forked from pool/openssh
81b879f76f
- remaining patches that were still missing since the update to 7.2p2 (FATE#319675): [openssh-7.2p2-disable_openssl_abi_check.patch] - fix forwarding with IPv6 addresses in DISPLAY (bnc#847710) [openssh-7.2p2-IPv6_X_forwarding.patch] - ignore PAM environment when using login (bsc#975865, CVE-2015-8325) [openssh-7.2p2-ignore_PAM_with_UseLogin.patch] - limit accepted password length (prevents possible DoS) (bsc#992533, CVE-2016-6515) [openssh-7.2p2-limit_password_length.patch] - Prevent user enumeration through the timing of password processing (bsc#989363, CVE-2016-6210) [openssh-7.2p2-prevent_timing_user_enumeration.patch] - Add auditing for PRNG re-seeding [openssh-7.2p2-audit_seed_prng.patch] (forwarded request 433779 from pcerny) OBS-URL: https://build.opensuse.org/request/show/433780 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=108 |
||
|---|---|---|
| .gitattributes | ||
| .gitignore | ||
| cavs_driver-ssh.pl | ||
| openssh-7.2p2-additional_seccomp_archs.patch | ||
| openssh-7.2p2-allow_DSS_by_default.patch | ||
| openssh-7.2p2-allow_root_password_login.patch | ||
| openssh-7.2p2-audit_seed_prng.patch | ||
| openssh-7.2p2-audit.patch | ||
| openssh-7.2p2-blocksigalrm.patch | ||
| openssh-7.2p2-disable_openssl_abi_check.patch | ||
| openssh-7.2p2-disable_short_DH_parameters.patch | ||
| openssh-7.2p2-dont_use_pthreads_in_PAM.patch | ||
| openssh-7.2p2-eal3.patch | ||
| openssh-7.2p2-enable_PAM_by_default.patch | ||
| openssh-7.2p2-fips.patch | ||
| openssh-7.2p2-gssapi_key_exchange.patch | ||
| openssh-7.2p2-host_ident.patch | ||
| openssh-7.2p2-hostname_changes_when_forwarding_X.patch | ||
| openssh-7.2p2-ignore_PAM_with_UseLogin.patch | ||
| openssh-7.2p2-IPv6_X_forwarding.patch | ||
| openssh-7.2p2-lastlog.patch | ||
| openssh-7.2p2-ldap.patch | ||
| openssh-7.2p2-limit_password_length.patch | ||
| openssh-7.2p2-login_options.patch | ||
| openssh-7.2p2-no_fork-no_pid_file.patch | ||
| openssh-7.2p2-pam_check_locks.patch | ||
| openssh-7.2p2-prevent_timing_user_enumeration.patch | ||
| openssh-7.2p2-pts_names_formatting.patch | ||
| openssh-7.2p2-remove_xauth_cookies_on_exit.patch | ||
| openssh-7.2p2-seccomp_getuid.patch | ||
| openssh-7.2p2-seccomp_stat.patch | ||
| openssh-7.2p2-seed-prng.patch | ||
| openssh-7.2p2-send_locale.patch | ||
| openssh-7.2p2-sftp_force_permissions.patch | ||
| openssh-7.2p2-sftp_homechroot.patch | ||
| openssh-7.2p2-X11_trusted_forwarding.patch | ||
| openssh-7.2p2-X_forward_with_disabled_ipv6.patch | ||
| openssh-7.2p2.tar.gz | ||
| openssh-7.2p2.tar.gz.asc | ||
| openssh-askpass-gnome.changes | ||
| openssh-askpass-gnome.spec | ||
| openssh.changes | ||
| openssh.spec | ||
| README.FIPS | ||
| README.kerberos | ||
| README.SUSE | ||
| ssh-askpass | ||
| ssh.reg | ||
| sshd-gen-keys-start | ||
| sshd.fw | ||
| sshd.init | ||
| sshd.pamd | ||
| sshd.service | ||
| sysconfig.ssh | ||
This is OpenSSH version 7.2p2 for SLE12 There are following changes in default settings of ssh client and server: * Accepting and sending of locale environment variables in protocol 2 is enabled. * PAM authentication is enabled. * root authentiation with password is enabled by default (PermitRootLogin yes). NOTE: this has security implications and is only done in order to not change behaviour of the server in an update. We strongly suggest setting this option either "prohibit-password" or even better to "no" (which disables direct remote root login entirely). * SSH protocol version 1 is enabled for maximum compatibility. NOTE: do not use protocol version 1. It is less secure then v2 and should generally be phased out. * DSA authentication is enabled by default for maximum compatibility. NOTE: do not use DSA authentication since it is being phased out for a reason - the size of DSA keys is limited by the standard to 1024 bits which cannot be considered safe any more. For more information on differences in SUSE OpenSSH package see README.FIPS