openssh: upgrade 9.9p2 -> 10.0p1

From: Vijay Anusuri <vanusuri@mvista.com>

Includes fix for CVE-2025-32728

Release Notes: https://www.openssh.com/txt/release-10.0

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 .../openssh/{openssh_9.9p2.bb => openssh_10.0p1.bb}             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssh/{openssh_9.9p2.bb => openssh_10.0p1.bb} (99%)

Le ven. 11 avr. 2025 à 11:35, Vijay Anusuri via lists.openembedded.org
<vanusuri=mvista.com@lists.openembedded.org> a écrit :

> From: Vijay Anusuri <vanusuri@mvista.com>
>
> Includes fix for CVE-2025-32728
>
> Release Notes: https://www.openssh.com/txt/release-10.0


There was a mishap in the release process:
https://www.openwall.com/lists/oss-security/2025/04/09/6

This version will present itself as 10.0p2 (see version.h in sources)

I don't know if we need to handle this particularly in the recipe but can
you mention this is the commit message to avoid an eventual confusion?

Thanks!


> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> ---
>  .../openssh/{openssh_9.9p2.bb => openssh_10.0p1.bb}             | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>  rename meta/recipes-connectivity/openssh/{openssh_9.9p2.bb =>
> openssh_10.0p1.bb} (99%)
>
> diff --git a/meta/recipes-connectivity/openssh/openssh_9.9p2.bb
> b/meta/recipes-connectivity/openssh/openssh_10.0p1.bb
> similarity index 99%
> rename from meta/recipes-connectivity/openssh/openssh_9.9p2.bb
> rename to meta/recipes-connectivity/openssh/openssh_10.0p1.bb
> index 5191725796..21e1e50759 100644
> --- a/meta/recipes-connectivity/openssh/openssh_9.9p2.bb
> +++ b/meta/recipes-connectivity/openssh/openssh_10.0p1.bb
> @@ -26,7 +26,7 @@ SRC_URI = "
> https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.ta
>
> file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
>
> file://0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch \
>             "
> -SRC_URI[sha256sum] =
> "91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673"
> +SRC_URI[sha256sum] =
> "021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c"
>
>  CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific
> to OpenSSH with the pam opie which we don't build/use here."
>
> --
> 2.25.1
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#214721):
> https://lists.openembedded.org/g/openembedded-core/message/214721
> Mute This Topic: https://lists.openembedded.org/mt/112207287/4316185
> Group Owner: openembedded-core+owner@lists.openembedded.org
> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
> yoann.congal@smile.fr]
> -=-=-=-=-=-=-=-=-=-=-=-
>
>

Thanks Yoann for letting me know.

As per https://www.openwall.com/lists/oss-security/2025/04/09/6 , they  do
not intend to make a new release to fix this mistake. They released tarball
with the name openssh-10.0p1.tar.gz
<https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-10.0p1.tar.gz>
.

I will update about this in the commit message and send a v2 patch.

Thanks & Regards,
Vijay



On Fri, Apr 11, 2025 at 3:21 PM Yoann Congal <yoann.congal@smile.fr> wrote:

>
>
> Le ven. 11 avr. 2025 à 11:35, Vijay Anusuri via lists.openembedded.org
> <vanusuri=mvista.com@lists.openembedded.org> a écrit :
>
>> From: Vijay Anusuri <vanusuri@mvista.com>
>>
>> Includes fix for CVE-2025-32728
>>
>> Release Notes: https://www.openssh.com/txt/release-10.0
>
>
> There was a mishap in the release process:
> https://www.openwall.com/lists/oss-security/2025/04/09/6
>
> This version will present itself as 10.0p2 (see version.h in sources)
>
> I don't know if we need to handle this particularly in the recipe but can
> you mention this is the commit message to avoid an eventual confusion?
>
> Thanks!
>
>
>> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
>> ---
>>  .../openssh/{openssh_9.9p2.bb => openssh_10.0p1.bb}             | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>  rename meta/recipes-connectivity/openssh/{openssh_9.9p2.bb =>
>> openssh_10.0p1.bb} (99%)
>>
>> diff --git a/meta/recipes-connectivity/openssh/openssh_9.9p2.bb
>> b/meta/recipes-connectivity/openssh/openssh_10.0p1.bb
>> similarity index 99%
>> rename from meta/recipes-connectivity/openssh/openssh_9.9p2.bb
>> rename to meta/recipes-connectivity/openssh/openssh_10.0p1.bb
>> index 5191725796..21e1e50759 100644
>> --- a/meta/recipes-connectivity/openssh/openssh_9.9p2.bb
>> +++ b/meta/recipes-connectivity/openssh/openssh_10.0p1.bb
>> @@ -26,7 +26,7 @@ SRC_URI = "
>> https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.ta
>>
>> file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
>>
>> file://0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch \
>>             "
>> -SRC_URI[sha256sum] =
>> "91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673"
>> +SRC_URI[sha256sum] =
>> "021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c"
>>
>>  CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific
>> to OpenSSH with the pam opie which we don't build/use here."
>>
>> --
>> 2.25.1
>>
>>
>> -=-=-=-=-=-=-=-=-=-=-=-
>> Links: You receive all messages sent to this group.
>> View/Reply Online (#214721):
>> https://lists.openembedded.org/g/openembedded-core/message/214721
>> Mute This Topic: https://lists.openembedded.org/mt/112207287/4316185
>> Group Owner: openembedded-core+owner@lists.openembedded.org
>> Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [
>> yoann.congal@smile.fr]
>> -=-=-=-=-=-=-=-=-=-=-=-
>>
>>
>
> --
> Yoann Congal
> Smile ECS
>