diff options
| author | Vijay Anusuri <vanusuri@mvista.com> | 2025-04-29 16:52:43 +0530 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2025-05-28 08:46:32 -0700 |
| commit | 0fa8a4465e1b653c102d425804fcf85d0d28977a (patch) | |
| tree | 5bfd1917896b09e7f3e1aae37db484a7c0b7f430 | |
| parent | ab9a994a8cd8e06b519a693db444030999d273b7 (diff) | |
| download | poky-0fa8a4465e1b653c102d425804fcf85d0d28977a.tar.gz | |
openssh: Fix CVE-2025-32728
Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367]
(From OE-Core rev: 68413e1413eb87254d68f30920574b0e2c766782)
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch | 44 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh_8.9p1.bb | 1 |
2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch new file mode 100644 index 0000000000..d992f78ed7 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch | |||
| @@ -0,0 +1,44 @@ | |||
| 1 | From fc86875e6acb36401dfc1dfb6b628a9d1460f367 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
| 3 | Date: Wed, 9 Apr 2025 07:00:03 +0000 | ||
| 4 | Subject: [PATCH] upstream: Fix logic error in DisableForwarding option. This | ||
| 5 | option | ||
| 6 | |||
| 7 | was documented as disabling X11 and agent forwarding but it failed to do so. | ||
| 8 | Spotted by Tim Rice. | ||
| 9 | |||
| 10 | OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1 | ||
| 11 | |||
| 12 | Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367] | ||
| 13 | CVE: CVE-2025-32728 | ||
| 14 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
| 15 | --- | ||
| 16 | session.c | 5 +++-- | ||
| 17 | 1 file changed, 3 insertions(+), 2 deletions(-) | ||
| 18 | |||
| 19 | diff --git a/session.c b/session.c | ||
| 20 | index e67d24d..625e97f 100644 | ||
| 21 | --- a/session.c | ||
| 22 | +++ b/session.c | ||
| 23 | @@ -2182,7 +2182,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s) | ||
| 24 | if ((r = sshpkt_get_end(ssh)) != 0) | ||
| 25 | sshpkt_fatal(ssh, r, "%s: parse packet", __func__); | ||
| 26 | if (!auth_opts->permit_agent_forwarding_flag || | ||
| 27 | - !options.allow_agent_forwarding) { | ||
| 28 | + !options.allow_agent_forwarding || | ||
| 29 | + options.disable_forwarding) { | ||
| 30 | debug_f("agent forwarding disabled"); | ||
| 31 | return 0; | ||
| 32 | } | ||
| 33 | @@ -2568,7 +2569,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) | ||
| 34 | ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options."); | ||
| 35 | return 0; | ||
| 36 | } | ||
| 37 | - if (!options.x11_forwarding) { | ||
| 38 | + if (!options.x11_forwarding || options.disable_forwarding) { | ||
| 39 | debug("X11 forwarding disabled in server configuration file."); | ||
| 40 | return 0; | ||
| 41 | } | ||
| 42 | -- | ||
| 43 | 2.25.1 | ||
| 44 | |||
diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb index 54b4d238eb..345051c8dc 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb | |||
| @@ -38,6 +38,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar | |||
| 38 | file://CVE-2023-51385.patch \ | 38 | file://CVE-2023-51385.patch \ |
| 39 | file://CVE-2024-6387.patch \ | 39 | file://CVE-2024-6387.patch \ |
| 40 | file://CVE-2025-26465.patch \ | 40 | file://CVE-2025-26465.patch \ |
| 41 | file://CVE-2025-32728.patch \ | ||
| 41 | " | 42 | " |
| 42 | SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7" | 43 | SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7" |
| 43 | 44 | ||