Skip to content

Commit

Permalink
[baseimage]: Update openssh to 1:8.4p1-5+deb11u2 (sonic-net#16826)
Browse files Browse the repository at this point in the history 
Openssh in Debian Bullseye has been updated to 1:8.4p1-5+deb11u2 to fix CVE-2023-38408. 
Since we're building openssh with some patches, we need to update our version as well.

Signed-off-by: Saikrishna Arcot <[email protected]>
  • Loading branch information
@saiarcot895
saiarcot895 authored Oct 11, 2023
1 parent 61683d9 commit 469aed2
Show file tree
Hide file tree
Showing 3 changed files with 13 additions and 3 deletions.
2 changes: 1 addition & 1 deletion files/build_templates/sonic_debian_extension.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -359,7 +359,7 @@ sudo chmod 755 $FILESYSTEM_ROOT/usr/bin/restart_service
sudo LANG=C DEBIAN_FRONTEND=noninteractive chroot $FILESYSTEM_ROOT apt-get -y install smartmontools=7.2-1

# Install custom-built openssh sshd
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_${OPENSSH_VERSION}_*.deb
sudo dpkg --root=$FILESYSTEM_ROOT -i $debs_path/openssh-server_${OPENSSH_VERSION}_*.deb $debs_path/openssh-client_${OPENSSH_VERSION}_*.deb $debs_path/openssh-sftp-server_${OPENSSH_VERSION}_*.deb

{% if sonic_asic_platform == 'broadcom' %}
# Install custom-built flashrom
Expand Down
8 changes: 7 additions & 1 deletion rules/openssh.mk
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# openssh package

OPENSSH_VERSION = 8.4p1-5+deb11u1
OPENSSH_VERSION = 8.4p1-5+deb11u2

export OPENSSH_VERSION

Expand All @@ -9,6 +9,12 @@ $(OPENSSH_SERVER)_SRC_PATH = $(SRC_PATH)/openssh
$(OPENSSH_SERVER)_DEPENDS += $(LIBNL3_DEV) $(LIBNL_ROUTE3_DEV)
SONIC_MAKE_DEBS += $(OPENSSH_SERVER)

OPENSSH_CLIENT = openssh-client_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
#$(eval $(call add_derived_package,$(OPENSSH_SERVER),$(OPENSSH_CLIENT)))

OPENSSH_SFTP_SERVER = openssh-sftp-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
#$(eval $(call add_derived_package,$(OPENSSH_SERVER),$(OPENSSH_SFTP_SERVER)))

# The .c, .cpp, .h & .hpp files under src/{$DBG_SRC_ARCHIVE list}
# are archived into debug one image to facilitate debugging.
#
Expand Down
6 changes: 5 additions & 1 deletion src/openssh/Makefile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,11 @@ SHELL = /bin/bash
.SHELLFLAGS += -e

MAIN_TARGET = openssh-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
DERIVED_TARGETS = openssh-server-dbgsym_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb
DERIVED_TARGETS = openssh-server-dbgsym_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb \
openssh-client_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb \
openssh-client-dbgsym_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb \
openssh-sftp-server_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb \
openssh-sftp-server-dbgsym_$(OPENSSH_VERSION)_$(CONFIGURED_ARCH).deb

$(addprefix $(DEST)/, $(MAIN_TARGET)): $(DEST)/% :
# Obtain openssh: https://salsa.debian.org/ssh-team/openssh/-/tree/debian/1%258.4p1-5
Expand Down

0 comments on commit 469aed2

Please sign in to comment.