openssh: Update to version 9.7p1

  - Update from version 9.6p1 to 9.7p1
- Update of rootfile not required
- Changelog
    9.7p1
	Future deprecation notice
		OpenSSH plans to remove support for the DSA signature algorithm in
		 early 2025 and compile-time disable it later this year.
		DSA, as specified in the SSHv2 protocol, is inherently weak - being
		 limited to a 160 bit private key and use of the SHA1 digest. Its
		 estimated security level is only 80 bits symmetric equivalent.
		OpenSSH has disabled DSA keys by default since 2015 but has retained
		 run-time optional support for them. DSA was the only mandatory-to-
		 implement algorithm in the SSHv2 RFCs[3], mostly because alternative
		 algorithms were encumbered by patents when the SSHv2 protocol was
		 specified.
		This has not been the case for decades at this point and better
		 algorithms are well supported by all actively-maintained SSH
		 implementations. We do not consider the costs of maintaining DSA in
		 OpenSSH to be justified and hope that removing it from OpenSSH can
		 accelerate its wider deprecation in supporting cryptography
		 libraries.
		This release makes DSA support in OpenSSH compile-time optional,
		 defaulting to on. We intend the next release to change the default
		 to disable DSA at compile time. The first OpenSSH release of 2025
		 will remove DSA support entirely.
	This release contains mostly bugfixes.
	New features
		 * ssh(1), sshd(8): add a "global" ChannelTimeout type that watches
		    all open channels and will close all open channels if there is no
		    traffic on any of them for the specified interval. This is in
		    addition to the existing per-channel timeouts added recently.
		   This supports situations like having both session and x11
		    forwarding channels open where one may be idle for an extended
		    period but the other is actively used. The global timeout could
		    close both channels when both have been idle for too long.
		 * All: make DSA key support compile-time optional, defaulting to on.
	Bugfixes
		 * sshd(8): don't append an unnecessary space to the end of subsystem
		   arguments (bz3667)
		 * ssh(1): fix the multiplexing "channel proxy" mode, broken when
		   keystroke timing obfuscation was added. (GHPR#463)
		 * ssh(1), sshd(8): fix spurious configuration parsing errors when
		   options that accept array arguments are overridden (bz3657).
		 * ssh-agent(1): fix potential spin in signal handler (bz3670)
		 * Many fixes to manual pages and other documentation, including
		   GHPR#462, GHPR#454, GHPR#442 and GHPR#441.
		 * Greatly improve interop testing against PuTTY.
	Portability
		 * Improve the error message when the autoconf OpenSSL header check
		   fails (bz#3668)
		 * Improve detection of broken toolchain -fzero-call-used-regs support
		   (bz3645).
		 * Fix regress/misc/fuzz-harness fuzzers and make them compile without
		   warnings when using clang16

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
---
 lfs/openssh | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)
  

Excellent! Thank you!

> On 12 Mar 2024, at 08:55, Adolf Belka <adolf.belka@ipfire.org> wrote:
> 
> - Update from version 9.6p1 to 9.7p1
> - Update of rootfile not required
> - Changelog
>    9.7p1
> Future deprecation notice
> OpenSSH plans to remove support for the DSA signature algorithm in
> early 2025 and compile-time disable it later this year.
> DSA, as specified in the SSHv2 protocol, is inherently weak - being
> limited to a 160 bit private key and use of the SHA1 digest. Its
> estimated security level is only 80 bits symmetric equivalent.
> OpenSSH has disabled DSA keys by default since 2015 but has retained
> run-time optional support for them. DSA was the only mandatory-to-
> implement algorithm in the SSHv2 RFCs[3], mostly because alternative
> algorithms were encumbered by patents when the SSHv2 protocol was
> specified.
> This has not been the case for decades at this point and better
> algorithms are well supported by all actively-maintained SSH
> implementations. We do not consider the costs of maintaining DSA in
> OpenSSH to be justified and hope that removing it from OpenSSH can
> accelerate its wider deprecation in supporting cryptography
> libraries.
> This release makes DSA support in OpenSSH compile-time optional,
> defaulting to on. We intend the next release to change the default
> to disable DSA at compile time. The first OpenSSH release of 2025
> will remove DSA support entirely.
> This release contains mostly bugfixes.
> New features
> * ssh(1), sshd(8): add a "global" ChannelTimeout type that watches
>    all open channels and will close all open channels if there is no
>    traffic on any of them for the specified interval. This is in
>    addition to the existing per-channel timeouts added recently.
>   This supports situations like having both session and x11
>    forwarding channels open where one may be idle for an extended
>    period but the other is actively used. The global timeout could
>    close both channels when both have been idle for too long.
> * All: make DSA key support compile-time optional, defaulting to on.
> Bugfixes
> * sshd(8): don't append an unnecessary space to the end of subsystem
>   arguments (bz3667)
> * ssh(1): fix the multiplexing "channel proxy" mode, broken when
>   keystroke timing obfuscation was added. (GHPR#463)
> * ssh(1), sshd(8): fix spurious configuration parsing errors when
>   options that accept array arguments are overridden (bz3657).
> * ssh-agent(1): fix potential spin in signal handler (bz3670)
> * Many fixes to manual pages and other documentation, including
>   GHPR#462, GHPR#454, GHPR#442 and GHPR#441.
> * Greatly improve interop testing against PuTTY.
> Portability
> * Improve the error message when the autoconf OpenSSL header check
>   fails (bz#3668)
> * Improve detection of broken toolchain -fzero-call-used-regs support
>   (bz3645).
> * Fix regress/misc/fuzz-harness fuzzers and make them compile without
>   warnings when using clang16
> 
> Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
> ---
> lfs/openssh | 6 +++---
> 1 file changed, 3 insertions(+), 3 deletions(-)
> 
> diff --git a/lfs/openssh b/lfs/openssh
> index 3833f2ca7..315b1a70b 100644
> --- a/lfs/openssh
> +++ b/lfs/openssh
> @@ -1,7 +1,7 @@
> ###############################################################################
> #                                                                             #
> # IPFire.org - A linux based firewall                                         #
> -# Copyright (C) 2007-2023  IPFire Team  <info@ipfire.org>                     #
> +# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
> #                                                                             #
> # This program is free software: you can redistribute it and/or modify        #
> # it under the terms of the GNU General Public License as published by        #
> @@ -24,7 +24,7 @@
> 
> include Config
> 
> -VER        = 9.6p1
> +VER        = 9.7p1
> 
> THISAPP    = openssh-$(VER)
> DL_FILE    = $(THISAPP).tar.gz
> @@ -40,7 +40,7 @@ objects = $(DL_FILE)
> 
> $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
> 
> -$(DL_FILE)_BLAKE2 = dd7f6747fe89f7b386be4faaf7fc43398a9bf439e45608ae61c2126cf8743c64ef7b5af45c75e9007b0bda525f8809261ca0f2fc47ce60177ba769a5324719dd
> +$(DL_FILE)_BLAKE2 = 520859fcbdf678808fc8515b64585ab9a90a8055fa869df6fbba3083cb7f73ddb81ed9ea981e131520736a8aed838f85ae68ca63406a410df61039913c5cb48b
> 
> install : $(TARGET)
> 
> -- 
> 2.44.0
>