import imports/r9/openssh-8.7p1-38.el9_4.security.0.5

9743ed6d · Rocky Automation · 04bc3f16 · 9743ed6d · 9743ed6d
Commit 9743ed6d authored 9 months ago by Rocky Automation
--- a/SOURCES/openssh-8.7p1-rocky-CVE-2024-6387.patch
+++ b/SOURCES/openssh-8.7p1-rocky-CVE-2024-6387.patch
+diff -urpN openssh-8.7p1.orig/log.c openssh-8.7p1/log.c
+--- openssh-8.7p1.orig/log.c	2021-08-20 06:03:49.000000000 +0200
+++ openssh-8.7p1/log.c	2024-07-01 12:26:30.381040908 +0200
+@@ -448,12 +448,14 @@ void
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+     LogLevel level, const char *suffix, const char *fmt, ...)
+ {
+#if 0
+ 	va_list args;
+ 
+ 	va_start(args, fmt);
+ 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ 	    suffix, fmt, args);
+ 	va_end(args);
+#endif
+ 	_exit(1);
+ }
+ 
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@@ -50,7 +50,7 @@
 %global openssh_rel 38
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 5
-%global security_rel 0.4
+%global security_rel 0.5

 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
@@ -290,6 +290,8 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
 #upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a
 Patch1019: openssh-9.6p1-CVE-2023-51385.patch

+Patch8900: openssh-8.7p1-rocky-CVE-2024-6387.patch
+
 Patch9000: openssh-8.7p1-rocky-systemd.patch
 Patch9001: openssh-8.7p1-rocky-no-gssapi.patch

@@ -517,6 +519,8 @@ popd
 %patch1018 -p1 -b .cve-2023-48795
 %patch1019 -p1 -b .cve-2023-51385

+%patch8900 -p1 -b .rocky-cve-2024-6387
+
 %patch9000 -p1 -b .rocky-systemd
 %patch9001 -p1 -b .rocky-no-gssapi

@@ -806,6 +810,9 @@ test -f %{sysconfig_anaconda} && \
 %endif

 %changelog
+* Mon Jul 01 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.5
+- Fix CVE-2024-6387 regreSSHion
+
 * Mon May 20 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.4
 - Rebase on 8.7p1-38