2 files changed, 45 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch
new file mode 100644
index 0000000000..72fc0073e8
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch
@@ -0,0 +1,44 @@
+From fc86875e6acb36401dfc1dfb6b628a9d1460f367 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 9 Apr 2025 07:00:03 +0000
+Subject: [PATCH] upstream: Fix logic error in DisableForwarding option. This
+ option
+was documented as disabling X11 and agent forwarding but it failed to do so.
+Spotted by Tim Rice.
+OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367]
+CVE: CVE-2025-32728
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
+---
+ session.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+diff --git a/session.c b/session.c
+index aa342e8..eb932b8 100644
+--- a/session.c
+++ b/session.c
+@@ -2191,7 +2191,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
+        if ((r = sshpkt_get_end(ssh)) != 0)
+                sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
+        if (!auth_opts->permit_agent_forwarding_flag ||
+-           !options.allow_agent_forwarding) {
+           !options.allow_agent_forwarding ||
+           options.disable_forwarding) {
+                debug_f("agent forwarding disabled");
+                return 0;
+        }
+@@ -2586,7 +2587,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
+                ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
+                return 0;
+        }
+-       if (!options.x11_forwarding) {
+       if (!options.x11_forwarding || options.disable_forwarding) {
+                debug("X11 forwarding disabled in server configuration file.");
+                return 0;
+        }
+-- 
+2.25.1
diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
index 6ae4c81a42..afcd50c7e6 100644
--- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
@@ -31,6 +31,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
           file://0001-Fix-missing-header-for-systemd-notification.patch \
           file://CVE-2025-26466.patch \
           file://CVE-2025-26465.patch \
+           file://CVE-2025-32728.patch \
           "
 SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"

diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch new file mode 100644 index 0000000000..72fc0073e8 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch
@@ -0,0 +1,44 @@
		1	From fc86875e6acb36401dfc1dfb6b628a9d1460f367 Mon Sep 17 00:00:00 2001
		2	From: "djm@openbsd.org" <djm@openbsd.org>
		3	Date: Wed, 9 Apr 2025 07:00:03 +0000
		4	Subject: [PATCH] upstream: Fix logic error in DisableForwarding option. This
		5	option
		6
		7	was documented as disabling X11 and agent forwarding but it failed to do so.
		8	Spotted by Tim Rice.
		9
		10	OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1
		11
		12	Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367]
		13	CVE: CVE-2025-32728
		14	Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
		15	---
		16	session.c \| 5 +++--
		17	1 file changed, 3 insertions(+), 2 deletions(-)
		18
		19	diff --git a/session.c b/session.c
		20	index aa342e8..eb932b8 100644
		21	--- a/session.c
		22	+++ b/session.c
		23	@@ -2191,7 +2191,8 @@ session_auth_agent_req(struct ssh ssh, Session s)
		24	if ((r = sshpkt_get_end(ssh)) != 0)
		25	sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
		26	if (!auth_opts->permit_agent_forwarding_flag \|\|
		27	- !options.allow_agent_forwarding) {
		28	+ !options.allow_agent_forwarding \|\|
		29	+ options.disable_forwarding) {
		30	debug_f("agent forwarding disabled");
		31	return 0;
		32	}
		33	@@ -2586,7 +2587,7 @@ session_setup_x11fwd(struct ssh ssh, Session s)
		34	ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
		35	return 0;
		36	}
		37	- if (!options.x11_forwarding) {
		38	+ if (!options.x11_forwarding \|\| options.disable_forwarding) {
		39	debug("X11 forwarding disabled in server configuration file.");
		40	return 0;
		41	}
		42	--
		43	2.25.1
		44


diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb index 6ae4c81a42..afcd50c7e6 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb
@@ -31,6 +31,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
31	file://0001-Fix-missing-header-for-systemd-notification.patch \	31	file://0001-Fix-missing-header-for-systemd-notification.patch \
32	file://CVE-2025-26466.patch \	32	file://CVE-2025-26466.patch \
33	file://CVE-2025-26465.patch \	33	file://CVE-2025-26465.patch \
		34	file://CVE-2025-32728.patch \
34	"	35	"
35	SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"	36	SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"
36		37