openssh: fix for CVE-2014-2532

sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character. Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Chen Qi <Qi.Chen@windriver.com> 2014-05-13 15:46:26 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2014-05-13 19:26:34 +0100
commit: a8d3b8979c27a8dc87971b66a1d9d9282f660596 (patch)
tree: 86068a8446be1c4908e3c6b11dc08692944fbcf3 /meta/recipes-connectivity/openssh/openssh_6.5p1.bb
parent: ecb819b12a89e4e944974068d2e20ed226979317 (diff)
download: openembedded-core-contrib-a8d3b8979c27a8dc87971b66a1d9d9282f660596.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb
index b93b9ae79f..230f38ab31 100644
--- a/meta/recipes-connectivity/openssh/openssh_6.5p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_6.5p1.bb
@@ -29,7 +29,8 @@ SRC_URI = "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar.
            file://sshdgenkeys.service \
            file://volatiles.99_sshd \
            file://add-test-support-for-busybox.patch \
-           file://run-ptest"
+           file://run-ptest \
+           file://openssh-CVE-2014-2532.patch"
 
 PAM_SRC_URI = "file://sshd"
author	Chen Qi <Qi.Chen@windriver.com>	2014-05-13 15:46:26 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2014-05-13 19:26:34 +0100
commit	a8d3b8979c27a8dc87971b66a1d9d9282f660596 (patch)
tree	86068a8446be1c4908e3c6b11dc08692944fbcf3 /meta/recipes-connectivity/openssh/openssh_6.5p1.bb
parent	ecb819b12a89e4e944974068d2e20ed226979317 (diff)
download	openembedded-core-contrib-a8d3b8979c27a8dc87971b66a1d9d9282f660596.tar.gz