aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Christian Stewart <christian@paral.in>2021-03-01 03:59:03 -0800
committerGravatar Peter Korsgaard <peter@korsgaard.com>2021-03-01 17:07:30 +0100
commit6609cd0d8894771126cd82d95deb10180cb6cf41 (patch)
tree452fc38ca1a6f03e9b3b2c1d62b62862f4223ce1
parentdfd44046f36edee3bfd48aa4336d0b9b9baf90d4 (diff)
downloadbuildroot-6609cd0d8894771126cd82d95deb10180cb6cf41.tar.gz
buildroot-6609cd0d8894771126cd82d95deb10180cb6cf41.tar.bz2
package/openssh: security bump to version 8.4p1
Fixes CVE-2020-15778: scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows." https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15778 Signed-off-by: Christian Stewart <christian@paral.in> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
-rw-r--r--package/openssh/openssh.hash4
-rw-r--r--package/openssh/openssh.mk4
2 files changed, 4 insertions, 4 deletions
diff --git a/package/openssh/openssh.hash b/package/openssh/openssh.hash
index 1d7dc14fb6..840467f50a 100644
--- a/package/openssh/openssh.hash
+++ b/package/openssh/openssh.hash
@@ -1,4 +1,4 @@
-# From https://www.openssh.com/txt/release-8.3 (base64 encoded)
-sha256 f2befbe0472fe7eb75d23340eb17531cb6b3aac24075e2066b41f814e12387b2 openssh-8.3p1.tar.gz
+# From https://www.openssh.com/txt/release-8.4 (base64 encoded)
+sha256 5a01d22e407eb1c05ba8a8f7c654d388a13e9f226e4ed33bd38748dafa1d2b24 openssh-8.4p1.tar.gz
# Locally calculated
sha256 73d0db766229670c7b4e1ec5e6baed54977a0694a565e7cc878c45ee834045d7 LICENCE
diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index edcbfc2f62..64e3084ca1 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -4,8 +4,8 @@
#
################################################################################
-OPENSSH_VERSION = 8.3p1
-OPENSSH_CPE_ID_VERSION = 8.3
+OPENSSH_VERSION = 8.4p1
+OPENSSH_CPE_ID_VERSION = 8.4
OPENSSH_CPE_ID_UPDATE = p1
OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
OPENSSH_LICENSE = BSD-3-Clause, BSD-2-Clause, Public Domain