From 9f4f6ce8aa693fdde39ac03edbf7ce4a5f7322b3 Mon Sep 17 00:00:00 2001 From: Enno Boland Date: Thu, 14 Jan 2016 16:08:11 +0100 Subject: [PATCH] openssh: fix client bug CVE-2016-0777. --- srcpkgs/openssh/patches/010_ssh.patch | 61 +++++++++++++++++++++++++++ srcpkgs/openssh/template | 2 +- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 srcpkgs/openssh/patches/010_ssh.patch diff --git a/srcpkgs/openssh/patches/010_ssh.patch b/srcpkgs/openssh/patches/010_ssh.patch new file mode 100644 index 0000000000..d6d8fc96de --- /dev/null +++ b/srcpkgs/openssh/patches/010_ssh.patch @@ -0,0 +1,61 @@ +OpenBSD 5.8 errata 10, Jan 14, 2016: + +Experimental roaming code in the ssh client could be tricked by a hostile sshd +server, potentially leaking key material. CVE-2016-077 and CVE-0216-078. +Prevent this problem immediately by adding the line "UseRoaming no" to +/etc/ssh/ssh_config. + +Apply by doing: + signify -Vep /etc/signify/openbsd-58-base.pub -x 010_ssh.patch.sig \ + -m - | (cd /usr/src && patch -p0) + +And then rebuild and install sshd: + cd /usr/src/usr.bin/ssh + make obj + make depend + make + make install + +Index: usr.bin/ssh/readconf.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/readconf.c,v +retrieving revision 1.239 +diff -u -p -r1.239 readconf.c +--- readconf.c 30 Jul 2015 00:01:34 -0000 1.239 ++++ readconf.c 13 Jan 2016 23:17:23 -0000 +@@ -1648,7 +1648,7 @@ initialize_options(Options * options) + options->tun_remote = -1; + options->local_command = NULL; + options->permit_local_command = -1; +- options->use_roaming = -1; ++ options->use_roaming = 0; + options->visual_host_key = -1; + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; +@@ -1819,8 +1819,7 @@ fill_default_options(Options * options) + options->tun_remote = SSH_TUNID_ANY; + if (options->permit_local_command == -1) + options->permit_local_command = 0; +- if (options->use_roaming == -1) +- options->use_roaming = 1; ++ options->use_roaming = 0; + if (options->visual_host_key == -1) + options->visual_host_key = 0; + if (options->ip_qos_interactive == -1) +Index: usr.bin/ssh/ssh.c +=================================================================== +RCS file: /cvs/src/usr.bin/ssh/ssh.c,v +retrieving revision 1.420 +diff -u -p -r1.420 ssh.c +--- ssh.c 30 Jul 2015 00:01:34 -0000 1.420 ++++ ssh.c 13 Jan 2016 23:17:23 -0000 +@@ -1882,9 +1882,6 @@ ssh_session2(void) + fork_postauth(); + } + +- if (options.use_roaming) +- request_roaming(); +- + return client_loop(tty_flag, tty_flag ? + options.escape_char : SSH_ESCAPECHAR_NONE, id); + } diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index 9126a6813c..91bd0987fc 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -1,7 +1,7 @@ # Template file for 'openssh' pkgname=openssh version=7.1p1 -revision=1 +revision=2 build_style=gnu-configure configure_args="--sbindir=/usr/bin --datadir=/usr/share/openssh --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody