http://bugzilla.suse.com/show_bug.cgi?id=931429 Marcus Meissner changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |werner@suse.com -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=931429 Petr Cerny changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(pcerny@suse.com) | --- Comment #3 from Petr Cerny --- The update in openSUSE has been on my todo list for many months, yet there are some issues with FIPS patches which I haven't had time to deal with due to more pressing things. I should be able to look into it in the upcoming weeks now. As for the tcpwrappers - I don't feel very comfortable with adding it back. While I'm fine with adding the patch as such, I don't see a good reason to build it by default, especially when building own packages in BS is really easy. From my point of view tcpwrappers are legacy - feel free to try to convince me otherwise, though. -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=931429 --- Comment #5 from Dr. Werner Fink --- Created attachment 634875 --> http://bugzilla.suse.com/attachment.cgi?id=634875&action=edit openssh-6.8p1-fips.patch (In reply to Petr Cerny from comment #3) Not sure if this is correct, but the MD5 in key.c is gone and the do_ssh1_kex() part in sshd.c seems to be moved to use derive_ssh1_session_id() from kex.c which is already handled by the fips patch. Though ... I've not tested it -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=931429 --- Comment #7 from Petr Cerny --- (In reply to Werner Fink from comment #6)

I hang on patch openssh-6.6p1-audit5-session_key_destruction.patch as upstream has changed a lot in e.g. ssh_packet_close() of packet.c ... that is the changes becomes not trivial and without deep knowledge on audit memory management the risk of crashing and/or causing a memory leak increases a lot.

I'll copy my current tree to ~werner/Export/

The question rises if there is an upstream source for FIPS as well as audit patches for `openssh-6.8p1'

Not really. As far as I know, the only upstream for both the FIPS us and RH (because I didn't really like the way they did it, I deviated from them). The audit patches are easier, since those I took verbatim from Fedora (several versions back). -- You are receiving this mail because: You are on the CC list for the bug.

http://bugzilla.suse.com/show_bug.cgi?id=931429 http://bugzilla.suse.com/show_bug.cgi?id=931429#c9 Tomáš Chvátal changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |WONTFIX --- Comment #9 from Tomáš Chvátal --- This version of openSUSE changed to end-of-life (EOL [1]) status. As such it is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of openSUSE, or consider the bug still valid, please feel free to reopen this bug against that version, or open a new ticket. Thank you for reporting this bug and we are sorry it could not be fixed during the lifetime of the release. [1] https://en.opensuse.org/Lifetime -- You are receiving this mail because: You are on the CC list for the bug.