From 972dcfcdbfe75dcfeb777150c136576cf1a71e99 Mon Sep 17 00:00:00 2001
From: Tudor Florea <tudor.florea@enea.com>
Date: Fri, 9 Oct 2015 22:59:03 +0200
Subject: initial commit for Enea Linux 5.0 arm

Signed-off-by: Tudor Florea <tudor.florea@enea.com>
---
 .../openssh/openssh/openssh-CVE-2014-2532.patch    | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch

(limited to 'meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch')

diff --git a/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch
new file mode 100644
index 0000000000..3deaf3f0e9
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/openssh-CVE-2014-2532.patch
@@ -0,0 +1,22 @@
+Upstream-Status: Backport
+
+Fix for CVE-2014-2532
+
+Backported from openssh-6.6p1.tar.gz
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+--- a/session.c
++++ b/session.c
+@@ -955,6 +955,11 @@
+ 	u_int envsize;
+ 	u_int i, namelen;
+ 
++	if (strchr(name, '=') != NULL) {
++		error("Invalid environment variable \"%.100s\"", name);
++		return;
++	}
++
+ 	/*
+ 	 * If we're passed an uninitialized list, allocate a single null
+ 	 * entry before continuing.
-- 
cgit v1.2.3-54-g00ecf