- Fix a MitM attack against OpenSSH's VerifyHostKeyDNS-enabled

client and a DoS attack against OpenSSH's client and server (bsc#1237040, CVE-2025-26465, bsc#1237041, CVE-2025-26466): * fix-CVE-2025-26465-and-CVE-2025-26466.patch OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=282
2025-02-18 09:10:29 +00:00
commit d7201bdb47
95 changed files with 26355 additions and 0 deletions
--- a/0001-fix-utmpx-ifdef.patch
+++ b/0001-fix-utmpx-ifdef.patch
@@ -0,0 +1,36 @@
+From c7fda601186ff28128cfe3eab9c9c0622de096e1 Mon Sep 17 00:00:00 2001
+From: Christoph Ostarek <christoph@zededa.com>
+Date: Wed, 3 Jul 2024 12:46:59 +0200
+Subject: fix utmpx ifdef
+
+02e16ad95fb1f56ab004b01a10aab89f7103c55d did a copy-paste for
+utmpx, but forgot to change the ifdef appropriately
+---
+ loginrec.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/loginrec.c b/loginrec.c
+index 7460bb2c..45f13dee 100644
+--- a/loginrec.c
+++ b/loginrec.c
+@@ -723,7 +723,7 @@ set_utmpx_time(struct logininfo *li, struct utmpx *utx)
+ void
+ construct_utmpx(struct logininfo *li, struct utmpx *utx)
+ {
+-# ifdef HAVE_ADDR_V6_IN_UTMP
+# ifdef HAVE_ADDR_V6_IN_UTMPX
+ 	struct sockaddr_in6 *sa6;
+ #  endif
+ 	memset(utx, '\0', sizeof(*utx));
+@@ -769,7 +769,7 @@ construct_utmpx(struct logininfo *li, struct utmpx *utx)
+ 	if (li->hostaddr.sa.sa_family == AF_INET)
+ 		utx->ut_addr = li->hostaddr.sa_in.sin_addr.s_addr;
+ # endif
+-# ifdef HAVE_ADDR_V6_IN_UTMP
+# ifdef HAVE_ADDR_V6_IN_UTMPX
+ 	/* this is just a 128-bit IPv6 address */
+ 	if (li->hostaddr.sa.sa_family == AF_INET6) {
+ 		sa6 = ((struct sockaddr_in6 *)&li->hostaddr.sa);
+-- 
+cgit v1.2.3
+