From ac8a50c92de1e70296103c6388508a9cbdf1cb01 Mon Sep 17 00:00:00 2001 From: Wang Mingyu Date: Mon, 7 Jul 2025 17:06:35 +0800 Subject: [PATCH] libssh: upgrade 0.11.1 -> 0.11.2 * Security: * CVE-2025-4877 - Write beyond bounds in binary to base64 conversion * CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file() * CVE-2025-5318 - Likely read beyond bounds in sftp server handle management * CVE-2025-5351 - Double free in functions exporting keys * CVE-2025-5372 - ssh_kdf() returns a success code on certain failures * CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding * CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL * Compatibility * Fixed compatibility with CPM.cmake * Compatibility with OpenSSH 10.0 * Tests compatibility with new Dropbear releases * Removed p11-kit remoting from the pkcs11 testsuite * Bugfixes * Implement missing packet filter for DH GEX * Properly process the SSH2_MSG_DEBUG message * Allow escaping quotes in quoted arguments to ssh configuration * Do not fail with unknown match keywords in ssh configuration * Process packets before selecting signature algorithm during authentication * Do not fail hard when the SFTP status message is not sent by noncompliant servers Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj --- .../libssh/{libssh_0.11.1.bb => libssh_0.11.2.bb} | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) rename meta-oe/recipes-support/libssh/{libssh_0.11.1.bb => libssh_0.11.2.bb} (94%) diff --git a/meta-oe/recipes-support/libssh/libssh_0.11.1.bb b/meta-oe/recipes-support/libssh/libssh_0.11.2.bb similarity index 94% rename from meta-oe/recipes-support/libssh/libssh_0.11.1.bb rename to meta-oe/recipes-support/libssh/libssh_0.11.2.bb index bb2b0dc466..b50177ab9d 100644 --- a/meta-oe/recipes-support/libssh/libssh_0.11.1.bb +++ b/meta-oe/recipes-support/libssh/libssh_0.11.2.bb @@ -6,14 +6,14 @@ LIC_FILES_CHKSUM = "file://COPYING;md5=dabb4958b830e5df11d2b0ed8ea255a0" DEPENDS = "zlib openssl" -SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.11 \ +SRC_URI = "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.11;tag=${BPN}-${PV} \ file://0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch \ file://run-ptest \ " SRC_URI:append:toolchain-clang = " file://0001-CompilerChecks.cmake-drop-Wunused-variable-flag.patch" -SRCREV = "854795c654eda518ed6de6c1ebb4e2107fcb2e73" +SRCREV = "dff6c0821ed54f6fbf5b755af43f54cbb723b1b1" inherit cmake ptest