openwrt-mirror/packages
1
0
Fork 0
mirror of https://github.com/openwrt/packages.git synced 2025-12-21 21:24:31 +04:00
Code Issues Packages Projects Releases Wiki Activity

openssh: bump to 9.9p2

Browse Source 
Updated and removed upstreamed patch.

Highlights relating to security:

* Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1
  (inclusive) contained a logic error that allowed an on-path
  attacker (a.k.a MITM) to impersonate any server when the
  VerifyHostKeyDNS option is enabled. This option is off by default.

* Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1
  (inclusive) is vulnerable to a memory/CPU denial-of-service related
  to the handling of SSH2_MSG_PING packets. This condition may be
  mitigated using the existing PerSourcePenalties feature.

Both vulnerabilities were discovered and demonstrated to be exploitable
by the Qualys Security Advisory team. We thank them for their detailed
review of OpenSSH.

Full release notes: https://www.openssh.com/txt/release-9.9p2

Signed-off-by: John Audia <therealgraysky@proton.me>
This commit is contained in:
John Audia
2025-02-18 12:57:33 -05:00
committed by Tianling Shen
parent 0c9f4a8410
commit 67784bf4d0
2 changed files with 4 additions and 34 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
net/openssh/Makefile
View File

@@ -8,14 +8,14 @@
include $(TOPDIR)/rules.mk include $(TOPDIR)/rules.mk
PKG_NAME:=openssh PKG_NAME:=openssh
PKG_REALVERSION:=9.9p1 PKG_REALVERSION:=9.9p2
PKG_VERSION:=9.9_p1 PKG_VERSION:=9.9_p2
PKG_RELEASE:=3 PKG_RELEASE:=1
PKG_SOURCE:=$(PKG_NAME)-$(PKG_REALVERSION).tar.gz PKG_SOURCE:=$(PKG_NAME)-$(PKG_REALVERSION).tar.gz
PKG_SOURCE_URL:=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ PKG_SOURCE_URL:=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
PKG_HASH:=b343fbcdbff87f15b1986e6e15d6d4fc9a7d36066be6b7fb507087ba8f966c02 PKG_HASH:=91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673
PKG_BUILD_DIR:=$(BUILD_DIR)/$(if $(BUILD_VARIANT),$(PKG_NAME)-$(BUILD_VARIANT)/)$(PKG_NAME)-$(PKG_REALVERSION) PKG_BUILD_DIR:=$(BUILD_DIR)/$(if $(BUILD_VARIANT),$(PKG_NAME)-$(BUILD_VARIANT)/)$(PKG_NAME)-$(PKG_REALVERSION)
PKG_LICENSE:=BSD ISC PKG_LICENSE:=BSD ISC

30
net/openssh/patches/001-build-construct_utmp-when-USE_BTMP-is-set.patch
View File

@@ -1,30 +0,0 @@
From 76a618d2842c34c16cd21a4efc7230e2f459008d Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Wed, 25 Sep 2024 11:13:05 +1000
Subject: [PATCH] build construct_utmp() when USE_BTMP is set
Fixes compile error on Void Linux/Musl
---
loginrec.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
--- a/loginrec.c
+++ b/loginrec.c
@@ -614,7 +614,7 @@ line_abbrevname(char *dst, const char *s
** into account.
**/
-#if defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN)
+#if defined(USE_BTMP) || defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN)
/* build the utmp structure */
void
@@ -698,7 +698,7 @@ construct_utmp(struct logininfo *li,
}
# endif
}
-#endif /* USE_UTMP || USE_WTMP || USE_LOGIN */
+#endif /* USE_BTMP || USE_UTMP || USE_WTMP || USE_LOGIN */
/**
** utmpx utility functions