From 05a593efcf27860d13facfe4f0eae6ac0b14da1e Mon Sep 17 00:00:00 2001
From: renmingshuai <renmingshuai@huawei.com>
Date: Thu, 27 Jul 2023 20:12:42 +0800
Subject: [PATCH] fix CVE-2023-38408

---
 ...023-38408-upstream-terminate-process.patch | 43 +++++++++++++++++++
 openssh.spec                                  | 10 ++++-
 2 files changed, 52 insertions(+), 1 deletion(-)
 create mode 100644 backport-fix-CVE-2023-38408-upstream-terminate-process.patch

diff --git a/backport-fix-CVE-2023-38408-upstream-terminate-process.patch b/backport-fix-CVE-2023-38408-upstream-terminate-process.patch
new file mode 100644
index 0000000..f78551c
--- /dev/null
+++ b/backport-fix-CVE-2023-38408-upstream-terminate-process.patch
@@ -0,0 +1,43 @@
+From 892506b13654301f69f9545f48213fc210e5c5cc Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Wed, 19 Jul 2023 13:55:53 +0000
+Subject: [PATCH] upstream: terminate process if requested to load a
+PKCS#11
+ provider
+
+that isn't a PKCS#11 provider; from / ok markus@
+
+OpenBSD-Commit-ID: 39532cf18b115881bb4cfaee32084497aadfa05c
+
+Reference:https://anongit.mindrot.org/openssh.git/patch/?id=892506b1365
+Conflict:pkcs11_initialize_provider
+---
+ ssh-pkcs11.c | 8 +++-----
+ 1 file changed, 3 insertions(+), 5 deletions(-)
+
+diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
+index 995841f..b96021f 100644
+--- a/ssh-pkcs11.c
++++ b/ssh-pkcs11.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: ssh-pkcs11.c,v 1.54 2021/08/11 05:20:17 djm Exp $ */
++/* $OpenBSD: ssh-pkcs11.c,v 1.57 2023/07/19 13:55:53 djm Exp $ */
+ /*
+  * Copyright (c) 2010 Markus Friedl.  All rights reserved.
+  * Copyright (c) 2014 Pedro Martelletto. All rights reserved.
+@@ -1743,10 +1743,8 @@ pkcs11_initialize_provider(struct pkcs11_uri *uri, struct pkcs11_provider **prov
+ 		error("dlopen %s failed: %s", provider_module, dlerror());
+ 		goto fail;
+ 	}
+-	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
+-		error("dlsym(C_GetFunctionList) failed: %s", dlerror());
+-		goto fail;
+-	}
++	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
++		fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
+ 
+ 	p->module->handle = handle;
+ 	/* setup the pkcs11 callbacks */
+-- 
+2.23.0
+
diff --git a/openssh.spec b/openssh.spec
index e43b4b2..aa6b831 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 21
+%global openssh_release 22
 
 Name:           openssh
 Version:        8.8p1
@@ -127,6 +127,7 @@ Patch96:        backport-Allow-writev-is-seccomp-sandbox.patch
 Patch97:        backport-upstream-Ensure-that-there-is-a-terminating-newline-.patch
 Patch98:        backport-upstream-test-compat_kex_proposal-by-dtucker.patch
 Patch99:        backport-adapt-compat_kex_proposal-test-to-portable.patch
+Patch100:       backport-fix-CVE-2023-38408-upstream-terminate-process.patch
 
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@@ -304,6 +305,7 @@ popd
 %patch97 -p1
 %patch98 -p1
 %patch99 -p1
+%patch100 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
@@ -500,6 +502,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Thu Jul 27 2023 renmingshuai <renmingshuai@huawei.com> - 8.8p1-22
+- Type:CVE
+- CVE:CVE-2023-38408
+- SUG:NA
+- DESC:fix CVE-2023-38408
+
 * Tue Jun 13 2023 renmingshuai <renmingshuai@huawei.com> - 8.8p1-21
 - Type:bugfix
 - CVE:NA
-- 
Gitee