mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-09 17:39:31 +00:00
Code Issues Projects Releases Wiki Activity

openssh: Fix for CVE-2025-32728

Browse Source 
Upstream-Status: Backport
[https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367]

(From OE-Core rev: 6565ae2b01d6eb1e3a83ed387a5e3b765f85b8cf)

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Vijay Anusuri
2025-04-12 13:30:38 +05:30
committed by Steve Sakoman
parent fa7dd6d5da
commit ac204a6bf9
2 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-connectivity/openssh/openssh/CVE-2025-32728.patch
+44
View File
@@ -0,0 +1,44 @@
From fc86875e6acb36401dfc1dfb6b628a9d1460f367 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 9 Apr 2025 07:00:03 +0000
Subject: [PATCH] upstream: Fix logic error in DisableForwarding option. This
option
was documented as disabling X11 and agent forwarding but it failed to do so.
Spotted by Tim Rice.
OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1
Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/fc86875e6acb36401dfc1dfb6b628a9d1460f367]
CVE: CVE-2025-32728
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
session.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/session.c b/session.c
index aa342e8..eb932b8 100644
--- a/session.c
+++ b/session.c
@@ -2191,7 +2191,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
if ((r = sshpkt_get_end(ssh)) != 0)
sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
if (!auth_opts->permit_agent_forwarding_flag ||
- !options.allow_agent_forwarding) {
+ !options.allow_agent_forwarding ||
+ options.disable_forwarding) {
debug_f("agent forwarding disabled");
return 0;
}
@@ -2586,7 +2587,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
return 0;
}
- if (!options.x11_forwarding) {
+ if (!options.x11_forwarding || options.disable_forwarding) {
debug("X11 forwarding disabled in server configuration file.");
return 0;
}
--
2.25.1
meta/recipes-connectivity/openssh/openssh_9.6p1.bb
+1
View File
@@ -31,6 +31,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
file://0001-Fix-missing-header-for-systemd-notification.patch \ file://0001-Fix-missing-header-for-systemd-notification.patch \
file://CVE-2025-26466.patch \ file://CVE-2025-26466.patch \
file://CVE-2025-26465.patch \ file://CVE-2025-26465.patch \
file://CVE-2025-32728.patch \
" "
SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c" SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"