From f31ba2c5ee9bd8414471f36ca1918ca769eb5a80 Mon Sep 17 00:00:00 2001 From: Adolf Belka Date: Fri, 4 Jul 2025 12:14:36 +0200 Subject: [PATCH] libssh: Update to version 0.11.2 - Update from version 0.11.1 to 0.11.2 - Update of rootfile - Changelog 0.11.2 * Security: * CVE-2025-4877 - Write beyond bounds in binary to base64 conversion * CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file() * CVE-2025-5318 - Likely read beyond bounds in sftp server handle management * CVE-2025-5351 - Double free in functions exporting keys * CVE-2025-5372 - ssh_kdf() returns a success code on certain failures * CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding * CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL * Compatibility * Fixed compatibility with CPM.cmake * Compatibility with OpenSSH 10.0 * Tests compatibility with new Dropbear releases * Removed p11-kit remoting from the pkcs11 testsuite * Bugfixes * Implement missing packet filter for DH GEX * Properly process the SSH2_MSG_DEBUG message * Allow escaping quotes in quoted arguments to ssh configuration * Do not fail with unknown match keywords in ssh configuration * Process packets before selecting signature algorithm during authentication * Do not fail hard when the SFTP status message is not sent by noncompliant servers Signed-off-by: Adolf Belka Signed-off-by: Michael Tremer --- config/rootfiles/common/libssh | 2 +- lfs/libssh | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/libssh b/config/rootfiles/common/libssh index 5b0c59fbd..77dfc71cf 100644 --- a/config/rootfiles/common/libssh +++ b/config/rootfiles/common/libssh @@ -14,5 +14,5 @@ #usr/lib/cmake/libssh/libssh-config.cmake #usr/lib/libssh.so usr/lib/libssh.so.4 -usr/lib/libssh.so.4.10.1 +usr/lib/libssh.so.4.10.2 #usr/lib/pkgconfig/libssh.pc diff --git a/lfs/libssh b/lfs/libssh index d7b956aa6..80eaa0219 100644 --- a/lfs/libssh +++ b/lfs/libssh @@ -24,7 +24,7 @@ include Config -VER = 0.11.1 +VER = 0.11.2 THISAPP = libssh-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 87079b4eaf66ceb77803b3d854f847b3f3fb6a67ac3bfa756ebcf8f06bf2b313e976044e0a1d81227fb5278fb04bc56f1a82877d14a6ee76bec0c690b14f38a7 +$(DL_FILE)_BLAKE2 = 7f4a97b2027e386f5bfd308b1aac1938484722d4d1bb55ce0fa2de8358bedea47955df1cb4e68679033d1a5538058422770872f2f6513a82199ff506eccfad0e install : $(TARGET) @@ -72,7 +72,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) -mkdir -pv $(DIR_APP)/build cd $(DIR_APP)/build && cmake .. \ - -DCMAKE_INSTALL_PREFIX=/usr + -DCMAKE_INSTALL_PREFIX=/usr cd $(DIR_APP)/build && make $(MAKETUNING) cd $(DIR_APP)/build && make install @rm -rf $(DIR_APP) -- 2.47.3