From 4c42338c0861104f2e8e333a5756ce10a3eb97a6 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Fri, 5 Jan 2024 14:28:02 +0100
Subject: [PATCH] Fix Terrapin attack

Resolves: CVE-2023-48795
---
 openssh-9.6p1-CVE-2023-48795.patch | 9 +++++++++
 openssh.spec                       | 4 ++++
 2 files changed, 13 insertions(+)

diff --git a/openssh-9.6p1-CVE-2023-48795.patch b/openssh-9.6p1-CVE-2023-48795.patch
index 4f865fe..7f710db 100644
--- a/openssh-9.6p1-CVE-2023-48795.patch
+++ b/openssh-9.6p1-CVE-2023-48795.patch
@@ -428,6 +428,15 @@ diff -up openssh-8.7p1/sshd.c.kexstrict openssh-8.7p1/sshd.c
  	myproposal[PROPOSAL_ENC_ALGS_CTOS] =
  	    myproposal[PROPOSAL_ENC_ALGS_STOC] = prop_enc =
  	    compat_cipher_proposal(ssh, options.ciphers);
+@@ -2586,7 +2586,7 @@ do_ssh2_kex(struct ssh *ssh)
+ 	if (gss && orig)
+ 		xasprintf(&newstr, "%s,%s", gss, orig);
+ 	else if (gss)
+-		newstr = gss;
++		xasprintf(&newstr, "%s,%s", gss, "kex-strict-s-v00@openssh.com");
+ 	else if (orig)
+ 		newstr = orig;
+ 
 @@ -2650,6 +2654,7 @@ do_ssh2_kex(struct ssh *ssh)
  #endif
  	free(prop_kex);
diff --git a/openssh.spec b/openssh.spec
index d059fc0..faf8208 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -798,6 +798,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-37
+- Fix Terrapin attack
+  Resolves: CVE-2023-48795
+
 * Wed Dec 20 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-36
 - Fix Terrapin attack
   Resolves: CVE-2023-48795