diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2024-39894.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2024-39894.patch new file mode 100644 index 0000000000..898295340d --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2024-39894.patch @@ -0,0 +1,35 @@ +From 146c420d29d055cc75c8606327a1cf8439fe3a08 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Mon, 1 Jul 2024 04:31:17 +0000 +Subject: [PATCH] upstream: when sending ObscureKeystrokeTiming chaff packets, + we + +can't rely on channel_did_enqueue to tell that there is data to send. This +flag indicates that the channels code enqueued a packet on _this_ ppoll() +iteration, not that data was enqueued in _any_ ppoll() iteration in the +timeslice. ok markus@ + +OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136 + +Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/openssh/tree/debian/patches/CVE-2024-39894.patch?h=ubuntu/noble-security +Upstream commit https://github.com/openssh/openssh-portable/commit/146c420d29d055cc75c8606327a1cf8439fe3a08] +CVE: CVE-2024-39894 +Signed-off-by: Vijay Anusuri +--- + clientloop.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +--- a/clientloop.c ++++ b/clientloop.c +@@ -612,8 +612,9 @@ obfuscate_keystroke_timing(struct ssh *s + if (timespeccmp(&now, &chaff_until, >=)) { + /* Stop if there have been no keystrokes for a while */ + stop_reason = "chaff time expired"; +- } else if (timespeccmp(&now, &next_interval, >=)) { +- /* Otherwise if we were due to send, then send chaff */ ++ } else if (timespeccmp(&now, &next_interval, >=) && ++ !ssh_packet_have_data_to_write(ssh)) { ++ /* If due to send but have no data, then send chaff */ + if (send_chaff(ssh)) + nchaff++; + } diff --git a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb index 3cdf0327b0..8bc4f4269a 100644 --- a/meta/recipes-connectivity/openssh/openssh_9.6p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_9.6p1.bb @@ -28,6 +28,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://0001-regress-banner.sh-log-input-and-output-files-on-erro.patch \ file://0001-systemd-Add-optional-support-for-systemd-sd_notify.patch \ file://CVE-2024-6387.patch \ + file://CVE-2024-39894.patch \ " SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"