e8b9919265
- Fix preauth seccomp separation on mainframes (bsc#1016709) [openssh-7.2p2-s390_hw_crypto_syscalls.patch] [openssh-7.2p2-s390_OpenSSL-ibmpkcs11_syscalls.patch] - enable case-insensitive hostname matching (bsc#1017099) [openssh-7.2p2-ssh_case_insensitive_host_matching.patch] - add CAVS tests [openssh-7.2p2-cavstest-ctr.patch] [openssh-7.2p2-cavstest-kdf.patch] - Adding missing pieces for user matching (bsc#1021626) - Properly verify CIDR masks in configuration (bsc#1005893) [openssh-7.2p2-verify_CIDR_address_ranges.patch] - Remove pre-auth compression support from the server to prevent possible cryptographic attacks. (CVE-2016-10012, bsc#1016370) [openssh-7.2p2-disable_preauth_compression.patch] - limit directories for loading PKCS11 modules (CVE-2016-10009, bsc#1016366) [openssh-7.2p2-restrict_pkcs11-modules.patch] - Prevent possible leaks of host private keys to low-privilege process handling authentication (CVE-2016-10011, bsc#1016369) [openssh-7.2p2-prevent_private_key_leakage.patch] - Do not allow unix socket forwarding when running without privilege separation (CVE-2016-10010, bsc#1016368) [openssh-7.2p2-secure_unix_sockets_forwarding.patch] - prevent resource depletion during key exchange (bsc#1005480, CVE-2016-8858) [openssh-7.2p2-kex_resource_depletion.patch] OBS-URL: https://build.opensuse.org/request/show/500279 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=117 |
||
---|---|---|
.gitattributes | ||
.gitignore | ||
cavs_driver-ssh.pl | ||
openssh-7.2p2-additional_seccomp_archs.patch | ||
openssh-7.2p2-allow_DSS_by_default.patch | ||
openssh-7.2p2-allow_root_password_login.patch | ||
openssh-7.2p2-audit_fixes.patch | ||
openssh-7.2p2-audit_seed_prng.patch | ||
openssh-7.2p2-audit.patch | ||
openssh-7.2p2-blocksigalrm.patch | ||
openssh-7.2p2-cavstest-ctr.patch | ||
openssh-7.2p2-cavstest-kdf.patch | ||
openssh-7.2p2-disable_openssl_abi_check.patch | ||
openssh-7.2p2-disable_preauth_compression.patch | ||
openssh-7.2p2-disable_short_DH_parameters.patch | ||
openssh-7.2p2-dont_use_pthreads_in_PAM.patch | ||
openssh-7.2p2-eal3.patch | ||
openssh-7.2p2-enable_PAM_by_default.patch | ||
openssh-7.2p2-fips.patch | ||
openssh-7.2p2-gssapi_key_exchange.patch | ||
openssh-7.2p2-host_ident.patch | ||
openssh-7.2p2-hostname_changes_when_forwarding_X.patch | ||
openssh-7.2p2-ignore_PAM_with_UseLogin.patch | ||
openssh-7.2p2-IPv6_X_forwarding.patch | ||
openssh-7.2p2-keep_slogin.patch | ||
openssh-7.2p2-kex_resource_depletion.patch | ||
openssh-7.2p2-lastlog.patch | ||
openssh-7.2p2-ldap.patch | ||
openssh-7.2p2-limit_password_length.patch | ||
openssh-7.2p2-login_options.patch | ||
openssh-7.2p2-no_fork-no_pid_file.patch | ||
openssh-7.2p2-pam_check_locks.patch | ||
openssh-7.2p2-prevent_private_key_leakage.patch | ||
openssh-7.2p2-prevent_timing_user_enumeration.patch | ||
openssh-7.2p2-pts_names_formatting.patch | ||
openssh-7.2p2-remove_xauth_cookies_on_exit.patch | ||
openssh-7.2p2-restrict_pkcs11-modules.patch | ||
openssh-7.2p2-s390_hw_crypto_syscalls.patch | ||
openssh-7.2p2-s390_OpenSSL-ibmpkcs11_syscalls.patch | ||
openssh-7.2p2-seccomp_geteuid.patch | ||
openssh-7.2p2-seccomp_getuid.patch | ||
openssh-7.2p2-seccomp_stat.patch | ||
openssh-7.2p2-secure_unix_sockets_forwarding.patch | ||
openssh-7.2p2-seed-prng.patch | ||
openssh-7.2p2-send_locale.patch | ||
openssh-7.2p2-sftp_force_permissions.patch | ||
openssh-7.2p2-sftp_homechroot.patch | ||
openssh-7.2p2-ssh_case_insensitive_host_matching.patch | ||
openssh-7.2p2-verify_CIDR_address_ranges.patch | ||
openssh-7.2p2-X11_trusted_forwarding.patch | ||
openssh-7.2p2-X_forward_with_disabled_ipv6.patch | ||
openssh-7.2p2.tar.gz | ||
openssh-7.2p2.tar.gz.asc | ||
openssh-askpass-gnome.changes | ||
openssh-askpass-gnome.spec | ||
openssh.changes | ||
openssh.spec | ||
README.FIPS | ||
README.kerberos | ||
README.SUSE | ||
ssh-askpass | ||
ssh.reg | ||
sshd-gen-keys-start | ||
sshd.fw | ||
sshd.init | ||
sshd.pamd | ||
sshd.service | ||
sysconfig.ssh |
This is OpenSSH version 7.2p2 for SLE12 There are following changes in default settings of ssh client and server: * Accepting and sending of locale environment variables in protocol 2 is enabled. * PAM authentication is enabled. * root authentiation with password is enabled by default (PermitRootLogin yes). NOTE: this has security implications and is only done in order to not change behaviour of the server in an update. We strongly suggest setting this option either "prohibit-password" or even better to "no" (which disables direct remote root login entirely). * SSH protocol version 1 is enabled for maximum compatibility. NOTE: do not use protocol version 1. It is less secure then v2 and should generally be phased out. * DSA authentication is enabled by default for maximum compatibility. NOTE: do not use DSA authentication since it is being phased out for a reason - the size of DSA keys is limited by the standard to 1024 bits which cannot be considered safe any more. * Accepting all RFC4419 specified DH group parameters. See KexDHMin in ssh_config and sshd_config manual pages. For more information on differences in SUSE OpenSSH package see README.FIPS