mirror of
https://git.yoctoproject.org/poky
synced 2026-07-15 15:37:03 +00:00
openssh: patch CVE-2026-35385
Backport patch from [1] matching CVE description in [2] and change described in release note [3]. [1] https://github.com/openssh/openssh-portable/commit/487e8ac146f7d6616f65c125d5edb210519b833a [2] https://security-tracker.debian.org/tracker/CVE-2026-35385 [3] https://www.openssh.org/releasenotes.html#10.3p1 (From OE-Core rev: 8a5742fdc3d60e8ab0da2e1f1401995105b742b9) Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com> Reviewed-by: Bruno Vernay <bruno.vernay@se.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
This commit is contained in:
committed by
Paul Barker
parent
8457a5d3d9
commit
e0f9a13f5f
@@ -0,0 +1,47 @@
|
||||
From 9df287221ad61f6b05b3e80bc57bdaacfa5ab243 Mon Sep 17 00:00:00 2001
|
||||
From: "djm@openbsd.org" <djm@openbsd.org>
|
||||
Date: Thu, 2 Apr 2026 07:42:16 +0000
|
||||
Subject: [PATCH] upstream: when downloading files as root in legacy (-O) mode
|
||||
and
|
||||
|
||||
without the -p (preserve modes) flag set, clear setuid/setgid bits from
|
||||
downloaded files as one might expect.
|
||||
|
||||
AFAIK this bug dates back to the original Berkeley rcp program.
|
||||
|
||||
Reported by Christos Papakonstantinou of Cantina and Spearbit.
|
||||
|
||||
OpenBSD-Commit-ID: 49e902fca8dd933a92a9b547ab31f63e86729fa1
|
||||
|
||||
CVE: CVE-2026-35385
|
||||
Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/487e8ac146f7d6616f65c125d5edb210519b833a]
|
||||
Signed-off-by: Theo Gaige (Schneider Electric) <tgaige.opensource@witekio.com>
|
||||
---
|
||||
scp.c | 6 ++++--
|
||||
1 file changed, 4 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/scp.c b/scp.c
|
||||
index 492dace12..2c21fa19a 100644
|
||||
--- a/scp.c
|
||||
+++ b/scp.c
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $OpenBSD: scp.c,v 1.260 2023/10/11 05:42:08 djm Exp $ */
|
||||
+/* $OpenBSD: scp.c,v 1.273 2026/04/02 07:42:16 djm Exp $ */
|
||||
/*
|
||||
* scp - secure remote copy. This is basically patched BSD rcp which
|
||||
* uses ssh to do the data transfer (instead of using rcmd).
|
||||
@@ -1682,8 +1682,10 @@ sink(int argc, char **argv, const char *src)
|
||||
|
||||
setimes = targisdir = 0;
|
||||
mask = umask(0);
|
||||
- if (!pflag)
|
||||
+ if (!pflag) {
|
||||
+ mask |= 07000;
|
||||
(void) umask(mask);
|
||||
+ }
|
||||
if (argc != 1) {
|
||||
run_err("ambiguous target");
|
||||
exit(1);
|
||||
--
|
||||
2.43.0
|
||||
|
||||
@@ -34,6 +34,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
|
||||
file://CVE-2025-32728.patch \
|
||||
file://CVE-2025-61985.patch \
|
||||
file://CVE-2025-61984.patch \
|
||||
file://CVE-2026-35385.patch \
|
||||
"
|
||||
SRC_URI[sha256sum] = "910211c07255a8c5ad654391b40ee59800710dd8119dd5362de09385aa7a777c"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user