openssh-keycat-8.7p1-43.el9> M Mv ĉJ4!!%joLne)Ip-Bm5 ']g)zreleng@rockylinux.org p-Bm5 ']\_8(' Fk?7<̠5ħɥ+9#Hд $E k~[}yaFӡ&8YmTZmH"y*߅ Y2ԩOus-V7:+K͂=xd&z*Yg3.9Eb072Z /$a IR׹1'덏{e?^C{Qq1,u-fVCj6f\$MJo׈̋;7hӽnnu! 3M͓yMcfkYV#.0U%Y3=Rƙwߍ[UorLv p[Uwoe!&;8955be62032d56565af1d78215a485981e155ad92bb71870733a300e46cabc2f13c50b42521ec8b06d630fa2c68959bf7ac628a9Fn{][mJ>'c>=#?#}d  ?  LX}     :Xt(<8H!9!: W!GlHIXY\]^fbd!6e!;f!@l!Ct!\u!xv!w"|x"y""""#8#<Copenssh-keycat8.7p143.el9A mls keycat backend for opensshOpenSSH mls keycat is backend for using the authorized keys in the openssh in the mls mode.g)pb-a9d44074-72c7-442f-95ed-dcc4208b36d9-b-aarch64Rocky Linux 9.5Rocky Enterprise Software FoundationBSDRocky Linux Build System (Peridot) Unspecifiedhttp://www.openssh.com/portable.htmllinuxaarch64U* ȁAAA큤g)ig)kg)kg)kg)jg)kg)010e60034729e34223da00495b544c41d7fb7a6b75455bec748d7990afb8b09054d97664d6472cc898e1a17ff0e6892dfe5726a54d656074a56cd53421bd319d3dcb91e3e897c6675060638507344fe70603d164a7b2ace552aaf5d2c69d3f32../../../../usr/libexec/openssh/ssh-keycatrootrootrootrootrootrootrootrootrootrootrootrootrootrootopenssh-8.7p1-43.el9.src.rpmconfig(openssh-keycat)openssh-keycatopenssh-keycat(aarch-64)@@@@@@@@@@@@@    @config(openssh-keycat)ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.26)(64bit)libc.so.6(GLIBC_2.33)(64bit)libc.so.6(GLIBC_2.34)(64bit)libcrypt.so.2()(64bit)libcrypto.so.3()(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libselinux.so.1()(64bit)libz.so.1()(64bit)opensshrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsZstd)rtld(GNU_HASH)8.7p1-43.el98.7p1-43.el93.0.4-14.6.0-14.0-15.4.18-14.16.1.3f&@ff]@f3@f(@e@e@e@e6`@d!dZ@dm@dcp@dA)@d.@c@c@c @c]c-c,N@bbb@bVb@b@b@b@bγbb@bbDmitry Belyavskiy - 8.7p1-43Dmitry Belyavskiy - 8.7p1-42Dmitry Belyavskiy - 8.7p1-41Zoltan Fridrich - 8.7p1-40Dmitry Belyavskiy - 8.7p1-39Dmitry Belyavskiy - 8.7p1-38Dmitry Belyavskiy - 8.7p1-37Dmitry Belyavskiy - 8.7p1-36Dmitry Belyavskiy - 8.7p1-35Dmitry Belyavskiy - 8.7p1-34Dmitry Belyavskiy - 8.7p1-33Norbert Pocs - 8.7p1-32Norbert Pocs - 8.7p1-31Dmitry Belyavskiy - 8.7p1-30Dmitry Belyavskiy - 8.7p1-29Dmitry Belyavskiy - 8.7p1-28Zoltan Fridrich - 8.7p1-27Dmitry Belyavskiy - 8.7p1-26Dmitry Belyavskiy - 8.7p1-25Dmitry Belyavskiy - 8.7p1-24Dmitry Belyavskiy - 8.7p1-23Dmitry Belyavskiy - 8.7p1-22Dmitry Belyavskiy - 8.7p1-21Zoltan Fridrich - 8.7p1-20 + 0.10.4-5Dmitry Belyavskiy - 8.7p1-19 + 0.10.4-5Zoltan Fridrich - 8.7p1-18Dmitry Belyavskiy - 8.7p1-17Zoltan Fridrich - 8.7p1-16Dmitry Belyavskiy - 8.7p1-15Dmitry Belyavskiy - 8.7p1-14Zoltan Fridrich - 8.7p1-13Dmitry Belyavskiy - 8.7p1-12Zoltan Fridrich - 8.7p1-11- Possible remote code execution due to a race condition (CVE-2024-6409) Resolves: RHEL-45741- Possible remote code execution due to a race condition (CVE-2024-6387) Resolves: RHEL-45348- Fix ssh multiplexing connect timeout processing Resolves: RHEL-37748- Correctly audit hostname and IP address Resolves: RHEL-22316 - Make default key sizes configurable in sshd-keygen Resolves: RHEL-26454- Use FIPS-compatible API for key derivation Resolves: RHEL-32809- Fix Terrapin attack Resolves: CVE-2023-48795- Fix Terrapin attack Resolves: CVE-2023-48795- Fix Terrapin attack Resolves: CVE-2023-48795 - Relax OpenSSH build-time checks for OpenSSL version Related: RHEL-4734 - Forbid shell metasymbols in username/hostname Resolves: CVE-2023-51385- Relax OpenSSH checks for OpenSSL version Resolves: RHEL-4734 - Limit artificial delays in sshd while login using AD user Resolves: RHEL-2469 - Move users/groups creation logic to sysusers.d fragments Resolves: RHEL-5222- Avoid remote code execution in ssh-agent PKCS#11 support Resolves: CVE-2023-38408- Allow specifying validity interval in UTC Resolves: rhbz#2115043- Fix pkcs11 issue with the recent changes - Delete unnecessary log messages from previous compl-dh patch - Add ssh_config man page explanation on rhbz#2068423 - Resolves: rhbz#2207793, rhbz#2209096- Fix minor issues with openssh-8.7p1-evp-fips-compl-dh.patch: - Check return values - Use EVP API to get the size of DH - Add some log debug lines - Related: rhbz#2091694- Some non-terminating processes were listening on ports. Resolves: rhbz#2177768 - On sshd startup, we check whether signing using the SHA1 for signing is available and don't use it when it isn't. - On ssh private key conversion we explicitly use SHA2 for testing RSA keys. - In sshd, when SHA1 signatures are unavailable, we fallback (fall forward :) ) to SHA2 on host keys proof confirmation. - On a client side we permit SHA2-based proofs from server when requested SHA1 proof (or didn't specify the hash algorithm that implies SHA1 on the client side). It is aligned with already present exception for RSA certificates. - We fallback to SHA2 if SHA1 signatures is not available on the client side (file sshconnect2.c). - We skip dss-related tests (they don't work without SHA1). Resolves: rhbz#2070163 - FIPS compliance efforts for dh, ecdh and signing Resolves: rhbz#2091694- Resolve possible self-DoS with some clients Resolves: rhbz#2186473- Do not try to use SHA1 for host key ownership proof when we don't support it server-side Resolves: rhbz#2088750- Add sk-dummy subpackage for test purposes Resolves: rhbz#2092780- Fix one-byte overflow in SSH banner processing Resolves: rhbz#2138345 - Fix double free() in error path Resolves: rhbz#2138347- Build fix after OpenSSL rebase Resolves: rhbz#2153626- Set minimal value of RSA key length via configuration option - support both names Resolves: rhbz#2128352- Set minimal value of RSA key length via configuration option Resolves: rhbz#2128352- Avoid spirous message on connecting to the machine with ssh-rsa keys Related: rhbz#2115246 - Set minimal value of RSA key length via configuration option Related: rhbz#2066882- IBMCA workaround Related: rhbz#1976202- Fix openssh-8.7p1-scp-clears-file.patch Related: rhbz#2056884- FIX pam_ssh_agent_auth auth for RSA keys Related: rhbz#2070113- Fix new coverity issues Related: rhbz#2068423- Disable ed25519 and ed25519-sk keys in FIPS mode Related: rhbz#2087915- Don't propose disallowed algorithms during hostkey negotiation Resolves: rhbz#2068423- Disable ed25519 and ed25519-sk keys in FIPS mode Related: rhbz#2087915- Disable ed25519 and ed25519-sk keys in FIPS mode Related: rhbz#2087915- Add reference for policy customization in ssh/sshd_config manpages Resolves: rhbz#1984575- Disable sntrup761x25519-sha512 in FIPS mode Related: rhbz#2070628 - Disable ed25519 and ed25519-sk keys in FIPS mode Related: rhbz#2087915- Fix scp clearing file when src and dest are the same Resolves: rhbz#2056884 - Add missing options from ssh_config into ssh manpage Resolves: rhbz#2033372 - Fix several memory leaks Related: rhbz#2068423 - Fix gssapi authentication failures Resolves: rhbz#2091023 - Fix host-based authentication with rsa keys Resolves: rhbz#20889168.7p1-43.el98.7p1-43.el98.7p1-43.el9ssh-keycat.build-id899de54ce1c5b9f9657862fe6f55321c7d6adc3fssh-keycatopenssh-keycatHOWTO.ssh-keycat/etc/pam.d//usr/lib//usr/lib/.build-id//usr/lib/.build-id/89//usr/libexec/openssh//usr/share/doc//usr/share/doc/openssh-keycat/-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpiozstd19aarch64-redhat-linux-gnuASCII textdirectoryELF 64-bit LSB pie executable, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, BuildID[sha1]=899de54ce1c5b9f9657862fe6f55321c7d6adc3f, for GNU/Linux 3.7.0, strippedRR RRRRR R R RR RRRutf-8b4065f417e1c08850a59f1db3f6c4a05f4d2206dfe6fefffaf2b241bf7fcde638a3d9aa138ec46ec010fd81fececc8c275f6bfaa039097ef315eb6cf9dd9d61a?0(/hINO Da[c(F^QJL8٦G2rT8.y.ЁTp%!VkM7O -` H)S߳$b(ayYL {|c8˞tCC?5,w n=/{]$z~dTAŸz磍Cꛥ>Xi/^\|a/X0JoT7 c#Ϗ/Onx+?8,^5ғ2 HzrqHO0ғway9|R =IC,$1.s2gs_8#:b=y)!Qx2OVɑ/|9G!k)orV?3hZ#& _3<ʞ4kfFS2Lzcbcre(gG9̓Qb,158\`ћVumCF`\a>=6Pچ!0QMP,ո#6~2h+1C^ _#-at u QCHъwX밸u+tGB̢F`J5'|4On#Gʈ|x0W2}OKOWRxaon,92|kRDF~orf=МE=R!8ocoWH4$ӕe?+8`~T+ QIFFYwa=w+WP=<-Ά>@1CA)ko/A 9(a~7Aɳ@Nqrss=w/{y卥+VA~ r7 jQd-D>  +0Ng\E~v D(P8o ^*y#ec_iCa8XZO+`|셃v AƣBUӑ}pau,["Dzñ &?ʂ|K'Y) bO'WN{1U}qhjW7D@MqIZ{][,U=^] pCDYt9A^9y'F踌ɩE?`w&A"}oZ/W6w q=,ô-W&(XA, Oꚉq9M,pH/?>XAh~8Ќ4 Jo!< cԆ31 `'ɺըr↎%47 !0Imț=dz#Vx@C4,l=!5J:(.ٲ"e !%G3>YLz_ PgLLqÊGAw oT*! p8sKxzbAc$[SpRS0Jm*Sj32Ha12 !pgnp2&i%LS29"eEB#)"PG੒3R"q&BT-Z`!eKK%UYws+J@« R]eic хS6%tĚ47hvir6vΣ/SQWgda>3c2tuI,w5Jpf̣KW/^pG.lPpftްP`ੀl~ф"n0.},wA A(}`6f -*!}?#{$:ϦA.MbXh>P_gc_&Ƽ$J~=(J0EC66 vjWmf_,MM`@Ͱu l)LDlfmۚ4 KMf-nv].[T+7jhժY4{wnVml˭POim[f_4iiv\[nvbWFމz]@5ԥ-;?A$r ނ%`i5iΔXΓtH Sä$w[MI:RY2H-!YbF/a/^ɗ[[j!s{}LxQ@ WvTO5b'b2u9D] Pka݅|n>q8:9SF%GO;Bf,ux'g #㏯}v"1 M,s@7?!ag$y&2g—0Ѕ8 7)'7A˗ߊ&ʢ1BSd87G =hbx~XI|38 5JJmM)wԞg)WmΚiլRf%Ҳ] r˾Zj٭}PIZgc!/3S[kvZֶ̺kVMyo*:gЙ6aZv;6 ۪yϠL2 21(i՞Rlm}vW2l,Si9iG-?WHqu%'t@MO0xwnaG̸⟎ɢx."C&GC&6Fv!TlJP0z޷4;Q-,jjf~*njF6Fe]Yb͘6eb̗[>chvP{:%$Xz>]H (0fiHs^ 1sGuwtoؐ^fHB=Rh>\I0͌M̢;5N8g4Fdn'!pq\y &Ni~hi0  =+=֪&0uU(a %Q @) М(lKvC|[ \':.34<]+r|d8E2}ʢ-LJBt!$D '  /|SBiHo r"T;R34%$ V`оqw)χC-FnX2CR~uh<6@h@&iLM SW!J3242"2&i35)$"+"+-6eZ(*HQc # H %$2l>YTirt = o9LYVuzҘkaGkkl5c$;Yx8+X,:3d DN#.&>`V+S1s#hBڨ<->:m4n)Ov'@WG lj7u͌9}E>I\>]E%_nh3h_=:@ wTxM!M.\"*c9ir~8}9᧝2nax-n1Pe>#GrDGԫsxݏS{54m'lOXB~(DN\&yAw;'O{;;i.:v_Ç2p+{g}!·b{6XpGkl_13p-ςwVуǾ :\C8tu͏֯nKZ =+ n|nvec/s}̋o~o{5Hw:W .J>O96GN)p9gq% 3pŵ;8y/0KiNb:W>߳NZ~{YgyaΒm4x+[ ȷz*v Y> 3oc+FTP_^I}b>н}O|<%ӽ7X73܋\Cl$ALrR og ЪW>M3;Q)H뱑x\c\FŃ?=7[8DQgCnO6\}x>&:>B\<| .]Eu~}5t7|k]Wb_:; ڣJ 3Ҥ+,O 5S ?'cv,$[.`7oGz_~󻷏ރǏ\8:Q9ՉSZ 3SJoD[q|*|_C_yS.vw95i-a9zOFgD^͕Y܅_0C cue6G9H_5q|O<.c|Q?پk~SPKiH4ߞTM6#k30waW1@c~sl mnsNl"p6-Q)~fY#+v]CmeI83{VJt꺵ZֶuY^j-k[˺e/kO)IIN$%9I,%iTJR4IINTkRԢJQ {3i"1L&aQWiV vU¤n@q4|70=i56KR\JP` `mūۨ8Bq<_ZBl('A{!<̀շk'# mHDI/bB?kYȫ)=yJWY=T3-SzwuV荄,fvRR#S6tF S9G$g\`;ۼ=m vkߘ>k;-uŭm[mMoyn-OZ8WYbAG ́>:90Le0̭oX3q!y`nL2ǩ$W]h4Yz,n oXؚ`oXikK 9?nUL*a>H辭4g*Or>izXV @FO7|ޜ&MqarTHs^Kp=Y0b2|! t@YDG T>Z$7 ƖRx