OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=10

openssh-4.6p1-untrusted-cookie-CVE-2007-4752.diff

@@ -0,0 +1,45 @@
+--- clientloop.c
++++ clientloop.c
+@@ -290,19 +290,29 @@
+ 					generated = 1;
+ 			}
+ 		}
+-		snprintf(cmd, sizeof(cmd),
+-		    "%s %s%s list %s 2>" _PATH_DEVNULL,
+-		    xauth_path,
+-		    generated ? "-f " : "" ,
+-		    generated ? xauthfile : "",
+-		    display);
+-		debug2("x11_get_proto: %s", cmd);
+-		f = popen(cmd, "r");
+-		if (f && fgets(line, sizeof(line), f) &&
+-		    sscanf(line, "%*s %511s %511s", proto, data) == 2)
+-			got_data = 1;
+-		if (f)
+-			pclose(f);
++
++		/*
++		 * When in untrusted mode, we read the cookie only if it was
++		 * successfully generated as an untrusted one in the step
++		 * above.
++		 */
++		if (trusted || generated) {
++			snprintf(cmd, sizeof(cmd),
++			    "%s %s%s list %s 2>" _PATH_DEVNULL,
++			    xauth_path,
++			    generated ? "-f " : "" ,
++			    generated ? xauthfile : "",
++			    display);
++			debug2("x11_get_proto: %s", cmd);
++			f = popen(cmd, "r");
++			if (f && fgets(line, sizeof(line), f) &&
++			    sscanf(line, "%*s %511s %511s", proto, data) == 2)
++				got_data = 1;
++			if (f)
++				pclose(f);
++		} else
++			error("Warning: untrusted X11 forwarding setup failed: "
++			    "xauth key data not generated");
+ 	}
+ 
+ 	if (do_unlink) {

openssh-askpass-gnome.spec

@@ -15,7 +15,7 @@ BuildRequires:  gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-dev
 License:        BSD 3-Clause
 Group:          Productivity/Networking/SSH
 Version:        4.6p1
-Release:        53
+Release:        60
 Requires:       openssh = %{version} openssh-askpass = %{version}
 Autoreqprov:    on
 Summary:        A GNOME-Based Passphrase Dialog for OpenSSH

openssh.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Thu Sep 13 15:50:39 CEST 2007 - nadvornik@suse.cz
+
+- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521]
+
 -------------------------------------------------------------------
 Tue Aug 28 18:25:57 CEST 2007 - anicka@suse.cz
 

openssh.spec

@@ -29,7 +29,7 @@ PreReq:         /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq  %fillup_pr
 Conflicts:      nonfreessh
 Autoreqprov:    on
 Version:        4.6p1
-Release:        47
+Release:        53
 %define xversion 1.2.4.1
 Summary:        Secure Shell Client and Server (Remote Login Program)
 URL:            http://www.openssh.com/
@@ -64,6 +64,7 @@ Patch42:        %{name}-gssapi_krb5-fix.patch
 Patch43:        %{name}-%{version}-default-protocol.diff
 Patch44:        %{name}-%{version}-audit.patch
 Patch45:        %{name}-%{version}-challenge.patch
+Patch46:        %{name}-%{version}-untrusted-cookie-CVE-2007-4752.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %package      askpass
 Summary:        A passphrase dialog for OpenSSH and the X Window System
@@ -155,6 +156,7 @@ Authors:
 %patch43
 %patch44 -p1
 %patch45
+%patch46
 cp -v %{SOURCE4} .
 cp -v %{SOURCE6} .
 cd ../x11-ssh-askpass-%{xversion}
@@ -298,6 +300,8 @@ rm -rf $RPM_BUILD_ROOT
 %config %_appdefdir/SshAskpass
 
 %changelog
+* Thu Sep 13 2007 - nadvornik@suse.cz
+- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521]
 * Tue Aug 28 2007 - anicka@suse.cz
 - fix blocksigalrm patch to set old signal mask after
   writing the log in every case [#304819]