diff options
author | sana kazi <sanakazisk19@gmail.com> | 2021-12-17 12:25:30 +0530 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2021-12-30 16:59:16 +0000 |
commit | f4a6761f471fd56a1bc1927c4bc0115aefac0d58 (patch) | |
tree | 69dd20c26f26b90d76765182ded5e44b5e193cab /meta | |
parent | 30231b235487973f4e6b1921b428d938ec20bec8 (diff) | |
download | poky-f4a6761f471fd56a1bc1927c4bc0115aefac0d58.tar.gz |
openssh: Fix CVE-2021-41617
Add patch to fix CVE-2021-41617
Link: https://bugzilla.suse.com/attachment.cgi?id=854015
(From OE-Core rev: a4e272700e18ca7e86e24ce4e24031ce7745c87b)
Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com>
Signed-off-by: Sana Kazi <sanakazisk19@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch | 52 | ||||
-rw-r--r-- | meta/recipes-connectivity/openssh/openssh_8.2p1.bb | 1 |
2 files changed, 53 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch new file mode 100644 index 0000000000..bda896f581 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch | |||
@@ -0,0 +1,52 @@ | |||
1 | From a6414400ec94a17871081f7df24f910a6ee01b8b Mon Sep 17 00:00:00 2001 | ||
2 | From: Ali Abdallah <aabdallah@suse.de> | ||
3 | Date: Wed, 24 Nov 2021 13:33:39 +0100 | ||
4 | Subject: [PATCH] CVE-2021-41617 fix | ||
5 | |||
6 | backport of the following two upstream commits | ||
7 | |||
8 | f3cbe43e28fe71427d41cfe3a17125b972710455 | ||
9 | bf944e3794eff5413f2df1ef37cddf96918c6bde | ||
10 | |||
11 | CVE-2021-41617 failed to correctly initialise supplemental groups | ||
12 | when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, | ||
13 | where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser | ||
14 | directive has been set to run the command as a different user. Instead | ||
15 | these commands would inherit the groups that sshd(8) was started with. | ||
16 | --- | ||
17 | auth.c | 8 ++++++++ | ||
18 | 1 file changed, 8 insertions(+) | ||
19 | |||
20 | CVE: CVE-2021-41617 | ||
21 | Upstream-Status: Backport [https://bugzilla.suse.com/attachment.cgi?id=854015] | ||
22 | Comment: No change in any hunk | ||
23 | Signed-off-by: Sana Kazi <Sana.Kazi@kpit.com> | ||
24 | |||
25 | diff --git a/auth.c b/auth.c | ||
26 | index 163038f..a47b267 100644 | ||
27 | --- a/auth.c | ||
28 | +++ b/auth.c | ||
29 | @@ -52,6 +52,7 @@ | ||
30 | #include <limits.h> | ||
31 | #include <netdb.h> | ||
32 | #include <time.h> | ||
33 | +#include <grp.h> | ||
34 | |||
35 | #include "xmalloc.h" | ||
36 | #include "match.h" | ||
37 | @@ -851,6 +852,13 @@ subprocess(const char *tag, struct passwd *pw, const char *command, | ||
38 | } | ||
39 | closefrom(STDERR_FILENO + 1); | ||
40 | |||
41 | + if (geteuid() == 0 && | ||
42 | + initgroups(pw->pw_name, pw->pw_gid) == -1) { | ||
43 | + error("%s: initgroups(%s, %u): %s", tag, | ||
44 | + pw->pw_name, (u_int)pw->pw_gid, strerror(errno)); | ||
45 | + _exit(1); | ||
46 | + } | ||
47 | + | ||
48 | /* Don't use permanently_set_uid() here to avoid fatal() */ | ||
49 | if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) { | ||
50 | error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, | ||
51 | -- | ||
52 | 2.26.2 | ||
diff --git a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb index b60d1a6bd4..e903ec487d 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.2p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.2p1.bb | |||
@@ -26,6 +26,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar | |||
26 | file://add-test-support-for-busybox.patch \ | 26 | file://add-test-support-for-busybox.patch \ |
27 | file://CVE-2020-14145.patch \ | 27 | file://CVE-2020-14145.patch \ |
28 | file://CVE-2021-28041.patch \ | 28 | file://CVE-2021-28041.patch \ |
29 | file://CVE-2021-41617.patch \ | ||
29 | " | 30 | " |
30 | SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091" | 31 | SRC_URI[md5sum] = "3076e6413e8dbe56d33848c1054ac091" |
31 | SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671" | 32 | SRC_URI[sha256sum] = "43925151e6cf6cee1450190c0e9af4dc36b41c12737619edff8bcebdff64e671" |