diff options
Diffstat (limited to 'meta/recipes-connectivity')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2016-077x.patch | 56 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_6.7p1.bb | 1 |
2 files changed, 57 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016-077x.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016-077x.patch new file mode 100644 index 0000000000..4cc462d277 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2016-077x.patch | |||
@@ -0,0 +1,56 @@ | |||
1 | From e6c85f8889c5c9eb04796fdb76d2807636b9eef5 Mon Sep 17 00:00:00 2001 | ||
2 | From: Damien Miller <djm@mindrot.org> | ||
3 | Date: Fri, 15 Jan 2016 01:30:36 +1100 | ||
4 | Subject: [PATCH] forcibly disable roaming support in the client | ||
5 | |||
6 | |||
7 | Upstream-Status: Backport | ||
8 | CVE: CVE-2016-0777 | ||
9 | CVE: CVE-2016-0778 | ||
10 | |||
11 | [Yocto #8935] | ||
12 | |||
13 | Signed-off-by: Armin Kuster <akuster@mvista.com> | ||
14 | |||
15 | --- | ||
16 | readconf.c | 5 ++--- | ||
17 | ssh.c | 3 --- | ||
18 | 2 files changed, 2 insertions(+), 6 deletions(-) | ||
19 | |||
20 | Index: openssh-6.7p1/readconf.c | ||
21 | =================================================================== | ||
22 | --- openssh-6.7p1.orig/readconf.c | ||
23 | +++ openssh-6.7p1/readconf.c | ||
24 | @@ -1597,7 +1597,7 @@ initialize_options(Options * options) | ||
25 | options->tun_remote = -1; | ||
26 | options->local_command = NULL; | ||
27 | options->permit_local_command = -1; | ||
28 | - options->use_roaming = -1; | ||
29 | + options->use_roaming = 0; | ||
30 | options->visual_host_key = -1; | ||
31 | options->ip_qos_interactive = -1; | ||
32 | options->ip_qos_bulk = -1; | ||
33 | @@ -1768,8 +1768,7 @@ fill_default_options(Options * options) | ||
34 | options->tun_remote = SSH_TUNID_ANY; | ||
35 | if (options->permit_local_command == -1) | ||
36 | options->permit_local_command = 0; | ||
37 | - if (options->use_roaming == -1) | ||
38 | - options->use_roaming = 1; | ||
39 | + options->use_roaming = 0; | ||
40 | if (options->visual_host_key == -1) | ||
41 | options->visual_host_key = 0; | ||
42 | if (options->ip_qos_interactive == -1) | ||
43 | Index: openssh-6.7p1/ssh.c | ||
44 | =================================================================== | ||
45 | --- openssh-6.7p1.orig/ssh.c | ||
46 | +++ openssh-6.7p1/ssh.c | ||
47 | @@ -1800,9 +1800,6 @@ ssh_session2(void) | ||
48 | fork_postauth(); | ||
49 | } | ||
50 | |||
51 | - if (options.use_roaming) | ||
52 | - request_roaming(); | ||
53 | - | ||
54 | return client_loop(tty_flag, tty_flag ? | ||
55 | options.escape_char : SSH_ESCAPECHAR_NONE, id); | ||
56 | } | ||
diff --git a/meta/recipes-connectivity/openssh/openssh_6.7p1.bb b/meta/recipes-connectivity/openssh/openssh_6.7p1.bb index 9246284d14..700bf7f33d 100644 --- a/meta/recipes-connectivity/openssh/openssh_6.7p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_6.7p1.bb | |||
@@ -26,6 +26,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar. | |||
26 | file://CVE-2015-6564.patch \ | 26 | file://CVE-2015-6564.patch \ |
27 | file://CVE-2015-6565.patch \ | 27 | file://CVE-2015-6565.patch \ |
28 | file://CVE-2015-5600.patch \ | 28 | file://CVE-2015-5600.patch \ |
29 | file://CVE-2016-077x.patch \ | ||
29 | " | 30 | " |
30 | 31 | ||
31 | PAM_SRC_URI = "file://sshd" | 32 | PAM_SRC_URI = "file://sshd" |