[OE-core][PATCH v2] openssh: upgrade 9.9p2 -> 10.0p1

[OE-core][PATCH v2] openssh: upgrade 9.9p2 -> 10.0p1

[vanusuri]

From: Vijay Anusuri <vanusuri@mvista.com>

Includes fix for CVE-2025-32728

Release Notes: https://www.openssh.com/txt/release-10.0

LINK: https://www.openwall.com/lists/oss-security/2025/04/09/6

Regarding the Portable OpenSSH 10.0 release:

Due to an error in the release process, the recent Portable OpenSSH
release identifies itself as 10.0p2 rather than the intended 10.0p1.

We do not intend to make a new release to fix this mistake. This
portable OpenSSH release will henceforth be knows as 10.0p2 and no
release numbered 10.0p1 will be made.

Sorry for the confusion,
Damien Miller

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
 .../openssh/{openssh_9.9p2.bb => openssh_10.0p1.bb}             | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 rename meta/recipes-connectivity/openssh/{openssh_9.9p2.bb => openssh_10.0p1.bb} (99%)

diff --git a/meta/recipes-connectivity/openssh/openssh_9.9p2.bb b/meta/recipes-connectivity/openssh/openssh_10.0p1.bb
similarity index 99%
rename from meta/recipes-connectivity/openssh/openssh_9.9p2.bb
rename to meta/recipes-connectivity/openssh/openssh_10.0p1.bb
index 5191725796..21e1e50759 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.9p2.bb
+++ b/meta/recipes-connectivity/openssh/openssh_10.0p1.bb
@@ -26,7 +26,7 @@ SRC_URI = "https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.ta
            file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \
            file://0001-regress-test-exec-use-the-absolute-path-in-the-SSH-e.patch \
            "
-SRC_URI[sha256sum] = "91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673"
+SRC_URI[sha256sum] = "021a2e709a0edf4250b1256bd5a9e500411a90dddabea830ed59cef90eb9d85c"
 
 CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."
 
-- 
2.25.1

Re: [OE-core][PATCH v2] openssh: upgrade 9.9p2 -> 10.0p1

[Mathieu Dubois-Briand]

On Sat Apr 12, 2025 at 5:47 AM CEST, Vijay Anusuri via lists.openembedded.org wrote:
> From: Vijay Anusuri <vanusuri@mvista.com>
>
> Includes fix for CVE-2025-32728
>
> Release Notes: https://www.openssh.com/txt/release-10.0
>
> LINK: https://www.openwall.com/lists/oss-security/2025/04/09/6
>
> Regarding the Portable OpenSSH 10.0 release:
>
> Due to an error in the release process, the recent Portable OpenSSH
> release identifies itself as 10.0p2 rather than the intended 10.0p1.
>
> We do not intend to make a new release to fix this mistake. This
> portable OpenSSH release will henceforth be knows as 10.0p2 and no
> release numbered 10.0p1 will be made.
>
> Sorry for the confusion,
> Damien Miller
>
> Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
> ---

Hi Vijay,

Thanks for your patch.

It looks like this is causing some issues on the autobuilder:

Test case logrotate.LogrotateTest.test_logrotate_newlog depends on logrotate.LogrotateTest.test_logrotate_wtmp but it didn't pass/run.
Traceback (most recent call last):
  File "/srv/pokybuild/yocto-worker/no-x11/build/meta/lib/oeqa/core/decorator/__init__.py", line 35, in wrapped_f
    return func(*args, **kwargs)
  File "/srv/pokybuild/yocto-worker/no-x11/build/meta/lib/oeqa/core/decorator/__init__.py", line 35, in wrapped_f
    return func(*args, **kwargs)
  File "/srv/pokybuild/yocto-worker/no-x11/build/meta/lib/oeqa/runtime/cases/ssh.py", line 38, in test_ssh
    self.fail("ssh failed with \"%s\" (exit code %s)" % (output, status))
    ~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
AssertionError: ssh failed with "ssh: connect to host 192.168.7.4 port 22: Connection refused" (exit code 255)

https://autobuilder.yoctoproject.org/valkyrie/#/builders/25/builds/1381

Yet I believe I saw it working at some point. I will drop it from my
branch and try to investigate this a bit later.

-- 
Mathieu Dubois-Briand, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com