rpms/openssh
5
0
Fork 1
Code Issues Pull Requests Releases Activity

Allow duplicate Subsystem directive

Browse Source 
Resolves: RHEL-47112
This commit is contained in:
Dmitry Belyavskiy 2024-10-21 13:38:05 +02:00
parent 2282e9f646
commit 76b570ae7c
2 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
openssh-8.7p1-allow-duplicate-subsystem.patch Normal file
View File

@ -0,0 +1,32 @@
diff --git a/servconf.c b/servconf.c
index e16f9e90fc71..a3779a9d86ee 100644
--- a/servconf.c
+++ b/servconf.c
@@ -1942,13 +1942,22 @@ process_server_config_line_depth(ServerOptions *options, char *line,
fatal("%s line %d: %s missing argument.",
filename, linenum, keyword);
if (!*activep) {
- arg = argv_next(&ac, &av);
+ argv_consume(&ac);
+ break;
+ }
+ found = 0;
+ for (i = 0; i < options->num_subsystems; i++) {
+ if (strcmp(arg, options->subsystem_name[i]) == 0) {
+ found = 1;
+ break;
+ }
+ }
+ if (found) {
+ debug("%s line %d: Subsystem '%s' already defined.",
+ filename, linenum, arg);
+ argv_consume(&ac);
break;
}
- for (i = 0; i < options->num_subsystems; i++)
- if (strcmp(arg, options->subsystem_name[i]) == 0)
- fatal("%s line %d: Subsystem '%s' "
- "already defined.", filename, linenum, arg);
options->subsystem_name[options->num_subsystems] = xstrdup(arg);
arg = argv_next(&ac, &av);
if (!arg || *arg == '\0')

5
openssh.spec
View File

@ -295,6 +295,8 @@ Patch1020: openssh-8.7p1-sigpipe.patch
Patch1021: openssh-9.8p1-upstream-cve-2024-6387.patch Patch1021: openssh-9.8p1-upstream-cve-2024-6387.patch
Patch1022: openssh-8.7p1-redhat-help.patch Patch1022: openssh-8.7p1-redhat-help.patch
Patch1023: openssh-8.7p1-openssl-log.patch Patch1023: openssh-8.7p1-openssl-log.patch
#upstream commit 52dfe3c72d98503d8b7c6f64fc7e19d685636c0b
Patch1024: openssh-8.7p1-allow-duplicate-subsystem.patch
License: BSD License: BSD
Requires: /sbin/nologin Requires: /sbin/nologin
@ -523,6 +525,7 @@ popd
%patch1021 -p1 -b .cve-2024-6387 %patch1021 -p1 -b .cve-2024-6387
%patch1022 -p1 -b .redhat-help %patch1022 -p1 -b .redhat-help
%patch1023 -p1 -b .openssl-log %patch1023 -p1 -b .openssl-log
%patch1024 -p1 -b .allow-dup-subsystem
autoreconf autoreconf
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver} pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@ -815,6 +818,8 @@ test -f %{sysconfig_anaconda} && \
Resolves: RHEL-33809 Resolves: RHEL-33809
- Provide details on crypto error instead of "error in libcrypto" - Provide details on crypto error instead of "error in libcrypto"
Resolves: RHEL-52293 Resolves: RHEL-52293
- Allow duplicate Subsystem directive
Resolves: RHEL-47112
* Tue Jul 09 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-43 * Tue Jul 09 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-43
- Possible remote code execution due to a race condition (CVE-2024-6409) - Possible remote code execution due to a race condition (CVE-2024-6409)