diff --git a/backport-Don-t-leak-the-strings-allocated-by-order_h.patch b/backport-Don-t-leak-the-strings-allocated-by-order_h.patch new file mode 100644 index 0000000000000000000000000000000000000000..9b14806245d0d3f31920b10a952a2d24a8308be0 --- /dev/null +++ b/backport-Don-t-leak-the-strings-allocated-by-order_h.patch @@ -0,0 +1,130 @@ +From 6c31ba10e97b6953c4f325f526f3e846dfea647a Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" +Date: Fri, 1 Jul 2022 03:39:44 +0000 +Subject: upstream: Don't leak the strings allocated by order_hostkeyalgs() + +and list_hostkey_types() that are passed to compat_pkalg_proposal(). Part of +github PR#324 from ZoltanFridrich, ok djm@ + +This is a roll-forward of the previous rollback now that the required +changes in compat.c have been done. + +OpenBSD-Commit-ID: c7cd93730b3b9f53cdad3ae32462922834ef73eb + +Conflict:NA +Reference:https://anongit.mindrot.org/openssh.git/patch/?id=6c31ba10e97b6953c4f325f526f3e846dfea647a + +--- + sshconnect2.c | 16 ++++++++++------ + sshd.c | 17 +++++++++++------ + 2 files changed, 21 insertions(+), 12 deletions(-) + +diff --git a/sshconnect2.c b/sshconnect2.c +index 150d419..eb0df92 100644 +--- a/sshconnect2.c ++++ b/sshconnect2.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: sshconnect2.c,v 1.351 2021/07/23 05:24:02 djm Exp $ */ ++/* $OpenBSD: sshconnect2.c,v 1.359 2022/07/01 03:39:44 dtucker Exp $ */ + /* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2008 Damien Miller. All rights reserved. +@@ -218,6 +218,7 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, + { + char *myproposal[PROPOSAL_MAX] = { KEX_CLIENT }; + char *s, *all_key; ++ char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL; + int r, use_known_hosts_order = 0; + + #if defined(GSSAPI) && defined(WITH_OPENSSL) +@@ -248,10 +249,9 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, + + if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) + fatal_f("kex_names_cat"); +- myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, s); ++ myproposal[PROPOSAL_KEX_ALGS] = prop_kex = compat_kex_proposal(ssh, s); + myproposal[PROPOSAL_ENC_ALGS_CTOS] = +- compat_cipher_proposal(ssh, options.ciphers); +- myproposal[PROPOSAL_ENC_ALGS_STOC] = ++ myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc = + compat_cipher_proposal(ssh, options.ciphers); + myproposal[PROPOSAL_COMP_ALGS_CTOS] = + myproposal[PROPOSAL_COMP_ALGS_STOC] = +@@ -260,12 +260,12 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, + myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; + if (use_known_hosts_order) { + /* Query known_hosts and prefer algorithms that appear there */ +- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = ++ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey = + compat_pkalg_proposal(ssh, + order_hostkeyalgs(host, hostaddr, port, cinfo)); + } else { + /* Use specified HostkeyAlgorithms exactly */ +- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = ++ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey = + compat_pkalg_proposal(ssh, options.hostkeyalgorithms); + } + +@@ -380,6 +380,10 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, + (r = ssh_packet_write_wait(ssh)) != 0) + fatal_fr(r, "send packet"); + #endif ++ /* Free only parts of proposal that were dynamically allocated here. */ ++ free(prop_kex); ++ free(prop_enc); ++ free(prop_hostkey); + } + + /* +diff --git a/sshd.c b/sshd.c +index 98a9754..6c77f07 100644 +--- a/sshd.c ++++ b/sshd.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: sshd.c,v 1.578 2021/07/19 02:21:50 dtucker Exp $ */ ++/* $OpenBSD: sshd.c,v 1.589 2022/07/01 03:39:44 dtucker Exp $ */ + /* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -2522,12 +2522,14 @@ do_ssh2_kex(struct ssh *ssh) + { + char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; + struct kex *kex; ++ char *prop_kex = NULL, *prop_enc = NULL, *prop_hostkey = NULL; + int r; + +- myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(ssh, ++ myproposal[PROPOSAL_KEX_ALGS] = prop_kex = compat_kex_proposal(ssh, + options.kex_algorithms); +- myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(ssh, +- options.ciphers); ++ myproposal[PROPOSAL_ENC_ALGS_CTOS] = ++ myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc = ++ compat_cipher_proposal(ssh, options.ciphers); + myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal(ssh, + options.ciphers); + myproposal[PROPOSAL_MAC_ALGS_CTOS] = +@@ -2542,8 +2544,8 @@ do_ssh2_kex(struct ssh *ssh) + ssh_packet_set_rekey_limits(ssh, options.rekey_limit, + options.rekey_interval); + /* coverity[leaked_storage : FALSE]*/ +- myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( +- ssh, list_hostkey_types()); ++ myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = prop_hostkey = ++ compat_pkalg_proposal(ssh, list_hostkey_types()); + + #if defined(GSSAPI) && defined(WITH_OPENSSL) + { +@@ -2639,6 +2641,9 @@ do_ssh2_kex(struct ssh *ssh) + (r = ssh_packet_write_wait(ssh)) != 0) + fatal_fr(r, "send test"); + #endif ++ free(prop_kex); ++ free(prop_enc); ++ free(prop_hostkey); + debug("KEX done"); + } + +-- +2.33.0 + diff --git a/backport-Return-ERANGE-from-getcwd-if-buffer-size-is-1.patch b/backport-Return-ERANGE-from-getcwd-if-buffer-size-is-1.patch new file mode 100644 index 0000000000000000000000000000000000000000..17387d2156d817d74789fceca7d634d11badaad6 --- /dev/null +++ b/backport-Return-ERANGE-from-getcwd-if-buffer-size-is-1.patch @@ -0,0 +1,43 @@ +From 527cb43fa1b4e55df661feabbac51b8e608b6519 Mon Sep 17 00:00:00 2001 +From: Darren Tucker +Date: Thu, 14 Jul 2022 11:22:08 +1000 +Subject: Return ERANGE from getcwd() if buffer size is 1. + +If getcwd() is supplied a buffer size of exactly 1 and a path of "/", it +could result in a nul byte being written out of array bounds. POSIX says +it should return ERANGE if the path will not fit in the available buffer +(with terminating nul). 1 byte cannot fit any possible path with its nul, +so immediately return ERANGE in that case. + +OpenSSH never uses getcwd() with this buffer size, and all current +(and even quite old) platforms that we are currently known to work +on have a native getcwd() so this code is not used on those anyway. +Reported by Qualys, ok djm@ + +Reference:https://anongit.mindrot.org/openssh.git/patch/?id=527cb43fa1b4e55df661feabbac51b8e608b6519 +Conflict:NA +--- + openbsd-compat/getcwd.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/openbsd-compat/getcwd.c b/openbsd-compat/getcwd.c +index e4f7f5a..a403a01 100644 +--- a/openbsd-compat/getcwd.c ++++ b/openbsd-compat/getcwd.c +@@ -71,9 +71,12 @@ getcwd(char *pt, size_t size) + */ + if (pt) { + ptsize = 0; +- if (!size) { ++ if (size == 0) { + errno = EINVAL; + return (NULL); ++ } else if (size == 1) { ++ errno = ERANGE; ++ return (NULL); + } + ept = pt + size; + } else { +-- +2.33.0 + diff --git a/backport-upstream-Always-return-allocated-strings-from-the-ke.patch b/backport-upstream-Always-return-allocated-strings-from-the-ke.patch new file mode 100644 index 0000000000000000000000000000000000000000..b7febc9f8459877b5730a286a4a43d0bd2d48c81 --- /dev/null +++ b/backport-upstream-Always-return-allocated-strings-from-the-ke.patch @@ -0,0 +1,88 @@ +From 486c4dc3b83b4b67d663fb0fa62bc24138ec3946 Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" +Date: Fri, 1 Jul 2022 03:35:45 +0000 +Subject: upstream: Always return allocated strings from the kex filtering so + +that we can free them later. Fix one leak in compat_kex_proposal. Based on +github PR#324 from ZoltanFridrich with some simplications by me. ok djm@ + +OpenBSD-Commit-ID: 9171616da3307612d0ede086fd511142f91246e4 + +Conflict:NA +Reference:https://anongit.mindrot.org/openssh.git/patch/?id=486c4dc3b83b4b67d663fb0fa62bc24138ec3946 +--- + compat.c | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/compat.c b/compat.c +index 9120bd2..1d50349 100644 +--- a/compat.c ++++ b/compat.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: compat.c,v 1.119 2021/09/10 05:46:09 djm Exp $ */ ++/* $OpenBSD: compat.c,v 1.120 2022/07/01 03:35:45 dtucker Exp $ */ + /* + * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl. All rights reserved. + * +@@ -156,11 +156,12 @@ compat_banner(struct ssh *ssh, const char *version) + debug_f("no match: %s", version); + } + ++/* Always returns pointer to allocated memory, caller must free. */ + char * + compat_cipher_proposal(struct ssh *ssh, char *cipher_prop) + { + if (!(ssh->compat & SSH_BUG_BIGENDIANAES)) +- return cipher_prop; ++ return xstrdup(cipher_prop); + debug2_f("original cipher proposal: %s", cipher_prop); + if ((cipher_prop = match_filter_denylist(cipher_prop, "aes*")) == NULL) + fatal("match_filter_denylist failed"); +@@ -170,11 +171,12 @@ compat_cipher_proposal(struct ssh *ssh, char *cipher_prop) + return cipher_prop; + } + ++/* Always returns pointer to allocated memory, caller must free. */ + char * + compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop) + { + if (!(ssh->compat & SSH_BUG_RSASIGMD5)) +- return pkalg_prop; ++ return xstrdup(pkalg_prop); + debug2_f("original public key proposal: %s", pkalg_prop); + if ((pkalg_prop = match_filter_denylist(pkalg_prop, "ssh-rsa")) == NULL) + fatal("match_filter_denylist failed"); +@@ -184,11 +186,15 @@ compat_pkalg_proposal(struct ssh *ssh, char *pkalg_prop) + return pkalg_prop; + } + ++/* Always returns pointer to allocated memory, caller must free. */ + char * + compat_kex_proposal(struct ssh *ssh, char *p) + { ++ char *cp = NULL; ++ ++ + if ((ssh->compat & (SSH_BUG_CURVE25519PAD|SSH_OLD_DHGEX)) == 0) +- return p; ++ return xstrdup(p); + debug2_f("original KEX proposal: %s", p); + if ((ssh->compat & SSH_BUG_CURVE25519PAD) != 0) + /* coverity[overwrite_var : FALSE] */ +@@ -196,11 +202,13 @@ compat_kex_proposal(struct ssh *ssh, char *p) + "curve25519-sha256@libssh.org")) == NULL) + fatal("match_filter_denylist failed"); + if ((ssh->compat & SSH_OLD_DHGEX) != 0) { ++ cp = p; + /* coverity[overwrite_var : FALSE] */ + if ((p = match_filter_denylist(p, + "diffie-hellman-group-exchange-sha256," + "diffie-hellman-group-exchange-sha1")) == NULL) + fatal("match_filter_denylist failed"); ++ free(cp); + } + debug2_f("compat KEX proposal: %s", p); + if (*p == '\0') +-- +2.33.0 + diff --git a/backport-upstream-Donot-attempt-to-fprintf-a-null-identity-co.patch b/backport-upstream-Donot-attempt-to-fprintf-a-null-identity-co.patch new file mode 100644 index 0000000000000000000000000000000000000000..66f2f908f01ab4dcdd8a10a27bee6143e06c6a56 --- /dev/null +++ b/backport-upstream-Donot-attempt-to-fprintf-a-null-identity-co.patch @@ -0,0 +1,37 @@ +From f29d6cf98c25bf044079032d22c1a57c63ab9d8e Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" +Date: Sat, 18 Jun 2022 02:17:16 +0000 +Subject: upstream: Don't attempt to fprintf a null identity comment. From + +Martin Vahlensieck via tech@. + +OpenBSD-Commit-ID: 4c54d20a8e8e4e9912c38a7b4ef5bfc5ca2e05c2 + +Conflict:NA +Reference:https://anongit.mindrot.org/openssh.git/patch/?id=f29d6cf98c25bf044079032d22c1a57c63ab9d8e +--- + ssh-add.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ssh-add.c b/ssh-add.c +index 29c0b17..d60bafc 100644 +--- a/ssh-add.c ++++ b/ssh-add.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: ssh-add.c,v 1.160 2021/04/03 06:18:41 djm Exp $ */ ++/* $OpenBSD: ssh-add.c,v 1.166 2022/06/18 02:17:16 dtucker Exp $ */ + /* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -125,7 +125,7 @@ delete_one(int agent_fd, const struct sshkey *key, const char *comment, + } + if (!qflag) { + fprintf(stderr, "Identity removed: %s %s (%s)\n", path, +- sshkey_type(key), comment); ++ sshkey_type(key), comment ? comment : "no comment"); + } + return 0; + } +-- +2.33.0 + diff --git a/backport-upstream-Make-sure-not-to-fclose-the-same-fd-twice-i.patch b/backport-upstream-Make-sure-not-to-fclose-the-same-fd-twice-i.patch new file mode 100644 index 0000000000000000000000000000000000000000..1b7739f7336ac4cb42a3794c2127ce4896f9377a --- /dev/null +++ b/backport-upstream-Make-sure-not-to-fclose-the-same-fd-twice-i.patch @@ -0,0 +1,63 @@ +From 17904f05802988d0bb9ed3c8d1d37411e8f459c3 Mon Sep 17 00:00:00 2001 +From: "tobhe@openbsd.org" +Date: Tue, 21 Jun 2022 14:52:13 +0000 +Subject: upstream: Make sure not to fclose() the same fd twice in case of an + +error. + +ok dtucker@ + +OpenBSD-Commit-ID: e384c4e05d5521e7866b3d53ca59acd2a86eef99 + +Conflict:NA +Reference:https://anongit.mindrot.org/openssh.git/patch/?id=17904f05802988d0bb9ed3c8d1d37411e8f459c3 + +--- + authfile.c | 19 ++++++++++++------- + 1 file changed, 12 insertions(+), 7 deletions(-) + +diff --git a/authfile.c b/authfile.c +index 8990137..dce1e84 100644 +--- a/authfile.c ++++ b/authfile.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: authfile.c,v 1.141 2020/06/18 23:33:38 djm Exp $ */ ++/* $OpenBSD: authfile.c,v 1.143 2022/06/21 14:52:13 tobhe Exp $ */ + /* + * Copyright (c) 2000, 2013 Markus Friedl. All rights reserved. + * +@@ -515,20 +515,25 @@ sshkey_save_public(const struct sshkey *key, const char *path, + return SSH_ERR_SYSTEM_ERROR; + if ((f = fdopen(fd, "w")) == NULL) { + r = SSH_ERR_SYSTEM_ERROR; ++ close(fd); + goto fail; + } + if ((r = sshkey_write(key, f)) != 0) + goto fail; + fprintf(f, " %s\n", comment); +- if (ferror(f) || fclose(f) != 0) { ++ if (ferror(f)) { + r = SSH_ERR_SYSTEM_ERROR; ++ goto fail; ++ } ++ if (fclose(f) != 0) { ++ r = SSH_ERR_SYSTEM_ERROR; ++ f = NULL; + fail: +- oerrno = errno; +- if (f != NULL) ++ if (f != NULL) { ++ oerrno = errno; + fclose(f); +- else +- close(fd); +- errno = oerrno; ++ errno = oerrno; ++ } + return r; + } + return 0; +-- +2.33.0 + diff --git a/backport-upstream-double-free-in-error-path-from-Eusgor-via-G.patch b/backport-upstream-double-free-in-error-path-from-Eusgor-via-G.patch new file mode 100644 index 0000000000000000000000000000000000000000..b0e27bbbcad6e9b6fa6948253cf71f44f94c0377 --- /dev/null +++ b/backport-upstream-double-free-in-error-path-from-Eusgor-via-G.patch @@ -0,0 +1,56 @@ +From 5062ad48814b06162511c4f5924a33d97b6b2566 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 19 Aug 2022 03:06:30 +0000 +Subject: upstream: double free() in error path; from Eusgor via GHPR333 + +OpenBSD-Commit-ID: 39f35e16ba878c8d02b4d01d8826d9b321be26d4 + +Conflict:NA +Reference:https://anongit.mindrot.org/openssh.git/patch/?id=5062ad48814b06162511c4f5924a33d97b6b2566 + +--- + sshsig.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/sshsig.c b/sshsig.c +index 0e8abf1..58c7df4 100644 +--- a/sshsig.c ++++ b/sshsig.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: sshsig.c,v 1.21 2021/07/23 04:00:59 djm Exp $ */ ++/* $OpenBSD: sshsig.c,v 1.30 2022/08/19 03:06:30 djm Exp $ */ + /* + * Copyright (c) 2019 Google LLC + * +@@ -491,7 +491,7 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) + { + char *hex, rbuf[8192], hash[SSH_DIGEST_MAX_LENGTH]; + ssize_t n, total = 0; +- struct ssh_digest_ctx *ctx; ++ struct ssh_digest_ctx *ctx = NULL; + int alg, oerrno, r = SSH_ERR_INTERNAL_ERROR; + struct sshbuf *b = NULL; + +@@ -514,7 +514,6 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) + continue; + oerrno = errno; + error_f("read: %s", strerror(errno)); +- ssh_digest_free(ctx); + ctx = NULL; + errno = oerrno; + r = SSH_ERR_SYSTEM_ERROR; +@@ -550,9 +549,11 @@ hash_file(int fd, const char *hashalg, struct sshbuf **bp) + /* success */ + r = 0; + out: ++ oerrno = errno; + sshbuf_free(b); + ssh_digest_free(ctx); + explicit_bzero(hash, sizeof(hash)); ++ errno = oerrno; + return r; + } + +-- +2.33.0 + diff --git a/backport-upstream-if-sshpkt-functions-fail-then-password-is-n.patch b/backport-upstream-if-sshpkt-functions-fail-then-password-is-n.patch new file mode 100644 index 0000000000000000000000000000000000000000..618601c0250b67b50f5018f9dcb829734392f91f --- /dev/null +++ b/backport-upstream-if-sshpkt-functions-fail-then-password-is-n.patch @@ -0,0 +1,54 @@ +From 2c334fd36f80cb91cc42e4b978b10aa35e0df236 Mon Sep 17 00:00:00 2001 +From: "dtucker@openbsd.org" +Date: Fri, 27 May 2022 04:29:40 +0000 +Subject: upstream: f sshpkt functions fail, then password is not cleared + +with freezero. Unconditionally call freezero to guarantee that password is +removed from RAM. + +From tobias@ and c3h2_ctf via github PR#286, ok djm@ + +OpenBSD-Commit-ID: 6b093619c9515328e25b0f8093779c52402c89cd + +Conflict:NA +Reference:https://anongit.mindrot.org/openssh.git/commit?id=2c334fd36f80cb91cc42e4b978b10aa35e0df236 + +--- + auth2-passwd.c | 10 ++++++---- + 1 file changed, 6 insertions(+), 4 deletions(-) + +diff --git a/auth2-passwd.c b/auth2-passwd.c +index be4b860..1d80481 100644 +--- a/auth2-passwd.c ++++ b/auth2-passwd.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: auth2-passwd.c,v 1.19 2020/10/18 11:32:01 djm Exp $ */ ++/* $OpenBSD: auth2-passwd.c,v 1.21 2022/05/27 04:29:40 dtucker Exp $ */ + /* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * +@@ -51,16 +51,18 @@ extern ServerOptions options; + static int + userauth_passwd(struct ssh *ssh) + { +- char *password; ++ char *password = NULL; + int authenticated = 0, r; + u_char change; +- size_t len; ++ size_t len = 0; + + if ((r = sshpkt_get_u8(ssh, &change)) != 0 || + (r = sshpkt_get_cstring(ssh, &password, &len)) != 0 || + (change && (r = sshpkt_get_cstring(ssh, NULL, NULL)) != 0) || +- (r = sshpkt_get_end(ssh)) != 0) ++ (r = sshpkt_get_end(ssh)) != 0) { ++ freezero(password, len); + fatal_fr(r, "parse packet"); ++ } + + if (change) + logit("password change not supported"); +-- +2.33.0 + diff --git a/backport-upstream-ignore-SIGPIPE-earlier-in-main-specifically.patch b/backport-upstream-ignore-SIGPIPE-earlier-in-main-specifically.patch new file mode 100644 index 0000000000000000000000000000000000000000..1a540c67eab8ae19bb69309ebff2401f3d3c0fb4 --- /dev/null +++ b/backport-upstream-ignore-SIGPIPE-earlier-in-main-specifically.patch @@ -0,0 +1,46 @@ +From 96faa0de6c673a2ce84736eba37fc9fb723d9e5c Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 1 Jul 2022 00:36:30 +0000 +Subject: upstream: ignore SIGPIPE earlier in main(), specifically before + +muxclient() which performs operations that could cause one; Reported by Noam +Lewis via bz3454, ok dtucker@ + +OpenBSD-Commit-ID: 63d8e13276869eebac6d7a05d5a96307f9026e47 + +Conflict:NA +Reference:https://anongit.mindrot.org/openssh.git/patch/?id=96faa0de6c673a2ce84736eba37fc9fb723d9e5c +--- + ssh.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/ssh.c b/ssh.c +index f55ff73..e987cd5 100644 +--- a/ssh.c ++++ b/ssh.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: ssh.c,v 1.569 2021/09/20 04:02:13 dtucker Exp $ */ ++/* $OpenBSD: ssh.c,v 1.575 2022/07/01 00:36:30 djm Exp $ */ + /* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -1135,6 +1135,8 @@ main(int ac, char **av) + } + } + ++ ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ ++ + /* + * Initialize "log" output. Since we are the client all output + * goes to stderr unless otherwise specified by -y or -E. +@@ -1660,7 +1662,6 @@ main(int ac, char **av) + options.num_system_hostfiles); + tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles); + +- ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ + ssh_signal(SIGCHLD, main_sigchld_handler); + + /* Log into the remote system. Never returns if the login fails. */ +-- +2.33.0 + diff --git a/openssh.spec b/openssh.spec index 049a241af924e8d62a39b48711ec057a15b7f520..cfaab89de4a3b04382df749deb44391117bcd3db 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 11 +%global openssh_release 12 Name: openssh Version: 8.8p1 @@ -94,6 +94,14 @@ Patch61: backport-upstream-a-little-extra-debugging.patch Patch62: backport-upstream-better-debugging-for-connect_next.patch Patch63: openssh-Add-sw64-architecture.patch Patch64: add-loongarch.patch +Patch65: backport-upstream-if-sshpkt-functions-fail-then-password-is-n.patch +Patch66: backport-upstream-Make-sure-not-to-fclose-the-same-fd-twice-i.patch +Patch67: backport-upstream-Donot-attempt-to-fprintf-a-null-identity-co.patch +Patch68: backport-upstream-ignore-SIGPIPE-earlier-in-main-specifically.patch +Patch69: backport-upstream-Always-return-allocated-strings-from-the-ke.patch +Patch70: backport-Don-t-leak-the-strings-allocated-by-order_h.patch +Patch71: backport-Return-ERANGE-from-getcwd-if-buffer-size-is-1.patch +Patch72: backport-upstream-double-free-in-error-path-from-Eusgor-via-G.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -237,6 +245,14 @@ popd %patch62 -p1 %patch63 -p1 %patch64 -p1 +%patch65 -p1 +%patch66 -p1 +%patch67 -p1 +%patch68 -p1 +%patch69 -p1 +%patch70 -p1 +%patch71 -p1 +%patch72 -p1 autoreconf pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4 @@ -438,6 +454,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Tue Dec 13 2022 renmingshuai - 8.8p1-12 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:backport some upstream patches + * Tue Dec 13 2022 renmingshuai - 8.8p1-11 - Type:feature - CVE:NA