diff options
| author | Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org> | 2014-03-26 10:12:26 +0100 |
|---|---|---|
| committer | Bartłomiej Piotrowski <bpiotrowski@alpinelinux.org> | 2014-03-26 10:15:12 +0100 |
| commit | 504d9cc36b7cce12fe32cd729d4211c5c4fc3303 (patch) | |
| tree | 0b9b8888c20461bb76fe14eb1a735944a233ce02 /main | |
| parent | ec2da43c51111eaa09bcc37c381521c6f9dada48 (diff) | |
| download | aports-504d9cc36b7cce12fe32cd729d4211c5c4fc3303.tar.bz2 aports-504d9cc36b7cce12fe32cd729d4211c5c4fc3303.tar.xz | |
main/openssh: security fix for CVE-2014-2532
Diffstat (limited to 'main')
| -rw-r--r-- | main/openssh/APKBUILD | 12 | ||||
| -rw-r--r-- | main/openssh/CVE-2014-2532.patch | 30 |
2 files changed, 38 insertions, 4 deletions
diff --git a/main/openssh/APKBUILD b/main/openssh/APKBUILD index dc178e7aa..70b5103e6 100644 --- a/main/openssh/APKBUILD +++ b/main/openssh/APKBUILD @@ -2,7 +2,7 @@ pkgname=openssh pkgver=6.4_p1 _myver=${pkgver%_*}${pkgver#*_} -pkgrel=0 +pkgrel=1 pkgdesc="Port of OpenBSD's free SSH release" url="http://www.openssh.org/portable.html" arch="all" @@ -18,6 +18,7 @@ source="ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$_myver.tar. openssh-fix-utmp.diff sshd.initd sshd.confd + CVE-2014-2532.patch " # HPN patches are from: http://www.psc.edu/index.php/hpn-ssh @@ -108,7 +109,8 @@ c65d454dc5b149647273485fc184636d openssh-hmac-accel.diff 7c86680602f7ad71b0773d9e98a30d73 openssh-fix-includes.diff f7d9d6f96940ef66bd3c3a0aa27e57a7 openssh-fix-utmp.diff cb0dd08c413fad346f0c594107b4a2e0 sshd.initd -b35e9f3829f4cfca07168fcba98749c7 sshd.confd" +b35e9f3829f4cfca07168fcba98749c7 sshd.confd +e4cf579145106ce3d4465453b70ea50d CVE-2014-2532.patch" sha256sums="5530f616513b14aea3662c4c373bafd6a97a269938674c006377e381f68975d2 openssh-6.4p1.tar.gz 4f78f16807c6b6a3a3773c000b85df0c56ea8a93dc35eaa6bbdffe6e30328e58 openssh6.2-dynwindows.diff 6e803be3b3569eedfe69d9e9aeabef2e3fec2ed28f75bc456dfd69c2ef2c8198 openssh-peaktput.diff @@ -116,7 +118,8 @@ sha256sums="5530f616513b14aea3662c4c373bafd6a97a269938674c006377e381f68975d2 op c3189ba0e17e60e83851ac2d6f18ad5b08cb90cccfce31d61cccb9fd76d44d59 openssh-fix-includes.diff f2748da45d0bc31055727f8c80d93e1872cc043ced3202e2f6d150aca3c08dde openssh-fix-utmp.diff 3fa062fd4bfac64abf21f3c1d0548f1dfcf3c6e56e84ece14c848f53a293024e sshd.initd -29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 sshd.confd" +29c6d57ac3ec6018cadc6ba6cd9b90c9ed46e20049b970fdcc68ee2481a2ee41 sshd.confd +323d1a7a0ff72143580ac1b0ce2a28b9640f956368bc6629890c22c79af28aaa CVE-2014-2532.patch" sha512sums="f87b3e1d3110b87c1dfff729459ff26024863480c8eb4449b9e3b0b750d187acdfedb199ca4ea133b5dfa436bed0e2eea7607392d451b18c626c4dc1d38bb52a openssh-6.4p1.tar.gz 773cc0629e17a8f78e82be56e579855ea9b3ca8fd26360964aee854d717a7cfc2c9d4d654cf0fda5723c3aabe96e48ee2cfe6d1fd64b5717f0ef5eb997d00293 openssh6.2-dynwindows.diff 64f5aff3fc1a0d2f7c65ea875d1c2c4d98a3d305ff2677d9d4ca82f20778df9e317b1bfc428cee2b0df1bfa01a65dfcf83b68435a227a23a2cf3400fef35d656 openssh-peaktput.diff @@ -124,4 +127,5 @@ aaa128126400171d0755038a846672aa7b1e87340edf73a672962d403abf404ef1821466b17da51d 70e2c6613ab77ec379e03ddf029c1c38e5d852bb225db40ceaa63e642d58b0261fa7c954b288710736bb1dc71f8057f2598ea0d1f5b1214135fa5e9541d5f05a openssh-fix-includes.diff cc909f68d9da1b264926973b96d36162b5c588299c98d62f526faf2ef1273d98bb8d8dea4d482770a2aef88bcbf15fa61144401aef9ab916c15e1623bcf449b5 openssh-fix-utmp.diff 1483e2bcd700da9b02f04508d490b472c816344787bf1675fef2f7e27f72b91e4323e4e8c1db701e47d81d37d6d4b0623eaeac46b2cf589ae5ad69f363baa594 sshd.initd -b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 sshd.confd" +b9ae816af54a55e134a9307e376f05367b815f1b3fd545c2a2c312d18aedcf907f413e8bad8db980cdd9aad4011a72a79e1e94594f69500939a9cb46287f2f81 sshd.confd +4521052ef55b77a2932484fa52f4a7688e8dbd4e6aa1e210ce24a59b8501775ca7e844108e36c06a9e3a47b70cd8d59007c12ca7a7bb8af27ae1e31e7b0de34d CVE-2014-2532.patch" diff --git a/main/openssh/CVE-2014-2532.patch b/main/openssh/CVE-2014-2532.patch new file mode 100644 index 000000000..49cccbd27 --- /dev/null +++ b/main/openssh/CVE-2014-2532.patch @@ -0,0 +1,30 @@ +Description: fix AcceptEnv wildcard environment restrictions bypass +Origin: upstream, http://www.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.270;r2=1.271 + +Index: openssh-6.0p1/session.c +=================================================================== +--- openssh-6.0p1.orig/session.c 2014-03-21 11:03:33.904069205 -0400 ++++ openssh-6.0p1/session.c 2014-03-21 11:03:33.900069205 -0400 +@@ -963,6 +963,11 @@ + *envsizep = 1; + } + ++ if (strchr(name, '=') != NULL) { ++ error("Invalid environment variable \"%.100s\"", name); ++ return; ++ } ++ + /* + * Find the slot where the value should be stored. If the variable + * already exists, we reuse the slot; otherwise we append a new slot +@@ -2186,8 +2191,8 @@ + char *name, *val; + u_int name_len, val_len, i; + +- name = packet_get_string(&name_len); +- val = packet_get_string(&val_len); ++ name = packet_get_cstring(&name_len); ++ val = packet_get_cstring(&val_len); + packet_check_eom(); + + /* Don't set too many environment variables */ |