Hello community, here is the log from the commit of package openssh for openSUSE:Factory checked in at 2016-01-16 11:55:44 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssh (Old) and /work/SRC/openSUSE:Factory/.openssh.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh" Changes: -------- --- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2015-01-23 16:19:15.000000000 +0100 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh.changes 2016-01-16 11:55:46.000000000 +0100 @@ -1,0 +2,7 @@ +Thu Jan 14 15:35:55 UTC 2016 - [email protected] + +- CVE-2016-0777, bsc#961642, CVE-2016-0778, bsc#961645 + Add CVE-2016-0777_CVE-2016-0778.patch to disable the roaming code + to prevent information leak and buffer overflow + +------------------------------------------------------------------- New: ---- CVE-2016-0777_CVE-2016-0778.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh-askpass-gnome.spec ++++++ --- /var/tmp/diff_new_pack.nV3xOh/_old 2016-01-16 11:55:48.000000000 +0100 +++ /var/tmp/diff_new_pack.nV3xOh/_new 2016-01-16 11:55:48.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssh-askpass-gnome # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.nV3xOh/_old 2016-01-16 11:55:48.000000000 +0100 +++ /var/tmp/diff_new_pack.nV3xOh/_new 2016-01-16 11:55:48.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package openssh # -# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -152,6 +152,7 @@ Patch37: openssh-6.6p1-X_forward_with_disabled_ipv6.patch Patch38: openssh-6.6p1-fips-checks.patch Patch39: openssh-6.6p1-ldap.patch +Patch40: CVE-2016-0777_CVE-2016-0778.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -227,6 +228,7 @@ %patch37 -p2 %patch38 -p2 %patch39 -p2 +%patch40 -p0 cp %{SOURCE3} %{SOURCE4} . %build ++++++ CVE-2016-0777_CVE-2016-0778.patch ++++++ References: https://lists.mindrot.org/pipermail/openssh-unix-announce/2016-January/000124.html https://bugzilla.suse.com/show_bug.cgi?id=961645 https://bugzilla.suse.com/show_bug.cgi?id=961642 --- readconf.c 30 Jul 2015 00:01:34 -0000 1.239 +++ readconf.c 13 Jan 2016 23:17:23 -0000 @@ -1648,7 +1648,7 @@ initialize_options(Options * options) options->tun_remote = -1; options->local_command = NULL; options->permit_local_command = -1; - options->use_roaming = -1; + options->use_roaming = 0; options->visual_host_key = -1; options->ip_qos_interactive = -1; options->ip_qos_bulk = -1; @@ -1819,8 +1819,7 @@ fill_default_options(Options * options) options->tun_remote = SSH_TUNID_ANY; if (options->permit_local_command == -1) options->permit_local_command = 0; - if (options->use_roaming == -1) - options->use_roaming = 1; + options->use_roaming = 0; if (options->visual_host_key == -1) options->visual_host_key = 0; if (options->ip_qos_interactive == -1) --- ssh.c 30 Jul 2015 00:01:34 -0000 1.420 +++ ssh.c 13 Jan 2016 23:17:23 -0000 @@ -1882,9 +1882,6 @@ ssh_session2(void) fork_postauth(); } - if (options.use_roaming) - request_roaming(); - return client_loop(tty_flag, tty_flag ? options.escape_char : SSH_ESCAPECHAR_NONE, id); }
