# Override package: openssh ## EL9 - Version `8.7p1-43.el9_5.security.0.10` - Based on `8.7p1-43.el9` ### Changes summary - Instead of linking against `libsystemd`, load it dynamically in a temporary child process to avoid polluting actual `sshd`'s address space with that library and its many dependencies (shortens `ldd sshd` output from 28 to 20 lines) - Build without Kerberos support (further shortens `ldd sshd` from 20 to 13 lines) - Fix [CVE-2024-6409](../issues/CVE-2024-6409.md) ### Change log ``` * Thu Nov 21 2024 Solar Designer 8.7p1-43.el9_5.security.0.10 - Rebase on 8.7p1-43 * Wed Jul 17 2024 Solar Designer 8.7p1-38.4.el9_4.security.0.9 - Patch the code to silently ignore GSSAPIKeyExchange when unsupported * Wed Jul 17 2024 Solar Designer 8.7p1-38.4.el9_4.security.0.8 - Rebase on 8.7p1-38.4 * Mon Jul 08 2024 Solar Designer 8.7p1-38.1.el9_4.security.0.7 - Fix CVE-2024-6409 * Mon Jul 08 2024 Solar Designer 8.7p1-38.1.el9_4.security.0.6 - Rebase on 8.7p1-38.1 * Mon Jul 01 2024 Solar Designer 8.7p1-38.el9_4.security.0.5 - Fix CVE-2024-6387 regreSSHion * Mon May 20 2024 Solar Designer 8.7p1-38.el9_4.security.0.4 - Rebase on 8.7p1-38 * Sat Mar 16 2024 Solar Designer 8.7p1-34.3.el9_3.security.0.3 - Comment out GSSAPI* lines in /etc/ssh/ssh*_config.d/50-redhat.conf and patch the code to silently ignore GSSAPIKexAlgorithms when unsupported (like it is in our new without-Kerberos build) * Mon Mar 11 2024 Solar Designer 8.7p1-34.3.el9_3.security.0.2 - Rebase 8.7p1-34.el9_3.security.0.1 on 8.7p1-34.3 - Build without Kerberos support (shortens "ldd sshd" from 20 to 13 lines) * Wed Nov 22 2023 Solar Designer 8.7p1-34.el9_3.security.0.1 - Rebase 8.7p1-30.el9.security.0.2 on 8.7p1-34 * Sat Oct 07 2023 Solar Designer 8.7p1-30.el9.security.0.2 - Load libsystemd.so.0, not libsystemd.so, as the latter is only provided by systemd-devel * Mon Aug 28 2023 Solar Designer 8.7p1-30.el9.security.0.1 - Instead of linking against libsystemd, load it dynamically in a temporary child process to avoid polluting actual sshd's address space with that library and its many dependencies (shortens "ldd sshd" from 28 to 20 lines) ```