Compare commits

..

1 Commits
c8 ... c8

Author SHA1 Message Date
779aabdb52 import UBI openssh-8.0p1-25.el8_10 2024-08-13 19:19:37 +00:00
2 changed files with 46 additions and 1 deletions

View File

@ -0,0 +1,38 @@
From d33ff14309e33aa79fdf95e1bc4facafa80b90a9 Mon Sep 17 00:00:00 2001
From: Stepan Broz <sbroz@redhat.com>
Date: Tue, 25 Jun 2024 17:38:22 +0200
Subject: [PATCH] upstream: ignore SIGPIPE earlier in main(), specifically
before
muxclient() which performs operations that could cause one; Reported by Noam
Lewis via bz3454, ok dtucker@
OpenBSD-Commit-ID: 63d8e13276869eebac6d7a05d5a96307f9026e47
---
ssh.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ssh.c b/ssh.c
index 786e26d..e037c66 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1115,6 +1115,8 @@ main(int ac, char **av)
}
}
+ signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
+
/*
* Initialize "log" output. Since we are the client all output
* goes to stderr unless otherwise specified by -y or -E.
@@ -1545,7 +1547,6 @@ main(int ac, char **av)
options.num_system_hostfiles);
tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
- signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
signal(SIGCHLD, main_sigchld_handler);
/* Log into the remote system. Never returns if the login fails. */
--
2.45.2

View File

@ -66,7 +66,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.0p1 %global openssh_ver 8.0p1
%global openssh_rel 24 %global openssh_rel 25
%global pam_ssh_agent_ver 0.10.3 %global pam_ssh_agent_ver 0.10.3
%global pam_ssh_agent_rel 7 %global pam_ssh_agent_rel 7
@ -292,6 +292,8 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
Patch1019: openssh-9.6p1-CVE-2023-51385.patch Patch1019: openssh-9.6p1-CVE-2023-51385.patch
# SCP kill switch # SCP kill switch
Patch1020: openssh-8.7p1-scp-kill-switch.patch Patch1020: openssh-8.7p1-scp-kill-switch.patch
#upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c
Patch1021: openssh-8.0p1-upstream-ignore-SIGPIPE.patch
License: BSD License: BSD
Group: Applications/Internet Group: Applications/Internet
@ -539,6 +541,7 @@ popd
%patch1018 -p1 -b .cve-2023-48795 %patch1018 -p1 -b .cve-2023-48795
%patch1019 -p1 -b .cve-2023-51385 %patch1019 -p1 -b .cve-2023-51385
%patch1020 -p1 -b .scp-kill-switch %patch1020 -p1 -b .scp-kill-switch
%patch1021 -p1 -b .ignore-SIGPIPE
autoreconf autoreconf
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@ -824,6 +827,10 @@ getent passwd sshd >/dev/null || \
%endif %endif
%changelog %changelog
* Tue Jun 25 2024 Stepan Broz <sbroz@redhat.com> - 8.0p1-25
- Upstream: Ignore SIGPIPE earlier in main()
Resolves: RHEL-37743
* Tue Feb 06 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-24 * Tue Feb 06 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-24
- Providing a kill switch for scp to deal with CVE-2020-15778 - Providing a kill switch for scp to deal with CVE-2020-15778
Resolves: RHEL-22870 Resolves: RHEL-22870