forked from rpms/openssh
Compare commits
1 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| 779aabdb52 |
38
SOURCES/openssh-8.0p1-upstream-ignore-SIGPIPE.patch
Normal file
38
SOURCES/openssh-8.0p1-upstream-ignore-SIGPIPE.patch
Normal file
@ -0,0 +1,38 @@
|
||||
From d33ff14309e33aa79fdf95e1bc4facafa80b90a9 Mon Sep 17 00:00:00 2001
|
||||
From: Stepan Broz <sbroz@redhat.com>
|
||||
Date: Tue, 25 Jun 2024 17:38:22 +0200
|
||||
Subject: [PATCH] upstream: ignore SIGPIPE earlier in main(), specifically
|
||||
before
|
||||
|
||||
muxclient() which performs operations that could cause one; Reported by Noam
|
||||
Lewis via bz3454, ok dtucker@
|
||||
|
||||
OpenBSD-Commit-ID: 63d8e13276869eebac6d7a05d5a96307f9026e47
|
||||
---
|
||||
ssh.c | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ssh.c b/ssh.c
|
||||
index 786e26d..e037c66 100644
|
||||
--- a/ssh.c
|
||||
+++ b/ssh.c
|
||||
@@ -1115,6 +1115,8 @@ main(int ac, char **av)
|
||||
}
|
||||
}
|
||||
|
||||
+ signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
|
||||
+
|
||||
/*
|
||||
* Initialize "log" output. Since we are the client all output
|
||||
* goes to stderr unless otherwise specified by -y or -E.
|
||||
@@ -1545,7 +1547,6 @@ main(int ac, char **av)
|
||||
options.num_system_hostfiles);
|
||||
tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
|
||||
|
||||
- signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
|
||||
signal(SIGCHLD, main_sigchld_handler);
|
||||
|
||||
/* Log into the remote system. Never returns if the login fails. */
|
||||
--
|
||||
2.45.2
|
||||
|
||||
@ -66,7 +66,7 @@
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%global openssh_ver 8.0p1
|
||||
%global openssh_rel 24
|
||||
%global openssh_rel 25
|
||||
%global pam_ssh_agent_ver 0.10.3
|
||||
%global pam_ssh_agent_rel 7
|
||||
|
||||
@ -292,6 +292,8 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
|
||||
Patch1019: openssh-9.6p1-CVE-2023-51385.patch
|
||||
# SCP kill switch
|
||||
Patch1020: openssh-8.7p1-scp-kill-switch.patch
|
||||
#upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c
|
||||
Patch1021: openssh-8.0p1-upstream-ignore-SIGPIPE.patch
|
||||
|
||||
License: BSD
|
||||
Group: Applications/Internet
|
||||
@ -539,6 +541,7 @@ popd
|
||||
%patch1018 -p1 -b .cve-2023-48795
|
||||
%patch1019 -p1 -b .cve-2023-51385
|
||||
%patch1020 -p1 -b .scp-kill-switch
|
||||
%patch1021 -p1 -b .ignore-SIGPIPE
|
||||
|
||||
autoreconf
|
||||
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||
@ -824,6 +827,10 @@ getent passwd sshd >/dev/null || \
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Tue Jun 25 2024 Stepan Broz <sbroz@redhat.com> - 8.0p1-25
|
||||
- Upstream: Ignore SIGPIPE earlier in main()
|
||||
Resolves: RHEL-37743
|
||||
|
||||
* Tue Feb 06 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-24
|
||||
- Providing a kill switch for scp to deal with CVE-2020-15778
|
||||
Resolves: RHEL-22870
|
||||
|
||||
Loading…
Reference in New Issue
Block a user