Commits on Sep 4, 2017

1. openssh: Securely download source archive …

   SSL has been set up, so use it to securely download the source archive
   over HTTPS.

   

   pmenzel committed Sep 4, 2017
   Configuration menu

   • View commit details
   • Copy full SHA for 319aff6
   • Browse repository at this point

   Copy the full SHA

   319aff6 View commit details

   Browse the repository at this point in the history

2. openssh: Update version from 7.4p1 to 7.5p1 …

   Release notes are available online [1].
   
   > […]
   >
   > Changes since OpenSSH 7.4
   > =========================
   >
   > This is a bugfix release.
   >
   > Security
   > --------
   >
   >  * ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
   >    that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
   >    Note that the OpenSSH client disables CBC ciphers by default, sshd
   >    offers them as lowest-preference options and will remove them by
   >    default entriely in the next release. Reported by Jean Paul
   >    Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of
   >    Royal Holloway, University of London.
   >
   >  * sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
   >    a recursive file transfer could be maniuplated by a hostile server to
   >    perform a path-traversal attack. creating or modifying files outside
   >    of the intended target directory. Reported by Jann Horn of Google
   >    Project Zero.
   >
   > New Features
   > ------------
   >
   >  * ssh(1), sshd(8): Support "=-" syntax to easily remove methods from
   >    algorithm lists, e.g. Ciphers=-*cbc. bz#2671
   >
   > […]
   
   [1] https://www.openssh.com/txt/release-7.5

   

   pmenzel committed Sep 4, 2017
   Configuration menu

   • View commit details
   • Copy full SHA for fff7ba2
   • Browse repository at this point

   Copy the full SHA

   fff7ba2 View commit details

   Browse the repository at this point in the history