diff --git a/backport-upstream-avoid-integer-overflow-of-auth-attempts-har.patch b/backport-upstream-avoid-integer-overflow-of-auth-attempts-har.patch new file mode 100644 index 0000000000000000000000000000000000000000..66ecfdae854dcd2308dde5a174006810aea1b668 --- /dev/null +++ b/backport-upstream-avoid-integer-overflow-of-auth-attempts-har.patch @@ -0,0 +1,44 @@ +From 32ebaa0dbca5d0bb86e384e72bebc153f48413e4 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 23 Feb 2022 11:18:13 +0000 +Subject: [PATCH] upstream: avoid integer overflow of auth attempts +(harmless,caught by monitor) + +OpenBSD-Commit-ID: 488ad570b003b21e0cd9e7a00349cfc1003b4d86 + +Reference:https://github.com/openssh/openssh-portable/commit/32ebaa0dbca5d0 +Conflict:NA +--- + auth2.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/auth2.c b/auth2.c +index 7290d54..0de58e6 100644 +--- a/auth2.c ++++ b/auth2.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: auth2.c,v 1.161 2021/04/03 06:18:40 djm Exp $ */ ++/* $OpenBSD: auth2.c,v 1.164 2022/02/23 11:18:13 djm Exp $ */ + /* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * +@@ -290,6 +290,8 @@ if (options.check_user_splash) + if ((style = strchr(user, ':')) != NULL) + *style++ = 0; + ++ if (authctxt->attempt >= 1024) ++ auth_maxtries_exceeded(ssh); + if (authctxt->attempt++ == 0) { + /* setup auth context */ + authctxt->pw = PRIVSEP(getpwnamallow(ssh, user)); +@@ -298,6 +300,7 @@ if (options.check_user_splash) + authctxt->valid = 1; + debug2_f("setting up authctxt for %s", user); + } else { ++ authctxt->valid = 0; + /* Invalid user, fake password information */ + authctxt->pw = fakepw(); + } +-- +2.23.0 + diff --git a/openssh.spec b/openssh.spec index e56af1d703c5ad0bbd7fb1e238c406bb727fe385..0db107ddef1154a68c813e25ed6d7c8882286b1a 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 14 +%global openssh_release 15 Name: openssh Version: 8.8p1 @@ -104,6 +104,7 @@ Patch71: backport-Return-ERANGE-from-getcwd-if-buffer-size-is-1.patch Patch72: backport-upstream-double-free-in-error-path-from-Eusgor-via-G.patch Patch73: add-loongarch.patch Patch74: add-strict-scp-check-for-CVE-2020-15778.patch +Patch75: backport-upstream-avoid-integer-overflow-of-auth-attempts-har.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -257,6 +258,7 @@ popd %patch72 -p1 %patch73 -p1 %patch74 -p1 +%patch75 -p1 autoreconf pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4 @@ -458,6 +460,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Tue Jan 03 2023 renmingshuai - 8.8p1-15 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:avoid integer overflow of auth attempts + * Thu Dec 29 2022 renmingshuai - 8.8p1-14 - Type:bugfix - CVE:NA