openssh: CVE-2016-0777 and CVE-2016-0778

Fixes following CVEs:

CVE-2016-0777 OpenSSH: Client Information leak due to use of roaming
connection feature
CVE-2016-0778 OpenSSH: Client buffer-overflow when using roaming
connections

References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0777
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0778

Backported from:
http://git.yoctoproject.org/cgit/cgit.cgi/poky/patch/
?id=9845a542a76156adb5aef6fd33ad5bc5777acf64

Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
Signed-off-by: Tudor Florea <tudor.florea@enea.com>

1 files changed, 3 insertions, 1 deletions

diff --git a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
index 3807583d95..0ce84aa70e 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.6p1.bb
@@ -26,7 +26,9 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
            file://openssh-CVE-2014-2532.patch \
            file://openssh-CVE-2014-2653.patch \
            file://auth2-none.c-avoid-authenticate-empty-passwords-to-m.patch \
-           file://openssh-ptest-fix-sshconnect.patch"
+           file://openssh-ptest-fix-sshconnect.patch \
+           file://CVE-2016-0777_CVE-2016-0778.patch \
+           "
 
 PAM_SRC_URI = "file://sshd"