* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 2112342dd3ccaf6008c742dddd4ca26b17c5651d
@ 2025-02-19 15:17 Michael Tremer
0 siblings, 0 replies; only message in thread
From: Michael Tremer @ 2025-02-19 15:17 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 5363 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 2112342dd3ccaf6008c742dddd4ca26b17c5651d (commit)
via 28e698dd30ec0dc53a92a8e8fbbeffee1ca1479d (commit)
from 09dd8d7085448ea01637c9cd14d7a8b63e9036d0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 2112342dd3ccaf6008c742dddd4ca26b17c5651d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Feb 19 15:13:42 2025 +0000
core192: Ship OpenSSH
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 28e698dd30ec0dc53a92a8e8fbbeffee1ca1479d
Author: Adolf Belka <adolf.belka(a)ipfire.org>
Date: Wed Feb 19 14:30:43 2025 +0100
openssh: Update to version 9.9p2
- Update from version 9.9p1 to 9.9p2
- Update of rootfile not required
- Changelog
9.9p2
Security
* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by default.
* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service related
to the handling of SSH2_MSG_PING packets. This condition may be
mitigated using the existing PerSourcePenalties feature.
Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.
Bugfixes
* ssh(1), sshd(8): fix regression in Match directive that caused
failures when predicates and their arguments were separated by '='
characters instead of whitespace (bz3739).
* sshd(8): fix the "Match invalid-user" predicate, which was matching
incorrectly in the initial pass of config evaluation.
* ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key
exchange on big-endian systems.
* Fix a number of build problems on particular operating systems /
configurations.
Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
config/rootfiles/{oldcore/100 => core/192}/filelists/openssh | 0
config/rootfiles/core/192/update.sh | 4 ++++
lfs/openssh | 6 +++---
3 files changed, 7 insertions(+), 3 deletions(-)
copy config/rootfiles/{oldcore/100 => core/192}/filelists/openssh (100%)
Difference in files:
diff --git a/config/rootfiles/core/192/filelists/openssh b/config/rootfiles/core/192/filelists/openssh
new file mode 120000
index 000000000..d8c77fd8e
--- /dev/null
+++ b/config/rootfiles/core/192/filelists/openssh
@@ -0,0 +1 @@
+../../../common/openssh
\ No newline at end of file
diff --git a/config/rootfiles/core/192/update.sh b/config/rootfiles/core/192/update.sh
index b1fc44d9e..f81857053 100644
--- a/config/rootfiles/core/192/update.sh
+++ b/config/rootfiles/core/192/update.sh
@@ -159,7 +159,11 @@ rm -rvf \
/var/log/rrd/collectd/localhost/processes* \
/var/log/rrd/collectd/localhost/thermal-cooling_device*
+# Apply local configuration to sshd_config
+/usr/local/bin/sshctrl
+
# Start services
+/etc/init.d/sshd restart
/etc/init.d/collectd start
/etc/init.d/suricata restart
diff --git a/lfs/openssh b/lfs/openssh
index b1c9a1635..f2165a96d 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -1,7 +1,7 @@
###############################################################################
# #
# IPFire.org - A linux based firewall #
-# Copyright (C) 2007-2024 IPFire Team <info(a)ipfire.org> #
+# Copyright (C) 2007-2025 IPFire Team <info(a)ipfire.org> #
# #
# This program is free software: you can redistribute it and/or modify #
# it under the terms of the GNU General Public License as published by #
@@ -24,7 +24,7 @@
include Config
-VER = 9.9p1
+VER = 9.9p2
THISAPP = openssh-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_BLAKE2 = 817d267e42b8be74a13e0cfd7999bdb4dab6355c7f62c1a4dd89adad310c5fb7fe3f17109ce1a36cd269a3639c1b8f1d18330c615ab3b419253ec027cfa20997
+$(DL_FILE)_BLAKE2 = 1b5bc09482b3a807ccfee52c86c6be3c363acf0c8e774862e0ae64f76bfeb4ce7cf29b3ed2f99c04c89bb4977da0cf50a7a175b15bf1d9925de1e03c66f8306d
install : $(TARGET)
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2025-02-19 15:17 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2025-02-19 15:17 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 2112342dd3ccaf6008c742dddd4ca26b17c5651d Michael Tremer
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox