Skip to content

Override package: openssh

EL9

  • Version 8.7p1-38.4.el9_4.security.0.9
  • Based on 8.7p1-38.el9_4.4

Changes summary

  • Instead of linking against libsystemd, load it dynamically in a temporary child process to avoid polluting actual sshd's address space with that library and its many dependencies (shortens ldd sshd output from 28 to 20 lines)
  • Build without Kerberos support (further shortens ldd sshd from 20 to 13 lines)
  • Fix CVE-2024-6409

Change log

* Wed Jul 17 2024 Solar Designer <solar@openwall.com> 8.7p1-38.4.el9_4.security.0.9
- Patch the code to silently ignore GSSAPIKeyExchange when unsupported

* Wed Jul 17 2024 Solar Designer <solar@openwall.com> 8.7p1-38.4.el9_4.security.0.8
- Rebase on 8.7p1-38.4

* Mon Jul 08 2024 Solar Designer <solar@openwall.com> 8.7p1-38.1.el9_4.security.0.7
- Fix CVE-2024-6409

* Mon Jul 08 2024 Solar Designer <solar@openwall.com> 8.7p1-38.1.el9_4.security.0.6
- Rebase on 8.7p1-38.1

* Mon Jul 01 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.5
- Fix CVE-2024-6387 regreSSHion

* Mon May 20 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.4
- Rebase on 8.7p1-38

* Sat Mar 16 2024 Solar Designer <solar@openwall.com> 8.7p1-34.3.el9_3.security.0.3
- Comment out GSSAPI* lines in /etc/ssh/ssh*_config.d/50-redhat.conf and patch
  the code to silently ignore GSSAPIKexAlgorithms when unsupported (like it is
  in our new without-Kerberos build)

* Mon Mar 11 2024 Solar Designer <solar@openwall.com> 8.7p1-34.3.el9_3.security.0.2
- Rebase 8.7p1-34.el9_3.security.0.1 on 8.7p1-34.3
- Build without Kerberos support (shortens "ldd sshd" from 20 to 13 lines)

* Wed Nov 22 2023 Solar Designer <solar@openwall.com> 8.7p1-34.el9_3.security.0.1
- Rebase 8.7p1-30.el9.security.0.2 on 8.7p1-34

* Sat Oct 07 2023 Solar Designer <solar@openwall.com> 8.7p1-30.el9.security.0.2
- Load libsystemd.so.0, not libsystemd.so, as the latter is only provided by
  systemd-devel

* Mon Aug 28 2023 Solar Designer <solar@openwall.com> 8.7p1-30.el9.security.0.1
- Instead of linking against libsystemd, load it dynamically in a temporary
  child process to avoid polluting actual sshd's address space with that
  library and its many dependencies (shortens "ldd sshd" from 28 to 20 lines)