!353 Fix CVE-2025-32728

From: @liu-haodong142 
Reviewed-by: @jiangheng12 
Signed-off-by: @jiangheng12

backport-upstream_CVE-2025-32728.patch

@@ -0,0 +1,39 @@
+From a14795025b80225ca3741073c48783604189b663 Mon Sep 17 00:00:00 2001
+From: root <root@localhost.localdomain>
+Date: Mon, 14 Apr 2025 12:48:57 +0800
+Subject: [PATCH] Fix logic error in DisableForwarding option. This option
+
+was documented as disabling X11 and agent forwarding but it failed to do so.
+Spotted by Tim Rice.
+
+OpenBSD-Commit-ID: fffc89195968f7eedd2fc57f0b1f1ef3193f5ed1
+---
+ session.c | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/session.c b/session.c
+index 1b67393..e968c22 100644
+--- a/session.c
++++ b/session.c
+@@ -2345,7 +2345,8 @@ session_auth_agent_req(struct ssh *ssh, Session *s)
+ 	if ((r = sshpkt_get_end(ssh)) != 0)
+ 		sshpkt_fatal(ssh, r, "%s: parse packet", __func__);
+ 	if (!auth_opts->permit_agent_forwarding_flag ||
+-	    !options.allow_agent_forwarding) {
++	    !options.allow_agent_forwarding ||
++	    options.disable_forwarding) {
+ 		debug_f("agent forwarding disabled");
+ 		return 0;
+ 	}
+@@ -2761,7 +2762,7 @@ session_setup_x11fwd(struct ssh *ssh, Session *s)
+ 		ssh_packet_send_debug(ssh, "X11 forwarding disabled by key options.");
+ 		return 0;
+ 	}
+-	if (!options.x11_forwarding) {
++	if (!options.x11_forwarding || options.disable_forwarding) {
+ 		debug("X11 forwarding disabled in server configuration file.");
+ 		return 0;
+ 	}
+-- 
+2.33.0
+

openssh.spec

@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 34
+%global openssh_release 35
 
 Name:           openssh
 Version:        8.8p1
@@ -135,6 +135,7 @@ Patch105:       backport-fix-CVE-2024-6387.patch
 Patch106:       backport-fix-CVE-2024-6409.patch
 Patch107:       backport-upstream-Set-OPENSSL_BIN-from-OpenSSL-directory.patch
 Patch108:       backport-CVE-2025-26465-Don-t-reply-to-PING-in-preauth-phase-or-during-KEX.patch
+Patch109:       backport-upstream_CVE-2025-32728.patch
 
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@@ -320,6 +321,7 @@ popd
 %patch106 -p1
 %patch107 -p1
 %patch108 -p1
+%patch109 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
@@ -526,6 +528,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Mon Apr 14 2025 hdliu<hdliu@linx-info.com> - 8.8p1-35
+- Type:CVE
+- CVE:CVE-2025-32728
+- SUG:NA
+- DESC:Fix CVE-2025-32728
+
 * Tue Feb 18 2025 bitianyuan<bitianyuan@huawei.com> - 8.8p1-34
 - Type:CVE
 - CVE:CVE-2025-26465