diff --git a/buildroot-patches/0019-openssh-9.8p1.patch b/buildroot-patches/0019-openssh-9.8p1.patch index ba552a4607..4a23117124 100644 --- a/buildroot-patches/0019-openssh-9.8p1.patch +++ b/buildroot-patches/0019-openssh-9.8p1.patch @@ -33,6 +33,50 @@ --- -2.43.0 - +--- buildroot/package/openssh/0002-sshsigdie-async-signal-unsafe.patch.orig ++++ buildroot/package/openssh/0002-sshsigdie-async-signal-unsafe.patch +@@ -1,41 +0,0 @@ +-From 7f4a743171f9e6b283207d448de6562219774fbf Mon Sep 17 00:00:00 2001 +-From: Salvatore Bonaccorso +-Date: Tue, 25 Jun 2024 12:24:29 +0100 +-Subject: Disable async-signal-unsafe code from the sshsigdie() function +- +-Address signal handler race condition: if a client does not authenticate +-within LoginGraceTime seconds (120 by default, 600 in old OpenSSH +-versions), then sshd's SIGALRM handler is called asynchronously, but +-this signal handler calls various functions that are not +-async-signal-safe (for example, syslog()). +- +-This is a regression from CVE-2006-5051 ("Signal handler race condition +-in OpenSSH before 4.4 allows remote attackers to cause a denial of +-service (crash), and possibly execute arbitrary code") +- +-Signed-off-by: Salvatore Bonaccorso +-Upstream: https://salsa.debian.org/ssh-team/openssh/-/blob/525bb16e45edac4c03b95e106380d70aecbaf27e/debian/patches/sshsigdie-async-signal-unsafe.patch +-Patch-Name: sshsigdie-async-signal-unsafe.patch +---- +- log.c | 2 ++ +- 1 file changed, 2 insertions(+) +- +-diff --git a/log.c b/log.c +-index 6a8b1fc4a..57256660f 100644 +---- a/log.c +-+++ b/log.c +-@@ -452,12 +452,14 @@ void +- sshsigdie(const char *file, const char *func, int line, int showfunc, +- LogLevel level, const char *suffix, const char *fmt, ...) +- { +-+#if 0 +- va_list args; +- +- va_start(args, fmt); +- sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, +- suffix, fmt, args); +- va_end(args); +-+#endif +- _exit(1); +- } +- --- buildroot/package/openssh/openssh.hash.orig +++ buildroot/package/openssh/openssh.hash @@ -1,4 +1,4 @@ diff --git a/buildroot-patches/0019-openssh-9.8p1/buildroot/package/openssh/0002-sshsigdie-async-signal-unsafe.patch b/buildroot-patches/0019-openssh-9.8p1/buildroot/package/openssh/0002-sshsigdie-async-signal-unsafe.patch new file mode 100644 index 0000000000..e69de29bb2 diff --git a/buildroot-patches/0019-openssh-9.8p1/buildroot/package/openssh/0002-sshsigdie-async-signal-unsafe.patch.orig b/buildroot-patches/0019-openssh-9.8p1/buildroot/package/openssh/0002-sshsigdie-async-signal-unsafe.patch.orig new file mode 100644 index 0000000000..70a890e469 --- /dev/null +++ b/buildroot-patches/0019-openssh-9.8p1/buildroot/package/openssh/0002-sshsigdie-async-signal-unsafe.patch.orig @@ -0,0 +1,41 @@ +From 7f4a743171f9e6b283207d448de6562219774fbf Mon Sep 17 00:00:00 2001 +From: Salvatore Bonaccorso +Date: Tue, 25 Jun 2024 12:24:29 +0100 +Subject: Disable async-signal-unsafe code from the sshsigdie() function + +Address signal handler race condition: if a client does not authenticate +within LoginGraceTime seconds (120 by default, 600 in old OpenSSH +versions), then sshd's SIGALRM handler is called asynchronously, but +this signal handler calls various functions that are not +async-signal-safe (for example, syslog()). + +This is a regression from CVE-2006-5051 ("Signal handler race condition +in OpenSSH before 4.4 allows remote attackers to cause a denial of +service (crash), and possibly execute arbitrary code") + +Signed-off-by: Salvatore Bonaccorso +Upstream: https://salsa.debian.org/ssh-team/openssh/-/blob/525bb16e45edac4c03b95e106380d70aecbaf27e/debian/patches/sshsigdie-async-signal-unsafe.patch +Patch-Name: sshsigdie-async-signal-unsafe.patch +--- + log.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/log.c b/log.c +index 6a8b1fc4a..57256660f 100644 +--- a/log.c ++++ b/log.c +@@ -452,12 +452,14 @@ void + sshsigdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) + { ++#if 0 + va_list args; + + va_start(args, fmt); + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, + suffix, fmt, args); + va_end(args); ++#endif + _exit(1); + } +