Change-Id: Ib8a03d13f7bc3225a7a043c41e41f838cf5652c7
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/1403
Tested-by: gerrit-photon <photon-checkins@vmware.com>
Reviewed-by: Sharath George
(cherry picked from commit de35f844946cbd7091019c1936ff75e36c2c9d66)
Reviewed-on: http://photon-jenkins.eng.vmware.com:8082/1416
1 | 1 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,46 @@ |
0 |
+From fcd135c9df440bcd2d5870405ad3311743d78d97 Mon Sep 17 00:00:00 2001 |
|
1 |
+From: "dtucker@openbsd.org" <dtucker@openbsd.org> |
|
2 |
+Date: Thu, 21 Jul 2016 01:39:35 +0000 |
|
3 |
+Subject: [PATCH] upstream commit |
|
4 |
+ |
|
5 |
+Skip passwords longer than 1k in length so clients can't |
|
6 |
+easily DoS sshd by sending very long passwords, causing it to spend CPU |
|
7 |
+hashing them. feedback djm@, ok markus@. |
|
8 |
+ |
|
9 |
+Brought to our attention by tomas.kuthan at oracle.com, shilei-c at |
|
10 |
+360.cn and coredump at autistici.org |
|
11 |
+ |
|
12 |
+Upstream-ID: d0af7d4a2190b63ba1d38eec502bc4be0be9e333 |
|
13 |
+--- |
|
14 |
+ auth-passwd.c | 7 ++++++- |
|
15 |
+ 1 file changed, 6 insertions(+), 1 deletion(-) |
|
16 |
+ |
|
17 |
+diff --git a/auth-passwd.c b/auth-passwd.c |
|
18 |
+index 530b5d4..996c2cf 100644 |
|
19 |
+--- a/auth-passwd.c |
|
20 |
+@@ -1,4 +1,4 @@ |
|
21 |
+-/* $OpenBSD: auth-passwd.c,v 1.44 2014/07/15 15:54:14 millert Exp $ */ |
|
22 |
++/* $OpenBSD: auth-passwd.c,v 1.45 2016/07/21 01:39:35 dtucker Exp $ */ |
|
23 |
+ /* |
|
24 |
+ * Author: Tatu Ylonen <ylo@cs.hut.fi> |
|
25 |
+ * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
|
26 |
+@@ -66,6 +66,8 @@ extern login_cap_t *lc; |
|
27 |
+ #define DAY (24L * 60 * 60) /* 1 day in seconds */ |
|
28 |
+ #define TWO_WEEKS (2L * 7 * DAY) /* 2 weeks in seconds */ |
|
29 |
+ |
|
30 |
++#define MAX_PASSWORD_LEN 1024 |
|
31 |
++ |
|
32 |
+ void |
|
33 |
+ disable_forwarding(void) |
|
34 |
+ { |
|
35 |
+@@ -87,6 +89,9 @@ auth_password(Authctxt *authctxt, const char *password) |
|
36 |
+ static int expire_checked = 0; |
|
37 |
+ #endif |
|
38 |
+ |
|
39 |
++ if (strlen(password) > MAX_PASSWORD_LEN) |
|
40 |
++ return 0; |
|
41 |
++ |
|
42 |
+ #ifndef HAVE_CYGWIN |
|
43 |
+ if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) |
|
44 |
+ ok = 0; |
... | ... |
@@ -1,7 +1,7 @@ |
1 | 1 |
Summary: Free version of the SSH connectivity tools |
2 | 2 |
Name: openssh |
3 | 3 |
Version: 7.1p2 |
4 |
-Release: 3%{?dist} |
|
4 |
+Release: 4%{?dist} |
|
5 | 5 |
License: BSD |
6 | 6 |
URL: http://openssh.org |
7 | 7 |
Group: System Environment/Security |
... | ... |
@@ -12,6 +12,7 @@ Source0: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}. |
12 | 12 |
Source1: http://www.linuxfromscratch.org/blfs/downloads/systemd/blfs-systemd-units-20140907.tar.bz2 |
13 | 13 |
%define sha1 blfs-systemd-units=713afb3bbe681314650146e5ec412ef77aa1fe33 |
14 | 14 |
Patch1: blfs_systemd_fixes.patch |
15 |
+Patch2: openssh-7.1p2-skip-long-passwords.patch |
|
15 | 16 |
BuildRequires: openssl-devel |
16 | 17 |
BuildRequires: Linux-PAM |
17 | 18 |
BuildRequires: krb5 |
... | ... |
@@ -30,6 +31,7 @@ and rcp respectively. |
30 | 30 |
%setup -q |
31 | 31 |
tar xf %{SOURCE1} |
32 | 32 |
%patch1 -p0 |
33 |
+%patch2 -p1 |
|
33 | 34 |
%build |
34 | 35 |
./configure \ |
35 | 36 |
CFLAGS="%{optflags}" \ |
... | ... |
@@ -137,6 +139,8 @@ rm -rf %{buildroot}/* |
137 | 137 |
%{_mandir}/man8/* |
138 | 138 |
%attr(700,root,sys)/var/lib/sshd |
139 | 139 |
%changelog |
140 |
+* Thu Sep 15 2016 Anish Swaminathan <anishs@vmware.com> 7.1p2-4 |
|
141 |
+- Add patch to fix CVE-2016-6515 |
|
140 | 142 |
* Tue May 24 2016 Priyesh Padmavilasom <ppadmavilasom@vmware.com> 7.1p2-3 |
141 | 143 |
- GA - Bump release of all rpms |
142 | 144 |
* Wed May 04 2016 Anish Swaminathan <anishs@vmware.com> 7.1p2-2 |