* New upstream release (closes: #536182). Yes, I know 5.3p1 has been out

for a while, but there's no GSSAPI patch available for it yet. - Change the default cipher order to prefer the AES CTR modes and the revised "arcfour256" mode to CBC mode ciphers that are susceptible to CPNI-957037 "Plaintext Recovery Attack Against SSH". - Add countermeasures to mitigate CPNI-957037-style attacks against the SSH protocol's use of CBC-mode ciphers. Upon detection of an invalid packet length or Message Authentication Code, ssh/sshd will continue reading up to the maximum supported packet length rather than immediately terminating the connection. This eliminates most of the known differences in behaviour that leaked information about the plaintext of injected data which formed the basis of this attack (closes: #506115, LP: #379329). - ForceCommand directive now accepts commandline arguments for the internal-sftp server (closes: #524423, LP: #362511). - Add AllowAgentForwarding to available Match keywords list (closes: #540623). - Make ssh(1) send the correct channel number for SSH2_MSG_CHANNEL_SUCCESS and SSH2_MSG_CHANNEL_FAILURE messages to avoid triggering 'Non-public channel' error messages on sshd(8) in openssh-5.1. - Avoid printing 'Non-public channel' warnings in sshd(8), since the ssh(1) has sent incorrect channel numbers since ~2004 (this reverts a behaviour introduced in openssh-5.1; closes: #496017). * Update to GSSAPI patch from http://www.sxw.org.uk/computing/patches/openssh-5.2p1-gsskex-all-20090726.patch, including cascading credentials support (LP: #416958).
author: Colin Watson <cjwatson@debian.org> 2010-01-01 23:53:30 +0000
committer: Colin Watson <cjwatson@debian.org> 2010-01-01 23:53:30 +0000
commit: df03186a4f9e0c2ece398b5c0571cb6263d7a752 (patch)
tree: 1aab079441dff9615274769b19f2d734ddf508dd /contrib/caldera/openssh.spec
parent: 6ad6994c288662fca6949f42bf91fec2aff00bca (diff)
parent: 99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (diff)
1 files changed, 4 insertions, 4 deletions
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 32d175d4b..42dbcfeeb 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,11 +17,11 @@
 #old cvs stuff.  please update before use.  may be deprecated.
 %define use_stable      1
 %if %{use_stable}
-  %define version       5.1p1
+  %define version       5.2p1
  %define cvs           %{nil}
  %define release       1
 %else
-  %define version       5.1p1
+  %define version       5.2p1
  %define cvs           cvs20050315
  %define release       0r1
 %endif
@@ -251,7 +251,7 @@ install -m 0755 contrib/caldera/ssh-host-keygen $SKG
 # install remaining docs
 DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
 mkdir -p $DocD/%{askpass}
-cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO  $DocD
+cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD
 install -p -m 0444 %{SOURCE3}  $DocD/faq.html
 cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad}  $DocD/%{askpass}
 %if %{use_stable}
@@ -358,4 +358,4 @@ fi
 * Mon Jan 01 1998 ...
 Template Version: 1.31
-$Id: openssh.spec,v 1.65 2008/07/21 08:21:53 djm Exp $
+$Id: openssh.spec,v 1.66 2009/02/21 07:03:05 djm Exp $
author	Colin Watson <cjwatson@debian.org>	2010-01-01 23:53:30 +0000
committer	Colin Watson <cjwatson@debian.org>	2010-01-01 23:53:30 +0000
commit	df03186a4f9e0c2ece398b5c0571cb6263d7a752 (patch)
tree	1aab079441dff9615274769b19f2d734ddf508dd /contrib/caldera/openssh.spec
parent	6ad6994c288662fca6949f42bf91fec2aff00bca (diff)
parent	99b402ea4c8457b0a3cafff37f5b3410a8dc6476 (diff)

diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 32d175d4b..42dbcfeeb 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec
@@ -17,11 +17,11 @@
17	#old cvs stuff. please update before use. may be deprecated.	17	#old cvs stuff. please update before use. may be deprecated.
18	%define use_stable 1	18	%define use_stable 1
19	%if %{use_stable}	19	%if %{use_stable}
20	%define version 5.1p1	20	%define version 5.2p1
21	%define cvs %{nil}	21	%define cvs %{nil}
22	%define release 1	22	%define release 1
23	%else	23	%else
24	%define version 5.1p1	24	%define version 5.2p1
25	%define cvs cvs20050315	25	%define cvs cvs20050315
26	%define release 0r1	26	%define release 0r1
27	%endif	27	%endif
@@ -251,7 +251,7 @@ install -m 0755 contrib/caldera/ssh-host-keygen $SKG
251	# install remaining docs	251	# install remaining docs
252	DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"	252	DocD="%{buildroot}%{_defaultdocdir}/%{name}-%{version}"
253	mkdir -p $DocD/%{askpass}	253	mkdir -p $DocD/%{askpass}
254	cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO $DocD	254	cp -a CREDITS ChangeLog LICENCE OVERVIEW README* TODO PROTOCOL* $DocD
255	install -p -m 0444 %{SOURCE3} $DocD/faq.html	255	install -p -m 0444 %{SOURCE3} $DocD/faq.html
256	cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass}	256	cp -a %{askpass}/{README,ChangeLog,TODO,SshAskpass*.ad} $DocD/%{askpass}
257	%if %{use_stable}	257	%if %{use_stable}
@@ -358,4 +358,4 @@ fi
358	* Mon Jan 01 1998 ...	358	* Mon Jan 01 1998 ...
359	Template Version: 1.31	359	Template Version: 1.31
360		360
361	$Id: openssh.spec,v 1.65 2008/07/21 08:21:53 djm Exp $	361	$Id: openssh.spec,v 1.66 2009/02/21 07:03:05 djm Exp $