Hello community, here is the log from the commit of package openssh for openSUSE:Factory checked in at 2012-11-14 09:15:15 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssh (Old) and /work/SRC/openSUSE:Factory/.openssh.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/openssh/openssh-askpass-gnome.changes 2012-06-28 15:38:24.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh-askpass-gnome.changes 2012-11-14 09:15:16.000000000 +0100 @@ -1,0 +2,41 @@ +Tue Nov 13 10:51:12 UTC 2012 - [email protected] + +- Updated to 6.1p1, a bugfix release + Features: + * sshd(8): This release turns on pre-auth sandboxing sshd by default for + new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config. + * ssh-keygen(1): Add options to specify starting line number and number of + lines to process when screening moduli candidates, allowing processing + of different parts of a candidate moduli file in parallel + * sshd(8): The Match directive now supports matching on the local (listen) + address and port upon which the incoming connection was received via + LocalAddress and LocalPort clauses. + * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv + and {Allow,Deny}{Users,Groups} + * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978 + * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8 + * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as + an argument to refuse all port-forwarding requests. + * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile + * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971 + * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators + to append some arbitrary text to the server SSH protocol banner. + Bugfixes: + * ssh(1)/sshd(8): Don't spin in accept() in situations of file + descriptor exhaustion. Instead back off for a while. + * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as + they were removed from the specification. bz#2023, + * sshd(8): Handle long comments in config files better. bz#2025 + * ssh(1): Delay setting tty_flag so RequestTTY options are correctly + picked up. bz#1995 + * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root + on platforms that use login_cap. + Portable OpenSSH: + * sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit + sandbox from the Linux SECCOMP filter sandbox when the latter is + not available in the kernel. + * ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to + retrieve a CNAME SSHFP record. + * Fix cross-compilation problems related to pkg-config. bz#1996 + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2012-10-27 13:24:27.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh.changes 2012-11-14 09:15:16.000000000 +0100 @@ -1,0 +2,47 @@ +Tue Nov 13 10:26:37 UTC 2012 - [email protected] + +- Updated to 6.1p1, a bugfix release + Features: + * sshd(8): This release turns on pre-auth sandboxing sshd by default for + new installs, by setting UsePrivilegeSeparation=sandbox in sshd_config. + * ssh-keygen(1): Add options to specify starting line number and number of + lines to process when screening moduli candidates, allowing processing + of different parts of a candidate moduli file in parallel + * sshd(8): The Match directive now supports matching on the local (listen) + address and port upon which the incoming connection was received via + LocalAddress and LocalPort clauses. + * sshd(8): Extend sshd_config Match directive to allow setting AcceptEnv + and {Allow,Deny}{Users,Groups} + * Add support for RFC6594 SSHFP DNS records for ECDSA key types. bz#1978 + * ssh-keygen(1): Allow conversion of RSA1 keys to public PEM and PKCS8 + * sshd(8): Allow the sshd_config PermitOpen directive to accept "none" as + an argument to refuse all port-forwarding requests. + * sshd(8): Support "none" as an argument for AuthorizedPrincipalsFile + * ssh-keyscan(1): Look for ECDSA keys by default. bz#1971 + * sshd(8): Add "VersionAddendum" to sshd_config to allow server operators + to append some arbitrary text to the server SSH protocol banner. + Bugfixes: + * ssh(1)/sshd(8): Don't spin in accept() in situations of file + descriptor exhaustion. Instead back off for a while. + * ssh(1)/sshd(8): Remove hmac-sha2-256-96 and hmac-sha2-512-96 MACs as + they were removed from the specification. bz#2023, + * sshd(8): Handle long comments in config files better. bz#2025 + * ssh(1): Delay setting tty_flag so RequestTTY options are correctly + picked up. bz#1995 + * sshd(8): Fix handling of /etc/nologin incorrectly being applied to root + on platforms that use login_cap. + Portable OpenSSH: + * sshd(8): Allow sshd pre-auth sandboxing to fall-back to the rlimit + sandbox from the Linux SECCOMP filter sandbox when the latter is + not available in the kernel. + * ssh(1): Fix NULL dereference when built with LDNS and using DNSSEC to + retrieve a CNAME SSHFP record. + * Fix cross-compilation problems related to pkg-config. bz#1996 + +------------------------------------------------------------------- +Tue Nov 13 10:26:16 CET 2012 - [email protected] + +- Fix groupadd arguments +- Add LSB tag to sshd init script + +------------------------------------------------------------------- Old: ---- openssh-6.0p1.tar.gz New: ---- openssh-6.1p1.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh-askpass-gnome.spec ++++++ --- /var/tmp/diff_new_pack.hWK6Zn/_old 2012-11-14 09:15:18.000000000 +0100 +++ /var/tmp/diff_new_pack.hWK6Zn/_new 2012-11-14 09:15:18.000000000 +0100 @@ -26,7 +26,7 @@ BuildRequires: pam-devel BuildRequires: tcpd-devel BuildRequires: update-desktop-files -Version: 6.0p1 +Version: 6.1p1 Release: 0 Requires: openssh = %{version} Summary: A GNOME-Based Passphrase Dialog for OpenSSH ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.hWK6Zn/_old 2012-11-14 09:15:18.000000000 +0100 +++ /var/tmp/diff_new_pack.hWK6Zn/_new 2012-11-14 09:15:18.000000000 +0100 @@ -33,7 +33,7 @@ Requires: /bin/netstat PreReq: pwdutils %{insserv_prereq} %{fillup_prereq} coreutils Conflicts: nonfreessh -Version: 6.0p1 +Version: 6.1p1 Release: 0 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program) @@ -177,7 +177,7 @@ %endif %pre -getent group sshd >/dev/null || %{_sbindir}/groupadd -o -r sshd +getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd %if 0%{?has_systemd} %service_add_pre sshd.service ++++++ openssh-6.0p1.tar.gz -> openssh-6.1p1.tar.gz ++++++ ++++ 4429 lines of diff (skipped) ++++++ sshd.init ++++++ --- /var/tmp/diff_new_pack.hWK6Zn/_old 2012-11-14 09:15:18.000000000 +0100 +++ /var/tmp/diff_new_pack.hWK6Zn/_new 2012-11-14 09:15:18.000000000 +0100 @@ -16,6 +16,7 @@ # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Description: Start the sshd daemon +# Short-Description: Start the sshd daemon ### END INIT INFO SSHD_BIN=/usr/sbin/sshd -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
