dropbear: fix multiple CVEs

CVE-2016-7406 CVE-2016-7407 CVE-2016-7408 CVE-2016-7409 References: https://matt.ucc.asn.au/dropbear/CHANGES http://seclists.org/oss-sec/2016/q3/504 [YOCTO #10443] (From OE-Core rev: cca372506522c1d588f9ebc66c6051089743d2a9) Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Sona Sarmadi <sona.sarmadi@enea.com> 2016-11-02 10:52:11 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2016-11-08 23:47:13 +0000
commit: c4061a0a689fd3f4e3fb5d5dd6357dc542973d45 (patch)
tree: 55fa2e594e075f6de399f519211a31e6e7bcf23a /meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch
parent: 6962ee368906e096cf2df3031ca5142117e7c52a (diff)
download: poky-c4061a0a689fd3f4e3fb5d5dd6357dc542973d45.tar.gz
1 files changed, 27 insertions, 0 deletions
diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch b/meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch
new file mode 100644
index 0000000000..1475475b4d
--- /dev/null
+++ b/meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch
@@ -0,0 +1,27 @@
+# HG changeset patch
+# User Matt Johnston <matt@ucc.asn.au>
+# Date 1468245085 -28800
+# Node ID 6a14b1f6dc04e70933c49ea335184e68c1deeb94
+# Parent  309e1c4a87682b6ca7d80b8555a1db416c3cb7ac
+better TRACE of failed remote ident
+CVE: CVE-2016-7409
+Upstream-Status: Backport [backported from:
+https://secure.ucc.asn.au/hg/dropbear/raw-rev/6a14b1f6dc04]
+Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
+diff -r 309e1c4a8768 -r 6a14b1f6dc04 common-session.c
+--- a/common-session.c  Fri Mar 18 22:44:36 2016 +0800
+++ b/common-session.c  Mon Jul 11 21:51:25 2016 +0800
+@@ -361,7 +361,7 @@
+        }
+ 
+        if (!done) {
+-               TRACE(("err: %s for '%s'\n", strerror(errno), linebuf))
+               TRACE(("error reading remote ident: %s\n", strerror(errno)))
+                ses.remoteclosed();
+        } else {
+                /* linebuf is already null terminated */
author	Sona Sarmadi <sona.sarmadi@enea.com>	2016-11-02 10:52:11 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2016-11-08 23:47:13 +0000
commit	c4061a0a689fd3f4e3fb5d5dd6357dc542973d45 (patch)
tree	55fa2e594e075f6de399f519211a31e6e7bcf23a /meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch
parent	6962ee368906e096cf2df3031ca5142117e7c52a (diff)
download	poky-c4061a0a689fd3f4e3fb5d5dd6357dc542973d45.tar.gz

diff --git a/meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch b/meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch new file mode 100644 index 0000000000..1475475b4d --- /dev/null +++ b/meta/recipes-core/dropbear/dropbear/CVE-2016-7409.patch
@@ -0,0 +1,27 @@
	1
	2	# HG changeset patch
	3	# User Matt Johnston <matt@ucc.asn.au>
	4	# Date 1468245085 -28800
	5	# Node ID 6a14b1f6dc04e70933c49ea335184e68c1deeb94
	6	# Parent 309e1c4a87682b6ca7d80b8555a1db416c3cb7ac
	7	better TRACE of failed remote ident
	8
	9	CVE: CVE-2016-7409
	10	Upstream-Status: Backport [backported from:
	11	https://secure.ucc.asn.au/hg/dropbear/raw-rev/6a14b1f6dc04]
	12
	13	Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
	14
	15	diff -r 309e1c4a8768 -r 6a14b1f6dc04 common-session.c
	16	--- a/common-session.c Fri Mar 18 22:44:36 2016 +0800
	17	+++ b/common-session.c Mon Jul 11 21:51:25 2016 +0800
	18	@@ -361,7 +361,7 @@
	19	}
	20
	21	if (!done) {
	22	- TRACE(("err: %s for '%s'\n", strerror(errno), linebuf))
	23	+ TRACE(("error reading remote ident: %s\n", strerror(errno)))
	24	ses.remoteclosed();
	25	} else {
	26	/* linebuf is already null terminated */
	27