diff --git a/srcpkgs/openssh/patches/CVE-2015-8325.patch b/srcpkgs/openssh/patches/CVE-2015-8325.patch deleted file mode 100644 index 8c735451bd2..00000000000 --- a/srcpkgs/openssh/patches/CVE-2015-8325.patch +++ /dev/null @@ -1,22 +0,0 @@ -From: Damien Miller -Date: Wed, 13 Apr 2016 10:39:57 +1000 -Subject: ignore PAM environment vars when UseLogin=yes - -If PAM is configured to read user-specified environment variables -and UseLogin=yes in sshd_config, then a hostile local user may -attack /bin/login via LD_PRELOAD or similar environment variables -set via PAM. - -CVE-2015-8325, found by Shayan Sadigh, via Colin Watson - ---- session.c -+++ session.c -@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell) - * Pull in any environment variables that may have - * been set by PAM. - */ -- if (options.use_pam) { -+ if (options.use_pam && !options.use_login) { - char **p; - - p = fetch_pam_child_environment(); diff --git a/srcpkgs/openssh/template b/srcpkgs/openssh/template index ccd3456c79a..dad5117c43f 100644 --- a/srcpkgs/openssh/template +++ b/srcpkgs/openssh/template @@ -1,7 +1,7 @@ # Template file for 'openssh' pkgname=openssh -version=7.2p2 -revision=3 +version=7.3p1 +revision=1 build_style=gnu-configure configure_args="--datadir=/usr/share/openssh --sysconfdir=/etc/ssh --without-selinux --with-privsep-user=nobody @@ -20,7 +20,7 @@ maintainer="Juan RP " homepage="http://www.openssh.org" license="BSD" distfiles="http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/$pkgname-$version.tar.gz" -checksum=a72781d1a043876a224ff1b0032daa4094d87565a68528759c1c2cab5482548c +checksum=3ffb989a6dcaa69594c3b550d4855a5a2e1718ccdde7f5e36387b424220fbecc # Package build options build_options="ldns ssl"