On Sun, 2016-01-17 at 21:26 -0800, Armin Kuster wrote: > From: Armin Kuster <[email protected]> > > this address two CVE's. > CVE-2016-0777 and CVE-2016-0778
Thank you, this is pushed to my joshuagl/fido-next branch. Regards, Joshua > > Signed-off-by: Armin Kuster <[email protected]> > --- > .../openssh/openssh/CVE-2016-077x.patch | 56 > ++++++++++++++++++++++ > meta/recipes-connectivity/openssh/openssh_6.7p1.bb | 1 + > 2 files changed, 57 insertions(+) > create mode 100644 meta/recipes-connectivity/openssh/openssh/CVE- > 2016-077x.patch > > diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2016- > 077x.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2016- > 077x.patch > new file mode 100644 > index 0000000..4cc462d > --- /dev/null > +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2016-077x.patch > @@ -0,0 +1,56 @@ > +From e6c85f8889c5c9eb04796fdb76d2807636b9eef5 Mon Sep 17 00:00:00 > 2001 > +From: Damien Miller <[email protected]> > +Date: Fri, 15 Jan 2016 01:30:36 +1100 > +Subject: [PATCH] forcibly disable roaming support in the client > + > + > +Upstream-Status: Backport > +CVE: CVE-2016-0777 > +CVE: CVE-2016-0778 > + > +[Yocto #8935] > + > +Signed-off-by: Armin Kuster <[email protected]> > + > +--- > + readconf.c | 5 ++--- > + ssh.c | 3 --- > + 2 files changed, 2 insertions(+), 6 deletions(-) > + > +Index: openssh-6.7p1/readconf.c > +=================================================================== > +--- openssh-6.7p1.orig/readconf.c > ++++ openssh-6.7p1/readconf.c > +@@ -1597,7 +1597,7 @@ initialize_options(Options * options) > + options->tun_remote = -1; > + options->local_command = NULL; > + options->permit_local_command = -1; > +- options->use_roaming = -1; > ++ options->use_roaming = 0; > + options->visual_host_key = -1; > + options->ip_qos_interactive = -1; > + options->ip_qos_bulk = -1; > +@@ -1768,8 +1768,7 @@ fill_default_options(Options * options) > + options->tun_remote = SSH_TUNID_ANY; > + if (options->permit_local_command == -1) > + options->permit_local_command = 0; > +- if (options->use_roaming == -1) > +- options->use_roaming = 1; > ++ options->use_roaming = 0; > + if (options->visual_host_key == -1) > + options->visual_host_key = 0; > + if (options->ip_qos_interactive == -1) > +Index: openssh-6.7p1/ssh.c > +=================================================================== > +--- openssh-6.7p1.orig/ssh.c > ++++ openssh-6.7p1/ssh.c > +@@ -1800,9 +1800,6 @@ ssh_session2(void) > + fork_postauth(); > + } > + > +- if (options.use_roaming) > +- request_roaming(); > +- > + return client_loop(tty_flag, tty_flag ? > + options.escape_char : SSH_ESCAPECHAR_NONE, id); > + } > diff --git a/meta/recipes-connectivity/openssh/openssh_6.7p1.bb > b/meta/recipes-connectivity/openssh/openssh_6.7p1.bb > index 9246284..700bf7f 100644 > --- a/meta/recipes-connectivity/openssh/openssh_6.7p1.bb > +++ b/meta/recipes-connectivity/openssh/openssh_6.7p1.bb > @@ -26,6 +26,7 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSS > H/portable/openssh-${PV}.tar. > file://CVE-2015-6564.patch \ > file://CVE-2015-6565.patch \ > file://CVE-2015-5600.patch \ > + file://CVE-2016-077x.patch \ > " > > PAM_SRC_URI = "file://sshd" > -- > 1.9.1 > -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
