Accepting request 748711 from network
OBS-URL: https://build.opensuse.org/request/show/748711
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=136
2019-11-18 19:05:09 +00:00
Tomáš Chvátal
2d48f44a64 Accepting request 746672 from home:elvigia:branches:network
- Add openssh-8.1p1-seccomp-clock_nanosleep.patch, allow clock_nanosleep
  glibc master implements multiple functions using that syscall making
  the privsep sandbox kill the preauth process.

OBS-URL: https://build.opensuse.org/request/show/746672
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=201
2019-11-14 15:26:26 +00:00
Dominique Leuenberger
a68d0c642d Accepting request 738544 from network
- Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574).
  This attempts to preserve the permissions of any existing
  known_hosts file when modified by ssh-keygen (for instance,
  with -R).
- Add patch from upstream openssh-7.9p1-revert-new-qos-defaults.patch

- Run 'ssh-keygen -A' on startup only if SSHD_AUTO_KEYGEN="yes"
  in /etc/sysconfig/ssh. This is set to "yes" by default, but
  can be changed by the system administrator (bsc#1139089).

- Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574).
  This attempts to preserve the permissions of any existing
  known_hosts file when modified by ssh-keygen (for instance,
  with -R).

- Version update to 8.1p1:
  * ssh-keygen(1): when acting as a CA and signing certificates with
    an RSA key, default to using the rsa-sha2-512 signature algorithm.
    Certificates signed by RSA keys will therefore be incompatible
    with OpenSSH versions prior to 7.2 unless the default is
    overridden (using "ssh-keygen -t ssh-rsa -s ...").
  * ssh(1): Allow %n to be expanded in ProxyCommand strings
  * ssh(1), sshd(8): Allow prepending a list of algorithms to the
    default set by starting the list with the '^' character, E.g.
    "HostKeyAlgorithms ^ssh-ed25519"
  * ssh-keygen(1): add an experimental lightweight signature and
    verification ability. Signatures may be made using regular ssh keys
    held on disk or stored in a ssh-agent and verified against an
    authorized_keys-like list of allowed keys. Signatures embed a
    namespace that prevents confusion and attacks between different

OBS-URL: https://build.opensuse.org/request/show/738544
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=135
2019-10-25 16:39:52 +00:00
Tomáš Chvátal
5c5997059e - Add patch from upstream openssh-7.9p1-revert-new-qos-defaults.patch
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=199
2019-10-15 08:09:16 +00:00
Tomáš Chvátal
fbcab3da0e Accepting request 738490 from home:hpjansson:branches:network
Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574).
This attempts to preserve the permissions of any existing
known_hosts file when modified by ssh-keygen (for instance,
with -R).

Run 'ssh-keygen -A' on startup only if SSHD_AUTO_KEYGEN="yes"
in /etc/sysconfig/ssh. This is set to "yes" by default, but
can be changed by the system administrator (bsc#1139089).

Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574).
This attempts to preserve the permissions of any existing
known_hosts file when modified by ssh-keygen (for instance,
with -R).

OBS-URL: https://build.opensuse.org/request/show/738490
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=198
2019-10-15 07:47:08 +00:00
Tomáš Chvátal
318211936a Accepting request 737034 from home:hpjansson:branches:network
Version update to 8.1p1:
  * ssh-keygen(1): when acting as a CA and signing certificates with
    an RSA key, default to using the rsa-sha2-512 signature algorithm.
    Certificates signed by RSA keys will therefore be incompatible
    with OpenSSH versions prior to 7.2 unless the default is
    overridden (using "ssh-keygen -t ssh-rsa -s ...").
  * ssh(1): Allow %n to be expanded in ProxyCommand strings
  * ssh(1), sshd(8): Allow prepending a list of algorithms to the
    default set by starting the list with the '^' character, E.g.
    "HostKeyAlgorithms ^ssh-ed25519"
  * ssh-keygen(1): add an experimental lightweight signature and
    verification ability. Signatures may be made using regular ssh keys
    held on disk or stored in a ssh-agent and verified against an
    authorized_keys-like list of allowed keys. Signatures embed a
    namespace that prevents confusion and attacks between different
    usage domains (e.g. files vs email).
  * ssh-keygen(1): print key comment when extracting public key from a
    private key.
  * ssh-keygen(1): accept the verbose flag when searching for host keys
    in known hosts (i.e. "ssh-keygen -vF host") to print the matching
    host's random-art signature too.
  * All: support PKCS8 as an optional format for storage of private
    keys to disk.  The OpenSSH native key format remains the default,
    but PKCS8 is a superior format to PEM if interoperability with
    non-OpenSSH software is required, as it may use a less insecure
    key derivation function than PEM's.
- Additional changes from 8.0p1 release:
  * scp(1): Add "-T" flag to disable client-side filtering of
    server file list.
  * sshd(8): Remove support for obsolete "host/port" syntax.

OBS-URL: https://build.opensuse.org/request/show/737034
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=197
2019-10-10 13:32:50 +00:00
Dominique Leuenberger
8c7e2eae29 Accepting request 724538 from network
OBS-URL: https://build.opensuse.org/request/show/724538
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=134
2019-08-27 13:21:05 +00:00
Tomáš Chvátal
9a25e259e6 Accepting request 724531 from home:kukuk:branches:network
- don't install SuSEfirewall2 service on Factory, since SuSEfirewall2
  has been replaced by firewalld, see [1].
  [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html

OBS-URL: https://build.opensuse.org/request/show/724531
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=195
2019-08-19 09:45:46 +00:00
Dominique Leuenberger
e2856c72b9 Accepting request 718211 from network
OBS-URL: https://build.opensuse.org/request/show/718211
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=133
2019-07-29 15:22:27 +00:00
Tomáš Chvátal
8062668408 Accepting request 718210 from home:Vogtinator:branches:network
Fixup last sr

OBS-URL: https://build.opensuse.org/request/show/718210
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=193
2019-07-24 12:05:07 +00:00
Hans Petter Jansson
084c35400e Accepting request 717662 from home:Vogtinator:branches:network
- ssh-askpass: Try a fallback if the other option is not available

OBS-URL: https://build.opensuse.org/request/show/717662
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=192
2019-07-22 18:28:13 +00:00
5c0c497eea Accepting request 716585 from home:favogt:branches:network
- Supplement libgtk-3-0 instead to avoid installation on a textmode install
  (boo#1142000)

OBS-URL: https://build.opensuse.org/request/show/716585
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=191
2019-07-22 16:43:06 +00:00
Dominique Leuenberger
3437c6c5e1 Accepting request 706737 from network
OBS-URL: https://build.opensuse.org/request/show/706737
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=132
2019-06-04 10:08:03 +00:00
Tomáš Chvátal
a0c02d63e8 Accepting request 706687 from home:vitezslav_cizek:branches:network
- Fix a crash with GSSAPI key exchange (bsc#1136104)
  * modify openssh-7.7p1-gssapi_key_exchange.patch

OBS-URL: https://build.opensuse.org/request/show/706687
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=189
2019-05-31 18:07:22 +00:00
Dominique Leuenberger
c6417f5931 Accepting request 689349 from network
OBS-URL: https://build.opensuse.org/request/show/689349
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=131
2019-03-29 19:33:25 +00:00
Vítězslav Čížek
bd816c8da4 Accepting request 689347 from home:vitezslav_cizek:branches:network
- Fix a double free() in the KDF CAVS testing tool (bsc#1065237)
  * modify openssh-7.7p1-cavstest-kdf.patch

OBS-URL: https://build.opensuse.org/request/show/689347
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=187
2019-03-28 13:07:24 +00:00
Dominique Leuenberger
a252fc64e1 Accepting request 684354 from network
OBS-URL: https://build.opensuse.org/request/show/684354
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=130
2019-03-14 13:57:40 +00:00
Vítězslav Čížek
8ca4d6f6f4 Accepting request 684353 from home:vitezslav_cizek:branches:network
- Minor clean-up of the fips patches, modified
  openssh-7.7p1-fips.patch
  openssh-7.7p1-fips_checks.patch

OBS-URL: https://build.opensuse.org/request/show/684353
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=185
2019-03-12 15:19:34 +00:00
Vítězslav Čížek
d9fe580505 Accepting request 684224 from home:vitezslav_cizek:branches:network
- Fix two race conditions in sshd relating to SIGHUP (bsc#1119183)
  * 0001-upstream-Fix-two-race-conditions-in-sshd-relating-to.patch

OBS-URL: https://build.opensuse.org/request/show/684224
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=184
2019-03-12 10:22:15 +00:00
Stephan Kulow
5a265c2de0 Accepting request 680205 from network
OBS-URL: https://build.opensuse.org/request/show/680205
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=129
2019-03-01 19:27:19 +00:00
Tomáš Chvátal
3f73bd9831 Accepting request 680202 from home:vitezslav_cizek:branches:network
- Correctly filter out non-compliant algorithms when in FIPS mode
  (bsc#1126397)
  * A hunk was applied to a wrong place due to a patch fuzz when
    the fips patch was being ported to openssh 7.9p1
- update openssh-7.7p1-fips.patch

OBS-URL: https://build.opensuse.org/request/show/680202
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=182
2019-02-28 20:03:36 +00:00
Tomáš Chvátal
5fcc01190a Accepting request 679869 from home:vitezslav_cizek:branches:network
- Remove the "KexDHMin" config keyword (bsc#1127180)
  It used to allow lowering of the minimal allowed DH group size,
  which was increased to 2048 by upstream in the light of the Logjam
  attack.
  The code was broken since the upgrade to 7.6p1, but nobody noticed.
  As apparently no one needs the functionality any more, let's drop
  the patch.
  It's still possible to use the fixed 1024-bit diffie-hellman-group1-sha1
  key exchange method when working with legacy systems.
- drop openssh-7.7p1-disable_short_DH_parameters.patch
- updated patches:
  openssh-7.7p1-fips.patch
  openssh-7.7p1-fips_checks.patch
  openssh-7.7p1-gssapi_key_exchange.patch

OBS-URL: https://build.opensuse.org/request/show/679869
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=181
2019-02-27 15:39:11 +00:00
Stephan Kulow
44f9d7c40f Accepting request 677282 from network
- Supplement the openssh and libx11 together to ensure this package
  is installed on machines where there is X stack

- Handle brace expansion in scp when checking that filenames sent
  by the server side match what the client requested [bsc#1125687]
  * openssh-7.9p1-brace-expansion.patch

- Updated security fixes:
  * [bsc#1121816, CVE-2019-6109] Sanitize scp filenames via snmprintf
    and have progressmeter force an update at the beginning and end
    of each transfer. Added patches:
    - openssh-CVE-2019-6109-sanitize-scp-filenames.patch
    - openssh-CVE-2019-6109-force-progressmeter-update.patch
  * [bsc#1121821, CVE-2019-6111] Check in scp client that filenames
    sent during remote->local directory copies satisfy the wildcard
    specified by the user. Added patch:
    - openssh-CVE-2019-6111-scp-client-wildcard.patch
  * Removed openssh-7.9p1-scp-name-validator.patch

- Change the askpass wrapper to not use x11 interface:
  * by default we use the -gnome UI (which is gtk3 only, no gnome dep)
  * if desktop is KDE/LxQt we use ksshaskpass

OBS-URL: https://build.opensuse.org/request/show/677282
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=128
2019-02-25 16:46:44 +00:00
Tomáš Chvátal
afefdefb8a * openssh-7.9p1-brace-expansion.patch
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=179
2019-02-19 08:19:52 +00:00
Tomáš Chvátal
adae0f9df2 Accepting request 677200 from home:pmonrealgonzalez:branches:network
- Handle brace expansion in scp when checking that filenames sent
  by the server side match what the client requested [bsc#1125687]

OBS-URL: https://build.opensuse.org/request/show/677200
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=178
2019-02-19 08:15:17 +00:00
Tomáš Chvátal
e882225f5d Accepting request 676348 from home:pmonrealgonzalez:branches:network
- Updated security fixes:
  * [bsc#1121816, CVE-2019-6109] Sanitize scp filenames via snmprintf
    and have progressmeter force an update at the beginning and end
    of each transfer. Added patches:
    - openssh-CVE-2019-6109-sanitize-scp-filenames.patch
    - openssh-CVE-2019-6109-force-progressmeter-update.patch
  * [bsc#1121821, CVE-2019-6111] Check in scp client that filenames
    sent during remote->local directory copies satisfy the wildcard
    specified by the user. Added patch:
    - openssh-CVE-2019-6111-scp-client-wildcard.patch
  * Removed openssh-7.9p1-scp-name-validator.patch

OBS-URL: https://build.opensuse.org/request/show/676348
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=177
2019-02-15 09:16:16 +00:00
Tomáš Chvátal
05c990c804 - Supplement the openssh and libx11 together to ensure this package
is installed on machines where there is X stack

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=176
2019-02-14 10:37:25 +00:00
Tomáš Chvátal
728923fa07 - Change the askpass wrapper to not use x11 interface:
* by default we use the -gnome UI (which is gtk3 only, no gnome dep)
  * if desktop is KDE/LxQt we use ksshaskpass

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=175
2019-02-14 10:30:34 +00:00
Stephan Kulow
c6e12a196f Accepting request 669023 from network
OBS-URL: https://build.opensuse.org/request/show/669023
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=127
2019-02-04 20:10:21 +00:00
Tomáš Chvátal
39cce89598 Accepting request 669019 from home:pmonrealgonzalez:branches:network
- Remove old conditionals

  * Mention the change in README.SUSE

OBS-URL: https://build.opensuse.org/request/show/669019
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=173
2019-01-28 10:41:40 +00:00
Tomáš Chvátal
ed403ddfcd Accepting request 668656 from home:pmonrealgonzalez:branches:network
- Move ssh-ldap* man pages into openssh-helpers [bsc#1051531]

- Allow root login by default [bsc#1118114, bsc#1121196]
  * Added/updated previous patch openssh-7.7p1-allow_root_password_login.patch

- Added SLE conditionals in the spec files:
  * Keep gtk2-devel in openssh-askpass-gnome in SLE
  * Keep krb5-mini-devel in SLE
- Removed obsolete configure options:
  * SSH protocol 1 --with-ssh1
  * Smart card --with-opensc
- Cleaned spec file with spec-cleaner

OBS-URL: https://build.opensuse.org/request/show/668656
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=172
2019-01-28 08:02:07 +00:00
Dominique Leuenberger
de0e6dcfe9 Accepting request 666632 from network
OBS-URL: https://build.opensuse.org/request/show/666632
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=126
2019-01-21 09:08:46 +00:00
Tomáš Chvátal
be528d6e10 Accepting request 666511 from home:pmonrealgonzalez:branches:network
- Security fix:
  * [bsc#1121816, CVE-2019-6109] scp client spoofing via object name
  * [bsc#1121818, CVE-2019-6110] scp client spoofing via stderr
  * [bsc#1121821, CVE-2019-6111] scp client missing received object
    name validation
  * Added patch openssh-7.9p1-scp-name-validator.patch

OBS-URL: https://build.opensuse.org/request/show/666511
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=170
2019-01-17 08:11:36 +00:00
Tomáš Chvátal
a485b7f4e0 Accepting request 664725 from home:pmonrealgonzalez:branches:network
- Security fix: [bsc#1121571, CVE-2018-20685]
  * The scp client allows remote SSH servers to bypass intended
    access restrictions
  * Added patch openssh-7.9p1-CVE-2018-20685.patch

OBS-URL: https://build.opensuse.org/request/show/664725
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=169
2019-01-11 17:55:43 +00:00
Dominique Leuenberger
799bc3af72 Accepting request 662751 from network
OBS-URL: https://build.opensuse.org/request/show/662751
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=125
2019-01-11 12:59:45 +00:00
Tomáš Chvátal
518034998f Accepting request 662676 from home:pmonrealgonzalez:branches:network
- Added compatibility with SuSEfirewall2 [bsc#1118044]

OBS-URL: https://build.opensuse.org/request/show/662676
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=167
2019-01-04 06:19:36 +00:00
Dominique Leuenberger
ed851c1089 Accepting request 657268 from network
OBS-URL: https://build.opensuse.org/request/show/657268
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=124
2018-12-19 12:27:48 +00:00
Tomáš Chvátal
cf45c4e386 Accepting request 657258 from home:pmonrealgonzalez:branches:network
- Update the firewall rules in Tumbleweed

OBS-URL: https://build.opensuse.org/request/show/657258
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=165
2018-12-11 16:01:09 +00:00
Dominique Leuenberger
7ca123a3a4 Accepting request 652023 from network
OBS-URL: https://build.opensuse.org/request/show/652023
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=123
2018-11-28 10:11:24 +00:00
Tomáš Chvátal
c41fcd05a7 Accepting request 651986 from home:vitezslav_cizek:branches:network
- Fix build with openssl < 1.1.0
  * add openssh-openssl-1_0_0-compatibility.patch

OBS-URL: https://build.opensuse.org/request/show/651986
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=163
2018-11-26 14:06:38 +00:00
Tomáš Chvátal
81347795a3 Accepting request 645609 from home:elvigia:branches:network
- openssh-7.7p1-audit.patch: fix sshd fatal error in 
  mm_answer_keyverify: buffer error: incomplete message [bnc#1114008]

OBS-URL: https://build.opensuse.org/request/show/645609
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=162
2018-10-31 05:45:24 +00:00
Tomáš Chvátal
5f87526504 Accepting request 644397 from home:pmonrealgonzalez:branches:network
* openssh-7.7p1-cavstest-ctr.patch
  * openssh-7.7p1-ldap.patch

OBS-URL: https://build.opensuse.org/request/show/644397
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=161
2018-10-24 17:58:38 +00:00
Dominique Leuenberger
2176dd1aa9 Accepting request 642574 from network
- Update to 7.8p1:
  * no actual changes for the askpass
- Format with spec-cleaner
- Respect cflags
- Use gtk3 rather than gtk2 which is being phased out

- Remove the mention of the SLE12 in the README.SUSE
- Install firewall rules only when really needed (&lt;SLE15)

- Version update to 7.8p1:
  * For most details see release notes file
  * ssh-keygen(1): write OpenSSH format private keys by default
    instead of using OpenSSL's PEM format
- Rebase patches to apply on 7.8p1 release:
  * openssh-7.7p1-fips.patch
  * openssh-7.7p1-cavstest-kdf.patch
  * openssh-7.7p1-fips_checks.patch
  * openssh-7.7p1-gssapi_key_exchange.patch
  * openssh-7.7p1-audit.patch
  * openssh-7.7p1-openssl_1.1.0.patch
  * openssh-7.7p1-ldap.patch
  * openssh-7.7p1-IPv6_X_forwarding.patch
  * openssh-7.7p1-sftp_print_diagnostic_messages.patch
  * openssh-7.7p1-disable_short_DH_parameters.patch
  * openssh-7.7p1-hostname_changes_when_forwarding_X.patch
  * openssh-7.7p1-pam_check_locks.patch
  * openssh-7.7p1-seed-prng.patch
  * openssh-7.7p1-systemd-notify.patch
  * openssh-7.7p1-X11_trusted_forwarding.patch
- Dropped patches: (forwarded request 642573 from scarabeus_iv)

OBS-URL: https://build.opensuse.org/request/show/642574
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=122
2018-10-23 18:33:50 +00:00
Tomáš Chvátal
b21be4c6b4 Accepting request 643660 from home:pmonrealgonzalez:branches:network
- Version update to 7.9p1
  * No actual changes for the askpass
  * See main package changelog for details

- Version update to 7.9p1
  * ssh(1), sshd(8): the setting of the new CASignatureAlgorithms
    option (see below) bans the use of DSA keys as certificate
    authorities.
  * sshd(8): the authentication success/failure log message has
    changed format slightly. It now includes the certificate
    fingerprint (previously it included only key ID and CA key
    fingerprint).
  * ssh(1), sshd(8): allow most port numbers to be specified using
    service names from getservbyname(3) (typically /etc/services).
  * sshd(8): support signalling sessions via the SSH protocol.
    A limited subset of signals is supported and only for login or
    command sessions (i.e. not subsystems) that were not subject to
    a forced command via authorized_keys or sshd_config. bz#1424
  * ssh(1): support "ssh -Q sig" to list supported signature options.
    Also "ssh -Q help" to show the full set of supported queries.
  * ssh(1), sshd(8): add a CASignatureAlgorithms option for the
    client and server configs to allow control over which signature
    formats are allowed for CAs to sign certificates. For example,
    this allows banning CAs that sign certificates using the RSA-SHA1
    signature algorithm.
  * sshd(8), ssh-keygen(1): allow key revocation lists (KRLs) to
    revoke keys specified by SHA256 hash.
  * ssh-keygen(1): allow creation of key revocation lists directly
    from base64-encoded SHA256 fingerprints. This supports revoking
    keys using only the information contained in sshd(8)

OBS-URL: https://build.opensuse.org/request/show/643660
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=159
2018-10-22 09:08:19 +00:00