Fix ssh multiplexing connect timeout processing

Resolves: RHEL-37748
This commit is contained in:
Dmitry Belyavskiy 2024-06-03 12:12:04 +02:00
parent 17e559c555
commit 6ca18e235a
2 changed files with 29 additions and 1 deletions

View File

@ -0,0 +1,21 @@
diff --git a/ssh.c b/ssh.c
index 89ca1940..559bf2af 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1124,6 +1124,8 @@ main(int ac, char **av)
}
}
+ ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
+
/*
* Initialize "log" output. Since we are the client all output
* goes to stderr unless otherwise specified by -y or -E.
@@ -1652,7 +1654,6 @@ main(int ac, char **av)
options.num_system_hostfiles);
tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
- ssh_signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
ssh_signal(SIGCHLD, main_sigchld_handler);
/* Log into the remote system. Never returns if the login fails. */

View File

@ -47,7 +47,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.7p1 %global openssh_ver 8.7p1
%global openssh_rel 40 %global openssh_rel 41
%global pam_ssh_agent_ver 0.10.4 %global pam_ssh_agent_ver 0.10.4
%global pam_ssh_agent_rel 5 %global pam_ssh_agent_rel 5
@ -290,6 +290,8 @@ Patch1017: openssh-9.4p2-limit-delay.patch
Patch1018: openssh-9.6p1-CVE-2023-48795.patch Patch1018: openssh-9.6p1-CVE-2023-48795.patch
#upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a #upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a
Patch1019: openssh-9.6p1-CVE-2023-51385.patch Patch1019: openssh-9.6p1-CVE-2023-51385.patch
#upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c
Patch1020: openssh-8.7p1-sigpipe.patch
License: BSD License: BSD
Requires: /sbin/nologin Requires: /sbin/nologin
@ -514,6 +516,7 @@ popd
%patch1017 -p1 -b .limitdelay %patch1017 -p1 -b .limitdelay
%patch1018 -p1 -b .cve-2023-48795 %patch1018 -p1 -b .cve-2023-48795
%patch1019 -p1 -b .cve-2023-51385 %patch1019 -p1 -b .cve-2023-51385
%patch1020 -p1 -b .earlypipe
autoreconf autoreconf
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver} pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@ -801,6 +804,10 @@ test -f %{sysconfig_anaconda} && \
%endif %endif
%changelog %changelog
* Mon Jun 03 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-41
- Fix ssh multiplexing connect timeout processing
Resolves: RHEL-37748
* Thu May 02 2024 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-40 * Thu May 02 2024 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-40
- Correctly audit hostname and IP address - Correctly audit hostname and IP address
Resolves: RHEL-22316 Resolves: RHEL-22316