This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree".
The branch, master has been updated via 2112342dd3ccaf6008c742dddd4ca26b17c5651d (commit) via 28e698dd30ec0dc53a92a8e8fbbeffee1ca1479d (commit) from 09dd8d7085448ea01637c9cd14d7a8b63e9036d0 (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 2112342dd3ccaf6008c742dddd4ca26b17c5651d Author: Michael Tremer michael.tremer@ipfire.org Date: Wed Feb 19 15:13:42 2025 +0000
core192: Ship OpenSSH
Signed-off-by: Michael Tremer michael.tremer@ipfire.org
commit 28e698dd30ec0dc53a92a8e8fbbeffee1ca1479d Author: Adolf Belka adolf.belka@ipfire.org Date: Wed Feb 19 14:30:43 2025 +0100
openssh: Update to version 9.9p2
- Update from version 9.9p1 to 9.9p2 - Update of rootfile not required - Changelog 9.9p2 Security * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be mitigated using the existing PerSourcePenalties feature. Both vulnerabilities were discovered and demonstrated to be exploitable by the Qualys Security Advisory team. We thank them for their detailed review of OpenSSH. Bugfixes * ssh(1), sshd(8): fix regression in Match directive that caused failures when predicates and their arguments were separated by '=' characters instead of whitespace (bz3739). * sshd(8): fix the "Match invalid-user" predicate, which was matching incorrectly in the initial pass of config evaluation. * ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key exchange on big-endian systems. * Fix a number of build problems on particular operating systems / configurations.
Signed-off-by: Adolf Belka adolf.belka@ipfire.org Signed-off-by: Michael Tremer michael.tremer@ipfire.org
-----------------------------------------------------------------------
Summary of changes: config/rootfiles/{oldcore/100 => core/192}/filelists/openssh | 0 config/rootfiles/core/192/update.sh | 4 ++++ lfs/openssh | 6 +++--- 3 files changed, 7 insertions(+), 3 deletions(-) copy config/rootfiles/{oldcore/100 => core/192}/filelists/openssh (100%)
Difference in files: diff --git a/config/rootfiles/core/192/filelists/openssh b/config/rootfiles/core/192/filelists/openssh new file mode 120000 index 000000000..d8c77fd8e --- /dev/null +++ b/config/rootfiles/core/192/filelists/openssh @@ -0,0 +1 @@ +../../../common/openssh \ No newline at end of file diff --git a/config/rootfiles/core/192/update.sh b/config/rootfiles/core/192/update.sh index b1fc44d9e..f81857053 100644 --- a/config/rootfiles/core/192/update.sh +++ b/config/rootfiles/core/192/update.sh @@ -159,7 +159,11 @@ rm -rvf \ /var/log/rrd/collectd/localhost/processes* \ /var/log/rrd/collectd/localhost/thermal-cooling_device*
+# Apply local configuration to sshd_config +/usr/local/bin/sshctrl + # Start services +/etc/init.d/sshd restart /etc/init.d/collectd start /etc/init.d/suricata restart
diff --git a/lfs/openssh b/lfs/openssh index b1c9a1635..f2165a96d 100644 --- a/lfs/openssh +++ b/lfs/openssh @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2024 IPFire Team info@ipfire.org # +# Copyright (C) 2007-2025 IPFire Team info@ipfire.org # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@
include Config
-VER = 9.9p1 +VER = 9.9p2
THISAPP = openssh-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 817d267e42b8be74a13e0cfd7999bdb4dab6355c7f62c1a4dd89adad310c5fb7fe3f17109ce1a36cd269a3639c1b8f1d18330c615ab3b419253ec027cfa20997 +$(DL_FILE)_BLAKE2 = 1b5bc09482b3a807ccfee52c86c6be3c363acf0c8e774862e0ae64f76bfeb4ce7cf29b3ed2f99c04c89bb4977da0cf50a7a175b15bf1d9925de1e03c66f8306d
install : $(TARGET)
hooks/post-receive -- IPFire 2.x development tree