<feed xmlns='http://www.w3.org/2005/Atom'>
<title>buildroot/package/openssh, branch 2016.11.1</title>
<subtitle>OpenPOWER buildroot sources</subtitle>
<id>https://git.raptorcs.com/git/buildroot/atom?h=2016.11.1</id>
<link rel='self' href='https://git.raptorcs.com/git/buildroot/atom?h=2016.11.1'/>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/'/>
<updated>2016-12-19T22:14:28+00:00</updated>
<entry>
<title>openssh: security bump to version 7.4p1</title>
<updated>2016-12-19T22:14:28+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-12-19T16:27:51+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=3a8611ea041e692f10558fccda409e12915fd3bd'/>
<id>urn:sha1:3a8611ea041e692f10558fccda409e12915fd3bd</id>
<content type='text'>
Fixes:
CVE-2016-10009 - ssh-agent(1): Will now refuse to load PKCS#11 modules
from paths outside a trusted whitelist
CVE-2016-10010 - sshd(8): When privilege separation is disabled,
forwarded Unix-domain sockets would be created by sshd(8) with the
privileges of 'root'
CVE-2016-10011 - sshd(8): Avoid theoretical leak of host private key
material to privilege-separated child processes via realloc()
CVE-2016-10012 - sshd(8): The shared memory manager used by
pre-authentication compression support had a bounds checks that could be
elided by some optimising compilers

http://seclists.org/oss-sec/2016/q4/708

Drop upstream patch.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
(cherry picked from commit ae58da71111c9a9825fa8dab1338831ff38dc320)
</content>
</entry>
<entry>
<title>openssh: add upstream security fix</title>
<updated>2016-11-15T11:58:20+00:00</updated>
<author>
<name>Baruch Siach</name>
<email>baruch@tkos.co.il</email>
</author>
<published>2016-11-15T06:34:18+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=aae80e71b6ce75bdf73cc9b84ec96c92ed13aa58'/>
<id>urn:sha1:aae80e71b6ce75bdf73cc9b84ec96c92ed13aa58</id>
<content type='text'>
Fixes CVE-2016-8858: Memory exhaustion, up to 128MB, of unauthenticated peer.

Signed-off-by: Baruch Siach &lt;baruch@tkos.co.il&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>openssh: bump version to 7.3p1</title>
<updated>2016-08-01T20:11:31+00:00</updated>
<author>
<name>Vicente Olivert Riera</name>
<email>Vincent.Riera@imgtec.com</email>
</author>
<published>2016-08-01T13:19:37+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=b0e524be37856dc433b48103cf17ac6f8983445f'/>
<id>urn:sha1:b0e524be37856dc433b48103cf17ac6f8983445f</id>
<content type='text'>
Signed-off-by: Vicente Olivert Riera &lt;Vincent.Riera@imgtec.com&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>toolchain: add hidden symbol for PIE support</title>
<updated>2016-07-24T19:44:22+00:00</updated>
<author>
<name>Waldemar Brodkorb</name>
<email>wbx@openadk.org</email>
</author>
<published>2016-07-11T14:35:14+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=3c93901bcd2f77232581ca82a3a5f741aa9e6345'/>
<id>urn:sha1:3c93901bcd2f77232581ca82a3a5f741aa9e6345</id>
<content type='text'>
uClibc-ng does not support PIE for some architectures as
arc and m68k. It isn't implemented in the static linking case, too.
With musl toolchains you might have static PIE support with little
patching of gcc. Static linking for GNU libc isn't enabled in
buildroot. Fixup any package using special treatment of PIE.
(grep -ir pie package/*/*.mk)

Signed-off-by: Waldemar Brodkorb &lt;wbx@openadk.org&gt;
[Thomas: use positive logic.]
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>openssh: security bump to version 7.2p2</title>
<updated>2016-03-10T19:49:57+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-03-10T18:34:28+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=55a94ec8936571df586d4f53ffc1355c651a63d3'/>
<id>urn:sha1:55a94ec8936571df586d4f53ffc1355c651a63d3</id>
<content type='text'>
Fixes:
CVE-2016-3115 - sanitise X11 authentication credentials to avoid xauth
command injection when X11Forwarding is enabled.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>openssh: bump to version 7.2p1</title>
<updated>2016-02-29T20:45:32+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-02-29T11:59:32+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=0c62637bdd473236d50ec459c9074ad8a8834129'/>
<id>urn:sha1:0c62637bdd473236d50ec459c9074ad8a8834129</id>
<content type='text'>
Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>openssh: security bump to version 7.1p2</title>
<updated>2016-01-14T19:13:57+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2016-01-14T17:55:43+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=2ff0e32e254e3ee6d96f6b13b7bf182b4e1def73'/>
<id>urn:sha1:2ff0e32e254e3ee6d96f6b13b7bf182b4e1def73</id>
<content type='text'>
Fixes:

CVE-2016-0777 - Client Information leak from use of roaming connection
feature.

CVE-2016-0778 - A buffer overflow flaw was found in the way the OpenSSH
client roaming feature was implemented. A malicious server could
potentially use this flaw to execute arbitrary code on a successfully
authenticated OpenSSH client if that client used certain non-default
configuration options.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Reviewed-by: James Knight &lt;james.knight@rockwellcollins.com&gt;
Tested-by: James Knight &lt;james.knight@rockwellcollins.com&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>package: Replace 'echo -n' by 'printf'</title>
<updated>2015-10-03T22:56:41+00:00</updated>
<author>
<name>Maxime Hadjinlian</name>
<email>maxime.hadjinlian@gmail.com</email>
</author>
<published>2015-10-03T21:29:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=0f75b2635ee564fbbdb9ea631cf39fa8731d6d6c'/>
<id>urn:sha1:0f75b2635ee564fbbdb9ea631cf39fa8731d6d6c</id>
<content type='text'>
'echo -n' is not a POSIX construct (no flag support), we shoud use
'printf', especially in init script.

This patch was generated by the following command line:
git grep -l 'echo -n' -- `git ls-files | grep -v 'patch'` | xargs sed -i 's/echo -n/printf/'

Signed-off-by: Maxime Hadjinlian &lt;maxime.hadjinlian@gmail.com&gt;
Reviewed-by: Arnout Vandecappelle (Essensium/Mind) &lt;arnout@mind.be&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
<entry>
<title>openssh: fix static compilation</title>
<updated>2015-08-29T08:43:52+00:00</updated>
<author>
<name>Waldemar Brodkorb</name>
<email>wbx@openadk.org</email>
</author>
<published>2015-08-29T07:46:35+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=7bc51f85ae35cf6d60e1622a0df5bf03ae494e39'/>
<id>urn:sha1:7bc51f85ae35cf6d60e1622a0df5bf03ae494e39</id>
<content type='text'>
PIE and static doesn't work on Linux.

Fixes:
http://autobuild.buildroot.net/results/dce/dce0202e039f4636d68532c4aab8738938b76650/

Signed-off-by: Waldemar Brodkorb &lt;wbx@openadk.org&gt;
Signed-off-by: Thomas Petazzoni &lt;thomas.petazzoni@free-electrons.com&gt;
</content>
</entry>
<entry>
<title>openssh: security bump to version 7.1p1</title>
<updated>2015-08-25T20:41:08+00:00</updated>
<author>
<name>Gustavo Zacarias</name>
<email>gustavo@zacarias.com.ar</email>
</author>
<published>2015-08-25T18:53:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.raptorcs.com/git/buildroot/commit/?id=0916daeff1056f930736bd4b644aff986b8eb88a'/>
<id>urn:sha1:0916daeff1056f930736bd4b644aff986b8eb88a</id>
<content type='text'>
Fixes:
CVE-2015-6563 - Fixed a privilege separation weakness related to PAM
support.
CVE-2015-6564 - Fixed a use-after-free bug related to PAM support that
was reachable by attackers who could compromise the pre-authentication
process for remote code exectuion.
CVE-2015-6565 - incorrectly set TTYs to be world-writable.

Signed-off-by: Gustavo Zacarias &lt;gustavo@zacarias.com.ar&gt;
Signed-off-by: Peter Korsgaard &lt;peter@korsgaard.com&gt;
</content>
</entry>
</feed>
