packages/openssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2020-12062

Browse Source
This commit is contained in:
sherlock2010 2020-07-03 14:10:15 +08:00
parent 95805b12ce
commit 8a23f54ab3
4 changed files with 492 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

202
CVE-2020-12062-1.patch Normal file
View File

@ -0,0 +1,202 @@
From aad87b88fc2536b1ea023213729aaf4eaabe1894 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 1 May 2020 06:31:42 +0000
Subject: [PATCH] upstream: when receving a file in sink(), be careful to send
at
most a single error response after the file has been opened. Otherwise the
source() and sink() can become desyncronised. Reported by Daniel Goujot,
Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache.
ok deraadt@ markus@
OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035
---
scp.c | 96 ++++++++++++++++++++++++++++++++++++-----------------------
1 file changed, 59 insertions(+), 37 deletions(-)
diff --git a/scp.c b/scp.c
index 812ab5301..439025980 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */
+/* $OpenBSD: scp.c,v 1.209 2020/05/01 06:31:42 djm Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -374,6 +374,7 @@ BUF *allocbuf(BUF *, int, int);
void lostconn(int);
int okname(char *);
void run_err(const char *,...);
+int note_err(const char *,...);
void verifydir(char *);
struct passwd *pwd;
@@ -1231,9 +1232,6 @@ sink(int argc, char **argv, const char *src)
{
static BUF buffer;
struct stat stb;
- enum {
- YES, NO, DISPLAYED
- } wrerr;
BUF *bp;
off_t i;
size_t j, count;
@@ -1241,7 +1239,7 @@ sink(int argc, char **argv, const char *src)
mode_t mode, omode, mask;
off_t size, statbytes;
unsigned long long ull;
- int setimes, targisdir, wrerrno = 0;
+ int setimes, targisdir, wrerr;
char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048];
char **patterns = NULL;
size_t n, npatterns = 0;
@@ -1450,8 +1448,13 @@ bad: run_err("%s: %s", np, strerror(errno));
continue;
}
cp = bp->buf;
- wrerr = NO;
+ wrerr = 0;
+ /*
+ * NB. do not use run_err() unless immediately followed by
+ * exit() below as it may send a spurious reply that might
+ * desyncronise us from the peer. Use note_err() instead.
+ */
statbytes = 0;
if (showprogress)
start_progress_meter(curfile, size, &statbytes);
@@ -1476,11 +1479,12 @@ bad: run_err("%s: %s", np, strerror(errno));
if (count == bp->cnt) {
/* Keep reading so we stay sync'd up. */
- if (wrerr == NO) {
+ if (!wrerr) {
if (atomicio(vwrite, ofd, bp->buf,
count) != count) {
- wrerr = YES;
- wrerrno = errno;
+ note_err("%s: %s", np,
+ strerror(errno));
+ wrerr = 1;
}
}
count = 0;
@@ -1488,16 +1492,14 @@ bad: run_err("%s: %s", np, strerror(errno));
}
}
unset_nonblock(remin);
- if (count != 0 && wrerr == NO &&
+ if (count != 0 && !wrerr &&
atomicio(vwrite, ofd, bp->buf, count) != count) {
- wrerr = YES;
- wrerrno = errno;
- }
- if (wrerr == NO && (!exists || S_ISREG(stb.st_mode)) &&
- ftruncate(ofd, size) != 0) {
- run_err("%s: truncate: %s", np, strerror(errno));
- wrerr = DISPLAYED;
+ note_err("%s: %s", np, strerror(errno));
+ wrerr = 1;
}
+ if (!wrerr && (!exists || S_ISREG(stb.st_mode)) &&
+ ftruncate(ofd, size) != 0)
+ note_err("%s: truncate: %s", np, strerror(errno));
if (pflag) {
if (exists || omode != mode)
#ifdef HAVE_FCHMOD
@@ -1505,9 +1507,8 @@ bad: run_err("%s: %s", np, strerror(errno));
#else /* HAVE_FCHMOD */
if (chmod(np, omode)) {
#endif /* HAVE_FCHMOD */
- run_err("%s: set mode: %s",
+ note_err("%s: set mode: %s",
np, strerror(errno));
- wrerr = DISPLAYED;
}
} else {
if (!exists && omode != mode)
@@ -1516,36 +1517,25 @@ bad: run_err("%s: %s", np, strerror(errno));
#else /* HAVE_FCHMOD */
if (chmod(np, omode & ~mask)) {
#endif /* HAVE_FCHMOD */
- run_err("%s: set mode: %s",
+ note_err("%s: set mode: %s",
np, strerror(errno));
- wrerr = DISPLAYED;
}
}
- if (close(ofd) == -1) {
- wrerr = YES;
- wrerrno = errno;
- }
+ if (close(ofd) == -1)
+ note_err(np, "%s: close: %s", np, strerror(errno));
(void) response();
if (showprogress)
stop_progress_meter();
- if (setimes && wrerr == NO) {
+ if (setimes && !wrerr) {
setimes = 0;
if (utimes(np, tv) < 0) {
- run_err("%s: set times: %s",
+ note_err("%s: set times: %s",
np, strerror(errno));
- wrerr = DISPLAYED;
}
}
- switch (wrerr) {
- case YES:
- run_err("%s: %s", np, strerror(wrerrno));
- break;
- case NO:
+ /* If no error was noted then signal success for this file */
+ if (note_err(NULL) == 0)
(void) atomicio(vwrite, remout, "", 1);
- break;
- case DISPLAYED:
- break;
- }
}
done:
for (n = 0; n < npatterns; n++)
@@ -1633,6 +1623,38 @@ run_err(const char *fmt,...)
}
}
+/*
+ * Notes a sink error for sending at the end of a file transfer. Returns 0 if
+ * no error has been noted or -1 otherwise. Use note_err(NULL) to flush
+ * any active error at the end of the transfer.
+ */
+int
+note_err(const char *fmt, ...)
+{
+ static char *emsg;
+ va_list ap;
+
+ /* Replay any previously-noted error */
+ if (fmt == NULL) {
+ if (emsg == NULL)
+ return 0;
+ run_err("%s", emsg);
+ free(emsg);
+ emsg = NULL;
+ return -1;
+ }
+
+ errs++;
+ /* Prefer first-noted error */
+ if (emsg != NULL)
+ return -1;
+
+ va_start(ap, fmt);
+ vasnmprintf(&emsg, INT_MAX, NULL, fmt, ap);
+ va_end(ap);
+ return -1;
+}
+
void
verifydir(char *cp)
{

34
CVE-2020-12062-2.patch Normal file
View File

@ -0,0 +1,34 @@
From 955854cafca88e0cdcd3d09ca1ad4ada465364a1 Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Wed, 6 May 2020 20:57:38 +0000
Subject: [PATCH] upstream: another case where a utimes() failure could make
scp send
a desynchronising error; reminded by Aymeric Vincent ok deraadt markus
OpenBSD-Commit-ID: 2ea611d34d8ff6d703a7a8bf858aa5dbfbfa7381
---
scp.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/scp.c b/scp.c
index 439025980..b4492a062 100644
--- a/scp.c
+++ b/scp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: scp.c,v 1.209 2020/05/01 06:31:42 djm Exp $ */
+/* $OpenBSD: scp.c,v 1.210 2020/05/06 20:57:38 djm Exp $ */
/*
* scp - secure remote copy. This is basically patched BSD rcp which
* uses ssh to do the data transfer (instead of using rcmd).
@@ -1427,9 +1427,7 @@ sink(int argc, char **argv, const char *src)
sink(1, vect, src);
if (setimes) {
setimes = 0;
- if (utimes(vect[0], tv) < 0)
- run_err("%s: set times: %s",
- vect[0], strerror(errno));
+ (void) utimes(vect[0], tv);
}
if (mod_flag)
(void) chmod(vect[0], mode);

388
openssh.spec
View File

@ -10,7 +10,7 @@
Name: openssh Name: openssh
Version: 7.8p1 Version: 7.8p1
Release: 8 Release: 9
URL: https://www.openssh.com/portable.html URL: https://www.openssh.com/portable.html
License: BSD License: BSD
Summary: An open source implementation of SSH protocol version 2 Summary: An open source implementation of SSH protocol version 2
@ -31,107 +31,107 @@ Source13: sshd-keygen
Source14: sshd.tmpfiles Source14: sshd.tmpfiles
Source15: sshd-keygen.target Source15: sshd-keygen.target
Patch100: openssh-6.7p1-coverity.patch Patch0: openssh-6.7p1-coverity.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=735889 #https://bugzilla.redhat.com/show_bug.cgi?id=735889
Patch104: openssh-7.3p1-openssl-1.1.0.patch Patch1: openssh-7.3p1-openssl-1.1.0.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1171248 # https://bugzilla.redhat.com/show_bug.cgi?id=1171248
Patch200: openssh-7.6p1-audit.patch Patch2: openssh-7.6p1-audit.patch
Patch201: openssh-7.1p2-audit-race-condition.patch Patch3: openssh-7.1p2-audit-race-condition.patch
Patch300: pam_ssh_agent_auth-0.9.3-build.patch Patch4: pam_ssh_agent_auth-0.9.3-build.patch
Patch301: pam_ssh_agent_auth-0.10.3-seteuid.patch Patch5: pam_ssh_agent_auth-0.10.3-seteuid.patch
Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch Patch6: pam_ssh_agent_auth-0.9.2-visibility.patch
Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch Patch7: pam_ssh_agent_auth-0.9.3-agent_structure.patch
Patch306: pam_ssh_agent_auth-0.10.2-compat.patch Patch8: pam_ssh_agent_auth-0.10.2-compat.patch
Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch Patch9: pam_ssh_agent_auth-0.10.2-dereference.patch
Patch400: openssh-7.8p1-role-mls.patch Patch10: openssh-7.8p1-role-mls.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=781634 #https://bugzilla.redhat.com/show_bug.cgi?id=781634
Patch404: openssh-6.6p1-privsep-selinux.patch Patch11: openssh-6.6p1-privsep-selinux.patch
Patch501: openssh-6.7p1-ldap.patch Patch12: openssh-6.7p1-ldap.patch
Patch502: openssh-6.6p1-keycat.patch Patch13: openssh-6.6p1-keycat.patch
Patch601: openssh-6.6p1-allow-ip-opts.patch Patch14: openssh-6.6p1-allow-ip-opts.patch
Patch604: openssh-6.6p1-keyperm.patch Patch15: openssh-6.6p1-keyperm.patch
Patch606: openssh-5.9p1-ipv6man.patch Patch16: openssh-5.9p1-ipv6man.patch
Patch607: openssh-5.8p2-sigpipe.patch Patch17: openssh-5.8p2-sigpipe.patch
Patch609: openssh-7.2p2-x11.patch Patch18: openssh-7.2p2-x11.patch
Patch700: openssh-7.7p1-fips.patch Patch19: openssh-7.7p1-fips.patch
Patch702: openssh-5.1p1-askpass-progress.patch Patch20: openssh-5.1p1-askpass-progress.patch
#https://bugzilla.redhat.com/show_bug.cgi?id=198332 #https://bugzilla.redhat.com/show_bug.cgi?id=198332
Patch703: openssh-4.3p2-askpass-grab-info.patch Patch21: openssh-4.3p2-askpass-grab-info.patch
#patch from redhat #patch from redhat
Patch707: openssh-7.7p1.patch Patch22: openssh-7.7p1.patch
Patch709: openssh-6.2p1-vendor.patch Patch23: openssh-6.2p1-vendor.patch
Patch711: openssh-7.8p1-UsePAM-warning.patch Patch24: openssh-7.8p1-UsePAM-warning.patch
Patch712: openssh-6.3p1-ctr-evp-fast.patch Patch25: openssh-6.3p1-ctr-evp-fast.patch
Patch713: openssh-6.6p1-ctr-cavstest.patch Patch26: openssh-6.6p1-ctr-cavstest.patch
Patch714: openssh-6.7p1-kdf-cavs.patch Patch27: openssh-6.7p1-kdf-cavs.patch
Patch800: openssh-7.8p1-gsskex.patch Patch28: openssh-7.8p1-gsskex.patch
Patch801: openssh-6.6p1-force_krb.patch Patch29: openssh-6.6p1-force_krb.patch
Patch802: openssh-6.6p1-GSSAPIEnablek5users.patch Patch30: openssh-6.6p1-GSSAPIEnablek5users.patch
# from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765655 # from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765655
Patch803: openssh-7.1p1-gssapi-documentation.patch Patch31: openssh-7.1p1-gssapi-documentation.patch
Patch804: openssh-7.7p1-gssapi-new-unique.patch Patch32: openssh-7.7p1-gssapi-new-unique.patch
Patch805: openssh-7.2p2-k5login_directory.patch Patch33: openssh-7.2p2-k5login_directory.patch
Patch807: openssh-7.5p1-gssapi-kex-with-ec.patch Patch34: openssh-7.5p1-gssapi-kex-with-ec.patch
Patch900: openssh-6.1p1-gssapi-canohost.patch Patch35: openssh-6.1p1-gssapi-canohost.patch
Patch901: openssh-6.6p1-kuserok.patch Patch36: openssh-6.6p1-kuserok.patch
Patch906: openssh-6.4p1-fromto-remote.patch Patch37: openssh-6.4p1-fromto-remote.patch
Patch916: openssh-6.6.1p1-selinux-contexts.patch Patch38: openssh-6.6.1p1-selinux-contexts.patch
Patch918: openssh-6.6.1p1-log-in-chroot.patch Patch39: openssh-6.6.1p1-log-in-chroot.patch
Patch919: openssh-6.6.1p1-scp-non-existing-directory.patch Patch40: openssh-6.6.1p1-scp-non-existing-directory.patch
Patch920: openssh-7.8p1-ip-port-config-parser.patch Patch41: openssh-7.8p1-ip-port-config-parser.patch
Patch922: openssh-6.8p1-sshdT-output.patch Patch42: openssh-6.8p1-sshdT-output.patch
Patch926: openssh-6.7p1-sftp-force-permission.patch Patch43: openssh-6.7p1-sftp-force-permission.patch
Patch929: openssh-6.9p1-permit-root-login.patch Patch44: openssh-6.9p1-permit-root-login.patch
Patch932: openssh-7.0p1-gssKexAlgorithms.patch Patch45: openssh-7.0p1-gssKexAlgorithms.patch
Patch939: openssh-7.2p2-s390-closefrom.patch Patch46: openssh-7.2p2-s390-closefrom.patch
Patch944: openssh-7.3p1-x11-max-displays.patch Patch47: openssh-7.3p1-x11-max-displays.patch
Patch948: openssh-7.4p1-systemd.patch Patch48: openssh-7.4p1-systemd.patch
Patch949: openssh-7.6p1-cleanup-selinux.patch Patch49: openssh-7.6p1-cleanup-selinux.patch
Patch950: openssh-7.5p1-sandbox.patch Patch50: openssh-7.5p1-sandbox.patch
Patch951: openssh-7.6p1-pkcs11-uri.patch Patch51: openssh-7.6p1-pkcs11-uri.patch
Patch952: openssh-7.6p1-pkcs11-ecdsa.patch Patch52: openssh-7.6p1-pkcs11-ecdsa.patch
Patch953: openssh-7.8p1-scp-ipv6.patch Patch53: openssh-7.8p1-scp-ipv6.patch
Patch54: Initial-len-for-the-fmt-NULL-case.patch
Patch6000: Initial-len-for-the-fmt-NULL-case.patch Patch55: upstream-fix-build-with-DEBUG_PK-enabled.patch
Patch6001: upstream-fix-build-with-DEBUG_PK-enabled.patch Patch56: upstream-fix-misplaced-parenthesis-inside-if-clause..patch
Patch6002: upstream-fix-misplaced-parenthesis-inside-if-clause..patch Patch57: delete-the-correct-thing-kexfuzz-binary.patch
Patch6003: delete-the-correct-thing-kexfuzz-binary.patch Patch58: upstream-When-choosing-a-prime-from-the-moduli-file-.patch
Patch6004: upstream-When-choosing-a-prime-from-the-moduli-file-.patch Patch59: upstream-fix-ssh-Q-sig-to-show-correct-signature-alg.patch
Patch6005: upstream-fix-ssh-Q-sig-to-show-correct-signature-alg.patch Patch60: in-pick_salt-avoid-dereference-of-NULL-passwords.patch
Patch6006: in-pick_salt-avoid-dereference-of-NULL-passwords.patch Patch61: check-for-NULL-return-from-shadow_pw.patch
Patch6007: check-for-NULL-return-from-shadow_pw.patch Patch62: check-pw_passwd-NULL-here-too.patch
Patch6008: check-pw_passwd-NULL-here-too.patch Patch63: upstream-typo-in-plain-RSA-algorithm-counterpart-nam.patch
Patch6009: upstream-typo-in-plain-RSA-algorithm-counterpart-nam.patch Patch64: upstream-correct-local-variable-name-from-yawang-AT-.patch
Patch6010: upstream-correct-local-variable-name-from-yawang-AT-.patch Patch65: upstream-typo-in-error-message-caught-by-Debian-lint.patch
Patch6011: upstream-typo-in-error-message-caught-by-Debian-lint.patch Patch66: upstream-fix-bug-in-HostbasedAcceptedKeyTypes-and.patch
Patch6012: upstream-fix-bug-in-HostbasedAcceptedKeyTypes-and.patch Patch67: upstream-fix-bug-in-client-that-was-keeping-a-redund.patch
Patch6013: upstream-fix-bug-in-client-that-was-keeping-a-redund.patch Patch68: upstream-disallow-empty-incoming-filename-or-ones-th.patch
Patch6014: upstream-disallow-empty-incoming-filename-or-ones-th.patch Patch69: upstream-make-grandparent-parent-child-sshbuf-chains.patch
Patch6015: upstream-make-grandparent-parent-child-sshbuf-chains.patch Patch70: Move-RANDOM_SEED_SIZE-outside-ifdef.patch
Patch6016: Move-RANDOM_SEED_SIZE-outside-ifdef.patch Patch71: upstream-don-t-truncate-user-or-host-name-in-user-ho.patch
Patch6017: upstream-don-t-truncate-user-or-host-name-in-user-ho.patch Patch72: upstream-don-t-attempt-to-connect-to-empty-SSH_AUTH_.patch
Patch6018: upstream-don-t-attempt-to-connect-to-empty-SSH_AUTH_.patch Patch73: upstream-only-consider-the-ext-info-c-extension-duri.patch
Patch6019: upstream-only-consider-the-ext-info-c-extension-duri.patch Patch74: upstream-fix-memory-leak-of-ciphercontext-when-rekey.patch
Patch6020: upstream-fix-memory-leak-of-ciphercontext-when-rekey.patch Patch75: upstream-Fix-BN_is_prime_-calls-in-SSH-the-API-retur.patch
Patch6021: upstream-Fix-BN_is_prime_-calls-in-SSH-the-API-retur.patch Patch76: upstream-Always-initialize-2nd-arg-to-hpdelim2.-It-p.patch
Patch6022: upstream-Always-initialize-2nd-arg-to-hpdelim2.-It-p.patch Patch77: Cygwin-Change-service-name-to-cygsshd.patch
Patch6023: Cygwin-Change-service-name-to-cygsshd.patch Patch78: openssh-fix-typo-that-prevented-detection-of-Linux-V.patch
Patch6024: openssh-fix-typo-that-prevented-detection-of-Linux-V.patch Patch79: CVE-2019-6109-1.patch
Patch80: CVE-2019-6109-2.patch
Patch6025: CVE-2019-6109-1.patch Patch81: CVE-2019-6111-1.patch
Patch6026: CVE-2019-6109-2.patch Patch82: CVE-2019-6111-2.patch
Patch6027: CVE-2019-6111-1.patch Patch83: CVE-2019-16905.patch
Patch6028: CVE-2019-6111-2.patch Patch84: upstream-fix-sshd-T-without-C.patch
Patch6029: CVE-2019-16905.patch Patch85: bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch
Patch6030: upstream-fix-sshd-T-without-C.patch Patch86: bugfix-openssh-6.6p1-log-usepam-no.patch
Patch87: bugfix-openssh-add-option-check-username-splash.patch
Patch9004: bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch Patch88: feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch
Patch9005: bugfix-openssh-6.6p1-log-usepam-no.patch Patch89: bugfix-supply-callback-to-PEM-read-bio-PrivateKey.patch
Patch9006: bugfix-openssh-add-option-check-username-splash.patch Patch90: bugfix-openssh-fix-sftpserver.patch
Patch9007: feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch Patch91: bugfix-CVE-2018-15919.patch
Patch9008: bugfix-supply-callback-to-PEM-read-bio-PrivateKey.patch Patch92: CVE-2020-12062-1.patch
Patch9009: bugfix-openssh-fix-sftpserver.patch Patch93: CVE-2020-12062-2.patch
Patch9010: bugfix-CVE-2018-15919.patch Patch94: upstream-expose-vasnmprintf.patch
Requires: /sbin/nologin libselinux >= 2.3-5 audit-libs >= 1.0.8 Requires: /sbin/nologin libselinux >= 2.3-5 audit-libs >= 1.0.8
Requires: fipscheck-lib >= 1.3.0 Requires: fipscheck-lib >= 1.3.0
@ -178,105 +178,105 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
%setup -q -a 4 %setup -q -a 4
pushd pam_ssh_agent_auth-0.10.3 pushd pam_ssh_agent_auth-0.10.3
%patch300 -p2 -b .psaa-build %patch4 -p2 -b .psaa-build
%patch301 -p2 -b .psaa-seteuid %patch5 -p2 -b .psaa-seteuid
%patch302 -p2 -b .psaa-visibility %patch6 -p2 -b .psaa-visibility
%patch306 -p2 -b .psaa-compat %patch8 -p2 -b .psaa-compat
%patch305 -p2 -b .psaa-agent %patch7 -p2 -b .psaa-agent
%patch307 -p2 -b .psaa-deref %patch9 -p2 -b .psaa-deref
# Remove duplicate headers and library files # Remove duplicate headers and library files
rm -f $(cat %{SOURCE5}) rm -f $(cat %{SOURCE5})
popd popd
%patch400 -p1 -b .role-mls %patch10 -p1 -b .role-mls
%patch404 -p1 -b .privsep-selinux %patch11 -p1 -b .privsep-selinux
%patch501 -p1 -b .ldap %patch12 -p1 -b .ldap
%patch502 -p1 -b .keycat %patch13 -p1 -b .keycat
%patch601 -p1 -b .ip-opts %patch14 -p1 -b .ip-opts
%patch604 -p1 -b .keyperm %patch15 -p1 -b .keyperm
%patch606 -p1 -b .ipv6man %patch16 -p1 -b .ipv6man
%patch607 -p1 -b .sigpipe %patch17 -p1 -b .sigpipe
%patch609 -p1 -b .x11 %patch18 -p1 -b .x11
%patch702 -p1 -b .progress %patch20 -p1 -b .progress
%patch703 -p1 -b .grab-info %patch21 -p1 -b .grab-info
%patch707 -p1 %patch22 -p1
%patch709 -p1 -b .vendor %patch23 -p1 -b .vendor
%patch711 -p1 -b .log-usepam-no %patch24 -p1 -b .log-usepam-no
%patch712 -p1 -b .evp-ctr %patch25 -p1 -b .evp-ctr
%patch713 -p1 -b .ctr-cavs %patch26 -p1 -b .ctr-cavs
%patch714 -p1 -b .kdf-cavs %patch27 -p1 -b .kdf-cavs
%patch800 -p1 -b .gsskex %patch28 -p1 -b .gsskex
%patch801 -p1 -b .force_krb %patch29 -p1 -b .force_krb
%patch803 -p1 -b .gss-docs %patch31 -p1 -b .gss-docs
%patch804 -p1 -b .ccache_name %patch32 -p1 -b .ccache_name
%patch805 -p1 -b .k5login %patch33 -p1 -b .k5login
%patch900 -p1 -b .canohost %patch35 -p1 -b .canohost
%patch901 -p1 -b .kuserok %patch36 -p1 -b .kuserok
%patch906 -p1 -b .fromto-remote %patch37 -p1 -b .fromto-remote
%patch916 -p1 -b .contexts %patch38 -p1 -b .contexts
%patch918 -p1 -b .log-in-chroot %patch39 -p1 -b .log-in-chroot
%patch919 -p1 -b .scp %patch40 -p1 -b .scp
%patch920 -p1 -b .config %patch41 -p1 -b .config
%patch802 -p1 -b .GSSAPIEnablek5users %patch30 -p1 -b .GSSAPIEnablek5users
%patch922 -p1 -b .sshdt %patch42 -p1 -b .sshdt
%patch926 -p1 -b .sftp-force-mode %patch43 -p1 -b .sftp-force-mode
%patch929 -p1 -b .root-login %patch44 -p1 -b .root-login
%patch932 -p1 -b .gsskexalg %patch45 -p1 -b .gsskexalg
%patch939 -p1 -b .s390-dev %patch46 -p1 -b .s390-dev
%patch944 -p1 -b .x11max %patch47 -p1 -b .x11max
%patch948 -p1 -b .systemd %patch48 -p1 -b .systemd
%patch807 -p1 -b .gsskex-ec %patch34 -p1 -b .gsskex-ec
%patch949 -p1 -b .refactor %patch49 -p1 -b .refactor
%patch950 -p1 -b .sandbox %patch50 -p1 -b .sandbox
%patch951 -p1 -b .pkcs11-uri %patch51 -p1 -b .pkcs11-uri
%patch952 -p1 -b .pkcs11-ecdsa %patch52 -p1 -b .pkcs11-ecdsa
%patch953 -p1 -b .scp-ipv6 %patch53 -p1 -b .scp-ipv6
%patch200 -p1 -b .audit %patch2 -p1 -b .audit
%patch201 -p1 -b .audit-race %patch3 -p1 -b .audit-race
%patch700 -p1 -b .fips %patch19 -p1 -b .fips
%patch100 -p1 -b .coverity %patch0 -p1 -b .coverity
%patch104 -p1 -b .openssl %patch1 -p1 -b .openssl
%patch54 -p1
%patch6000 -p1 %patch55 -p1
%patch6001 -p1 %patch56 -p1
%patch6002 -p1 %patch57 -p1
%patch6003 -p1 %patch58 -p1
%patch6004 -p1 %patch59 -p1
%patch6005 -p1 %patch60 -p1
%patch6006 -p1 %patch61 -p1
%patch6007 -p1 %patch62 -p1
%patch6008 -p1 %patch63 -p1
%patch6009 -p1 %patch64 -p1
%patch6010 -p1 %patch65 -p1
%patch6011 -p1 %patch66 -p1
%patch6012 -p1 %patch67 -p1
%patch6013 -p1 %patch68 -p1
%patch6014 -p1 %patch69 -p1
%patch6015 -p1 %patch70 -p1
%patch6016 -p1 %patch71 -p1
%patch6017 -p1 %patch72 -p1
%patch6018 -p1 %patch73 -p1
%patch6019 -p1 %patch74 -p1
%patch6020 -p1 %patch75 -p1
%patch6021 -p1 %patch76 -p1
%patch6022 -p1 %patch77 -p1
%patch6023 -p1 %patch78 -p1
%patch6024 -p1 %patch79 -p1
%patch6025 -p1 %patch80 -p1
%patch6026 -p1 %patch81 -p1
%patch6027 -p1 %patch82 -p1
%patch6028 -p1 %patch83 -p1
%patch6029 -p1 %patch85 -p1
%patch86 -p1
%patch9004 -p1 %patch87 -p1
%patch9005 -p1 %patch88 -p1
%patch9006 -p1 %patch89 -p1
%patch9007 -p1 %patch90 -p1
%patch9008 -p1 %patch84 -p1
%patch9009 -p1 %patch91 -p1
%patch92 -p1
%patch6030 -p1 %patch93 -p1
%patch9010 -p1 %patch94 -p1
autoreconf autoreconf
pushd pam_ssh_agent_auth-0.10.3 pushd pam_ssh_agent_auth-0.10.3
@ -463,6 +463,12 @@ getent passwd sshd >/dev/null || \
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
%changelog %changelog
* Fri Jul 03 2020 zhouyihang <zhouyihang3@huawei.com> - 7.8P1-9
- Type:cves
- ID:CVE-2020-12062
- SUG:NA
- DESC:Fix CVE-2020-12062
* Wed Mar 18 2020 songnannan <songnannan2@huawei.com> - 7.8P1-8 * Wed Mar 18 2020 songnannan <songnannan2@huawei.com> - 7.8P1-8
- bugfix CVE-2018-15919 - bugfix CVE-2018-15919

59
upstream-expose-vasnmprintf.patch Normal file
View File

@ -0,0 +1,59 @@
From 31909696c4620c431dd55f6cd15db65c4e9b98da Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 1 May 2020 06:28:52 +0000
Subject: [PATCH] upstream: expose vasnmprintf(); ok (as part of other commit)
markus
deraadt
OpenBSD-Commit-ID: 2e80cea441c599631a870fd40307d2ade5a7f9b5
---
utf8.c | 5 ++---
utf8.h | 3 ++-
2 files changed, 4 insertions(+), 4 deletions(-)
diff --git a/utf8.c b/utf8.c
index f83401996..7f63b25ae 100644
--- a/utf8.c
+++ b/utf8.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: utf8.c,v 1.8 2018/08/21 13:56:27 schwarze Exp $ */
+/* $OpenBSD: utf8.c,v 1.11 2020/05/01 06:28:52 djm Exp $ */
/*
* Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
*
@@ -43,7 +43,6 @@
static int dangerous_locale(void);
static int grow_dst(char **, size_t *, size_t, char **, size_t);
-static int vasnmprintf(char **, size_t, int *, const char *, va_list);
/*
@@ -101,7 +100,7 @@ grow_dst(char **dst, size_t *sz, size_t maxsz, char **dp, size_t need)
* written is returned in *wp.
*/
-static int
+int
vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap)
{
char *src; /* Source string returned from vasprintf. */
diff --git a/utf8.h b/utf8.h
index 20a11dc59..9d6d9a32c 100644
--- a/utf8.h
+++ b/utf8.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: utf8.h,v 1.1 2016/05/25 23:48:45 schwarze Exp $ */
+/* $OpenBSD: utf8.h,v 1.3 2020/05/01 06:28:52 djm Exp $ */
/*
* Copyright (c) 2016 Ingo Schwarze <schwarze@openbsd.org>
*
@@ -15,6 +15,7 @@
* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
+int vasnmprintf(char **, size_t, int *, const char *, va_list);
int mprintf(const char *, ...)
__attribute__((format(printf, 1, 2)));
int fmprintf(FILE *, const char *, ...)