diff --git a/CVE-2020-12062-1.patch b/CVE-2020-12062-1.patch new file mode 100644 index 0000000000000000000000000000000000000000..1d75954645a3aa9c09ad6edf7aef3f50becb2d91 --- /dev/null +++ b/CVE-2020-12062-1.patch @@ -0,0 +1,202 @@ +From aad87b88fc2536b1ea023213729aaf4eaabe1894 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 1 May 2020 06:31:42 +0000 +Subject: [PATCH] upstream: when receving a file in sink(), be careful to send + at + +most a single error response after the file has been opened. Otherwise the +source() and sink() can become desyncronised. Reported by Daniel Goujot, +Georges-Axel Jaloyan, Ryan Lahfa, and David Naccache. + +ok deraadt@ markus@ + +OpenBSD-Commit-ID: 6c14d233c97349cb811a8f7921ded3ae7d9e0035 +--- + scp.c | 96 ++++++++++++++++++++++++++++++++++++----------------------- + 1 file changed, 59 insertions(+), 37 deletions(-) + +diff --git a/scp.c b/scp.c +index 812ab5301..439025980 100644 +--- a/scp.c ++++ b/scp.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */ ++/* $OpenBSD: scp.c,v 1.209 2020/05/01 06:31:42 djm Exp $ */ + /* + * scp - secure remote copy. This is basically patched BSD rcp which + * uses ssh to do the data transfer (instead of using rcmd). +@@ -374,6 +374,7 @@ BUF *allocbuf(BUF *, int, int); + void lostconn(int); + int okname(char *); + void run_err(const char *,...); ++int note_err(const char *,...); + void verifydir(char *); + + struct passwd *pwd; +@@ -1231,9 +1232,6 @@ sink(int argc, char **argv, const char *src) + { + static BUF buffer; + struct stat stb; +- enum { +- YES, NO, DISPLAYED +- } wrerr; + BUF *bp; + off_t i; + size_t j, count; +@@ -1241,7 +1239,7 @@ sink(int argc, char **argv, const char *src) + mode_t mode, omode, mask; + off_t size, statbytes; + unsigned long long ull; +- int setimes, targisdir, wrerrno = 0; ++ int setimes, targisdir, wrerr; + char ch, *cp, *np, *targ, *why, *vect[1], buf[2048], visbuf[2048]; + char **patterns = NULL; + size_t n, npatterns = 0; +@@ -1450,8 +1448,13 @@ bad: run_err("%s: %s", np, strerror(errno)); + continue; + } + cp = bp->buf; +- wrerr = NO; ++ wrerr = 0; + ++ /* ++ * NB. do not use run_err() unless immediately followed by ++ * exit() below as it may send a spurious reply that might ++ * desyncronise us from the peer. Use note_err() instead. ++ */ + statbytes = 0; + if (showprogress) + start_progress_meter(curfile, size, &statbytes); +@@ -1476,11 +1479,12 @@ bad: run_err("%s: %s", np, strerror(errno)); + + if (count == bp->cnt) { + /* Keep reading so we stay sync'd up. */ +- if (wrerr == NO) { ++ if (!wrerr) { + if (atomicio(vwrite, ofd, bp->buf, + count) != count) { +- wrerr = YES; +- wrerrno = errno; ++ note_err("%s: %s", np, ++ strerror(errno)); ++ wrerr = 1; + } + } + count = 0; +@@ -1488,16 +1492,14 @@ bad: run_err("%s: %s", np, strerror(errno)); + } + } + unset_nonblock(remin); +- if (count != 0 && wrerr == NO && ++ if (count != 0 && !wrerr && + atomicio(vwrite, ofd, bp->buf, count) != count) { +- wrerr = YES; +- wrerrno = errno; +- } +- if (wrerr == NO && (!exists || S_ISREG(stb.st_mode)) && +- ftruncate(ofd, size) != 0) { +- run_err("%s: truncate: %s", np, strerror(errno)); +- wrerr = DISPLAYED; ++ note_err("%s: %s", np, strerror(errno)); ++ wrerr = 1; + } ++ if (!wrerr && (!exists || S_ISREG(stb.st_mode)) && ++ ftruncate(ofd, size) != 0) ++ note_err("%s: truncate: %s", np, strerror(errno)); + if (pflag) { + if (exists || omode != mode) + #ifdef HAVE_FCHMOD +@@ -1505,9 +1507,8 @@ bad: run_err("%s: %s", np, strerror(errno)); + #else /* HAVE_FCHMOD */ + if (chmod(np, omode)) { + #endif /* HAVE_FCHMOD */ +- run_err("%s: set mode: %s", ++ note_err("%s: set mode: %s", + np, strerror(errno)); +- wrerr = DISPLAYED; + } + } else { + if (!exists && omode != mode) +@@ -1516,36 +1517,25 @@ bad: run_err("%s: %s", np, strerror(errno)); + #else /* HAVE_FCHMOD */ + if (chmod(np, omode & ~mask)) { + #endif /* HAVE_FCHMOD */ +- run_err("%s: set mode: %s", ++ note_err("%s: set mode: %s", + np, strerror(errno)); +- wrerr = DISPLAYED; + } + } +- if (close(ofd) == -1) { +- wrerr = YES; +- wrerrno = errno; +- } ++ if (close(ofd) == -1) ++ note_err(np, "%s: close: %s", np, strerror(errno)); + (void) response(); + if (showprogress) + stop_progress_meter(); +- if (setimes && wrerr == NO) { ++ if (setimes && !wrerr) { + setimes = 0; + if (utimes(np, tv) < 0) { +- run_err("%s: set times: %s", ++ note_err("%s: set times: %s", + np, strerror(errno)); +- wrerr = DISPLAYED; + } + } +- switch (wrerr) { +- case YES: +- run_err("%s: %s", np, strerror(wrerrno)); +- break; +- case NO: ++ /* If no error was noted then signal success for this file */ ++ if (note_err(NULL) == 0) + (void) atomicio(vwrite, remout, "", 1); +- break; +- case DISPLAYED: +- break; +- } + } + done: + for (n = 0; n < npatterns; n++) +@@ -1633,6 +1623,38 @@ run_err(const char *fmt,...) + } + } + ++/* ++ * Notes a sink error for sending at the end of a file transfer. Returns 0 if ++ * no error has been noted or -1 otherwise. Use note_err(NULL) to flush ++ * any active error at the end of the transfer. ++ */ ++int ++note_err(const char *fmt, ...) ++{ ++ static char *emsg; ++ va_list ap; ++ ++ /* Replay any previously-noted error */ ++ if (fmt == NULL) { ++ if (emsg == NULL) ++ return 0; ++ run_err("%s", emsg); ++ free(emsg); ++ emsg = NULL; ++ return -1; ++ } ++ ++ errs++; ++ /* Prefer first-noted error */ ++ if (emsg != NULL) ++ return -1; ++ ++ va_start(ap, fmt); ++ vasnmprintf(&emsg, INT_MAX, NULL, fmt, ap); ++ va_end(ap); ++ return -1; ++} ++ + void + verifydir(char *cp) + { diff --git a/CVE-2020-12062-2.patch b/CVE-2020-12062-2.patch new file mode 100644 index 0000000000000000000000000000000000000000..0ab4d12ae8cf1f9e3aec55de4b68aedc5dc201bc --- /dev/null +++ b/CVE-2020-12062-2.patch @@ -0,0 +1,34 @@ +From 955854cafca88e0cdcd3d09ca1ad4ada465364a1 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 6 May 2020 20:57:38 +0000 +Subject: [PATCH] upstream: another case where a utimes() failure could make + scp send + +a desynchronising error; reminded by Aymeric Vincent ok deraadt markus + +OpenBSD-Commit-ID: 2ea611d34d8ff6d703a7a8bf858aa5dbfbfa7381 +--- + scp.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/scp.c b/scp.c +index 439025980..b4492a062 100644 +--- a/scp.c ++++ b/scp.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: scp.c,v 1.209 2020/05/01 06:31:42 djm Exp $ */ ++/* $OpenBSD: scp.c,v 1.210 2020/05/06 20:57:38 djm Exp $ */ + /* + * scp - secure remote copy. This is basically patched BSD rcp which + * uses ssh to do the data transfer (instead of using rcmd). +@@ -1427,9 +1427,7 @@ sink(int argc, char **argv, const char *src) + sink(1, vect, src); + if (setimes) { + setimes = 0; +- if (utimes(vect[0], tv) < 0) +- run_err("%s: set times: %s", +- vect[0], strerror(errno)); ++ (void) utimes(vect[0], tv); + } + if (mod_flag) + (void) chmod(vect[0], mode); diff --git a/openssh.spec b/openssh.spec index d19be121822f4dde6309a31b2fd82f680a6005c4..4bbe578200d27ea465a7988546e19152d0725e6d 100644 --- a/openssh.spec +++ b/openssh.spec @@ -10,7 +10,7 @@ Name: openssh Version: 7.8p1 -Release: 8 +Release: 9 URL: https://www.openssh.com/portable.html License: BSD Summary: An open source implementation of SSH protocol version 2 @@ -31,107 +31,107 @@ Source13: sshd-keygen Source14: sshd.tmpfiles Source15: sshd-keygen.target -Patch100: openssh-6.7p1-coverity.patch +Patch0: openssh-6.7p1-coverity.patch #https://bugzilla.redhat.com/show_bug.cgi?id=735889 -Patch104: openssh-7.3p1-openssl-1.1.0.patch +Patch1: openssh-7.3p1-openssl-1.1.0.patch # https://bugzilla.redhat.com/show_bug.cgi?id=1171248 -Patch200: openssh-7.6p1-audit.patch -Patch201: openssh-7.1p2-audit-race-condition.patch -Patch300: pam_ssh_agent_auth-0.9.3-build.patch -Patch301: pam_ssh_agent_auth-0.10.3-seteuid.patch -Patch302: pam_ssh_agent_auth-0.9.2-visibility.patch -Patch305: pam_ssh_agent_auth-0.9.3-agent_structure.patch -Patch306: pam_ssh_agent_auth-0.10.2-compat.patch -Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch -Patch400: openssh-7.8p1-role-mls.patch +Patch2: openssh-7.6p1-audit.patch +Patch3: openssh-7.1p2-audit-race-condition.patch +Patch4: pam_ssh_agent_auth-0.9.3-build.patch +Patch5: pam_ssh_agent_auth-0.10.3-seteuid.patch +Patch6: pam_ssh_agent_auth-0.9.2-visibility.patch +Patch7: pam_ssh_agent_auth-0.9.3-agent_structure.patch +Patch8: pam_ssh_agent_auth-0.10.2-compat.patch +Patch9: pam_ssh_agent_auth-0.10.2-dereference.patch +Patch10: openssh-7.8p1-role-mls.patch #https://bugzilla.redhat.com/show_bug.cgi?id=781634 -Patch404: openssh-6.6p1-privsep-selinux.patch -Patch501: openssh-6.7p1-ldap.patch -Patch502: openssh-6.6p1-keycat.patch -Patch601: openssh-6.6p1-allow-ip-opts.patch -Patch604: openssh-6.6p1-keyperm.patch -Patch606: openssh-5.9p1-ipv6man.patch -Patch607: openssh-5.8p2-sigpipe.patch -Patch609: openssh-7.2p2-x11.patch -Patch700: openssh-7.7p1-fips.patch -Patch702: openssh-5.1p1-askpass-progress.patch +Patch11: openssh-6.6p1-privsep-selinux.patch +Patch12: openssh-6.7p1-ldap.patch +Patch13: openssh-6.6p1-keycat.patch +Patch14: openssh-6.6p1-allow-ip-opts.patch +Patch15: openssh-6.6p1-keyperm.patch +Patch16: openssh-5.9p1-ipv6man.patch +Patch17: openssh-5.8p2-sigpipe.patch +Patch18: openssh-7.2p2-x11.patch +Patch19: openssh-7.7p1-fips.patch +Patch20: openssh-5.1p1-askpass-progress.patch #https://bugzilla.redhat.com/show_bug.cgi?id=198332 -Patch703: openssh-4.3p2-askpass-grab-info.patch +Patch21: openssh-4.3p2-askpass-grab-info.patch #patch from redhat -Patch707: openssh-7.7p1.patch -Patch709: openssh-6.2p1-vendor.patch -Patch711: openssh-7.8p1-UsePAM-warning.patch -Patch712: openssh-6.3p1-ctr-evp-fast.patch -Patch713: openssh-6.6p1-ctr-cavstest.patch -Patch714: openssh-6.7p1-kdf-cavs.patch -Patch800: openssh-7.8p1-gsskex.patch -Patch801: openssh-6.6p1-force_krb.patch -Patch802: openssh-6.6p1-GSSAPIEnablek5users.patch +Patch22: openssh-7.7p1.patch +Patch23: openssh-6.2p1-vendor.patch +Patch24: openssh-7.8p1-UsePAM-warning.patch +Patch25: openssh-6.3p1-ctr-evp-fast.patch +Patch26: openssh-6.6p1-ctr-cavstest.patch +Patch27: openssh-6.7p1-kdf-cavs.patch +Patch28: openssh-7.8p1-gsskex.patch +Patch29: openssh-6.6p1-force_krb.patch +Patch30: openssh-6.6p1-GSSAPIEnablek5users.patch # from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765655 -Patch803: openssh-7.1p1-gssapi-documentation.patch -Patch804: openssh-7.7p1-gssapi-new-unique.patch -Patch805: openssh-7.2p2-k5login_directory.patch -Patch807: openssh-7.5p1-gssapi-kex-with-ec.patch -Patch900: openssh-6.1p1-gssapi-canohost.patch -Patch901: openssh-6.6p1-kuserok.patch -Patch906: openssh-6.4p1-fromto-remote.patch -Patch916: openssh-6.6.1p1-selinux-contexts.patch -Patch918: openssh-6.6.1p1-log-in-chroot.patch -Patch919: openssh-6.6.1p1-scp-non-existing-directory.patch -Patch920: openssh-7.8p1-ip-port-config-parser.patch -Patch922: openssh-6.8p1-sshdT-output.patch -Patch926: openssh-6.7p1-sftp-force-permission.patch -Patch929: openssh-6.9p1-permit-root-login.patch -Patch932: openssh-7.0p1-gssKexAlgorithms.patch -Patch939: openssh-7.2p2-s390-closefrom.patch -Patch944: openssh-7.3p1-x11-max-displays.patch -Patch948: openssh-7.4p1-systemd.patch -Patch949: openssh-7.6p1-cleanup-selinux.patch -Patch950: openssh-7.5p1-sandbox.patch -Patch951: openssh-7.6p1-pkcs11-uri.patch -Patch952: openssh-7.6p1-pkcs11-ecdsa.patch -Patch953: openssh-7.8p1-scp-ipv6.patch - -Patch6000: Initial-len-for-the-fmt-NULL-case.patch -Patch6001: upstream-fix-build-with-DEBUG_PK-enabled.patch -Patch6002: upstream-fix-misplaced-parenthesis-inside-if-clause..patch -Patch6003: delete-the-correct-thing-kexfuzz-binary.patch -Patch6004: upstream-When-choosing-a-prime-from-the-moduli-file-.patch -Patch6005: upstream-fix-ssh-Q-sig-to-show-correct-signature-alg.patch -Patch6006: in-pick_salt-avoid-dereference-of-NULL-passwords.patch -Patch6007: check-for-NULL-return-from-shadow_pw.patch -Patch6008: check-pw_passwd-NULL-here-too.patch -Patch6009: upstream-typo-in-plain-RSA-algorithm-counterpart-nam.patch -Patch6010: upstream-correct-local-variable-name-from-yawang-AT-.patch -Patch6011: upstream-typo-in-error-message-caught-by-Debian-lint.patch -Patch6012: upstream-fix-bug-in-HostbasedAcceptedKeyTypes-and.patch -Patch6013: upstream-fix-bug-in-client-that-was-keeping-a-redund.patch -Patch6014: upstream-disallow-empty-incoming-filename-or-ones-th.patch -Patch6015: upstream-make-grandparent-parent-child-sshbuf-chains.patch -Patch6016: Move-RANDOM_SEED_SIZE-outside-ifdef.patch -Patch6017: upstream-don-t-truncate-user-or-host-name-in-user-ho.patch -Patch6018: upstream-don-t-attempt-to-connect-to-empty-SSH_AUTH_.patch -Patch6019: upstream-only-consider-the-ext-info-c-extension-duri.patch -Patch6020: upstream-fix-memory-leak-of-ciphercontext-when-rekey.patch -Patch6021: upstream-Fix-BN_is_prime_-calls-in-SSH-the-API-retur.patch -Patch6022: upstream-Always-initialize-2nd-arg-to-hpdelim2.-It-p.patch -Patch6023: Cygwin-Change-service-name-to-cygsshd.patch -Patch6024: openssh-fix-typo-that-prevented-detection-of-Linux-V.patch - -Patch6025: CVE-2019-6109-1.patch -Patch6026: CVE-2019-6109-2.patch -Patch6027: CVE-2019-6111-1.patch -Patch6028: CVE-2019-6111-2.patch -Patch6029: CVE-2019-16905.patch -Patch6030: upstream-fix-sshd-T-without-C.patch - -Patch9004: bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch -Patch9005: bugfix-openssh-6.6p1-log-usepam-no.patch -Patch9006: bugfix-openssh-add-option-check-username-splash.patch -Patch9007: feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch -Patch9008: bugfix-supply-callback-to-PEM-read-bio-PrivateKey.patch -Patch9009: bugfix-openssh-fix-sftpserver.patch -Patch9010: bugfix-CVE-2018-15919.patch +Patch31: openssh-7.1p1-gssapi-documentation.patch +Patch32: openssh-7.7p1-gssapi-new-unique.patch +Patch33: openssh-7.2p2-k5login_directory.patch +Patch34: openssh-7.5p1-gssapi-kex-with-ec.patch +Patch35: openssh-6.1p1-gssapi-canohost.patch +Patch36: openssh-6.6p1-kuserok.patch +Patch37: openssh-6.4p1-fromto-remote.patch +Patch38: openssh-6.6.1p1-selinux-contexts.patch +Patch39: openssh-6.6.1p1-log-in-chroot.patch +Patch40: openssh-6.6.1p1-scp-non-existing-directory.patch +Patch41: openssh-7.8p1-ip-port-config-parser.patch +Patch42: openssh-6.8p1-sshdT-output.patch +Patch43: openssh-6.7p1-sftp-force-permission.patch +Patch44: openssh-6.9p1-permit-root-login.patch +Patch45: openssh-7.0p1-gssKexAlgorithms.patch +Patch46: openssh-7.2p2-s390-closefrom.patch +Patch47: openssh-7.3p1-x11-max-displays.patch +Patch48: openssh-7.4p1-systemd.patch +Patch49: openssh-7.6p1-cleanup-selinux.patch +Patch50: openssh-7.5p1-sandbox.patch +Patch51: openssh-7.6p1-pkcs11-uri.patch +Patch52: openssh-7.6p1-pkcs11-ecdsa.patch +Patch53: openssh-7.8p1-scp-ipv6.patch +Patch54: Initial-len-for-the-fmt-NULL-case.patch +Patch55: upstream-fix-build-with-DEBUG_PK-enabled.patch +Patch56: upstream-fix-misplaced-parenthesis-inside-if-clause..patch +Patch57: delete-the-correct-thing-kexfuzz-binary.patch +Patch58: upstream-When-choosing-a-prime-from-the-moduli-file-.patch +Patch59: upstream-fix-ssh-Q-sig-to-show-correct-signature-alg.patch +Patch60: in-pick_salt-avoid-dereference-of-NULL-passwords.patch +Patch61: check-for-NULL-return-from-shadow_pw.patch +Patch62: check-pw_passwd-NULL-here-too.patch +Patch63: upstream-typo-in-plain-RSA-algorithm-counterpart-nam.patch +Patch64: upstream-correct-local-variable-name-from-yawang-AT-.patch +Patch65: upstream-typo-in-error-message-caught-by-Debian-lint.patch +Patch66: upstream-fix-bug-in-HostbasedAcceptedKeyTypes-and.patch +Patch67: upstream-fix-bug-in-client-that-was-keeping-a-redund.patch +Patch68: upstream-disallow-empty-incoming-filename-or-ones-th.patch +Patch69: upstream-make-grandparent-parent-child-sshbuf-chains.patch +Patch70: Move-RANDOM_SEED_SIZE-outside-ifdef.patch +Patch71: upstream-don-t-truncate-user-or-host-name-in-user-ho.patch +Patch72: upstream-don-t-attempt-to-connect-to-empty-SSH_AUTH_.patch +Patch73: upstream-only-consider-the-ext-info-c-extension-duri.patch +Patch74: upstream-fix-memory-leak-of-ciphercontext-when-rekey.patch +Patch75: upstream-Fix-BN_is_prime_-calls-in-SSH-the-API-retur.patch +Patch76: upstream-Always-initialize-2nd-arg-to-hpdelim2.-It-p.patch +Patch77: Cygwin-Change-service-name-to-cygsshd.patch +Patch78: openssh-fix-typo-that-prevented-detection-of-Linux-V.patch +Patch79: CVE-2019-6109-1.patch +Patch80: CVE-2019-6109-2.patch +Patch81: CVE-2019-6111-1.patch +Patch82: CVE-2019-6111-2.patch +Patch83: CVE-2019-16905.patch +Patch84: upstream-fix-sshd-T-without-C.patch +Patch85: bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch +Patch86: bugfix-openssh-6.6p1-log-usepam-no.patch +Patch87: bugfix-openssh-add-option-check-username-splash.patch +Patch88: feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch +Patch89: bugfix-supply-callback-to-PEM-read-bio-PrivateKey.patch +Patch90: bugfix-openssh-fix-sftpserver.patch +Patch91: bugfix-CVE-2018-15919.patch +Patch92: CVE-2020-12062-1.patch +Patch93: CVE-2020-12062-2.patch +Patch94: upstream-expose-vasnmprintf.patch Requires: /sbin/nologin libselinux >= 2.3-5 audit-libs >= 1.0.8 Requires: fipscheck-lib >= 1.3.0 @@ -178,105 +178,105 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0} %setup -q -a 4 pushd pam_ssh_agent_auth-0.10.3 -%patch300 -p2 -b .psaa-build -%patch301 -p2 -b .psaa-seteuid -%patch302 -p2 -b .psaa-visibility -%patch306 -p2 -b .psaa-compat -%patch305 -p2 -b .psaa-agent -%patch307 -p2 -b .psaa-deref +%patch4 -p2 -b .psaa-build +%patch5 -p2 -b .psaa-seteuid +%patch6 -p2 -b .psaa-visibility +%patch8 -p2 -b .psaa-compat +%patch7 -p2 -b .psaa-agent +%patch9 -p2 -b .psaa-deref # Remove duplicate headers and library files rm -f $(cat %{SOURCE5}) popd -%patch400 -p1 -b .role-mls -%patch404 -p1 -b .privsep-selinux -%patch501 -p1 -b .ldap -%patch502 -p1 -b .keycat -%patch601 -p1 -b .ip-opts -%patch604 -p1 -b .keyperm -%patch606 -p1 -b .ipv6man -%patch607 -p1 -b .sigpipe -%patch609 -p1 -b .x11 -%patch702 -p1 -b .progress -%patch703 -p1 -b .grab-info -%patch707 -p1 -%patch709 -p1 -b .vendor -%patch711 -p1 -b .log-usepam-no -%patch712 -p1 -b .evp-ctr -%patch713 -p1 -b .ctr-cavs -%patch714 -p1 -b .kdf-cavs -%patch800 -p1 -b .gsskex -%patch801 -p1 -b .force_krb -%patch803 -p1 -b .gss-docs -%patch804 -p1 -b .ccache_name -%patch805 -p1 -b .k5login -%patch900 -p1 -b .canohost -%patch901 -p1 -b .kuserok -%patch906 -p1 -b .fromto-remote -%patch916 -p1 -b .contexts -%patch918 -p1 -b .log-in-chroot -%patch919 -p1 -b .scp -%patch920 -p1 -b .config -%patch802 -p1 -b .GSSAPIEnablek5users -%patch922 -p1 -b .sshdt -%patch926 -p1 -b .sftp-force-mode -%patch929 -p1 -b .root-login -%patch932 -p1 -b .gsskexalg -%patch939 -p1 -b .s390-dev -%patch944 -p1 -b .x11max -%patch948 -p1 -b .systemd -%patch807 -p1 -b .gsskex-ec -%patch949 -p1 -b .refactor -%patch950 -p1 -b .sandbox -%patch951 -p1 -b .pkcs11-uri -%patch952 -p1 -b .pkcs11-ecdsa -%patch953 -p1 -b .scp-ipv6 -%patch200 -p1 -b .audit -%patch201 -p1 -b .audit-race -%patch700 -p1 -b .fips -%patch100 -p1 -b .coverity -%patch104 -p1 -b .openssl - -%patch6000 -p1 -%patch6001 -p1 -%patch6002 -p1 -%patch6003 -p1 -%patch6004 -p1 -%patch6005 -p1 -%patch6006 -p1 -%patch6007 -p1 -%patch6008 -p1 -%patch6009 -p1 -%patch6010 -p1 -%patch6011 -p1 -%patch6012 -p1 -%patch6013 -p1 -%patch6014 -p1 -%patch6015 -p1 -%patch6016 -p1 -%patch6017 -p1 -%patch6018 -p1 -%patch6019 -p1 -%patch6020 -p1 -%patch6021 -p1 -%patch6022 -p1 -%patch6023 -p1 -%patch6024 -p1 -%patch6025 -p1 -%patch6026 -p1 -%patch6027 -p1 -%patch6028 -p1 -%patch6029 -p1 - -%patch9004 -p1 -%patch9005 -p1 -%patch9006 -p1 -%patch9007 -p1 -%patch9008 -p1 -%patch9009 -p1 - -%patch6030 -p1 -%patch9010 -p1 +%patch10 -p1 -b .role-mls +%patch11 -p1 -b .privsep-selinux +%patch12 -p1 -b .ldap +%patch13 -p1 -b .keycat +%patch14 -p1 -b .ip-opts +%patch15 -p1 -b .keyperm +%patch16 -p1 -b .ipv6man +%patch17 -p1 -b .sigpipe +%patch18 -p1 -b .x11 +%patch20 -p1 -b .progress +%patch21 -p1 -b .grab-info +%patch22 -p1 +%patch23 -p1 -b .vendor +%patch24 -p1 -b .log-usepam-no +%patch25 -p1 -b .evp-ctr +%patch26 -p1 -b .ctr-cavs +%patch27 -p1 -b .kdf-cavs +%patch28 -p1 -b .gsskex +%patch29 -p1 -b .force_krb +%patch31 -p1 -b .gss-docs +%patch32 -p1 -b .ccache_name +%patch33 -p1 -b .k5login +%patch35 -p1 -b .canohost +%patch36 -p1 -b .kuserok +%patch37 -p1 -b .fromto-remote +%patch38 -p1 -b .contexts +%patch39 -p1 -b .log-in-chroot +%patch40 -p1 -b .scp +%patch41 -p1 -b .config +%patch30 -p1 -b .GSSAPIEnablek5users +%patch42 -p1 -b .sshdt +%patch43 -p1 -b .sftp-force-mode +%patch44 -p1 -b .root-login +%patch45 -p1 -b .gsskexalg +%patch46 -p1 -b .s390-dev +%patch47 -p1 -b .x11max +%patch48 -p1 -b .systemd +%patch34 -p1 -b .gsskex-ec +%patch49 -p1 -b .refactor +%patch50 -p1 -b .sandbox +%patch51 -p1 -b .pkcs11-uri +%patch52 -p1 -b .pkcs11-ecdsa +%patch53 -p1 -b .scp-ipv6 +%patch2 -p1 -b .audit +%patch3 -p1 -b .audit-race +%patch19 -p1 -b .fips +%patch0 -p1 -b .coverity +%patch1 -p1 -b .openssl +%patch54 -p1 +%patch55 -p1 +%patch56 -p1 +%patch57 -p1 +%patch58 -p1 +%patch59 -p1 +%patch60 -p1 +%patch61 -p1 +%patch62 -p1 +%patch63 -p1 +%patch64 -p1 +%patch65 -p1 +%patch66 -p1 +%patch67 -p1 +%patch68 -p1 +%patch69 -p1 +%patch70 -p1 +%patch71 -p1 +%patch72 -p1 +%patch73 -p1 +%patch74 -p1 +%patch75 -p1 +%patch76 -p1 +%patch77 -p1 +%patch78 -p1 +%patch79 -p1 +%patch80 -p1 +%patch81 -p1 +%patch82 -p1 +%patch83 -p1 +%patch85 -p1 +%patch86 -p1 +%patch87 -p1 +%patch88 -p1 +%patch89 -p1 +%patch90 -p1 +%patch84 -p1 +%patch91 -p1 +%patch92 -p1 +%patch93 -p1 +%patch94 -p1 autoreconf pushd pam_ssh_agent_auth-0.10.3 @@ -463,6 +463,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Fri Jul 03 2020 zhouyihang - 7.8P1-9 +- Type:cves +- ID:CVE-2020-12062 +- SUG:NA +- DESC:Fix CVE-2020-12062 + * Wed Mar 18 2020 songnannan - 7.8P1-8 - bugfix CVE-2018-15919 diff --git a/upstream-expose-vasnmprintf.patch b/upstream-expose-vasnmprintf.patch new file mode 100644 index 0000000000000000000000000000000000000000..002bb1159d44dab04af1ee6e2c565ebb46fc4d8b --- /dev/null +++ b/upstream-expose-vasnmprintf.patch @@ -0,0 +1,59 @@ +From 31909696c4620c431dd55f6cd15db65c4e9b98da Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 1 May 2020 06:28:52 +0000 +Subject: [PATCH] upstream: expose vasnmprintf(); ok (as part of other commit) + markus + +deraadt + +OpenBSD-Commit-ID: 2e80cea441c599631a870fd40307d2ade5a7f9b5 +--- + utf8.c | 5 ++--- + utf8.h | 3 ++- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/utf8.c b/utf8.c +index f83401996..7f63b25ae 100644 +--- a/utf8.c ++++ b/utf8.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: utf8.c,v 1.8 2018/08/21 13:56:27 schwarze Exp $ */ ++/* $OpenBSD: utf8.c,v 1.11 2020/05/01 06:28:52 djm Exp $ */ + /* + * Copyright (c) 2016 Ingo Schwarze + * +@@ -43,7 +43,6 @@ + + static int dangerous_locale(void); + static int grow_dst(char **, size_t *, size_t, char **, size_t); +-static int vasnmprintf(char **, size_t, int *, const char *, va_list); + + + /* +@@ -101,7 +100,7 @@ grow_dst(char **dst, size_t *sz, size_t maxsz, char **dp, size_t need) + * written is returned in *wp. + */ + +-static int ++int + vasnmprintf(char **str, size_t maxsz, int *wp, const char *fmt, va_list ap) + { + char *src; /* Source string returned from vasprintf. */ +diff --git a/utf8.h b/utf8.h +index 20a11dc59..9d6d9a32c 100644 +--- a/utf8.h ++++ b/utf8.h +@@ -1,4 +1,4 @@ +-/* $OpenBSD: utf8.h,v 1.1 2016/05/25 23:48:45 schwarze Exp $ */ ++/* $OpenBSD: utf8.h,v 1.3 2020/05/01 06:28:52 djm Exp $ */ + /* + * Copyright (c) 2016 Ingo Schwarze + * +@@ -15,6 +15,7 @@ + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ + ++int vasnmprintf(char **, size_t, int *, const char *, va_list); + int mprintf(const char *, ...) + __attribute__((format(printf, 1, 2))); + int fmprintf(FILE *, const char *, ...)