Index: /branches/rel_apv_10_7/usr/click/bin/backend/sys_cmd.c =================================================================== --- /branches/rel_apv_10_7/usr/click/bin/backend/sys_cmd.c (revision 38355) +++ /branches/rel_apv_10_7/usr/click/bin/backend/sys_cmd.c (working copy) @@ -4708,7 +4708,7 @@ return 0; } -#define SSH_SUPPORT_CIPHERS "aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com" +#define SSH_SUPPORT_CIPHERS "aes128-cbc,aes192-cbc,aes256-cbc,aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com" int check_ssh_ciphers_legal(char* new_ciphers) @@ -4962,7 +4962,7 @@ return 0; } -#define DEFAULT_SSH_CIPHERS "aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com,chacha20-poly1305@openssh.com" +#define DEFAULT_SSH_CIPHERS "aes128-ctr,aes192-ctr,aes256-ctr,aes128-gcm@openssh.com,aes256-gcm@openssh.com" int ui_ssh_ciphers(char* new_cipher) Index: /branches/rel_apv_10_7/usr/click/bin/openssh/CVE-2023-48795-mitigation.patch =================================================================== --- /branches/rel_apv_10_7/usr/click/bin/openssh/CVE-2023-48795-mitigation.patch (nonexistent) +++ /branches/rel_apv_10_7/usr/click/bin/openssh/CVE-2023-48795-mitigation.patch (working copy) @@ -0,0 +1,19 @@ +--- myproposal.h 2024-06-14 10:19:37.366799879 +0800 ++++ myproposal_edit.h 2024-06-14 10:20:19.886789628 +0800 +@@ -57,16 +57,12 @@ + "rsa-sha2-256" + + #define KEX_SERVER_ENCRYPT \ +- "chacha20-poly1305@openssh.com," \ + "aes128-ctr,aes192-ctr,aes256-ctr," \ + "aes128-gcm@openssh.com,aes256-gcm@openssh.com" + + #define KEX_CLIENT_ENCRYPT KEX_SERVER_ENCRYPT + + #define KEX_SERVER_MAC \ +- "umac-128-etm@openssh.com," \ +- "hmac-sha2-256-etm@openssh.com," \ +- "hmac-sha2-512-etm@openssh.com," \ + "umac-128@openssh.com," \ + "hmac-sha2-256," \ + "hmac-sha2-512" Index: /branches/rel_apv_10_7/usr/click/bin/openssh/build.sh =================================================================== --- /branches/rel_apv_10_7/usr/click/bin/openssh/build.sh (revision 38355) +++ /branches/rel_apv_10_7/usr/click/bin/openssh/build.sh (working copy) @@ -20,6 +20,7 @@ else patch -p1 < ../array_patch patch -p0 < ../weak_mac.patch + patch -p0 < ../CVE-2023-48795-mitigation.patch if [ $? -ne 0 ] then echo "array_patch failed!"