import openssh-8.0p1-17.el8_7

c8 imports/c8/openssh-8.0p1-17.el8_7
CentOS Sources 2 years ago committed by MSVSphere Packaging Team
parent ed2cd6fe8d
commit 59cdbb3a3c

@ -790,16 +790,3 @@ diff -up openssh-8.0p1/sshd.c.sshdinclude openssh-8.0p1/sshd.c
dump_config(&options); dump_config(&options);
} }
diff -up openssh-8.0p1/sshbuf-getput-basic.c.stringb openssh-8.0p1/sshbuf-getput-basic.c
--- openssh-8.0p1/sshbuf-getput-basic.c.stringb 2022-12-21 12:18:43.274799163 +0100
+++ openssh-8.0p1/sshbuf-getput-basic.c 2022-12-21 12:19:19.758081516 +0100
@@ -371,6 +371,9 @@ sshbuf_put_cstring(struct sshbuf *buf, c
int
sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v)
{
+ if (v == NULL)
+ return sshbuf_put_string(buf, NULL, 0);
+
return sshbuf_put_string(buf, sshbuf_ptr(v), sshbuf_len(v));
}

@ -1,32 +0,0 @@
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index d29a03b4..d7283136 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -490,6 +490,15 @@ congreet(int s)
return;
}
+ /*
+ * Read the server banner as per RFC4253 section 4.2. The "SSH-"
+ * protocol identification string may be preceeded by an arbitarily
+ * large banner which we must read and ignore. Loop while reading
+ * newline-terminated lines until we have one starting with "SSH-".
+ * The ID string cannot be longer than 255 characters although the
+ * preceeding banner lines may (in which case they'll be discarded
+ * in multiple iterations of the outer loop).
+ */
for (;;) {
memset(buf, '\0', sizeof(buf));
bufsiz = sizeof(buf);
@@ -517,6 +526,11 @@ congreet(int s)
conrecycle(s);
return;
}
+ if (cp >= buf + sizeof(buf)) {
+ error("%s: greeting exceeds allowable length", c->c_name);
+ confree(s);
+ return;
+ }
if (*cp != '\n' && *cp != '\r') {
error("%s: bad greeting", c->c_name);
confree(s);

@ -252,7 +252,6 @@ Patch980: openssh-8.7p1-upstream-cve-2021-41617.patch
# c2bd7f74b0e0f3a3ee9d19ac549e6ba89013abaf~1..677d0ece67634262b3b96c3cd6410b19f3a603b7 # c2bd7f74b0e0f3a3ee9d19ac549e6ba89013abaf~1..677d0ece67634262b3b96c3cd6410b19f3a603b7
# 8bdc3bb7cf4c82c3344cfcb82495a43406e87e83 # 8bdc3bb7cf4c82c3344cfcb82495a43406e87e83
# 47adfdc07f4f8ea0064a1495500244de08d311ed~1..7af1e92cd289b7eaa9a683e9a6f2fddd98f37a01 # 47adfdc07f4f8ea0064a1495500244de08d311ed~1..7af1e92cd289b7eaa9a683e9a6f2fddd98f37a01
# supplementary commit 612b1dd1ec91ffb1e01f58cca0c6eb1d47bf4423
Patch981: openssh-8.0p1-sshd_include.patch Patch981: openssh-8.0p1-sshd_include.patch
# Port upstream ClientAliveCountMax behaviour # Port upstream ClientAliveCountMax behaviour
# upstream commit: # upstream commit:
@ -273,8 +272,6 @@ Patch984: openssh-8.0p1-crypto-policy-doc.patch
# 0fa33683223c76289470a954404047bc762be84c # 0fa33683223c76289470a954404047bc762be84c
# f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a # f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a
Patch985: openssh-8.7p1-minimize-sha1-use.patch Patch985: openssh-8.7p1-minimize-sha1-use.patch
# Upstream ff89b1bed80721295555bd083b173247a9c0484e
Patch986: openssh-9.1p1-sshbanner.patch
# Upstream 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6 # Upstream 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6
Patch987: openssh-8.0p1-ipv6-process.patch Patch987: openssh-8.0p1-ipv6-process.patch
@ -508,7 +505,6 @@ popd
%patch983 -p1 -b .sftp-realpath %patch983 -p1 -b .sftp-realpath
%patch984 -p1 -b .crypto-policy-doc %patch984 -p1 -b .crypto-policy-doc
%patch985 -p1 -b .minimize-sha1-use %patch985 -p1 -b .minimize-sha1-use
%patch986 -p1 -b .banner
%patch987 -p1 -b .sftp_ipv6 %patch987 -p1 -b .sftp_ipv6
%patch200 -p1 -b .audit %patch200 -p1 -b .audit
@ -801,10 +797,8 @@ getent passwd sshd >/dev/null || \
%endif %endif
%changelog %changelog
* Tue Dec 20 2022 Dmitry Belyavskiy - 8.0p1-17 * Mon Jan 23 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-17
- Fix parsing of IPv6 IPs in sftp client (#2151334) - Fix parsing of IPv6 IPs in sftp client (#2162733)
- Avoid ssh banner one-byte overflow (#2138344)
- Avoid crash of sshd when Include folder does not exist (#2133087)
* Wed Jun 29 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-16 * Wed Jun 29 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-16
- Omit client side from minimize-sha1-use.patch to prevent regression (#2093897) - Omit client side from minimize-sha1-use.patch to prevent regression (#2093897)

Loading…
Cancel
Save