summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--security/openssh/Makefile3
-rw-r--r--security/openssh/distinfo4
-rw-r--r--security/openssh/patches/patch-session.c26
3 files changed, 22 insertions, 11 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile
index 351d3932d73..9043ce812e0 100644
--- a/security/openssh/Makefile
+++ b/security/openssh/Makefile
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.243 2016/03/15 20:54:07 bsiegert Exp $
+# $NetBSD: Makefile,v 1.243.2.1 2016/06/11 09:53:06 spz Exp $
DISTNAME= openssh-7.2p2
PKGNAME= ${DISTNAME:S/p2/.2/}
+PKGREVISION= 1
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
diff --git a/security/openssh/distinfo b/security/openssh/distinfo
index a8f162f80e1..c15cc50b2a4 100644
--- a/security/openssh/distinfo
+++ b/security/openssh/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.100 2016/03/15 20:54:07 bsiegert Exp $
+$NetBSD: distinfo,v 1.100.2.1 2016/06/11 09:53:06 spz Exp $
SHA1 (openssh-7.2p2.tar.gz) = 70e35d7d6386fe08abbd823b3a12a3ca44ac6d38
RMD160 (openssh-7.2p2.tar.gz) = d18d73719ceeefa5116b5b741124f3604d7ddb99
@@ -23,7 +23,7 @@ SHA1 (patch-openbsd-compat_port-tun.c) = 690dfb1f945d186dd3de5bea70ed8fab86e590e
SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5
SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75
SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1
-SHA1 (patch-session.c) = 2aa1d95a35b52519c4921494855f861dc1380f3b
+SHA1 (patch-session.c) = 2a7276382278f70ac1d8f51f273e8ffa2c0c59d2
SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778
SHA1 (patch-ssh.c) = 6877d8205d999906c14240d4d112b084609927ca
SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
diff --git a/security/openssh/patches/patch-session.c b/security/openssh/patches/patch-session.c
index 6a4285cd789..2ca4658784e 100644
--- a/security/openssh/patches/patch-session.c
+++ b/security/openssh/patches/patch-session.c
@@ -1,10 +1,11 @@
-$NetBSD: patch-session.c,v 1.5 2016/01/18 12:53:26 jperkin Exp $
+$NetBSD: patch-session.c,v 1.5.2.1 2016/06/11 09:53:06 spz Exp $
-Interix support
+* Interix support.
+* Fix for CVE-2015-8325
---- session.c.orig 2015-08-21 04:49:03.000000000 +0000
+--- session.c.orig 2016-03-09 18:04:48.000000000 +0000
+++ session.c
-@@ -1093,7 +1093,7 @@ read_etc_default_login(char ***env, u_in
+@@ -1117,7 +1117,7 @@ read_etc_default_login(char ***env, u_in
if (tmpenv == NULL)
return;
@@ -13,7 +14,7 @@ Interix support
var = child_get_env(tmpenv, "SUPATH");
else
var = child_get_env(tmpenv, "PATH");
-@@ -1202,7 +1202,7 @@ do_setup_env(Session *s, const char *she
+@@ -1226,7 +1226,7 @@ do_setup_env(Session *s, const char *she
# endif /* HAVE_ETC_DEFAULT_LOGIN */
if (path == NULL || *path == '\0') {
child_set_env(&env, &envsize, "PATH",
@@ -22,7 +23,16 @@ Interix support
SUPERUSER_PATH : _PATH_STDPATH);
}
# endif /* HAVE_CYGWIN */
-@@ -1316,6 +1316,18 @@ do_setup_env(Session *s, const char *she
+@@ -1317,7 +1317,7 @@ do_setup_env(Session *s, const char *she
+ * Pull in any environment variables that may have
+ * been set by PAM.
+ */
+- if (options.use_pam) {
++ if (options.use_pam && !options.use_login) {
+ char **p;
+
+ p = fetch_pam_child_environment();
+@@ -1340,6 +1340,18 @@ do_setup_env(Session *s, const char *she
strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
read_environment_file(&env, &envsize, buf);
}
@@ -41,7 +51,7 @@ Interix support
if (debug_flag) {
/* dump the environment */
fprintf(stderr, "Environment:\n");
-@@ -1510,11 +1522,13 @@ do_setusercontext(struct passwd *pw)
+@@ -1531,11 +1543,13 @@ do_setusercontext(struct passwd *pw)
perror("setgid");
exit(1);
}
@@ -55,7 +65,7 @@ Interix support
endgrent();
#endif
-@@ -2356,7 +2370,7 @@ session_pty_cleanup2(Session *s)
+@@ -2381,7 +2395,7 @@ session_pty_cleanup2(Session *s)
record_logout(s->pid, s->tty, s->pw->pw_name);
/* Release the pseudo-tty. */