From patchwork Wed Feb 22 06:39:29 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: "Kienker, Fred" <fkienker@at4b.com>
X-Patchwork-Id: 1012
Return-Path: <development-bounces@lists.ipfire.org>
Received: from mail01.ipfire.org (unknown [172.28.1.200])
	by web02.ipfire.org (Postfix) with ESMTP id 5F53162095
	for <patchwork@ipfire.org>; Tue, 21 Feb 2017 20:39:40 +0100 (CET)
Received: from mail01.ipfire.org (localhost [IPv6:::1])
	by mail01.ipfire.org (Postfix) with ESMTP id D1653CCD;
	Tue, 21 Feb 2017 20:39:37 +0100 (CET)
Received: from mail.at4b.net (99-111-67-20.uvs.tukrga.sbcglobal.net
	[99.111.67.20]) by mail01.ipfire.org (Postfix) with ESMTP id 8D43892D
	for <development@lists.ipfire.org>;
	Tue, 21 Feb 2017 20:39:31 +0100 (CET)
Received: from localhost (localhost [127.0.0.1])
	by mail.at4b.net (Postfix) with ESMTP id 253F7E3AC4
	for <development@lists.ipfire.org>;
	Tue, 21 Feb 2017 14:39:30 -0500 (EST)
X-Virus-Scanned: amavisd-new at at4b.com
Received: from mail.at4b.net ([127.0.0.1])
	by localhost (mail.at4b.net [127.0.0.1]) (amavisd-new, port 10024)
	with LMTP id psSYGSgH0vEy for <development@lists.ipfire.org>;
	Tue, 21 Feb 2017 14:39:29 -0500 (EST)
Received: from mail.at4b.net (localhost [127.0.0.1])
	by mail.at4b.net (Postfix) with ESMTP id AFC1FE3852
	for <development@lists.ipfire.org>;
	Tue, 21 Feb 2017 14:39:29 -0500 (EST)
Date: Tue, 21 Feb 2017 14:39:29 -0500
From: "Kienker, Fred" <fkienker@at4b.com>
To: development <development@lists.ipfire.org>
Message-ID: <H000006e002c03f0.1487705969.mail.at4b.net@MHS>
In-Reply-To: <1480507323-2470-1-git-send-email-stefan.schantl@ipfire.org>
Subject: RE: [PATCH] openssh: Update to 7.3p1.
x-scalix-Hops: 1
MIME-Version: 1.0
Content-Disposition: inline
X-BeenThere: development@lists.ipfire.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: IPFire development talk <development.lists.ipfire.org>
List-Unsubscribe: <http://lists.ipfire.org/mailman/options/development>,
	<mailto:development-request@lists.ipfire.org?subject=unsubscribe>
List-Archive: <http://lists.ipfire.org/pipermail/development/>
List-Post: <mailto:development@lists.ipfire.org>
List-Help: <mailto:development-request@lists.ipfire.org?subject=help>
List-Subscribe: <http://lists.ipfire.org/mailman/listinfo/development>,
	<mailto:development-request@lists.ipfire.org?subject=subscribe>
Errors-To: development-bounces@lists.ipfire.org
Sender: "Development" <development-bounces@lists.ipfire.org>

FYI:

This is no longer considered "current" enough to pass a PCI Compliance 
audit. Only a version > 7.4 will now pass due to CVE-2016-10009. 
Anyone using an IPFire firewall system who has to pass a PCI Compliance 
audit will have to disable ssh access until this is updated to at least 
7.4.

Fred Kienker

-----Original Message-----
From: Stefan Schantl [mailto:stefan.schantl@ipfire.org] 
Sent: Wednesday, November 30, 2016 7:02 AM
To: development@lists.ipfire.org
Subject: [PATCH] openssh: Update to 7.3p1.

This is a major update to the latest stable version of OpenSSH.

* Drop not longer required patches.
* Drop SElinux support.

Fixes #11218.

Signed-off-by: Stefan Schantl <stefan.schantl@ipfire.org>
---
 openssh/openssh.nm                                 |    8 +-
 openssh/patches/openssh-6.7p1-audit.patch          | 2332 
--------------------
 .../patches/openssh-6.7p1-seccomp-aarch64.patch    |   66 -
 3 files changed, 3 insertions(+), 2403 deletions(-)
 delete mode 100644 openssh/patches/openssh-6.7p1-audit.patch
 delete mode 100644 openssh/patches/openssh-6.7p1-seccomp-aarch64.patch

- #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */
- 	SC_ALLOW(mmap2),