SHA256
1
0
forked from pool/openssh
openssh/openssh-askpass-gnome.changes
Hans Petter Jansson b3ff99ae3c Accepting request 1150500 from home:hpjansson:branches:network
- Update to openssh 9.6p1:
  * No changes for askpass, see main package changelog for
    details.

- Update to openssh 9.6p1:
  = Security
  * ssh(1), sshd(8): implement protocol extensions to thwart the
    so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
    Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
    limited break of the integrity of the early encrypted SSH transport
    protocol by sending extra messages prior to the commencement of
    encryption, and deleting an equal number of consecutive messages
    immediately after encryption starts. A peer SSH client/server
    would not be able to detect that messages were deleted.
  * ssh-agent(1): when adding PKCS#11-hosted private keys while
    specifying destination constraints, if the PKCS#11 token returned
    multiple keys then only the first key had the constraints applied.
    Use of regular private keys, FIDO tokens and unconstrained keys
    are unaffected.
  * ssh(1): if an invalid user or hostname that contained shell
    metacharacters was passed to ssh(1), and a ProxyCommand,
    LocalCommand directive or "match exec" predicate referenced the
    user or hostname via %u, %h or similar expansion token, then
    an attacker who could supply arbitrary user/hostnames to ssh(1)
    could potentially perform command injection depending on what
    quoting was present in the user-supplied ssh_config(5) directive.
  = Potentially incompatible changes
  * ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
    a TCP-like window mechanism that limits the amount of data that
    can be sent without acceptance from the peer. In cases where this

OBS-URL: https://build.opensuse.org/request/show/1150500
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=255
2024-02-25 18:43:17 +00:00

335 lines
12 KiB
Plaintext

-------------------------------------------------------------------
Sun Feb 25 18:26:23 UTC 2024 - Hans Petter Jansson <hpj@suse.com>
- Update to openssh 9.6p1:
* No changes for askpass, see main package changelog for
details.
-------------------------------------------------------------------
Fri Jul 21 05:13:56 UTC 2023 - Simon Lees <sflees@suse.de>
- Update to openssh 9.3p2
* No changes for askpass, see main package changelog for
details
-------------------------------------------------------------------
Sun May 28 09:16:44 UTC 2023 - Andreas Stieger <andreas.stieger@gmx.de>
- openssh-askpass-gnome: require only openssh-clients, not the full
openssh (including -server), to avoid pulling in excessive
dependencies when installing git on Gnome (boo#1211446)
-------------------------------------------------------------------
Thu May 11 07:01:54 UTC 2023 - Antonio Larrosa <alarrosa@suse.com>
- Update to openssh 9.3p1
* No changes for askpass, see main package changelog for
details
-------------------------------------------------------------------
Tue Sep 28 19:05:15 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
- Version upgrade to 8.8p1
* No changes for askpass, see main package changelog for
details
-------------------------------------------------------------------
Thu Sep 17 20:41:39 UTC 2020 - Jan Engelhardt <jengelh@inai.de>
- Upgrade some old specfile constructs/macros.
-------------------------------------------------------------------
Thu Sep 10 22:44:00 UTC 2020 - Hans Petter Jansson <hpj@suse.com>
- Supplement openssh-clients instead of openssh (bsc#1176434).
-------------------------------------------------------------------
Thu Jul 18 14:07:56 UTC 2019 - Fabian Vogt <fvogt@suse.com>
- Supplement libgtk-3-0 instead to avoid installation on a textmode install
(boo#1142000)
-------------------------------------------------------------------
Thu Feb 14 10:36:03 UTC 2019 - Tomáš Chvátal <tchvatal@suse.com>
- Supplement the openssh and libx11 together to ensure this package
is installed on machines where there is X stack
-------------------------------------------------------------------
Mon Oct 22 08:59:02 UTC 2018 - Pedro Monreal Gonzalez <pmonrealgonzalez@suse.com>
- Version update to 7.9p1
* No actual changes for the askpass
* See main package changelog for details
-------------------------------------------------------------------
Tue Oct 9 10:52:15 UTC 2018 - Tomáš Chvátal <tchvatal@suse.com>
- Update to 7.8p1:
* no actual changes for the askpass
- Format with spec-cleaner
- Respect cflags
- Use gtk3 rather than gtk2 which is being phased out
-------------------------------------------------------------------
Mon May 21 15:19:03 UTC 2018 - pcerny@suse.com
- Upgrade to 7.7p1 (bsc#1094068)
-------------------------------------------------------------------
Wed Jan 31 22:54:55 UTC 2018 - pcerny@suse.com
- .spec file cleanup
-------------------------------------------------------------------
Fri Nov 3 12:27:18 UTC 2017 - pcerny@suse.com
- upgrade to 7.6p1
see main package changelog for details
-------------------------------------------------------------------
Mon Jul 25 13:45:53 UTC 2016 - meissner@suse.com
- fixed url
-------------------------------------------------------------------
Sun Apr 17 23:27:51 UTC 2016 - pcerny@suse.com
- upgrade to 7.2p2
-------------------------------------------------------------------
Tue Feb 10 13:28:56 UTC 2015 - pcerny@suse.com
- changing license to 2-clause BSD to match source
-------------------------------------------------------------------
Fri Apr 11 21:50:51 UTC 2014 - pcerny@suse.com
- Update of the underlying OpenSSH to 6.6p1
-------------------------------------------------------------------
Wed Feb 12 01:24:16 UTC 2014 - pcerny@suse.com
- Update of the underlying OpenSSH to 6.5p1
-------------------------------------------------------------------
Fri Jan 24 15:13:09 UTC 2014 - pcerny@suse.com
- Update of the underlying OpenSSH to 6.4p1
-------------------------------------------------------------------
Thu Sep 19 02:02:56 UTC 2013 - pcerny@suse.com
- spec file cleanup (don't pointelssly build whole OpenSSH)
-------------------------------------------------------------------
Sat Aug 3 18:12:20 UTC 2013 - crrodriguez@opensuse.org
- Update for 6.2p2
-------------------------------------------------------------------
Tue Nov 13 10:51:12 UTC 2012 - meissner@suse.com
- Updated to 6.1p1, a bugfix release
Features:
* sshd(8): This release turns on pre-auth sandboxing sshd by default for
new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config.
* ssh-keygen(1): Add options to specify starting line number and number of
lines to process when screening moduli candidates, allowing processing
of different parts of a candidate moduli file in parallel
* sshd(8): The Match directive now supports matching on the local (listen)
address and port upon which the incoming connection was received via
LocalAddress and LocalPort clauses.
* sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv
and {Allow,Deny}{Users,Groups}
* Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978
* ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8
* sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as
an argument to refuse all port-forwarding requests.
* sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile
* ssh-keyscan(1): Look for ECDSA keys by default. bz#1971
* sshd(8): Add "VersionAddendum" to sshd_config to allow server operators
to append some arbitrary text to the server SSH protocol banner.
Bugfixes:
* ssh(1)/sshd(8): Don't spin in accept() in situations of file
descriptor exhaustion. Instead back off for a while.
* ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as
they were removed from the specification. bz#2023,
* sshd(8): Handle long comments in config files better. bz#2025
* ssh(1): Delay setting tty_flag so RequestTTY options are correctly
picked up. bz#1995
* sshd(8): Fix handling of /etc/nologin incorrectly being applied to root
on platforms that use login_cap.
Portable OpenSSH:
* sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit
sandbox from the Linux SECCOMP filter sandbox when the latter is
not available in the kernel.
* ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to
retrieve a CNAME SSHFP record.
* Fix cross-compilation problems related to pkg-config. bz#1996
-------------------------------------------------------------------
Wed Jun 27 09:51:19 UTC 2012 - coolo@suse.com
- the gnome askpass does not require the x11 askpass - especially not
in the version of openssh (it's at 1.X)
-------------------------------------------------------------------
Tue May 29 07:14:53 UTC 2012 - meissner@suse.com
- use correct tarball url
- update to 6.0p1.
-------------------------------------------------------------------
Wed Mar 28 11:42:32 UTC 2012 - aj@suse.de
- Add build require on autoconf and automake.
-------------------------------------------------------------------
Wed Dec 21 10:31:42 UTC 2011 - coolo@suse.com
- remove call to suse_update_config (very old work around)
-------------------------------------------------------------------
Wed Oct 19 00:40:15 UTC 2011 - pcerny@suse.com
- Update to 5.9p1
-------------------------------------------------------------------
Fri Feb 4 11:19:14 UTC 2011 - lchiquitto@novell.com
- Update to 5.8p1
-------------------------------------------------------------------
Mon Jan 24 11:51:10 UTC 2011 - lchiquitto@novell.com
- Update to 5.7p1
-------------------------------------------------------------------
Wed Jan 12 13:37:38 CET 2011 - sbrabec@suse.cz
- Removed relics of no more implemented opensc support.
-------------------------------------------------------------------
Tue Aug 24 15:50:17 CEST 2010 - anicka@suse.cz
- update to 5.6p1
-------------------------------------------------------------------
Fri Mar 26 11:04:59 CET 2010 - anicka@suse.cz
- update to 5.4p1
- remove -pam-fix4.diff (in upstream now)
-------------------------------------------------------------------
Mon Feb 23 17:27:22 CET 2009 - anicka@suse.cz
- update to 5.2p1
-------------------------------------------------------------------
Wed Apr 9 14:35:42 CEST 2008 - anicka@suse.cz
- update to 5.0p1
-------------------------------------------------------------------
Wed Apr 2 15:06:01 CEST 2008 - anicka@suse.cz
- update to 4.9p1
-------------------------------------------------------------------
Wed Dec 5 10:56:07 CET 2007 - anicka@suse.cz
- - update to 4.7p1
* Add "-K" flag for ssh to set GSSAPIAuthentication=yes and
GSSAPIDelegateCredentials=yes. This is symmetric with -k
* make scp try to skip FIFOs rather than blocking when nothing is
listening.
* increase default channel windows
* put the MAC list into a display
* many bugfixes
-------------------------------------------------------------------
Tue Dec 12 14:44:41 CET 2006 - anicka@suse.cz
- update to 4.5p1
* Use privsep_pw if we have it, but only require it if we
absolutely need it.
* Correctly check for bad signatures in the monitor, otherwise
the monitor and the unpriv process can get out of sync.
* Clear errno before calling the strtol functions.
* exit instead of doing a blocking tcp send if we detect
a client/server timeout, since the tcp sendqueue might
be already full (of alive requests)
* include signal.h, errno.h, sys/in.h
* some more bugfixes
-------------------------------------------------------------------
Wed Oct 4 12:56:40 CEST 2006 - postadal@suse.cz
- updated to version 4.4p1 [#208662]
* fixed pre-authentication DoS, that would cause sshd(8) to spin
until the login grace time expired
* fixed unsafe signal hander, which was vulnerable to a race condition
that could be exploited to perform a pre-authentication DoS
* fixed a GSSAPI authentication abort that could be used to determine
the validity of usernames on some platforms
* implemented conditional configuration in sshd_config(5) using the
"Match" directive
* added support for Diffie-Hellman group exchange key agreement with a
final hash of SHA256
* added a "ForceCommand", "PermitOpen" directive to sshd_config(5)
* added optional logging of transactions to sftp-server(8)
* ssh(1) will now record port numbers for hosts stored in
~/.ssh/authorized_keys when a non-standard port has been requested
* added an "ExitOnForwardFailure" option to cause ssh(1) to exit (with
a non-zero exit code) when requested port forwardings could not be
established
* extended sshd_config(5) "SubSystem" declarations to allow the
specification of command-line arguments
- removed obsoleted patches: autoconf-fix.patch
-------------------------------------------------------------------
Tue Jul 25 13:40:10 CEST 2006 - schwab@suse.de
- Fix syntax error in configure script.
-------------------------------------------------------------------
Wed Jan 25 21:39:06 CET 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
-------------------------------------------------------------------
Tue Jan 3 15:54:49 CET 2006 - postadal@suse.cz
- updated to version 4.2p1
- removed obsoleted patches: upstream_fixes.diff, gssapi-secfix.patch
-------------------------------------------------------------------
Thu Sep 8 16:20:06 CEST 2005 - postadal@suse.cz
- don't strip
-------------------------------------------------------------------
Thu Aug 4 11:30:18 CEST 2005 - uli@suse.de
- parallelize build
-------------------------------------------------------------------
Fri Jun 10 16:24:22 CEST 2005 - postadal@suse.cz
- updated to version 4.1p1
- removed obsoleted patches: restore_terminal, pam-returnfromsession,
timing-attacks-fix, krb5ccname, gssapi-pam, logdenysource,
sendenv-fix, documentation-fix
-------------------------------------------------------------------
Wed Jan 19 18:25:29 CET 2005 - postadal@suse.cz
- renamed askpass-gnome package to openssh-askpass-gnome
-------------------------------------------------------------------
Wed Jan 19 15:58:07 CET 2005 - postadal@suse.cz
- splited spec file to decreas number of build dependencies