openssh-askpass-5.8p1-11.1e>UA4Eb6H_@秕ްԈ?Vc$jk̲}]iyT\E˒]>5.?.d  U .7L e    i H |  (8"9d":"F,G,H,I,X,Y,\-]-(^-wb-c.,d.e.f.l.z.Copenssh-askpass5.8p111.1A passphrase dialog for OpenSSH and the X Window SystemSsh (Secure Shell) is a program for logging into a remote machine and for executing commands on a remote machine. This package contains an X Window System passphrase dialog for OpenSSH.Vcmorla1openSUSE 11.4openSUSEBSD-3-Clause and MIThttp://bugs.opensuse.orgProductivity/Networking/SSHhttp://www.openssh.com/linuxx86_64wP u$$V[V]V[V]V[f222516d6f883c833b16b5cb740ea6a1f6a965a9a7005be084a8750f370f94e9089ecec74cd107beeaa9b2fb76d880e182a3f79c9796e121a8e311e725e9df8fx11-ssh-askpass.1x.gzrootrootrootrootrootrootrootrootrootrootopenssh-5.8p1-11.1.src.rpmopenssh:/usr/lib64/ssh/ssh-askpassopenssh-askpassopenssh-askpass(x86-64)  @@@@@@@@@ opensshrpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libICE.so.6()(64bit)libSM.so.6()(64bit)libX11.so.6()(64bit)libXt.so.6()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)rpmlib(PayloadIsLzma)5.8p14.0-13.0.4-14.4.6-14.8.0V@MK@MJM=iM-L@Lr@L@LZ@LL@Ls@Lnn@LH2LEL+1K/K;@KыKP@K@KK @K@KqK'z@JjJ:JY@JS8JPJ;}JIX@mkubecek@suse.czlchiquitto@novell.compcerny@novell.comlchiquitto@novell.comsbrabec@suse.czlnussel@suse.decristian.rodriguez@opensuse.orgcoolo@novell.comjengelh@medozas.decrrodriguez@opensuse.organicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czanicka@suse.czmeissner@suse.decristian.rodriguez@opensuse.organicka@suse.czanicka@suse.czmeissner@suse.deanicka@suse.czcoolo@novell.comaj@suse.deanicka@suse.czanicka@suse.czjengelh@medozas.deanicka@suse.czanicka@suse.czcoolo@novell.comllunak@novell.com dmueller@novell.comcoolo@novell.comanicka@suse.czlnussel@suse.de- CVE-2016-077-7_8.patch: disable roaming code to prevent information leak and buffer overflow (CVE-2016-0777 bsc#961642 CVE-2016-0778 bsc#961645)- Update to 5.8p1 * Fix vulnerability in legacy certificate signing introduced in OpenSSH-5.6 and found by Mateusz Kocielski. * Fix compilation failure when enableing SELinux support. * Do not attempt to call SELinux functions when SELinux is disabled. - Remove patch that is now upstream: * openssh-5.7p1-selinux.diff- specfile/patches cleanup- Update to 5.7p1 * Implement Elliptic Curve Cryptography modes for key exchange (ECDH) and host/user keys (ECDSA) as specified by RFC5656. * sftp(1)/sftp-server(8): add a protocol extension to support a hard link operation. * scp(1): Add a new -3 option to scp: Copies between two remote hosts are transferred through the local host. * ssh(1): automatically order the hostkeys requested by the client based on which hostkeys are already recorded in known_hosts. * ssh(1)/sshd(8): add a new IPQoS option to specify arbitrary TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput. * sftp(1): the sftp client is now significantly faster at performing directory listings, using OpenBSD glob(3) extensions to preserve the results of stat(3) operations performed in the course of its execution rather than performing expensive round trips to fetch them again afterwards. * ssh(1): "atomically" create the listening mux socket by binding it on a temporary name and then linking it into position after listen() has succeeded. * ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server configuration to allow selection of which key exchange methods are used by ssh(1) and sshd(8) and their order of preference. * sftp(1)/scp(1): factor out bandwidth limiting code from scp(1) into a generic bandwidth limiter that can be attached using the atomicio callback mechanism and use it to add a bandwidth limit option to sftp(1). * Support building against openssl-1.0.0a. * Bug fixes. - Remove patches that are now upstream: * openssh-5.6p1-tmpdir.diff * openssh-linux-new-oomkill.patch - Add upstream patch to fix build with SELinux enabled.- Removed relics of no more implemented opensc support.- add pam_lastlog to show failed login attempts - remove permissions handling, no special handling needed- Use upstream oom_adj is deprecated patch- remove the code trying to patch X11 paths - which was broken for a very long time and was useless anyway as the Makefiles do this correctly themselves- Use %_smp_mflags- Fix warning "oom_adj is deprecated use oom_score_adj instead"- actualize README.SuSE (bnc#638893)- update to 5.6p1 * Added a ControlPersist option to ssh_config(5) that automatically starts a background ssh(1) multiplex master when connecting. * Hostbased authentication may now use certificate host keys. * ssh-keygen(1) now supports signing certificate using a CA key that has been stored in a PKCS#11 token. * ssh(1) will now log the hostname and address that we connected to at LogLevel=verbose after authentication is successful to mitigate "phishing" attacks by servers with trusted keys that accept authentication silently and automatically before presenting fake password/passphrase prompts. * Expand %h to the hostname in ssh_config Hostname options. * Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8 keys in addition to RFC4716 (SSH.COM) encodings via a new -m option * sshd(8) will now queue debug messages for bad ownership or permissions on the user's keyfiles encountered during authentication and will send them after authentication has successfully completed. * ssh(1) connection multiplexing now supports remote forwarding with dynamic port allocation and can report the allocated port back to the user * sshd(8) now supports indirection in matching of principal names listed in certificates. * sshd(8) now has a new AuthorizedPrincipalsFile option to specify a file containing a list of names that may be accepted in place of the username when authorizing a certificate trusted via the sshd_config(5) TrustedCAKeys option. * Additional sshd_config(5) options are now valid inside Match blocks * Revised the format of certificate keys. * bugfixes - removed -forward patch (SSH_MAX_FORWARDS_PER_DIRECTION not hard-coded any more), removed memory leak fix (fixed in upstream)- hint user how to remove offending keys (bnc#625552)- update to 5.5p1- update to 5.5p1 * Allow ChrootDirectory to work in SELinux platforms. * bugfixes- Disable visual hostkey support again, after discussion on its usefulness.- Hardware crypto is supported and patched but never enabled, need to use --with-ssl-engine explicitely- fixed memory leak in sftp (bnc#604274)- honour /etc/nologin (bnc#530885)- Enable VisualHostKey (ascii art of the hostkey fingerprint) and HashHostKeys (hardening measure to make them unusable for worms/malicious users for further host hopping).- update to 5.4p1 * After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. * Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is automatically enabled on all platforms that support dlopen(3) and was inspired by patches written by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages. * Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (not X.509). Certificates contain a public key, identity information and some validity constraints and are signed with a standard SSH public key using ssh-keygen(1). CA keys may be marked as trusted in authorized_keys or via a TrustedUserCAKeys option in sshd_config(5) (for user authentication), or in known_hosts (for host authentication). Documentation for certificate support may be found in ssh-keygen(1), sshd(8) and ssh(1) and a description of the protocol extensions in PROTOCOL.certkeys. * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects stdio on the client to a single port forward on the server. This allows, for example, using ssh as a ProxyCommand to route connections via intermediate servers. bz#1618 * Add the ability to revoke keys in sshd(8) and ssh(1). User keys may be revoked using a new sshd_config(5) option "RevokedKeys". Host keys are revoked through known_hosts (details in the sshd(8) man page). Revoked keys cannot be used for user or host authentication and will trigger a warning if used. * Rewrite the ssh(1) multiplexing support to support non-blocking operation of the mux master, improve the resilience of the master to malformed messages sent to it by the slave and add support for requesting port- forwardings via the multiplex protocol. The new stdio-to-local forward mode ("ssh -W host:port ...") is also supported. The revised multiplexing protocol is documented in the file PROTOCOL.mux in the source distribution. * Add a 'read-only' mode to sftp-server(8) that disables open in write mode and all other fs-modifying protocol methods. bz#430 * Allow setting an explicit umask on the sftp-server(8) commandline to override whatever default the user has. bz#1229 * Many improvements to the sftp(1) client, many of which were implemented by Carlos Silva through the Google Summer of Code program: - Support the "-h" (human-readable units) flag for ls - Implement tab-completion of commands, local and remote filenames - Support most of scp(1)'s commandline arguments in sftp(1), as a first step towards making sftp(1) a drop-in replacement for scp(1). Note that the rarely-used "-P sftp_server_path" option has been moved to "-D sftp_server_path" to make way for "-P port" to match scp(1). - Add recursive transfer support for get/put and on the commandline * New RSA keys will be generated with a public exponent of RSA_F4 == (2**16)+1 == 65537 instead of the previous value 35. * Passphrase-protected SSH protocol 2 private keys are now protected with AES-128 instead of 3DES. This applied to newly-generated keys as well as keys that are reencrypted (e.g. by changing their passphrase). - cleanup in patches- do not use paths at all, but prereq packages- Use complete path for groupadd and useradd in pre section.- audit patch: add fix for bnc#545271- do not fix uid/gid anymore (bnc#536564)- select large PIE for SPARC, it is required to avoid "relocation truncated to fit: R_SPARC_GOT13 against symbol xyz defined in COMMON section in sshd.o"- add new version of homechroot patch (added documentation, added check for nodev and nosuid) - remove Provides and Obsoletes ssh- make sftp in chroot users life easier (ie. bnc#518238), many thanks jchadima@redhat.com for a patch- readd $SSHD_BIN so that sshd starts at all- Added a hook for ksshaskpass- readd -f to startproc and remove -p instead to ensure that sshd is started even though old instances are still running (e.e. being logged in from remote)- disable as-needed for this package as it fails to build with it- disable -f in startproc to calm the warning (bnc#506831)- do not enable sshd by defaultmorla1 1452862563 hP h hO h7 h25.8p1-11.15.8p1-11.1ssh-askpassx11-ssh-askpassSshAskpassssh-askpass.1x.gzx11-ssh-askpass.1x.gz/usr/lib64/ssh//usr/share/X11/app-defaults//usr/share/man/man1/-fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Evergreen:Maintenance:363/openSUSE_Evergreen_11.4/dbc6fea37a4e5d98d3bc1c7339d1cd5d-openssh.openSUSE_Evergreen_11.4drpmlzma5x86_64-suse-linuxpFpEBd]?]"k%r.5KA aQon#Gox_lV| ^ڦeFcrΦd9kɓ@zf-\e@3SZ_1 [A#|Qidb.)ț"qaE;=429Sd'hj_gIU+zX|RgMj4umM[&Wۻ2X^ZSg|QPeSAmŞh֘4`IX_!gtDmm7+w<*e"I:|Ii_DQ\{%+M~^ax !%x/w1I-KePy(15L1skpN.͡.^CQlU w5S9w!Aր$!1FF<Нhe/