From 1016fdcf1d2454d2b8c43923d78036e54955ab02 Mon Sep 17 00:00:00 2001 From: "chaoming.meng" Date: Thu, 31 Oct 2024 15:52:12 +0800 Subject: [PATCH 1/2] Fix regular users expired password reset issue Fix regular users expired password reset issue --- ...r-users-expired-password-reset-issue.patch | 31 +++++++++++++++++++ openssh.spec | 10 +++++- 2 files changed, 40 insertions(+), 1 deletion(-) create mode 100644 Fix-regular-users-expired-password-reset-issue.patch diff --git a/Fix-regular-users-expired-password-reset-issue.patch b/Fix-regular-users-expired-password-reset-issue.patch new file mode 100644 index 0000000..17b79ab --- /dev/null +++ b/Fix-regular-users-expired-password-reset-issue.patch @@ -0,0 +1,31 @@ +From cf0d033360d8f41e16fc4898d0efc887995925f5 Mon Sep 17 00:00:00 2001 +From: mengchaoming +Date: Thu, 31 Oct 2024 15:37:50 +0800 +Subject: [PATCH] Fix-regular-users-expired-password-reset-issue + +--- + session.c | 8 ++++++-- + 1 file changed, 6 insertions(+), 2 deletions(-) + +diff --git a/session.c b/session.c +index be6a31a..4e2d598 100644 +--- a/session.c ++++ b/session.c +@@ -1574,8 +1574,12 @@ do_pwchange(Session *s) + fprintf(stderr, + "You must change your password now and login again!\n"); + #ifdef PASSWD_NEEDS_USERNAME +- execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, +- (char *)NULL); ++ if (getuid() != 0) { ++ execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); ++ } else { ++ execl(_PATH_PASSWD_PROG, "passwd", s->pw->pw_name, (char *)NULL); ++ } ++ + #else + execl(_PATH_PASSWD_PROG, "passwd", (char *)NULL); + #endif +-- +2.33.0 + diff --git a/openssh.spec b/openssh.spec index 801b747..5500915 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 4 +%global openssh_release 5 Name: openssh Version: 9.3p2 @@ -100,6 +100,7 @@ Patch77: set-ssh-config.patch Patch78: backport-CVE-2023-48795-upstream-implement-strict-key-exchange-in-ssh-and-ss.patch Patch79: backport-CVE-2023-51385-upstream-ban-user-hostnames-with-most-shell-metachar.patch Patch80: backport-fix-CVE-2024-6387.patch +Patch81: Fix-regular-users-expired-password-reset-issue.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -249,6 +250,7 @@ popd %patch78 -p1 %patch79 -p1 %patch80 -p1 +%patch81 -p1 autoreconf pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4 @@ -465,6 +467,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Thu Oct 31 2024 mengchaoming - 9.3p2-5 +- Type:bugfix +- CVE: +- SUG:NA +- DESC:Fix regular users expired password reset issue + * Tue Jul 2 2024 renmingshuai - 9.3p2-4 - Type:CVE - CVE:CVE-2024-6387 -- Gitee From addecededa0ca8846436d91d06e54eacf2669099 Mon Sep 17 00:00:00 2001 From: "chaoming.meng" Date: Fri, 1 Nov 2024 06:09:46 +0000 Subject: [PATCH 2/2] =?UTF-8?q?update=20openssh.spec.=20=E5=AF=B9=E9=BD=90?= =?UTF-8?q?=E4=BA=86=E4=B8=80=E4=B8=8B=E6=A0=BC=E5=BC=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: chaoming.meng --- openssh.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssh.spec b/openssh.spec index 5500915..0b6b85f 100644 --- a/openssh.spec +++ b/openssh.spec @@ -100,7 +100,7 @@ Patch77: set-ssh-config.patch Patch78: backport-CVE-2023-48795-upstream-implement-strict-key-exchange-in-ssh-and-ss.patch Patch79: backport-CVE-2023-51385-upstream-ban-user-hostnames-with-most-shell-metachar.patch Patch80: backport-fix-CVE-2024-6387.patch -Patch81: Fix-regular-users-expired-password-reset-issue.patch +Patch81: Fix-regular-users-expired-password-reset-issue.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 -- Gitee