diff options
author | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-03-22 11:56:04 +0000 |
---|---|---|
committer | Leonardo Arena <rnalrd@alpinelinux.org> | 2016-03-22 11:56:04 +0000 |
commit | b1a290f67ac9baac539075e7c3bd5aa22e8d971a (patch) | |
tree | bd4434eda273e576c0a2035824cc8565854ba27d /main | |
parent | d65dec66e1495214f9a7079db156b5268fb3dbbc (diff) | |
download | aports-b1a290f67ac9baac539075e7c3bd5aa22e8d971a.tar.bz2 aports-b1a290f67ac9baac539075e7c3bd5aa22e8d971a.tar.xz |
main/openssh: security fix (CVE-2016-3115). Fixes #5288
Diffstat (limited to 'main')
-rw-r--r-- | main/openssh/APKBUILD | 6 | ||||
-rw-r--r-- | main/openssh/CVE-2016-3115.patch | 80 |
2 files changed, 85 insertions, 1 deletions
diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD index a214f2adc5..ae11559049 100644 --- a/main/openssh/APKBUILD +++ b/main/openssh/APKBUILD @@ -2,7 +2,7 @@ pkgname=openssh pkgver=6.6_p1 _myver=${pkgver%_*}${pkgver#*_} -pkgrel=7 +pkgrel=8 pkgdesc="Port of OpenBSD's free SSH release" url="http://www.openssh.org/portable.html" arch="all" @@ -23,6 +23,7 @@ source="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar. CVE-2015-6564.patch CVE-2015-6565.patch CVE-2016-0777_CVE-2016-0778.patch + CVE-2016-3115.patch openssh-curve25519pad.patch " # HPN patches are from: http://www.psc.edu/index.php/hpn-ssh @@ -121,6 +122,7 @@ ae3ac6c890f3172327118f3b793e7f05 CVE-2015-6563.patch 9e107e2636250f33199ba47550ceca1e CVE-2015-6564.patch 48b16c12877d665d9701809fdc6f4bc6 CVE-2015-6565.patch 05cc6c7c1101b76959eac0d2d843561f CVE-2016-0777_CVE-2016-0778.patch +9dcae186783ebc1eaf80867016dde695 CVE-2016-3115.patch da797337121f07bc3fac8a21afac20f8 openssh-curve25519pad.patch" sha256sums="48c1f0664b4534875038004cc4f3555b8329c2a81c1df48db5c517800de203bb openssh-6.6p1.tar.gz 83f2b2c07988c6321875240c02a161a83ec84661d592cbd2188ea8c962f9b1ad openssh6.6-dynwindows.diff @@ -135,6 +137,7 @@ d7bc0d62a9741775ab618725c63c9bdda915e5c6d2e8a4c6995ebe1fa8b3224f CVE-2015-5600. 0f4db4d65edbbef21862ac10714bdd4f8911cf9f9b6eb220f94663be0c4872c8 CVE-2015-6564.patch e42adee1f712850efcce272b556909fd3daf688c1f6059d86bfcc064cea09e87 CVE-2015-6565.patch 0b5536dc8b1d19a536826d0fe2fe27e4b814b12a2d5f1902ffd6f96ce14e6b49 CVE-2016-0777_CVE-2016-0778.patch +75c8353309d0c1870c40498f1c9ca370dfef336d7771a4a6a4301edc5a020115 CVE-2016-3115.patch 8b0caf249298eec28aad3cb77256d31a90652c77bdc1a54a00f04e8c1446d5c4 openssh-curve25519pad.patch" sha512sums="3d3566ed87649882702cad52db1adefebfb3ef788c9f77a493f99db7e9ca2e8edcde793dd426df7df0aed72a42a31c20a63ef51506111369d3a7c49e0bf6c82b openssh-6.6p1.tar.gz 3aab8b8e1f86ce04ebc69bbdbf3c70cefd510d7b4080b99067ec49957b5e421b49e3b8a0a62103d17cf644cd7c0b30e9283a62a24988b1bbb0fbdabbdc1202fd openssh6.6-dynwindows.diff @@ -149,4 +152,5 @@ c53410eb119fdba313661bdffbbbc0e19970c2321fdf24cb086d1946d0f99c8fb06c65b7edc52a74 e5a7d536837aefb07260b01c2863f96d0db2521d7739ded69f92490fad4c8537c853320458cdbc3a86cd90805d54fc87e081ece1dd4cb19392599888f9078e26 CVE-2015-6564.patch 2f74906d7bfc2ca48f001470606a055ade36b44c17d386ed89e44507c8821f1c7b48eed022be729459185d5b6f848fd5763f7b711e106fbc20fb18c10bb688bd CVE-2015-6565.patch c60a6d66537f08b69bcb320903c2903c10f7685052fa58b5ef3deb102f7a1ea50d817e5980bcc6c96d7b898f9cb8f4b0081c59d06c5a49dbc7e1ca737b63f6b1 CVE-2016-0777_CVE-2016-0778.patch +3fdfa02f4892abd1f5ca4cbe5e1cf5fe528c55b0ead3dd32de0bc04d4ec1ff6aec377b8e3a912bc209bb5186802ff9d86bd86ae7aefb59740005e4e091643aef CVE-2016-3115.patch 5c946726e9fb472412972ca73c6e4565598b7729558843be2391e04d8935f0e35a992b4fa9f89c8a98917665c12219ea5ad58359269cbe2cf90907f7d1e2cec8 openssh-curve25519pad.patch" diff --git a/main/openssh/CVE-2016-3115.patch b/main/openssh/CVE-2016-3115.patch new file mode 100644 index 0000000000..d5e41d99e4 --- /dev/null +++ b/main/openssh/CVE-2016-3115.patch @@ -0,0 +1,80 @@ +From 4b4bfb01cd40b9ddb948e6026ddd287cc303d871 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Thu, 10 Mar 2016 11:47:57 +0000 +Subject: upstream commit + +sanitise characters destined for xauth reported by + github.com/tintinweb feedback and ok deraadt and markus + +Upstream-ID: 18ad8d0d74cbd2ea3306a16595a306ee356aa261 +--- + session.c | 34 +++++++++++++++++++++++++++++++--- + 1 file changed, 31 insertions(+), 3 deletions(-) + +diff --git a/session.c b/session.c +index 9a75c62..4859245 100644 +--- a/session.c ++++ b/session.c +@@ -46,6 +46,7 @@ + + #include <arpa/inet.h> + ++#include <ctype.h> + #include <errno.h> + #include <fcntl.h> + #include <grp.h> +@@ -274,6 +275,21 @@ do_authenticated(Authctxt *authctxt) + do_cleanup(authctxt); + } + ++/* Check untrusted xauth strings for metacharacters */ ++static int ++xauth_valid_string(const char *s) ++{ ++ size_t i; ++ ++ for (i = 0; s[i] != '\0'; i++) { ++ if (!isalnum((u_char)s[i]) && ++ s[i] != '.' && s[i] != ':' && s[i] != '/' && ++ s[i] != '-' && s[i] != '_') ++ return 0; ++ } ++ return 1; ++} ++ + /* + * Prepares for an interactive session. This is called after the user has + * been successfully authenticated. During this message exchange, pseudo +@@ -347,7 +363,13 @@ do_authenticated1(Authctxt *authctxt) + s->screen = 0; + } + packet_check_eom(); +- success = session_setup_x11fwd(s); ++ if (xauth_valid_string(s->auth_proto) && ++ xauth_valid_string(s->auth_data)) ++ success = session_setup_x11fwd(s); ++ else { ++ success = 0; ++ error("Invalid X11 forwarding data"); ++ } + if (!success) { + free(s->auth_proto); + free(s->auth_data); +@@ -2184,7 +2206,13 @@ session_x11_req(Session *s) + s->screen = packet_get_int(); + packet_check_eom(); + +- success = session_setup_x11fwd(s); ++ if (xauth_valid_string(s->auth_proto) && ++ xauth_valid_string(s->auth_data)) ++ success = session_setup_x11fwd(s); ++ else { ++ success = 0; ++ error("Invalid X11 forwarding data"); ++ } + if (!success) { + free(s->auth_proto); + free(s->auth_data); +-- +cgit v0.11.2 + |