From 2c92070cf27119b991f9a23604b44424340d6837 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E5=AE=81=E6=9D=B0?= Date: Fri, 11 Apr 2025 10:28:48 +0000 Subject: [PATCH] Fix CVE-2025-32728 --- ...ic-error-in-DisableForwarding-option.patch | 40 +++++++++++++++++++ openssh.spec | 10 ++++- 2 files changed, 49 insertions(+), 1 deletion(-) create mode 100644 backport-upstream-Fix-logic-error-in-DisableForwarding-option.patch diff --git a/backport-upstream-Fix-logic-error-in-DisableForwarding-option.patch b/backport-upstream-Fix-logic-error-in-DisableForwarding-option.patch new file mode 100644 index 0000000..0272aec --- /dev/null +++ b/backport-upstream-Fix-logic-error-in-DisableForwarding-option.patch @@ -0,0 +1,40 @@ +From fc86875e6acb36401dfc1dfb6b628a9d1460f367 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 9 Apr 2025 07:00:03 +0000 +Subject: [PATCH] upstream: Fix logic error in DisableForwarding option. This + option + +was documented as disabling X11 and agent forwarding but it failed to do so. +Spotted by Tim Rice. + +OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1 +--- + session.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/session.c b/session.c +index 1b67393..e968c22 100644 +--- a/session.c ++++ b/session.c +@@ -2345,7 +2345,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s) + if ((r = sshpkt_get_end(ssh)) != 0) + sshpkt_fatal(ssh, r, "%s: parse packet", __func__); + if (!auth_opts->permit_agent_forwarding_flag || +- !options.allow_agent_forwarding) { ++ !options.allow_agent_forwarding || ++ options.disable_forwarding) { + debug_f("agent forwarding disabled"); + return 0; + } +@@ -2761,7 +2762,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s) + ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options."); + return 0; + } +- if (!options.x11_forwarding) { ++ if (!options.x11_forwarding || options.disable_forwarding) { + debug("X11 forwarding disabled in server configuration file."); + return 0; + } +-- +2.33.0 + diff --git a/openssh.spec b/openssh.spec index 2d4e6d8..a6f5d4d 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 30 +%global openssh_release 31 Name: openssh Version: 8.2p1 @@ -106,6 +106,7 @@ Patch72: set-ssh-config.patch Patch73: backport-CVE-2023-51385-upstream-ban-user-hostnames-with-most-shell-metachar.patch Patch74: backport-CVE-2023-48795.patch Patch75: fix-memory-leak-in-kex-exchange.patch +Patch76: backport-upstream-Fix-logic-error-in-DisableForwarding-option.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -284,6 +285,7 @@ popd %patch73 -p1 %patch74 -p1 %patch75 -p1 +%patch76 -p1 autoreconf pushd pam_ssh_agent_auth-0.10.3 @@ -493,6 +495,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Fri Apr 11 2025 liningjie - 8.2p1-31 +- Type:CVE +- CVE:CVE-2025-32728 +- SUG:NA +- DESC:Fix CVE-2025-32728 + * Fri Feb 2 2024 songjuntao - 8.2p1-30 - Type:bugfix - CVE: -- Gitee