helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
24,406 Commits 63 Branches 0 Tags
Commit Graph

18 Commits

Author SHA1 Message Date
Vijay Anusuri
9d8ef26a96 libssh: Fix CVE-2026-0964 
Pick commit according to [1]

[1] https://security-tracker.debian.org/tracker/CVE-2026-0964
[2] https://www.libssh.org/security/advisories/CVE-2026-0964.txt

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2026-03-29 11:11:33 +02:00
Vijay Anusuri
4a119f766d libssh: Fix CVE-2026-0966 
Pick commits according to [1]

[1] https://security-tracker.debian.org/tracker/CVE-2026-0966
[2] https://www.libssh.org/security/advisories/CVE-2026-0966.txt

Skip the test commit as it's not applicable in libssh-0.8.9

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2026-03-29 11:11:09 +02:00
Vijay Anusuri
8af1978e48 libssh: Fix CVE-2026-3731 
Pick commit according to [1]

[1] https://security-tracker.debian.org/tracker/CVE-2026-3731
[2] https://www.libssh.org/security/advisories/libssh-2026-sftp-extensions.txt

Skip the test file change as it's not available in libssh-0.8.9

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2026-03-12 06:22:26 +01:00
Divya Chellam
4ae2ec4620 libssh : fix CVE-2025-8114 
A flaw was found in libssh, a library that implements the SSH protocol.
When calculating the session ID during the key exchange (KEX) process,
an allocation failure in cryptographic functions may lead to a NULL
pointer dereference. This issue can cause the client or server to crash.

Reference:
https://security-tracker.debian.org/tracker/CVE-2025-8114

Upstream-patch:
https://git.libssh.org/projects/libssh.git/commit/?id=53ac23ded4cb2c5463f6c4cd1525331bd578812d

Signed-off-by: Divya Chellam <divya.chellam@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-30 15:13:57 +01:00
Rajeshkumar Ramasamy
07ac1890c8 libssh: fix CVE-2025-8277 
A flaw was found in libssh's handling of key exchange (KEX) processes
when a client repeatedly sends incorrect KEX guesses. The library fails
to free memory during these rekey operations, which can gradually
exhaust system memory. This issue can lead to crashes on the client
side, particularly when using libgcrypt, which impacts application
stability and availability.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-8277

Upstream-patch:
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=266174a6d36687b65cf90174f06af90b8b27c65f
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=8e4d67aa9eda455bfad9ac610e54b7a548d0aa08
https://git.libssh.org/projects/libssh.git/commit/?h=stable-0.11&id=1c763e29d138db87665e98983f468d2dd0f286c1

Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-11 08:50:50 +01:00
Rajeshkumar Ramasamy
acd365628a libssh: fix CVE-2025-4878 
A vulnerability was found in libssh, where an uninitialized variable
exists under certain conditions in the privatekey_from_file() function.
This flaw can be triggered if the file specified by the filename doesn't
exist and may lead to possible signing failures or heap corruption.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2025-4878

Upstream-patch:
https://git.libssh.org/projects/libssh.git/commit/?id=697650caa97eaf7623924c75f9fcfec6dd423cd1
https://git.libssh.org/projects/libssh.git/commit/?id=b35ee876adc92a208d47194772e99f9c71e0bedb

Signed-off-by: Rajeshkumar Ramasamy <rajeshkumar.ramasamy@windriver.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-11-11 08:50:42 +01:00
Hitendra Prajapati
f3a6203fa0 libssh: fix CVE-2025-4877 
Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=6fd9cc8ce3958092a1aae11f1f2e911b2747732d

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
 2025-09-06 16:27:52 +02:00
Hitendra Prajapati
058249f9a8 libssh: fix CVE-2025-5318 
Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-07-02 20:42:48 -04:00
Virendra Thakur
6ca163ed3e libssh: Add ptest 
Enable ptest for libssh , this change is backported from upstream
scarthgap.

Reference: https://git.openembedded.org/meta-openembedded/commit/?h=scarthgap&id=bf49bdea290ba8cf18f3fd6b47d1d71dfe499948

~ # ptest-runner libssh
START: ptest-runner
2025-01-28T14:28
BEGIN: /usr/lib/libssh/ptest
PASS: torture_buffer
PASS: torture_callbacks
PASS: torture_channel
PASS: torture_config
PASS: torture_crypto
PASS: torture_hashes
PASS: torture_init
PASS: torture_isipaddr
PASS: torture_keyfiles
PASS: torture_knownhosts_parsing
PASS: torture_list
PASS: torture_misc
PASS: torture_options
PASS: torture_packet
PASS: torture_packet_filter
PASS: torture_pki
PASS: torture_pki_ecdsa
PASS: torture_pki_ed25519
PASS: torture_pki_rsa
PASS: torture_rand
PASS: torture_threads_buffer
PASS: torture_threads_crypto
PASS: torture_threads_init
PASS: torture_threads_pki_rsa
DURATION: 119
END: /usr/lib/libssh/ptest
2025-01-28T14:29
STOP: ptest-runner
TOTAL: 1 FAIL: 0

Signed-off-by: Virendra Thakur <virendrak@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2025-02-09 07:58:19 -08:00
nikhil
31d0f02673 libssh: Fix CVE CVE-2023-6004 
A flaw was found in libssh. By utilizing the
ProxyCommand or ProxyJump feature, users can exploit
unchecked hostname syntax on the client. This issue
may allow an attacker to inject malicious code into
the command of the features mentioned through the
hostname parameter

Signed-off-by: Nikhil R <nikhil.r@kpit.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-05-26 15:22:08 -04:00
Vijay Anusuri
8ce84b09e5 libssh: Backport fix for CVE-2023-48795 
Upstream-Status: Backport
[4cef5e965a
&
0870c8db28
&
5846e57538]

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2024-02-07 18:41:41 -05:00
Hitendra Prajapati
ac70b00910 libssh: CVE-2020-16135 Fix NULL pointer dereference in sftpserver.c 
Upstream-Status: Backport from https://git.libssh.org/projects/libssh.git/patch/?id=0a9268a60f2d3748ca69bde5651f20e72761058c

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
 2023-07-02 11:17:41 -04:00
Khem Raj
14c7d8a0d7 recipes: Update LICENSE variable to use SPDX license identifiers 
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2022-03-04 17:41:45 -08:00
Yi Zhao
2f9851fffb libssh: use https instead of git in SRC_URI 
Set protocol to https as the git protocol doesn't work for this repo:

$ git clone git://git.libssh.org/projects/libssh.git
Cloning into 'libssh'...
fatal: unable to connect to git.libssh.org:
git.libssh.org[0: 78.46.21.5]: errno=Connection timed out
git.libssh.org[1: 2a01:4f8:201:2294::2]: errno=Network is unreachable

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-11-03 06:57:48 -07:00
Peter Kjellerstedt
f1d2fbaf4f libssh: Support building for native and nativesdk 
Since libssh is now a dependency of cryptsetup, it needs to be buildable
for the same cases as cryptsetup.

Signed-off-by: Peter Kjellerstedt <peter.kjellerstedt@axis.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-11-01 05:45:18 -07:00
Martin Jansa
c61dc077bb Convert to new override syntax 
This is the result of automated script (0.9.1) conversion:

oe-core/scripts/contrib/convert-overrides.py .

converting the metadata to use ":" as the override character instead of "_".

Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
 2021-08-03 10:21:25 -07:00
Valentin Longchamp
86eb692a4e libssh: add gcrypt to PACKAGECONFIG 
This would allow to build it without libgcrypt (relying instead on
libcrypto).

Enable it by default to keep the recipe behaving the same wihtout a
configuration change.

Signed-off-by: Valentin Longchamp <valentin@longchamp.me>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2021-03-30 12:38:55 -07:00
Pierre-Jean Texier
2322940fc3 libssh: upgrade 0.8.8 -> 0.8.9 
This is a security release.

See changelog https://www.libssh.org/2020/04/09/libssh-0-9-4-and-libssh-0-8-9-security-release/

Signed-off-by: Pierre-Jean Texier <pjtexier@koncepto.io>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
 2020-04-14 10:17:58 -07:00