[AUTO-CHERRYPICK] Patch openssh to fix CVE-2023-28531 - branch main (#9519)

CBL-Mariner-Bot · sameluch · web-flow · commit fd9ff7f98c56 · 2024-06-27T14:34:19.000-07:00
Co-authored-by: Sam Meluch &lt;109628994+sameluch@users.noreply.github.com&gt;
diff --git a/SPECS/openssh/CVE-2023-28531.patch b/SPECS/openssh/CVE-2023-28531.patch
@@ -0,0 +1,25 @@
+From 54ac4ab2b53ce9fcb66b8250dee91c070e4167ed Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Thu, 9 Mar 2023 06:58:26 +0000
+Subject: [PATCH] upstream: include destination constraints for smartcard keys
+ too.
+
+Spotted by Luci Stanescu; ok deraadt@ markus@
+
+OpenBSD-Commit-ID: add879fac6903a1cb1d1e42c4309e5359c3d870f
+---
+ authfd.c | 2 +-
+ 1 file changed, 1 insertions(+), 1 deletions(-)
+
+diff --git a/authfd.c b/authfd.c
+index 13f9432efb3..77dc3cce597 100644
+--- a/authfd.c
+@@ -665,7 +665,7 @@ ssh_update_card(int sock, int add, const char *reader_id, const char *pin,
+     struct dest_constraint **dest_constraints, size_t ndest_constraints)
+ {
+ 	struct sshbuf *msg;
+-	int r, constrained = (life || confirm);
++	int r, constrained = (life || confirm || dest_constraints);
+ 	u_char type;
+ 
+ 	if (add) {
diff --git a/SPECS/openssh/openssh.spec b/SPECS/openssh/openssh.spec
@@ -3,7 +3,7 @@
 Summary:        Free version of the SSH connectivity tools
 Name:           openssh
 Version:        %{openssh_ver}
-Release:        4%{?dist}
+Release:        5%{?dist}
 License:        BSD
 Vendor:         Microsoft Corporation
 Distribution:   Mariner
@@ -44,6 +44,8 @@ Patch316:       CVE-2023-48795-0006-upstream-Remove-leftover-line.patch
 Patch317:       CVE-2023-48795-0007-upstream-Refactor-creation-of-KEX-proposal.patch
 Patch318:       CVE-2023-48795-0008-upstream-Limit-number-of-entries-in-SSH2_MSG_EXT_INF.patch
 Patch319:       CVE-2023-48795-0009-upstream-implement-strict-key-exchange-in-ssh-and-ss.patch
+# Patch for CVE-2023-28531 can be removed if openssh is upgraded to version 9.3p1 or greater
+Patch350:       CVE-2023-28531.patch
 BuildRequires:  audit-devel
 BuildRequires:  autoconf
 BuildRequires:  e2fsprogs-devel
@@ -128,6 +130,7 @@ popd
 %patch317 -p1 -b .cve-2023-48795-0007
 %patch318 -p1 -b .cve-2023-48795-0008
 %patch319 -p1 -b .cve-2023-48795-0009
+%patch350 -p1 -b .cve-2023-28531
 
 %build
 export CFLAGS="$CFLAGS -fpic"
@@ -284,6 +287,9 @@ fi
 %{_mandir}/man8/ssh-sk-helper.8.gz
 
 %changelog
+* Tue Jun 25 2024 Sam Meluch <sammeluch@microsoft.com> - 8.9p1-5
+- Add patch for CVE-2023-28531
+
 * Mon Jan  8 15:23:58 EST 2024 Dan Streetman <ddstreet@ieee.org> - 8.9p1-4
 - Add patches for CVE-2023-48795
 
