Revisions of openssh
Tomáš Chvátal (scarabeus_iv)
accepted
request 780330
from
Ludwig Nussel (lnussel)
(revision 207)
- Don't recommend xauth to avoid pulling in X.
Vítězslav Čížek (vitezslav_cizek)
committed
(revision 206)
Add missing piece of changelog: - Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574). This attempts to preserve the permissions of any existing known_hosts file when modified by ssh-keygen (for instance, with -R).
Vítězslav Čížek (vitezslav_cizek)
accepted
request 779739
from
Hans Petter Jansson (hpjansson)
(revision 205)
Add openssh-8.1p1-use-openssl-kdf.patch (jsc#SLE-9443). This performs key derivation using OpenSSL's SSHKDF facility, which allows OpenSSH to benefit from the former's FIPS certification status. Make sure ssh-keygen runs if SSHD_AUTO_KEYGEN variable is unset or contains an unrecognized value (bsc#1157176).
buildservice-autocommit
accepted
request 775238
from
Dominique Leuenberger (dimstar_suse)
(revision 204)
baserev update by copy to link target
Dominique Leuenberger (dimstar_suse)
accepted
request 775237
from
Fabian Vogt (favogt)
(revision 203)
- Add patches to fix the sandbox blocking glibc on 32bit platforms (boo#1164061): * openssh-8.1p1-seccomp-clock_nanosleep_time64.patch * openssh-8.1p1-seccomp-clock_gettime64.patch
buildservice-autocommit
accepted
request 748711
from
Tomáš Chvátal (scarabeus_iv)
(revision 202)
baserev update by copy to link target
Tomáš Chvátal (scarabeus_iv)
accepted
request 746672
from
Cristian Rodríguez (elvigia)
(revision 201)
- Add openssh-8.1p1-seccomp-clock_nanosleep.patch, allow clock_nanosleep glibc master implements multiple functions using that syscall making the privsep sandbox kill the preauth process.
buildservice-autocommit
accepted
request 738544
from
Tomáš Chvátal (scarabeus_iv)
(revision 200)
baserev update by copy to link target
Tomáš Chvátal (scarabeus_iv)
committed
(revision 199)
- Add patch from upstream openssh-7.9p1-revert-new-qos-defaults.patch
Tomáš Chvátal (scarabeus_iv)
accepted
request 738490
from
Hans Petter Jansson (hpjansson)
(revision 198)
Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574). This attempts to preserve the permissions of any existing known_hosts file when modified by ssh-keygen (for instance, with -R). Run 'ssh-keygen -A' on startup only if SSHD_AUTO_KEYGEN="yes" in /etc/sysconfig/ssh. This is set to "yes" by default, but can be changed by the system administrator (bsc#1139089). Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574). This attempts to preserve the permissions of any existing known_hosts file when modified by ssh-keygen (for instance, with -R).
Tomáš Chvátal (scarabeus_iv)
accepted
request 737034
from
Hans Petter Jansson (hpjansson)
(revision 197)
Version update to 8.1p1: * ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2 unless the default is overridden (using "ssh-keygen -t ssh-rsa -s ..."). * ssh(1): Allow %n to be expanded in ProxyCommand strings * ssh(1), sshd(8): Allow prepending a list of algorithms to the default set by starting the list with the '^' character, E.g. "HostKeyAlgorithms ^ssh-ed25519" * ssh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email). * ssh-keygen(1): print key comment when extracting public key from a private key. * ssh-keygen(1): accept the verbose flag when searching for host keys in known hosts (i.e. "ssh-keygen -vF host") to print the matching host's random-art signature too. * All: support PKCS8 as an optional format for storage of private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less insecure key derivation function than PEM's. - Additional changes from 8.0p1 release: * scp(1): Add "-T" flag to disable client-side filtering of server file list. * sshd(8): Remove support for obsolete "host/port" syntax.
buildservice-autocommit
accepted
request 724538
from
Tomáš Chvátal (scarabeus_iv)
(revision 196)
baserev update by copy to link target
Tomáš Chvátal (scarabeus_iv)
accepted
request 724531
from
Thorsten Kukuk (kukuk)
(revision 195)
- don't install SuSEfirewall2 service on Factory, since SuSEfirewall2 has been replaced by firewalld, see [1]. [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html
buildservice-autocommit
accepted
request 718211
from
Tomáš Chvátal (scarabeus_iv)
(revision 194)
baserev update by copy to link target
Tomáš Chvátal (scarabeus_iv)
accepted
request 718210
from
Fabian Vogt (Vogtinator)
(revision 193)
Fixup last sr
Hans Petter Jansson (hpjansson)
accepted
request 717662
from
Fabian Vogt (Vogtinator)
(revision 192)
- ssh-askpass: Try a fallback if the other option is not available
Stanislav Brabec (sbrabec)
accepted
request 716585
from
Fabian Vogt (favogt)
(revision 191)
- Supplement libgtk-3-0 instead to avoid installation on a textmode install (boo#1142000)
buildservice-autocommit
accepted
request 706737
from
Tomáš Chvátal (scarabeus_iv)
(revision 190)
baserev update by copy to link target
Tomáš Chvátal (scarabeus_iv)
accepted
request 706687
from
Vítězslav Čížek (vitezslav_cizek)
(revision 189)
- Fix a crash with GSSAPI key exchange (bsc#1136104) * modify openssh-7.7p1-gssapi_key_exchange.patch
buildservice-autocommit
accepted
request 689349
from
Vítězslav Čížek (vitezslav_cizek)
(revision 188)
baserev update by copy to link target
Displaying revisions 61 - 80 of 267