Why not upgrade it to 0.11.4 in master, instead of patching it? On 3/10/26 13:14, Deepak Rathore via lists.openembedded.org wrote: > From: Deepak Rathore <[email protected]> > > Upstream Repository: https://git.libssh.org/projects/libssh.git > > Bug Details: https://nvd.nist.gov/vuln/detail/CVE-2026-3731 > Type: Security Fix > CVE: CVE-2026-3731 > Score: 9.8 > Patch: https://git.libssh.org/projects/libssh.git/commit/?id=855a0853ad3a > > Signed-off-by: Deepak Rathore <[email protected]> > > diff --git a/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731.patch > b/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731.patch > new file mode 100644 > index 0000000000..88e6ff1c48 > --- /dev/null > +++ b/meta-oe/recipes-support/libssh/libssh/CVE-2026-3731.patch > @@ -0,0 +1,43 @@ > +From e46f096ad5294428509077c887233554d62ead0e Mon Sep 17 00:00:00 2001 > +From: Jakub Jelen <[email protected]> > +Date: Thu, 11 Dec 2025 13:22:44 +0100 > +Subject: [PATCH] sftp: Fix out-of-bound read from sftp extensions > +MIME-Version: 1.0 > +Content-Type: text/plain; charset=UTF-8 > +Content-Transfer-Encoding: 8bit > + > +CVE: CVE-2026-3731 > +Upstream-Status: Backport > [https://git.libssh.org/projects/libssh.git/commit/?id=855a0853ad3a] > + > +Signed-off-by: Jakub Jelen <[email protected]> > +Reviewed-by: Pavol Žáčik <[email protected]> > +(cherry picked from commit 855a0853ad3abd4a6cd85ce06fce6d8d4c7a0b60) > +Signed-off-by: Deepak Rathore <[email protected]> > +--- > + src/sftp.c | 4 ++-- > + 1 file changed, 2 insertions(+), 2 deletions(-) > + > +diff --git a/src/sftp.c b/src/sftp.c > +index 37b4133b..cbcdb066 100644 > +--- a/src/sftp.c > ++++ b/src/sftp.c > +@@ -583,7 +583,7 @@ const char *sftp_extensions_get_name(sftp_session sftp, > unsigned int idx) { > + return NULL; > + } > + > +- if (idx > sftp->ext->count) { > ++ if (idx >= sftp->ext->count) { > + ssh_set_error_invalid(sftp->session); > + return NULL; > + } > +@@ -599,7 +599,7 @@ const char *sftp_extensions_get_data(sftp_session sftp, > unsigned int idx) { > + return NULL; > + } > + > +- if (idx > sftp->ext->count) { > ++ if (idx >= sftp->ext->count) { > + ssh_set_error_invalid(sftp->session); > + return NULL; > + } > +-- > +2.51.0 > diff --git a/meta-oe/recipes-support/libssh/libssh_0.11.3.bb > b/meta-oe/recipes-support/libssh/libssh_0.11.3.bb > index 5928581312..9f66736b29 100644 > --- a/meta-oe/recipes-support/libssh/libssh_0.11.3.bb > +++ b/meta-oe/recipes-support/libssh/libssh_0.11.3.bb > @@ -9,6 +9,7 @@ DEPENDS = "zlib openssl" > SRC_URI = > "git://git.libssh.org/projects/libssh.git;protocol=https;branch=stable-0.11;tag=${BPN}-${PV} > \ > > file://0001-tests-CMakeLists.txt-do-not-search-ssh-sshd-commands.patch \ > file://run-ptest \ > + file://CVE-2026-3731.patch \ > " > > SRC_URI:append:toolchain-clang = " > file://0001-CompilerChecks.cmake-drop-Wunused-variable-flag.patch" > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#125028): https://lists.openembedded.org/g/openembedded-devel/message/125028 Mute This Topic: https://lists.openembedded.org/mt/118239463/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
