Overview Repositories Revisions Requests Users Attributes Meta

Revisions of openssh

Marcus Meissner's avatar Marcus Meissner (msmeissn) committed (revision 68) 
- openssh-6.5p1-seccomp_getuid.patch: re-enabling the seccomp sandbox
  (allowing use of the getuid syscall) (bnc#864171)
Marcus Meissner's avatar Marcus Meissner (msmeissn) committed (revision 67)
Petr Cerny's avatar Petr Cerny (pcerny) accepted request 222710 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 66) 
- re-enabling the seccomp sandbox
  (allowing use of getuid the syscall)
Petr Cerny's avatar Petr Cerny (pcerny) accepted request 222560 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 65) 
- reverting to rlimit sandbox even for newer distributions, since
  it seems not to work properly (bnc#864171)
buildservice-autocommit accepted request 222366 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 64) 
baserev update by copy to link target
Petr Cerny's avatar Petr Cerny (pcerny) accepted request 222365 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 63) 
- Update of the underlying OpenSSH to 6.5p1

- Update to 6.5p1
  Features since 6.4p1:
  * ssh(1), sshd(8): support for key exchange using ECDH in
    Daniel Bernstein's Curve25519; default when both the client
    and server support it.
  * ssh(1), sshd(8): support for Ed25519 as a public key type fo
    rboth server and client.  Ed25519 is an EC signature offering
    better security than ECDSA and DSA and good performance.
  * Add a new private key format that uses a bcrypt KDF to better
    protect keys at rest. Used unconditionally for Ed25519 keys,
    on demand for other key types via the -o ssh-keygen(1)
    option.  Intended to become default in the near future.
    Details documented in PROTOCOL.key.
  * ssh(1), sshd(8): new transport cipher
    "chacha20-poly1305@openssh.com" combining Daniel Bernstein's
    ChaCha20 stream cipher and Poly1305 MAC to build an
    authenticated encryption mode. Details documented
    PROTOCOL.chacha20poly1305.
  * ssh(1), sshd(8): refuse RSA keys from old proprietary clients
    and servers that use the obsolete RSA+MD5 signature scheme.
    It will still be possible to connect with these
    clients/servers but only DSA keys will be accepted, and
    OpenSSH will refuse connection entirely in a future release.
  * ssh(1), sshd(8): refuse old proprietary clients and servers
    that use a weaker key exchange hash calculation.
  * ssh(1): increase the size of the Diffie-Hellman groups
    requested for each symmetric key size. New values from NIST
    Special Publication 800-57 with the upper limit specified by
Marcus Meissner's avatar Marcus Meissner (msmeissn) committed (revision 62)
Marcus Meissner's avatar Marcus Meissner (msmeissn) committed (revision 61)
Marcus Meissner's avatar Marcus Meissner (msmeissn) committed (revision 60) 
- add a rcsshd symlink to /usr/sbin/service
Marcus Meissner's avatar Marcus Meissner (msmeissn) accepted request 221224 from Ismail Dönmez's avatar Ismail Dönmez (namtrac) (revision 59) 
- Add openssh-6.2p1-forcepermissions.patch to implement a force
  permissions mode (fate#312774). The patch is based on
  http://marc.info/?l=openssh-unix-dev&m=128896838930893
Petr Cerny's avatar Petr Cerny (pcerny) accepted request 220466 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 58) 
- Update of the underlying OpenSSH to 6.4p1

- Update to 6.4p1
  Features since 6.2p2:
  * ssh-agent(1) support in sshd(8); allows encrypted hostkeys, or
    hostkeys on smartcards.
  * ssh(1)/sshd(8): allow optional time-based rekeying via a
    second argument to the existing RekeyLimit option. RekeyLimit
    is now supported in sshd_config as well as on the client.
  * sshd(8): standardise logging of information during user
    authentication.
  * The presented key/cert and the remote username (if available)
    is now logged in the authentication success/failure message on
    the same log line as the local username, remote host/port and
    protocol in use.  Certificates contents and the key
    fingerprint of the signing CA are logged too.
  * ssh(1) ability to query what cryptographic algorithms are
    supported in the binary.
  * ssh(1): ProxyCommand=- for cases where stdin and stdout
    already point to the proxy.
  * ssh(1): allow IdentityFile=none
  * ssh(1)/sshd(8): -E option to append debugging logs to a
    specified file instead of stderr or syslog.
  * sftp(1): support resuming partial downloads with the "reget"
    command and on the sftp commandline or on the "get"
    commandline with the "-a" (append) option.
  * ssh(1): "IgnoreUnknown" configuration option to selectively
    suppress errors arising from unknown configuration directives.
  * sshd(8): support for submethods to be appended to required
    authentication methods listed via AuthenticationMethods.
Petr Cerny's avatar Petr Cerny (pcerny) accepted request 202452 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 57) 
- fix server crashes when using AES-GCM
- removed superfluous build dependency on X
Petr Cerny's avatar Petr Cerny (pcerny) accepted request 199729 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 56) 
- spec file and patch cleanup
- patches from SLE11
- init script is moved into documentation for openSUSE 12.3+
Petr Cerny's avatar Petr Cerny (pcerny) accepted request 199679 from Petr Cerny's avatar Petr Cerny (pcerny) (revision 55) 
- spec file cleanup (don't pointelssly build whole OpenSSH)

- spec file and patch cleanup
  * removing obsoleted auditing patch
    (openssh-%{version}-audit.patch)
- added patches from SLE
  * GSSAPI key exchange
  * FIPS enablement (currently disabled)
  * small bugfixes 
- split the LDAP helper into a separate package: openssh-akc-ldap
buildservice-autocommit accepted request 198435 from Sascha Peilicke's avatar Sascha Peilicke (saschpe) (revision 54) 
baserev update by copy to link target
Sascha Peilicke's avatar Sascha Peilicke (saschpe) accepted request 198380 from Cristian Rodríguez's avatar Cristian Rodríguez (elvigia) (revision 53) 
- fix the logic in openssh-nodaemon-nopid.patch which is broken
  and pid_file therefore still being created.
buildservice-autocommit accepted request 185890 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 52) 
baserev update by copy to link target
Marcus Meissner's avatar Marcus Meissner (msmeissn) accepted request 185789 from Cristian Rodríguez's avatar Cristian Rodríguez (elvigia) (revision 51) 
- Update for 6.2p2 

- Update to version 6.2p2 
* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption
* ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes
* ssh(1)/sshd(8): Added support for the UMAC-128 MAC
* sshd(8): Added support for multiple required authentication
* sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists
* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
  now immediately sends its SSH protocol banner to the server without
  waiting to receive the server's banner, saving time when connecting.
* dozens of other changes, see http://www.openssh.org/txt/release-6.2
buildservice-autocommit accepted request 181731 from Marcus Meissner's avatar Marcus Meissner (msmeissn) (revision 50) 
baserev update by copy to link target
Marcus Meissner's avatar Marcus Meissner (msmeissn) accepted request 181706 from Stephan Kulow's avatar Stephan Kulow (coolo) (revision 49) 
- avoid the build cycle between curl, krb5, libssh2_org and openssh
  by using krb5-mini-devel
Displaying revisions 201 - 220 of 268
openSUSE Build Service is sponsored by
Places