1 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch
new file mode 100644
index 0000000000..19cea410dc
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch
@@ -0,0 +1,36 @@
+CVE-2015-6563
+Don't resend username to PAM; it already has it. 
+Pointed out by Moritz Jodeit; ok dtucker@
+Upstream-Status: Backport
+https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: openssh-6.7p1/monitor.c
+===================================================================
+--- openssh-6.7p1.orig/monitor.c
+++ openssh-6.7p1/monitor.c
+@@ -1046,9 +1046,7 @@ extern KbdintDevice sshpam_device;
+ int
+ mm_answer_pam_init_ctx(int sock, Buffer *m)
+ {
+-
+        debug3("%s", __func__);
+-       authctxt->user = buffer_get_string(m, NULL);
+        sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
+        sshpam_authok = NULL;
+        buffer_clear(m);
+Index: openssh-6.7p1/monitor_wrap.c
+===================================================================
+--- openssh-6.7p1.orig/monitor_wrap.c
+++ openssh-6.7p1/monitor_wrap.c
+@@ -826,7 +826,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt)
+ 
+        debug3("%s", __func__);
+        buffer_init(&m);
+-       buffer_put_cstring(&m, authctxt->user);
+        mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
+        debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
+        mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch new file mode 100644 index 0000000000..19cea410dc --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6563.patch
@@ -0,0 +1,36 @@
	1	CVE-2015-6563
	2
	3	Don't resend username to PAM; it already has it.
	4	Pointed out by Moritz Jodeit; ok dtucker@
	5
	6	Upstream-Status: Backport
	7	https://github.com/openssh/openssh-portable/commit/d4697fe9a28dab7255c60433e4dd23cf7fce8a8b
	8
	9	Signed-off-by: Armin Kuster <akuster@mvista.com>
	10
	11	Index: openssh-6.7p1/monitor.c
	12	===================================================================
	13	--- openssh-6.7p1.orig/monitor.c
	14	+++ openssh-6.7p1/monitor.c
	15	@@ -1046,9 +1046,7 @@ extern KbdintDevice sshpam_device;
	16	int
	17	mm_answer_pam_init_ctx(int sock, Buffer *m)
	18	{
	19	-
	20	debug3("%s", __func__);
	21	- authctxt->user = buffer_get_string(m, NULL);
	22	sshpam_ctxt = (sshpam_device.init_ctx)(authctxt);
	23	sshpam_authok = NULL;
	24	buffer_clear(m);
	25	Index: openssh-6.7p1/monitor_wrap.c
	26	===================================================================
	27	--- openssh-6.7p1.orig/monitor_wrap.c
	28	+++ openssh-6.7p1/monitor_wrap.c
	29	@@ -826,7 +826,6 @@ mm_sshpam_init_ctx(Authctxt *authctxt)
	30
	31	debug3("%s", __func__);
	32	buffer_init(&m);
	33	- buffer_put_cstring(&m, authctxt->user);
	34	mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_PAM_INIT_CTX, &m);
	35	debug3("%s: waiting for MONITOR_ANS_PAM_INIT_CTX", __func__);
	36	mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_PAM_INIT_CTX, &m);