2 files changed, 29 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch
new file mode 100644
index 0000000000..8489edcc82
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch
@@ -0,0 +1,27 @@
+openssh-CVE-2011-4327
+A security flaw was found in the way ssh-keysign,
+a ssh helper program for host based authentication,
+attempted to retrieve enough entropy information on configurations that
+lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
+be executed to retrieve the entropy from the system environment).
+A local attacker could use this flaw to obtain unauthorized access to host keys
+via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
+https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
+http://www.openssh.com/txt/portable-keysign-rand-helper.adv
+Signed-off-by: Li Wang <li.wang@windriver.com>
+--- a/ssh-keysign.c
+++ b/ssh-keysign.c
+@@ -170,6 +170,10 @@
+        key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
+        key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
+        key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
+       if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 ||
+           fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 ||
+           fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0)
+               fatal("fcntl failed");
+ 
+        original_real_uid = getuid();   /* XXX readconf.c needs this */
+        if ((pw = getpwuid(original_real_uid)) == NULL)
diff --git a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
index 31202d4284..df77040099 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
@@ -7,7 +7,7 @@ SECTION = "console/network"
 LICENSE = "BSD"
 LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
-PR = "r3"
+PR = "r4"
 DEPENDS = "zlib openssl"
 DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
@@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
           file://sshd_config \
           file://ssh_config \
           file://init \
+           file://openssh-CVE-2011-4327.patch \
           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
 PAM_SRC_URI = "file://sshd"

diff --git a/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch new file mode 100644 index 0000000000..8489edcc82 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh-6.0p1/openssh-CVE-2011-4327.patch
@@ -0,0 +1,27 @@
		1	openssh-CVE-2011-4327
		2
		3	A security flaw was found in the way ssh-keysign,
		4	a ssh helper program for host based authentication,
		5	attempted to retrieve enough entropy information on configurations that
		6	lacked a built-in entropy pool in OpenSSL (a ssh-rand-helper program would
		7	be executed to retrieve the entropy from the system environment).
		8	A local attacker could use this flaw to obtain unauthorized access to host keys
		9	via ptrace(2) process trace attached to the 'ssh-rand-helper' program.
		10
		11	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4327
		12	http://www.openssh.com/txt/portable-keysign-rand-helper.adv
		13
		14	Signed-off-by: Li Wang <li.wang@windriver.com>
		15	--- a/ssh-keysign.c
		16	+++ b/ssh-keysign.c
		17	@@ -170,6 +170,10 @@
		18	key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
		19	key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
		20	key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
		21	+ if (fcntl(key_fd[0], F_SETFD, FD_CLOEXEC) != 0 \|\|
		22	+ fcntl(key_fd[1], F_SETFD, FD_CLOEXEC) != 0 \|\|
		23	+ fcntl(key_fd[2], F_SETFD, FD_CLOEXEC) != 0)
		24	+ fatal("fcntl failed");
		25
		26	original_real_uid = getuid(); /* XXX readconf.c needs this */
		27	if ((pw = getpwuid(original_real_uid)) == NULL)


diff --git a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb index 31202d4284..df77040099 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
@@ -7,7 +7,7 @@ SECTION = "console/network"
7	LICENSE = "BSD"	7	LICENSE = "BSD"
8	LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"	8	LIC_FILES_CHKSUM = "file://LICENCE;md5=e326045657e842541d3f35aada442507"
9		9
10	PR = "r3"	10	PR = "r4"
11		11
12	DEPENDS = "zlib openssl"	12	DEPENDS = "zlib openssl"
13	DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"	13	DEPENDS += "${@base_contains('DISTRO_FEATURES', 'pam', 'libpam', '', d)}"
@@ -23,6 +23,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
23	file://sshd_config \	23	file://sshd_config \
24	file://ssh_config \	24	file://ssh_config \
25	file://init \	25	file://init \
		26	file://openssh-CVE-2011-4327.patch \
26	${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"	27	${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
27		28
28	PAM_SRC_URI = "file://sshd"	29	PAM_SRC_URI = "file://sshd"