From a6c90cdfbda51b583e9bfa24bbb39d81a1bf41c4 Mon Sep 17 00:00:00 2001 From: kircher Date: Wed, 18 Mar 2020 14:28:04 +0800 Subject: [PATCH 1/6] add bugfix-CVE-2018-15919.patch. --- bugfix-CVE-2018-15919.patch | 58 +++++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 bugfix-CVE-2018-15919.patch diff --git a/bugfix-CVE-2018-15919.patch b/bugfix-CVE-2018-15919.patch new file mode 100644 index 0000000..fc78d31 --- /dev/null +++ b/bugfix-CVE-2018-15919.patch @@ -0,0 +1,58 @@ +From 5b94f95795eb7fd4cd35ee8d8dba6c0e08cf8123 Mon Sep 17 00:00:00 2001 +From: majun65 +Date: Thu, 24 Oct 2019 19:27:44 +0800 + +--- + auth.h | 1 + + auth2-gss.c | 1 + + auth2.c | 4 ++++ + 3 files changed, 6 insertions(+) + +diff --git a/auth.h b/auth.h +index 1d9cf66..ec53949 100644 +--- a/auth.h ++++ b/auth.h +@@ -60,6 +60,7 @@ struct Authctxt { + int attempt; + int failures; + int server_caused_failure; ++ int server_caused_gssapi_failure; + int force_pwchange; + char *user; /* username sent by the client */ + char *service; +diff --git a/auth2-gss.c b/auth2-gss.c +index 764d509..6dd3c58 100644 +--- a/auth2-gss.c ++++ b/auth2-gss.c +@@ -153,6 +153,7 @@ userauth_gssapi(struct ssh *ssh) + ssh_gssapi_delete_ctx(&ctxt); + free(doid); + authctxt->server_caused_failure = 1; ++ authctxt->server_caused_gssapi_failure = 1; + return (0); + } + +diff --git a/auth2.c b/auth2.c +index f0b61ce..2677c84 100644 +--- a/auth2.c ++++ b/auth2.c +@@ -336,6 +336,7 @@ if (options.check_user_splash) + auth2_authctxt_reset_info(authctxt); + authctxt->postponed = 0; + authctxt->server_caused_failure = 0; ++ authctxt->server_caused_gssapi_failure = 0; + + /* try to authenticate user */ + m = authmethod_lookup(authctxt, method); +@@ -427,6 +428,9 @@ userauth_finish(struct ssh *ssh, int authenticated, const char *method, + if (!partial && !authctxt->server_caused_failure && + (authctxt->attempt > 1 || strcmp(method, "none") != 0)) + authctxt->failures++; ++ if (!partial && authctxt->server_caused_gssapi_failure && ++ (authctxt->attempt > 1 || strcmp(method, "none") != 0)) ++ authctxt->failures++; + if (authctxt->failures >= options.max_authtries) { + #ifdef SSH_AUDIT_EVENTS + PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); +-- +2.19.1 -- Gitee From 74b3181eba5d644dd3a2e13869b8d0de9d75791a Mon Sep 17 00:00:00 2001 From: kircher Date: Wed, 18 Mar 2020 14:30:40 +0800 Subject: [PATCH 2/6] update openssh.spec. --- openssh.spec | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/openssh.spec b/openssh.spec index 2af6c72..cbfd7f6 100644 --- a/openssh.spec +++ b/openssh.spec @@ -10,7 +10,7 @@ Name: openssh Version: 7.8p1 -Release: 7 +Release: 8 URL: https://www.openssh.com/portable.html License: BSD Summary: An open source implementation of SSH protocol version 2 @@ -131,6 +131,7 @@ Patch9006: bugfix-openssh-add-option-check-username-splash.patch Patch9007: feature-openssh-7.4-hima-sftpserver-oom-and-fix.patch Patch9008: bugfix-supply-callback-to-PEM-read-bio-PrivateKey.patch Patch9009: bugfix-openssh-fix-sftpserver.patch +Patch9010: bugfix-CVE-2018-15919.patch Requires: /sbin/nologin libselinux >= 2.3-5 audit-libs >= 1.0.8 Requires: fipscheck-lib >= 1.3.0 @@ -463,6 +464,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Wed Mar 18 2020 openEuler Buildteam - 7.8P1-8 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:add the patch for bugfix + * Tue Jan 21 2020 openEuler Buildteam - 7.8P1-7 - Type:bugfix - ID:NA -- Gitee From f6c48358123b6c042c8d7859bb2dcc8ed8f804a9 Mon Sep 17 00:00:00 2001 From: kircher Date: Wed, 18 Mar 2020 14:34:20 +0800 Subject: [PATCH 3/6] update openssh.spec. --- openssh.spec | 2 ++ 1 file changed, 2 insertions(+) diff --git a/openssh.spec b/openssh.spec index cbfd7f6..b4a411b 100644 --- a/openssh.spec +++ b/openssh.spec @@ -279,6 +279,8 @@ popd %patch6030 -p1 +%patch9010 -p1 + autoreconf pushd pam_ssh_agent_auth-0.10.3 autoreconf -- Gitee From eb39f3c42ebc58e7c221019b4fa74731d8d258d8 Mon Sep 17 00:00:00 2001 From: kircher Date: Wed, 18 Mar 2020 16:10:45 +0800 Subject: [PATCH 4/6] update openssh.spec. --- openssh.spec | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/openssh.spec b/openssh.spec index b4a411b..605c613 100644 --- a/openssh.spec +++ b/openssh.spec @@ -276,11 +276,10 @@ popd %patch9007 -p1 %patch9008 -p1 %patch9009 -p1 +%patch9010 -p1 %patch6030 -p1 -%patch9010 -p1 - autoreconf pushd pam_ssh_agent_auth-0.10.3 autoreconf -- Gitee From 7900becf779355e35bbf9f92febec9a2fc8585ff Mon Sep 17 00:00:00 2001 From: kircher Date: Wed, 18 Mar 2020 16:22:26 +0800 Subject: [PATCH 5/6] update bugfix-CVE-2018-15919.patch. --- bugfix-CVE-2018-15919.patch | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/bugfix-CVE-2018-15919.patch b/bugfix-CVE-2018-15919.patch index fc78d31..a168787 100644 --- a/bugfix-CVE-2018-15919.patch +++ b/bugfix-CVE-2018-15919.patch @@ -1,6 +1,7 @@ -From 5b94f95795eb7fd4cd35ee8d8dba6c0e08cf8123 Mon Sep 17 00:00:00 2001 -From: majun65 -Date: Thu, 24 Oct 2019 19:27:44 +0800 +From fd708fba2486f718c6c0c374848cc76d9166a067 Mon Sep 17 00:00:00 2001 +From: m00525086 +Date: Wed, 18 Mar 2020 16:04:16 +0800 +Subject: [PATCH] CVE-2018-15919 --- auth.h | 1 + @@ -9,7 +10,7 @@ Date: Thu, 24 Oct 2019 19:27:44 +0800 3 files changed, 6 insertions(+) diff --git a/auth.h b/auth.h -index 1d9cf66..ec53949 100644 +index 1d9cf66..3654b2a 100644 --- a/auth.h +++ b/auth.h @@ -60,6 +60,7 @@ struct Authctxt { @@ -21,7 +22,7 @@ index 1d9cf66..ec53949 100644 char *user; /* username sent by the client */ char *service; diff --git a/auth2-gss.c b/auth2-gss.c -index 764d509..6dd3c58 100644 +index 764d509..9690f8a 100644 --- a/auth2-gss.c +++ b/auth2-gss.c @@ -153,6 +153,7 @@ userauth_gssapi(struct ssh *ssh) @@ -33,7 +34,7 @@ index 764d509..6dd3c58 100644 } diff --git a/auth2.c b/auth2.c -index f0b61ce..2677c84 100644 +index f0b61ce..14db54a 100644 --- a/auth2.c +++ b/auth2.c @@ -336,6 +336,7 @@ if (options.check_user_splash) @@ -49,10 +50,10 @@ index f0b61ce..2677c84 100644 (authctxt->attempt > 1 || strcmp(method, "none") != 0)) authctxt->failures++; + if (!partial && authctxt->server_caused_gssapi_failure && -+ (authctxt->attempt > 1 || strcmp(method, "none") != 0)) -+ authctxt->failures++; ++ (authctxt->attempt > 1 || strcmp(method, "none") != 0)) ++ authctxt->failures++; if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS PRIVSEP(audit_event(SSH_LOGIN_EXCEED_MAXTRIES)); -- -2.19.1 +2.19.1 \ No newline at end of file -- Gitee From 739c9afb823f66342f71c3c105020fa34d10973c Mon Sep 17 00:00:00 2001 From: kircher Date: Wed, 18 Mar 2020 17:00:14 +0800 Subject: [PATCH 6/6] update openssh.spec. --- openssh.spec | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openssh.spec b/openssh.spec index 605c613..db6786e 100644 --- a/openssh.spec +++ b/openssh.spec @@ -276,9 +276,9 @@ popd %patch9007 -p1 %patch9008 -p1 %patch9009 -p1 -%patch9010 -p1 %patch6030 -p1 +%patch9010 -p1 autoreconf pushd pam_ssh_agent_auth-0.10.3 -- Gitee