[Buildroot] [PATCH] openssh: bump to version 7.5

[Buildroot] [PATCH] openssh: bump to version 7.5

[Baruch Siach]

Signed-off-by: Baruch Siach <baruch@tkos.co.il>
---
 package/openssh/openssh.hash | 5 ++---
 package/openssh/openssh.mk   | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/package/openssh/openssh.hash b/package/openssh/openssh.hash
index 09010d3b29fc..3685bc0dbf69 100644
--- a/package/openssh/openssh.hash
+++ b/package/openssh/openssh.hash
@@ -1,3 +1,2 @@
-# Locally calculated after checking pgp signature
-# Also from http://www.openssh.com/txt/release-7.4
-sha256 1b1fc4a14e2024293181924ed24872e6f2e06293f3e8926a376b8aec481f19d1  openssh-7.4p1.tar.gz
+# From http://www.openssh.com/txt/release-7.5 (base64 encoded)
+sha256 9846e3c5fab9f0547400b4d2c017992f914222b3fd1f8eee6c7dc6bc5e59f9f0  openssh-7.5p1.tar.gz
diff --git a/package/openssh/openssh.mk b/package/openssh/openssh.mk
index ce37ee7ff2ba..ba48770afc6d 100644
--- a/package/openssh/openssh.mk
+++ b/package/openssh/openssh.mk
@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-OPENSSH_VERSION = 7.4p1
+OPENSSH_VERSION = 7.5p1
 OPENSSH_SITE = http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable
 OPENSSH_LICENSE = BSD-3c, BSD-2c, Public Domain
 OPENSSH_LICENSE_FILES = LICENCE
-- 
2.11.0

[Buildroot] [PATCH] openssh: bump to version 7.5

[Peter Korsgaard]

>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:

 > Signed-off-by: Baruch Siach <baruch@tkos.co.il>

Committed after updating the commit message to mention that this release
fixes security issues, thanks:

Security
--------

 * ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
   that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
   Note that the OpenSSH client disables CBC ciphers by default, sshd
   offers them as lowest-preference options and will remove them by
   default entriely in the next release. Reported by Jean Paul
   Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of
   Royal Holloway, University of London.

 * sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
   a recursive file transfer could be maniuplated by a hostile server to
   perform a path-traversal attack. creating or modifying files outside
   of the intended target directory. Reported by Jann Horn of Google
   Project Zero.

-- 
Bye, Peter Korsgaard

[Buildroot] [PATCH] openssh: bump to version 7.5

[Peter Korsgaard]

>>>>> "Peter" == Peter Korsgaard <peter@korsgaard.com> writes:

>>>>> "Baruch" == Baruch Siach <baruch@tkos.co.il> writes:
 >> Signed-off-by: Baruch Siach <baruch@tkos.co.il>

 > Committed after updating the commit message to mention that this release
 > fixes security issues, thanks:

 > Security
 > --------

 >  * ssh(1), sshd(8): Fix weakness in CBC padding oracle countermeasures
 >    that allowed a variant of the attack fixed in OpenSSH 7.3 to proceed.
 >    Note that the OpenSSH client disables CBC ciphers by default, sshd
 >    offers them as lowest-preference options and will remove them by
 >    default entriely in the next release. Reported by Jean Paul
 >    Degabriele, Kenny Paterson, Martin Albrecht and Torben Hansen of
 >    Royal Holloway, University of London.

 >  * sftp-client(1): [portable OpenSSH only] On Cygwin, a client making
 >    a recursive file transfer could be maniuplated by a hostile server to
 >    perform a path-traversal attack. creating or modifying files outside
 >    of the intended target directory. Reported by Jann Horn of Google
 >    Project Zero.

Committed to 2017.02.x, thanks.

-- 
Bye, Peter Korsgaard