openssh: update to 7.3p1.

2016-08-01 17:56:40 +02:00 · 2016-08-01 17:56:40 +02:00 · d325f76f95
commit d325f76f95
parent dfeea47ba8
2 changed files with 3 additions and 25 deletions
--- a/srcpkgs/openssh/patches/CVE-2015-8325.patch
+++ b/srcpkgs/openssh/patches/CVE-2015-8325.patch
@ -1,22 +0,0 @@
-From: Damien Miller <djm@mindrot.org>
-Date: Wed, 13 Apr 2016 10:39:57 +1000
-Subject: ignore PAM environment vars when UseLogin=yes
-
-If PAM is configured to read user-specified environment variables
-and UseLogin=yes in sshd_config, then a hostile local user may
-attack /bin/login via LD_PRELOAD or similar environment variables
-set via PAM.
-
-CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
-
--- session.c
-+++ session.c
-@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
- 	 * Pull in any environment variables that may have
- 	 * been set by PAM.
- 	 */
-	if (options.use_pam) {
-+	if (options.use_pam && !options.use_login) {
- 		char **p;
- 
- 		p = fetch_pam_child_environment();
--- a/srcpkgs/openssh/template
+++ b/srcpkgs/openssh/template
@ -1,7 +1,7 @@
 # Template file for 'openssh'
 pkgname=openssh
-version=7.2p2
-revision=3
+version=7.3p1
+revision=1
 build_style=gnu-configure
 configure_args="--datadir=/usr/share/openssh
 --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
@ -20,7 +20,7 @@ maintainer="Juan RP <xtraeme@voidlinux.eu>"
 homepage="http://www.openssh.org"
 license="BSD"
 distfiles="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$version.tar.gz"
-checksum=a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c
+checksum=3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc

 # Package build options
 build_options="ldns ssl"