summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-07-01 09:47:02 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-07-01 09:47:02 +0000
commit29ce07903d9a4a7195934213f2895249b202f7e9 (patch)
treea674f92cfb4c5558eb4ab864991e5c1146cea9cc
parentReleasing progress-linux version 1:9.7p1-6~progress7.99u1. (diff)
downloadopenssh-29ce07903d9a4a7195934213f2895249b202f7e9.tar.xz
openssh-29ce07903d9a4a7195934213f2895249b202f7e9.zip
Merging debian version 1:9.7p1-7.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
-rw-r--r--debian/.git-dpm4
-rw-r--r--debian/changelog8
-rw-r--r--debian/patches/series1
-rw-r--r--debian/patches/sshsigdie-async-signal-unsafe.patch41
4 files changed, 52 insertions, 2 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm
index 4b1e161..881c43e 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
# see git-dpm(1) from git-dpm package
-d4ae5b68870bf65747084f4ed3060bb13c586c9e
-d4ae5b68870bf65747084f4ed3060bb13c586c9e
+7f4a743171f9e6b283207d448de6562219774fbf
+7f4a743171f9e6b283207d448de6562219774fbf
cf05e8418c088a6e5712344cecaf6ee2d5eb550f
cf05e8418c088a6e5712344cecaf6ee2d5eb550f
openssh_9.7p1.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index 43e99ab..6c89841 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+openssh (1:9.7p1-7) unstable; urgency=critical
+
+ [ Salvatore Bonaccorso ]
+ * Disable async-signal-unsafe code from the sshsigdie() function. This is
+ a minimal workaround for a regression from CVE-2006-5051.
+
+ -- Colin Watson <cjwatson@debian.org> Mon, 01 Jul 2024 10:11:27 +0100
+
openssh (1:9.7p1-6~progress7.99u1) graograman-backports; urgency=medium
* Uploading to graograman-backports, remaining changes:
diff --git a/debian/patches/series b/debian/patches/series
index 48c673a..7e890bd 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -29,6 +29,7 @@ zero-call-used-regs-m68k.patch
regress-conch-dev-zero.patch
configure-cache-vars.patch
pam-avoid-unknown-host.patch
+sshsigdie-async-signal-unsafe.patch
progress-linux/0001-ssh-keygen-default-rsa-size.patch
progress-linux/0002-ssh-keygen-default-ecdsa-size.patch
progress-linux/0003-ssh_config-update.patch
diff --git a/debian/patches/sshsigdie-async-signal-unsafe.patch b/debian/patches/sshsigdie-async-signal-unsafe.patch
new file mode 100644
index 0000000..2d27ecb
--- /dev/null
+++ b/debian/patches/sshsigdie-async-signal-unsafe.patch
@@ -0,0 +1,41 @@
+From 7f4a743171f9e6b283207d448de6562219774fbf Mon Sep 17 00:00:00 2001
+From: Salvatore Bonaccorso <carnil@debian.org>
+Date: Tue, 25 Jun 2024 12:24:29 +0100
+Subject: Disable async-signal-unsafe code from the sshsigdie() function
+
+Address signal handler race condition: if a client does not authenticate
+within LoginGraceTime seconds (120 by default, 600 in old OpenSSH
+versions), then sshd's SIGALRM handler is called asynchronously, but
+this signal handler calls various functions that are not
+async-signal-safe (for example, syslog()).
+
+This is a regression from CVE-2006-5051 ("Signal handler race condition
+in OpenSSH before 4.4 allows remote attackers to cause a denial of
+service (crash), and possibly execute arbitrary code")
+
+Signed-off-by: Salvatore Bonaccorso <carnil@debian.org>
+
+Patch-Name: sshsigdie-async-signal-unsafe.patch
+---
+ log.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/log.c b/log.c
+index 6a8b1fc4a..57256660f 100644
+--- a/log.c
++++ b/log.c
+@@ -452,12 +452,14 @@ void
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+ LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#if 0
+ va_list args;
+
+ va_start(args, fmt);
+ sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ suffix, fmt, args);
+ va_end(args);
++#endif
+ _exit(1);
+ }
+