From 58760558fb79c45cbd207b7549f1c5f00a508004 Mon Sep 17 00:00:00 2001
From: Dmitry Belyavskiy <dbelyavs@redhat.com>
Date: Mon, 3 Jun 2024 12:12:04 +0200
Subject: [PATCH] Fix ssh multiplexing connect timeout processing

---
 .openssh.metadata           |  4 ++++
 openssh-8.7p1-sigpipe.patch | 21 +++++++++++++++++++++
 openssh.spec                |  9 ++++++++-
 3 files changed, 33 insertions(+), 1 deletion(-)
 create mode 100644 .openssh.metadata
 create mode 100644 openssh-8.7p1-sigpipe.patch

diff --git a/.openssh.metadata b/.openssh.metadata
new file mode 100644
index 0000000..d8c21a4
--- /dev/null
+++ b/.openssh.metadata
@@ -0,0 +1,4 @@
+8719032c1e47732c8fdb14adfb24b5e9e71de802 openssh-8.7p1.tar.gz
+d0d0d2442bed150073213a0ce46f21944da22664 openssh-8.7p1.tar.gz.asc
+66dd8274346fd006ff40f525c082cfb701085b5f pam_ssh_agent_auth-0.10.4.tar.gz
+dbb35b4e9ae3f72b930a82c6fd5e83e9dcd7b193 gpgkey-736060BA.gpg
diff --git a/openssh-8.7p1-sigpipe.patch b/openssh-8.7p1-sigpipe.patch
new file mode 100644
index 0000000..be73b2c
--- /dev/null
+++ b/openssh-8.7p1-sigpipe.patch
@@ -0,0 +1,21 @@
+diff --git a/ssh.c b/ssh.c
+index 89ca1940..559bf2af 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -1124,6 +1124,8 @@ main(int ac, char **av)
+ 		}
+ 	}
+ 
++	ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
++
+ 	/*
+ 	 * Initialize "log" output.  Since we are the client all output
+ 	 * goes to stderr unless otherwise specified by -y or -E.
+@@ -1652,7 +1654,6 @@ main(int ac, char **av)
+ 	    options.num_system_hostfiles);
+ 	tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
+ 
+-	ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
+ 	ssh_signal(SIGCHLD, main_sigchld_handler);
+ 
+ 	/* Log into the remote system.  Never returns if the login fails. */
diff --git a/openssh.spec b/openssh.spec
index 4a8b521..bb29732 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -47,7 +47,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %global openssh_ver 8.7p1
-%global openssh_rel 40
+%global openssh_rel 41
 %global pam_ssh_agent_ver 0.10.4
 %global pam_ssh_agent_rel 5
 
@@ -290,6 +290,8 @@ Patch1017: openssh-9.4p2-limit-delay.patch
 Patch1018: openssh-9.6p1-CVE-2023-48795.patch
 #upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a
 Patch1019: openssh-9.6p1-CVE-2023-51385.patch
+#upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c
+Patch1020: openssh-8.7p1-sigpipe.patch
 
 License: BSD
 Requires: /sbin/nologin
@@ -514,6 +516,7 @@ popd
 %patch1017 -p1 -b .limitdelay
 %patch1018 -p1 -b .cve-2023-48795
 %patch1019 -p1 -b .cve-2023-51385
+%patch1020 -p1 -b .earlypipe
 
 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@@ -801,6 +804,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Mon Jun 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-41
+- Fix ssh multiplexing connect timeout processing
+  Resolves: RHEL-37748
+
 * Thu May 02 2024 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-40
 - Correctly audit hostname and IP address
   Resolves: RHEL-22316