diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-7.1_p1-CVE-2016-0777.patch b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-7.1_p1-CVE-2016-0777.patch new file mode 100644 index 0000000000..0db838d3ad --- /dev/null +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/files/openssh-7.1_p1-CVE-2016-0777.patch @@ -0,0 +1,34 @@ +--- openssh-7.1p1/readconf.c ++++ openssh-7.1p1/readconf.c +@@ -1660,7 +1660,7 @@ + options->tun_remote = -1; + options->local_command = NULL; + options->permit_local_command = -1; +- options->use_roaming = -1; ++ options->use_roaming = 0; + options->visual_host_key = -1; + options->ip_qos_interactive = -1; + options->ip_qos_bulk = -1; +@@ -1833,8 +1833,7 @@ + options->tun_remote = SSH_TUNID_ANY; + if (options->permit_local_command == -1) + options->permit_local_command = 0; +- if (options->use_roaming == -1) +- options->use_roaming = 1; ++ options->use_roaming = 0; + if (options->visual_host_key == -1) + options->visual_host_key = 0; + if (options->ip_qos_interactive == -1) +--- openssh-7.1p1/ssh.c ++++ openssh-7.1p1/ssh.c +@@ -1932,9 +1932,6 @@ + fork_postauth(); + } + +- if (options.use_roaming) +- request_roaming(); +- + return client_loop(tty_flag, tty_flag ? + options.escape_char : SSH_ESCAPECHAR_NONE, id); + } + diff --git a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r3.ebuild b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r4.ebuild similarity index 99% rename from sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r3.ebuild rename to sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r4.ebuild index 9f36aa8d05..7ff7f87803 100644 --- a/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r3.ebuild +++ b/sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-7.1_p1-r4.ebuild @@ -142,6 +142,8 @@ src_prepare() { save_version HPN fi + epatch "${FILESDIR}"/${PN}-7.1_p1-CVE-2016-0777.patch + tc-export PKG_CONFIG local sed_args=( -e "s:-lcrypto:$(${PKG_CONFIG} --libs openssl):"