openssh: upgrade 9.4p1 -> 9.5p1

Message ID	1697187758-4439-1-git-send-email-wangmy@fujitsu.com
State	Accepted, archived
Commit	1f7a8aedecae81339d71c40f4cf7f6d1e5e4286c
Headers	show Return-Path: <wangmy@fujitsu.com> ip: 68.232.139.139, mailfrom: wangmy@fujitsu.com) From: wangmy@fujitsu.com To: openembedded-core@lists.openembedded.org Cc: Wang Mingyu <wangmy@fujitsu.com> Subject: [OE-core] [PATCH] openssh: upgrade 9.4p1 -> 9.5p1 Date: Fri, 13 Oct 2023 17:02:38 +0800 Message-Id: <1697187758-4439-1-git-send-email-wangmy@fujitsu.com>
Series	openssh: upgrade 9.4p1 -> 9.5p1 \| expand openssh: upgrade 9.4p1 -> 9.5p1

Message ID

1697187758-4439-1-git-send-email-wangmy@fujitsu.com

State

Accepted, archived

Commit

1f7a8aedecae81339d71c40f4cf7f6d1e5e4286c

Headers

From: wangmy@fujitsu.com
To: openembedded-core@lists.openembedded.org
Cc: Wang Mingyu <wangmy@fujitsu.com>
Subject: [OE-core] [PATCH] openssh: upgrade 9.4p1 -> 9.5p1
Date: Fri, 13 Oct 2023 17:02:38 +0800
Message-Id: <1697187758-4439-1-git-send-email-wangmy@fujitsu.com>

Series

openssh: upgrade 9.4p1 -> 9.5p1 | expand

Commit Message

Mingyu Wang (Fujitsu) Oct. 13, 2023, 9:02 a.m. UTC

From: Wang Mingyu <wangmy@fujitsu.com>

Changelog:
===========
Potentially incompatible changes
--------------------------------

 * ssh-keygen(1): generate Ed25519 keys by default. Ed25519 public keys
   are very convenient due to their small size. Ed25519 keys are
   specified in RFC 8709 and OpenSSH has supported them since version 6.5
   (January 2014).
    
 * sshd(8): the Subsystem directive now accurately preserves quoting of
   subsystem commands and arguments. This may change behaviour for exotic
   configurations, but the most common subsystem configuration
   (sftp-server) is unlikely to be affected.

New features
------------

 * ssh(1): add keystroke timing obfuscation to the client. This attempts
   to hide inter-keystroke timings by sending interactive traffic at
   fixed intervals (default: every 20ms) when there is only a small
   amount of data being sent. It also sends fake "chaff" keystrokes for
   a random interval after the last real keystroke. These are
   controlled by a new ssh_config ObscureKeystrokeTiming keyword.
    
 * ssh(1), sshd(8): Introduce a transport-level ping facility. This adds
   a pair of SSH transport protocol messages SSH2_MSG_PING/PONG to
   implement a ping capability. These messages use numbers in the "local
   extensions" number space and are advertised using a "ping@openssh.com"
   ext-info message with a string version number of "0".
    
 * sshd(8): allow override of Subsystem directives in sshd Match blocks.

Bugfixes
--------

 * scp(1): fix scp in SFTP mode recursive upload and download of
   directories that contain symlinks to other directories. In scp mode,
   the links would be followed, but in SFTP mode they were not. bz3611
    
 * ssh-keygen(1): handle cr+lf (instead of just cr) line endings in
   sshsig signature files.
    
 * ssh(1): interactive mode for ControlPersist sessions if they
   originally requested a tty.
    
 * sshd(8): make PerSourceMaxStartups first-match-wins
    
 * sshd(8): limit artificial login delay to a reasonable maximum (5s)
   and don't delay at all for the "none" authentication mechanism.cw
    bz3602
    
 * sshd(8): Log errors in kex_exchange_identification() with level
   verbose instead of error to reduce preauth log spam. All of those
   get logged with a more generic error message by sshpkt_fatal().
    
 * sshd(8): correct math for ClientAliveInterval that caused the probes
    to be sent less frequently than configured.
    
 * ssh(1): fix regression in OpenSSH 9.4 (mux.c r1.99) that caused
   multiplexed sessions to ignore SIGINT under some circumstances.

Portability
-----------

 * Avoid clang zero-call-used-regs=all bug on Apple compilers, which
   for some reason have version numbers that do not match the upstream
   clang version numbers. bz#3584

 * Fix configure test for zlib 1.3 and later/development versions. bz3604

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
---
 .../openssh/{openssh_9.4p1.bb => openssh_9.5p1.bb}              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssh/{openssh_9.4p1.bb => openssh_9.5p1.bb} (98%)

diff --git a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb b/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
similarity index 98%
rename from meta/recipes-connectivity/openssh/openssh_9.4p1.bb
rename to meta/recipes-connectivity/openssh/openssh_9.5p1.bb
index e2508aa63a..67087c5157 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.4p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.5p1.bb
@@ -26,7 +26,7 @@  SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://add-test-support-for-busybox.patch \
            file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
            "
-SRC_URI[sha256sum] = "3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85"
+SRC_URI[sha256sum] = "f026e7b79ba7fb540f75182af96dc8a8f1db395f922bbc9f6ca603672686086b"
 
 CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."

openssh: upgrade 9.4p1 -> 9.5p1

Commit Message

Patch