diff --git a/srcpkgs/openssh/patches/CVE-2015-8325.patch b/srcpkgs/openssh/patches/CVE-2015-8325.patch new file mode 100644 index 0000000000..8c735451bd --- /dev/null +++ b/srcpkgs/openssh/patches/CVE-2015-8325.patch @@ -0,0 +1,22 @@ +From: Damien Miller +Date: Wed, 13 Apr 2016 10:39:57 +1000 +Subject: ignore PAM environment vars when UseLogin=yes + +If PAM is configured to read user-specified environment variables +and UseLogin=yes in sshd_config, then a hostile local user may +attack /bin/login via LD_PRELOAD or similar environment variables +set via PAM. + +CVE-2015-8325, found by Shayan Sadigh, via Colin Watson + +--- session.c ++++ session.c +@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell) + * Pull in any environment variables that may have + * been set by PAM. + */ +- if (options.use_pam) { ++ if (options.use_pam && !options.use_login) { + char **p; + + p = fetch_pam_child_environment(); diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index 5646cf503b..ccd3456c79 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -1,7 +1,7 @@ # Template file for 'openssh' pkgname=openssh version=7.2p2 -revision=2 +revision=3 build_style=gnu-configure configure_args="--datadir=/usr/share/openssh --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody