openssh: Update to version 9.9p2

- Update from version 9.9p1 to 9.9p2
- Update of rootfile not required
- Changelog
    9.9p2
	Security
		* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
		  (inclusive) contained a logic error that allowed an on-path
		  attacker (a.k.a MITM) to impersonate any server when the
		  VerifyHostKeyDNS option is enabled. This option is off by default.
		* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
		  (inclusive) is vulnerable to a memory/CPU denial-of-service related
		  to the handling of SSH2_MSG_PING packets. This condition may be
		  mitigated using the existing PerSourcePenalties feature.
		Both vulnerabilities were discovered and demonstrated to be exploitable
		by the Qualys Security Advisory team. We thank them for their detailed
		review of OpenSSH.
	Bugfixes
		 * ssh(1), sshd(8): fix regression in Match directive that caused
		   failures when predicates and their arguments were separated by '='
		   characters instead of whitespace (bz3739).
		 * sshd(8): fix the "Match invalid-user" predicate, which was matching
		   incorrectly in the initial pass of config evaluation.
		 * ssh(1), sshd(8), ssh-keyscan(1): fix mlkem768x25519-sha256 key
		   exchange on big-endian systems.
		 * Fix a number of build problems on particular operating systems /
		   configurations.

Signed-off-by: Adolf Belka <adolf.belka@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/lfs/openssh b/lfs/openssh
index b1c9a1635eadd18ef7054010c60b84525ff8a84a..f2165a96de1117cb66fd175a4a6b8288074c0752 100644 (file)
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -1,7 +1,7 @@
 ###############################################################################
 #                                                                             #
 # IPFire.org - A linux based firewall                                         #
-# Copyright (C) 2007-2024  IPFire Team  <info@ipfire.org>                     #
+# Copyright (C) 2007-2025  IPFire Team  <info@ipfire.org>                     #
 #                                                                             #
 # This program is free software: you can redistribute it and/or modify        #
 # it under the terms of the GNU General Public License as published by        #
@@ -24,7 +24,7 @@
 
 include Config
 
-VER        = 9.9p1
+VER        = 9.9p2
 
 THISAPP    = openssh-$(VER)
 DL_FILE    = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
 
 $(DL_FILE) = $(DL_FROM)/$(DL_FILE)
 
-$(DL_FILE)_BLAKE2 = 817d267e42b8be74a13e0cfd7999bdb4dab6355c7f62c1a4dd89adad310c5fb7fe3f17109ce1a36cd269a3639c1b8f1d18330c615ab3b419253ec027cfa20997
+$(DL_FILE)_BLAKE2 = 1b5bc09482b3a807ccfee52c86c6be3c363acf0c8e774862e0ae64f76bfeb4ce7cf29b3ed2f99c04c89bb4977da0cf50a7a175b15bf1d9925de1e03c66f8306d
 
 install : $(TARGET)