openssh: upgrade to 9.3p2

9795c401 (tag: V_9_3_P2) OpenSSH 9.3p2
bde3635f update version in README
f673f2f3 update RPM spec versions
d7790cdc disallow remote addition of FIDO/PKCS11 keys
b23fe83f terminate pkcs11 process for bad libraries

This includes the fix for CVE-2023-38408.

Signed-off-by: Ross Burton <ross.burton@arm.com>

diff --git a/meta/recipes-connectivity/openssh/openssh_9.3p1.bb b/meta/recipes-connectivity/openssh/openssh_9.3p2.bb
similarity index 98%
rename from meta/recipes-connectivity/openssh/openssh_9.3p1.bb
rename to meta/recipes-connectivity/openssh/openssh_9.3p2.bb
index 3edc123b9a3aa16ff3dbb7f2f7ee3d5c18443335..5fb2dccdfc816596d788c2f476690cdd82fe160d 100644 (file)
--- a/meta/recipes-connectivity/openssh/openssh_9.3p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.3p2.bb
@@ -26,7 +26,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
            file://add-test-support-for-busybox.patch \
            file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
            "
-SRC_URI[sha256sum] = "e9baba7701a76a51f3d85a62c383a3c9dcd97fa900b859bc7db114c1868af8a8"
+SRC_URI[sha256sum] = "200ebe147f6cb3f101fd0cdf9e02442af7ddca298dffd9f456878e7ccac676e8"
 
 CVE_STATUS[CVE-2007-2768] = "not-applicable-config: This CVE is specific to OpenSSH with the pam opie which we don't build/use here."