diff options
-rw-r--r-- | security/openssh/Makefile | 3 | ||||
-rw-r--r-- | security/openssh/distinfo | 4 | ||||
-rw-r--r-- | security/openssh/patches/patch-session.c | 26 |
3 files changed, 22 insertions, 11 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 351d3932d73..9043ce812e0 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,7 +1,8 @@ -# $NetBSD: Makefile,v 1.243 2016/03/15 20:54:07 bsiegert Exp $ +# $NetBSD: Makefile,v 1.243.2.1 2016/06/11 09:53:06 spz Exp $ DISTNAME= openssh-7.2p2 PKGNAME= ${DISTNAME:S/p2/.2/} +PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/} diff --git a/security/openssh/distinfo b/security/openssh/distinfo index a8f162f80e1..c15cc50b2a4 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.100 2016/03/15 20:54:07 bsiegert Exp $ +$NetBSD: distinfo,v 1.100.2.1 2016/06/11 09:53:06 spz Exp $ SHA1 (openssh-7.2p2.tar.gz) = 70e35d7d6386fe08abbd823b3a12a3ca44ac6d38 RMD160 (openssh-7.2p2.tar.gz) = d18d73719ceeefa5116b5b741124f3604d7ddb99 @@ -23,7 +23,7 @@ SHA1 (patch-openbsd-compat_port-tun.c) = 690dfb1f945d186dd3de5bea70ed8fab86e590e SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5 SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75 SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1 -SHA1 (patch-session.c) = 2aa1d95a35b52519c4921494855f861dc1380f3b +SHA1 (patch-session.c) = 2a7276382278f70ac1d8f51f273e8ffa2c0c59d2 SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778 SHA1 (patch-ssh.c) = 6877d8205d999906c14240d4d112b084609927ca SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1 diff --git a/security/openssh/patches/patch-session.c b/security/openssh/patches/patch-session.c index 6a4285cd789..2ca4658784e 100644 --- a/security/openssh/patches/patch-session.c +++ b/security/openssh/patches/patch-session.c @@ -1,10 +1,11 @@ -$NetBSD: patch-session.c,v 1.5 2016/01/18 12:53:26 jperkin Exp $ +$NetBSD: patch-session.c,v 1.5.2.1 2016/06/11 09:53:06 spz Exp $ -Interix support +* Interix support. +* Fix for CVE-2015-8325 ---- session.c.orig 2015-08-21 04:49:03.000000000 +0000 +--- session.c.orig 2016-03-09 18:04:48.000000000 +0000 +++ session.c -@@ -1093,7 +1093,7 @@ read_etc_default_login(char ***env, u_in +@@ -1117,7 +1117,7 @@ read_etc_default_login(char ***env, u_in if (tmpenv == NULL) return; @@ -13,7 +14,7 @@ Interix support var = child_get_env(tmpenv, "SUPATH"); else var = child_get_env(tmpenv, "PATH"); -@@ -1202,7 +1202,7 @@ do_setup_env(Session *s, const char *she +@@ -1226,7 +1226,7 @@ do_setup_env(Session *s, const char *she # endif /* HAVE_ETC_DEFAULT_LOGIN */ if (path == NULL || *path == '\0') { child_set_env(&env, &envsize, "PATH", @@ -22,7 +23,16 @@ Interix support SUPERUSER_PATH : _PATH_STDPATH); } # endif /* HAVE_CYGWIN */ -@@ -1316,6 +1316,18 @@ do_setup_env(Session *s, const char *she +@@ -1317,7 +1317,7 @@ do_setup_env(Session *s, const char *she + * Pull in any environment variables that may have + * been set by PAM. + */ +- if (options.use_pam) { ++ if (options.use_pam && !options.use_login) { + char **p; + + p = fetch_pam_child_environment(); +@@ -1340,6 +1340,18 @@ do_setup_env(Session *s, const char *she strcmp(pw->pw_dir, "/") ? pw->pw_dir : ""); read_environment_file(&env, &envsize, buf); } @@ -41,7 +51,7 @@ Interix support if (debug_flag) { /* dump the environment */ fprintf(stderr, "Environment:\n"); -@@ -1510,11 +1522,13 @@ do_setusercontext(struct passwd *pw) +@@ -1531,11 +1543,13 @@ do_setusercontext(struct passwd *pw) perror("setgid"); exit(1); } @@ -55,7 +65,7 @@ Interix support endgrent(); #endif -@@ -2356,7 +2370,7 @@ session_pty_cleanup2(Session *s) +@@ -2381,7 +2395,7 @@ session_pty_cleanup2(Session *s) record_logout(s->pid, s->tty, s->pw->pw_name); /* Release the pseudo-tty. */ |