forked from pool/openssh
2176dd1aa9
- Update to 7.8p1:
* no actual changes for the askpass
- Format with spec-cleaner
- Respect cflags
- Use gtk3 rather than gtk2 which is being phased out
- Remove the mention of the SLE12 in the README.SUSE
- Install firewall rules only when really needed (<SLE15)
- Version update to 7.8p1:
* For most details see release notes file
* ssh-keygen(1): write OpenSSH format private keys by default
instead of using OpenSSL's PEM format
- Rebase patches to apply on 7.8p1 release:
* openssh-7.7p1-fips.patch
* openssh-7.7p1-cavstest-kdf.patch
* openssh-7.7p1-fips_checks.patch
* openssh-7.7p1-gssapi_key_exchange.patch
* openssh-7.7p1-audit.patch
* openssh-7.7p1-openssl_1.1.0.patch
* openssh-7.7p1-ldap.patch
* openssh-7.7p1-IPv6_X_forwarding.patch
* openssh-7.7p1-sftp_print_diagnostic_messages.patch
* openssh-7.7p1-disable_short_DH_parameters.patch
* openssh-7.7p1-hostname_changes_when_forwarding_X.patch
* openssh-7.7p1-pam_check_locks.patch
* openssh-7.7p1-seed-prng.patch
* openssh-7.7p1-systemd-notify.patch
* openssh-7.7p1-X11_trusted_forwarding.patch
- Dropped patches: (forwarded request 642573 from scarabeus_iv)
OBS-URL: https://build.opensuse.org/request/show/642574
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=122
There are following changes in default settings of ssh client and server: * Accepting and sending of locale environment variables in protocol 2 is enabled. * PAM authentication is enabled and mostly even required, do not turn it off. * root authentiation with password is enabled by default (PermitRootLogin yes). NOTE: this has security implications and is only done in order to not change behaviour of the server in an update. We strongly suggest setting this option either "prohibit-password" or even better to "no" (which disables direct remote root login entirely). * SSH protocol version 1 is enabled for maximum compatibility. NOTE: do not use protocol version 1. It is less secure then v2 and should generally be phased out. * DSA authentication is enabled by default for maximum compatibility. NOTE: do not use DSA authentication since it is being phased out for a reason - the size of DSA keys is limited by the standard to 1024 bits which cannot be considered safe any more. * Accepting all RFC4419 specified DH group parameters. See KexDHMin in ssh_config and sshd_config manual pages. For more information on differences in SUSE OpenSSH package see README.FIPS