openssh-server-9.9p1-12.el10_1.alma.1 RPM for x86_64_v2

From AlmaLinux 10.1 BaseOS for x86_64_v2

OpenSSH is a free version of SSH (Secure SHell), a program for logging
into and executing commands on a remote machine. This package contains
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
securely connect to your SSH server.

Provides

• openssh-server
• config(openssh-server)
• group(sshd)
• openssh-server(x86-64)
• user(sshd)

Requires

• /bin/sh
• /bin/sh
• /bin/sh
• /bin/sh
• /usr/bin/bash
• /usr/sbin/useradd
• config(openssh-server) = 9.9p1-12.el10_1.alma.1
• crypto-policies >= 20220824-1
• libaudit.so.1()(64bit)
• libc.so.6()(64bit)
• libc.so.6(GLIBC_2.14)(64bit)
• libc.so.6(GLIBC_2.17)(64bit)
• libc.so.6(GLIBC_2.2.5)(64bit)
• libc.so.6(GLIBC_2.25)(64bit)
• libc.so.6(GLIBC_2.26)(64bit)
• libc.so.6(GLIBC_2.3)(64bit)
• libc.so.6(GLIBC_2.3.4)(64bit)
• libc.so.6(GLIBC_2.33)(64bit)
• libc.so.6(GLIBC_2.34)(64bit)
• libc.so.6(GLIBC_2.36)(64bit)
• libc.so.6(GLIBC_2.38)(64bit)
• libc.so.6(GLIBC_2.4)(64bit)
• libc.so.6(GLIBC_2.6)(64bit)
• libc.so.6(GLIBC_2.8)(64bit)
• libc.so.6(GLIBC_ABI_DT_RELR)(64bit)
• libcom_err.so.2()(64bit)
• libcrypt.so.2()(64bit)
• libcrypt.so.2(XCRYPT_2.0)(64bit)
• libcrypto.so.3()(64bit)
• libcrypto.so.3(OPENSSL_3.0.0)(64bit)
• libgssapi_krb5.so.2()(64bit)
• libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)
• libkrb5.so.3()(64bit)
• libkrb5.so.3(krb5_3_MIT)(64bit)
• libpam.so.0()(64bit)
• libpam.so.0(LIBPAM_1.0)(64bit)
• libselinux.so.1()(64bit)
• libselinux.so.1(LIBSELINUX_1.0)(64bit)
• libz.so.1()(64bit)
• openssh = 9.9p1-12.el10_1.alma.1
• pam >= 1.0.1-3
• rpmlib(CompressedFileNames) <= 3.0.4-1
• rpmlib(FileDigests) <= 4.6.0-1
• rpmlib(PayloadFilesHavePrefix) <= 4.0-1
• rpmlib(PayloadIsZstd) <= 5.4.18-1
• rtld(GNU_HASH)
• systemd
• systemd
• systemd

License

BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant

Changelog

* Wed Dec 17 2025 Koichiro Iwao <meta@almalinux.org> - 9.9p1-12.alma.1
  - Unpatch Red Hat help message
* Mon Dec 08 2025 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-12
  - CVE-2025-61984: Reject usernames with control characters
    Resolves: RHEL-128397
  - CVE-2025-61985: Reject URL-strings with NULL characters
    Resolves: RHEL-128387
* Fri Jul 18 2025 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-11
  - Move the redhat help message to debug1 log level
    Resolves: RHEL-93957
* Thu Jun 26 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-10
  - Support for authentication indicators in OpenSSH
    Resolves: RHEL-40790
* Tue Apr 29 2025 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-9
  - CVE-2025-32728: Fix logic error in DisableForwarding option
    Resolves: RHEL-86819
  - Provide better error for non-supported private keys
    Resolves: RHEL-68124
  - Ignore bad hostkeys in known_hosts file
    Resolves: RHEL-83644
* Thu Mar 20 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-8
  - OpenSSH should not use its own implementation of MLKEM
    Resolves: RHEL-58252
  - Correct processing of Compression directive
    Resolves: RHEL-68346
  - Supress systemd warning
    Resolves: RHEL-84816
* Tue Feb 18 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-7
  - rebuilt
    Related: RHEL-78699
* Thu Feb 13 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-6
  - Fix regression of Match directive processing
    Related: RHEL-76317
  - Fix missing error codes set and invalid error code checks in OpenSSH. It
    prevents memory exhaustion attack and a MITM attack when VerifyHostKeyDNS
    is on (CVE-2025-26465, CVE-2025-26466).
    Resolves: RHEL-78699
    Resolves: RHEL-78943
* Mon Jan 27 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-5
  - Fix regression of Match directive processing
    Resolves: RHEL-76317
  - Avoid linking issues for openssl logging
    Related: RHEL-63190
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 9.9p1-4.1
  - Bump release for October 2024 mass rebuild:
    Resolves: RHEL-64018
* Mon Oct 28 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-4
  - Fix MLKEM for BE platforms
    Related: RHEL-60564
* Fri Oct 18 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-3
  - Extra help information should not be printed if stderr is not a TTY
    Resolves: RHEL-63061
  - Provide details on crypto error instead of "error in libcrypto"
    Resolves: RHEL-63190
* Tue Oct 15 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-2
  - Resolve memory management issues after rebase
    Related: RHEL-60564
  - Add extra help information on ssh early failure
    Resolves: RHEL-62718
* Thu Oct 10 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-1
  - Update to OpenSSH 9.9p1
    Resolves: RHEL-60564
  - Separate ssh-keysign to a dedicated package
    Resolves: RHEL-62112
  - Use FIPS KEX defaults in FIPS mode
    Resolves: RHEL-58986
* Mon Sep 16 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-6
  - rebuilt
    Related: RHEL-59024
* Mon Aug 26 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-5
  - Restore GSS connectivity when no hostkeys are present
    Related: RHEL-42635
  - Add missing gsskeyex authentication method
    Related: RHEL-42635
  - "publickey-hostbound@openssh.com" extension makes no sense with GSS
    Related: RHEL-42635
* Fri Aug 16 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-4
  - Address SAST scan issues
    Resolves: RHEL-36766
  - Remove obsoleted patches
    Related: RHEL-42635
* Mon Aug 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-3
  - sshd doesn't propose to enter password again when a non-existing user is specified
    Resolves: RHEL-11981
  - Reenabling self-test on rpm build
    Related: RHEL-42635
* Fri Jul 26 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.8p1-2.0
  - Temporary disabling self-test
    Related: RHEL-42635
  - Change ssh-keygen defaults in FIPS mode
    Resolves: RHEL-37324
  - Use FIPS-compatible API for key d