Antonio Larrosa
d77e0c9092
= Security
* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
(inclusive) contained a logic error that allowed an on-path
attacker (a.k.a MITM) to impersonate any server when the
VerifyHostKeyDNS option is enabled. This option is off by
default.
* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
(inclusive) is vulnerable to a memory/CPU denial-of-service
related to the handling of SSH2_MSG_PING packets. This
condition may be mitigated using the existing
PerSourcePenalties feature.
Both vulnerabilities were discovered and demonstrated to be
exploitable by the Qualys Security Advisory team. The openSSH
team thanks them for their detailed review of OpenSSH.
= Bugfixes
* ssh(1), sshd(8): fix regression in Match directive that caused
failures when predicates and their arguments were separated by
'=' characters instead of whitespace (bz3739).
* sshd(8): fix the "Match invalid-user" predicate, which was
matching incorrectly in the initial pass of config evaluation.
* ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key
exchange on big-endian systems.
* Fix a number of build problems on particular operating systems
and configurations.
- Remove patches that are already included in 9.9p2:
* 0001-fix-utmpx-ifdef.patch
* 0002-upstream-fix-regression-introduced-when-I-switched-the-Match.patch
* 0003-upstream-fix-previous-change-to-ssh_config-Match_-which-broken-on.patch
* 0004-upstream-fix-ML-KEM768x25519-KEX-on-big-endian-systems-spotted-by.patch
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=283
67 lines
2.1 KiB
RPMSpec
67 lines
2.1 KiB
RPMSpec
#
|
|
# spec file for package openssh-askpass-gnome
|
|
#
|
|
# Copyright (c) 2024 SUSE LLC
|
|
#
|
|
# All modifications and additions to the file contributed by third parties
|
|
# remain the property of their copyright owners, unless otherwise agreed
|
|
# upon. The license for this file, and modifications and additions to the
|
|
# file, is the same license as for the pristine package itself (unless the
|
|
# license for the pristine package is not an Open Source License, in which
|
|
# case the license is the MIT License). An "Open Source License" is a
|
|
# license that conforms to the Open Source Definition (Version 1.9)
|
|
# published by the Open Source Initiative.
|
|
|
|
# Please submit bugfixes or comments via https://bugs.opensuse.org/
|
|
#
|
|
|
|
|
|
%define _name openssh
|
|
Name: openssh-askpass-gnome
|
|
Version: 9.9p2
|
|
Release: 0
|
|
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
|
|
License: BSD-2-Clause
|
|
Group: Productivity/Networking/SSH
|
|
URL: https://www.openssh.com/
|
|
Source: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz
|
|
Source42: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz.asc
|
|
Requires: %{_name}-clients = %{version}
|
|
Supplements: packageand(openssh-clients:libgtk-3-0)
|
|
%if 0%{?suse_version} >= 1550
|
|
BuildRequires: gtk3-devel
|
|
%else
|
|
BuildRequires: gtk2-devel
|
|
%endif
|
|
|
|
%description
|
|
SSH (Secure Shell) is a program for logging into a remote machine and
|
|
for executing commands on a remote machine. This package contains a
|
|
GNOME-based passphrase dialog for OpenSSH.
|
|
|
|
%prep
|
|
%autosetup -p1 -n %{_name}-%{version}
|
|
|
|
%build
|
|
cd contrib
|
|
export CFLAGS="%{optflags}"
|
|
%if 0%{?suse_version} >= 1550
|
|
%make_build gnome-ssh-askpass3
|
|
%else
|
|
%make_build gnome-ssh-askpass2
|
|
%endif
|
|
|
|
%install
|
|
install -d -m 755 %{buildroot}%{_libexecdir}/ssh/
|
|
%if 0%{?suse_version} >= 1550
|
|
install contrib/gnome-ssh-askpass3 %{buildroot}%{_libexecdir}/ssh/gnome-ssh-askpass
|
|
%else
|
|
install contrib/gnome-ssh-askpass2 %{buildroot}%{_libexecdir}/ssh/gnome-ssh-askpass
|
|
%endif
|
|
|
|
%files
|
|
%dir %{_libexecdir}/ssh
|
|
%attr(0755,root,root) %{_libexecdir}/ssh/gnome-ssh-askpass
|
|
|
|
%changelog
|