diff --git a/SOURCES/openssh-8.0p1-upstream-ignore-SIGPIPE.patch b/SOURCES/openssh-8.0p1-upstream-ignore-SIGPIPE.patch new file mode 100644 index 0000000..0e85815 --- /dev/null +++ b/SOURCES/openssh-8.0p1-upstream-ignore-SIGPIPE.patch @@ -0,0 +1,38 @@ +From d33ff14309e33aa79fdf95e1bc4facafa80b90a9 Mon Sep 17 00:00:00 2001 +From: Stepan Broz +Date: Tue, 25 Jun 2024 17:38:22 +0200 +Subject: [PATCH] upstream: ignore SIGPIPE earlier in main(), specifically + before + +muxclient() which performs operations that could cause one; Reported by Noam +Lewis via bz3454, ok dtucker@ + +OpenBSD-Commit-ID: 63d8e13276869eebac6d7a05d5a96307f9026e47 +--- + ssh.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/ssh.c b/ssh.c +index 786e26d..e037c66 100644 +--- a/ssh.c ++++ b/ssh.c +@@ -1115,6 +1115,8 @@ main(int ac, char **av) + } + } + ++ signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ ++ + /* + * Initialize "log" output. Since we are the client all output + * goes to stderr unless otherwise specified by -y or -E. +@@ -1545,7 +1547,6 @@ main(int ac, char **av) + options.num_system_hostfiles); + tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles); + +- signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */ + signal(SIGCHLD, main_sigchld_handler); + + /* Log into the remote system. Never returns if the login fails. */ +-- +2.45.2 + diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index 0889e50..a07dbd3 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -66,7 +66,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.0p1 -%global openssh_rel 24 +%global openssh_rel 25 %global pam_ssh_agent_ver 0.10.3 %global pam_ssh_agent_rel 7 @@ -292,6 +292,8 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch Patch1019: openssh-9.6p1-CVE-2023-51385.patch # SCP kill switch Patch1020: openssh-8.7p1-scp-kill-switch.patch +#upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c +Patch1021: openssh-8.0p1-upstream-ignore-SIGPIPE.patch License: BSD Group: Applications/Internet @@ -539,6 +541,7 @@ popd %patch1018 -p1 -b .cve-2023-48795 %patch1019 -p1 -b .cve-2023-51385 %patch1020 -p1 -b .scp-kill-switch +%patch1021 -p1 -b .ignore-SIGPIPE autoreconf pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} @@ -824,6 +827,10 @@ getent passwd sshd >/dev/null || \ %endif %changelog +* Tue Jun 25 2024 Stepan Broz - 8.0p1-25 +- Upstream: Ignore SIGPIPE earlier in main() + Resolves: RHEL-37743 + * Tue Feb 06 2024 Dmitry Belyavskiy - 8.0p1-24 - Providing a kill switch for scp to deal with CVE-2020-15778 Resolves: RHEL-22870