mirror of
https://github.com/openwrt/packages.git
synced 2025-12-21 19:14:30 +04:00
openssh: bump to 9.9p2
Updated and removed upstreamed patch. Highlights relating to security: * Fix CVE-2025-26465 - ssh(1) in OpenSSH versions 6.8p1 to 9.9p1 (inclusive) contained a logic error that allowed an on-path attacker (a.k.a MITM) to impersonate any server when the VerifyHostKeyDNS option is enabled. This option is off by default. * Fix CVE-2025-26466 - sshd(8) in OpenSSH versions 9.5p1 to 9.9p1 (inclusive) is vulnerable to a memory/CPU denial-of-service related to the handling of SSH2_MSG_PING packets. This condition may be mitigated using the existing PerSourcePenalties feature. Both vulnerabilities were discovered and demonstrated to be exploitable by the Qualys Security Advisory team. We thank them for their detailed review of OpenSSH. Full release notes: https://www.openssh.com/txt/release-9.9p2 Signed-off-by: John Audia <therealgraysky@proton.me>
This commit is contained in:
John Audia
committed by
Tianling Shen
Tianling Shen
parent
0c9f4a8410
commit
67784bf4d0
@@ -8,14 +8,14 @@
|
||||
include $(TOPDIR)/rules.mk
|
||||
|
||||
PKG_NAME:=openssh
|
||||
PKG_REALVERSION:=9.9p1
|
||||
PKG_VERSION:=9.9_p1
|
||||
PKG_RELEASE:=3
|
||||
PKG_REALVERSION:=9.9p2
|
||||
PKG_VERSION:=9.9_p2
|
||||
PKG_RELEASE:=1
|
||||
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_REALVERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \
|
||||
https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/
|
||||
PKG_HASH:=b343fbcdbff87f15b1986e6e15d6d4fc9a7d36066be6b7fb507087ba8f966c02
|
||||
PKG_HASH:=91aadb603e08cc285eddf965e1199d02585fa94d994d6cae5b41e1721e215673
|
||||
PKG_BUILD_DIR:=$(BUILD_DIR)/$(if $(BUILD_VARIANT),$(PKG_NAME)-$(BUILD_VARIANT)/)$(PKG_NAME)-$(PKG_REALVERSION)
|
||||
|
||||
PKG_LICENSE:=BSD ISC
|
||||
|
||||
@@ -1,30 +0,0 @@
|
||||
From 76a618d2842c34c16cd21a4efc7230e2f459008d Mon Sep 17 00:00:00 2001
|
||||
From: Damien Miller <djm@mindrot.org>
|
||||
Date: Wed, 25 Sep 2024 11:13:05 +1000
|
||||
Subject: [PATCH] build construct_utmp() when USE_BTMP is set
|
||||
|
||||
Fixes compile error on Void Linux/Musl
|
||||
---
|
||||
loginrec.c | 4 ++--
|
||||
1 file changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
--- a/loginrec.c
|
||||
+++ b/loginrec.c
|
||||
@@ -614,7 +614,7 @@ line_abbrevname(char *dst, const char *s
|
||||
** into account.
|
||||
**/
|
||||
|
||||
-#if defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN)
|
||||
+#if defined(USE_BTMP) || defined(USE_UTMP) || defined (USE_WTMP) || defined (USE_LOGIN)
|
||||
|
||||
/* build the utmp structure */
|
||||
void
|
||||
@@ -698,7 +698,7 @@ construct_utmp(struct logininfo *li,
|
||||
}
|
||||
# endif
|
||||
}
|
||||
-#endif /* USE_UTMP || USE_WTMP || USE_LOGIN */
|
||||
+#endif /* USE_BTMP || USE_UTMP || USE_WTMP || USE_LOGIN */
|
||||
|
||||
/**
|
||||
** utmpx utility functions
|
||||
Reference in New Issue
Block a user