[gsi-openssh/f18] Security fix for vulnerability

Mattias Ellert ellert at fedoraproject.org
Sat Apr 6 14:56:03 UTC 2013 

commit c90c90276d75a952c6ecf0d3c3fa07e13e10cac3
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date:   Sat Apr 6 16:21:51 2013 +0200

    Security fix for vulnerability
    
        http://grid.ncsa.illinois.edu/ssh/pamuserchange-2013-01.adv
        https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2013-5168

 gsi-openssh.spec           |    7 ++++++-
 gsisshd-keygen             |    6 +++---
 openssh-6.1p1-gsissh.patch |    6 ++++--
 3 files changed, 13 insertions(+), 6 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index df27f99..e26d156 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -32,7 +32,7 @@
 %global nologin 1
 
 %global openssh_ver 6.1p1
-%global openssh_rel 4
+%global openssh_rel 5
 
 Summary: An implementation of the SSH protocol with GSI authentication
 Name: gsi-openssh
@@ -529,6 +529,11 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_unitdir}/gsisshd.service
 
 %changelog
+* Sat Apr 06 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.1p1-5
+- Security fix for vulnerability
+    http://grid.ncsa.illinois.edu/ssh/pamuserchange-2013-01.adv
+    https://wiki.egi.eu/wiki/SVG:Advisory-SVG-2013-5168
+
 * Tue Feb 26 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.1p1-4
 - Based on openssh-6.1p1-6.fc18
 
diff --git a/gsisshd-keygen b/gsisshd-keygen
index 025a753..e3fc330 100644
--- a/gsisshd-keygen
+++ b/gsisshd-keygen
@@ -8,15 +8,15 @@
 # source function library
 . /etc/rc.d/init.d/functions
 
-# pull in sysconfig settings
-[ -f /etc/sysconfig/gsisshd ] && . /etc/sysconfig/gsisshd
-
 # Some functions to make the below more readable
 KEYGEN=/usr/bin/gsissh-keygen
 RSA1_KEY=/etc/gsissh/ssh_host_key
 RSA_KEY=/etc/gsissh/ssh_host_rsa_key
 DSA_KEY=/etc/gsissh/ssh_host_dsa_key
 
+# pull in sysconfig settings
+[ -f /etc/sysconfig/gsisshd ] && . /etc/sysconfig/gsisshd
+
 fips_enabled() {
 	if [ -r /proc/sys/crypto/fips_enabled ]; then
 		cat /proc/sys/crypto/fips_enabled
diff --git a/openssh-6.1p1-gsissh.patch b/openssh-6.1p1-gsissh.patch
index 79cf702..558d299 100644
--- a/openssh-6.1p1-gsissh.patch
+++ b/openssh-6.1p1-gsissh.patch
@@ -370,7 +370,7 @@ diff -Nur openssh-6.1p1.orig/auth-pam.c openssh-6.1p1/auth-pam.c
  typedef pid_t sp_pthread_t;
  #endif
  
-@@ -277,6 +281,49 @@
+@@ -277,6 +281,51 @@
  # define pam_chauthtok(a,b)	(sshpam_chauthtok_ruid((a), (b)))
  #endif
  
@@ -410,8 +410,10 @@ diff -Nur openssh-6.1p1.orig/auth-pam.c openssh-6.1p1/auth-pam.c
 +			fatal("PAM: could not get passwd entry for user "
 +			    "'%.100s' provided by PAM_USER", user);
 +		pwfree(sshpam_authctxt->pw);
-+		sshpam_authctxt->pw = pw;
++		sshpam_authctxt->pw = pwcopy(pw);
 +		sshpam_authctxt->valid = allowed_user(pw);
++		xfree(sshpam_authctxt->user);
++		sshpam_authctxt->user = xstrdup(user);
 +		debug("PAM: user '%.100s' now %svalid", user,
 +		    sshpam_authctxt->valid ? "" : "in");
 +	}

More information about the scm-commits mailing list