openssh: fix CVE-2023-28531

Backport patch to fix CVE-2023-28531. (From OE-Core rev: 2da7a711ca396451b10f5d2084532f7ae6f65cbe) Signed-off-by: Chen Qi <Qi.Chen@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Chen Qi <Qi.Chen@windriver.com> 2023-03-28 01:41:41 -0700
committer: Steve Sakoman <steve@sakoman.com> 2023-06-21 04:00:58 -1000
commit: 0e22295713a8d292ad4c41a33d544103083727b4 (patch)
tree: 8f5bc0729a2fad6305db28c6ac8cd8e834a2a2b6
parent: 43b94d2b8496eae6e512c6deb291b5908b7ada47 (diff)
download: poky-0e22295713a8d292ad4c41a33d544103083727b4.tar.gz
2 files changed, 36 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch
new file mode 100644
index 0000000000..b4e7ce7ef6
--- /dev/null
+++ b/meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch
@@ -0,0 +1,35 @@
+From 91889b5a3e7554af474a21ce8e1ffd3eb1542f06 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Thu, 9 Mar 2023 06:58:26 +0000
+Subject: [PATCH] upstream: include destination constraints for smartcard keys
+ too.
+Spotted by Luci Stanescu; ok deraadt@ markus@
+OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f
+CVE: CVE-2023-28531
+Upstream-Status: Backport [54ac4ab2b53ce9fcb66b8250dee91c070e4167ed]
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ authfd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+diff --git a/authfd.c b/authfd.c
+index 76e48aab..dca8e55b 100644
+--- a/authfd.c
+++ b/authfd.c
+@@ -665,7 +665,7 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
+     struct dest_constraint **dest_constraints, size_t ndest_constraints)
+ {
+        struct sshbuf *msg;
+-       int r, constrained = (life || confirm);
+       int r, constrained = (life || confirm || dest_constraints);
+        u_char type;
+ 
+        if (add) {
+-- 
+2.37.1
diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
index 1d53c2488b..b403b355a6 100644
--- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
+++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
@@ -27,6 +27,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
           file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch \
           file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch \
           file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
+           file://0001-upstream-include-destination-constraints-for-smartca.patch \
           "
 SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"
author	Chen Qi <Qi.Chen@windriver.com>	2023-03-28 01:41:41 -0700
committer	Steve Sakoman <steve@sakoman.com>	2023-06-21 04:00:58 -1000
commit	0e22295713a8d292ad4c41a33d544103083727b4 (patch)
tree	8f5bc0729a2fad6305db28c6ac8cd8e834a2a2b6
parent	43b94d2b8496eae6e512c6deb291b5908b7ada47 (diff)
download	poky-0e22295713a8d292ad4c41a33d544103083727b4.tar.gz

diff --git a/meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch b/meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch new file mode 100644 index 0000000000..b4e7ce7ef6 --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/0001-upstream-include-destination-constraints-for-smartca.patch
@@ -0,0 +1,35 @@
		1	From 91889b5a3e7554af474a21ce8e1ffd3eb1542f06 Mon Sep 17 00:00:00 2001
		2	From: "djm@openbsd.org" <djm@openbsd.org>
		3	Date: Thu, 9 Mar 2023 06:58:26 +0000
		4	Subject: [PATCH] upstream: include destination constraints for smartcard keys
		5	too.
		6
		7	Spotted by Luci Stanescu; ok deraadt@ markus@
		8
		9	OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f
		10
		11	CVE: CVE-2023-28531
		12
		13	Upstream-Status: Backport [54ac4ab2b53ce9fcb66b8250dee91c070e4167ed]
		14
		15	Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
		16	---
		17	authfd.c \| 2 +-
		18	1 file changed, 1 insertion(+), 1 deletion(-)
		19
		20	diff --git a/authfd.c b/authfd.c
		21	index 76e48aab..dca8e55b 100644
		22	--- a/authfd.c
		23	+++ b/authfd.c
		24	@@ -665,7 +665,7 @@ ssh_update_card(int sock, int add, const char reader_id, const char pin,
		25	struct dest_constraint **dest_constraints, size_t ndest_constraints)
		26	{
		27	struct sshbuf *msg;
		28	- int r, constrained = (life \|\| confirm);
		29	+ int r, constrained = (life \|\| confirm \|\| dest_constraints);
		30	u_char type;
		31
		32	if (add) {
		33	--
		34	2.37.1
		35


diff --git a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb index 1d53c2488b..b403b355a6 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.9p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.9p1.bb
@@ -27,6 +27,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar
27	file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch \	27	file://f107467179428a0e3ea9e4aa9738ac12ff02822d.patch \
28	file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch \	28	file://0001-Default-to-not-using-sandbox-when-cross-compiling.patch \
29	file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \	29	file://7280401bdd77ca54be6867a154cc01e0d72612e0.patch \
		30	file://0001-upstream-include-destination-constraints-for-smartca.patch \
30	"	31	"
31	SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"	32	SRC_URI[sha256sum] = "fd497654b7ab1686dac672fb83dfb4ba4096e8b5ffcdaccd262380ae58bec5e7"
32		33