From 9597d5ec8e9a021f674ccd97828c843977934e51 Mon Sep 17 00:00:00 2001 From: Fabrice Fontaine Date: Sat, 26 Feb 2022 00:18:16 +0100 Subject: [PATCH] package/openssh: security bump to version 8.9p1 Security Near Miss ================== * sshd(8): fix an integer overflow in the user authentication path that, in conjunction with other logic errors, could have yielded unauthenticated access under difficult to exploit conditions. This situation is not exploitable because of independent checks in the privilege separation monitor. Privilege separation has been enabled by default in since openssh-3.2.2 (released in 2002) and has been mandatory since openssh-7.5 (released in 2017). Moreover, portable OpenSSH has used toolchain features available in most modern compilers to abort on signed integer overflow since openssh-6.5 (released in 2014). Update license (md5crypt removed, bcrypt relicensed to BSD-3-Clause: https://github.com/openssh/openssh-portable/commit/a5ab4882348d26addc9830a44e053238dfa2cb58 https://github.com/openssh/openssh-portable/commit/158bf854e2a22cf09064305f4a4e442670562685 https://github.com/openssh/openssh-portable/commit/c0459588b8d00b73e506c6095958ecfe62a4a7ba) https://www.openssh.com/txt/release-8.9 Signed-off-by: Fabrice Fontaine Signed-off-by: Peter Korsgaard --- package/openssh/openssh.hash | 6 +++--- package/openssh/openssh.mk | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/package/openssh/openssh.hash b/package/openssh/openssh.hash index aab3dba09c..dd123c1bb6 100644 --- a/package/openssh/openssh.hash +++ b/package/openssh/openssh.hash @@ -1,4 +1,4 @@ -# From https://www.openssh.com/txt/release-8.8 (base64 encoded) -sha256 4590890ea9bb9ace4f71ae331785a3a5823232435161960ed5fc86588f331fe9 openssh-8.8p1.tar.gz +# From https://www.openssh.com/txt/release-8.9 (base64 encoded) +sha256 fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7 openssh-8.9p1.tar.gz # Locally calculated -sha256 432abf7480fb31473a6706627212913fc70032e3fb71b90fecb28ae26a2d741d LICENCE +sha256 d6807e99f3d159145c659060f57c3fa74e109faa39326dbfc38674cb550fd104 LICENCE diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk index 4145bfd8dc..0e0d59e6ab 100644 --- a/package/openssh/openssh.mk +++ b/package/openssh/openssh.mk @@ -4,13 +4,13 @@ # ################################################################################ -OPENSSH_VERSION_MAJOR = 8.8 +OPENSSH_VERSION_MAJOR = 8.9 OPENSSH_VERSION_MINOR = p1 OPENSSH_VERSION = $(OPENSSH_VERSION_MAJOR)$(OPENSSH_VERSION_MINOR) OPENSSH_CPE_ID_VERSION = $(OPENSSH_VERSION_MAJOR) OPENSSH_CPE_ID_UPDATE = $(OPENSSH_VERSION_MINOR) OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable -OPENSSH_LICENSE = BSD-4-Clause, BSD-3-Clause, BSD-2-Clause, Public Domain +OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain OPENSSH_LICENSE_FILES = LICENCE OPENSSH_CONF_ENV = \ LD="$(TARGET_CC)" \