openssh: fix CVE-2025-61985

author Archana Polampalli <archana.polampalli@windriver.com>

Fri, 31 Oct 2025 05:28:04 +0000 (10:58 +0530)

committer Steve Sakoman <steve@sakoman.com>

Mon, 3 Nov 2025 17:18:14 +0000 (09:18 -0800)
author Archana Polampalli <archana.polampalli@windriver.com>
Fri, 31 Oct 2025 05:28:04 +0000 (10:58 +0530)
committer Steve Sakoman <steve@sakoman.com>
Mon, 3 Nov 2025 17:18:14 +0000 (09:18 -0800)
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2025-61985.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2025-61985.patch

new file mode 100644 (file)

index 0000000..7333d5a
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/CVE-2025-61985.patch
@@ -0,0 +1,35 @@
+From 54928cb9eaa7143ff17f463efa7ed3109afdbf30 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Thu, 4 Sep 2025 00:30:06 +0000
+Subject: [PATCH] upstream: don't allow \0 characters in url-encoded strings.
+ Suggested by David Leadbeater, ok deraadt@
+
+OpenBSD-Commit-ID: c92196cef0f970ceabc1e8007a80b01e9b7cd49c
+
+CVE: CVE-2025-61985
+
+Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/43b3bff47bb029f2299bacb6a36057981b39fdb0]
+
+Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
+---
+ misc.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/misc.c b/misc.c
+index 6135b15..3d133b5 100644
+--- a/misc.c
++++ b/misc.c
+@@ -934,9 +934,10 @@ urldecode(const char *src)
+                       *dst++ = ' ';
+                       break;
+               case '%':
++                      /* note: don't allow \0 characters */
+                       if (!isxdigit((unsigned char)src[1]) ||
+                           !isxdigit((unsigned char)src[2]) ||
+-                          (ch = hexchar(src + 1)) == -1) {
++                          (ch = hexchar(src + 1)) == -1 || ch == 0) {
+                               free(ret);
+                               return NULL;
+                       }
+--
+2.40.0
diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb

index 345051c8dc8de60aec128da48d7605ecd1ba75f4..780ece8999cd267128687fc36d706b1a583b7f27 100644 (file)
--- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
@@ -39,6 +39,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
             file://CVE-2024-6387.patch \
             file://CVE-2025-26465.patch \
             file://CVE-2025-32728.patch \
+           file://CVE-2025-61985.patch \
             "
  SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"
author	Archana Polampalli <archana.polampalli@windriver.com>
	Fri, 31 Oct 2025 05:28:04 +0000 (10:58 +0530)
committer	Steve Sakoman <steve@sakoman.com>
	Mon, 3 Nov 2025 17:18:14 +0000 (09:18 -0800)
meta/recipes-connectivity/openssh/openssh/CVE-2025-61985.patch	[new file with mode: 0644]	patch \| blob
meta/recipes-connectivity/openssh/openssh_8.9p1.bb		patch \| blob \| blame \| history