diff --git a/backport-move-closefrom-to-before-first-malloc.patch b/backport-move-closefrom-to-before-first-malloc.patch new file mode 100644 index 0000000000000000000000000000000000000000..b94c365b064fce9ea16e3de6895bff63d6a49bb5 --- /dev/null +++ b/backport-move-closefrom-to-before-first-malloc.patch @@ -0,0 +1,46 @@ +From c9f7bba2e6f70b7ac1f5ea190d890cb5162ce127 Mon Sep 17 00:00:00 2001 +From: Darren Tucker +Date: Fri, 25 Jun 2021 15:08:18 +1000 +Subject: Move closefrom() to before first malloc. + +When built against tcmalloc, tcmalloc allocates a descriptor for its +internal use, so calling closefrom() afterward causes the descriptor +number to be reused resulting in a corrupted connection. Moving the +closefrom a little earlier should resolve this. From kircherlike at +outlook.com via bz#3321, ok djm@ +--- + ssh.c | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/ssh.c b/ssh.c +index cf8c018e..0343cba3 100644 +--- a/ssh.c ++++ b/ssh.c +@@ -609,6 +609,12 @@ main(int ac, char **av) + /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ + sanitise_stdfd(); + ++ /* ++ * Discard other fds that are hanging around. These can cause problem ++ * with backgrounded ssh processes started by ControlPersist. ++ */ ++ closefrom(STDERR_FILENO + 1); ++ + __progname = ssh_get_progname(av[0]); + #if OPENSSL_VERSION_NUMBER < 0x10100000L + SSLeay_add_all_algorithms(); +@@ -638,12 +644,6 @@ main(int ac, char **av) + debug("FIPS mode initialized"); + } + +- /* +- * Discard other fds that are hanging around. These can cause problem +- * with backgrounded ssh processes started by ControlPersist. +- */ +- closefrom(STDERR_FILENO + 1); +- + /* Get user data. */ + pw = getpwuid(getuid()); + if (!pw) { +-- +cgit v1.2.3 diff --git a/openssh.spec b/openssh.spec index 0cc1d43c8977f717d1384a279f6c3c6ad634056a..82843fb59372f168697cedecdee988d49e988a6f 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 12 +%global openssh_release 13 Name: openssh Version: 8.2p1 @@ -89,8 +89,9 @@ Patch56: set-sshd-config.patch Patch57: CVE-2020-12062-1.patch Patch58: CVE-2020-12062-2.patch Patch59: upstream-expose-vasnmprintf.patch -Patch60: CVE-2020-14145.patch -Patch61: add-strict-scp-check-for-CVE-2020-15778.patch +Patch60: CVE-2020-14145.patch +Patch61: add-strict-scp-check-for-CVE-2020-15778.patch +Patch62: backport-move-closefrom-to-before-first-malloc.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -254,6 +255,7 @@ popd %patch59 -p1 %patch60 -p1 %patch61 -p1 +%patch62 -p1 autoreconf pushd pam_ssh_agent_auth-0.10.3 @@ -465,6 +467,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Mon Aug 09 2021 chxssg - 8.2P1-13 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:move closefrom to before first malloc + * Tue Aug 03 2021 weidong - 8.2P1-12 - Type:bugfix - CVE:NA