Bug 1190921 – update tmate to 2.4

Bug 1190921 - update tmate to 2.4


Summary:	update tmate to 2.4

Status:	NEW

Classification:	openSUSE
Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security
Version:	Leap 15.2
Hardware:	x86-64 openSUSE Leap 15.2

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assigned To:	Andreas Schneider
QA Contact:	E-mail List

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2021-09-27 08:59 UTC by Bernhard Wiedemann
Modified:	2021-10-04 10:20 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Development
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernhard Wiedemann 2021-09-27 08:59:04 UTC

We run our own internal tmate server and I was thinking that upgrading tmate in Leap to 2.4 might be worth it.

Pro:
* MD5 has known collisions and it would be good to replace it with secure SHA256
* having 2.4 everywhere reduces friction for users:
  providing users with different fingerprint configs for 2.2.x and 2.4 is harder

Con:
* the way MD5 is used in tmate, might not be affected by collisions
* all users of custom tmate servers will need to update their configs
  - how do we notify them?


Alternatively, could we add a tmate24 package to Leap Update repos?