From c121a514ad528be4806212194a6c6857b1d74cf9 Mon Sep 17 00:00:00 2001 From: RISCi_ATOM Date: Tue, 16 Jul 2024 11:32:21 -0400 Subject: [PATCH] openssh: bump to 9.8p1 Release notes: https://www.openssh.com/txt/release-9.8 * 9.8p1 fixes CVE-2024-6387 * Adjusted Makefile to provide /usr/lib/sshd-session * Given the troubles with -fzero-call-used-regs and all the broken checks, makes sense to skip it (From upstream pkg feed @ : a9ee98f9efeb10e047abaa5233a2eae6878ce9cc) --- package/network/services/openssh/Makefile | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/package/network/services/openssh/Makefile b/package/network/services/openssh/Makefile index ca9380f0b8..ac580fc71b 100644 --- a/package/network/services/openssh/Makefile +++ b/package/network/services/openssh/Makefile @@ -8,18 +8,20 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssh -PKG_VERSION:=9.5p1 +PKG_VERSION:=9.8p1 PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ -PKG_HASH:=f026e7b79ba7fb540f75182af96dc8a8f1db395f922bbc9f6ca603672686086b +PKG_HASH:=dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3 PKG_LICENSE:=BSD ISC PKG_LICENSE_FILES:=LICENCE PKG_CPE_ID:=cpe:/a:openssh:openssh +#While bumping new version, make sure that it works without it, so it can be removed. +PKG_FIXUP:=autoreconf PKG_REMOVE_FILES:= PKG_CONFIG_DEPENDS := \ CONFIG_OPENSSH_LIBFIDO2 @@ -177,7 +179,8 @@ CONFIGURE_ARGS += \ --without-kerberos5 \ --with-stackprotect \ --with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine \ - --with$(if $(CONFIG_OPENSSH_LIBFIDO2),,out)-security-key-builtin + --with$(if $(CONFIG_OPENSSH_LIBFIDO2),,out)-security-key-builtin \ + --with-cflags-after=-fzero-call-used-regs=skip ifeq ($(BUILD_VARIANT),with-pam) CONFIGURE_ARGS += \ @@ -233,6 +236,8 @@ define Package/openssh-server/install $(INSTALL_BIN) ./files/sshd.failsafe $(1)/lib/preinit/99_10_failsafe_sshd $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/lib + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/sshd-session $(1)/usr/lib/ endef define Package/openssh-server-pam/install -- 2.25.1