SHA256
1
0
forked from pool/openssh
Commit Graph

172 Commits

Author SHA256 Message Date
3a77b6ed2a Accepting request 544667 from home:RBrownSUSE:branches:network
Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)

OBS-URL: https://build.opensuse.org/request/show/544667
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=123
2017-11-24 10:22:32 +00:00
Petr Cerny
d83100ae13 Accepting request 539322 from home:pcerny:factory
- upgrade to 7.6p1
  see main package changelog for details

- Update to vanilla 7.6p1
  Most important changes (more details below):
  * complete removal of the ancient SSHv1 protocol
  * sshd(8) cannot run without privilege separation
  * removal of suport for arcfourm blowfish and CAST ciphers
    and RIPE-MD160 HMAC
  * refuse RSA keys shorter than 1024 bits
  Distilled upstream log:
- OpenSSH 7.3
  ---- Security
  * sshd(8): Mitigate a potential denial-of-service attack
    against the system's crypt(3) function via sshd(8). An
    attacker could send very long passwords that would cause
    excessive CPU use in crypt(3). sshd(8) now refuses to accept
    password authentication requests of length greater than 1024
    characters. Independently reported by Tomas Kuthan (Oracle),
    Andres Rojas and Javier Nieto.
  * sshd(8): Mitigate timing differences in password
    authentication that could be used to discern valid from
    invalid account names when long passwords were sent and
    particular password hashing algorithms are in use on the
    server. CVE-2016-6210, reported by EddieEzra.Harari at
    verint.com
  * ssh(1), sshd(8): Fix observable timing weakness in the CBC
    padding oracle countermeasures. Reported by Jean Paul
    Degabriele, Kenny Paterson, Torben Hansen and Martin
    Albrecht. Note that CBC ciphers are disabled by default and

OBS-URL: https://build.opensuse.org/request/show/539322
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=122
2017-11-06 14:50:53 +00:00
c84af5da00 Accepting request 536578 from home:jsegitz:branches:network
- sshd_config is has now permissions 0600 in secure mode

OBS-URL: https://build.opensuse.org/request/show/536578
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=120
2017-10-26 10:23:16 +00:00
Petr Cerny
e8b9919265 Accepting request 500279 from home:pcerny:factory
- Fix preauth seccomp separation on mainframes (bsc#1016709)
  [openssh-7.2p2-s390_hw_crypto_syscalls.patch]
  [openssh-7.2p2-s390_OpenSSL-ibmpkcs11_syscalls.patch]
- enable case-insensitive hostname matching (bsc#1017099)
  [openssh-7.2p2-ssh_case_insensitive_host_matching.patch]
- add CAVS tests 
  [openssh-7.2p2-cavstest-ctr.patch]
  [openssh-7.2p2-cavstest-kdf.patch]
- Adding missing pieces for user matching (bsc#1021626)
- Properly verify CIDR masks in configuration
  (bsc#1005893)
  [openssh-7.2p2-verify_CIDR_address_ranges.patch]
- Remove pre-auth compression support from the server to prevent
  possible cryptographic attacks.
  (CVE-2016-10012, bsc#1016370)
  [openssh-7.2p2-disable_preauth_compression.patch]
- limit directories for loading PKCS11 modules
  (CVE-2016-10009, bsc#1016366)
  [openssh-7.2p2-restrict_pkcs11-modules.patch]
- Prevent possible leaks of host private keys to low-privilege
  process handling authentication
  (CVE-2016-10011, bsc#1016369)
  [openssh-7.2p2-prevent_private_key_leakage.patch]
- Do not allow unix socket forwarding when running without
  privilege separation
  (CVE-2016-10010, bsc#1016368)
  [openssh-7.2p2-secure_unix_sockets_forwarding.patch]
- prevent resource depletion during key exchange
  (bsc#1005480, CVE-2016-8858)
  [openssh-7.2p2-kex_resource_depletion.patch]

OBS-URL: https://build.opensuse.org/request/show/500279
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=117
2017-05-31 23:09:14 +00:00
5829a44f01 Accepting request 459897 from home:elvigia:branches:network
- sshd.service: Set TasksMax=infinity, as there should be
  no limit on the amount of tasks sshd can run.

OBS-URL: https://build.opensuse.org/request/show/459897
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=115
2017-03-01 11:01:26 +00:00
Petr Cerny
6c861e0b33 Accepting request 433779 from home:pcerny:factory
- remaining patches that were still missing
  since the update to 7.2p2 (FATE#319675):
  [openssh-7.2p2-disable_openssl_abi_check.patch]
- fix forwarding with IPv6 addresses in DISPLAY (bnc#847710)
  [openssh-7.2p2-IPv6_X_forwarding.patch]
- ignore PAM environment when using login
  (bsc#975865, CVE-2015-8325)
  [openssh-7.2p2-ignore_PAM_with_UseLogin.patch]
- limit accepted password length (prevents possible DoS)
  (bsc#992533, CVE-2016-6515)
  [openssh-7.2p2-limit_password_length.patch]
- Prevent user enumeration through the timing of password
  processing (bsc#989363, CVE-2016-6210)
  [openssh-7.2p2-prevent_timing_user_enumeration.patch]
- Add auditing for PRNG re-seeding
  [openssh-7.2p2-audit_seed_prng.patch]

OBS-URL: https://build.opensuse.org/request/show/433779
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=113
2016-10-07 15:57:29 +00:00
Petr Cerny
fe873a1c10 Accepting request 432093 from home:pcerny:factory
next round of patches
- allow X forwarding over IPv4 when IPv6 sockets is not available
  [openssh-7.2p2-X_forward_with_disabled_ipv6.patch]
- do not write PID file when not daemonizing
  [openssh-7.2p2-no_fork-no_pid_file.patch]
- use correct options when invoking login
  [openssh-7.2p2-login_options.patch]
- helper application for retrieving users' public keys from
  an LDAP server
  [openssh-7.2p2-ldap.patch]
- allow forcing permissions over sftp
  [openssh-7.2p2-sftp_force_permissions.patch]
- do not perform run-time checks for OpenSSL API/ABI change
  [openssh-7.2p2-disable-openssl-abi-check.patch]
- suggest commands for cleaning known hosts file
  [openssh-7.2p2-host_ident.patch]
- sftp home chroot patch
  [openssh-7.2p2-sftp_homechroot.patch]
- ssh sessions auditing
  [openssh-7.2p2-audit.patch]
- enable seccomp sandbox on additional architectures
  [openssh-7.2p2-additional_seccomp_archs.patch]

OBS-URL: https://build.opensuse.org/request/show/432093
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=112
2016-09-30 20:34:19 +00:00
Petr Cerny
e0d7fb0744 Accepting request 428544 from home:pcerny:factory
- FIPS compatibility (no selfchecks, only crypto restrictions)
  [openssh-7.2p2-fips.patch]
- PRNG re-seeding
  [openssh-7.2p2-seed-prng.patch]
- preliminary version of GSSAPI KEX
  [openssh-7.2p2-gssapi_key_exchange.patch]

OBS-URL: https://build.opensuse.org/request/show/428544
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=110
2016-09-18 23:04:18 +00:00
a412ed9d8d - fixed url, added gpg signature
- added gpg signature and keyring from 
  http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh_gzsig_key.pub

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=108
2016-07-25 13:47:29 +00:00
Petr Cerny
6dac324cb7 Accepting request 407066 from home:pcerny:factory
- enable support for SSHv1 protocol and discourage its usage
  (bsc#983307)
- enable DSA by default for backward compatibility and discourage
  its usage (bsc#983784)
  [openssh-7.2p2-allow_DSS_by_default.patch]

- upgrade to 7.2p2
  upstream package without any SUSE patches
  Distilled upstream log:
- OpenSSH 6.7
  Potentially-incompatible changes:
  * sshd(8): The default set of ciphers and MACs has been
    altered to remove unsafe algorithms. In particular, CBC
    ciphers and arcfour* are disabled by default.
    The full set of algorithms remains available if configured
    explicitly via the Ciphers and MACs sshd_config options.
  * sshd(8): Support for tcpwrappers/libwrap has been removed.
  * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of
    connections using the curve25519-sha256@libssh.org KEX
    exchange method to fail when connecting with something that
    implements the specification correctly. OpenSSH 6.7 disables
    this KEX method when speaking to one of the affected
    versions.
  New Features:
  * ssh(1), sshd(8): Add support for Unix domain socket
    forwarding. A remote TCP port may be forwarded to a local
    Unix domain socket and vice versa or both ends may be a Unix
    domain socket.
  * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for
    ED25519 key types.

OBS-URL: https://build.opensuse.org/request/show/407066
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=107
2016-07-07 07:07:23 +00:00
Petr Cerny
b22c39e677 Accepting request 398992 from home:pcerny:factory
OBS-URL: https://build.opensuse.org/request/show/398992
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=106
2016-05-30 15:53:09 +00:00
Petr Cerny
5093e42eaa Accepting request 398802 from home:pcerny:factory
- upgrade to 7.2p2

- changing license to 2-clause BSD to match source

- enable trusted X11 forwarding by default
  [-X11_trusted_forwarding]
- set UID for lastlog properly [-lastlog]
- enable use of PAM by default [-enable_PAM_by_default]
- copy command line arguments properly [-saveargv-fix]
- do not use pthreads in PAM code [-dont_use_pthreads_in_PAM]
- fix paths in documentation [-eal3]
- prevent race consitions triggered by SIGALRM [-blocksigalrm]
- do send and accept locale environment variables by default
  [-send_locale]
- handle hostnames changes during X forwarding
  [-hostname_changes_when_forwarding_X]
- try to remove xauth cookies on exit
  [-remove_xauth_cookies_on_exit]
- properly format pts names for ?tmp? log files
  [-pts_names_formatting]
- check locked accounts when using PAM [-pam_check_locks]
- chenge default PermitRootLogin to 'yes' to prevent unwanted
  surprises on updates from older versions.
  See README.SUSE for details
  [-allow_root_password_login]
- Disable DH parameters under 2048 bits by default and allow
  lowering the limit back to the RFC 4419 specified minimum
  through an option (bsc#932483, bsc#948902)
  [-disable_short_DH_parameters]
- Add getuid() and stat() syscalls to the seccomp filter

OBS-URL: https://build.opensuse.org/request/show/398802
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=103
2016-05-30 01:36:18 +00:00
Petr Cerny
252ed8ae18 Accepting request 392909 from home:pcerny:factory
fix broken seccomp sandbox

OBS-URL: https://build.opensuse.org/request/show/392909
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=101
2016-04-29 16:34:58 +00:00
13651d3d21 restore factory state, so we can fix bugs.
old stuff is still in the old revisions

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=98
2016-04-06 11:34:51 +00:00
Petr Cerny
c818e705ca bothed update, DO NOT TOUCH UNITL PROPERLY REVIEWED
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=97
2016-02-17 19:00:04 +00:00
Petr Cerny
b83f96744f Accepting request 358392 from home:elvigia:branches:network
- openssh-alloc_size.patch: anotate xmalloc.h with alloc_size
 attribute so the compiler knows these functions allocate memory
 so overflow or misuse can be detected sooner.
- openssh-allow_getrandom.patch; allow the getrandom(2) system
  call in the seccomp sandbox, upstream commit 26ad18247213
- openssh-fix-b64_xx-detection.patch: configure.ac has incorrect
  tests for b64_ntop, b64_pton on linux/glibc.

OBS-URL: https://build.opensuse.org/request/show/358392
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=96
2016-02-10 15:40:35 +00:00
Ismail Dönmez
642f5e8889 Accepting request 354941 from home:scarabeus_iv:branches:network
- Cleanup with spec-cleaner
- Update of the master OpenSSH to 7.1p2

- Take refreshed and updated audit patch from redhat
  * Remove our old patches:
    + openssh-6.6p1-audit1-remove_duplicit_audit.patch
    + openssh-6.6p1-audit2-better_audit_of_user_actions.patch
    + openssh-6.6p1-audit3-key_auth_usage-fips.patch
    + openssh-6.6p1-audit3-key_auth_usage.patch
    + openssh-6.6p1-audit4-kex_results-fips.patch
    + openssh-6.6p1-audit4-kex_results.patch
    + openssh-6.6p1-audit5-session_key_destruction.patch
    + openssh-6.6p1-audit6-server_key_destruction.patch
    + openssh-6.6p1-audit7-libaudit_compat.patch
    + openssh-6.6p1-audit8-libaudit_dns_timeouts.patch
  * add openssh-6.7p1-audit.patch
- Reenable the openssh-6.6p1-ldap.patch
- Update the fips patch from RH build openssh-6.6p1-fips.patch
- Update and refresh openssh-6.6p1-gssapi_key_exchange.patch
- Remove fips-check patch as it is merged to fips patch
  * openssh-6.6p1-fips-checks.patch
- Rebase and enable chroot patch:
  * openssh-6.6p1-sftp_homechroot.patch
- Reenable rebased patch for linux seed:
  * openssh-6.6p1-seed-prng.patch
- Reenable key converting patch:
  * openssh-6.6p1-key-converter.patch

- Version update to 7.1p2:
  * various upstream bugfixes and cleanups

OBS-URL: https://build.opensuse.org/request/show/354941
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=95
2016-01-21 07:28:30 +00:00
Ismail Dönmez
1c5ff2cc6c Accepting request 353717 from home:AndreasStieger:branches:network
Security update for OpenSSH
CVE-2016-0777, bsc#961642, CVE-2016-0778, bsc#961645
https://lists.mindrot.org/pipermail/openssh-unix-announce/2016-January/000124.html

OBS-URL: https://build.opensuse.org/request/show/353717
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=93
2016-01-14 16:36:52 +00:00
d9f8a6a210 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=91 2015-01-12 10:45:13 +00:00
a86956def1 - gpg signature and keyring added.
pub  3200R/6D920D30 2013-12-10 [expires: 2021-01-01]
  uid                            Damien Miller <djm@mindrot.org>
  sub  3200R/672A1105 2013-12-10 [expires: 2021-01-01]

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=90
2015-01-12 10:35:52 +00:00
Petr Cerny
9913e17746 Accepting request 241774 from home:posophe:branches:network
Do not depend on insserv if the package build with systemd support;
  it's useless

OBS-URL: https://build.opensuse.org/request/show/241774
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=84
2014-07-21 16:02:23 +00:00
Petr Cerny
4187c8a645 Accepting request 234473 from home:elvigia:branches:network
- Remove tcpwrappers support now, This feature was removed
  in upstream code at the end of April and the underlying
  libraries are abandonware.
  See: http://comments.gmane.org/gmane.linux.suse.general/348119

OBS-URL: https://build.opensuse.org/request/show/234473
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=82
2014-05-19 10:15:21 +00:00
Petr Cerny
9fb40d132b Accepting request 231427 from home:pcerny:factory
- curve25519 key exchange fix (-curve25519-6.6.1p1.patch)
- patch re-ordering (-audit3-key_auth_usage-fips.patch,
    -audit4-kex_results-fips.patch)

OBS-URL: https://build.opensuse.org/request/show/231427
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=80
2014-04-25 13:11:58 +00:00
Andrey Karepin
4dd2bec462 Accepting request 230928 from home:namtrac:bugfix
- Add fix-curve25519-kex.patch to fix a key-exchange problem
  with curve25519-sha256@libssh.org, see
  http://marc.info/?l=openssh-unix-dev&m=139797807804698&w=2

OBS-URL: https://build.opensuse.org/request/show/230928
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=79
2014-04-24 10:08:13 +00:00
Petr Cerny
5b66f43acd Accepting request 230167 from home:rhafer:branches:network
OBS-URL: https://build.opensuse.org/request/show/230167
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=77
2014-04-15 11:28:24 +00:00
Petr Cerny
efb05e6527 Accepting request 230097 from home:pcerny:factory
- Update of the underlying OpenSSH to 6.6p1

- update to 6.6p1
  Security:
  * sshd(8): when using environment passing with a sshd_config(5)
    AcceptEnv pattern with a wildcard. OpenSSH prior to 6.6 could
    be tricked into accepting any enviornment variable that
    contains the characters before the wildcard character.
  Features since 6.5p1:
  * ssh(1), sshd(8): removal of the J-PAKE authentication code,
    which was experimental, never enabled and has been
    unmaintained for some time.
  * ssh(1): skip 'exec' clauses other clauses predicates failed
    to match while processing Match blocks.
  * ssh(1): if hostname canonicalisation is enabled and results
    in the destination hostname being changed, then re-parse
    ssh_config(5) files using the new destination hostname. This
    gives 'Host' and 'Match' directives that use the expanded
    hostname a chance to be applied.
  Bugfixes:
  * ssh(1): avoid spurious "getsockname failed: Bad file
    descriptor" in ssh -W. bz#2200, debian#738692
  * sshd(8): allow the shutdown(2) syscall in seccomp-bpf and
    systrace sandbox modes, as it is reachable if the connection
    is terminated during the pre-auth phase.
  * ssh(1), sshd(8): fix unsigned overflow that in SSH protocol 1
    bignum parsing. Minimum key length checks render this bug
    unexploitable to compromise SSH 1 sessions.
  * sshd_config(5): clarify behaviour of a keyword that appears
    in multiple matching Match blocks. bz#2184

OBS-URL: https://build.opensuse.org/request/show/230097
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=76
2014-04-14 21:53:01 +00:00
Petr Cerny
5d4cc441c8 Accepting request 226334 from home:pcerny:factory
- re-enabling the GSSAPI Key Exchange patch 
!!! currently breaks anythng else than Factory

OBS-URL: https://build.opensuse.org/request/show/226334
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=72
2014-03-17 02:46:40 +00:00
Petr Cerny
25f021b853 Accepting request 224302 from home:pcerny:factory
- re-enabling FIPS-enablement patch
- enable X11 forwarding when IPv6 is present but disabled on server
  (bnc#712683, FATE#31503; -X_forward_with_disabled_ipv6.patch)

OBS-URL: https://build.opensuse.org/request/show/224302
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=70
2014-03-01 00:05:55 +00:00
Petr Cerny
f2774839fb Accepting request 222710 from home:pcerny:factory
- re-enabling the seccomp sandbox
  (allowing use of getuid the syscall)

OBS-URL: https://build.opensuse.org/request/show/222710
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=66
2014-02-18 13:04:57 +00:00
Petr Cerny
eedbb4ea75 Accepting request 222560 from home:pcerny:factory
- reverting to rlimit sandbox even for newer distributions, since
  it seems not to work properly (bnc#864171)

OBS-URL: https://build.opensuse.org/request/show/222560
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=65
2014-02-17 11:31:08 +00:00
Petr Cerny
08f9072513 Accepting request 222365 from home:pcerny:factory
- Update of the underlying OpenSSH to 6.5p1

- Update to 6.5p1
  Features since 6.4p1:
  * ssh(1), sshd(8): support for key exchange using ECDH in
    Daniel Bernstein's Curve25519; default when both the client
    and server support it.
  * ssh(1), sshd(8): support for Ed25519 as a public key type fo
    rboth server and client.  Ed25519 is an EC signature offering
    better security than ECDSA and DSA and good performance.
  * Add a new private key format that uses a bcrypt KDF to better
    protect keys at rest. Used unconditionally for Ed25519 keys,
    on demand for other key types via the -o ssh-keygen(1)
    option.  Intended to become default in the near future.
    Details documented in PROTOCOL.key.
  * ssh(1), sshd(8): new transport cipher
    "chacha20-poly1305@openssh.com" combining Daniel Bernstein's
    ChaCha20 stream cipher and Poly1305 MAC to build an
    authenticated encryption mode. Details documented
    PROTOCOL.chacha20poly1305.
  * ssh(1), sshd(8): refuse RSA keys from old proprietary clients
    and servers that use the obsolete RSA+MD5 signature scheme.
    It will still be possible to connect with these
    clients/servers but only DSA keys will be accepted, and
    OpenSSH will refuse connection entirely in a future release.
  * ssh(1), sshd(8): refuse old proprietary clients and servers
    that use a weaker key exchange hash calculation.
  * ssh(1): increase the size of the Diffie-Hellman groups
    requested for each symmetric key size. New values from NIST
    Special Publication 800-57 with the upper limit specified by

OBS-URL: https://build.opensuse.org/request/show/222365
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=63
2014-02-14 14:54:10 +00:00
e282a93fa2 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=61 2014-02-11 08:14:43 +00:00
db5db0c1c2 - add a rcsshd symlink to /usr/sbin/service
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=60
2014-02-11 07:43:47 +00:00
7d3e25f02e Accepting request 221224 from home:namtrac:bugfix
- Add openssh-6.2p1-forcepermissions.patch to implement a force
  permissions mode (fate#312774). The patch is based on
  http://marc.info/?l=openssh-unix-dev&m=128896838930893

OBS-URL: https://build.opensuse.org/request/show/221224
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=59
2014-02-08 10:47:01 +00:00
Petr Cerny
712ccf3395 Accepting request 220466 from home:pcerny:factory
- Update of the underlying OpenSSH to 6.4p1

- Update to 6.4p1
  Features since 6.2p2:
  * ssh-agent(1) support in sshd(8); allows encrypted hostkeys, or
    hostkeys on smartcards.
  * ssh(1)/sshd(8): allow optional time-based rekeying via a
    second argument to the existing RekeyLimit option. RekeyLimit
    is now supported in sshd_config as well as on the client.
  * sshd(8): standardise logging of information during user
    authentication.
  * The presented key/cert and the remote username (if available)
    is now logged in the authentication success/failure message on
    the same log line as the local username, remote host/port and
    protocol in use.  Certificates contents and the key
    fingerprint of the signing CA are logged too.
  * ssh(1) ability to query what cryptographic algorithms are
    supported in the binary.
  * ssh(1): ProxyCommand=- for cases where stdin and stdout
    already point to the proxy.
  * ssh(1): allow IdentityFile=none
  * ssh(1)/sshd(8): -E option to append debugging logs to a
    specified file instead of stderr or syslog.
  * sftp(1): support resuming partial downloads with the "reget"
    command and on the sftp commandline or on the "get"
    commandline with the "-a" (append) option.
  * ssh(1): "IgnoreUnknown" configuration option to selectively
    suppress errors arising from unknown configuration directives.
  * sshd(8): support for submethods to be appended to required
    authentication methods listed via AuthenticationMethods.

OBS-URL: https://build.opensuse.org/request/show/220466
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=58
2014-01-31 12:18:41 +00:00
Petr Cerny
6fccab223a Accepting request 202452 from home:pcerny:factory
- fix server crashes when using AES-GCM
- removed superfluous build dependency on X

OBS-URL: https://build.opensuse.org/request/show/202452
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=57
2013-10-07 08:32:48 +00:00
Petr Cerny
673551b2c9 Accepting request 199729 from home:pcerny:factory
- spec file and patch cleanup
- patches from SLE11
- init script is moved into documentation for openSUSE 12.3+

OBS-URL: https://build.opensuse.org/request/show/199729
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=56
2013-09-19 13:51:33 +00:00
Petr Cerny
6cd875acfc Accepting request 199679 from home:pcerny:factory
- spec file cleanup (don't pointelssly build whole OpenSSH)

- spec file and patch cleanup
  * removing obsoleted auditing patch
    (openssh-%{version}-audit.patch)
- added patches from SLE
  * GSSAPI key exchange
  * FIPS enablement (currently disabled)
  * small bugfixes 
- split the LDAP helper into a separate package: openssh-akc-ldap

OBS-URL: https://build.opensuse.org/request/show/199679
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=55
2013-09-19 04:09:33 +00:00
616ae5907d Accepting request 185789 from home:elvigia:branches:network
- Update for 6.2p2 

- Update to version 6.2p2 
* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption
* ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes
* ssh(1)/sshd(8): Added support for the UMAC-128 MAC
* sshd(8): Added support for multiple required authentication
* sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists
* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
  now immediately sends its SSH protocol banner to the server without
  waiting to receive the server's banner, saving time when connecting.
* dozens of other changes, see http://www.openssh.org/txt/release-6.2

OBS-URL: https://build.opensuse.org/request/show/185789
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=51
2013-08-05 07:15:19 +00:00
d3a2cdd766 Accepting request 181706 from openSUSE:Factory:Core
- avoid the build cycle between curl, krb5, libssh2_org and openssh
  by using krb5-mini-devel

OBS-URL: https://build.opensuse.org/request/show/181706
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=49
2013-07-02 08:17:10 +00:00
16b13adda2 Accepting request 179643 from home:saschpe:branches:network
- Recommend xauth, X11-forwarding won't work if it is not installed

OBS-URL: https://build.opensuse.org/request/show/179643
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=47
2013-06-19 14:31:43 +00:00
Petr Cerny
892194f58f Accepting request 147497 from home:dirkmueller:branches:network
- use ssh-keygen(1) default keylengths in generating the host key
  instead of hardcoding it

OBS-URL: https://build.opensuse.org/request/show/147497
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=44
2013-01-08 10:22:21 +00:00
41221d925c - Updated to 6.1p1, a bugfix release
Features:
 * sshd(8): This release turns on pre-auth sandboxing sshd by default for
   new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
 * ssh-keygen(1): Add options to specify starting line number and number of
   lines to process when screening moduli candidates, allowing processing
   of different parts of a candidate moduli file in parallel
 * sshd(8): The Match directive now supports matching on the local (listen)
   address and port upon which the incoming connection was received via
   LocalAddress and LocalPort clauses.
 * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
   and {Allow,Deny}{Users,Groups}
 * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
 * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
 * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
   an argument to refuse all port-forwarding requests.
 * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
 * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
 * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
   to append some arbitrary text to the server SSH protocol banner.
 Bugfixes:
 * ssh(1)/sshd(8): Don't spin in accept() in situations of file
   descriptor exhaustion. Instead back off for a while.
 * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
   they were removed from the specification. bz#2023,
 * sshd(8): Handle long comments in config files better. bz#2025
 * ssh(1): Delay setting tty_flag so RequestTTY options are correctly
   picked up. bz#1995
 * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
   on platforms that use login_cap.

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=42
2012-11-13 10:50:53 +00:00
22f435a6cb Accepting request 141090 from home:kukuk:branches:network
- Fix groupadd arguments
- Add LSB tag to sshd init script

OBS-URL: https://build.opensuse.org/request/show/141090
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=41
2012-11-13 10:18:36 +00:00
b4cc1b8406 Accepting request 139460 from home:coolo:branches:openSUSE:Factory
- explicit buildrequire groff, needed for man pages

OBS-URL: https://build.opensuse.org/request/show/139460
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=39
2012-10-26 23:00:00 +00:00
Petr Cerny
8c5df33063 Accepting request 138920 from openSUSE:Factory:Staging:Systemd
buildrequire systemd through pkgconfig to break cycle

OBS-URL: https://build.opensuse.org/request/show/138920
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=37
2012-10-21 21:45:27 +00:00
Petr Cerny
f948d6768b Accepting request 130946 from home:elvigia:branches:network
- When not daemonizing, such is used with systemd, no not
 create a PID file

OBS-URL: https://build.opensuse.org/request/show/130946
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=35
2012-08-16 12:55:50 +00:00
c0682a3f4e Accepting request 125376 from home:coolo:branches:openSUSE:Factory
fixup the previous SR

OBS-URL: https://build.opensuse.org/request/show/125376
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=31
2012-06-19 07:08:12 +00:00
7e403aa536 Accepting request 125300 from home:coolo:branches:openSUSE:Factory
- do not buildrequire xorg-x11, the askpass is an extra package
  and should build from a different package

OBS-URL: https://build.opensuse.org/request/show/125300
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=30
2012-06-18 15:59:54 +00:00
517f6527d0 - use correct tarball url
- update to 6.0p1.

- use correct download url and tarball format.

OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=28
2012-05-29 07:15:29 +00:00
9d7406f5e6 Accepting request 122649 from home:elvigia:branches:network
- Update to version 6.0, large list of changes, seen
  http://www.openssh.org/txt/release-6.0 for detail.

OBS-URL: https://build.opensuse.org/request/show/122649
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=27
2012-05-29 07:11:57 +00:00
0c4ab9d007 Accepting request 120648 from home:elvigia:branches:network
- By default openSSH checks at *runtime* if the openssl 
  API version matches with the running library, that might
  be good if you are compiling SSH yourself but it is a totally
  insane way to check for binary/source compatibility in a distribution.

OBS-URL: https://build.opensuse.org/request/show/120648
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=25
2012-05-16 22:21:36 +00:00
7385d7e1a1 Accepting request 105960 from home:msmeissn:branches:network
fix build with new x11

OBS-URL: https://build.opensuse.org/request/show/105960
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=21
2012-02-20 15:20:42 +00:00
Stephan Kulow
4095c0743d Accepting request 98019 from home:aljex
Fix building for openSUSE targets back to 10.2

OBS-URL: https://build.opensuse.org/request/show/98019
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=19
2011-12-26 07:09:33 +00:00
Petr Cerny
5a09a92856 Accepting request 97537 from home:coolo:removeautoconf
add autoconf to buildrequires

OBS-URL: https://build.opensuse.org/request/show/97537
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=18
2011-12-21 17:59:28 +00:00
Minh Ngo
2401590e48 Accepting request 94377 from home:elvigia:branches:network
- Add systemd startup units

OBS-URL: https://build.opensuse.org/request/show/94377
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=16
2011-11-29 19:55:10 +00:00
Petr Cerny
e4e9974691 Accepting request 89778 from home:pcerny:factory
- finalising libexecdir change (bnc#726712)

OBS-URL: https://build.opensuse.org/request/show/89778
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=15
2011-11-02 15:44:39 +00:00
Petr Cerny
5a89c49d11 Accepting request 88642 from home:pcerny:factory
- Update to 5.9p1 
  * sandboxing privsep child through rlimit
- spec files and sources cleanup
- removed bogus key size from init script

OBS-URL: https://build.opensuse.org/request/show/88642
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=14
2011-10-19 02:18:13 +00:00
Pavol Rusnak
2f1296c7be Accepting request 86032 from home:jengelh:dev
- Avoid overriding libexecdir with %_lib (bnc#712025)
- Clean up the specfile by request of Minh Ngo, details entail:
* remove norootforbuild comments, redundant %clean section
* run spec-beautifier over it
- Add PIEFLAGS to compilation of askpass; fails otherwise

OBS-URL: https://build.opensuse.org/request/show/86032
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=12
2011-10-05 12:14:43 +00:00
fc3180d72b Accepting request 80152 from home:elvigia:branches:network
-  Update to verison 5.8p2
* Fixed vuln in systems without dev/random, we arenot affected
* Fixes problems building with selinux enabled
- Fix build with as-needed and no-add-needed

- Enable libedit/autocompletion support in sftp

OBS-URL: https://build.opensuse.org/request/show/80152
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=10
2011-09-07 15:50:44 +00:00
Petr Cerny
9810ecd029 Accepting request 69985 from home:msmeissn:branches:network
bump hostkey length to 2048

OBS-URL: https://build.opensuse.org/request/show/69985
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=9
2011-05-10 15:21:03 +00:00
Petr Cerny
ceda754f5a Accepting request 60057 from home:leonardocf:branches:network
reviewed ok.

OBS-URL: https://build.opensuse.org/request/show/60057
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=7
2011-02-04 13:58:22 +00:00
Petr Cerny
5920438cad Accepting request 60035 from home:pcerny:factory
reviewed ok.

OBS-URL: https://build.opensuse.org/request/show/60035
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=6
2011-02-04 10:44:51 +00:00
OBS User buildservice-autocommit
397970d96a Updating link to change in openSUSE:Factory/openssh revision 63.0
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=863b93373a19919c5385d950bb98b64d
2011-02-01 14:14:14 +00:00
2e210d7ee3 Accepting request 59094 from home:leonardocf:branches:network
ok

OBS-URL: https://build.opensuse.org/request/show/59094
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=4
2011-01-31 12:24:57 +00:00
472cc02d40 Autobuild autoformatter for 57969
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=61
2011-01-14 00:30:34 +00:00
09facd80d7 Accepting request 57969 from network
Accepted submit request 57969 from user sbrabec

OBS-URL: https://build.opensuse.org/request/show/57969
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=60
2011-01-14 00:30:23 +00:00
OBS User autobuild
66514a0bd2 Autobuild autoformatter for 53420
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=59
2010-11-20 10:18:32 +00:00
Ruediger Oertel
6c0991dbec Accepting request 53420 from Base:System
Accepted submit request 53420 from user coolo

OBS-URL: https://build.opensuse.org/request/show/53420
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=58
2010-11-20 10:18:22 +00:00
OBS User autobuild
1a78120503 Autobuild autoformatter for 53215
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=57
2010-11-18 16:45:17 +00:00
Ruediger Oertel
17c1bf6665 Accepting request 53215 from Base:System
Accepted submit request 53215 from user dirkmueller

OBS-URL: https://build.opensuse.org/request/show/53215
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=56
2010-11-18 16:45:04 +00:00
OBS User autobuild
565357ab42 Autobuild autoformatter for 51975
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=55
2010-11-02 15:08:10 +00:00
Ruediger Oertel
13568cee32 Accepting request 51975 from Base:System
Accepted submit request 51975 from user coolo

OBS-URL: https://build.opensuse.org/request/show/51975
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=54
2010-11-02 15:07:59 +00:00
OBS User autobuild
fbd21c05cb Autobuild autoformatter for 51843
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=53
2010-11-02 10:02:43 +00:00
Ruediger Oertel
7548ab4bcf Accepting request 51843 from Base:System
Accepted submit request 51843 from user coolo

OBS-URL: https://build.opensuse.org/request/show/51843
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=52
2010-11-02 10:02:35 +00:00
OBS User autobuild
5dd9e157a3 Autobuild autoformatter for 50922
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=51
2010-10-19 00:34:41 +00:00
Ruediger Oertel
f00ece6b77 Accepting request 50922 from Base:System
Accepted submit request 50922 from user elvigia

OBS-URL: https://build.opensuse.org/request/show/50922
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=50
2010-10-19 00:34:35 +00:00
OBS User autobuild
ca1293e43d Accepting request 48012 from Base:System
Copy from Base:System/openssh based on submit request 48012 from user anicka

OBS-URL: https://build.opensuse.org/request/show/48012
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=49
2010-09-17 19:02:24 +00:00
OBS User autobuild
90410f9370 Accepting request 46105 from Base:System
Copy from Base:System/openssh based on submit request 46105 from user anicka

OBS-URL: https://build.opensuse.org/request/show/46105
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=48
2010-08-24 15:31:11 +00:00
OBS User autobuild
df40408f27 Accepting request 43758 from Base:System
Copy from Base:System/openssh based on submit request 43758 from user anicka

OBS-URL: https://build.opensuse.org/request/show/43758
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=47
2010-07-23 15:15:47 +00:00
OBS User autobuild
18941a2fa0 Accepting request 42332 from Base:System
Copy from Base:System/openssh based on submit request 42332 from user msmeissn

OBS-URL: https://build.opensuse.org/request/show/42332
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=44
2010-07-02 13:50:25 +00:00
OBS User autobuild
a1ec7168a9 Accepting request 40508 from Base:System
Copy from Base:System/openssh based on submit request 40508 from user prusnak

OBS-URL: https://build.opensuse.org/request/show/40508
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=43
2010-05-25 09:02:50 +00:00
OBS User autobuild
9ad30c5bed Accepting request 40041 from Base:System
Copy from Base:System/openssh based on submit request 40041 from user anicka

OBS-URL: https://build.opensuse.org/request/show/40041
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=42
2010-05-14 22:29:46 +00:00
OBS User autobuild
26b9ced252 Accepting request 38569 from Base:System
Copy from Base:System/openssh based on submit request 38569 from user anicka

OBS-URL: https://build.opensuse.org/request/show/38569
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=41
2010-04-23 17:29:33 +00:00
OBS User autobuild
0dd322b228 Accepting request 35865 from Base:System
Copy from Base:System/openssh based on submit request 35865 from user dirkmueller

OBS-URL: https://build.opensuse.org/request/show/35865
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=40
2010-03-31 17:31:53 +00:00
OBS User autobuild
c1af9ee4bd Accepting request 35778 from Base:System
Copy from Base:System/openssh based on submit request 35778 from user anicka

OBS-URL: https://build.opensuse.org/request/show/35778
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=39
2010-03-26 15:29:14 +00:00
OBS User autobuild
3ef1aa95e8 Accepting request 33756 from Base:System
Copy from Base:System/openssh based on submit request 33756 from user coolo

OBS-URL: https://build.opensuse.org/request/show/33756
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=37
2010-03-05 01:24:21 +00:00
OBS User autobuild
fa8733f484 Accepting request 33622 from Base:System
Copy from Base:System/openssh based on submit request 33622 from user prusnak

OBS-URL: https://build.opensuse.org/request/show/33622
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=36
2010-03-01 00:45:43 +00:00
OBS User autobuild
4b71b83bf7 Accepting request 33253 from Base:System
Copy from Base:System/openssh based on submit request 33253 from user anicka

OBS-URL: https://build.opensuse.org/request/show/33253
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=35
2010-02-25 13:23:54 +00:00
OBS User autobuild
a8b412a80b Accepting request 27417 from Base:System
Copy from Base:System/openssh based on submit request 27417 from user coolo

OBS-URL: https://build.opensuse.org/request/show/27417
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=34
2009-12-26 12:41:05 +00:00
OBS User autobuild
15cde4354f Accepting request 20661 from Base:System
Copy from Base:System/openssh based on submit request 20661 from user anicka

OBS-URL: https://build.opensuse.org/request/show/20661
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=32
2009-09-21 19:22:05 +00:00
OBS User autobuild
0a76e8dc3a Accepting request 19015 from Base:System
Copy from Base:System/openssh based on submit request 19015 from user coolo

OBS-URL: https://build.opensuse.org/request/show/19015
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=31
2009-08-27 22:21:56 +00:00
OBS User unknown
f38f3e98f9 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=30 2009-07-13 15:22:50 +00:00
OBS User unknown
bfe38b6150 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=29 2009-07-09 11:58:30 +00:00
OBS User unknown
846c68acde OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=28 2009-06-20 00:04:30 +00:00
OBS User unknown
694477d5ac OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=27 2009-06-10 13:25:29 +00:00
OBS User unknown
bd9036b983 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=26 2009-05-28 01:01:29 +00:00
OBS User unknown
608c9a76d0 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=25 2009-03-03 21:42:45 +00:00
OBS User unknown
95f0239801 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=24 2008-12-03 15:31:18 +00:00
OBS User unknown
05815be1c0 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=23 2008-11-17 16:40:56 +00:00