From 9743ed6d76e64b636453e83d2021a25da83e014f Mon Sep 17 00:00:00 2001
From: Peridot Bot <rockyautomation@rockylinux.org>
Date: Mon, 1 Jul 2024 10:45:55 +0000
Subject: [PATCH] import imports/r9/openssh-8.7p1-38.el9_4.security.0.5

---
 .../openssh-8.7p1-rocky-CVE-2024-6387.patch    | 18 ++++++++++++++++++
 SPECS/openssh.spec                             |  9 ++++++++-
 2 files changed, 26 insertions(+), 1 deletion(-)
 create mode 100644 SOURCES/openssh-8.7p1-rocky-CVE-2024-6387.patch

diff --git a/SOURCES/openssh-8.7p1-rocky-CVE-2024-6387.patch b/SOURCES/openssh-8.7p1-rocky-CVE-2024-6387.patch
new file mode 100644
index 0000000..171f735
--- /dev/null
+++ b/SOURCES/openssh-8.7p1-rocky-CVE-2024-6387.patch
@@ -0,0 +1,18 @@
+diff -urpN openssh-8.7p1.orig/log.c openssh-8.7p1/log.c
+--- openssh-8.7p1.orig/log.c	2021-08-20 06:03:49.000000000 +0200
++++ openssh-8.7p1/log.c	2024-07-01 12:26:30.381040908 +0200
+@@ -448,12 +448,14 @@ void
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+     LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#if 0
+ 	va_list args;
+ 
+ 	va_start(args, fmt);
+ 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ 	    suffix, fmt, args);
+ 	va_end(args);
++#endif
+ 	_exit(1);
+ }
+ 
diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec
index 5c274d7..34633d2 100644
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@@ -50,7 +50,7 @@
 %global openssh_rel 38
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 5
-%global security_rel 0.4
+%global security_rel 0.5
 
 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
@@ -290,6 +290,8 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
 #upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a
 Patch1019: openssh-9.6p1-CVE-2023-51385.patch
 
+Patch8900: openssh-8.7p1-rocky-CVE-2024-6387.patch
+
 Patch9000: openssh-8.7p1-rocky-systemd.patch
 Patch9001: openssh-8.7p1-rocky-no-gssapi.patch
 
@@ -517,6 +519,8 @@ popd
 %patch1018 -p1 -b .cve-2023-48795
 %patch1019 -p1 -b .cve-2023-51385
 
+%patch8900 -p1 -b .rocky-cve-2024-6387
+
 %patch9000 -p1 -b .rocky-systemd
 %patch9001 -p1 -b .rocky-no-gssapi
 
@@ -806,6 +810,9 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Mon Jul 01 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.5
+- Fix CVE-2024-6387 regreSSHion
+
 * Mon May 20 2024 Solar Designer <solar@openwall.com> 8.7p1-38.el9_4.security.0.4
 - Rebase on 8.7p1-38
 
-- 
GitLab