Merge pull request 'openssh-8.7p1-34.3.el9_3.security.0.3' (#26) from solardiz-patch-24 into main
All checks were successful
mkdocs build / build (push) Successful in 28s

Reviewed-on: #26
Reviewed-by: Neil Hanlon <neil@noreply@resf.org>
This commit is contained in:
Neil Hanlon 2024-03-18 16:46:36 +00:00
commit 0789b72c8b
2 changed files with 7 additions and 2 deletions

View File

@ -2,7 +2,7 @@
These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits. These are what we consider significant SIG/Security news items, not an exhaustive list of package updates and wiki edits.
## March 11, 2024 ## March 11 to 16, 2024
[openssh](packages/openssh.md) rebased on upstream EL 8.7p1-34.3 with fixes for CVE-2023-48795 (Terrapin attack) and CVE-2023-51385, now building it without Kerberos support (further shortens `ldd sshd` from 20 to 13 lines, down from 28 lines in upstream EL). [openssh](packages/openssh.md) rebased on upstream EL 8.7p1-34.3 with fixes for CVE-2023-48795 (Terrapin attack) and CVE-2023-51385, now building it without Kerberos support (further shortens `ldd sshd` from 20 to 13 lines, down from 28 lines in upstream EL).

View File

@ -2,7 +2,7 @@
## EL9 ## EL9
- Version `8.7p1-34.3.el9_3.security.0.2` - Version `8.7p1-34.3.el9_3.security.0.3`
- Based on `8.7p1-34.el9_3.3` - Based on `8.7p1-34.el9_3.3`
### Changes summary ### Changes summary
@ -13,6 +13,11 @@
### Change log ### Change log
``` ```
* Sat Mar 16 2024 Solar Designer <solar@openwall.com> 8.7p1-34.3.el9_3.security.0.3
- Comment out GSSAPI* lines in /etc/ssh/ssh*_config.d/50-redhat.conf and patch
the code to silently ignore GSSAPIKexAlgorithms when unsupported (like it is
in our new without-Kerberos build)
* Mon Mar 11 2024 Solar Designer <solar@openwall.com> 8.7p1-34.3.el9_3.security.0.2 * Mon Mar 11 2024 Solar Designer <solar@openwall.com> 8.7p1-34.3.el9_3.security.0.2
- Rebase 8.7p1-34.el9_3.security.0.1 on 8.7p1-34.3 - Rebase 8.7p1-34.el9_3.security.0.1 on 8.7p1-34.3
- Build without Kerberos support (shortens "ldd sshd" from 20 to 13 lines) - Build without Kerberos support (shortens "ldd sshd" from 20 to 13 lines)