metalefty/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity

import UBI openssh-8.0p1-27.el8_10

Browse Source
This commit is contained in:
eabdullin 2025-12-18 01:19:27 +00:00
parent 9a48c48aa4
commit 8d2400298f
3 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
SOURCES/openssh-8.0p1-reject-cntrl-chars-in-username.patch Normal file
View File

@ -0,0 +1,12 @@
diff --color -ruNp a/ssh.c b/ssh.c
--- a/ssh.c 2025-12-10 11:51:34.927545274 +0100
+++ b/ssh.c 2025-12-10 12:05:26.210486999 +0100
@@ -599,6 +599,8 @@ valid_ruser(const char *s)
if (*s == '-')
return 0;
for (i = 0; s[i] != 0; i++) {
+ if (iscntrl((u_char)s[i]))
+ return 0;
if (strchr("'`\";&<>|(){}", s[i]) != NULL)
return 0;
/* Disallow '-' after whitespace */

15
SOURCES/openssh-8.7p1-reject-null-char-in-url-string.patch Normal file
View File

@ -0,0 +1,15 @@
diff --color -ruNp a/misc.c b/misc.c
--- a/misc.c 2025-12-09 17:16:21.637368818 +0100
+++ b/misc.c 2025-12-09 17:48:22.679192853 +0100
@@ -936,9 +936,10 @@ urldecode(const char *src)
*dst++ = ' ';
break;
case '%':
+ /* note: don't allow \0 characters */
if (!isxdigit((unsigned char)src[1]) ||
!isxdigit((unsigned char)src[2]) ||
- (ch = hexchar(src + 1)) == -1) {
+ (ch = hexchar(src + 1)) == -1 || ch == 0) {
free(ret);
return NULL;
}

14
SPECS/openssh.spec
View File

@ -66,7 +66,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.0p1
%global openssh_rel 26
%global openssh_rel 27
%global pam_ssh_agent_ver 0.10.3
%global pam_ssh_agent_rel 7
@ -296,6 +296,10 @@ Patch1020: openssh-8.7p1-scp-kill-switch.patch
Patch1021: openssh-8.0p1-upstream-ignore-SIGPIPE.patch
#upstream commit 0832aac79517611dd4de93ad0a83577994d9c907
Patch1022: openssh-8.0p1-CVE-2025-26465.patch
# upstream 35d5917652106aede47621bb3f64044604164043
Patch1023: openssh-8.0p1-reject-cntrl-chars-in-username.patch
# upstream 43b3bff47bb029f2299bacb6a36057981b39fdb0
Patch1024: openssh-8.7p1-reject-null-char-in-url-string.patch
License: BSD
Group: Applications/Internet
@ -545,6 +549,8 @@ popd
%patch1020 -p1 -b .scp-kill-switch
%patch1021 -p1 -b .ignore-SIGPIPE
%patch1022 -p2 -b .cve-2025-26465
%patch1023 -p1 -b .reject-cntrl-chars-in-username
%patch1024 -p1 -b .reject-null-char-in-url-string
autoreconf
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@ -830,6 +836,12 @@ getent passwd sshd >/dev/null || \
%endif
%changelog
* Wed Dec 10 2025 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-27
- CVE-2025-61984: Reject usernames with control characters
Resolves: RHEL-128400
- CVE-2025-61985: Reject URL-strings with NULL characters
Resolves: RHEL-128390
* Wed Aug 20 2025 Antonio Vieiro <avieirov@redhat.com> - 8.0p1-26
- Fix missing invalid error code checks in OpenSSH. It prevents
a MITM attack when VerifyHostKeyDNS is on (CVE-2025-26465)