| Message ID | 20240131115809.355760-1-hprajapati@mvista.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-oe,kirkstone] libssh: upgrade 0.8.9 -> 0.10.4 | expand |
On 1/31/24 6:58 AM, Hitendra Prajapati via lists.openembedded.org wrote: > ChangeLog: > https://git.libssh.org/projects/libssh.git/tree/CHANGELOG?h=libssh-0.10.4 This is a major version jump and include new APIS. This update is inappropriate for a stable branch. - Armin > > The "CVE-2020-16135.patch" is no longer needed as it's included in this upgrade. > > Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> > --- > .../libssh/libssh/CVE-2020-16135.patch | 44 ------------------- > .../{libssh_0.8.9.bb => libssh_0.10.4.bb} | 16 ++----- > 2 files changed, 3 insertions(+), 57 deletions(-) > delete mode 100644 meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch > rename meta-oe/recipes-support/libssh/{libssh_0.8.9.bb => libssh_0.10.4.bb} (62%) > > diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch > deleted file mode 100644 > index 63b78688dd..0000000000 > --- a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch > +++ /dev/null > @@ -1,44 +0,0 @@ > -From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001 > -From: Andreas Schneider <asn@cryptomilk.org> > -Date: Wed, 3 Jun 2020 10:04:09 +0200 > -Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new() > - > -Add a missing NULL check for the pointer returned by ssh_buffer_new() in > -sftpserver.c. > - > -Thanks to Ramin Farajpour Cami for spotting this. > - > -Fixes T232 > - > -Signed-off-by: Andreas Schneider <asn@cryptomilk.org> > -Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> > -Reviewed-by: Jakub Jelen <jjelen@redhat.com> > -(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53) > - > -Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3748ca69bde5651f20e72761058c] > -CVE: CVE-2020-16135 > -Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> > ---- > - src/sftpserver.c | 6 ++++++ > - 1 file changed, 6 insertions(+) > - > -diff --git a/src/sftpserver.c b/src/sftpserver.c > -index 1717aa417..1af8a0e76 100644 > ---- a/src/sftpserver.c > -+++ b/src/sftpserver.c > -@@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { > - > - /* take a copy of the whole packet */ > - msg->complete_message = ssh_buffer_new(); > -+ if (msg->complete_message == NULL) { > -+ ssh_set_error_oom(session); > -+ sftp_client_message_free(msg); > -+ return NULL; > -+ } > -+ > - ssh_buffer_add_data(msg->complete_message, > - ssh_buffer_get(payload), > - ssh_buffer_get_len(payload)); > --- > -2.25.1 > - > diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb > similarity index 62% > rename from meta-oe/recipes-support/libssh/libssh_0.8.9.bb > rename to meta-oe/recipes-support/libssh/libssh_0.10.4.bb > index 061f13912f..3a57a728a1 100644 > --- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb > +++ b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb > @@ -6,10 +6,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0" > > DEPENDS = "zlib openssl" > > -SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8 \ > - file://CVE-2020-16135.patch \ > - " > -SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8" > +SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.10" > +SRCREV = "e8322817a9e5aaef0698d779ddd467a209a85d85" > > S = "${WORKDIR}/git" > > @@ -25,15 +23,7 @@ EXTRA_OECMAKE = " \ > -DWITH_PCAP=1 \ > -DWITH_SFTP=1 \ > -DWITH_ZLIB=1 \ > - -DLIB_SUFFIX=${@d.getVar('baselib').replace('lib', '')} \ > + -DWITH_EXAMPLES=0 \ > " > > -do_configure:prepend () { > - # Disable building of examples > - sed -i -e '/add_subdirectory(examples)/s/^/#DONOTWANT/' ${S}/CMakeLists.txt \ > - || bbfatal "Failed to disable examples" > -} > - > -TOOLCHAIN = "gcc" > - > BBCLASSEXTEND = "native nativesdk" > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#108506): https://lists.openembedded.org/g/openembedded-devel/message/108506 > Mute This Topic: https://lists.openembedded.org/mt/104073273/3616698 > Group Owner: openembedded-devel+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [akuster808@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch b/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch deleted file mode 100644 index 63b78688dd..0000000000 --- a/meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 0a9268a60f2d3748ca69bde5651f20e72761058c Mon Sep 17 00:00:00 2001 -From: Andreas Schneider <asn@cryptomilk.org> -Date: Wed, 3 Jun 2020 10:04:09 +0200 -Subject: CVE-2020-16135: Add missing NULL check for ssh_buffer_new() - -Add a missing NULL check for the pointer returned by ssh_buffer_new() in -sftpserver.c. - -Thanks to Ramin Farajpour Cami for spotting this. - -Fixes T232 - -Signed-off-by: Andreas Schneider <asn@cryptomilk.org> -Reviewed-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> -Reviewed-by: Jakub Jelen <jjelen@redhat.com> -(cherry picked from commit 533d881b0f4b24c72b35ecc97fa35d295d063e53) - -Upstream-Status: Backport [https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3748ca69bde5651f20e72761058c] -CVE: CVE-2020-16135 -Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> ---- - src/sftpserver.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/src/sftpserver.c b/src/sftpserver.c -index 1717aa417..1af8a0e76 100644 ---- a/src/sftpserver.c -+++ b/src/sftpserver.c -@@ -64,6 +64,12 @@ sftp_client_message sftp_get_client_message(sftp_session sftp) { - - /* take a copy of the whole packet */ - msg->complete_message = ssh_buffer_new(); -+ if (msg->complete_message == NULL) { -+ ssh_set_error_oom(session); -+ sftp_client_message_free(msg); -+ return NULL; -+ } -+ - ssh_buffer_add_data(msg->complete_message, - ssh_buffer_get(payload), - ssh_buffer_get_len(payload)); --- -2.25.1 - diff --git a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb similarity index 62% rename from meta-oe/recipes-support/libssh/libssh_0.8.9.bb rename to meta-oe/recipes-support/libssh/libssh_0.10.4.bb index 061f13912f..3a57a728a1 100644 --- a/meta-oe/recipes-support/libssh/libssh_0.8.9.bb +++ b/meta-oe/recipes-support/libssh/libssh_0.10.4.bb @@ -6,10 +6,8 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0" DEPENDS = "zlib openssl" -SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.8 \ - file://CVE-2020-16135.patch \ - " -SRCREV = "04685a74df9ce1db1bc116a83a0da78b4f4fa1f8" +SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.10" +SRCREV = "e8322817a9e5aaef0698d779ddd467a209a85d85" S = "${WORKDIR}/git" @@ -25,15 +23,7 @@ EXTRA_OECMAKE = " \ -DWITH_PCAP=1 \ -DWITH_SFTP=1 \ -DWITH_ZLIB=1 \ - -DLIB_SUFFIX=${@d.getVar('baselib').replace('lib', '')} \ + -DWITH_EXAMPLES=0 \ " -do_configure:prepend () { - # Disable building of examples - sed -i -e '/add_subdirectory(examples)/s/^/#DONOTWANT/' ${S}/CMakeLists.txt \ - || bbfatal "Failed to disable examples" -} - -TOOLCHAIN = "gcc" - BBCLASSEXTEND = "native nativesdk"
ChangeLog: https://git.libssh.org/projects/libssh.git/tree/CHANGELOG?h=libssh-0.10.4 The "CVE-2020-16135.patch" is no longer needed as it's included in this upgrade. Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> --- .../libssh/libssh/CVE-2020-16135.patch | 44 ------------------- .../{libssh_0.8.9.bb => libssh_0.10.4.bb} | 16 ++----- 2 files changed, 3 insertions(+), 57 deletions(-) delete mode 100644 meta-oe/recipes-support/libssh/libssh/CVE-2020-16135.patch rename meta-oe/recipes-support/libssh/{libssh_0.8.9.bb => libssh_0.10.4.bb} (62%)