From 94597021fbf5b12b369b7bb3c13af715d8be8c4e Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sat, 27 Apr 2024 13:13:19 +0200 Subject: Adding debian version 1:8.4p1-5+deb11u3. Signed-off-by: Daniel Baumann --- debian/patches/CVE-2023-38408-1.patch | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) create mode 100644 debian/patches/CVE-2023-38408-1.patch (limited to 'debian/patches/CVE-2023-38408-1.patch') diff --git a/debian/patches/CVE-2023-38408-1.patch b/debian/patches/CVE-2023-38408-1.patch new file mode 100644 index 0000000..b70fd9f --- /dev/null +++ b/debian/patches/CVE-2023-38408-1.patch @@ -0,0 +1,30 @@ +From 8175e38eaf5636f45c3f27f4eadee1d583b70d35 Mon Sep 17 00:00:00 2001 +From: Damien Miller +Date: Thu, 13 Jul 2023 12:09:34 +1000 +Subject: terminate pkcs11 process for bad libraries + +Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=b23fe83f06ee7e721033769cfa03ae840476d280 +Last-Update: 2023-09-17 + +Patch-Name: CVE-2023-38408-1.patch +--- + ssh-pkcs11.c | 6 ++---- + 1 file changed, 2 insertions(+), 4 deletions(-) + +diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c +index f495883d1..d864051c4 100644 +--- a/ssh-pkcs11.c ++++ b/ssh-pkcs11.c +@@ -1519,10 +1519,8 @@ pkcs11_register_provider(char *provider_id, char *pin, + error("dlopen %s failed: %s", provider_id, dlerror()); + goto fail; + } +- if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) { +- error("dlsym(C_GetFunctionList) failed: %s", dlerror()); +- goto fail; +- } ++ if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) ++ fatal("dlsym(C_GetFunctionList) failed: %s", dlerror()); + p = xcalloc(1, sizeof(*p)); + p->name = xstrdup(provider_id); + p->handle = handle; -- cgit v1.2.3