forked from pool/openssh
1110 lines
38 KiB
Plaintext
1110 lines
38 KiB
Plaintext
-------------------------------------------------------------------
|
|
Wed Dec 5 10:45:36 CET 2007 - anicka@suse.cz
|
|
|
|
- update to 4.7p1
|
|
* Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
|
|
GSSAPIDelegateCredentials=yes. This is symmetric with -k
|
|
* make scp try to skip FIFOs rather than blocking when nothing is
|
|
listening.
|
|
* increase default channel windows
|
|
* put the MAC list into a display
|
|
* many bugfixes
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 8 16:34:06 CEST 2007 - anicka@suse.cz
|
|
|
|
- block SIGALRM only during calling syslog() [#331032]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 13 15:50:39 CEST 2007 - nadvornik@suse.cz
|
|
|
|
- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 28 18:25:57 CEST 2007 - anicka@suse.cz
|
|
|
|
- fix blocksigalrm patch to set old signal mask after
|
|
writing the log in every case [#304819]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 21 04:51:45 CEST 2007 - anicka@suse.cz
|
|
|
|
- avoid generating ssh keys when a non-standard location
|
|
is configured [#281228]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 25 16:18:50 CEST 2007 - anicka@suse.cz
|
|
|
|
- fixed typo in sshd.fw [#293764]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 19 19:14:26 CET 2007 - nadvornik@suse.cz
|
|
|
|
- fixed default for ChallengeResponseAuthentication [#255374]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 12 10:56:31 CET 2007 - anicka@suse.cz
|
|
|
|
- update to 4.6p1
|
|
* sshd now allows the enabling and disabling of authentication
|
|
methods on a per user, group, host and network basis via the
|
|
Match directive in sshd_config.
|
|
* Allow multiple forwarding options to work when specified in a
|
|
PermitOpen directive
|
|
* Clear SIGALRM when restarting due to SIGHUP. Prevents stray
|
|
signal from taking down sshd if a connection was pending at
|
|
the time SIGHUP was received
|
|
* hang on exit" when background processes are running at the
|
|
time of exit on a ttyful/login session
|
|
* some more bugfixes
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 5 11:03:41 CET 2007 - anicka@suse.cz
|
|
|
|
- fix path for firewall definition
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 1 15:14:23 CET 2007 - anicka@suse.cz
|
|
|
|
- add support for Linux audit (FATE #120269)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 21 11:21:48 CET 2007 - anicka@suse.cz
|
|
|
|
- add firewall definition [#246921], FATE #300687,
|
|
source: sshd.fw
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jan 6 12:30:16 CET 2007 - anicka@suse.cz
|
|
|
|
- disable SSHv1 protocol in default configuration [#231808]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 12 14:41:45 CET 2006 - anicka@suse.cz
|
|
|
|
- update to 4.5p1
|
|
* Use privsep_pw if we have it, but only require it if we
|
|
absolutely need it.
|
|
* Correctly check for bad signatures in the monitor, otherwise
|
|
the monitor and the unpriv process can get out of sync.
|
|
* Clear errno before calling the strtol functions.
|
|
* exit instead of doing a blocking tcp send if we detect
|
|
a client/server timeout, since the tcp sendqueue might
|
|
be already full (of alive requests)
|
|
* include signal.h, errno.h, sys/in.h
|
|
* some more bugfixes
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Nov 22 13:42:32 CET 2006 - anicka@suse.cz
|
|
|
|
- fixed README.SuSE [#223025]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 9 13:59:35 CET 2006 - anicka@suse.cz
|
|
|
|
- backport security fixes from openssh 4.5 (#219115)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 7 13:43:44 CET 2006 - ro@suse.de
|
|
|
|
- fix manpage permissions
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 31 14:04:52 CET 2006 - anicka@suse.cz
|
|
|
|
- fix gssapi_krb5-fix patch [#215615]
|
|
- fix xauth patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 10 16:07:11 CEST 2006 - postadal@suse.cz
|
|
|
|
- fixed building openssh from src.rpm [#176528] (gssapi_krb5-fix.patch)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 3 14:44:08 CEST 2006 - postadal@suse.cz
|
|
|
|
- updated to version 4.4p1 [#208662]
|
|
* fixed pre-authentication DoS, that would cause sshd(8) to spin
|
|
until the login grace time expired
|
|
* fixed unsafe signal hander, which was vulnerable to a race condition
|
|
that could be exploited to perform a pre-authentication DoS
|
|
* fixed a GSSAPI authentication abort that could be used to determine
|
|
the validity of usernames on some platforms
|
|
* implemented conditional configuration in sshd_config(5) using the
|
|
"Match" directive
|
|
* added support for Diffie-Hellman group exchange key agreement with a
|
|
final hash of SHA256
|
|
* added a "ForceCommand", "PermitOpen" directive to sshd_config(5)
|
|
* added optional logging of transactions to sftp-server(8)
|
|
* ssh(1) will now record port numbers for hosts stored in
|
|
~/.ssh/authorized_keys when a non-standard port has been requested
|
|
* added an "ExitOnForwardFailure" option to cause ssh(1) to exit (with
|
|
a non-zero exit code) when requested port forwardings could not be
|
|
established
|
|
* extended sshd_config(5) "SubSystem" declarations to allow the
|
|
specification of command-line arguments
|
|
- removed obsoleted patches: autoconf-fix.patch, dos-fix.patch
|
|
- fixed gcc issues (gcc-fix.patch)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 20 17:34:54 CEST 2006 - postadal@suse.cz
|
|
|
|
- fixed DoS by CRC compensation attack detector [#206917] (dos-fix.patch)
|
|
- fixed client NULL deref on protocol error
|
|
- cosmetic fix in init script [#203826]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 1 14:14:52 CEST 2006 - kukuk@suse.de
|
|
|
|
- sshd.pamd: Add pam_loginuid, move pam_nologin to a better position
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 25 15:37:46 CEST 2006 - postadal@suse.cz
|
|
|
|
- fixed path for xauth [#198676]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 3 15:07:41 CEST 2006 - postadal@suse.cz
|
|
|
|
- fixed build with X11R7
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 20 17:25:27 CEST 2006 - postadal@suse.cz
|
|
|
|
- updated to version 4.3p2
|
|
* experimental support for tunneling network packets via tun(4)
|
|
- removed obsoleted patches: pam-error.patch, CVE-2006-0225.patch,
|
|
scp.patch, sigalarm.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 13 12:54:28 CET 2006 - postadal@suse.cz
|
|
|
|
- upstream fixes
|
|
- fixed "scp a b c", when c is not directory (scp.patch)
|
|
- eliminate some code duplicated in privsep and non-privsep paths, and
|
|
explicitly clear SIGALRM handler (sigalarm.patch)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 3 19:02:49 CET 2006 - postadal@suse.cz
|
|
|
|
- fixed local arbitrary command execution vulnerability [#143435]
|
|
(CVE-2006-0225.patch)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 2 13:19:41 CET 2006 - postadal@suse.cz
|
|
|
|
- fixed xauth.diff for disabled UsePrivilegeSeparation mode [#145809]
|
|
- build on s390 without Smart card support (opensc) [#147383]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 30 16:25:01 CET 2006 - postadal@suse.cz
|
|
|
|
- fixed patch xauth.diff [#145809]
|
|
- fixed comments [#142989]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 25 21:39:06 CET 2006 - mls@suse.de
|
|
|
|
- converted neededforbuild to BuildRequires
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 16 18:05:44 CET 2006 - meissner@suse.de
|
|
|
|
- added -fstack-protector.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 3 15:46:33 CET 2006 - postadal@suse.cz
|
|
|
|
- updated to version 4.2p1
|
|
- removed obsoleted patches: upstream_fixes.diff, gssapi-secfix.patch
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Nov 15 17:51:07 CET 2005 - postadal@suse.cz
|
|
|
|
- do not delegate GSSAPI credentials to log in with a different method
|
|
than GSSAPI [#128928] (CAN-2005-2798, gssapi-secfix.patch)
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Oct 23 10:40:24 CEST 2005 - postadal@suse.cz
|
|
|
|
- fixed PAM to send authentication failing mesaage to client [#130043]
|
|
(pam-error.patch)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 14 16:58:14 CEST 2005 - postadal@suse.cz
|
|
|
|
- fixed uninitialized variable in patch xauth.diff [#98815]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 8 15:56:37 CEST 2005 - postadal@suse.cz
|
|
|
|
- don't strip
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 5 20:04:04 CEST 2005 - postadal@suse.cz
|
|
|
|
- added patch xauth.diff prevent from polluting xauthority file [#98815]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 22 18:12:20 CEST 2005 - postadal@suse.cz
|
|
|
|
- fixed problem when multiple accounts have same UID [#104773]
|
|
(pwname-home.diff)
|
|
- added fixes from upstream (upstream_fixes.diff)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 18 17:50:46 CEST 2005 - postadal@suse.cz
|
|
|
|
- added patch tmpdir.diff for using $TMPDIR by ssh-agent [#95731]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 4 11:29:38 CEST 2005 - uli@suse.de
|
|
|
|
- parallelize build
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 1 17:48:02 CEST 2005 - postadal@suse.cz
|
|
|
|
- added patch resolving problems with hostname changes [#98627]
|
|
(xauthlocalhostname.diff)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 22 18:42:57 CEST 2005 - kukuk@suse.de
|
|
|
|
- Compile/link with -fpie/-pie
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 15 17:41:24 CEST 2005 - meissner@suse.de
|
|
|
|
- build x11-ask-pass with RPM_OPT_FLAGS.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 10 16:18:25 CEST 2005 - postadal@suse.cz
|
|
|
|
- updated to version 4.1p1
|
|
- removed obsoleted patches: restore_terminal, pam-returnfromsession,
|
|
timing-attacks-fix, krb5ccname, gssapi-pam, logdenysource,
|
|
sendenv-fix, documentation-fix
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 10 10:36:42 CET 2005 - postadal@suse.cz
|
|
|
|
- fixed SendEnv config parsing bug
|
|
- documented timeout on untrusted x11 forwarding sessions (openssh#849)
|
|
- mentioned ForwardX11Trusted in ssh.1 (openssh#987)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 3 13:29:13 CET 2005 - postadal@suse.cz
|
|
|
|
- enabled accepting and sending locale environment variables in protocol 2
|
|
[#65747, #50091]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 24 16:33:54 CET 2005 - postadal@suse.cz
|
|
|
|
- added patches from cvs: gssapi-pam (openssh#918),
|
|
krb5ccname (openssh#445), logdenysource (openssh#909)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 3 13:29:23 CET 2005 - postadal@suse.cz
|
|
|
|
- fixed keyboard-interactive/pam/Kerberos leaks info about user existence
|
|
[#48329] (openssh#971, CAN-2003-0190)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 19 15:58:07 CET 2005 - postadal@suse.cz
|
|
|
|
- splited spec file to decreas number of build dependencies
|
|
- fixed restoring terminal setting after Ctrl+C during password prompt in scp/sftp [#43309]
|
|
- allowed users to see output from failing PAM session modules (openssh #890,
|
|
pam-returnfromsession.patch)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 8 17:17:45 CET 2004 - kukuk@suse.de
|
|
|
|
- Use common-* PAM config files for sshd PAM configuration
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Oct 25 15:14:49 CEST 2004 - postadal@suse.cz
|
|
|
|
- switched heimdal-* to kerberos-devel-packages in #needforbuild
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 3 15:03:01 CEST 2004 - ro@suse.de
|
|
|
|
- fix lib64 issue
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 31 16:03:54 CEST 2004 - postadal@suse.cz
|
|
|
|
- updated to version 3.9p1
|
|
|
|
- removed obsoleted patches: scp-fix.diff and window_change-fix.diff
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 26 15:40:53 CEST 2004 - postadal@suse.cz
|
|
|
|
- added openssh-askpass-gnome subpackage
|
|
- added ssh-askpass script for choosing askpass depending on windowmanager
|
|
(by Robert Love <rml@novell.com>)
|
|
- build with Smart card support (opensc) [#44289]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 17 15:52:20 CEST 2004 - postadal@suse.cz
|
|
|
|
- removed old implementation of "Update Messages" [#36059]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 12 16:36:53 CEST 2004 - postadal@suse.cz
|
|
|
|
- updated to version 3.8p1
|
|
|
|
- removed obsoleted patches: sftp-progress-fix and pam-fix4
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 28 16:56:23 CEST 2004 - meissner@suse.de
|
|
|
|
- block sigalarm during syslog output or we might deadlock
|
|
on recursively entering syslog(). (LTC#9523, SUSE#42354)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed May 26 15:27:32 CEST 2004 - postadal@suse.cz
|
|
|
|
- fixed commented default value for GSSAPI
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 20 21:23:27 CEST 2004 - mludvig@suse.cz
|
|
|
|
- Load drivers for available hardware crypto accelerators.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 30 15:03:39 CEST 2004 - postadal@suse.cz
|
|
|
|
- updated README.kerberos (GSSAPICleanupCreds renamed to GSSAPICleanupCredentials)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 19 14:41:01 CEST 2004 - postadal@suse.cz
|
|
|
|
- updated README.SuSE (GSSAPICleanupCreds renamed to GSSAPICleanupCredentials)
|
|
[#39010]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 26 17:24:45 CET 2004 - postadal@suse.cz
|
|
|
|
- fixed sshd(8) and sshd_config(5) man pages (EAL3)
|
|
- fixed spelling errors in README.SuSE [#37086]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 25 14:50:50 CET 2004 - postadal@suse.cz
|
|
|
|
- fixed change window request [#33177]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 22 15:19:15 CET 2004 - postadal@suse.cz
|
|
|
|
- updated README.SuSE
|
|
- removed %verify from /usr/bin/ssh in specfile
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 18 15:48:52 CET 2004 - postadal@suse.cz
|
|
|
|
- fixed previous fix of security bug in scp [#35443] (CAN-2004-0175)
|
|
(was too restrictive)
|
|
- fixed permission of /usr/bin/ssh
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 15 17:56:06 CET 2004 - postadal@suse.cz
|
|
|
|
- fixed comments in sshd_config and ssh_config
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 15 17:25:08 CET 2004 - postadal@suse.cz
|
|
|
|
- enabled privilege separation mode (new version fixes a lot of problematic PAM
|
|
calling [#30328])
|
|
- fixed security bug in scp [#35443] (CAN-2004-0175)
|
|
- reverted to old behaviour of ForwardingX11 [#35836]
|
|
(set ForwardX11Trusted to 'yes' by default)
|
|
- updated README.SuSE
|
|
- fixed pam code (pam-fix4.diff, backported from openssh-SNAP-20040311)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 05 13:10:55 CET 2004 - postadal@suse.cz
|
|
|
|
- updated README.SuSE (Remote x11 clients are now untrusted by default) [#35368]
|
|
- added gssapimitm patch (support for old GSSAPI)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 01 18:13:37 CET 2004 - postadal@suse.cz
|
|
|
|
- updated to version 3.8p1
|
|
* The "gssapi" support has been replaced with the "gssapi-with-mic"
|
|
to fix possible MITM attacks. These two versions are not compatible.
|
|
|
|
- removed obsoleted patches: krb5.patch, dns-lookups.patch, pam-fix.diff,
|
|
pam-end-fix.diff
|
|
- used process forking instead pthreads
|
|
(developers fixed bugs in pam calling and they recommended to don't use threads)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 24 11:37:17 CET 2004 - postadal@suse.cz
|
|
|
|
- fixed the problem with save_argv in sshd.c re-apeared again in version 3.7.1p2
|
|
(it caused bad behaviour after receiving SIGHUP - used by reload of init script)
|
|
[#34845]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 18 18:06:20 CET 2004 - kukuk@suse.de
|
|
|
|
- Real strict-aliasing patch
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 18 16:04:17 CET 2004 - postadal@suse.cz
|
|
|
|
- fixed strict-aliasing patch [#34551]
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Feb 14 00:20:09 CET 2004 - adrian@suse.de
|
|
|
|
- provide SLP registration file /etc/slp.reg.d/ssh.reg
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 03 15:18:36 CET 2004 - postadal@suse.cz
|
|
|
|
- used patch from pam-end-fix.diff [#33132]
|
|
- fixed instalation openssh without documentation [#33937]
|
|
- fixed auth-pam.c which breaks strict aliasing
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jan 19 13:19:32 CET 2004 - meissner@suse.de
|
|
|
|
- Added a ; to ssh-key-converter.c to fix gcc 3.4 build.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 16 12:57:41 CET 2004 - kukuk@suse.de
|
|
|
|
- Add pam-devel to neededforbuild
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 06 10:14:31 CET 2003 - postadal@suse.cz
|
|
|
|
- added /usr/bin/slogin explicitly to %file list [#32921]
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 2 21:10:35 CET 2003 - adrian@suse.de
|
|
|
|
- add %run_permissions to fix build
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Oct 14 12:23:36 CEST 2003 - postadal@suse.cz
|
|
|
|
- reverted value UsePAM to "yes" and set PasswordAuthentication to "no"
|
|
in file /etc/ssh/sshd_config (the version 3.7.1p2 disabled PAM support
|
|
by default) [#31749]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 23 15:02:00 CEST 2003 - draht@suse.de
|
|
|
|
- New version 3.7.1p2; signature from 86FF9C48 Damien Miller
|
|
verified for source tarball. Bugs fixed with this version:
|
|
#31637 (CAN-2003-0786, CAN-2003-0786). Briefly:
|
|
1) SSH1 PAM challenge response auth ignored the result of the
|
|
authentication (with privsep off)
|
|
2) The PAM conversation function trashed the stack, by referring
|
|
to the **resp parameter as an array of pointers rather than
|
|
as a pointer to an array of struct pam_responses.
|
|
At least security bug 1) is exploitable.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Sep 19 19:56:01 CEST 2003 - postadal@suse.cz
|
|
|
|
- use pthreads instead process forking (it needs by pam modules)
|
|
- fixed bug in calling pam_setcred [#31025]
|
|
(pam-fix.diff - string "FILE:" added to begin of KRB5CCNAME)
|
|
- updated README.SuSE
|
|
- reverted ChallengeResponseAuthentication option to default value yes
|
|
(necessary for pam authentication) [#31432]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 18 18:34:33 CEST 2003 - postadal@suse.cz
|
|
|
|
- updated to version 3.7.1p1 (with security patches)
|
|
- removed obsoleted patches: chauthtok.patch, krb-include-fix.diff,
|
|
gssapi-fix.diff, saveargv-fix.diff, gssapi-20030430.diff, racecondition-fix
|
|
- updated README.kerberos
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Sep 16 16:57:02 CEST 2003 - postadal@suse.cz
|
|
|
|
- fixed race condition in allocating memory [#31025] (CAN-2003-0693)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 15 11:52:20 CEST 2003 - postadal@suse.cz
|
|
|
|
- disabled privilege separation, which caused some problems [#30328]
|
|
(updated README.SuSE)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 04 11:59:39 CEST 2003 - postadal@suse.cz
|
|
|
|
- fixed bug in x11-ssh-askpass dialog [#25846] (askpass-fix.diff is workaround for gcc bug)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 29 11:39:40 CEST 2003 - kukuk@suse.de
|
|
|
|
- Call useradd -r for system account [Bug #29611]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 25 10:40:37 CEST 2003 - postadal@suse.cz
|
|
|
|
- use new stop_on_removal/restart_on_upate macros
|
|
- fixed lib64 problem in /etc/ssh/sshd_config [#28766]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Aug 19 11:21:33 CEST 2003 - mmj@suse.de
|
|
|
|
- Add sysconfig metadata [#28943]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 1 01:57:08 CEST 2003 - ro@suse.de
|
|
|
|
- add e2fsprogs-devel to neededforbuild
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 24 19:47:14 CEST 2003 - postadal@suse.cz
|
|
|
|
- updated to version 3.6.1p2
|
|
- added the new version of patch for GSSAPI (gssapi-20030430.diff),
|
|
the older one was removed (gssapi.patch)
|
|
- added README.kerberos to filelist
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 3 00:41:08 CEST 2003 - mmj@suse.de
|
|
|
|
- Remove files we don't package
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Apr 02 15:03:44 CEST 2003 - postadal@suse.cz
|
|
|
|
- fixed bad behaviour after receiving SIGHUP (this bug caused not working reload of init script)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 18 14:25:08 CET 2003 - postadal@suse.cz
|
|
|
|
- added $remote_fs to init.d script (needed if /usr is on remote fs [#25577])
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 13 17:02:52 CET 2003 - postadal@suse.cz
|
|
|
|
- fixed segfault while using GSSAPI for authentication when connecting to localhost (took care about error value of ssh_gssapi_import_name() in function ssh_gssapi_client_ctx())
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 10 09:28:31 CET 2003 - kukuk@suse.de
|
|
|
|
- Remove extra "/" from pid file path.
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 03 16:49:24 CET 2003 - postadal@suse.cz
|
|
|
|
- modified init.d script (now checking sshd.init.pid instead of port 22) [#24263]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 3 16:05:24 CET 2003 - okir@suse.de
|
|
|
|
- added comment to /etc/pam.d/ssh on how to enable
|
|
support for resmgr (#24363).
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 21 18:52:05 CET 2003 - postadal@suse.cz
|
|
|
|
- added ssh-copy-id shell script [#23745]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 14 13:42:14 CET 2003 - postadal@suse.cz
|
|
|
|
- given back gssapi and dns-lookups patches
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 22 23:05:35 CET 2003 - postadal@suse.cz
|
|
|
|
- updated to version 3.5p1
|
|
- removed obsolete patches: owl-mm, forced-commands-only, krb
|
|
- added patch krb5 (for heimdal)
|
|
- temporarily removed gssapi patch and dns-lookups (needs rewriting)
|
|
- fix sysconfig metadata
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 5 10:52:41 CET 2002 - okir@suse.de
|
|
|
|
- avoid Kerberos DNS lookups in the default config (#20395)
|
|
- added README.kerberos
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 19 11:00:46 CEST 2002 - postadal@suse.cz
|
|
|
|
- added info about changes in the new version of openssh
|
|
to README.SuSE [#19757]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 2 10:39:24 CEST 2002 - okir@suse.de
|
|
|
|
- privsep directory now /var/lib/empty, which is provided by
|
|
filesystem package (#17556)
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Aug 28 05:48:16 CEST 2002 - nashif@suse.de
|
|
|
|
- Added insserv & co to PreReq
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Aug 26 11:57:20 CEST 2002 - okir@suse.de
|
|
|
|
- applied patch that adds GSSAPI support in protocol version 2 (#18239)
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Aug 22 14:09:43 CEST 2002 - postadal@suse.cz
|
|
|
|
- added the patch to fix malfunction of PermitRootLogin seted to
|
|
forced-commands-only [#17149]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Aug 9 14:41:30 CEST 2002 - okir@suse.de
|
|
|
|
- syslog now reports kerberos auth method when logging in via
|
|
kerberos (#17469)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 23 04:34:10 PDT 2002 - okir@suse.de
|
|
|
|
- enabled kerberos support
|
|
- added patch to support kerberos 5 authentication in privsep mode.
|
|
- added missing section 5 manpages
|
|
- added missing ssh-keysign to files list (new for privsep)
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jul 22 14:16:54 CEST 2002 - okir@suse.de
|
|
|
|
- fixed handling of expired passwords in privsep mode
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 9 13:48:52 CEST 2002 - mmj@suse.de
|
|
|
|
- Don't source rc.config
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 3 01:01:24 CEST 2002 - draht@suse.de
|
|
|
|
- ssh-keygen must be told to explicitly create type rsa1 keys
|
|
in the start script.
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jul 2 12:03:58 CEST 2002 - ro@suse.de
|
|
|
|
- useradd/groupadd in preinstall to standardize
|
|
|
|
-------------------------------------------------------------------
|
|
Sat Jun 29 10:33:18 CEST 2002 - ro@suse.de
|
|
|
|
- updated patch from solar: zero out bytes for no longer used pages
|
|
in mmap-fallback solution
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 27 18:07:37 CEST 2002 - ro@suse.de
|
|
|
|
- updated owl-fallback.diff from solar
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 27 17:04:16 CEST 2002 - ro@suse.de
|
|
|
|
- update to 3.4p1
|
|
o privilege separation support
|
|
o overflow fix from ISS
|
|
- unsplit openssh-server and openssh-client
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 18 12:12:41 CEST 2002 - mmj@suse.de
|
|
|
|
- Update to 3.2.3p1 which fixed following compared to 3.2.2p1
|
|
o a defect in the BSD_AUTH access control handling for
|
|
o login/tty problems on Solaris (bug #245)
|
|
o build problems on Cygwin systems
|
|
|
|
- Split the package to openssh, openssh-server, openssh-client and
|
|
openssh-askpass
|
|
|
|
-------------------------------------------------------------------
|
|
Sun May 19 16:15:03 CEST 2002 - mmj@suse.de
|
|
|
|
- Updated to 3.2.2p which includes security and several bugfixes.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 15 12:05:21 CET 2002 - ro@suse.de
|
|
|
|
- added "Obsoletes: ssh"
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 5 17:15:30 MET 2002 - draht@suse.de
|
|
|
|
- security fix for bug in channels.c (channelbug.dif)
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 1 15:40:59 CET 2002 - bk@suse.de
|
|
|
|
- fix ssh-agent example to use eval `ssh-agent -s` and a typo.
|
|
- add sentence on use of ssh-agent with startx
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 26 12:31:21 CET 2002 - bk@suse.de
|
|
|
|
- update README.SuSE to improve documentation on protocol version
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 13 13:15:41 CET 2002 - cihlar@suse.cz
|
|
|
|
- rewritten addrlist patch - "0.0.0.0" is removed from list
|
|
after "::" is successful [#8951]
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Feb 11 15:17:32 CET 2002 - cihlar@suse.cz
|
|
|
|
- added info about the change of the default protocol version
|
|
to README.SuSE
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Feb 7 12:42:53 CET 2002 - cihlar@suse.cz
|
|
|
|
- removed addrlist patch which fixed bug [#8951] as it breaks
|
|
functionality on machines with kernel without IPv6 support,
|
|
bug reopened, new solution will be find
|
|
- switched to default protocol version 2
|
|
- added ssh-keyconvert (thanks Olaf Kirch <okir@suse.de>)
|
|
- removed static linking against libcrypto, as crypt() was removed
|
|
from it [#5333]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 22 15:43:33 CET 2002 - kukuk@suse.de
|
|
|
|
- Add pam_nologin to account management (else it will not be
|
|
called if user does not do password authentification)
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 15 15:49:07 CET 2002 - egmont@suselinux.hu
|
|
|
|
- removed colon from shutdown message
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 10 09:27:50 CET 2002 - cihlar@suse.cz
|
|
|
|
- use %{_lib}
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Dec 13 01:01:36 CET 2001 - ro@suse.de
|
|
|
|
- moved rc.config.d -> sysconfig
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 10 14:07:21 CET 2001 - cihlar@suse.cz
|
|
|
|
- removed START_SSHD
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 7 11:26:22 CET 2001 - cihlar@suse.cz
|
|
|
|
- update to version 3.0.2p1:
|
|
* CheckMail option in sshd_config is deprecated
|
|
* X11 cookies are now stored in $HOME
|
|
* fixed a vulnerability in the UseLogin option
|
|
* /etc/ssh_known_hosts2 and ~/.ssh/known_hosts2 are obsolete,
|
|
/etc/ssh_known_hosts and ~/.ssh/known_hosts can be used
|
|
* several minor fixes
|
|
- update x11-ssh-askpass to version 1.2.4.1:
|
|
* fixed Imakefile.in
|
|
- fixed bug in adresses "::" and "0.0.0.0" [#8951]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Oct 5 07:34:11 CEST 2001 - cihlar@suse.cz
|
|
|
|
- update to version 2.9.9p2
|
|
- removed obsolete clientloop and command patches
|
|
- uncommented "HostKey /etc/ssh/ssh_host_rsa_key" in sshd_config
|
|
- added German translation of e-mail to sysadmin
|
|
- init script fixed to work when more listening sshd runs
|
|
- added /bin/netstat to requires
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Sep 24 14:25:58 CEST 2001 - cihlar@suse.cz
|
|
|
|
- fixed security problem with sftp & bypassing
|
|
keypair auth restrictions - patch based on CVS
|
|
- fixed status part of init script - it returned
|
|
running even if there were only sshd of connections
|
|
and no listening sshd [#11220]
|
|
- fixed stop part of init script - when there was no
|
|
/var/run/sshd.pid, all sshd were killed
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Sep 6 14:31:15 CEST 2001 - nadvornik@suse.cz
|
|
|
|
- added patch for correct buffer flushing from CVS [bug #6450]
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jul 27 09:05:24 CEST 2001 - cihlar@suse.cz
|
|
|
|
- update x11-ssh-askpass to version 1.2.2
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jul 26 10:55:16 CEST 2001 - cihlar@suse.cz
|
|
|
|
- update to version 2.9p2
|
|
- removed obsolete "cookies" patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Jun 11 11:21:22 CEST 2001 - cihlar@suse.cz
|
|
|
|
- fixed to compile with new xmkmf
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 7 09:42:23 CEST 2001 - cihlar@suse.cz
|
|
|
|
- fixed security bug when any file "cookies" could
|
|
be removed by anybody
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 5 12:49:50 CEST 2001 - bjacke@suse.de
|
|
|
|
- generate rsa host key in init script
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 5 07:59:41 CEST 2001 - cihlar@suse.cz
|
|
|
|
- removed complete path from PAM modules
|
|
|
|
-------------------------------------------------------------------
|
|
Thu May 3 09:36:17 CEST 2001 - cihlar@suse.cz
|
|
|
|
- update to version 2.9p1
|
|
- removed obsolete --with-openssl
|
|
- removed obsolete man patch
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Apr 30 07:50:23 CEST 2001 - cihlar@suse.cz
|
|
|
|
- enable PAM support
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 13 11:50:26 CEST 2001 - ro@suse.de
|
|
|
|
- fixed specfile for extra README.SuSE
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Apr 13 08:03:45 CEST 2001 - cihlar@suse.cz
|
|
|
|
- fixed init script by new skeleton
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Mar 22 14:56:50 CET 2001 - cihlar@suse.cz
|
|
|
|
- update to version 2.5.2p2
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Mar 14 14:12:38 CET 2001 - cihlar@suse.cz
|
|
|
|
- fixed ssh man page
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 12 07:56:37 CET 2001 - cihlar@suse.cz
|
|
|
|
- update to version 2.5.1p2
|
|
- added xf86 to neededforbuild
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Mar 9 15:16:59 CET 2001 - schwab@suse.de
|
|
|
|
- Fix missing crypt declaration.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 23 08:57:55 CET 2001 - cihlar@suse.cz
|
|
|
|
- update to version 2.5.1p1
|
|
- update x11-ssh-askpass to version 1.2.0
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 20 11:27:20 CET 2001 - cihlar@suse.cz
|
|
|
|
- modified README.SuSE [#4365]
|
|
- fixed start script to agree with skeleton
|
|
- fixed start script so "stop" kills only sshd
|
|
listening for connections
|
|
- compiled with --with-openssl
|
|
- "ListenAddress 0.0.0.0" in sshd_config commented out -
|
|
listen on both ipv4 and ipv6
|
|
- fixed var/adm/notify/messages/openssh_update [#6406]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 25 15:02:01 CET 2001 - smid@suse.cz
|
|
|
|
- startup script fixed [#5559]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 16 09:40:50 CET 2001 - nadvornik@suse.cz
|
|
|
|
- libcrypto linked static [#5333]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 11 13:41:48 CET 2001 - cihlar@suse.cz
|
|
|
|
- uncomment sftp-server part in sshd_config
|
|
- added /usr/X11R6/lib/X11/app-defaults/SshAskpass to %files
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 11 12:37:10 CET 2001 - cihlar@suse.cz
|
|
|
|
- fixed %files [#5230]
|
|
- fixed installation of x11-ssh-askpass to BuildRoot
|
|
- added man pages of x11-ssh-askpass
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jan 10 11:54:42 CET 2001 - smid@suse.cz
|
|
|
|
- notice about how to enable ipv6 added to mail
|
|
- for administrator [#5297]
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Dec 13 10:43:25 CET 2000 - smid@suse.cz
|
|
|
|
- default ipv6 listennig disabled (problems with libc2.2) [#4588]
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Dec 5 14:03:35 CET 2000 - smid@suse.cz
|
|
|
|
- notify message changed
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Dec 4 21:45:35 CET 2000 - lmuelle@suse.de
|
|
|
|
- fixed provides/ conflicts to ssh
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Nov 30 16:03:34 CET 2000 - smid@suse.cz
|
|
|
|
- path to ssh-askpass fixed
|
|
- stop in %preun removed
|
|
- new init style
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 26 23:53:53 CET 2000 - schwab@suse.de
|
|
|
|
- Restore rcsshd link.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Nov 26 15:34:12 CET 2000 - kukuk@suse.de
|
|
|
|
- Add openssl-devel to neededforbuild
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Nov 20 16:11:34 CET 2000 - smid@suse.cz
|
|
|
|
- New version 2.3.0
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Sep 6 12:52:06 CEST 2000 - smid@suse.cz
|
|
|
|
- remove --with-ipv4-default option
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 5 19:04:28 CEST 2000 - garloff@suse.de
|
|
|
|
- ... and tell the sysadmin and user more about what they can do
|
|
about it (schwab).
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jul 5 00:55:37 CEST 2000 - garloff@suse.de
|
|
|
|
- Inform the user (admin) about the fact that the default behaviour
|
|
with respect to X11-forwarding has been changed to be disabled.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Jun 28 13:11:08 CEST 2000 - smid@suse.cz
|
|
|
|
- warning that generating DSA key can an take a long time.
|
|
(bugzilla 3015)
|
|
- writing to wtmp and lastlog fixed (bugzilla 3024)
|
|
- reading config file (parameter Protocol) fixed
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jun 16 10:42:52 CEST 2000 - garloff@suse.de
|
|
|
|
- Added generation of ssh_host_dsa_key
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jun 13 08:32:19 MEST 2000 - nadvornik@suse.cz
|
|
|
|
- update to 2.1.1p1
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jun 8 10:10:55 MEST 2000 - cihlar@suse.cz
|
|
|
|
- uncommented %clean
|
|
|
|
-------------------------------------------------------------------
|
|
Fri May 5 13:08:15 CEST 2000 - smid@suse.cz
|
|
|
|
- buildroot added
|
|
- upgrade to 1.2.3
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Mar 21 09:50:57 CET 2000 - kukuk@suse.de
|
|
|
|
- Update to 1.2.2p1
|
|
|
|
-------------------------------------------------------------------
|
|
Mon Mar 6 12:03:49 CET 2000 - kukuk@suse.de
|
|
|
|
- Fix the diff.
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Mar 5 18:22:07 CET 2000 - kukuk@suse.de
|
|
|
|
- Add a README.SuSE with a short description how to use ssh-add
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Feb 29 21:03:50 CET 2000 - schwab@suse.de
|
|
|
|
- Update config.{guess,sub}.
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Feb 25 11:01:24 CET 2000 - kukuk@suse.de
|
|
|
|
- Fix need for build, add group tag.
|
|
|
|
-------------------------------------------------------------------
|
|
Wed Feb 2 09:23:13 CET 2000 - kukuk@suse.de
|
|
|
|
- Change new defaults back to old one
|
|
|
|
-------------------------------------------------------------------
|
|
Sun Jan 30 12:51:49 CET 2000 - kukuk@suse.de
|
|
|
|
- Add x11-ssh-askpass to filelist
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Jan 28 18:03:50 CET 2000 - kukuk@suse.de
|
|
|
|
- Update to OpenSSH 1.2.2
|
|
- Add x11-ssh-askpass-1.0
|
|
|
|
-------------------------------------------------------------------
|
|
Tue Jan 25 15:57:09 CET 2000 - kukuk@suse.de
|
|
|
|
- Add reload and status to /sbin/init.d/sshd [Bug 1747]
|
|
|
|
-------------------------------------------------------------------
|
|
Thu Jan 20 17:26:02 CET 2000 - kukuk@suse.de
|
|
|
|
- Update to 1.2.1pre27 with IPv6 support
|
|
|
|
-------------------------------------------------------------------
|
|
Fri Dec 31 21:18:10 CET 1999 - kukuk@suse.de
|
|
|
|
- Initial version
|