1 files changed, 35 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch
new file mode 100644
index 0000000000..42667b05a0
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch
@@ -0,0 +1,35 @@
+CVE-2015-6565 openssh: Incorrectly set TTYs to be world-writable
+fix pty permissions; patch from Nikolay Edigaryev; ok deraadt
+Upstream-Status: Backport
+merged two changes into one.
+[1] https://anongit.mindrot.org/openssh.git/commit/sshpty.c?id=a5883d4eccb94b16c355987f58f86a7dee17a0c2
+tighten permissions on pty when the "tty" group does not exist; pointed out by Corinna Vinschen; ok markus
+[2] https://anongit.mindrot.org/openssh.git/commit/sshpty.c?id=6f941396b6835ad18018845f515b0c4fe20be21a
+fix pty permissions; patch from Nikolay Edigaryev; ok deraadt
+Signed-off-by: Armin Kuster <akuster@mvista.com>
+Index: openssh-6.7p1/sshpty.c
+===================================================================
+--- openssh-6.7p1.orig/sshpty.c
+++ openssh-6.7p1/sshpty.c
+@@ -196,13 +196,8 @@ pty_setowner(struct passwd *pw, const ch
+ 
+        /* Determine the group to make the owner of the tty. */
+        grp = getgrnam("tty");
+-       if (grp) {
+-               gid = grp->gr_gid;
+-               mode = S_IRUSR | S_IWUSR | S_IWGRP;
+-       } else {
+-               gid = pw->pw_gid;
+-               mode = S_IRUSR | S_IWUSR | S_IWGRP | S_IWOTH;
+-       }
+    gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid;
+    mode = (grp != NULL) ? 0620 : 0600;
+ 
+        /*
+         * Change owner and mode of the tty as required.

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch new file mode 100644 index 0000000000..42667b05a0 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2015-6565.patch
@@ -0,0 +1,35 @@
	1	CVE-2015-6565 openssh: Incorrectly set TTYs to be world-writable
	2
	3	fix pty permissions; patch from Nikolay Edigaryev; ok deraadt
	4
	5	Upstream-Status: Backport
	6
	7	merged two changes into one.
	8	[1] https://anongit.mindrot.org/openssh.git/commit/sshpty.c?id=a5883d4eccb94b16c355987f58f86a7dee17a0c2
	9	tighten permissions on pty when the "tty" group does not exist; pointed out by Corinna Vinschen; ok markus
	10
	11	[2] https://anongit.mindrot.org/openssh.git/commit/sshpty.c?id=6f941396b6835ad18018845f515b0c4fe20be21a
	12	fix pty permissions; patch from Nikolay Edigaryev; ok deraadt
	13
	14	Signed-off-by: Armin Kuster <akuster@mvista.com>
	15
	16	Index: openssh-6.7p1/sshpty.c
	17	===================================================================
	18	--- openssh-6.7p1.orig/sshpty.c
	19	+++ openssh-6.7p1/sshpty.c
	20	@@ -196,13 +196,8 @@ pty_setowner(struct passwd *pw, const ch
	21
	22	/* Determine the group to make the owner of the tty. */
	23	grp = getgrnam("tty");
	24	- if (grp) {
	25	- gid = grp->gr_gid;
	26	- mode = S_IRUSR \| S_IWUSR \| S_IWGRP;
	27	- } else {
	28	- gid = pw->pw_gid;
	29	- mode = S_IRUSR \| S_IWUSR \| S_IWGRP \| S_IWOTH;
	30	- }
	31	+ gid = (grp != NULL) ? grp->gr_gid : pw->pw_gid;
	32	+ mode = (grp != NULL) ? 0620 : 0600;
	33
	34	/*
	35	* Change owner and mode of the tty as required.