diff mbox series

[meta-oe] libssh: upgrade 0.10.5 -> 0.10.6

Message ID 1704178953-7826-1-git-send-email-wangmy@fujitsu.com
State Accepted
Headers show
Series [meta-oe] libssh: upgrade 0.10.5 -> 0.10.6 | expand

Commit Message

Mingyu Wang (Fujitsu) Jan. 2, 2024, 7:02 a.m. UTC 
From: Wang Mingyu <wangmy@fujitsu.com>

0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch
0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch
refreshed for 0.10.6

Changelog:
==========
* Fix CVE-2023-6004: Command injection using proxycommand
* Fix CVE-2023-48795: Potential downgrade attack using strict kex
* Fix CVE-2023-6918: Missing checks for return values of MD functions
* Fix ssh_send_issue_banner() for CMD(PowerShell)
* Avoid passing other events to callbacks when poll is called recursively (#202)
* Allow @ in usernames when parsing from URI composes

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
---
 ...pt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch | 10 ++++------
 ...MakeLists.txt-do-not-search-ssh-sshd-commands.patch | 10 ++++------
 .../libssh/{libssh_0.10.5.bb => libssh_0.10.6.bb}      |  2 +-
 3 files changed, 9 insertions(+), 13 deletions(-)
 rename meta-oe/recipes-support/libssh/{libssh_0.10.5.bb => libssh_0.10.6.bb} (96%)

Comments

Khem Raj Jan. 8, 2024, 2:46 a.m. UTC | #1 
On Tue, 02 Jan 2024 15:02:33 +0800, wangmy@fujitsu.com wrote:
> 0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch
> 0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch
> refreshed for 0.10.6
> 
> Changelog:
> ==========
> * Fix CVE-2023-6004: Command injection using proxycommand
> * Fix CVE-2023-48795: Potential downgrade attack using strict kex
> * Fix CVE-2023-6918: Missing checks for return values of MD functions
> * Fix ssh_send_issue_banner() for CMD(PowerShell)
> * Avoid passing other events to callbacks when poll is called recursively (#202)
> * Allow @ in usernames when parsing from URI composes
> 
> [...]

Applied, thanks!

[1/1] libssh: upgrade 0.10.5 -> 0.10.6
      commit: 1bea2e8c3053e7ecffb04adaaded54555f2afa0b

Best regards,
diff mbox series

Patch

diff --git a/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch b/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch
index 19775fa52..d2d1fb595 100644
--- a/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch
+++ b/meta-oe/recipes-support/libssh/libssh/0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch
@@ -1,4 +1,4 @@ 
-From 0cade4573334571055127a2d4fe3641e2397948d Mon Sep 17 00:00:00 2001
+From 49a8ae4d6f77434ed9f7a601b9df488b921e4a22 Mon Sep 17 00:00:00 2001
 From: Khem Raj <raj.khem@gmail.com>
 Date: Mon, 20 Mar 2023 21:59:19 -0700
 Subject: [PATCH] libgcrypt.c: Fix prototype of des3_encrypt/des3_decrypt
@@ -18,15 +18,16 @@  TOPDIR/build/tmp/work/cortexa15t2hf-neon-yoe-linux-gnueabi/libssh/0.10.4-r0/git/
 Upstream-Status: Pending
 
 Signed-off-by: Khem Raj <raj.khem@gmail.com>
+
 ---
  src/libgcrypt.c | 4 ++--
  1 file changed, 2 insertions(+), 2 deletions(-)
 
 diff --git a/src/libgcrypt.c b/src/libgcrypt.c
-index da5588ad..e482b654 100644
+index f410d997..e3f66781 100644
 --- a/src/libgcrypt.c
 +++ b/src/libgcrypt.c
-@@ -469,12 +469,12 @@ static int des3_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
+@@ -416,12 +416,12 @@ static int des3_set_key(struct ssh_cipher_struct *cipher, void *key, void *IV) {
  }
  
  static void des3_encrypt(struct ssh_cipher_struct *cipher, void *in,
@@ -41,6 +42,3 @@  index da5588ad..e482b654 100644
    gcry_cipher_decrypt(cipher->key[0], out, len, in, len);
  }
  
--- 
-2.40.0
-
diff --git a/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch b/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch
index 0c7f53029..d6bc75c3a 100644
--- a/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch
+++ b/meta-oe/recipes-support/libssh/libssh/0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch
@@ -1,4 +1,4 @@ 
-From d2525ba0bc7b11de12c54ea1a3d1eb862537136d Mon Sep 17 00:00:00 2001
+From 69a89e8f015802f61637fed0d3791d20a594f298 Mon Sep 17 00:00:00 2001
 From: Yi Zhao <yi.zhao@windriver.com>
 Date: Wed, 15 Mar 2023 16:51:58 +0800
 Subject: [PATCH] tests/CMakeLists.txt: do not search ssh/sshd commands on host
@@ -9,12 +9,13 @@  not required by unittests, we can skip the search.
 Upstream-Status: Inappropriate [embedded specific]
 
 Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
+
 ---
  tests/CMakeLists.txt | 2 ++
  1 file changed, 2 insertions(+)
 
 diff --git a/tests/CMakeLists.txt b/tests/CMakeLists.txt
-index 22a36f37..aa32ca2e 100644
+index f5c30061..885c926a 100644
 --- a/tests/CMakeLists.txt
 +++ b/tests/CMakeLists.txt
 @@ -86,6 +86,7 @@ set(TEST_TARGET_LIBRARIES
@@ -25,7 +26,7 @@  index 22a36f37..aa32ca2e 100644
  # OpenSSH Capabilities are required for all unit tests
  find_program(SSH_EXECUTABLE NAMES ssh)
  if (SSH_EXECUTABLE)
-@@ -293,6 +294,7 @@ if (CLIENT_TESTING OR SERVER_TESTING)
+@@ -302,6 +303,7 @@ if (CLIENT_TESTING OR SERVER_TESTING)
  
      message(STATUS "TORTURE_ENVIRONMENT=${TORTURE_ENVIRONMENT}")
  endif ()
@@ -33,6 +34,3 @@  index 22a36f37..aa32ca2e 100644
  
  configure_file(tests_config.h.cmake ${CMAKE_CURRENT_BINARY_DIR}/tests_config.h)
  
--- 
-2.25.1
-
diff --git a/meta-oe/recipes-support/libssh/libssh_0.10.5.bb b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb
similarity index 96%
rename from meta-oe/recipes-support/libssh/libssh_0.10.5.bb
rename to meta-oe/recipes-support/libssh/libssh_0.10.6.bb
index f33987acf..31f29c1b7 100644
--- a/meta-oe/recipes-support/libssh/libssh_0.10.5.bb
+++ b/meta-oe/recipes-support/libssh/libssh_0.10.6.bb
@@ -11,7 +11,7 @@  SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable
            file://0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch \
            file://run-ptest \
           "
-SRCREV = "479eca13aaaa46b43e68c52186e3783f06ae6f34"
+SRCREV = "10e09e273f69e149389b3e0e5d44b8c221c2e7f6"
 
 S = "${WORKDIR}/git"