Accepting request 353717 from home:AndreasStieger:branches:network
Security update for OpenSSH CVE-2016-0777, bsc#961642, CVE-2016-0778, bsc#961645 https://lists.mindrot.org/pipermail/openssh-unix-announce/2016-January/000124.html OBS-URL: https://build.opensuse.org/request/show/353717 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=93
This commit is contained in:
parent
d9f8a6a210
commit
1c5ff2cc6c
34
CVE-2016-0777_CVE-2016-0778.patch
Normal file
34
CVE-2016-0777_CVE-2016-0778.patch
Normal file
@ -0,0 +1,34 @@
|
||||
References: https://lists.mindrot.org/pipermail/openssh-unix-announce/2016-January/000124.html https://bugzilla.suse.com/show_bug.cgi?id=961645 https://bugzilla.suse.com/show_bug.cgi?id=961642
|
||||
--- readconf.c 30 Jul 2015 00:01:34 -0000 1.239
|
||||
+++ readconf.c 13 Jan 2016 23:17:23 -0000
|
||||
@@ -1648,7 +1648,7 @@ initialize_options(Options * options)
|
||||
options->tun_remote = -1;
|
||||
options->local_command = NULL;
|
||||
options->permit_local_command = -1;
|
||||
- options->use_roaming = -1;
|
||||
+ options->use_roaming = 0;
|
||||
options->visual_host_key = -1;
|
||||
options->ip_qos_interactive = -1;
|
||||
options->ip_qos_bulk = -1;
|
||||
@@ -1819,8 +1819,7 @@ fill_default_options(Options * options)
|
||||
options->tun_remote = SSH_TUNID_ANY;
|
||||
if (options->permit_local_command == -1)
|
||||
options->permit_local_command = 0;
|
||||
- if (options->use_roaming == -1)
|
||||
- options->use_roaming = 1;
|
||||
+ options->use_roaming = 0;
|
||||
if (options->visual_host_key == -1)
|
||||
options->visual_host_key = 0;
|
||||
if (options->ip_qos_interactive == -1)
|
||||
--- ssh.c 30 Jul 2015 00:01:34 -0000 1.420
|
||||
+++ ssh.c 13 Jan 2016 23:17:23 -0000
|
||||
@@ -1882,9 +1882,6 @@ ssh_session2(void)
|
||||
fork_postauth();
|
||||
}
|
||||
|
||||
- if (options.use_roaming)
|
||||
- request_roaming();
|
||||
-
|
||||
return client_loop(tty_flag, tty_flag ?
|
||||
options.escape_char : SSH_ESCAPECHAR_NONE, id);
|
||||
}
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package openssh-askpass-gnome
|
||||
#
|
||||
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
|
@ -1,3 +1,10 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Jan 14 15:35:55 UTC 2016 - astieger@suse.com
|
||||
|
||||
- CVE-2016-0777, bsc#961642, CVE-2016-0778, bsc#961645
|
||||
Add CVE-2016-0777_CVE-2016-0778.patch to disable the roaming code
|
||||
to prevent information leak and buffer overflow
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 12 10:35:12 UTC 2015 - meissner@suse.com
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
#
|
||||
# spec file for package openssh
|
||||
#
|
||||
# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
# remain the property of their copyright owners, unless otherwise agreed
|
||||
@ -152,6 +152,7 @@ Patch36: openssh-6.6p1-seccomp_getuid.patch
|
||||
Patch37: openssh-6.6p1-X_forward_with_disabled_ipv6.patch
|
||||
Patch38: openssh-6.6p1-fips-checks.patch
|
||||
Patch39: openssh-6.6p1-ldap.patch
|
||||
Patch40: CVE-2016-0777_CVE-2016-0778.patch
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
|
||||
%description
|
||||
@ -227,6 +228,7 @@ cryptomodule.
|
||||
%patch37 -p2
|
||||
%patch38 -p2
|
||||
%patch39 -p2
|
||||
%patch40 -p0
|
||||
cp %{SOURCE3} %{SOURCE4} .
|
||||
|
||||
%build
|
||||
|
Loading…
Reference in New Issue
Block a user