From 24a3a3f566948a85e8a9be4aefe83441d717432c Mon Sep 17 00:00:00 2001
From: Andrew Phelps <anphel@microsoft.com>
Date: Mon, 19 Oct 2020 13:37:07 -0700
Subject: [PATCH] patch openssh

---
 SPECS/openssh/CVE-2019-16905.patch | 12 ++++++++++++
 SPECS/openssh/openssh.spec         |  6 +++++-
 2 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 SPECS/openssh/CVE-2019-16905.patch

diff --git a/SPECS/openssh/CVE-2019-16905.patch b/SPECS/openssh/CVE-2019-16905.patch
new file mode 100644
index 00000000000..4cc12586ad5
--- /dev/null
+++ b/SPECS/openssh/CVE-2019-16905.patch
@@ -0,0 +1,12 @@
+--- ./sshkey-xmss-orig.c	2020-10-19 13:08:05.657397679 -0700
++++ ./sshkey-xmss.c	2020-10-19 13:07:42.953419382 -0700
+@@ -977,7 +977,8 @@
+ 		goto out;
+ 	}
+ 	/* check that an appropriate amount of auth data is present */
+-	if (sshbuf_len(encoded) < encrypted_len + authlen) {
++	if (sshbuf_len(encoded) < authlen ||
++		sshbuf_len(encoded) - authlen < encrypted_len) {
+ 		r = SSH_ERR_INVALID_FORMAT;
+ 		goto out;
+ 	}
diff --git a/SPECS/openssh/openssh.spec b/SPECS/openssh/openssh.spec
index f2c684429b4..f6f65fefe3a 100644
--- a/SPECS/openssh/openssh.spec
+++ b/SPECS/openssh/openssh.spec
@@ -1,7 +1,7 @@
 Summary:        Free version of the SSH connectivity tools
 Name:           openssh
 Version:        8.0p1
-Release:        8%{?dist}
+Release:        9%{?dist}
 License:        BSD
 URL:            https://www.openssh.com/
 Group:          System Environment/Security
@@ -13,6 +13,7 @@ Source1:        http://www.linuxfromscratch.org/blfs/downloads/stable-systemd/bl
 Source2:        sshd.service
 Source3:        sshd-keygen.service
 Patch0:         blfs_systemd_fixes.patch
+Patch1:         CVE-2019-16905.patch
 BuildRequires:  openssl-devel
 BuildRequires:  pam-devel
 BuildRequires:  krb5-devel
@@ -49,6 +50,7 @@ This provides the ssh server daemons, utilities, configuration and service files
 %setup -q
 tar xf %{SOURCE1} --no-same-owner
 %patch0 -p0
+%patch1 -p0
 %build
 %configure \
     --sysconfdir=/etc/ssh \
@@ -171,6 +173,8 @@ rm -rf %{buildroot}/*
 %{_mandir}/man8/ssh-pkcs11-helper.8.gz
 
 %changelog
+*   Mon Oct 19 2020 Andrew Phelps <anphel@microsoft.com> 8.0p1-9
+-   Add patch for CVE-2019-16905
 *   Wed Sep 02 2020 Jim Perrin <jim.perrin@microsoft.com> 8.0p1-8
 -   Add wants=sshd-keygen.service to sshd.service for easier service starting
 *   Thu Jun 04 2020 Chris Co <chrco@microsoft.com> 8.0p1-7