Tomáš Chvátal (scarabeus_iv) accepted request 780330 from Ludwig Nussel (lnussel) about 4 years ago (revision 207)

- Don't recommend xauth to avoid pulling in X.

• Files Changed
• Browse Source

Vítězslav Čížek (vitezslav_cizek) committed about 4 years ago (revision 206)

Add missing piece of changelog:

- Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574).
  This attempts to preserve the permissions of any existing
  known_hosts file when modified by ssh-keygen (for instance,
  with -R).

• Files Changed
• Browse Source

Vítězslav Čížek (vitezslav_cizek) accepted request 779739 from Hans Petter Jansson (hpjansson) about 4 years ago (revision 205)

Add openssh-8.1p1-use-openssl-kdf.patch (jsc#SLE-9443). This
  performs key derivation using OpenSSL's SSHKDF facility, which
  allows OpenSSH to benefit from the former's FIPS certification
  status.

Make sure ssh-keygen runs if SSHD_AUTO_KEYGEN variable is unset
  or contains an unrecognized value (bsc#1157176).

• Files Changed
• Browse Source

buildservice-autocommit accepted request 775238 from Dominique Leuenberger (dimstar_suse) over 4 years ago (revision 204)

baserev update by copy to link target

• Files Changed
• Browse Source

Dominique Leuenberger (dimstar_suse) accepted request 775237 from Fabian Vogt (favogt) over 4 years ago (revision 203)

- Add patches to fix the sandbox blocking glibc on 32bit platforms
  (boo#1164061):
  * openssh-8.1p1-seccomp-clock_nanosleep_time64.patch
  * openssh-8.1p1-seccomp-clock_gettime64.patch

• Files Changed
• Browse Source

buildservice-autocommit accepted request 748711 from Tomáš Chvátal (scarabeus_iv) over 4 years ago (revision 202)

baserev update by copy to link target

• Files Changed
• Browse Source

Tomáš Chvátal (scarabeus_iv) accepted request 746672 from Cristian Rodríguez (elvigia) over 4 years ago (revision 201)

- Add openssh-8.1p1-seccomp-clock_nanosleep.patch, allow clock_nanosleep
  glibc master implements multiple functions using that syscall making
  the privsep sandbox kill the preauth process.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 738544 from Tomáš Chvátal (scarabeus_iv) over 4 years ago (revision 200)

baserev update by copy to link target

• Files Changed
• Browse Source

Tomáš Chvátal (scarabeus_iv) committed over 4 years ago (revision 199)

- Add patch from upstream openssh-7.9p1-revert-new-qos-defaults.patch

• Files Changed
• Browse Source

Tomáš Chvátal (scarabeus_iv) accepted request 738490 from Hans Petter Jansson (hpjansson) over 4 years ago (revision 198)

Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574).
This attempts to preserve the permissions of any existing
known_hosts file when modified by ssh-keygen (for instance,
with -R).

Run 'ssh-keygen -A' on startup only if SSHD_AUTO_KEYGEN="yes"
in /etc/sysconfig/ssh. This is set to "yes" by default, but
can be changed by the system administrator (bsc#1139089).

Add openssh-7.9p1-keygen-preserve-perms.patch (bsc#1150574).
This attempts to preserve the permissions of any existing
known_hosts file when modified by ssh-keygen (for instance,
with -R).

• Files Changed
• Browse Source

Tomáš Chvátal (scarabeus_iv) accepted request 737034 from Hans Petter Jansson (hpjansson) over 4 years ago (revision 197)

Version update to 8.1p1:
  * ssh-keygen(1): when acting as a CA and signing certificates with
    an RSA key, default to using the rsa-sha2-512 signature algorithm.
    Certificates signed by RSA keys will therefore be incompatible
    with OpenSSH versions prior to 7.2 unless the default is
    overridden (using "ssh-keygen -t ssh-rsa -s ...").
  * ssh(1): Allow %n to be expanded in ProxyCommand strings
  * ssh(1), sshd(8): Allow prepending a list of algorithms to the
    default set by starting the list with the '^' character, E.g.
    "HostKeyAlgorithms ^ssh-ed25519"
  * ssh-keygen(1): add an experimental lightweight signature and
    verification ability. Signatures may be made using regular ssh keys
    held on disk or stored in a ssh-agent and verified against an
    authorized_keys-like list of allowed keys. Signatures embed a
    namespace that prevents confusion and attacks between different
    usage domains (e.g. files vs email).
  * ssh-keygen(1): print key comment when extracting public key from a
    private key.
  * ssh-keygen(1): accept the verbose flag when searching for host keys
    in known hosts (i.e. "ssh-keygen -vF host") to print the matching
    host's random-art signature too.
  * All: support PKCS8 as an optional format for storage of private
    keys to disk.  The OpenSSH native key format remains the default,
    but PKCS8 is a superior format to PEM if interoperability with
    non-OpenSSH software is required, as it may use a less insecure
    key derivation function than PEM's.
- Additional changes from 8.0p1 release:
  * scp(1): Add "-T" flag to disable client-side filtering of
    server file list.
  * sshd(8): Remove support for obsolete "host/port" syntax.

• Files Changed
• Browse Source

buildservice-autocommit accepted request 724538 from Tomáš Chvátal (scarabeus_iv) over 4 years ago (revision 196)

baserev update by copy to link target

• Files Changed
• Browse Source

Tomáš Chvátal (scarabeus_iv) accepted request 724531 from Thorsten Kukuk (kukuk) almost 5 years ago (revision 195)

- don't install SuSEfirewall2 service on Factory, since SuSEfirewall2
  has been replaced by firewalld, see [1].
  [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html

• Files Changed
• Browse Source

buildservice-autocommit accepted request 718211 from Tomáš Chvátal (scarabeus_iv) almost 5 years ago (revision 194)

baserev update by copy to link target

• Files Changed
• Browse Source

Tomáš Chvátal (scarabeus_iv) accepted request 718210 from Fabian Vogt (Vogtinator) almost 5 years ago (revision 193)

Fixup last sr

• Files Changed
• Browse Source

Hans Petter Jansson (hpjansson) accepted request 717662 from Fabian Vogt (Vogtinator) almost 5 years ago (revision 192)

- ssh-askpass: Try a fallback if the other option is not available

• Files Changed
• Browse Source

Stanislav Brabec (sbrabec) accepted request 716585 from Fabian Vogt (favogt) almost 5 years ago (revision 191)

- Supplement libgtk-3-0 instead to avoid installation on a textmode install
  (boo#1142000)

• Files Changed
• Browse Source

buildservice-autocommit accepted request 706737 from Tomáš Chvátal (scarabeus_iv) almost 5 years ago (revision 190)

baserev update by copy to link target

• Files Changed
• Browse Source

Tomáš Chvátal (scarabeus_iv) accepted request 706687 from Vítězslav Čížek (vitezslav_cizek) almost 5 years ago (revision 189)

- Fix a crash with GSSAPI key exchange (bsc#1136104)
  * modify openssh-7.7p1-gssapi_key_exchange.patch

• Files Changed
• Browse Source

buildservice-autocommit accepted request 689349 from Vítězslav Čížek (vitezslav_cizek) about 5 years ago (revision 188)

baserev update by copy to link target

• Files Changed
• Browse Source