[master] openssh: upgrade 9.2p1 -> 9.3p1

Message ID	20230327083620.106257-1-sdoshi@mvista.com
State	Accepted, archived
Commit	ca4b4165f388a8b8bb80c120a2baef00e7e3bcac
Headers	show Return-Path: <sdoshi@mvista.com> ip: 209.85.214.182, mailfrom: sdoshi@mvista.com) From: Siddharth <sdoshi@mvista.com> To: openembedded-core@lists.openembedded.org Cc: Siddharth Doshi <sdoshi@mvista.com> Subject: [OE-core][master][PATCH] openssh: upgrade 9.2p1 -> 9.3p1 Date: Mon, 27 Mar 2023 14:06:20 +0530 Message-Id: <20230327083620.106257-1-sdoshi@mvista.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[master] openssh: upgrade 9.2p1 -> 9.3p1 \| expand [master] openssh: upgrade 9.2p1 -> 9.3p1

Message ID

20230327083620.106257-1-sdoshi@mvista.com

State

Accepted, archived

Commit

ca4b4165f388a8b8bb80c120a2baef00e7e3bcac

Headers

From: Siddharth <sdoshi@mvista.com>
To: openembedded-core@lists.openembedded.org
Cc: Siddharth Doshi <sdoshi@mvista.com>
Subject: [OE-core][master][PATCH] openssh: upgrade 9.2p1 -> 9.3p1
Date: Mon, 27 Mar 2023 14:06:20 +0530
Message-Id: <20230327083620.106257-1-sdoshi@mvista.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[master] openssh: upgrade 9.2p1 -> 9.3p1 | expand

Commit Message

Siddharth March 27, 2023, 8:36 a.m. UTC

From: Siddharth Doshi <sdoshi@mvista.com>

OpenSSH 9.3p1 fixes 1 HIGH level security vulnerability.

Upgrade the recipe to point to 9.3p1.

CVEs Fixed:
1) CVE-2023-28531
- ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.

Signed-off-by: Siddharth Doshi <sdoshi@mvista.com>
---
 .../openssh/{openssh_9.2p1.bb => openssh_9.3p1.bb}              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssh/{openssh_9.2p1.bb => openssh_9.3p1.bb} (98%)

diff --git a/meta/recipes-connectivity/openssh/openssh_9.2p1.bb b/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
similarity index 98%
rename from meta/recipes-connectivity/openssh/openssh_9.2p1.bb
rename to meta/recipes-connectivity/openssh/openssh_9.3p1.bb
index 4666237d68..d3dedd1a5a 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.2p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
@@ -25,7 +25,7 @@  SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://sshd_check_keys \
            file://add-test-support-for-busybox.patch \
            "
-SRC_URI[sha256sum] = "3f66dbf1655fb45f50e1c56da62ab01218c228807b21338d634ebcdf9d71cf46"
+SRC_URI[sha256sum] = "e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8"
 
 # This CVE is specific to OpenSSH with the pam opie which we don't build/use here
 CVE_CHECK_IGNORE += "CVE-2007-2768"

[master] openssh: upgrade 9.2p1 -> 9.3p1

Commit Message

Patch