diff --git a/SOURCES/openssh-8.0p1-sshd_include.patch b/SOURCES/openssh-8.0p1-sshd_include.patch index 9b634cc..ff51340 100644 --- a/SOURCES/openssh-8.0p1-sshd_include.patch +++ b/SOURCES/openssh-8.0p1-sshd_include.patch @@ -790,3 +790,16 @@ diff -up openssh-8.0p1/sshd.c.sshdinclude openssh-8.0p1/sshd.c dump_config(&options); } +diff -up openssh-8.0p1/sshbuf-getput-basic.c.stringb openssh-8.0p1/sshbuf-getput-basic.c +--- openssh-8.0p1/sshbuf-getput-basic.c.stringb 2022-12-21 12:18:43.274799163 +0100 ++++ openssh-8.0p1/sshbuf-getput-basic.c 2022-12-21 12:19:19.758081516 +0100 +@@ -371,6 +371,9 @@ sshbuf_put_cstring(struct sshbuf *buf, c + int + sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v) + { ++ if (v == NULL) ++ return sshbuf_put_string(buf, NULL, 0); ++ + return sshbuf_put_string(buf, sshbuf_ptr(v), sshbuf_len(v)); + } + diff --git a/SOURCES/openssh-9.1p1-sshbanner.patch b/SOURCES/openssh-9.1p1-sshbanner.patch new file mode 100644 index 0000000..0e40770 --- /dev/null +++ b/SOURCES/openssh-9.1p1-sshbanner.patch @@ -0,0 +1,32 @@ +diff --git a/ssh-keyscan.c b/ssh-keyscan.c +index d29a03b4..d7283136 100644 +--- a/ssh-keyscan.c ++++ b/ssh-keyscan.c +@@ -490,6 +490,15 @@ congreet(int s) + return; + } + ++ /* ++ * Read the server banner as per RFC4253 section 4.2. The "SSH-" ++ * protocol identification string may be preceeded by an arbitarily ++ * large banner which we must read and ignore. Loop while reading ++ * newline-terminated lines until we have one starting with "SSH-". ++ * The ID string cannot be longer than 255 characters although the ++ * preceeding banner lines may (in which case they'll be discarded ++ * in multiple iterations of the outer loop). ++ */ + for (;;) { + memset(buf, '\0', sizeof(buf)); + bufsiz = sizeof(buf); +@@ -517,6 +526,11 @@ congreet(int s) + conrecycle(s); + return; + } ++ if (cp >= buf + sizeof(buf)) { ++ error("%s: greeting exceeds allowable length", c->c_name); ++ confree(s); ++ return; ++ } + if (*cp != '\n' && *cp != '\r') { + error("%s: bad greeting", c->c_name); + confree(s); diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index 34a50f0..cd44e45 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -252,6 +252,7 @@ Patch980: openssh-8.7p1-upstream-cve-2021-41617.patch # c2bd7f74b0e0f3a3ee9d19ac549e6ba89013abaf~1..677d0ece67634262b3b96c3cd6410b19f3a603b7 # 8bdc3bb7cf4c82c3344cfcb82495a43406e87e83 # 47adfdc07f4f8ea0064a1495500244de08d311ed~1..7af1e92cd289b7eaa9a683e9a6f2fddd98f37a01 +# supplementary commit 612b1dd1ec91ffb1e01f58cca0c6eb1d47bf4423 Patch981: openssh-8.0p1-sshd_include.patch # Port upstream ClientAliveCountMax behaviour # upstream commit: @@ -272,6 +273,8 @@ Patch984: openssh-8.0p1-crypto-policy-doc.patch # 0fa33683223c76289470a954404047bc762be84c # f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a Patch985: openssh-8.7p1-minimize-sha1-use.patch +# Upstream ff89b1bed80721295555bd083b173247a9c0484e +Patch986: openssh-9.1p1-sshbanner.patch # Upstream 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6 Patch987: openssh-8.0p1-ipv6-process.patch @@ -505,6 +508,7 @@ popd %patch983 -p1 -b .sftp-realpath %patch984 -p1 -b .crypto-policy-doc %patch985 -p1 -b .minimize-sha1-use +%patch986 -p1 -b .banner %patch987 -p1 -b .sftp_ipv6 %patch200 -p1 -b .audit @@ -797,8 +801,10 @@ getent passwd sshd >/dev/null || \ %endif %changelog -* Mon Jan 23 2023 Dmitry Belyavskiy - 8.0p1-17 -- Fix parsing of IPv6 IPs in sftp client (#2162733) +* Tue Dec 20 2022 Dmitry Belyavskiy - 8.0p1-17 +- Fix parsing of IPv6 IPs in sftp client (#2151334) +- Avoid ssh banner one-byte overflow (#2138344) +- Avoid crash of sshd when Include folder does not exist (#2133087) * Wed Jun 29 2022 Zoltan Fridrich - 8.0p1-16 - Omit client side from minimize-sha1-use.patch to prevent regression (#2093897)