pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2016Q1]: pkgsrc/security/openssh Pullup ticket #5041 - request...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/6503383d670b
branches:  pkgsrc-2016Q1
changeset: 408916:6503383d670b
user:      spz <spz%pkgsrc.org@localhost>
date:      Sat Jun 11 09:53:06 2016 +0000

description:
Pullup ticket #5041 - requested by taca
security/openssh: security patch

Revisions pulled up:
- security/openssh/Makefile                                     1.244
- security/openssh/distinfo                                     1.101
- security/openssh/patches/patch-session.c                      1.6

-------------------------------------------------------------------
   Module Name: pkgsrc
   Committed By:        taca
   Date:                Mon Jun  6 08:55:35 UTC 2016

   Modified Files:
        pkgsrc/security/openssh: Makefile distinfo
        pkgsrc/security/openssh/patches: patch-session.c

   Log Message:
   Add fix for CVE-2015-8325 from upstream.

   Bump PKGREVISION.


   To generate a diff of this commit:
   cvs rdiff -u -r1.243 -r1.244 pkgsrc/security/openssh/Makefile
   cvs rdiff -u -r1.100 -r1.101 pkgsrc/security/openssh/distinfo
   cvs rdiff -u -r1.5 -r1.6 pkgsrc/security/openssh/patches/patch-session.c

diffstat:

 security/openssh/Makefile                |   3 ++-
 security/openssh/distinfo                |   4 ++--
 security/openssh/patches/patch-session.c |  28 +++++++++++++++++++---------
 3 files changed, 23 insertions(+), 12 deletions(-)

diffs (96 lines):

diff -r 0aae19e83787 -r 6503383d670b security/openssh/Makefile
--- a/security/openssh/Makefile Mon Jun 06 18:38:24 2016 +0000
+++ b/security/openssh/Makefile Sat Jun 11 09:53:06 2016 +0000
@@ -1,7 +1,8 @@
-# $NetBSD: Makefile,v 1.243 2016/03/15 20:54:07 bsiegert Exp $
+# $NetBSD: Makefile,v 1.243.2.1 2016/06/11 09:53:06 spz Exp $
 
 DISTNAME=              openssh-7.2p2
 PKGNAME=               ${DISTNAME:S/p2/.2/}
+PKGREVISION=           1
 CATEGORIES=            security
 MASTER_SITES=          ${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
 
diff -r 0aae19e83787 -r 6503383d670b security/openssh/distinfo
--- a/security/openssh/distinfo Mon Jun 06 18:38:24 2016 +0000
+++ b/security/openssh/distinfo Sat Jun 11 09:53:06 2016 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.100 2016/03/15 20:54:07 bsiegert Exp $
+$NetBSD: distinfo,v 1.100.2.1 2016/06/11 09:53:06 spz Exp $
 
 SHA1 (openssh-7.2p2.tar.gz) = 70e35d7d6386fe08abbd823b3a12a3ca44ac6d38
 RMD160 (openssh-7.2p2.tar.gz) = d18d73719ceeefa5116b5b741124f3604d7ddb99
@@ -23,7 +23,7 @@
 SHA1 (patch-platform.c) = f8f211dbc5e596c0f82eb86324d18a84c6151ec5
 SHA1 (patch-sandbox-darwin.c) = c9a1fe2e4dbf98e929d983b4206a244e0e354b75
 SHA1 (patch-scp.c) = 9c2317b0f796641903a826db355ba06595a26ea1
-SHA1 (patch-session.c) = 2aa1d95a35b52519c4921494855f861dc1380f3b
+SHA1 (patch-session.c) = 2a7276382278f70ac1d8f51f273e8ffa2c0c59d2
 SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778
 SHA1 (patch-ssh.c) = 6877d8205d999906c14240d4d112b084609927ca
 SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
diff -r 0aae19e83787 -r 6503383d670b security/openssh/patches/patch-session.c
--- a/security/openssh/patches/patch-session.c  Mon Jun 06 18:38:24 2016 +0000
+++ b/security/openssh/patches/patch-session.c  Sat Jun 11 09:53:06 2016 +0000
@@ -1,10 +1,11 @@
-$NetBSD: patch-session.c,v 1.5 2016/01/18 12:53:26 jperkin Exp $
-
-Interix support
+$NetBSD: patch-session.c,v 1.5.2.1 2016/06/11 09:53:06 spz Exp $
 
---- session.c.orig     2015-08-21 04:49:03.000000000 +0000
+* Interix support.
+* Fix for CVE-2015-8325
+
+--- session.c.orig     2016-03-09 18:04:48.000000000 +0000
 +++ session.c
-@@ -1093,7 +1093,7 @@ read_etc_default_login(char ***env, u_in
+@@ -1117,7 +1117,7 @@ read_etc_default_login(char ***env, u_in
        if (tmpenv == NULL)
                return;
  
@@ -13,7 +14,7 @@
                var = child_get_env(tmpenv, "SUPATH");
        else
                var = child_get_env(tmpenv, "PATH");
-@@ -1202,7 +1202,7 @@ do_setup_env(Session *s, const char *she
+@@ -1226,7 +1226,7 @@ do_setup_env(Session *s, const char *she
  #  endif /* HAVE_ETC_DEFAULT_LOGIN */
                if (path == NULL || *path == '\0') {
                        child_set_env(&env, &envsize, "PATH",
@@ -22,7 +23,16 @@
                                SUPERUSER_PATH : _PATH_STDPATH);
                }
  # endif /* HAVE_CYGWIN */
-@@ -1316,6 +1316,18 @@ do_setup_env(Session *s, const char *she
+@@ -1317,7 +1317,7 @@ do_setup_env(Session *s, const char *she
+        * Pull in any environment variables that may have
+        * been set by PAM.
+        */
+-      if (options.use_pam) {
++      if (options.use_pam && !options.use_login) {
+               char **p;
+ 
+               p = fetch_pam_child_environment();
+@@ -1340,6 +1340,18 @@ do_setup_env(Session *s, const char *she
                    strcmp(pw->pw_dir, "/") ? pw->pw_dir : "");
                read_environment_file(&env, &envsize, buf);
        }
@@ -41,7 +51,7 @@
        if (debug_flag) {
                /* dump the environment */
                fprintf(stderr, "Environment:\n");
-@@ -1510,11 +1522,13 @@ do_setusercontext(struct passwd *pw)
+@@ -1531,11 +1543,13 @@ do_setusercontext(struct passwd *pw)
                        perror("setgid");
                        exit(1);
                }
@@ -55,7 +65,7 @@
                endgrent();
  #endif
  
-@@ -2356,7 +2370,7 @@ session_pty_cleanup2(Session *s)
+@@ -2381,7 +2395,7 @@ session_pty_cleanup2(Session *s)
                record_logout(s->pid, s->tty, s->pw->pw_name);
  
        /* Release the pseudo-tty. */



Home | Main Index | Thread Index | Old Index