Allow duplicate Subsystem directive

Resolves: RHEL-47112
2024-10-21 13:38:05 +02:00 · 2024-10-21 13:38:05 +02:00 · 76b570ae7c
commit 76b570ae7c
parent 2282e9f646
2 changed files with 37 additions and 0 deletions
--- a/openssh-8.7p1-allow-duplicate-subsystem.patch
+++ b/openssh-8.7p1-allow-duplicate-subsystem.patch
@ -0,0 +1,32 @@
+diff --git a/servconf.c b/servconf.c
+index e16f9e90fc71..a3779a9d86ee 100644
+--- a/servconf.c
+++ b/servconf.c
+@@ -1942,13 +1942,22 @@ process_server_config_line_depth(ServerOptions *options, char *line,
+ 			fatal("%s line %d: %s missing argument.",
+ 			    filename, linenum, keyword);
+ 		if (!*activep) {
+-			arg = argv_next(&ac, &av);
+			argv_consume(&ac);
+			break;
+		}
+		found = 0;
+		for (i = 0; i < options->num_subsystems; i++) {
+			if (strcmp(arg, options->subsystem_name[i]) == 0) {
+				found = 1;
+				break;
+			}
+		}
+		if (found) {
+			debug("%s line %d: Subsystem '%s' already defined.",
+			    filename, linenum, arg);
+			argv_consume(&ac);
+ 			break;
+ 		}
+-		for (i = 0; i < options->num_subsystems; i++)
+-			if (strcmp(arg, options->subsystem_name[i]) == 0)
+-				fatal("%s line %d: Subsystem '%s' "
+-				    "already defined.", filename, linenum, arg);
+ 		options->subsystem_name[options->num_subsystems] = xstrdup(arg);
+ 		arg = argv_next(&ac, &av);
+ 		if (!arg || *arg == '\0')
--- a/openssh.spec
+++ b/openssh.spec
@ -295,6 +295,8 @@ Patch1020: openssh-8.7p1-sigpipe.patch
 Patch1021: openssh-9.8p1-upstream-cve-2024-6387.patch
 Patch1022: openssh-8.7p1-redhat-help.patch
 Patch1023: openssh-8.7p1-openssl-log.patch
+#upstream commit 52dfe3c72d98503d8b7c6f64fc7e19d685636c0b
+Patch1024: openssh-8.7p1-allow-duplicate-subsystem.patch

 License: BSD
 Requires: /sbin/nologin
@ -523,6 +525,7 @@ popd
 %patch1021 -p1 -b .cve-2024-6387
 %patch1022 -p1 -b .redhat-help
 %patch1023 -p1 -b .openssl-log
+%patch1024 -p1 -b .allow-dup-subsystem

 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@ -815,6 +818,8 @@ test -f %{sysconfig_anaconda} && \
  Resolves: RHEL-33809
 - Provide details on crypto error instead of "error in libcrypto"
  Resolves: RHEL-52293
+- Allow duplicate Subsystem directive
+  Resolves: RHEL-47112

 * Tue Jul 09 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-43
 - Possible remote code execution due to a race condition (CVE-2024-6409)