From 75674f0439ee497bc6b77222a23e3974d150be89 Mon Sep 17 00:00:00 2001 From: John Audia Date: Mon, 1 Jul 2024 06:20:33 -0400 Subject: [PATCH] openssh: bump to 9.8p1 Release notes: https://www.openssh.com/txt/release-9.8 * 9.8p1 fixes CVE-2024-6387 * Adjusted Makefile to provide /usr/lib/sshd-session * Given the troubles with -fzero-call-used-regs and all the broken checks, makes sense to skip it Build system: x86/64 Build-tested: x86/64/AMD Cezanne Run-tested: x86/64/AMD Cezanne Signed-off-by: John Audia --- net/openssh/Makefile | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/net/openssh/Makefile b/net/openssh/Makefile index dd5c179392..40d2f2e1e1 100644 --- a/net/openssh/Makefile +++ b/net/openssh/Makefile @@ -8,13 +8,13 @@ include $(TOPDIR)/rules.mk PKG_NAME:=openssh -PKG_VERSION:=9.7p1 -PKG_RELEASE:=2 +PKG_VERSION:=9.8p1 +PKG_RELEASE:=1 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=https://cdn.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \ https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ -PKG_HASH:=490426f766d82a2763fcacd8d83ea3d70798750c7bd2aff2e57dc5660f773ffd +PKG_HASH:=dd8bd002a379b5d499dfb050dd1fa9af8029e80461f4bb6c523c49973f5a39f3 PKG_LICENSE:=BSD ISC PKG_LICENSE_FILES:=LICENCE @@ -180,7 +180,8 @@ CONFIGURE_ARGS += \ --without-kerberos5 \ --with-stackprotect \ --with$(if $(CONFIG_OPENSSL_ENGINE),,out)-ssl-engine \ - --with$(if $(CONFIG_OPENSSH_LIBFIDO2),,out)-security-key-builtin + --with$(if $(CONFIG_OPENSSH_LIBFIDO2),,out)-security-key-builtin \ + --with-cflags-after=-fzero-call-used-regs=skip ifeq ($(BUILD_VARIANT),with-pam) CONFIGURE_ARGS += \ @@ -236,6 +237,8 @@ define Package/openssh-server/install $(INSTALL_BIN) ./files/sshd.failsafe $(1)/lib/preinit/99_10_failsafe_sshd $(INSTALL_DIR) $(1)/usr/sbin $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/sbin/sshd $(1)/usr/sbin/ + $(INSTALL_DIR) $(1)/usr/lib + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/lib/sshd-session $(1)/usr/lib/ endef define Package/openssh-server-pam/install -- 2.30.2