From 7de95a26d2713761a46db70dc4c451ed6b3f822c Mon Sep 17 00:00:00 2001 From: jiangyong Date: Mon, 20 Mar 2023 19:32:24 +0800 Subject: [PATCH] a desynchronising error; detail: scp(1): when receiving files, scp(1) could be become desynchronised if a utimes(2) system call failed. This could allow file contents to be interpreted as file metadata and thereby permit an adversary to craft a file system that, when copied with scp(1) in a configuration that caused utimes(2) to fail (e.g. under a SELinux policy or syscall sandbox), transferred different file names and contents to the actual file system layout. upstream:https://github.com/openssh/openssh-portable/commit/955854cafca88e0cdcd3d09ca1ad4ada465364a1 --- ...sh-8.3p1-fix-desynchronised-utimes-failed.patch | 14 ++++++++++++++ openssh.spec | 7 ++++++- 2 files changed, 20 insertions(+), 1 deletion(-) create mode 100644 openssh-8.3p1-fix-desynchronised-utimes-failed.patch diff --git a/openssh-8.3p1-fix-desynchronised-utimes-failed.patch b/openssh-8.3p1-fix-desynchronised-utimes-failed.patch new file mode 100644 index 0000000..d522f28 --- /dev/null +++ b/openssh-8.3p1-fix-desynchronised-utimes-failed.patch @@ -0,0 +1,14 @@ +diff --color -ru openssh-8.0p1/scp.c openssh-8.0p1-new/scp.c +--- openssh-8.0p1/scp.c 2023-03-17 16:27:55.831000000 -0400 ++++ openssh-8.0p1-new/scp.c 2023-03-17 16:29:49.246000000 -0400 +@@ -1431,9 +1431,7 @@ + sink(1, vect, src); + if (setimes) { + setimes = 0; +- if (utimes(vect[0], tv) < 0) +- run_err("%s: set times: %s", +- vect[0], strerror(errno)); ++ (void) utimes(vect[0], tv); + } + if (mod_flag) + (void) chmod(vect[0], mode); diff --git a/openssh.spec b/openssh.spec index 8eacb8d..5755871 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,4 +1,4 @@ -%define anolis_release .0.2 +%define anolis_release .0.3 # Do we want SELinux & Audit %if 0%{?!noselinux:1} %global WITH_SELINUX 1 @@ -282,6 +282,7 @@ Patch1002: 1000-openssh-anolis-fix-seccomp-error.patch # End # Fix a one-byte overflow in SSH-banner processing Patch1003: openssh-9.1p1-fix-onebyte-buffer-overflow.patch +Patch1004: openssh-8.3p1-fix-desynchronised-utimes-failed.patch License: BSD Group: Applications/Internet @@ -523,6 +524,7 @@ popd %patch1001 -p1 %patch1002 -p1 %patch1003 -p1 +%patch1004 -p1 autoreconf pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} @@ -808,6 +810,9 @@ getent passwd sshd >/dev/null || \ %endif %changelog +* Mon Mar 20 2023 JiangYong - 8.0p1-16.0.3 +- another case where a utimes() failure could make scp send + * Sat Mar 18 2023 JiangYong - 8.0p1-16.0.2 - Fix a one-byte overflow in SSH-banner processing -- Gitee