openssh: update to 7.3p1.

This commit is contained in:
Juan RP 2016-08-01 17:56:40 +02:00
parent dfeea47ba8
commit d325f76f95
2 changed files with 3 additions and 25 deletions

View file

@ -1,22 +0,0 @@
From: Damien Miller <djm@mindrot.org>
Date: Wed, 13 Apr 2016 10:39:57 +1000
Subject: ignore PAM environment vars when UseLogin=yes
If PAM is configured to read user-specified environment variables
and UseLogin=yes in sshd_config, then a hostile local user may
attack /bin/login via LD_PRELOAD or similar environment variables
set via PAM.
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
--- session.c
+++ session.c
@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
* Pull in any environment variables that may have
* been set by PAM.
*/
- if (options.use_pam) {
+ if (options.use_pam && !options.use_login) {
char **p;
p = fetch_pam_child_environment();

View file

@ -1,7 +1,7 @@
# Template file for 'openssh' # Template file for 'openssh'
pkgname=openssh pkgname=openssh
version=7.2p2 version=7.3p1
revision=3 revision=1
build_style=gnu-configure build_style=gnu-configure
configure_args="--datadir=/usr/share/openssh configure_args="--datadir=/usr/share/openssh
--sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody
@ -20,7 +20,7 @@ maintainer="Juan RP <xtraeme@voidlinux.eu>"
homepage="http://www.openssh.org" homepage="http://www.openssh.org"
license="BSD" license="BSD"
distfiles="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$version.tar.gz" distfiles="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$version.tar.gz"
checksum=a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c checksum=3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc
# Package build options # Package build options
build_options="ldns ssl" build_options="ldns ssl"