[Buildroot] [PATCH] openssh: security bump to version 7.1p2
Gustavo Zacarias
gustavo at zacarias.com.ar
Thu Jan 14 17:55:43 UTC 2016
Fixes:
CVE-2016-0777 - Client Information leak from use of roaming connection
feature.
CVE-2016-0778 - A buffer overflow flaw was found in the way the OpenSSH
client roaming feature was implemented. A malicious server could
potentially use this flaw to execute arbitrary code on a successfully
authenticated OpenSSH client if that client used certain non-default
configuration options.
Signed-off-by: Gustavo Zacarias <gustavo at zacarias.com.ar>
---
package/openssh/openssh.hash | 5 ++---
package/openssh/openssh.mk | 2 +-
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/package/openssh/openssh.hash b/package/openssh/openssh.hash
index 84f0667..b93b4a9 100644
--- a/package/openssh/openssh.hash
+++ b/package/openssh/openssh.hash
@@ -1,4 +1,3 @@
# Locally calculated after checking pgp signature
-# Also from http://www.openssh.com/txt/release-7.1 (sha256 is base64 encoded)
-# Decode with -> echo <encoded stuff>|base64 -d|hexdump -v -e '/1 "%02x"'
-sha256 fc0a6d2d1d063d5c66dffd952493d0cda256cad204f681de0f84ef85b2ad8428 openssh-7.1p1.tar.gz
+# Also from http://www.openssh.com/txt/release-7.1p2
+sha256 dd75f024dcf21e06a0d6421d582690bf987a1f6323e32ad6619392f3bfde6bbd openssh-7.1p2.tar.gz
diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index b7aeb2a..a6cdfe2 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -4,7 +4,7 @@
#
################################################################################
-OPENSSH_VERSION = 7.1p1
+OPENSSH_VERSION = 7.1p2
OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
OPENSSH_LICENSE = BSD-3c BSD-2c Public Domain
OPENSSH_LICENSE_FILES = LICENCE
--
2.4.10
More information about the buildroot
mailing list