From patchwork Fri Jul 4 10:14:36 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Adolf Belka X-Patchwork-Id: 8886 Return-Path: Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by web04.haj.ipfire.org (Postfix) with ESMTPS id 4bYTzW6sYKz3wnD for ; Fri, 4 Jul 2025 10:15:35 +0000 (UTC) Received: from mail02.haj.ipfire.org (mail02.haj.ipfire.org [172.28.1.201]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) client-signature ECDSA (secp384r1)) (Client CN "mail02.haj.ipfire.org", Issuer "E6" (verified OK)) by mail01.ipfire.org (Postfix) with ESMTPS id 4bYTz801Gzz7PL for ; Fri, 4 Jul 2025 10:15:15 +0000 (UTC) Received: from mail02.haj.ipfire.org (localhost [127.0.0.1]) by mail02.haj.ipfire.org (Postfix) with ESMTP id 4bYTyz1pb0z37HN for ; Fri, 4 Jul 2025 10:15:07 +0000 (UTC) X-Original-To: development@lists.ipfire.org Received: from mail01.ipfire.org (mail01.haj.ipfire.org [172.28.1.202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) client-signature RSA-PSS (4096 bits)) (Client CN "mail01.haj.ipfire.org", Issuer "R11" (verified OK)) by mail02.haj.ipfire.org (Postfix) with ESMTPS id 4bYTyv5lHQz34Rh for ; Fri, 4 Jul 2025 10:15:03 +0000 (UTC) Received: from [127.0.0.1] (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mail01.ipfire.org (Postfix) with ESMTPSA id 4bYTyp2tvVz7FX; Fri, 4 Jul 2025 10:14:58 +0000 (UTC) DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003ed25519; t=1751624098; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K5FHJHhYPziM58KspNqdkW9965ZTf8U6ekU9RtAFSZY=; b=PQ+d04hNAlE84RgNysd64q9+yKhAsRHQGQj+lkrLkp8bq4fqeqMvmqqsPmKDBEpC7w0DQQ ixp+zTXPyuQl0mCg== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ipfire.org; s=202003rsa; t=1751624098; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K5FHJHhYPziM58KspNqdkW9965ZTf8U6ekU9RtAFSZY=; b=hjdKR6mmHN8mVM1HFb55Ir3Pt/MjaZC9b9TssTTwpztUTZpnFcgIlOFpIWxN9e7g4uPaw2 a4z5CTjOsoghTvuysryWGYyU2Pe98RNHcCIycZQj7PB1mik/aBV7uYhKITaeACgLGo5jB/ uqhk6O1oJXh0bNJWVI8kGF+yklW5qsk0JwuythccNpcSYktoJLJEj0ZHCT/puJDV0Jv8MS lUjJm2Z913F8ZvrsZYw3WHyHWfTeOZ+fashz9Ylx1FKrlWdFF1VlCNpDnU5g+AjGohdpGs 7eVoXyT4V2Jd8Y4OVaifUEYSA41LvD1fJkMn4K2aUdwZ32Q86kzHtgTPLG5w0Q== From: Adolf Belka To: development@lists.ipfire.org Cc: Adolf Belka Subject: [PATCH] libssh: Update to version 0.11.2 Date: Fri, 4 Jul 2025 12:14:36 +0200 Message-ID: <20250704101446.8038-21-adolf.belka@ipfire.org> In-Reply-To: <20250704101446.8038-1-adolf.belka@ipfire.org> References: <20250704101446.8038-1-adolf.belka@ipfire.org> Precedence: list List-Id: List-Subscribe: , List-Unsubscribe: , List-Post: List-Help: Sender: Mail-Followup-To: MIME-Version: 1.0 - Update from version 0.11.1 to 0.11.2 - Update of rootfile - Changelog 0.11.2 * Security: * CVE-2025-4877 - Write beyond bounds in binary to base64 conversion * CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file() * CVE-2025-5318 - Likely read beyond bounds in sftp server handle management * CVE-2025-5351 - Double free in functions exporting keys * CVE-2025-5372 - ssh_kdf() returns a success code on certain failures * CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding * CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL * Compatibility * Fixed compatibility with CPM.cmake * Compatibility with OpenSSH 10.0 * Tests compatibility with new Dropbear releases * Removed p11-kit remoting from the pkcs11 testsuite * Bugfixes * Implement missing packet filter for DH GEX * Properly process the SSH2_MSG_DEBUG message * Allow escaping quotes in quoted arguments to ssh configuration * Do not fail with unknown match keywords in ssh configuration * Process packets before selecting signature algorithm during authentication * Do not fail hard when the SFTP status message is not sent by noncompliant servers Signed-off-by: Adolf Belka --- config/rootfiles/common/libssh | 2 +- lfs/libssh | 6 +++--- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/config/rootfiles/common/libssh b/config/rootfiles/common/libssh index 5b0c59fbd..77dfc71cf 100644 --- a/config/rootfiles/common/libssh +++ b/config/rootfiles/common/libssh @@ -14,5 +14,5 @@ #usr/lib/cmake/libssh/libssh-config.cmake #usr/lib/libssh.so usr/lib/libssh.so.4 -usr/lib/libssh.so.4.10.1 +usr/lib/libssh.so.4.10.2 #usr/lib/pkgconfig/libssh.pc diff --git a/lfs/libssh b/lfs/libssh index d7b956aa6..80eaa0219 100644 --- a/lfs/libssh +++ b/lfs/libssh @@ -24,7 +24,7 @@ include Config -VER = 0.11.1 +VER = 0.11.2 THISAPP = libssh-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = 87079b4eaf66ceb77803b3d854f847b3f3fb6a67ac3bfa756ebcf8f06bf2b313e976044e0a1d81227fb5278fb04bc56f1a82877d14a6ee76bec0c690b14f38a7 +$(DL_FILE)_BLAKE2 = 7f4a97b2027e386f5bfd308b1aac1938484722d4d1bb55ce0fa2de8358bedea47955df1cb4e68679033d1a5538058422770872f2f6513a82199ff506eccfad0e install : $(TARGET) @@ -72,7 +72,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) -mkdir -pv $(DIR_APP)/build cd $(DIR_APP)/build && cmake .. \ - -DCMAKE_INSTALL_PREFIX=/usr + -DCMAKE_INSTALL_PREFIX=/usr cd $(DIR_APP)/build && make $(MAKETUNING) cd $(DIR_APP)/build && make install @rm -rf $(DIR_APP)