[Buildroot] [git commit] package/openssh: security bump to version 9.6p1

[Buildroot] [git commit] package/openssh: security bump to version 9.6p1

[Peter Korsgaard]

commit: https://git.buildroot.net/buildroot/commit/?id=3c047ea463e27ceaafde76d64406862c3322daa0
branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master

OpenSSH 9.6 was released on 2023-12-18.

This release contains fixes for a newly-discovered weakness in the
SSH transport protocol (the "Terrapin" attack), a logic error relating
to constrained PKCS#11 keys in ssh-agent(1) and countermeasures for
programs that invoke ssh(1) with user or hostnames containing invalid
characters.

https://www.openssh.com/txt/release-9.6

Signed-off-by: Christian Stewart <christian@aperture.us>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
---
 package/openssh/openssh.hash | 2 +-
 package/openssh/openssh.mk   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/openssh/openssh.hash b/package/openssh/openssh.hash
index 4060b95e9b..618b13133d 100644
--- a/package/openssh/openssh.hash
+++ b/package/openssh/openssh.hash
@@ -1,4 +1,4 @@
 # From https://www.openssh.com/txt/release-9.4p1
-sha256  3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85  openssh-9.4p1.tar.gz
+sha256  910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c  openssh-9.6p1.tar.gz
 # Locally calculated
 sha256  05c30446ba738934b3f1efa965b454c122ca26cc4b268e5ae6843f58ccd1b16d  LICENCE
diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index 358ef42b6e..ec9e6613b0 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENSSH_VERSION_MAJOR = 9.4
+OPENSSH_VERSION_MAJOR = 9.6
 OPENSSH_VERSION_MINOR = p1
 OPENSSH_VERSION = $(OPENSSH_VERSION_MAJOR)$(OPENSSH_VERSION_MINOR)
 OPENSSH_CPE_ID_VERSION = $(OPENSSH_VERSION_MAJOR)
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot

Re: [Buildroot] [git commit] package/openssh: security bump to version 9.6p1

[Peter Seiderer via buildroot]

Hello *,

On Wed, 20 Dec 2023 11:42:06 +0100, Peter Korsgaard <peter@korsgaard.com> wrote:

> commit: https://git.buildroot.net/buildroot/commit/?id=3c047ea463e27ceaafde76d64406862c3322daa0
> branch: https://git.buildroot.net/buildroot/commit/?id=refs/heads/master
> 
> OpenSSH 9.6 was released on 2023-12-18.
> 
> This release contains fixes for a newly-discovered weakness in the
> SSH transport protocol (the "Terrapin" attack), a logic error relating
> to constrained PKCS#11 keys in ssh-agent(1) and countermeasures for
> programs that invoke ssh(1) with user or hostnames containing invalid
> characters.
> 
> https://www.openssh.com/txt/release-9.6
> 
> Signed-off-by: Christian Stewart <christian@aperture.us>
> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
> ---
>  package/openssh/openssh.hash | 2 +-
>  package/openssh/openssh.mk   | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/package/openssh/openssh.hash b/package/openssh/openssh.hash
> index 4060b95e9b..618b13133d 100644
> --- a/package/openssh/openssh.hash
> +++ b/package/openssh/openssh.hash
> @@ -1,4 +1,4 @@
>  # From https://www.openssh.com/txt/release-9.4p1
> -sha256  3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85  openssh-9.4p1.tar.gz
> +sha256  910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c  openssh-9.6p1.tar.gz

Comment/URL does not longer match with the version...., but:

- 0eb397d30e package/openssh: bump to version 9.4p1

  -# From https://www.openssh.com/txt/release-9.3p2
  -sha256  200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8  openssh-9.3p2.tar.gz
  +# From https://www.openssh.com/txt/release-9.4p1
  +sha256  3608fd9088db2163ceb3e600c85ab79d0de3d221e59192ea1923e23263866a85  openssh-9.4p1.tar.gz

	$ wget https://www.openssh.com/txt/release-9.3p2
	[...]
	2023-12-21 17:06:05 (17,0 KB/s) - ‘release-9.3p2.3’ saved [2592/2592]

	$ wget https://www.openssh.com/txt/release-9.4.p1
	--2023-12-21 17:05:50--  https://www.openssh.com/txt/release-9.4.p1
	Resolving www.openssh.com (www.openssh.com)... 2620:3d:c000:178::80, 199.185.178.80
	Connecting to www.openssh.com (www.openssh.com)|2620:3d:c000:178::80|:443... connected.
	HTTP request sent, awaiting response... 404 Not Found
	2023-12-21 17:05:51 ERROR 404: Not Found.

So 'https://www.openssh.com/txt/release-9.4.p1' seems already incorrect, for the current
release 'https://www.openssh.com/txt/release-9.6' is the correct/working URL...

Regards,
Peter


>  # Locally calculated
>  sha256  05c30446ba738934b3f1efa965b454c122ca26cc4b268e5ae6843f58ccd1b16d  LICENCE
> diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
> index 358ef42b6e..ec9e6613b0 100644
> --- a/package/openssh/openssh.mk
> +++ b/package/openssh/openssh.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -OPENSSH_VERSION_MAJOR = 9.4
> +OPENSSH_VERSION_MAJOR = 9.6
>  OPENSSH_VERSION_MINOR = p1
>  OPENSSH_VERSION = $(OPENSSH_VERSION_MAJOR)$(OPENSSH_VERSION_MINOR)
>  OPENSSH_CPE_ID_VERSION = $(OPENSSH_VERSION_MAJOR)
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot

_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot