packages/openssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!74 fix CVE-2021-41617

Browse Source 
From: @renmingshuai
Reviewed-by: @zengwefeng
Signed-off-by: @zengwefeng
This commit is contained in:
openeuler-ci-bot 2021-10-09 11:36:31 +00:00 committed by Gitee
commit 11347d6ff5
3 changed files with 73 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
backport-CVE-2021-41617-1.patch Normal file
View File

@ -0,0 +1,34 @@
From f3cbe43e28fe71427d41cfe3a17125b972710455 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 26 Sep 2021 14:01:03 +0000
Subject: upstream: need initgroups() before setresgid(); reported by anton@,
ok deraadt@
OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
---
auth.c | 7 +++++++
1 file changed, 7 insertions(+)
diff --git a/auth.c b/auth.c
index c73444a..e510a05 100644
--- a/auth.c
+++ b/auth.c
@@ -852,6 +852,13 @@ subprocess(const char *tag, struct passwd *pw, const char *command,
}
closefrom(STDERR_FILENO + 1);
+ if (geteuid() == 0 &&
+ initgroups(pw->pw_name, pw->pw_gid) == -1) {
+ error("%s: initgroups(%s, %u): %s", tag,
+ pw->pw_name, (u_int)pw->pw_gid, strerror(errno));
+ _exit(1);
+ }
+
/* Don't use permanently_set_uid() here to avoid fatal() */
if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) {
error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid,
--
1.8.3.1

28
backport-CVE-2021-41617-2.patch Normal file
View File

@ -0,0 +1,28 @@
From f3cbe43e28fe71427d41cfe3a17125b972710455 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 26 Sep 2021 14:01:03 +0000
Subject: upstream: need initgroups() before setresgid(); reported by anton@,
ok deraadt@
OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce
---
auth.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/auth.c b/auth.c
index e510a05..46b56cf 100644
--- a/auth.c
+++ b/auth.c
@@ -39,6 +39,7 @@
# include <paths.h>
#endif
#include <pwd.h>
+#include <grp.h>
#ifdef HAVE_LOGIN_H
#include <login.h>
#endif
--
1.8.3.1

12
openssh.spec
View File

@ -6,7 +6,7 @@
%{?no_gtk2:%global gtk2 0} %{?no_gtk2:%global gtk2 0}
%global sshd_uid 74 %global sshd_uid 74
%global openssh_release 14 %global openssh_release 15
Name: openssh Name: openssh
Version: 8.2p1 Version: 8.2p1
@ -95,6 +95,8 @@ Patch62: add-strict-scp-check-for-CVE-2020-15778.patch
Patch63: backport-move-closefrom-to-before-first-malloc.patch Patch63: backport-move-closefrom-to-before-first-malloc.patch
Patch64: backport-upstream-Remove-debug-message-from-sigchld-handler.patch Patch64: backport-upstream-Remove-debug-message-from-sigchld-handler.patch
Patch65: backport-upstream-Refactor-private-key-parsing.-Eliminates-a-.patch Patch65: backport-upstream-Refactor-private-key-parsing.-Eliminates-a-.patch
Patch66: backport-CVE-2021-41617-1.patch
Patch67: backport-CVE-2021-41617-2.patch
Requires: /sbin/nologin Requires: /sbin/nologin
Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8
@ -262,6 +264,8 @@ popd
%patch63 -p1 %patch63 -p1
%patch64 -p1 %patch64 -p1
%patch65 -p1 %patch65 -p1
%patch66 -p1
%patch67 -p1
autoreconf autoreconf
pushd pam_ssh_agent_auth-0.10.3 pushd pam_ssh_agent_auth-0.10.3
@ -476,6 +480,12 @@ getent passwd sshd >/dev/null || \
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
%changelog %changelog
* Fri Oct 8 2021 renmingshuai<renmingshuai@hauwei.com> - 8.2P1-15
- Type:cves
- CVE:CVE-2021-41617
- SUG:NA
- DESC:fix CVE-2021-41617
* Sat Sep 18 2021 kircher<kircherlike@outlook.com> - 8.2P1-14 * Sat Sep 18 2021 kircher<kircherlike@outlook.com> - 8.2P1-14
- Type:bugfix - Type:bugfix
- CVE:NA - CVE:NA