Accepting request 353717 from home:AndreasStieger:branches:network

Security update for OpenSSH CVE-2016-0777, bsc#961642, CVE-2016-0778, bsc#961645 https://lists.mindrot.org/pipermail/openssh-unix-announce/2016-January/000124.html OBS-URL: https://build.opensuse.org/request/show/353717 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=93
2016-01-14 16:36:52 +00:00 · 2016-01-14 16:36:52 +00:00 · 1c5ff2cc6c
commit 1c5ff2cc6c
parent d9f8a6a210
4 changed files with 45 additions and 2 deletions
--- a/CVE-2016-0777_CVE-2016-0778.patch
+++ b/CVE-2016-0777_CVE-2016-0778.patch
@ -0,0 +1,34 @@
+References: https://lists.mindrot.org/pipermail/openssh-unix-announce/2016-January/000124.html https://bugzilla.suse.com/show_bug.cgi?id=961645 https://bugzilla.suse.com/show_bug.cgi?id=961642
+--- readconf.c	30 Jul 2015 00:01:34 -0000	1.239
+++ readconf.c	13 Jan 2016 23:17:23 -0000
+@@ -1648,7 +1648,7 @@ initialize_options(Options * options)
+ 	options->tun_remote = -1;
+ 	options->local_command = NULL;
+ 	options->permit_local_command = -1;
+-	options->use_roaming = -1;
+	options->use_roaming = 0;
+ 	options->visual_host_key = -1;
+ 	options->ip_qos_interactive = -1;
+ 	options->ip_qos_bulk = -1;
+@@ -1819,8 +1819,7 @@ fill_default_options(Options * options)
+ 		options->tun_remote = SSH_TUNID_ANY;
+ 	if (options->permit_local_command == -1)
+ 		options->permit_local_command = 0;
+-	if (options->use_roaming == -1)
+-		options->use_roaming = 1;
+	options->use_roaming = 0;
+ 	if (options->visual_host_key == -1)
+ 		options->visual_host_key = 0;
+ 	if (options->ip_qos_interactive == -1)
+--- ssh.c	30 Jul 2015 00:01:34 -0000	1.420
+++ ssh.c	13 Jan 2016 23:17:23 -0000
+@@ -1882,9 +1882,6 @@ ssh_session2(void)
+ 			fork_postauth();
+ 	}
+ 
+-	if (options.use_roaming)
+-		request_roaming();
+-
+ 	return client_loop(tty_flag, tty_flag ?
+ 	    options.escape_char : SSH_ESCAPECHAR_NONE, id);
+ }
--- a/openssh-askpass-gnome.spec
+++ b/openssh-askpass-gnome.spec
@ -1,7 +1,7 @@
 #
 # spec file for package openssh-askpass-gnome
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
--- a/openssh.changes
+++ b/openssh.changes
@ -1,3 +1,10 @@
+-------------------------------------------------------------------
+Thu Jan 14 15:35:55 UTC 2016 - astieger@suse.com
+
+- CVE-2016-0777, bsc#961642, CVE-2016-0778, bsc#961645
+  Add CVE-2016-0777_CVE-2016-0778.patch to disable the roaming code
+  to prevent information leak and buffer overflow
+
 -------------------------------------------------------------------
 Mon Jan 12 10:35:12 UTC 2015 - meissner@suse.com

--- a/openssh.spec
+++ b/openssh.spec
@ -1,7 +1,7 @@
 #
 # spec file for package openssh
 #
-# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -152,6 +152,7 @@ Patch36:        openssh-6.6p1-seccomp_getuid.patch
 Patch37:        openssh-6.6p1-X_forward_with_disabled_ipv6.patch
 Patch38:        openssh-6.6p1-fips-checks.patch
 Patch39:        openssh-6.6p1-ldap.patch
+Patch40:        CVE-2016-0777_CVE-2016-0778.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build

 %description
@ -227,6 +228,7 @@ cryptomodule.
 %patch37 -p2
 %patch38 -p2
 %patch39 -p2
+%patch40 -p0
 cp %{SOURCE3} %{SOURCE4} .

 %build