diff --git a/openssh-7.2p2-CVE-2015-8325.patch b/openssh-7.2p2-CVE-2015-8325.patch deleted file mode 100644 index 4224051..0000000 --- a/openssh-7.2p2-CVE-2015-8325.patch +++ /dev/null @@ -1,32 +0,0 @@ -From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001 -From: Damien Miller -Date: Wed, 13 Apr 2016 10:39:57 +1000 -Subject: ignore PAM environment vars when UseLogin=yes - -If PAM is configured to read user-specified environment variables -and UseLogin=yes in sshd_config, then a hostile local user may -attack /bin/login via LD_PRELOAD or similar environment variables -set via PAM. - -CVE-2015-8325, found by Shayan Sadigh, via Colin Watson ---- - session.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/session.c b/session.c -index 4859245..4653b09 100644 ---- a/session.c -+++ b/session.c -@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell) - * Pull in any environment variables that may have - * been set by PAM. - */ -- if (options.use_pam) { -+ if (options.use_pam && !options.use_login) { - char **p; - - p = fetch_pam_child_environment(); --- -cgit v0.11.2 - - diff --git a/openssh-7.2p2-certificats-regress.patch b/openssh-7.2p2-certificats-regress.patch deleted file mode 100644 index 8b08319..0000000 --- a/openssh-7.2p2-certificats-regress.patch +++ /dev/null @@ -1,38 +0,0 @@ -commit c38905ba391434834da86abfc988a2b8b9b62477 -Author: djm@openbsd.org -Date: Mon Mar 14 16:20:54 2016 +0000 - - upstream commit - - unbreak authentication using lone certificate keys in - ssh-agent: when attempting pubkey auth with a certificate, if no separate - private key is found among the keys then try with the certificate key itself. - - bz#2550 reported by Peter Moody - - Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966 - -diff --git a/sshconnect2.c b/sshconnect2.c -index f79c96b..1cf48a2 100644 ---- a/sshconnect2.c -+++ b/sshconnect2.c -@@ -1,4 +1,4 @@ --/* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */ -+/* $OpenBSD: sshconnect2.c,v 1.240 2016/03/14 16:20:54 djm Exp $ */ - /* - * Copyright (c) 2000 Markus Friedl. All rights reserved. - * Copyright (c) 2008 Damien Miller. All rights reserved. -@@ -1112,12 +1112,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) - "certificate", __func__, id->filename, - id->agent_fd != -1 ? " from agent" : ""); - } else { -- /* XXX maybe verbose/error? */ -- debug("%s: no private key for certificate " -+ debug("%s: no separate private key for certificate " - "\"%s\"", __func__, id->filename); -- free(blob); -- buffer_free(&b); -- return 0; - } - } - diff --git a/openssh.spec b/openssh.spec index c33adc2..6f72376 100644 --- a/openssh.spec +++ b/openssh.spec @@ -216,10 +216,6 @@ Patch931: openssh-6.9p1-scp-progressmeter.patch Patch932: openssh-7.0p1-gssKexAlgorithms.patch # Possibility to validate legacy systems by more fingerprints (#1249626)(#2439) Patch933: openssh-7.0p1-show-more-fingerprints.patch -# CVE-2015-8325: ignore PAM environment vars when UseLogin=yes -Patch937: openssh-7.2p2-CVE-2015-8325.patch -# Regression in certificate based authentication (#1333498) -Patch938: openssh-7.2p2-certificats-regress.patch # make s390 use /dev/ crypto devices -- ignore closefrom Patch939: openssh-7.2p2-s390-closefrom.patch # expose more information to PAM @@ -462,8 +458,6 @@ popd %patch931 -p1 -b .progressmeter %patch932 -p1 -b .gsskexalg %patch933 -p1 -b .fingerprint -%patch937 -p1 -b .pam_uselogin_cve -%patch938 -p1 -b .certificates %patch939 -p1 -b .s390-dev %patch940 -p1 -b .expose-pam %patch941 -p1 -b .user-enumeration