8.7p1-38.4.el9_4.security.0.8

- Rebase on 8.7p1-38.4

8.7p1-38.4.el9_4.security.0.8
1f0162c3 · Solar Designer · 75b60605 · 75b60605 · 1f0162c3 · 1f0162c3
Commit 1f0162c3 authored 8 months ago by Solar Designer
--- a/SOURCES/openssh-8.7p1-rocky-CVE-2024-6409.patch
+++ b/SOURCES/openssh-8.7p1-rocky-CVE-2024-6409.patch
-diff -urp openssh-8.7p1-38.el9_4.1-tree.orig/sshd.c openssh-8.7p1-38.el9_4.1-tree/sshd.c
--- openssh-8.7p1-38.el9_4.1-tree.orig/sshd.c	2024-07-08 03:42:51.431994307 +0200
-+++ openssh-8.7p1-38.el9_4.1-tree/sshd.c	2024-07-08 03:48:13.860316451 +0200
-@@ -384,7 +384,7 @@ grace_alarm_handler(int sig)
- 
- 	/* Log error and exit. */
- 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)
-		cleanup_exit(255); /* don't log in privsep child */
-+		_exit(1); /* don't log in privsep child */
- 	else {
- 		sigdie("Timeout before authentication for %s port %d",
- 		    ssh_remote_ipaddr(the_active_state),
--- a/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch
+++ b/SOURCES/openssh-9.8p1-upstream-cve-2024-6387.patch
@@ -16,3 +16,15 @@ diff -up openssh-8.7p1/log.c.xxx openssh-8.7p1/log.c
 	_exit(1);
 }
 
+diff -up openssh-8.7p1/sshd.c.xxx openssh-8.7p1/sshd.c
+--- openssh-8.7p1/sshd.c.xxx	2024-07-01 10:33:04.332907749 +0200
+++ openssh-8.7p1/sshd.c	2024-07-01 10:33:47.843998038 +0200
+@@ -384,7 +384,7 @@ grace_alarm_handler(int sig)
+ 
+ 	/* Log error and exit. */
+ 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)
+-		cleanup_exit(255); /* don't log in privsep child */
+		_exit(255); /* don't log in privsep child */
+ 	else {
+ 		sigdie("Timeout before authentication for %s port %d",
+ 		    ssh_remote_ipaddr(the_active_state),
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@@ -47,10 +47,10 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 38.1
+%global openssh_rel 38.4
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 5
-%global security_rel 0.7
+%global security_rel 0.8

 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
@@ -291,8 +291,6 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
 Patch1019: openssh-9.6p1-CVE-2023-51385.patch
 Patch1020: openssh-9.8p1-upstream-cve-2024-6387.patch

-Patch8901: openssh-8.7p1-rocky-CVE-2024-6409.patch
-
 Patch9000: openssh-8.7p1-rocky-systemd.patch
 Patch9001: openssh-8.7p1-rocky-no-gssapi.patch

@@ -521,8 +519,6 @@ popd
 %patch1019 -p1 -b .cve-2023-51385
 %patch1020 -p1 -b .cve-2024-6387

-%patch8901 -p1 -b .cve-2024-6409
-
 %patch9000 -p1 -b .rocky-systemd
 %patch9001 -p1 -b .rocky-no-gssapi

@@ -812,6 +808,9 @@ test -f %{sysconfig_anaconda} && \
 %endif

 %changelog
+* Wed Jul 17 2024 Solar Designer <solar@openwall.com> 8.7p1-38.4.el9_4.security.0.8
+- Rebase on 8.7p1-38.4
+
 * Mon Jul 08 2024 Solar Designer <solar@openwall.com> 8.7p1-38.1.el9_4.security.0.7
 - Fix CVE-2024-6409

@@ -845,6 +844,16 @@ test -f %{sysconfig_anaconda} && \
  child process to avoid polluting actual sshd's address space with that
  library and its many dependencies (shortens "ldd sshd" from 28 to 20 lines)

+* Wed Jul 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38.4
+- rebuilt
+
+* Wed Jul 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38.3
+- rebuilt
+
+* Mon Jul 01 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38.2
+- Possible remote code execution due to a race condition (CVE-2024-6409)
+  Resolves: RHEL-45740
+
 * Fri Jun 28 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38.1
 - Possible remote code execution due to a race condition (CVE-2024-6387)
  Resolves: RHEL-45347