diff options
| author |   Wang Mingyu <wangmy@fujitsu.com> | 2024-01-02 15:02:33 +0800 |
|---|---|---|
| committer |   Armin Kuster <akuster808@gmail.com> | 2024-01-16 19:29:51 -0500 |
| commit | da9063bdfbe130f424ba487f167da68e0ce90e7d (patch) | |
| tree | aaafd6f0631407a8d5f27fe3ea427c3f274a478a | |
| parent | a1b8c2ac48a5c9d267b11536673076778967ced9 (diff) | |
| download | meta-openembedded-contrib-jansa/nanbield.tar.gz | |
libssh: upgrade 0.10.5 -> 0.10.6jansa/nanbield
0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch
0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch
refreshed for 0.10.6
Changelog:
==========
* Fix CVE-2023-6004: Command injection using proxycommand
* Fix CVE-2023-48795: Potential downgrade attack using strict kex
* Fix CVE-2023-6918: Missing checks for return values of MD functions
* Fix ssh_send_issue_banner() for CMD(PowerShell)
* Avoid passing other events to callbacks when poll is called recursively (#202)
* Allow @ in usernames when parsing from URI composes
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1bea2e8c3053e7ecffb04adaaded54555f2afa0b)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
| -rw-r--r-- | meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch | 10 | ||||
| -rw-r--r-- | meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch | 10 | ||||
| -rw-r--r-- | meta-oe/recipes-support/libssh/libssh_0.10.6.bb (renamed from meta-oe/recipes-support/libssh/libssh_0.10.5.bb) | 2 |
3 files changed, 9 insertions, 13 deletions
diff --git a/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch b/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch index 19775fa529..d2d1fb5955 100644 --- a/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch +++ b/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch @@ -1,4 +1,4 @@ -From 0cade4573334571055127a2d4fe3641e2397948d Mon Sep 17 00:00:00 2001 +From 49a8ae4d6f77434ed9f7a601b9df488b921e4a22 Mon Sep 17 00:00:00 2001 From: Khem Raj <raj.khem@gmail.com> Date: Mon, 20 Mar 2023 21:59:19 -0700 Subject: [PATCH] libgcrypt.c: Fix prototype of des3_encrypt/des3_decrypt @@ -18,15 +18,16 @@ TOPDIR/build/tmp/work/cortexa15t2hf-neon-yoe-linux-gnueabi/libssh/0.10.4-r0/git/ Upstream-Status: Pending Signed-off-by: Khem Raj <raj.khem@gmail.com> + --- src/libgcrypt.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libgcrypt.c b/src/libgcrypt.c -index da5588ad..e482b654 100644 +index f410d997..e3f66781 100644 --- a/src/libgcrypt.c +++ b/src/libgcrypt.c -@@ -469,12 +469,12 @@ static int des3_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) { +@@ -416,12 +416,12 @@ static int des3_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) { } static void des3_encrypt(struct ssh_cipher_struct *cipher, void *in, @@ -41,6 +42,3 @@ index da5588ad..e482b654 100644 gcry_cipher_decrypt(cipher->key[0], out, len, in, len); } --- -2.40.0 - diff --git a/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch b/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch index 0c7f53029e..d6bc75c3a6 100644 --- a/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch +++ b/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch @@ -1,4 +1,4 @@ -From d2525ba0bc7b11de12c54ea1a3d1eb862537136d Mon Sep 17 00:00:00 2001 +From 69a89e8f015802f61637fed0d3791d20a594f298 Mon Sep 17 00:00:00 2001 From: Yi Zhao <yi.zhao@windriver.com> Date: Wed, 15 Mar 2023 16:51:58 +0800 Subject: [PATCH] tests/CMakeLists.txt: do not search ssh/sshd commands on host @@ -9,12 +9,13 @@ not required by unittests, we can skip the search. Upstream-Status: Inappropriate [embedded specific] Signed-off-by: Yi Zhao <yi.zhao@windriver.com> + --- tests/CMakeLists.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt -index 22a36f37..aa32ca2e 100644 +index f5c30061..885c926a 100644 --- a/tests/CMakeLists.txt +++ b/tests/CMakeLists.txt @@ -86,6 +86,7 @@ set(TEST_TARGET_LIBRARIES @@ -25,7 +26,7 @@ index 22a36f37..aa32ca2e 100644 # OpenSSH Capabilities are required for all unit tests find_program(SSH_EXECUTABLE NAMES ssh) if (SSH_EXECUTABLE) -@@ -293,6 +294,7 @@ if (CLIENT_TESTING OR SERVER_TESTING) +@@ -302,6 +303,7 @@ if (CLIENT_TESTING OR SERVER_TESTING) message(STATUS "TORTURE_ENVIRONMENT=${TORTURE_ENVIRONMENT}") endif () @@ -33,6 +34,3 @@ index 22a36f37..aa32ca2e 100644 configure_file(tests_config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/tests_config.h) --- -2.25.1 - diff --git a/meta-oe/recipes-support/libssh/libssh_0.10.5.bb b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb index f33987acf5..31f29c1b7d 100644 --- a/meta-oe/recipes-support/libssh/libssh_0.10.5.bb +++ b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb @@ -11,7 +11,7 @@ SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable file://0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch \ file://run-ptest \ " -SRCREV = "479eca13aaaa46b43e68c52186e3783f06ae6f34" +SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6" S = "${WORKDIR}/git" |