diff --git a/bugfix-CVE-2018-15919.patch b/bugfix-CVE-2018-15919.patch new file mode 100644 index 0000000000000000000000000000000000000000..a1687870417d6bc4630fa04b5ed4c30b721e2589 --- /dev/null +++ b/bugfix-CVE-2018-15919.patch @@ -0,0 +1,59 @@ +From fd708fba2486f718c6c0c374848cc76d9166a067 Mon Sep 17 00:00:00 2001 +From: m00525086 +Date: Wed, 18 Mar 2020 16:04:16 +0800 +Subject: [PATCH] CVE-2018-15919 + +--- + auth.h | 1 + + auth2-gss.c | 1 + + auth2.c | 4 ++++ + 3 files changed, 6 insertions(+) + +diff --git a/auth.h b/auth.h +index 1d9cf66..3654b2a 100644 +--- a/auth.h ++++ b/auth.h +@@ -60,6 +60,7 @@ struct Authctxt { + int attempt; + int failures; + int server_caused_failure; ++ int server_caused_gssapi_failure; + int force_pwchange; + char *user; /* username sent by the client */ + char *service; +diff --git a/auth2-gss.c b/auth2-gss.c +index 764d509..9690f8a 100644 +--- a/auth2-gss.c ++++ b/auth2-gss.c +@@ -153,6 +153,7 @@ userauth_gssapi(struct ssh *ssh) + ssh_gssapi_delete_ctx(&ctxt); + free(doid); + authctxt->server_caused_failure = 1; ++ authctxt->server_caused_gssapi_failure = 1; + return (0); + } + +diff --git a/auth2.c b/auth2.c +index f0b61ce..14db54a 100644 +--- a/auth2.c ++++ b/auth2.c +@@ -336,6 +336,7 @@ if (options.check_user_splash) + auth2_authctxt_reset_info(authctxt); + authctxt->postponed = 0; + authctxt->server_caused_failure = 0; ++ authctxt->server_caused_gssapi_failure = 0; + + /* try to authenticate user */ + m = authmethod_lookup(authctxt, method); +@@ -427,6 +428,9 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, + if (!partial && !authctxt->server_caused_failure && + (authctxt->attempt > 1 || strcmp(method, "none") != 0)) + authctxt->failures++; ++ if (!partial && authctxt->server_caused_gssapi_failure && ++ (authctxt->attempt > 1 || strcmp(method, "none") != 0)) ++ authctxt->failures++; + if (authctxt->failures >= options.max_authtries) { + #ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); +-- +2.19.1 \ No newline at end of file diff --git a/openssh.spec b/openssh.spec index 2af6c729d9ec91ce559ac7c6d4a5bdafc1232475..db6786ed9436ec304ca735afee45a7512fa836e9 100644 --- a/openssh.spec +++ b/openssh.spec @@ -10,7 +10,7 @@ Name: openssh Version: 7.8p1 -Release: 7 +Release: 8 URL: https://www.openssh.com/portable.html License: BSD Summary: An open source implementation of SSH protocol version 2 @@ -131,6 +131,7 @@ Patch9006: bugfix-openssh-add-option-check-username-splash.patch Patch9007: feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch Patch9008: bugfix-supply-callback-to-PEM-read-bio-PrivateKey.patch Patch9009: bugfix-openssh-fix-sftpserver.patch +Patch9010: bugfix-CVE-2018-15919.patch Requires: /sbin/nologin libselinux >= 2.3-5 audit-libs >= 1.0.8 Requires: fipscheck-lib >= 1.3.0 @@ -277,6 +278,7 @@ popd %patch9009 -p1 %patch6030 -p1 +%patch9010 -p1 autoreconf pushd pam_ssh_agent_auth-0.10.3 @@ -463,6 +465,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Wed Mar 18 2020 openEuler Buildteam - 7.8P1-8 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:add the patch for bugfix + * Tue Jan 21 2020 openEuler Buildteam - 7.8P1-7 - Type:bugfix - ID:NA