diff options
| author |   Changqing Li <changqing.li@windriver.com> | 2021-11-17 16:57:27 +0800 |
|---|---|---|
| committer |   Anuj Mittal <anuj.mittal@intel.com> | 2021-12-09 15:05:34 +0800 |
| commit | 37edef7d39c829b8d01a0471e612d62d6388fb7e (patch) | |
| tree | c1f19b270c930edf76e041a07bd5e6cc973d2164 | |
| parent | c6422335f653c44efc651e8785821282d3d4f789 (diff) | |
| download | openembedded-core-contrib-37edef7d39c829b8d01a0471e612d62d6388fb7e.tar.gz | |
openssh: fix CVE-2021-41617
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch | 48 | ||||
| -rw-r--r-- | meta/recipes-connectivity/openssh/openssh_8.7p1.bb | 1 |
2 files changed, 49 insertions, 0 deletions
diff --git a/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch b/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch new file mode 100644 index 0000000000..bebde7f26d --- /dev/null +++ b/meta/recipes-connectivity/openssh/openssh/CVE-2021-41617.patch @@ -0,0 +1,48 @@ +From 1f0707e8e78ef290fd0f229df3fcd2236f29db89 Mon Sep 17 00:00:00 2001 +From: Changqing Li <changqing.li@windriver.com> +Date: Thu, 28 Oct 2021 11:11:05 +0800 +Subject: [PATCH] upstream: need initgroups() before setresgid(); reported by + anton@, + +ok deraadt@ + +OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce + +CVE: CVE-2021-41617 +Upstream-Status: Backport [https://github.com/openssh/openssh-portable/commit/f3cbe43e28fe71427d41cfe3a17125b972710455 +https://github.com/openssh/openssh-portable/commit/bf944e3794eff5413f2df1ef37cddf96918c6bde] + +Signed-off-by: Changqing Li <changqing.li@windriver.com> +--- + misc.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/misc.c b/misc.c +index d988ce3..33eca1c 100644 +--- a/misc.c ++++ b/misc.c +@@ -56,6 +56,7 @@ + #ifdef HAVE_PATHS_H + # include <paths.h> + #include <pwd.h> ++#include <grp.h> + #endif + #ifdef SSH_TUN_OPENBSD + #include <net/if.h> +@@ -2629,6 +2630,13 @@ subprocess(const char *tag, const char *command, + } + closefrom(STDERR_FILENO + 1); + ++ if (geteuid() == 0 && ++ initgroups(pw->pw_name, pw->pw_gid) == -1) { ++ error("%s: initgroups(%s, %u): %s", tag, ++ pw->pw_name, (u_int)pw->pw_gid, strerror(errno)); ++ _exit(1); ++ } ++ + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) == -1) { + error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, + strerror(errno)); +-- +2.17.1 + diff --git a/meta/recipes-connectivity/openssh/openssh_8.7p1.bb b/meta/recipes-connectivity/openssh/openssh_8.7p1.bb index 07cd6b74cd..d19833e56f 100644 --- a/meta/recipes-connectivity/openssh/openssh_8.7p1.bb +++ b/meta/recipes-connectivity/openssh/openssh_8.7p1.bb @@ -24,6 +24,7 @@ SRC_URI = "http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-${PV}.tar file://fix-potential-signed-overflow-in-pointer-arithmatic.patch \ file://sshd_check_keys \ file://add-test-support-for-busybox.patch \ + file://CVE-2021-41617.patch \ " SRC_URI[sha256sum] = "7ca34b8bb24ae9e50f33792b7091b3841d7e1b440ff57bc9fabddf01e2ed1e24" |