diff --git a/.openssh.metadata b/.openssh.metadata new file mode 100644 index 0000000..d8c21a4 --- /dev/null +++ b/.openssh.metadata @@ -0,0 +1,4 @@ +8719032c1e47732c8fdb14adfb24b5e9e71de802 openssh-8.7p1.tar.gz +d0d0d2442bed150073213a0ce46f21944da22664 openssh-8.7p1.tar.gz.asc +66dd8274346fd006ff40f525c082cfb701085b5f pam_ssh_agent_auth-0.10.4.tar.gz +dbb35b4e9ae3f72b930a82c6fd5e83e9dcd7b193 gpgkey-736060BA.gpg diff --git a/openssh-8.7p1-sigpipe.patch b/openssh-8.7p1-sigpipe.patch new file mode 100644 index 0000000..be73b2c --- /dev/null +++ b/openssh-8.7p1-sigpipe.patch @@ -0,0 +1,21 @@ +diff --git a/ssh.c b/ssh.c +index 89ca1940..559bf2af 100644 +--- a/ssh.c ++++ b/ssh.c +@@ -1124,6 +1124,8 @@ main(int ac, char **av) + } + } + ++ ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ ++ + /* + * Initialize "log" output. Since we are the client all output + * goes to stderr unless otherwise specified by -y or -E. +@@ -1652,7 +1654,6 @@ main(int ac, char **av) + options.num_system_hostfiles); + tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles); + +- ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ + ssh_signal(SIGCHLD, main_sigchld_handler); + + /* Log into the remote system. Never returns if the login fails. */ diff --git a/openssh.spec b/openssh.spec index 4a8b521..bb29732 100644 --- a/openssh.spec +++ b/openssh.spec @@ -47,7 +47,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.7p1 -%global openssh_rel 40 +%global openssh_rel 41 %global pam_ssh_agent_ver 0.10.4 %global pam_ssh_agent_rel 5 @@ -290,6 +290,8 @@ Patch1017: openssh-9.4p2-limit-delay.patch Patch1018: openssh-9.6p1-CVE-2023-48795.patch #upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a Patch1019: openssh-9.6p1-CVE-2023-51385.patch +#upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c +Patch1020: openssh-8.7p1-sigpipe.patch License: BSD Requires: /sbin/nologin @@ -514,6 +516,7 @@ popd %patch1017 -p1 -b .limitdelay %patch1018 -p1 -b .cve-2023-48795 %patch1019 -p1 -b .cve-2023-51385 +%patch1020 -p1 -b .earlypipe autoreconf pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver} @@ -801,6 +804,10 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Mon Jun 03 2024 Dmitry Belyavskiy - 8.7p1-41 +- Fix ssh multiplexing connect timeout processing + Resolves: RHEL-37748 + * Thu May 02 2024 Zoltan Fridrich - 8.7p1-40 - Correctly audit hostname and IP address Resolves: RHEL-22316