Hello community, here is the log from the commit of package openssh for openSUSE:Factory checked in at 2018-05-25 21:36:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssh (Old) and /work/SRC/openSUSE:Factory/.openssh.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh" Fri May 25 21:36:00 2018 rev:118 rq:611071 version:7.7p1 Changes: -------- --- /work/SRC/openSUSE:Factory/openssh/openssh-askpass-gnome.changes 2018-02-02 22:19:53.864554713 +0100 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh-askpass-gnome.changes 2018-05-25 21:36:02.498732936 +0200 @@ -1,0 +2,5 @@ +Mon May 21 15:19:03 UTC 2018 - [email protected] + +- Upgrade to 7.7p1 (bsc#1094068) + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2018-05-07 14:51:29.542133086 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh.changes 2018-05-25 21:36:02.530731778 +0200 @@ -1,0 +2,106 @@ +Mon May 21 15:19:03 UTC 2018 - [email protected] + +- Upgrade to 7.7p1 (bsc#1094068) + Most important changes (more details below): + * Drop compatibility support for pre-2001 SSH implementations + * sshd(1) does not load DSA keys by default + Distilled upstream log: + ---- Potentially-incompatible changes + * ssh(1)/sshd(8): Drop compatibility support for some very old + SSH implementations, including ssh.com <=2.* and OpenSSH <= + 3.*. These versions were all released in or before 2001 and + predate the final SSH RFCs. The support in question isn't + necessary for RFC-compliant SSH implementations. + ---- New Features + * experimental support for PQC XMSS keys (Extended Hash-Based + Signatures), not compiled in by default. + * sshd(8): Add a "rdomain" criteria for the sshd_config Match + keyword to allow conditional configuration that depends on + which routing domain a connection was received on (currently + supported on OpenBSD and Linux). + * sshd_config(5): Add an optional rdomain qualifier to the + ListenAddress directive to allow listening on different + routing domains. This is supported only on OpenBSD and Linux + at present. + * sshd_config(5): Add RDomain directive to allow the + authenticated session to be placed in an explicit routing + domain. This is only supported on OpenBSD at present. + * sshd(8): Add "expiry-time" option for authorized_keys files + to allow for expiring keys. + * ssh(1): Add a BindInterface option to allow binding the + outgoing connection to an interface's address (basically a + more usable BindAddress) + * ssh(1): Expose device allocated for tun/tap forwarding via a + new %T expansion for LocalCommand. This allows LocalCommand + to be %used to prepare the interface. + * sshd(8): Expose the device allocated for tun/tap forwarding + via a new SSH_TUNNEL environment variable. This allows + automatic setup of the interface and surrounding network + configuration automatically on the server. + * ssh(1)/scp(1)/sftp(1): Add URI support to ssh, sftp and scp, + e.g. ssh://user@host or sftp://user@host/path. Additional + connection parameters that use deporecated MD5 are not + implemented. + * ssh-keygen(1): Allow certificate validity intervals that + specify only a start or stop time (instead of both or + neither). + * sftp(1): Allow "cd" and "lcd" commands with no explicit path + argument. lcd will change to the local user's home directory + as usual. cd will change to the starting directory for + session (because the protocol offers no way to obtain the + remote user's home directory). bz#2760 + * sshd(8): When doing a config test with sshd -T, only require + the attributes that are actually used in Match criteria + rather than (an incomplete list of) all criteria. + ---- Bugfixes + * ssh(1)/sshd(8): More strictly check signature types during + key exchange against what was negotiated. Prevents downgrade + of RSA signatures made with SHA-256/512 to SHA-1. + * sshd(8): Fix support for client that advertise a protocol + version of "1.99" (indicating that they are prepared to + accept both SSHv1 and SSHv2). This was broken in OpenSSH 7.6 + during the removal of SSHv1 support. bz#2810 + * ssh(1): Warn when the agent returns a ssh-rsa (SHA1) + signature when a rsa-sha2-256/512 signature was requested. + This condition is possible when an old or non-OpenSSH agent + is in use. bz#2799 + * ssh-agent(1): Fix regression introduced in 7.6 that caused + ssh-agent to fatally exit if presented an invalid signature + request message. + * sshd_config(5): Accept yes/no flag options + case-insensitively, as has been the case in ssh_config(5) for + a long time. bz#2664 + * ssh(1): Improve error reporting for failures during + connection. Under some circumstances misleading errors were + being shown. bz#2814 + * ssh-keyscan(1): Add -D option to allow printing of results + directly in SSHFP format. bz#2821 + * regress tests: fix PuTTY interop test broken in last + release's SSHv1 removal. bz#2823 + * ssh(1): Compatibility fix for some servers that erroneously + drop the connection when the IUTF8 (RFC8160) option is sent. + * scp(1): Disable RemoteCommand and RequestTTY in the ssh + session started by scp (sftp was already doing this.) + * ssh-keygen(1): Refuse to create a certificate with an + unusable number of principals. + * ssh-keygen(1): Fatally exit if ssh-keygen is unable to write + all the public key during key generation. Previously it would + silently ignore errors writing the comment and terminating + newline. + * ssh(1): Do not modify hostname arguments that are addresses + by automatically forcing them to lower-case. Instead + canonicalise them to resolve ambiguities (e.g. ::0001 => ::1) + before they are matched against known_hosts. bz#2763 + * ssh(1): Don't accept junk after "yes" or "no" responses to + hostkey prompts. bz#2803 + * sftp(1): Have sftp print a warning about shell cleanliness + when decoding the first packet fails, which is usually caused + by shells polluting stdout of non-interactive startups. + bz#2800 + * ssh(1)/sshd(8): Switch timers in packet code from using + wall-clock time to monotonic time, allowing the packet layer + to better function over a clock step and avoiding possible + integer overflows during steps. + * Numerous manual page fixes and improvements. + +------------------------------------------------------------------- Old: ---- openssh-7.6p1-SUSE_patches.tar.gz openssh-7.6p1.tar.gz openssh-7.6p1.tar.gz.asc New: ---- openssh-7.7p1-SUSE_patches.tar.gz openssh-7.7p1.tar.gz openssh-7.7p1.tar.gz.asc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh-askpass-gnome.spec ++++++ --- /var/tmp/diff_new_pack.kCaSg6/_old 2018-05-25 21:36:03.266705139 +0200 +++ /var/tmp/diff_new_pack.kCaSg6/_new 2018-05-25 21:36:03.270704995 +0200 @@ -19,7 +19,7 @@ %define _name openssh Name: openssh-askpass-gnome BuildRequires: gtk2-devel -Version: 7.6p1 +Version: 7.7p1 Release: 0 Requires: %{_name} = %{version} Summary: A GNOME-Based Passphrase Dialog for OpenSSH ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.kCaSg6/_old 2018-05-25 21:36:03.294704126 +0200 +++ /var/tmp/diff_new_pack.kCaSg6/_new 2018-05-25 21:36:03.298703981 +0200 @@ -101,7 +101,7 @@ %if ! %{uses_systemd} PreReq: %{insserv_prereq} %endif -Version: 7.6p1 +Version: 7.7p1 Release: 0 Summary: Secure Shell Client and Server (Remote Login Program) License: BSD-2-Clause AND MIT @@ -190,7 +190,7 @@ # set libexec dir in the LDAP patch sed -i.libexec 's,@LIBEXECDIR@,%{_libexecdir}/ssh,' \ $( grep -Rl @LIBEXECDIR@ \ - $( grep "^+++" $PATCH_DIR/openssh-7.6p1-ldap.patch | sed -r 's@^.+/([^/\t ]+).*$@\1@' ) + $( grep "^+++" $PATCH_DIR/openssh-7.7p1-ldap.patch | sed -r 's@^.+/([^/\t ]+).*$@\1@' ) ) %build ++++++ openssh-7.6p1-SUSE_patches.tar.gz -> openssh-7.7p1-SUSE_patches.tar.gz ++++++ ++++ 39315 lines of diff (skipped) ++++++ openssh-7.6p1-SUSE_patches.tar.gz -> openssh-7.7p1.tar.gz ++++++ ++++ 230129 lines of diff (skipped)
