GNU bug report logs -
#34084
[PATCH] gnu: OpenSSH: Fix CVE-2018-20685.
Previous Next
Reported by: Leo Famulari <leo <at> famulari.name>
Date: Tue, 15 Jan 2019 14:20:01 UTC
Severity: normal
Tags: patch
Done: Leo Famulari <leo <at> famulari.name>
Bug is archived. No further changes may be made.
To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 34084 in the body.
You can then email your comments to 34084 AT debbugs.gnu.org in the normal way.
Toggle the display of automated, internal messages from the tracker.
Report forwarded
to
guix-patches <at> gnu.org:
bug#34084; Package
guix-patches.
(Tue, 15 Jan 2019 14:20:01 GMT)
Full text and
rfc822 format available.
Acknowledgement sent
to
Leo Famulari <leo <at> famulari.name>:
New bug report received and forwarded. Copy sent to
guix-patches <at> gnu.org.
(Tue, 15 Jan 2019 14:20:01 GMT)
Full text and
rfc822 format available.
Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):
* gnu/packages/patches/openssh-CVE-2018-20685.patch: New file.
* gnu/local.mk (dist_patch_DATA): Add it.
* gnu/packages/ssh.scm (openssh)[source]: Use it.
---
gnu/local.mk | 1 +
.../patches/openssh-CVE-2018-20685.patch | 44 +++++++++++++++++++
gnu/packages/ssh.scm | 1 +
3 files changed, 46 insertions(+)
create mode 100644 gnu/packages/patches/openssh-CVE-2018-20685.patch
diff --git a/gnu/local.mk b/gnu/local.mk
index 7ee41de64..f3eff831a 100644
--- a/gnu/local.mk
+++ b/gnu/local.mk
@@ -1044,6 +1044,7 @@ dist_patch_DATA = \
%D%/packages/patches/openldap-CVE-2017-9287.patch \
%D%/packages/patches/openocd-nrf52.patch \
%D%/packages/patches/opensmtpd-fix-crash.patch \
+ %D%/packages/patches/openssh-CVE-2018-20685.patch \
%D%/packages/patches/openssl-runpath.patch \
%D%/packages/patches/openssl-1.1-c-rehash-in.patch \
%D%/packages/patches/openssl-c-rehash-in.patch \
diff --git a/gnu/packages/patches/openssh-CVE-2018-20685.patch b/gnu/packages/patches/openssh-CVE-2018-20685.patch
new file mode 100644
index 000000000..463c08a9d
--- /dev/null
+++ b/gnu/packages/patches/openssh-CVE-2018-20685.patch
@@ -0,0 +1,44 @@
+Fix CVE-2018-20685:
+
+https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20685
+
+Patch copied from upstream source repository:
+
+https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
+
+From 6010c0303a422a9c5fa8860c061bf7105eb7f8b2 Mon Sep 17 00:00:00 2001
+From: "djm <at> openbsd.org" <djm <at> openbsd.org>
+Date: Fri, 16 Nov 2018 03:03:10 +0000
+Subject: [PATCH] upstream: disallow empty incoming filename or ones that refer
+ to the
+
+current directory; based on report/patch from Harry Sintonen
+
+OpenBSD-Commit-ID: f27651b30eaee2df49540ab68d030865c04f6de9
+---
+ scp.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/scp.c b/scp.c
+index 60682c68..4f3fdcd3 100644
+--- a/scp.c
++++ b/scp.c
+#@@ -1,4 +1,4 @@
+#-/* $OpenBSD: scp.c,v 1.197 2018/06/01 04:31:48 dtucker Exp $ */
+#+/* $OpenBSD: scp.c,v 1.198 2018/11/16 03:03:10 djm Exp $ */
+# /*
+# * scp - secure remote copy. This is basically patched BSD rcp which
+# * uses ssh to do the data transfer (instead of using rcmd).
+@@ -1106,7 +1106,8 @@ sink(int argc, char **argv)
+ SCREWUP("size out of range");
+ size = (off_t)ull;
+
+- if ((strchr(cp, '/') != NULL) || (strcmp(cp, "..") == 0)) {
++ if (*cp == '\0' || strchr(cp, '/') != NULL ||
++ strcmp(cp, ".") == 0 || strcmp(cp, "..") == 0) {
+ run_err("error: unexpected filename: %s", cp);
+ exit(1);
+ }
+--
+2.20.1
+
diff --git a/gnu/packages/ssh.scm b/gnu/packages/ssh.scm
index 88230c505..78659fbbf 100644
--- a/gnu/packages/ssh.scm
+++ b/gnu/packages/ssh.scm
@@ -149,6 +149,7 @@ a server that supports the SSH-2 protocol.")
(method url-fetch)
(uri (string-append "mirror://openbsd/OpenSSH/portable/"
name "-" version ".tar.gz"))
+ (patches (search-patches "openssh-CVE-2018-20685.patch"))
(sha256
(base32
"1b8sy6v0b8v4ggmknwcqx3y1rjcpsll0f1f8f4vyv11x4ni3njvb"))))
--
2.20.1
Information forwarded
to
guix-patches <at> gnu.org:
bug#34084; Package
guix-patches.
(Wed, 16 Jan 2019 10:49:01 GMT)
Full text and
rfc822 format available.
Message #8 received at 34084 <at> debbugs.gnu.org (full text, mbox):
Hi Leo,
Leo Famulari <leo <at> famulari.name> skribis:
> * gnu/packages/patches/openssh-CVE-2018-20685.patch: New file.
> * gnu/local.mk (dist_patch_DATA): Add it.
> * gnu/packages/ssh.scm (openssh)[source]: Use it.
LGTM, thank you!
Ludo’.
Reply sent
to
Leo Famulari <leo <at> famulari.name>:
You have taken responsibility.
(Thu, 17 Jan 2019 19:25:01 GMT)
Full text and
rfc822 format available.
Notification sent
to
Leo Famulari <leo <at> famulari.name>:
bug acknowledged by developer.
(Thu, 17 Jan 2019 19:25:02 GMT)
Full text and
rfc822 format available.
Message #13 received at 34084-done <at> debbugs.gnu.org (full text, mbox):
[Message part 1 (text/plain, inline)]
On Wed, Jan 16, 2019 at 11:48:44AM +0100, Ludovic Courtès wrote:
> Hi Leo,
>
> Leo Famulari <leo <at> famulari.name> skribis:
>
> > * gnu/packages/patches/openssh-CVE-2018-20685.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/ssh.scm (openssh)[source]: Use it.
>
> LGTM, thank you!
Thanks, pushed as 2b65a9e6d18c661f5bb6b3e557973c52b3294e87
[signature.asc (application/pgp-signature, inline)]
bug archived.
Request was from
Debbugs Internal Request <help-debbugs <at> gnu.org>
to
internal_control <at> debbugs.gnu.org.
(Fri, 15 Feb 2019 12:24:07 GMT)
Full text and
rfc822 format available.
This bug report was last modified 5 years and 66 days ago.
Previous Next
GNU bug tracking system
Copyright (C) 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson.