SHA256
1
0
forked from pool/openssh
Go to file
Tomáš Chvátal 7bccbbd821 Accepting request 642573 from home:scarabeus_iv:branches:network
- Update to 7.8p1:
  * no actual changes for the askpass
- Format with spec-cleaner
- Respect cflags
- Use gtk3 rather than gtk2 which is being phased out

- Remove the mention of the SLE12 in the README.SUSE
- Install firewall rules only when really needed (<SLE15)

- Version update to 7.8p1:
  * For most details see release notes file
  * ssh-keygen(1): write OpenSSH format private keys by default
    instead of using OpenSSL's PEM format
- Rebase patches to apply on 7.8p1 release:
  * openssh-7.7p1-fips.patch
  * openssh-7.7p1-cavstest-kdf.patch
  * openssh-7.7p1-fips_checks.patch
  * openssh-7.7p1-gssapi_key_exchange.patch
  * openssh-7.7p1-audit.patch
  * openssh-7.7p1-openssl_1.1.0.patch
  * openssh-7.7p1-ldap.patch
  * openssh-7.7p1-IPv6_X_forwarding.patch
  * openssh-7.7p1-sftp_print_diagnostic_messages.patch
  * openssh-7.7p1-disable_short_DH_parameters.patch
  * openssh-7.7p1-hostname_changes_when_forwarding_X.patch
  * openssh-7.7p1-pam_check_locks.patch
  * openssh-7.7p1-seed-prng.patch
  * openssh-7.7p1-systemd-notify.patch
  * openssh-7.7p1-X11_trusted_forwarding.patch
- Dropped patches:

OBS-URL: https://build.opensuse.org/request/show/642573
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=153
2018-10-17 08:57:56 +00:00
.gitattributes OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
.gitignore OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
cavs_driver-ssh.pl Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-allow_root_password_login.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-audit.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-blocksigalrm.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-cavstest-ctr.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-cavstest-kdf.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-disable_openssl_abi_check.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-disable_short_DH_parameters.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-eal3.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-enable_PAM_by_default.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-fips_checks.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-fips.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-gssapi_key_exchange.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-host_ident.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-hostname_changes_when_forwarding_X.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-IPv6_X_forwarding.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-ldap.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-no_fork-no_pid_file.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-openssl_1.1.0.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-pam_check_locks.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-pts_names_formatting.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-remove_xauth_cookies_on_exit.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-seccomp_ioctl_s390_EP11.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-seccomp_ipc_flock.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-seccomp_stat.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-seed-prng.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-send_locale.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-sftp_force_permissions.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-sftp_print_diagnostic_messages.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-systemd-notify.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-X11_trusted_forwarding.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.7p1-X_forward_with_disabled_ipv6.patch Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.8p1.tar.gz Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-7.8p1.tar.gz.asc Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-askpass-gnome.changes Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh-askpass-gnome.spec Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh.changes Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
openssh.spec Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
README.FIPS Accepting request 432093 from home:pcerny:factory 2016-09-30 20:34:19 +00:00
README.kerberos Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
README.SUSE Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
ssh-askpass Accepting request 398802 from home:pcerny:factory 2016-05-30 01:36:18 +00:00
ssh.reg OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=1 2007-01-07 16:26:05 +00:00
sshd-gen-keys-start Accepting request 199679 from home:pcerny:factory 2013-09-19 04:09:33 +00:00
sshd.fw OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=7 2007-07-27 00:01:43 +00:00
sshd.pamd Accepting request 642573 from home:scarabeus_iv:branches:network 2018-10-17 08:57:56 +00:00
sshd.service Accepting request 571576 from home:pcerny:factory 2018-02-01 00:18:29 +00:00
sysconfig.ssh Accepting request 88642 from home:pcerny:factory 2011-10-19 02:18:13 +00:00

There are following changes in default settings of ssh client and server:

* Accepting and sending of locale environment variables in protocol 2 is
  enabled.

* PAM authentication is enabled and mostly even required, do not turn it off.

* root authentiation with password is enabled by default (PermitRootLogin yes).
  NOTE: this has security implications and is only done in order to not change
  behaviour of the server in an update. We strongly suggest setting this option
  either "prohibit-password" or even better to "no" (which disables direct
  remote root login entirely).

* SSH protocol version 1 is enabled for maximum compatibility.
  NOTE: do not use protocol version 1. It is less secure then v2 and should
  generally be phased out.

* DSA authentication is enabled by default for maximum compatibility.
  NOTE: do not use DSA authentication since it is being phased out for a reason
  - the size of DSA keys is limited by the standard to 1024 bits which cannot
  be considered safe any more.

* Accepting all RFC4419 specified DH group parameters. See KexDHMin in
  ssh_config and sshd_config manual pages.

For more information on differences in SUSE OpenSSH package see README.FIPS