* [PR PATCH] openssh: update to 9.8p1.
@ 2024-07-01 9:59 classabbyamp
2024-07-01 10:25 ` [PR PATCH] [Updated] " classabbyamp
` (4 more replies)
0 siblings, 5 replies; 6+ messages in thread
From: classabbyamp @ 2024-07-01 9:59 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 649 bytes --]
There is a new pull request by classabbyamp against master on the void-packages repository
https://github.com/classabbyamp/void-packages openssh
https://github.com/void-linux/void-packages/pull/51059
openssh: update to 9.8p1.
fixes CVE-2024-6387
> OpenSSH plans to remove support for the DSA signature algorithm in early 2025. This release disables DSA by default at compile time.
do we reënable it?
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES**
A patch file from https://github.com/void-linux/void-packages/pull/51059.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-openssh-51059.patch --]
[-- Type: text/x-diff, Size: 1296 bytes --]
From 748793e7422357861069ef60010ecffaba3b541d Mon Sep 17 00:00:00 2001
From: classabbyamp <void@placeviolette.net>
Date: Mon, 1 Jul 2024 05:57:21 -0400
Subject: [PATCH] openssh: update to 9.8p1.
fixes CVE-2024-6387
---
srcpkgs/openssh/template | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template
index 0a7dcaa5ba079a..5bd67e87037497 100644
--- a/srcpkgs/openssh/template
+++ b/srcpkgs/openssh/template
@@ -1,6 +1,6 @@
# Template file for 'openssh'
pkgname=openssh
-version=9.7p1
+version=9.8p1
revision=1
build_style=gnu-configure
configure_args="--datadir=/usr/share/openssh
@@ -24,8 +24,9 @@ short_desc="OpenSSH free Secure Shell (SSH) client and server implementation"
maintainer="Leah Neukirchen <leah@vuxu.org>"
license="BSD-2-Clause, ISC"
homepage="https://www.openssh.com"
+changelog="https://www.openssh.com/releasenotes.html"
distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz"
-checksum=490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd
+checksum=dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3
conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd"
make_dirs="
/var/chroot/ssh 0755 root root
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PR PATCH] [Updated] openssh: update to 9.8p1.
2024-07-01 9:59 [PR PATCH] openssh: update to 9.8p1 classabbyamp
@ 2024-07-01 10:25 ` classabbyamp
2024-07-01 10:44 ` [PR PATCH] [Merged]: " classabbyamp
` (3 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: classabbyamp @ 2024-07-01 10:25 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 654 bytes --]
There is an updated pull request by classabbyamp against master on the void-packages repository
https://github.com/classabbyamp/void-packages openssh
https://github.com/void-linux/void-packages/pull/51059
openssh: update to 9.8p1.
fixes CVE-2024-6387
> OpenSSH plans to remove support for the DSA signature algorithm in early 2025. This release disables DSA by default at compile time.
do we reënable it?
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES**
A patch file from https://github.com/void-linux/void-packages/pull/51059.patch is attached
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: github-pr-openssh-51059.patch --]
[-- Type: text/x-diff, Size: 2052 bytes --]
From ea16ad5744fe84768e64816f32b4dcd47e139d15 Mon Sep 17 00:00:00 2001
From: classabbyamp <void@placeviolette.net>
Date: Mon, 1 Jul 2024 05:57:21 -0400
Subject: [PATCH] openssh: update to 9.8p1.
fixes CVE-2024-6387
---
srcpkgs/openssh/patches/musl-connect.patch | 11 +++++++++++
srcpkgs/openssh/template | 5 +++--
2 files changed, 14 insertions(+), 2 deletions(-)
create mode 100644 srcpkgs/openssh/patches/musl-connect.patch
diff --git a/srcpkgs/openssh/patches/musl-connect.patch b/srcpkgs/openssh/patches/musl-connect.patch
new file mode 100644
index 00000000000000..cde7bc8cb1f45b
--- /dev/null
+++ b/srcpkgs/openssh/patches/musl-connect.patch
@@ -0,0 +1,11 @@
+--- a/openbsd-compat/port-linux.c
++++ b/openbsd-compat/port-linux.c
+@@ -366,7 +366,7 @@
+ error_f("socket \"%s\": %s", path, strerror(errno));
+ goto out;
+ }
+- if (connect(fd, &addr, sizeof(addr)) != 0) {
++ if (connect(fd, (const struct sockaddr *)&addr, sizeof(addr)) != 0) {
+ error_f("socket \"%s\" connect: %s", path, strerror(errno));
+ goto out;
+ }
diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template
index 0a7dcaa5ba079a..5bd67e87037497 100644
--- a/srcpkgs/openssh/template
+++ b/srcpkgs/openssh/template
@@ -1,6 +1,6 @@
# Template file for 'openssh'
pkgname=openssh
-version=9.7p1
+version=9.8p1
revision=1
build_style=gnu-configure
configure_args="--datadir=/usr/share/openssh
@@ -24,8 +24,9 @@ short_desc="OpenSSH free Secure Shell (SSH) client and server implementation"
maintainer="Leah Neukirchen <leah@vuxu.org>"
license="BSD-2-Clause, ISC"
homepage="https://www.openssh.com"
+changelog="https://www.openssh.com/releasenotes.html"
distfiles="https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${version}.tar.gz"
-checksum=490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd
+checksum=dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3
conf_files="/etc/ssh/moduli /etc/ssh/ssh_config /etc/ssh/sshd_config /etc/pam.d/sshd"
make_dirs="
/var/chroot/ssh 0755 root root
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [PR PATCH] [Merged]: openssh: update to 9.8p1.
2024-07-01 9:59 [PR PATCH] openssh: update to 9.8p1 classabbyamp
2024-07-01 10:25 ` [PR PATCH] [Updated] " classabbyamp
@ 2024-07-01 10:44 ` classabbyamp
2024-07-05 19:00 ` ethamck
` (2 subsequent siblings)
4 siblings, 0 replies; 6+ messages in thread
From: classabbyamp @ 2024-07-01 10:44 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 488 bytes --]
There's a merged pull request on the void-packages repository
openssh: update to 9.8p1.
https://github.com/void-linux/void-packages/pull/51059
Description:
fixes CVE-2024-6387
> OpenSSH plans to remove support for the DSA signature algorithm in early 2025. This release disables DSA by default at compile time.
do we reënable it?
<!-- Uncomment relevant sections and delete options which are not applicable -->
#### Testing the changes
- I tested the changes in this PR: **YES**
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: openssh: update to 9.8p1.
2024-07-01 9:59 [PR PATCH] openssh: update to 9.8p1 classabbyamp
2024-07-01 10:25 ` [PR PATCH] [Updated] " classabbyamp
2024-07-01 10:44 ` [PR PATCH] [Merged]: " classabbyamp
@ 2024-07-05 19:00 ` ethamck
2024-07-05 19:02 ` ethamck
2024-07-05 19:39 ` classabbyamp
4 siblings, 0 replies; 6+ messages in thread
From: ethamck @ 2024-07-05 19:00 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 616 bytes --]
New comment by ethamck on void-packages repository
https://github.com/void-linux/void-packages/pull/51059#issuecomment-2211296481
Comment:
Disabling DSS broke SSHing with iLO3 on my HP server (ProLiant DL380 G7 c. 2010); it can't be updated to a newer key algorithm as far as I know. I'm going to keep around a PKGBUILD of 9.7p1 if that still works.
Judging from the fact that the command I've been running thus far has been the ugly
```
ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-dss
```
it seems that disabling it is the right move. I doubt it'll break anything modern.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: openssh: update to 9.8p1.
2024-07-01 9:59 [PR PATCH] openssh: update to 9.8p1 classabbyamp
` (2 preceding siblings ...)
2024-07-05 19:00 ` ethamck
@ 2024-07-05 19:02 ` ethamck
2024-07-05 19:39 ` classabbyamp
4 siblings, 0 replies; 6+ messages in thread
From: ethamck @ 2024-07-05 19:02 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 622 bytes --]
New comment by ethamck on void-packages repository
https://github.com/void-linux/void-packages/pull/51059#issuecomment-2211296481
Comment:
Disabling DSS broke SSHing with iLO3 on my HP server (ProLiant DL380 G7 c. 2010); it can't be updated to a newer key algorithm as far as I know. I'm going to keep around a build template of 9.7p1 if that still works.
Judging from the fact that the command I've been running thus far has been the ugly
```
ssh -oKexAlgorithms=+diffie-hellman-group14-sha1 -oHostKeyAlgorithms=+ssh-dss
```
it seems that disabling it is the right move. I doubt it'll break anything modern.
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: openssh: update to 9.8p1.
2024-07-01 9:59 [PR PATCH] openssh: update to 9.8p1 classabbyamp
` (3 preceding siblings ...)
2024-07-05 19:02 ` ethamck
@ 2024-07-05 19:39 ` classabbyamp
4 siblings, 0 replies; 6+ messages in thread
From: classabbyamp @ 2024-07-05 19:39 UTC (permalink / raw)
To: ml
[-- Attachment #1: Type: text/plain, Size: 237 bytes --]
New comment by classabbyamp on void-packages repository
https://github.com/void-linux/void-packages/pull/51059#issuecomment-2211334631
Comment:
I would recommend building 9.8 with the flag enabling the algorithm instead of keeping 9.7
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2024-07-05 19:39 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2024-07-01 9:59 [PR PATCH] openssh: update to 9.8p1 classabbyamp
2024-07-01 10:25 ` [PR PATCH] [Updated] " classabbyamp
2024-07-01 10:44 ` [PR PATCH] [Merged]: " classabbyamp
2024-07-05 19:00 ` ethamck
2024-07-05 19:02 ` ethamck
2024-07-05 19:39 ` classabbyamp
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).