summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-01-22 08:38:52 (GMT)
committerTudor Florea <tudor.florea@enea.com>2016-01-22 17:14:11 (GMT)
commitc6d12aaaa21048373b280cff9d3dfc0082a025eb (patch)
tree7f571d3d83561fbfc4061109cdd26ccfbaac30f6
parent36009b0af396f7a0920d5508e67cf58ff955478e (diff)
downloadpoky-c6d12aaaa21048373b280cff9d3dfc0082a025eb.tar.gz
openssh: CVE-2016-0777 and CVE-2016-0778
Fixes following CVEs: CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming connection feature CVE-2016-0778 OpenSSH: Client buffer-overflow when using roaming connections References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778 Backported from: http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch/ ?id=9845a542a76156adb5aef6fd33ad5bc5777acf64 Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--meta/recipes-connectivity/openssh/openssh/CVE-2016-0777_CVE-2016-0778.patch56
-rw-r--r--meta/recipes-connectivity/openssh/openssh_6.6p1.bb4
2 files changed, 59 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-0777_CVE-2016-0778.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-0777_CVE-2016-0778.patch
new file mode 100644
index 0000000..4cc462d
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2016-0777_CVE-2016-0778.patch
@@ -0,0 +1,56 @@
1From e6c85f8889c5c9eb04796fdb76d2807636b9eef5 Mon Sep 17 00:00:00 2001
2From: Damien Miller <djm@mindrot.org>
3Date: Fri, 15 Jan 2016 01:30:36 +1100
4Subject: [PATCH] forcibly disable roaming support in the client
5
6
7Upstream-Status: Backport
8CVE: CVE-2016-0777
9CVE: CVE-2016-0778
10
11[Yocto #8935]
12
13Signed-off-by: Armin Kuster <akuster@mvista.com>
14
15---
16 readconf.c | 5 ++---
17 ssh.c | 3 ---
18 2 files changed, 2 insertions(+), 6 deletions(-)
19
20Index: openssh-6.7p1/readconf.c
21===================================================================
22--- openssh-6.7p1.orig/readconf.c
23+++ openssh-6.7p1/readconf.c
24@@ -1597,7 +1597,7 @@ initialize_options(Options * options)
25 options->tun_remote = -1;
26 options->local_command = NULL;
27 options->permit_local_command = -1;
28- options->use_roaming = -1;
29+ options->use_roaming = 0;
30 options->visual_host_key = -1;
31 options->ip_qos_interactive = -1;
32 options->ip_qos_bulk = -1;
33@@ -1768,8 +1768,7 @@ fill_default_options(Options * options)
34 options->tun_remote = SSH_TUNID_ANY;
35 if (options->permit_local_command == -1)
36 options->permit_local_command = 0;
37- if (options->use_roaming == -1)
38- options->use_roaming = 1;
39+ options->use_roaming = 0;
40 if (options->visual_host_key == -1)
41 options->visual_host_key = 0;
42 if (options->ip_qos_interactive == -1)
43Index: openssh-6.7p1/ssh.c
44===================================================================
45--- openssh-6.7p1.orig/ssh.c
46+++ openssh-6.7p1/ssh.c
47@@ -1800,9 +1800,6 @@ ssh_session2(void)
48 fork_postauth();
49 }
50
51- if (options.use_roaming)
52- request_roaming();
53-
54 return client_loop(tty_flag, tty_flag ?
55 options.escape_char : SSH_ESCAPECHAR_NONE, id);
56 }
diff --git a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
index 3807583..0ce84aa 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
@@ -26,7 +26,9 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
26 file://openssh-CVE-2014-2532.patch \ 26 file://openssh-CVE-2014-2532.patch \
27 file://openssh-CVE-2014-2653.patch \ 27 file://openssh-CVE-2014-2653.patch \
28 file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch \ 28 file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch \
29 file://openssh-ptest-fix-sshconnect.patch" 29 file://openssh-ptest-fix-sshconnect.patch \
30 file://CVE-2016-0777_CVE-2016-0778.patch \
31 "
30 32
31PAM_SRC_URI = "file://sshd" 33PAM_SRC_URI = "file://sshd"
32 34