Avoid remote code execution in ssh-agent PKCS#11 support

Resolves: CVE-2023-38408

openssh-9.3p1-upstream-cve-2023-38408.patch

@@ -0,0 +1,17 @@
+diff --git a/ssh-pkcs11.c b/ssh-pkcs11.c
+index 6be647ec..ebddf6c3 100644
+--- a/ssh-pkcs11.c
++++ b/ssh-pkcs11.c
+@@ -1537,10 +1537,8 @@ pkcs11_register_provider(char *provider_id, char *pin,
+ 		error("dlopen %s failed: %s", provider_module, dlerror());
+ 		goto fail;
+ 	}
+-	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL) {
+-		error("dlsym(C_GetFunctionList) failed: %s", dlerror());
+-		goto fail;
+-	}
++	if ((getfunctionlist = dlsym(handle, "C_GetFunctionList")) == NULL)
++		fatal("dlsym(C_GetFunctionList) failed: %s", dlerror());
+ 
+ 	p->module->handle = handle;
+ 	/* setup the pkcs11 callbacks */

openssh.spec

@@ -66,7 +66,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.0p1
-%global openssh_rel 17
+%global openssh_rel 18
 %global pam_ssh_agent_ver 0.10.3
 %global pam_ssh_agent_rel 7
 
@@ -277,6 +277,9 @@ Patch985: openssh-8.7p1-minimize-sha1-use.patch
 Patch986: openssh-9.1p1-sshbanner.patch
 # Upstream 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6
 Patch987: openssh-8.0p1-ipv6-process.patch
+# upsream commit
+# b23fe83f06ee7e721033769cfa03ae840476d280
+Patch1015: openssh-9.3p1-upstream-cve-2023-38408.patch
 
 License: BSD
 Group: Applications/Internet
@@ -517,6 +520,8 @@ popd
 
 %patch100 -p1 -b .coverity
 
+%patch1015 -p1 -b .cve-2023-38408
+
 autoreconf
 pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
 autoreconf
@@ -801,6 +806,10 @@ getent passwd sshd >/dev/null || \
 %endif
 
 %changelog
+* Thu Jul 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-18
+- Avoid remote code execution in ssh-agent PKCS#11 support
+  Resolves: CVE-2023-38408
+
 * Tue Dec 20 2022 Dmitry Belyavskiy - 8.0p1-17
 - Fix parsing of IPv6 IPs in sftp client (#2151334)
 - Avoid ssh banner one-byte overflow (#2138344)