[walnascar,4/8] openssh: Upgrade 9.9p2 -> 10.0p1

Message ID	f1653e02abc2fe88fa33cb0956e43312c6c2cc25.1747770224.git.steve@sakoman.com
State	Rejected
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.216.42, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][walnascar 4/8] openssh: Upgrade 9.9p2 -> 10.0p1 Date: Tue, 20 May 2025 12:48:11 -0700 Message-ID: <f1653e02abc2fe88fa33cb0956e43312c6c2cc25.1747770224.git.steve@sakoman.com> In-Reply-To: <cover.1747770224.git.steve@sakoman.com> References: <cover.1747770224.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[walnascar,1/8] connman :fix CVE-2025-32366 \| expand [walnascar,1/8] connman :fix CVE-2025-32366 [walnascar,2/8] iputils: Security fix for CVE-2025-47268 [walnascar,3/8] makedumpfile: upgrade 1.7.6 -> 1.7.7 [walnascar,4/8] openssh: Upgrade 9.9p2 -> 10.0p1 [walnascar,5/8] ruby: upgrade 3.4.2 -> 3.4.3 [walnascar,6/8] libxml2: upgrade 2.13.6 -> 2.13.8 [walnascar,7/8] glibc: stable 2.41 branch update [walnascar,8/8] gcc: Fix LDRD register overlap in register-indexed mode

Message ID

f1653e02abc2fe88fa33cb0956e43312c6c2cc25.1747770224.git.steve@sakoman.com

State

Rejected

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][walnascar 4/8] openssh: Upgrade 9.9p2 -> 10.0p1
Date: Tue, 20 May 2025 12:48:11 -0700
Message-ID: 
 <f1653e02abc2fe88fa33cb0956e43312c6c2cc25.1747770224.git.steve@sakoman.com>
In-Reply-To: <cover.1747770224.git.steve@sakoman.com>
References: <cover.1747770224.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[walnascar,1/8] connman :fix CVE-2025-32366 | expand

Commit Message

Steve Sakoman May 20, 2025, 7:48 p.m. UTC

From: Richard Purdie <richard.purdie@linuxfoundation.org>

Fix sshd by ensuring the agent daemon is included.

Internally, this release is versioned as 10.0p2 but upstream don't plan to
change this or re-release.

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 2a4dd93e98ca9e61644213aa00c1cb837fb27316)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...gress-test-exec-use-the-absolute-path-in-the-SSH-e.patch | 6 +++---
 .../openssh/{openssh_9.9p2.bb => openssh_10.0p1.bb}         | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)
 rename meta/recipes-connectivity/openssh/{openssh_9.9p2.bb => openssh_10.0p1.bb} (98%)

Comments

Gyorgy Sarvari May 21, 2025, 6:42 a.m. UTC | #1

Isn't this an overly big version bump for a stable branch? Not that
bothers me personally, just asking.

Alexander Kanavin May 21, 2025, 9:52 a.m. UTC | #2

Yes, it's a new feature release. Should not go to walnascar.

Alex


On Wed, 21 May 2025 at 08:42, Gyorgy Sarvari via
lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org>
wrote:
>
> Isn't this an overly big version bump for a stable branch? Not that
> bothers me personally, just asking.
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#216997): https://lists.openembedded.org/g/openembedded-core/message/216997
> Mute This Topic: https://lists.openembedded.org/mt/113217664/1686489
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>

Steve Sakoman May 21, 2025, 1:33 p.m. UTC | #3

On Wed, May 21, 2025 at 2:52 AM Alexander Kanavin
<alex.kanavin@gmail.com> wrote:
>
> Yes, it's a new feature release. Should not go to walnascar.

My bad!  This was meant to be the "openssh: fix CVE-2025-32728" patch
on the list.

Thanks for reviewing, I really appreciate it.

Steve

> On Wed, 21 May 2025 at 08:42, Gyorgy Sarvari via
> lists.openembedded.org <skandigraun=gmail.com@lists.openembedded.org>
> wrote:
> >
> > Isn't this an overly big version bump for a stable branch? Not that
> > bothers me personally, just asking.
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#216997): https://lists.openembedded.org/g/openembedded-core/message/216997
> > Mute This Topic: https://lists.openembedded.org/mt/113217664/1686489
> > Group Owner: openembedded-core+owner@lists.openembedded.org
> > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [alex.kanavin@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >

diff --git a/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch b/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch
index b90cd2e69d..360b62af34 100644
--- a/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch
+++ b/meta/recipes-connectivity/openssh/openssh/0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch
@@ -1,4 +1,4 @@ 
-From fb762172fb678fe29327b667f8fe7380962a4540 Mon Sep 17 00:00:00 2001
+From 9dcccafe44ea17e972e7cddea205bbe9fe71d8d6 Mon Sep 17 00:00:00 2001
 From: Jose Quaresma <jose.quaresma@foundries.io>
 Date: Mon, 15 Jul 2024 18:43:08 +0100
 Subject: [PATCH] regress/test-exec: use the absolute path in the SSH env
@@ -18,10 +18,10 @@  Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>
  1 file changed, 5 insertions(+)
 
 diff --git a/regress/test-exec.sh b/regress/test-exec.sh
-index 7afc2807..175f554b 100644
+index 8a00c72..2891f27 100644
 --- a/regress/test-exec.sh
 +++ b/regress/test-exec.sh
-@@ -175,6 +175,11 @@ if [ "x$TEST_SSH_OPENSSL" != "x" ]; then
+@@ -179,6 +179,11 @@ if [ "x$TEST_SSH_OPENSSL" != "x" ]; then
  fi
  
  # Path to sshd must be absolute for rexec
diff --git a/meta/recipes-connectivity/openssh/openssh_9.9p2.bb b/meta/recipes-connectivity/openssh/openssh_10.0p1.bb
similarity index 98%
rename from meta/recipes-connectivity/openssh/openssh_9.9p2.bb
rename to meta/recipes-connectivity/openssh/openssh_10.0p1.bb
index 5191725796..a044aec063 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.9p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_10.0p1.bb
@@ -26,7 +26,7 @@  SRC_URI = "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.ta
            file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
            file://0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch \
            "
-SRC_URI[sha256sum] = "91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673"
+SRC_URI[sha256sum] = "021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c"
 
 CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."
 
@@ -197,7 +197,7 @@  FILES:${PN}-scp = "${bindir}/scp.${BPN}"
 FILES:${PN}-ssh = "${bindir}/ssh.${BPN} ${sysconfdir}/ssh/ssh_config"
 FILES:${PN}-sshd = "${sbindir}/sshd ${libexecdir}/sshd-session ${sysconfdir}/init.d/sshd ${systemd_system_unitdir}"
 FILES:${PN}-sshd += "${sysconfdir}/ssh/moduli ${sysconfdir}/ssh/sshd_config ${sysconfdir}/ssh/sshd_config_readonly ${sysconfdir}/default/volatiles/99_sshd ${sysconfdir}/pam.d/sshd"
-FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys"
+FILES:${PN}-sshd += "${libexecdir}/${BPN}/sshd_check_keys ${libexecdir}/sshd-auth"
 FILES:${PN}-sftp = "${bindir}/sftp"
 FILES:${PN}-sftp-server = "${libexecdir}/sftp-server"
 FILES:${PN}-misc = "${bindir}/ssh* ${libexecdir}/ssh*"

[walnascar,4/8] openssh: Upgrade 9.9p2 -> 10.0p1

Commit Message

Comments

Patch