linux/meta-openembedded.git/meta-oe/recipes-support/libssh, branch master

libssh: drop obsolete CVE_STATUS variables

2026-03-20T21:13:10+00:00

Since adding these statuses NVD corrected their DB, and now both CVEs are tracked with the correct version. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj

libssh: upgrade 0.11.3 -> 0.11.4

2026-03-17T20:25:23+00:00

Signed-off-by: Gijs Peskens Signed-off-by: Khem Raj

libssh: ignore CVE-2025-5318 and CVE-2025-5987

2025-10-09T01:46:01+00:00

Both CVEs have been fixed in version 0.11.2. CVE-2025-5318: https://git.libssh.org/projects/libssh.git/commit/?id=5f4ffda88770f95482fd0e66aa44106614dbf466 CVE-2025-5987: https://git.libssh.org/projects/libssh.git/commit/?id=90b4845e0c98574bbf7bea9e97796695f064bf57 Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj

libssh: upgrade 0.11.2 -> 0.11.3

2025-09-16T16:59:16+00:00

Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj

libssh: upgrade 0.11.1 -> 0.11.2

2025-07-09T06:40:29+00:00

* Security: * CVE-2025-4877 - Write beyond bounds in binary to base64 conversion * CVE-2025-4878 - Use of uninitialized variable in privatekey_from_file() * CVE-2025-5318 - Likely read beyond bounds in sftp server handle management * CVE-2025-5351 - Double free in functions exporting keys * CVE-2025-5372 - ssh_kdf() returns a success code on certain failures * CVE-2025-5449 - Likely read beyond bounds in sftp server message decoding * CVE-2025-5987 - Invalid return code for chacha20 poly1305 with OpenSSL * Compatibility * Fixed compatibility with CPM.cmake * Compatibility with OpenSSH 10.0 * Tests compatibility with new Dropbear releases * Removed p11-kit remoting from the pkcs11 testsuite * Bugfixes * Implement missing packet filter for DH GEX * Properly process the SSH2_MSG_DEBUG message * Allow escaping quotes in quoted arguments to ssh configuration * Do not fail with unknown match keywords in ssh configuration * Process packets before selecting signature algorithm during authentication * Do not fail hard when the SFTP status message is not sent by noncompliant servers Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj

meta-openembedded/all: adapt to UNPACKDIR changes

2025-06-25T13:44:52+00:00

Please see https://git.yoctoproject.org/poky/commit/?id=4dd321f8b83afecd962393101b2a6861275b5265 for what changes are needed, and sed commands that can be used to make them en masse. I've verified that bitbake -c patch world works with these, but did not run a world build; the majority of recipes shouldn't need further fixups, but if there are some that still fall out, they can be fixed in followups. Signed-off-by: Alexander Kanavin Signed-off-by: Khem Raj

libssh: upgrade 0.10.6 -> 0.11.1

2024-09-15T14:46:44+00:00

* Drop 0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch as the issue has been fixed upstream. * Add a patch to fix build with clang. Signed-off-by: Yi Zhao Signed-off-by: Khem Raj

libssh: upgrade 0.10.5 -> 0.10.6

2024-01-02T08:35:51+00:00

0001-libgcrypt.c-Fix-prototype-of-des3_encrypt-des3_decry.patch 0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch refreshed for 0.10.6 Changelog: ========== * Fix CVE-2023-6004: Command injection using proxycommand * Fix CVE-2023-48795: Potential downgrade attack using strict kex * Fix CVE-2023-6918: Missing checks for return values of MD functions * Fix ssh_send_issue_banner() for CMD(PowerShell) * Avoid passing other events to callbacks when poll is called recursively (#202) * Allow @ in usernames when parsing from URI composes Signed-off-by: Wang Mingyu Signed-off-by: Khem Raj

libssh: upgrade 0.10.4 -> 0.10.5

2023-08-23T04:18:05+00:00

Changelog: https://git.libssh.org/projects/libssh.git/tag/?h=libssh-0.10.5 * Generate cases list dynamically in run-ptest. * Install missing file to fix ptest failure. Signed-off-by: Yi Zhao Signed-off-by: Khem Raj

libssh: Fix build with clang16

2023-03-22T16:10:39+00:00

Signed-off-by: Khem Raj