packages/openssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
openssh/openssh.spec
bitianyuan 96ea89803e fix CVE-2025-26465 CVE-2025-32728 
Signed-off-by: bitianyuan <bitianyuan@huawei.com>
2025-04-13 21:32:26 +08:00

841 lines
26 KiB
RPMSpec
Raw Permalink Blame History

%global gtk2 1
%global pie 1
# Add option to build without GTK2 for older platforms with only GTK+.
# rpm -ba|--rebuild --define 'no_gtk2 1'
%{?no_gtk2:%global gtk2 0}
%global sshd_uid 74
%global openssh_release 8
Name: openssh
Version: 9.3p2
Release: %{openssh_release}
URL: http://www.openssh.com/portable.html
License: BSD
Summary: An open source implementation of SSH protocol version 2
Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Source1: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
Source2: sshd.pam
Source3: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-0.10.4.tar.gz
Source4: pam_ssh_agent-rmheaders
Source5: ssh-keycat.pam
Source6: sshd.sysconfig
Source7: sshd@.service
Source8: sshd.socket
Source9: sshd.service
Source10: sshd-keygen@.service
Source11: sshd-keygen
Source12: sshd.tmpfiles
Source13: sshd-keygen.target
Source14: ssh-agent.service
Source15: ssh-agent.socket
Source16: ssh-keygen-bash-completion.sh
Patch0: openssh-6.7p1-coverity.patch
Patch1: openssh-7.6p1-audit.patch
Patch2: openssh-7.1p2-audit-race-condition.patch
Patch3: pam_ssh_agent_auth-0.9.3-build.patch
Patch4: pam_ssh_agent_auth-0.10.3-seteuid.patch
Patch5: pam_ssh_agent_auth-0.9.2-visibility.patch
Patch6: pam_ssh_agent_auth-0.9.3-agent_structure.patch
Patch7: pam_ssh_agent_auth-0.10.2-compat.patch
Patch8: pam_ssh_agent_auth-0.10.2-dereference.patch
Patch9: pam_ssh_agent_auth-0.10.4-rsasha2.patch
Patch10: pam_ssh_agent-configure-c99.patch
Patch11: openssh-7.8p1-role-mls.patch
Patch12: openssh-6.6p1-privsep-selinux.patch
Patch14: openssh-6.6p1-keycat.patch
Patch15: openssh-6.6p1-allow-ip-opts.patch
Patch17: openssh-5.9p1-ipv6man.patch
Patch18: openssh-5.8p2-sigpipe.patch
Patch19: openssh-7.2p2-x11.patch
Patch21: openssh-5.1p1-askpass-progress.patch
Patch22: openssh-4.3p2-askpass-grab-info.patch
Patch23: openssh-7.7p1.patch
Patch24: openssh-7.8p1-UsePAM-warning.patch
Patch28: openssh-8.0p1-gssapi-keyex.patch
Patch29: openssh-6.6p1-force_krb.patch
Patch30: openssh-6.6p1-GSSAPIEnablek5users.patch
Patch31: openssh-7.7p1-gssapi-new-unique.patch
Patch32: openssh-7.2p2-k5login_directory.patch
Patch33: openssh-6.6p1-kuserok.patch
Patch34: openssh-6.4p1-fromto-remote.patch
Patch35: openssh-6.6.1p1-selinux-contexts.patch
Patch36: openssh-6.6.1p1-log-in-chroot.patch
Patch37: openssh-6.6.1p1-scp-non-existing-directory.patch
Patch38: openssh-6.8p1-sshdT-output.patch
Patch39: openssh-6.7p1-sftp-force-permission.patch
Patch40: openssh-7.2p2-s390-closefrom.patch
Patch41: openssh-7.3p1-x11-max-displays.patch
Patch42: openssh-7.4p1-systemd.patch
Patch43: openssh-7.6p1-cleanup-selinux.patch
Patch44: openssh-7.5p1-sandbox.patch
Patch45: openssh-8.0p1-pkcs11-uri.patch
Patch46: openssh-7.8p1-scp-ipv6.patch
Patch48: openssh-8.0p1-crypto-policies.patch
Patch49: openssh-9.3p1-merged-openssl-evp.patch
Patch50: openssh-8.0p1-openssl-kdf.patch
Patch51: openssh-8.2p1-visibility.patch
Patch52: openssh-8.2p1-x11-without-ipv6.patch
Patch53: openssh-8.0p1-keygen-strip-doseol.patch
Patch54: openssh-8.0p1-preserve-pam-errors.patch
Patch55: openssh-8.7p1-scp-kill-switch.patch
Patch56: openssh-8.7p1-recursive-scp.patch
Patch57: openssh-8.7p1-minrsabits.patch
Patch58: openssh-8.7p1-ibmca.patch
Patch60: openssh-8.7p1-ssh-manpage.patch
Patch61: openssh-8.7p1-negotiate-supported-algs.patch
Patch66: bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch
Patch67: bugfix-openssh-add-option-check-username-splash.patch
Patch68: feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch
Patch69: bugfix-openssh-fix-sftpserver.patch
Patch70: set-sshd-config.patch
Patch71: feature-add-SMx-support.patch
Patch72: add-loongarch.patch
Patch73: openssh-Add-sw64-architecture.patch
Patch74: add-strict-scp-check-for-CVE-2020-15778.patch
Patch75: skip-scp-test-if-there-is-no-scp-on-remote-path-as-s.patch
Patch77: set-ssh-config.patch
Patch78: backport-CVE-2023-48795-upstream-implement-strict-key-exchange-in-ssh-and-ss.patch
Patch79: backport-CVE-2023-51385-upstream-ban-user-hostnames-with-most-shell-metachar.patch
Patch80: backport-fix-CVE-2024-6387.patch
Patch81: backport-CVE-2023-51384-upstream-apply-destination-constraints-to-all-p11-ke.patch
Patch82: backport-upstream-Make-sure-sftp_get_limits-only-returns-0-if.patch
Patch83: backport-upstream-when-connecting-via-socket-the-default-case.patch
Patch84: backport-upstream-set-errno-EAFNOSUPPORT-when-filtering-addre.patch
Patch85: backport-upstream-when-invoking-KnownHostsCommand-to-determin.patch
Patch86: backport-upstream-ensure-key_fd-is-filled-when-DSA-is-disable.patch
Patch87: backport-upstream-fix-memory-leak-in-mux-proxy-mode-when-requ.patch
Patch88: backport-openssh-7.7p1-fips.patch
Patch89: backport-CVE-2021-36368-added-option-to-disable-trivial-auth.patch
Patch90: backport-upstream-Fix-proxy-multiplexing-O-proxy-bug.patch
Patch91: backport-openssh-6.6p1-keyperm.patch
Patch92: backport-upstream-make-parsing-user-host-consistently-look-for-the-last-in.patch
Patch93: backport-upstream-Do-not-apply-authorized_keys-options-when-signature.patch
Patch94: backport-upstream-some-extra-paranoia.patch
Patch95: backport-fix-CVE-2025-26465.patch
Patch96: backport-fix-CVE-2025-32728.patch
Requires: /sbin/nologin
Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8
Requires: openssh-server = %{version}-%{release}
BuildRequires: gtk2-devel libX11-devel openldap-devel autoconf automake perl-interpreter perl-generators
BuildRequires: zlib-devel audit-libs-devel >= 2.0.5 util-linux groff pam-devel
BuildRequires: openssl-devel >= 0.9.8j perl-podlators systemd-devel gcc p11-kit-devel krb5-devel
BuildRequires: libedit-devel ncurses-devel libselinux-devel >= 2.3-5 audit-libs >= 1.0.8 xauth gnupg2
Recommends: p11-kit
%package clients
Summary: An open source SSH client applications
Requires: openssh = %{version}-%{release}
Requires: crypto-policies >= 20180306-1
%package server
Summary: An open source SSH server daemon
Requires: openssh = %{version}-%{release}
Requires(pre): shadow
Requires: pam >= 1.0.1-3
Requires: crypto-policies >= 20180306-1
%{?systemd_requires}
%package keycat
Summary: A mls keycat backend for openssh
Requires: openssh = %{version}-%{release}
%package askpass
Summary: A passphrase dialog for OpenSSH and X
Requires: openssh = %{version}-%{release}
%package -n pam_ssh_agent_auth
Summary: PAM module for authentication with ssh-agent
Version: 0.10.4
Release: 4.%{openssh_release}
License: BSD
%description
OpenSSH is the premier connectivity tool for remote login with the SSH protocol. \
It encrypts all traffic to eliminate eavesdropping, connection hijacking, and \
other attacks. In addition, OpenSSH provides a large suite of secure tunneling \
capabilities, several authentication methods, and sophisticated configuration options.
%description clients
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package includes
the clients necessary to make encrypted connections to SSH servers.
%description server
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
securely connect to your SSH server.
%description keycat
OpenSSH mls keycat is backend for using the authorized keys in the
openssh in the mls mode.
%description askpass
OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
an X11 passphrase dialog for OpenSSH.
%description -n pam_ssh_agent_auth
Provides PAM module for the use of authentication with ssh-agent. Through the use of the\
forwarding of ssh-agent connection it also allows to authenticate with remote ssh-agent \
instance. The module is most useful for su and sudo service stacks.
%package_help
%prep
%setup -q -a 3
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
%patch3 -p2 -b .psaa-build
%patch4 -p2 -b .psaa-seteuid
%patch5 -p2 -b .psaa-visibility
%patch7 -p2 -b .psaa-compat
%patch6 -p2 -b .psaa-agent
%patch8 -p2 -b .psaa-deref
%patch9 -p2 -b .rsasha2
%patch10 -p1 -b .psaa-configure-c99
# Remove duplicate headers and library files
rm -f $(cat %{SOURCE4})
popd
%patch11 -p1 -b .role-mls
%patch12 -p1 -b .privsep-selinux
%patch14 -p1 -b .keycat
%patch15 -p1 -b .ip-opts
%patch17 -p1 -b .ipv6man
%patch18 -p1 -b .sigpipe
%patch19 -p1 -b .x11
%patch21 -p1 -b .progress
%patch22 -p1 -b .grab-info
%patch23 -p1
%patch24 -p1 -b .log-usepam-no
%patch28 -p1 -b .gsskex
%patch29 -p1 -b .force_krb
%patch31 -p1 -b .ccache_name
%patch32 -p1 -b .k5login
%patch33 -p1 -b .kuserok
%patch34 -p1 -b .fromto-remote
%patch35 -p1 -b .contexts
%patch36 -p1 -b .log-in-chroot
%patch37 -p1 -b .scp
%patch30 -p1 -b .GSSAPIEnablek5users
%patch38 -p1 -b .sshdt
%patch39 -p1 -b .sftp-force-mode
%patch40 -p1 -b .s390-dev
%patch41 -p1 -b .x11max
%patch42 -p1 -b .systemd
%patch43 -p1 -b .refactor
%patch44 -p1 -b .sandbox
%patch45 -p1 -b .pkcs11-uri
%patch46 -p1 -b .scp-ipv6
%patch48 -p1 -b .crypto-policies
%patch49 -p1 -b .openssl-evp
%patch50 -p1 -b .openssl-kdf
%patch51 -p1 -b .visibility
%patch52 -p1 -b .x11-ipv6
%patch53 -p1 -b .keygen-strip-doseol
%patch54 -p1 -b .preserve-pam-errors
%patch55 -p1 -b .kill-scp
%patch56 -p1 -b .scp-sftpdirs
%patch57 -p1 -b .minrsabits
%patch58 -p1 -b .ibmca
%patch60 -p1 -b .ssh-manpage
%patch61 -p1 -b .negotiate-supported-algs
%patch1 -p1 -b .audit
%patch2 -p1 -b .audit-race
%patch0 -p1 -b .coverity
%patch66 -p1
%patch67 -p1
%patch68 -p1
%patch69 -p1
%patch70 -p1
%patch71 -p1
%patch72 -p1
%patch73 -p1
%patch74 -p1
%patch75 -p1
%patch77 -p1
%patch78 -p1
%patch79 -p1
%patch80 -p1
%patch81 -p1
%patch82 -p1
%patch83 -p1
%patch84 -p1
%patch85 -p1
%patch86 -p1
%patch87 -p1
%patch88 -p1
%patch89 -p1
%patch90 -p1
%patch91 -p1
%patch92 -p1
%patch93 -p1
%patch94 -p1
%patch95 -p1
%patch96 -p1
autoreconf
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
autoreconf
popd
%build
CFLAGS="$RPM_OPT_FLAGS -fvisibility=hidden"; export CFLAGS
CFLAGS="$CFLAGS -Os"
%ifarch s390 s390x sparc sparcv9 sparc64
CFLAGS="$CFLAGS -fPIC"
%else
CFLAGS="$CFLAGS -fpic"
%endif
SAVE_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -pie -z relro -z now"
export CFLAGS
export LDFLAGS
if test -r /etc/profile.d/krb5-devel.sh ; then
source /etc/profile.d/krb5-devel.sh
fi
krb5_prefix=`krb5-config --prefix`
if test "$krb5_prefix" != "%{_prefix}" ; then
CPPFLAGS="$CPPFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"; export CPPFLAGS
CFLAGS="$CFLAGS -I${krb5_prefix}/include -I${krb5_prefix}/include/gssapi"
LDFLAGS="$LDFLAGS -L${krb5_prefix}/%{_lib}"; export LDFLAGS
else
krb5_prefix=
CPPFLAGS="-I%{_includedir}/gssapi"; export CPPFLAGS
CFLAGS="$CFLAGS -I%{_includedir}/gssapi"
fi
%configure \
--sysconfdir=%{_sysconfdir}/ssh --libexecdir=%{_libexecdir}/openssh \
--datadir=%{_datadir}/openssh --with-default-path=/usr/local/bin:/usr/bin:/usr/local/sbin:/usr/sbin \
--with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
--with-privsep-path=%{_var}/empty/sshd --disable-strip \
--without-zlib-version-check --with-ssl-engine --with-ipaddr-display \
--with-pie=no --without-hardening --with-systemd --with-default-pkcs11-provider=yes \
--with-pam --with-selinux --with-audit=linux --with-security-key-buildin=yes \
%ifnarch riscv64 loongarch64 sw_64
--with-sandbox=seccomp_filter \
%endif
--with-kerberos5${krb5_prefix:+=${krb5_prefix}} --with-libedit
make
gtk2=yes
pushd contrib
if [ $gtk2 = yes ] ; then
CFLAGS="$CFLAGS %{?__global_ldflags}" \
make gnome-ssh-askpass2
mv gnome-ssh-askpass2 gnome-ssh-askpass
else
CFLAGS="$CFLAGS %{?__global_ldflags}"
make gnome-ssh-askpass1
mv gnome-ssh-askpass1 gnome-ssh-askpass
fi
popd
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
LDFLAGS="$SAVE_LDFLAGS"
%configure --with-selinux --libexecdir=/%{_libdir}/security --with-mantype=man \
--without-openssl-header-check
make
popd
%check
if [ -e /sys/fs/selinux/enforce ]; then
# Store the SElinux state
cat /sys/fs/selinux/enforce > selinux.tmp
setenforce 0
fi
make tests
if [ -e /sys/fs/selinux/enforce ]; then
# Restore the SElinux state
cat selinux.tmp > /sys/fs/selinux/enforce
rm -rf selinux.tmp
fi
%install
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/ssh/ssh_config.d
mkdir -p -m755 $RPM_BUILD_ROOT%{_libexecdir}/openssh
mkdir -p -m755 $RPM_BUILD_ROOT%{_var}/empty/sshd
mkdir -p -m755 $RPM_BUILD_ROOT%{_sysconfdir}/bash_completion.d
%make_install
install -d $RPM_BUILD_ROOT/etc/pam.d/
install -d $RPM_BUILD_ROOT/etc/sysconfig/
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
install -m644 %{SOURCE5} $RPM_BUILD_ROOT/etc/pam.d/ssh-keycat
install -m644 %{SOURCE6} $RPM_BUILD_ROOT/etc/sysconfig/sshd
install -d -m755 $RPM_BUILD_ROOT/%{_unitdir}
install -m644 %{SOURCE7} $RPM_BUILD_ROOT/%{_unitdir}/sshd@.service
install -m644 %{SOURCE8} $RPM_BUILD_ROOT/%{_unitdir}/sshd.socket
install -m644 %{SOURCE9} $RPM_BUILD_ROOT/%{_unitdir}/sshd.service
install -m644 %{SOURCE10} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen@.service
install -m644 %{SOURCE13} $RPM_BUILD_ROOT/%{_unitdir}/sshd-keygen.target
install -d -m755 $RPM_BUILD_ROOT/%{_userunitdir}
install -m644 %{SOURCE14} $RPM_BUILD_ROOT/%{_userunitdir}/ssh-agent.service
install -m644 %{SOURCE15} $RPM_BUILD_ROOT/%{_userunitdir}/ssh-agent.socket
install -m744 %{SOURCE11} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/sshd-keygen
install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
install -m644 -D %{SOURCE12} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf
install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass
install -m644 %{SOURCE16} $RPM_BUILD_ROOT/etc/bash_completion.d/ssh-keygen-bash-completion.sh
ln -s gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass
install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
make install DESTDIR=$RPM_BUILD_ROOT
popd
%pre
getent group ssh_keys >/dev/null || groupadd -r ssh_keys || :
%pre server
getent group sshd >/dev/null || groupadd -g %{sshd_uid} -r sshd || :
getent passwd sshd >/dev/null || \
useradd -c "Privilege-separated SSH" -u %{sshd_uid} -g sshd \
-s /sbin/nologin -r -d /var/empty/sshd sshd 2> /dev/null || :
%post server
%systemd_post sshd.service sshd.socket
%preun server
%systemd_preun sshd.service sshd.socket
%postun server
%systemd_postun_with_restart sshd.service
%post clients
%systemd_user_post ssh-agent.service
%systemd_user_post ssh-agent.socket
%preun clients
%systemd_user_preun ssh-agent.service
%systemd_user_preun ssh-agent.socket
%files
%license LICENCE
%doc CREDITS README.platform
%attr(0755,root,root) %dir %{_sysconfdir}/ssh
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
%attr(0755,root,root) %{_bindir}/ssh-keygen
%attr(0755,root,root) %dir %{_libexecdir}/openssh
%attr(2555,root,ssh_keys) %{_libexecdir}/openssh/ssh-keysign
%attr(0644,root,root) %{_sysconfdir}/bash_completion.d/ssh-keygen-bash-completion.sh
%files clients
%attr(0755,root,root) %{_bindir}/ssh
%attr(0755,root,root) %{_bindir}/scp
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config
%attr(0755,root,root) %{_bindir}/ssh-agent
%attr(0755,root,root) %{_bindir}/ssh-add
%attr(0755,root,root) %{_bindir}/ssh-keyscan
%attr(0755,root,root) %{_bindir}/sftp
%attr(0755,root,root) %{_bindir}/ssh-copy-id
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-pkcs11-helper
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-sk-helper
%attr(0644,root,root) %{_userunitdir}/ssh-agent.service
%attr(0644,root,root) %{_userunitdir}/ssh-agent.socket
%files server
%dir %attr(0711,root,root) %{_var}/empty/sshd
%attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
%attr(0755,root,root) %{_libexecdir}/openssh/sshd-keygen
%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
%attr(0644,root,root) %config(noreplace) /etc/pam.d/sshd
%attr(0640,root,root) %config(noreplace) /etc/sysconfig/sshd
%attr(0644,root,root) %{_unitdir}/sshd.service
%attr(0644,root,root) %{_unitdir}/sshd@.service
%attr(0644,root,root) %{_unitdir}/sshd.socket
%attr(0644,root,root) %{_unitdir}/sshd-keygen@.service
%attr(0644,root,root) %{_unitdir}/sshd-keygen.target
%attr(0644,root,root) %{_tmpfilesdir}/openssh.conf
%files keycat
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat
%attr(0644,root,root) %config(noreplace) /etc/pam.d/ssh-keycat
%files askpass
%attr(0644,root,root) %{_sysconfdir}/profile.d/gnome-ssh-askpass.*
%attr(0755,root,root) %{_libexecdir}/openssh/gnome-ssh-askpass
%attr(0755,root,root) %{_libexecdir}/openssh/ssh-askpass
%files -n pam_ssh_agent_auth
%license pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/OPENSSH_LICENSE
%attr(0755,root,root) %{_libdir}/security/pam_ssh_agent_auth.so
%attr(0644,root,root) %{_mandir}/man8/pam_ssh_agent_auth.8*
%files help
%doc ChangeLog OVERVIEW PROTOCOL* README README.privsep README.tun README.dns TODO
%doc HOWTO.ssh-keycat
%attr(0644,root,root) %{_mandir}/man1/scp.1*
%attr(0644,root,root) %{_mandir}/man1/ssh*.1*
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
%attr(0644,root,root) %{_mandir}/man5/ssh*.5*
%attr(0644,root,root) %{_mandir}/man5/moduli.5*
%attr(0644,root,root) %{_mandir}/man8/ssh*.8*
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
%changelog
* Fri Apr 11 2025 bitianyuan<bitianyuan@huawei.com> - 9.3p2-8
- Type:CVE
- CVE:CVE-2025-26465 CVE-2025-32728
- SUG:NA
- DESC:fix CVE-2025-26465 CVE-2025-32728
* Tue Jan 14 2025 bitianyuan <bitianyuan@huawei.com> - 9.3p2-7
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix the missing member of the struct Authmethod method_gsskeyex
* Tue Oct 29 2024 bitianyuan <bitianyuan@huawei.com> - 9.3p2-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:backport some upstream patches
* Fri Jul 12 2024 renmingshuai <renmingshuai@huawei.com> - 9.3p2-5
- Type:CVE
- CVE:CVE-2023-51384
- SUG:NA
- DESC:Fix CVE-2023-51384
* Tue Jul 2 2024 renmingshuai <renmingshuai@huawei.com> - 9.3p2-4
- Type:CVE
- CVE:CVE-2024-6387
- SUG:NA
- DESC:Fix CVE-2024-6387
* Mon Apr 29 2024 renmingshuai <renmingshuai@huawei.com> - 9.3p2-3
- Type:bugfix
- CVE:
- SUG:NA
- DESC:Disable SElinux when make tests
* Wed Jan 31 2024 renmingshuai<renmingshuai@huawei.com> - 9.3p2-2
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:move pam_ssh_agent_auth man page to sub-package
* Wed Jan 24 2024 renmingshuai<renmingshuai@huawei.com> - 9.3p2-1
- Type:update
- CVE:NA
- SUG:NA
- DESC:update to 9.3p2
* Tue Dec 26 2023 renmingshuai<renmingshuai@huawei.com> - 9.3p1-3
- Type:CVE
- CVE:CVE-2023-48795,CVE-2023-51385
- SUG:NA
- DESC:fix CVE-2023-48795 and CVE-2023-51385
* Fri Aug 25 2023 renmingshuai<renmingshuai@huawei.com> - 9.3p1-2
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:use correct ssh-agent.socket name
* Thu Jul 27 2023 renmingshuai<renmingshuai@huawei.com> - 9.3p1-1
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:update to 9.3p1
* Tue Jun 13 2023 renmingshuai<renmingshuai@huawei.com> - 9.1p1-6
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix misspelling
* Sat May 27 2023 renmingshuai<renmingshuai@huawei.com> - 9.1p1-5
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix environment variable
* Sat Mar 18 2023 renmingshuai<renmingshuai@huawei.com> - 9.1p1-4
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:backport some upstreams patches and delete unused patches
* Tue Feb 28 2023 renmingshuai<renmingshuai@huawei.com> - 9.1p1-3
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:set default ssh_config
* Mon Feb 06 2023 renmingshuai<renmingshuai@huawei.com> - 9.1p1-2
- Type:CVE
- CVE:CVE-2023-25136
- SUG:NA
- DESC:fix CVE-2023-25136
* Mon Jan 30 2023 renmingshuai<renmingshuai@huawei.com> - 9.1p1-1
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:update to openssh-9.1p1
* Mon Jan 9 2023 renmingshuai <renmingshuai@huawei.com> - 8.8p1-17
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix possible NULL deref when built without FIDO
* Tue Jan 3 2023 renmingshuai <renmingshuai@huawei.com> - 8.8p1-16
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix test failure and always make tests
* Thu Dec 29 2022 renmingshuai <renmingshuai@huawei.com> - 8.8p1-15
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:avoid integer overflow of auth attempts
* Thu Dec 29 2022 renmingshuai <renmingshuai@huawei.com> - 8.8p1-14
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:PubkeyAcceptedKeyTypes has been renamed to PubkeyAcceptedAlgorithms in openssh-8.5p1
* Thu Dec 29 2022 renmingshuai <renmingshuai@huawei.com> - 8.8p1-13
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:add strict scp check for CVE-2020-15778
* Thu Dec 29 2022 renmingshuai <renmingshuai@huawei.com> - 8.8p1-12
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:backport some upstream patches
* Thu Dec 29 2022 renmingshuai <renmingshuai@huawei.com> - 8.8p1-11
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:add sw_64
* Fri Dec 16 2022 renmingshuai <renmingshuai@huawei.com> - 8.8p1-10
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:Fix ssh-keygen -Y check novalidate requires name
* Mon Nov 28 2022 zhaozhen <zhaozhen@loongson.cn> - 8.8p1-9
- Type:feature
- CVE:NA
- SUG:NA
- DESC:Add loongarch64 support
* Mon Nov 28 2022 renmingshuai<renmingshuai@huawei.com> - 8.8p1-8
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:add better debugging
* Wed Nov 2 2022 renmingshuai<renmingshuai@huawei.com> - 8.8p1-7
- Type:requirement
- CVE:NA
- SUG:NA
- DESC:add ssh-keygen bash completion
* Thu Sep 01 2022 duyiwei<duyiwei@kylinos.cn> - 8.8P1-6
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:enable "include /etc/ssh/sshd_config.d/*.config" again
* Fri Jul 29 2022 kircher<majun65@huawei.com> - 8.8p1-5
- Type:bugfix
- CVE:Na
- SUG:NA
- DESC:add SMx support in openssh
* Thu May 05 2022 seuzw<930zhaowei@163.com> - 8.8p1-4
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:fix incorrect sftp-server binary path in /etc/ssh/sshd_config
* Wed Mar 09 2022 duyiwei<duyiwei@kylinos.cn> - 8.8P1-3
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:enable "include /etc/ssh/sshd_config.d/*.config"
* Mon Mar 07 2022 kircher<majun65@huawei.com> - 8.8P1-2
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:add sshd.tmpfiles
* Thu Oct 28 2021 kircher<kircherlike@outlook.com> - 8.8P1-1
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:update to openssh-8.8p1
* Fri Oct 8 2021 renmingshuai<renmingshuai@hauwei.com> - 8.2P1-15
- Type:cves
- CVE:CVE-2021-41617
- SUG:NA
- DESC:fix CVE-2021-41617
* Sat Sep 18 2021 kircher<kircherlike@outlook.com> - 8.2P1-14
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:backport patch from github to fix NULL ref
* Fri Jul 30 2021 kircher<majun65@huawei.com> - 8.2P1-13
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:remove debug message from sigchld handler
* Tue Jul 20 2021 seuzw<930zhaowei@163.com> - 8.2P1-12
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:move closefrom to before first malloc
* Fri Jul 09 2021 panchenbo<panchenbo@uniontech.com> - 8.2P1-11
- fix pam_ssh_agent_auth.8.gz conflicts
* Thu May 20 2021 seuzw<930zhaowei@163.com> - 8.2P1-10
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:add strict-scp-check for check command injection
* Mon Jan 4 2021 chxssg<chxssg@qq.com> - 8.2P1-9
- Type:cves
- CVE:CVE-2020-14145
- SUG:NA
- DESC:fix CVE-2020-14145
* Wed Nov 18 2020 gaihuiying<gaihuiying1@huawei.com> - 8.2P1-8
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:adjust pam_ssh_agent_auth release number
* Tue Nov 17 2020 gaihuiying<gaihuiying1@huawei.com> - 8.2P1-7
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:keep pam_ssh_agent_auth change release number with openssh
* Tue Sep 15 2020 liulong<liulong20@huawei.com> - 8.2P1-6
- Type:cves
- ID:CVE-2018-15919
- SUG:NA
- DESC:Fix CVE-2018-15919
* Thu Jul 2 2020 zhouyihang<zhouyihang3@huawei.com> - 8.2P1-5
- Type:cves
- ID:CVE-2020-12062
- SUG:NA
- DESC:Fix CVE-2020-12062
* Tue Jun 9 2020 openEuler Buildteam <buildteam@openeuler.org> - 8.2P1-4
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:add requires for openssh-server in openssh
* Wed May 6 2020 openEuler Buildteam <buildteam@openeuler.org> - 8.2P1-3
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix update problem
* Sat Apr 18 2020 openEuler Buildteam <buildteam@openeuler.org> - 8.2P1-2
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:fix pre problem
* Thu Apr 16 2020 openEuler Buildteam <buildteam@openeuler.org> - 8.2P1-1
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:update to 8.2P1
* Mon Mar 30 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-12
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:move sshd.service in %post server
* Wed Mar 18 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-11
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:reduction of authority
* Fri Mar 13 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-10
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:separate package
* Thu Mar 5 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-9
- Type:cves
- ID:CVE-2018-15919
- SUG:NA
- DESC:Fix CVE-2018-15919
* Thu Mar 5 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-8
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:debug3 to verbose in command line
* Tue Jan 21 2020 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-7
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:add the patch for bugfix
* Mon Dec 23 2019 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-6
- Type:bugfix
- ID:NA
- SUG:NA
- DESC:delete the patch
* Sat Dec 21 2019 openEuler Buildteam <buildteam@openeuler.org> - 7.8P1-5
- Type:cves
- ID:NA
- SUG:restart
- DESC:fix cves
* Fri Sep 20 2019 openEuler Buildteam <buildteam@openeuler.org> - 7.8p1-4
- Package init
Reference in New Issue View Git Blame Copy Permalink