CVE-2015-8325 and certificate regression are fixed upstream

2016-07-25 15:23:16 +02:00 · 2016-07-25 15:23:16 +02:00 · 13a7aaf5e3
commit 13a7aaf5e3
parent 38e1dfa80d
3 changed files with 0 additions and 76 deletions
--- a/openssh-7.2p2-CVE-2015-8325.patch
+++ b/openssh-7.2p2-CVE-2015-8325.patch
@ -1,32 +0,0 @@
-From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
-From: Damien Miller <djm@mindrot.org>
-Date: Wed, 13 Apr 2016 10:39:57 +1000
-Subject: ignore PAM environment vars when UseLogin=yes
-
-If PAM is configured to read user-specified environment variables
-and UseLogin=yes in sshd_config, then a hostile local user may
-attack /bin/login via LD_PRELOAD or similar environment variables
-set via PAM.
-
-CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
---
- session.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/session.c b/session.c
-index 4859245..4653b09 100644
--- a/session.c
-+++ b/session.c
-@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
- 	 * Pull in any environment variables that may have
- 	 * been set by PAM.
- 	 */
-	if (options.use_pam) {
-+	if (options.use_pam && !options.use_login) {
- 		char **p;
- 
- 		p = fetch_pam_child_environment();
-- 
-cgit v0.11.2
-
-
--- a/openssh-7.2p2-certificats-regress.patch
+++ b/openssh-7.2p2-certificats-regress.patch
@ -1,38 +0,0 @@
-commit c38905ba391434834da86abfc988a2b8b9b62477
-Author: djm@openbsd.org <djm@openbsd.org>
-Date:   Mon Mar 14 16:20:54 2016 +0000
-
-    upstream commit
-    
-    unbreak authentication using lone certificate keys in
-     ssh-agent: when attempting pubkey auth with a certificate, if no separate
-     private key is found among the keys then try with the certificate key itself.
-    
-    bz#2550 reported by Peter Moody
-    
-    Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
-
-diff --git a/sshconnect2.c b/sshconnect2.c
-index f79c96b..1cf48a2 100644
--- a/sshconnect2.c
-+++ b/sshconnect2.c
-@@ -1,4 +1,4 @@
-/* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */
-+/* $OpenBSD: sshconnect2.c,v 1.240 2016/03/14 16:20:54 djm Exp $ */
- /*
-  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
-  * Copyright (c) 2008 Damien Miller.  All rights reserved.
-@@ -1112,12 +1112,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
- 			    "certificate", __func__, id->filename,
- 			    id->agent_fd != -1 ? " from agent" : "");
- 		} else {
-			/* XXX maybe verbose/error? */
-			debug("%s: no private key for certificate "
-+			debug("%s: no separate private key for certificate "
- 			    "\"%s\"", __func__, id->filename);
-			free(blob);
-			buffer_free(&b);
-			return 0;
- 		}
- 	}
- 
--- a/openssh.spec
+++ b/openssh.spec
@ -216,10 +216,6 @@ Patch931: openssh-6.9p1-scp-progressmeter.patch
 Patch932: openssh-7.0p1-gssKexAlgorithms.patch
 # Possibility to validate legacy systems by more fingerprints (#1249626)(#2439)
 Patch933: openssh-7.0p1-show-more-fingerprints.patch
-# CVE-2015-8325: ignore PAM environment vars when UseLogin=yes
-Patch937: openssh-7.2p2-CVE-2015-8325.patch
-# Regression in certificate based authentication (#1333498)
-Patch938: openssh-7.2p2-certificats-regress.patch
 # make s390 use /dev/ crypto devices -- ignore closefrom
 Patch939: openssh-7.2p2-s390-closefrom.patch
 # expose more information to PAM
@ -462,8 +458,6 @@ popd
 %patch931 -p1 -b .progressmeter
 %patch932 -p1 -b .gsskexalg
 %patch933 -p1 -b .fingerprint
-%patch937 -p1 -b .pam_uselogin_cve
-%patch938 -p1 -b .certificates
 %patch939 -p1 -b .s390-dev
 %patch940 -p1 -b .expose-pam
 %patch941 -p1 -b .user-enumeration