From 2cc162ac12db6f5c36e3bed96de87f12b4a6e22a Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Mon, 29 Apr 2013 15:05:23 +0100
Subject: openssh: fix CVE-2010-5107

From http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-5107:
"The default configuration of OpenSSH through 6.1 enforces a fixed time limit
between establishing a TCP connection and completing a login, which makes it
easier for remote attackers to cause a denial of service (connection-slot
exhaustion) by periodically making many new TCP connections."

Integrate patches from upstream to enable "random early drop" by default./

(From OE-Core rev: 1d4f2d5ef65135e61d78ac0db90afe7f5d166d05)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-connectivity/openssh/openssh_6.0p1.bb | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'meta/recipes-connectivity/openssh/openssh_6.0p1.bb')

diff --git a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
index 31202d4284..d1edb6ed04 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.0p1.bb
@@ -23,7 +23,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
            file://sshd_config \
            file://ssh_config \
            file://init \
-           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)}"
+           ${@base_contains('DISTRO_FEATURES', 'pam', '${PAM_SRC_URI}', '', d)} \
+           file://cve-2010-5107.patch;pnum=4"
 
 PAM_SRC_URI = "file://sshd"
 SRC_URI[md5sum] = "3c9347aa67862881c5da3f3b1c08da7b"
-- 
cgit v1.2.3-54-g00ecf