SHA256
1
0
forked from pool/openssh
Go to file
Hans Petter Jansson b3ff99ae3c Accepting request 1150500 from home:hpjansson:branches:network
- Update to openssh 9.6p1:
  * No changes for askpass, see main package changelog for
    details.

- Update to openssh 9.6p1:
  = Security
  * ssh(1), sshd(8): implement protocol extensions to thwart the
    so-called "Terrapin attack" discovered by Fabian Bäumer, Marcus
    Brinkmann and Jörg Schwenk. This attack allows a MITM to effect a
    limited break of the integrity of the early encrypted SSH transport
    protocol by sending extra messages prior to the commencement of
    encryption, and deleting an equal number of consecutive messages
    immediately after encryption starts. A peer SSH client/server
    would not be able to detect that messages were deleted.
  * ssh-agent(1): when adding PKCS#11-hosted private keys while
    specifying destination constraints, if the PKCS#11 token returned
    multiple keys then only the first key had the constraints applied.
    Use of regular private keys, FIDO tokens and unconstrained keys
    are unaffected.
  * ssh(1): if an invalid user or hostname that contained shell
    metacharacters was passed to ssh(1), and a ProxyCommand,
    LocalCommand directive or "match exec" predicate referenced the
    user or hostname via %u, %h or similar expansion token, then
    an attacker who could supply arbitrary user/hostnames to ssh(1)
    could potentially perform command injection depending on what
    quoting was present in the user-supplied ssh_config(5) directive.
  = Potentially incompatible changes
  * ssh(1), sshd(8): the RFC4254 connection/channels protocol provides
    a TCP-like window mechanism that limits the amount of data that
    can be sent without acceptance from the peer. In cases where this

OBS-URL: https://build.opensuse.org/request/show/1150500
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=255
2024-02-25 18:43:17 +00:00
_multibuild Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
cavs_driver-ssh.pl Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
fix-missing-lz.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
logind_set_tty.patch Accepting request 1110800 from home:kukuk:no-utmp 2023-09-18 22:02:17 +00:00
openssh-6.6.1p1-selinux-contexts.patch Accepting request 1150500 from home:hpjansson:branches:network 2024-02-25 18:43:17 +00:00
openssh-6.6p1-keycat.patch Accepting request 1123220 from home:jsegitz:branches:network 2023-11-28 16:35:34 +00:00
openssh-6.6p1-privsep-selinux.patch Accepting request 1123220 from home:jsegitz:branches:network 2023-11-28 16:35:34 +00:00
openssh-7.6p1-cleanup-selinux.patch Accepting request 1123220 from home:jsegitz:branches:network 2023-11-28 16:35:34 +00:00
openssh-7.7p1-cavstest-ctr.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-cavstest-kdf.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-disable_openssl_abi_check.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-eal3.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-enable_PAM_by_default.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-fips_checks.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
openssh-7.7p1-fips.patch Accepting request 1150500 from home:hpjansson:branches:network 2024-02-25 18:43:17 +00:00
openssh-7.7p1-host_ident.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-hostname_changes_when_forwarding_X.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-IPv6_X_forwarding.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-ldap.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
openssh-7.7p1-no_fork-no_pid_file.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-pam_check_locks.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
openssh-7.7p1-pts_names_formatting.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-remove_xauth_cookies_on_exit.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-seccomp_ipc_flock.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
openssh-7.7p1-seccomp_stat.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-send_locale.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-sftp_force_permissions.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-sftp_print_diagnostic_messages.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
openssh-7.7p1-systemd-notify.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
openssh-7.7p1-X11_trusted_forwarding.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.7p1-X_forward_with_disabled_ipv6.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.8p1-role-mls.patch Accepting request 1150500 from home:hpjansson:branches:network 2024-02-25 18:43:17 +00:00
openssh-7.9p1-keygen-preserve-perms.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-7.9p1-revert-new-qos-defaults.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-8.0p1-gssapi-keyex.patch Accepting request 1150500 from home:hpjansson:branches:network 2024-02-25 18:43:17 +00:00
openssh-8.1p1-audit.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
openssh-8.1p1-ed25519-use-openssl-rng.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
openssh-8.1p1-seccomp-clock_gettime64.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-8.1p1-seccomp-clock_nanosleep_time64.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-8.1p1-seccomp-clock_nanosleep.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-8.1p1-use-openssl-kdf.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-8.4p1-pam_motd.patch Accepting request 1110800 from home:kukuk:no-utmp 2023-09-18 22:02:17 +00:00
openssh-8.4p1-ssh_config_d.patch Accepting request 997549 from home:adamm:branches:network 2022-08-17 12:48:06 +00:00
openssh-8.4p1-vendordir.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
openssh-9.6p1.tar.gz Accepting request 1150500 from home:hpjansson:branches:network 2024-02-25 18:43:17 +00:00
openssh-9.6p1.tar.gz.asc Accepting request 1150500 from home:hpjansson:branches:network 2024-02-25 18:43:17 +00:00
openssh-askpass-gnome.changes Accepting request 1150500 from home:hpjansson:branches:network 2024-02-25 18:43:17 +00:00
openssh-askpass-gnome.spec Accepting request 1150500 from home:hpjansson:branches:network 2024-02-25 18:43:17 +00:00
openssh-do-not-send-empty-message.patch Accepting request 1034974 from home:hpjansson:openssh-tw 2022-11-15 15:28:59 +00:00
openssh-fips-ensure-approved-moduli.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-link-with-sk.patch Accepting request 922068 from home:hpjansson:branches:network 2021-10-07 08:06:58 +00:00
openssh-openssl-3.patch Accepting request 1043949 from home:ohollmann:branches:network 2022-12-21 10:48:51 +00:00
openssh-reenable-dh-group14-sha1-default.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
openssh-whitelist-syscalls.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00
openssh.changes Accepting request 1150500 from home:hpjansson:branches:network 2024-02-25 18:43:17 +00:00
openssh.keyring - openssh.keyring: rotated to new key from https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc 2021-10-07 15:19:27 +00:00
openssh.spec Accepting request 1150500 from home:hpjansson:branches:network 2024-02-25 18:43:17 +00:00
README.FIPS Accepting request 432093 from home:pcerny:factory 2016-09-30 20:34:19 +00:00
README.kerberos Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
README.SUSE Accepting request 873406 from home:jsegitz:branches:network 2021-04-17 14:22:02 +00:00
ssh-askpass Accepting request 718210 from home:Vogtinator:branches:network 2019-07-24 12:05:07 +00:00
ssh.reg OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
sshd-gen-keys-start Accepting request 914000 from home:kukuk:tiu 2021-09-01 18:03:45 +00:00
sshd-sle.pamd Accepting request 1074609 from home:kukuk:branches:network 2023-04-13 21:23:05 +00:00
sshd.fw OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=7 2007-07-27 00:01:43 +00:00
sshd.pamd Accepting request 1074609 from home:kukuk:branches:network 2023-04-13 21:23:05 +00:00
sshd.service - Mention upstream bugs on multiple local patches 2018-10-19 13:24:01 +00:00
sysconfig.ssh Accepting request 738490 from home:hpjansson:branches:network 2019-10-15 07:47:08 +00:00
sysusers-sshd.conf Accepting request 866259 from home:hpjansson:branches:network 2021-01-24 18:19:54 +00:00
wtmpdb.patch Accepting request 1087770 from home:alarrosa:branches:network 2023-05-22 19:32:26 +00:00

There are following changes in default settings of ssh client and server:

* Accepting and sending of locale environment variables in protocol 2 is
  enabled.

* PAM authentication is enabled and mostly even required, do not turn it off.

* DSA authentication is enabled by default for maximum compatibility.
  NOTE: do not use DSA authentication since it is being phased out for a reason
  - the size of DSA keys is limited by the standard to 1024 bits which cannot
  be considered safe any more.

* Accepting all RFC4419 specified DH group parameters. See KexDHMin in
  ssh_config and sshd_config manual pages.

For more information on differences in SUSE OpenSSH package see README.FIPS