1
0
mirror of https://git.yoctoproject.org/poky synced 2026-07-15 15:37:03 +00:00

openssh: patch CVE-2026-35388

Backport patch from [1] matching CVE description in [2] and change described
in release note [3].

[1] https://github.com/openssh/openssh-portable/commit/c805b97b67c774e0bf922ffb29dfbcda9d7b5add

[2] https://security-tracker.debian.org/tracker/CVE-2026-35388

[3] https://www.openssh.org/releasenotes.html#10.3p1

(From OE-Core rev: f8786d027cdf04072fb5f716135127c334dbea6e)

Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
Reviewed-by: Bruno Vernay <bruno.vernay@se.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
Theo Gaige (Schneider Electric)
2026-05-20 10:29:32 +02:00
committed by Paul Barker
parent 473edc73e6
commit 0c7beb2bd7
2 changed files with 48 additions and 0 deletions
@@ -0,0 +1,47 @@
From be42fe5ce64f2798048161a891083ef12780ca2a Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Thu, 2 Apr 2026 07:39:57 +0000
Subject: [PATCH] upstream: add missing askpass check when using
ControlMaster=ask/autoask and "ssh -O proxy ..."; reported by Michalis
Vasileiadis
OpenBSD-Commit-ID: 8dd7b9b96534e9a8726916b96d36bed466d3836a
CVE: CVE-2026-35388
Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/c805b97b67c774e0bf922ffb29dfbcda9d7b5add]
Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
---
mux.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/mux.c b/mux.c
index d598a17e2..c841feb79 100644
--- a/mux.c
+++ b/mux.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: mux.c,v 1.101 2023/11/23 03:37:05 dtucker Exp $ */
+/* $OpenBSD: mux.c,v 1.113 2026/04/02 07:39:57 djm Exp $ */
/*
* Copyright (c) 2002-2008 Damien Miller <djm@openbsd.org>
*
@@ -1137,6 +1137,16 @@ mux_master_process_proxy(struct ssh *ssh, u_int rid,
debug_f("channel %d: proxy request", c->self);
+ if (options.control_master == SSHCTL_MASTER_ASK ||
+ options.control_master == SSHCTL_MASTER_AUTO_ASK) {
+ if (!ask_permission("Allow multiplex proxy connection?")) {
+ debug2_f("proxy refused by user");
+ reply_error(reply, MUX_S_PERMISSION_DENIED, rid,
+ "Permission denied");
+ return 0;
+ }
+ }
+
c->mux_rcb = channel_proxy_downstream;
if ((r = sshbuf_put_u32(reply, MUX_S_PROXY)) != 0 ||
(r = sshbuf_put_u32(reply, rid)) != 0)
--
2.43.0
@@ -36,6 +36,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://CVE-2025-61984.patch \
file://CVE-2026-35385.patch \
file://CVE-2026-35387.patch \
file://CVE-2026-35388.patch \
"
SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"