Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

openssh-6.0p1-2.3.3 RPM for x86_64

From OpenSuSE 12.2 for x86_64

Name: openssh Distribution: openSUSE 12.2
Version: 6.0p1 Vendor: openSUSE
Release: 2.3.3 Build date: Mon Jul 16 18:21:54 2012
Group: Productivity/Networking/SSH Build host: build20
Size: 2909455 Source RPM: openssh-6.0p1-2.3.3.src.rpm
Summary: Secure Shell Client and Server (Remote Login Program)
SSH (Secure Shell) is a program for logging into and executing commands
on a remote machine. It is intended to replace rsh (rlogin and rsh) and
provides openssl (secure encrypted communication) between two untrusted
hosts over an insecure network.

xorg-x11 (X Window System) connections and arbitrary TCP/IP ports can
also be forwarded over the secure channel.




BSD-3-Clause ; MIT


* Mon Jun 18 2012
  - do not buildrequire xorg-x11, the askpass is an extra package
    and should build from a different package
* Tue May 29 2012
  - use correct download url and tarball format.
* Tue May 29 2012
  - Update to version 6.0, large list of changes, seen for detail.
* Thu May 10 2012
  - By default openSSH checks at *runtime* if the openssl
    API version matches with the running library, that might
    be good if you are compiling SSH yourself but it is a totally
    insane way to check for binary/source compatibility in a distribution.
* Mon Feb 20 2012
  - include X11 app default dir
* Fri Dec 23 2011
  - Fix building for OS 11.0, 10.3, 10.2
    * Don't require selinux on OS 11.0 or lower
* Fri Dec 23 2011
  - Fix building for OS 11.2 and 11.1
  - Cleanup remove remaining litteral /etc/init.d 's
* Wed Dec 21 2011
  - add autoconf as buildrequire to avoid implicit dependency
* Tue Nov 29 2011
  - Add systemd startup units
* Sat Oct 29 2011
  - finalising libexecdir change (bnc#726712)
* Wed Oct 19 2011
  - Update to 5.9p1
    * sandboxing privsep child through rlimit
* Fri Sep 16 2011
  - Avoid overriding libexecdir with %_lib (bnc#712025)
  - Clean up the specfile by request of Minh Ngo, details entail:
    * remove norootforbuild comments, redundant %clean section
    * run spec-beautifier over it
  - Add PIEFLAGS to compilation of askpass; fails otherwise
* Mon Aug 29 2011
  -  Update to verison 5.8p2
    * Fixed vuln in systems without dev/random, we arenot affected
    * Fixes problems building with selinux enabled
  - Fix build with as-needed and no-add-needed
* Sat Aug 13 2011
  - Enable libedit/autocompletion support in sftp
* Tue May 10 2011
  - Change default keysizes of rsa and dsa from 1024 to 2048
    to match ssh-keygen manpage recommendations.
* Fri Feb 04 2011
  - Update to 5.8p1
    * Fix vulnerability in legacy certificate signing introduced in
    OpenSSH-5.6 and found by Mateusz Kocielski.
    * Fix compilation failure when enableing SELinux support.
    * Do not attempt to call SELinux functions when SELinux is
  - Remove patch that is now upstream:
    * openssh-5.7p1-selinux.diff
* Thu Feb 03 2011
  - specfile/patches cleanup
* Mon Jan 24 2011
  - Update to 5.7p1
    * Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
    and host/user keys (ECDSA) as specified by RFC5656.
    * sftp(1)/sftp-server(8): add a protocol extension to support a hard
    link operation.
    * scp(1): Add a new -3 option to scp: Copies between two remote hosts
    are transferred through the local host.
    * ssh(1): automatically order the hostkeys requested by the client
    based on which hostkeys are already recorded in known_hosts.
    * ssh(1)/sshd(8): add a new IPQoS option to specify arbitrary
    TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput.
    * sftp(1): the sftp client is now significantly faster at performing
    directory listings, using OpenBSD glob(3) extensions to preserve
    the results of stat(3) operations performed in the course of its
    execution rather than performing expensive round trips to fetch
    them again afterwards.
    * ssh(1): "atomically" create the listening mux socket by binding it on
    a temporary name and then linking it into position after listen() has
    * ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server
    configuration to allow selection of which key exchange methods are
    used by ssh(1) and sshd(8) and their order of preference.
    * sftp(1)/scp(1): factor out bandwidth limiting code from scp(1) into
    a generic bandwidth limiter that can be attached using the atomicio
    callback mechanism and use it to add a bandwidth limit option to
    * Support building against openssl-1.0.0a.
    * Bug fixes.
  - Remove patches that are now upstream:
    * openssh-5.6p1-tmpdir.diff
    * openssh-linux-new-oomkill.patch
  - Add upstream patch to fix build with SELinux enabled.
* Wed Jan 12 2011
  - Removed relics of no more implemented opensc support.
* Thu Nov 18 2010
  - add pam_lastlog to show failed login attempts
  - remove permissions handling, no special handling needed
* Tue Nov 16 2010
  - Use upstream oom_adj is deprecated patch
* Tue Nov 02 2010
  - remove the code trying to patch X11 paths - which was broken
    for a very long time and was useless anyway as the Makefiles
    do this correctly themselves
* Sun Oct 31 2010
  - Use %_smp_mflags
* Thu Oct 14 2010
  - Fix warning "oom_adj is deprecated use oom_score_adj instead"
* Mon Sep 13 2010
  - actualize README.SuSE (bnc#638893)
* Tue Aug 24 2010
  - update to 5.6p1
    * Added a ControlPersist option to ssh_config(5) that automatically
    starts a background ssh(1) multiplex master when connecting.
    * Hostbased authentication may now use certificate host keys.
    * ssh-keygen(1) now supports signing certificate using a CA key that
    has been stored in a PKCS#11 token.
    * ssh(1) will now log the hostname and address that we connected to at
    LogLevel=verbose after authentication is successful to mitigate
    "phishing" attacks by servers with trusted keys that accept
    authentication silently and automatically before presenting fake
    password/passphrase prompts.
    * Expand %h to the hostname in ssh_config Hostname options.
    * Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8
    keys in addition to RFC4716 (SSH.COM) encodings via a new -m option
    * sshd(8) will now queue debug messages for bad ownership or
    permissions on the user's keyfiles encountered during authentication
    and will send them after authentication has successfully completed.
    * ssh(1) connection multiplexing now supports remote forwarding with
    dynamic port allocation and can report the allocated port back to
    the user
    * sshd(8) now supports indirection in matching of principal names
    listed in certificates.
    * sshd(8) now has a new AuthorizedPrincipalsFile option to specify a
    file containing a list of names that may be accepted in place of the
    username when authorizing a certificate trusted via the
    sshd_config(5) TrustedCAKeys option.
    * Additional sshd_config(5) options are now valid inside Match blocks
    * Revised the format of certificate keys.
    * bugfixes
  - removed -forward patch (SSH_MAX_FORWARDS_PER_DIRECTION not hard-coded
    any more), removed memory leak fix (fixed in upstream)
* Fri Aug 20 2010
  - hint user how to remove offending keys (bnc#625552)
* Thu Jul 22 2010
  - update to 5.5p1
* Tue Jul 20 2010
  - update to 5.5p1
    * Allow ChrootDirectory to work in SELinux platforms.
    * bugfixes
* Wed Jun 30 2010
  - Disable visual hostkey support again, after discussion on
    its usefulness.
* Mon May 17 2010
  - Hardware crypto is supported and patched but never
    enabled, need to use --with-ssl-engine explicitely
* Fri May 14 2010
  - fixed memory leak in sftp (bnc#604274)
* Fri Apr 23 2010
  - honour /etc/nologin (bnc#530885)
* Thu Mar 25 2010
  - Enable VisualHostKey (ascii art of the hostkey fingerprint) and
    HashHostKeys (hardening measure to make them unusable for worms/malicious
    users for further host hopping).
* Tue Mar 23 2010
  - update to 5.4p1
    * After a transition period of about 10 years, this release disables
    SSH protocol 1 by default. Clients and servers that need to use the
    legacy protocol must explicitly enable it in ssh_config / sshd_config
    or on the command-line.
    * Remove the libsectok/OpenSC-based smartcard code and add support for
    PKCS#11 tokens. This support is automatically enabled on all
    platforms that support dlopen(3) and was inspired by patches written
    by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages.
    * Add support for certificate authentication of users and hosts using a
    new, minimal OpenSSH certificate format (not X.509). Certificates
    contain a public key, identity information and some validity
    constraints and are signed with a standard SSH public key using
    ssh-keygen(1). CA keys may be marked as trusted in authorized_keys
    or via a TrustedUserCAKeys option in sshd_config(5) (for user
    authentication), or in known_hosts (for host authentication).
    Documentation for certificate support may be found in ssh-keygen(1),
    sshd(8) and ssh(1) and a description of the protocol extensions in
    * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects
    stdio on the client to a single port forward on the server. This
    allows, for example, using ssh as a ProxyCommand to route connections
    via intermediate servers. bz#1618
    * Add the ability to revoke keys in sshd(8) and ssh(1). User keys may
    be revoked using a new sshd_config(5) option "RevokedKeys". Host keys
    are revoked through known_hosts (details in the sshd(8) man page).
    Revoked keys cannot be used for user or host authentication and will
    trigger a warning if used.
    * Rewrite the ssh(1) multiplexing support to support non-blocking
    operation of the mux master, improve the resilience of the master to
    malformed messages sent to it by the slave and add support for
    requesting port- forwardings via the multiplex protocol. The new
    stdio-to-local forward mode ("ssh -W host:port ...") is also
    supported. The revised multiplexing protocol is documented in the
    file PROTOCOL.mux in the source distribution.
    * Add a 'read-only' mode to sftp-server(8) that disables open in write
    mode and all other fs-modifying protocol methods. bz#430
    * Allow setting an explicit umask on the sftp-server(8) commandline to
    override whatever default the user has. bz#1229
    * Many improvements to the sftp(1) client, many of which were
    implemented by Carlos Silva through the Google Summer of Code
    - Support the "-h" (human-readable units) flag for ls
    - Implement tab-completion of commands, local and remote filenames
    - Support most of scp(1)'s commandline arguments in sftp(1), as a
      first step towards making sftp(1) a drop-in replacement for scp(1).
      Note that the rarely-used "-P sftp_server_path" option has been
      moved to "-D sftp_server_path" to make way for "-P port" to match
    - Add recursive transfer support for get/put and on the commandline
    * New RSA keys will be generated with a public exponent of RSA_F4 ==
    (2**16)+1 == 65537 instead of the previous value 35.
    * Passphrase-protected SSH protocol 2 private keys are now protected
    with AES-128 instead of 3DES. This applied to newly-generated keys
    as well as keys that are reencrypted (e.g. by changing their
  - cleanup in patches
* Tue Mar 02 2010
  - do not use paths at all, but prereq packages
* Sat Feb 27 2010
  - Use complete path for groupadd and useradd in pre section.
* Tue Feb 23 2010
  - audit patch: add fix for bnc#545271
* Mon Feb 22 2010
  - do not fix uid/gid anymore (bnc#536564)
* Tue Dec 15 2009
  - select large PIE for SPARC, it is required to avoid
    "relocation truncated to fit: R_SPARC_GOT13 against symbol xyz
    defined in COMMON section in sshd.o"
* Mon Sep 21 2009
  - add new version of homechroot patch (added documentation, added
    check for nodev and nosuid)
  - remove Provides and Obsoletes ssh
* Thu Aug 20 2009
  - make sftp in chroot users life easier (ie. bnc#518238),
    many thanks for a patch
* Sun Jul 12 2009
  - readd $SSHD_BIN so that sshd starts at all
* Tue Jul 07 2009  
  - Added a hook for ksshaskpass
* Sun Jul 05 2009
  - readd -f to startproc and remove -p instead to
    ensure that sshd is started even though old instances
    are still running (e.e. being logged in from remote)
* Fri Jun 19 2009
  - disable as-needed for this package as it fails to build with it
* Tue May 26 2009
  - disable -f in startproc to calm the warning (bnc#506831)
* Thu Apr 23 2009
  - do not enable sshd by default



Generated by rpm2html 1.8.1

Fabrice Bellet, Mon Jul 10 03:11:01 2017