Compare commits

...

No commits in common. "c8" and "c8s" have entirely different histories.
c8 ... c8s

98 changed files with 49 additions and 66 deletions
.gitignore.openssh.metadata
SOURCES
gating.yamlopenssh-4.3p2-askpass-grab-info.patchopenssh-5.1p1-askpass-progress.patchopenssh-5.8p2-sigpipe.patchopenssh-5.9p1-ipv6man.patchopenssh-6.3p1-ctr-evp-fast.patchopenssh-6.4p1-fromto-remote.patchopenssh-6.6.1p1-log-in-chroot.patchopenssh-6.6.1p1-scp-non-existing-directory.patchopenssh-6.6.1p1-selinux-contexts.patchopenssh-6.6p1-GSSAPIEnablek5users.patchopenssh-6.6p1-allow-ip-opts.patchopenssh-6.6p1-ctr-cavstest.patchopenssh-6.6p1-force_krb.patchopenssh-6.6p1-keycat.patchopenssh-6.6p1-keyperm.patchopenssh-6.6p1-kuserok.patchopenssh-6.6p1-privsep-selinux.patchopenssh-6.7p1-coverity.patchopenssh-6.7p1-kdf-cavs.patchopenssh-6.7p1-ldap.patchopenssh-6.7p1-sftp-force-permission.patchopenssh-6.8p1-sshdT-output.patchopenssh-6.9p1-permit-root-login.patchopenssh-7.1p2-audit-race-condition.patchopenssh-7.2p2-k5login_directory.patchopenssh-7.2p2-s390-closefrom.patchopenssh-7.2p2-x11.patchopenssh-7.3p1-x11-max-displays.patchopenssh-7.4p1-systemd.patchopenssh-7.5p1-sandbox.patchopenssh-7.6p1-audit.patchopenssh-7.6p1-cleanup-selinux.patchopenssh-7.7p1-fips.patchopenssh-7.7p1-gssapi-new-unique.patchopenssh-7.7p1-redhat.patchopenssh-7.8p1-UsePAM-warning.patchopenssh-7.8p1-role-mls.patchopenssh-7.8p1-scp-ipv6.patchopenssh-7.9p1-ssh-copy-id.patchopenssh-8.0p1-avoidkillall.patchopenssh-8.0p1-bigsshdconfig.patchopenssh-8.0p1-channel-limits.patchopenssh-8.0p1-client_alive_count_max.patchopenssh-8.0p1-crypto-policies.patchopenssh-8.0p1-crypto-policy-doc.patchopenssh-8.0p1-cve-2020-14145.patchopenssh-8.0p1-entropy.patchopenssh-8.0p1-gssapi-keyex.patchopenssh-8.0p1-ipv6-process.patchopenssh-8.0p1-keygen-sha2.patchopenssh-8.0p1-keygen-strip-doseol.patchopenssh-8.0p1-keyscan-rsa-sha2.patchopenssh-8.0p1-openssl-evp.patchopenssh-8.0p1-openssl-kdf.patchopenssh-8.0p1-openssl-pem.patchopenssh-8.0p1-pkcs11-uri.patchopenssh-8.0p1-preserve-pam-errors.patchopenssh-8.0p1-proxyjump-loops.patchopenssh-8.0p1-rdomain.patchopenssh-8.0p1-restore-nonblock.patchopenssh-8.0p1-scp-tests.patchopenssh-8.0p1-sftp-realpath.patchopenssh-8.0p1-sftp-timespeccmp.patchopenssh-8.0p1-sshd_config.patchopenssh-8.0p1-sshd_include.patchopenssh-8.0p1-x11-without-ipv6.patchopenssh-8.7p1-minimize-sha1-use.patchopenssh-8.7p1-scp-kill-switch.patchopenssh-8.7p1-upstream-cve-2021-41617.patchopenssh-9.1p1-sshbanner.patchopenssh-9.3p1-upstream-cve-2023-38408.patchopenssh-9.4p2-limit-delay.patchopenssh-9.6p1-CVE-2023-48795.patchopenssh-9.6p1-CVE-2023-51385.patchopenssh.specpam_ssh_agent-rmheaderspam_ssh_agent_auth-0.10.2-compat.patchpam_ssh_agent_auth-0.10.2-dereference.patchpam_ssh_agent_auth-0.10.3-seteuid.patchpam_ssh_agent_auth-0.9.2-visibility.patchpam_ssh_agent_auth-0.9.3-agent_structure.patchpam_ssh_agent_auth-0.9.3-build.patchsourcesssh-keycat.pamsshd-keygensshd-keygen.targetsshd-keygen@.servicesshd.pamsshd.servicesshd.socketsshd.sysconfigsshd.tmpfilessshd@.service

39
.gitignore vendored
View File

@ -1,3 +1,36 @@
SOURCES/DJM-GPG-KEY.gpg
SOURCES/openssh-8.0p1.tar.gz
SOURCES/pam_ssh_agent_auth-0.10.3.tar.bz2
openssh-5.5p1-noacss.tar.bz2
pam_ssh_agent_auth-0.9.2.tar.bz2
/openssh-5.6p1-noacss.tar.bz2
/pam_ssh_agent_auth-0.9.2.tar.bz2
/openssh-5.8p1-noacss.tar.bz2
/openssh-5.8p2-noacss.tar.bz2
/openssh-5.9p1-noacss.tar.bz2
/pam_ssh_agent_auth-0.9.3.tar.bz2
/openssh-6.0p1-noacss.tar.bz2
/openssh-6.1p1-noacss.tar.bz2
/openssh-6.2p1.tar.gz
/openssh-6.2p2.tar.gz
/openssh-6.3p1.tar.gz
/openssh-6.4p1.tar.gz
/openssh-6.6p1.tar.gz
/openssh-6.7p1.tar.gz
/openssh-6.8p1.tar.gz
/openssh-6.9p1.tar.gz
/openssh-7.0p1.tar.gz
/openssh-7.1p1.tar.gz
/openssh-7.1p2.tar.gz
/pam_ssh_agent_auth-0.10.2.tar.bz2
/openssh-7.2p1.tar.gz
/openssh-7.2p2.tar.gz
/openssh-7.3p1.tar.gz
/openssh-7.4p1.tar.gz
/pam_ssh_agent_auth-0.10.3.tar.bz2
/openssh-7.5p1.tar.gz
/openssh-7.6p1.tar.gz
/openssh-7.7p1.tar.gz
/openssh-7.7p1.tar.gz.asc
/DJM-GPG-KEY.gpg
/openssh-7.8p1.tar.gz
/openssh-7.8p1.tar.gz.asc
/openssh-8.0p1.tar.gz
/openssh-8.0p1.tar.gz.asc

View File

@ -1,3 +0,0 @@
bed7240bb17840b451b8f8457791c33456814d93 SOURCES/DJM-GPG-KEY.gpg
756dbb99193f9541c9206a667eaa27b0fa184a4f SOURCES/openssh-8.0p1.tar.gz
a4482a050fdad1d012427e45799564136708cf6b SOURCES/pam_ssh_agent_auth-0.10.3.tar.bz2

View File

@ -1,38 +0,0 @@
From d33ff14309e33aa79fdf95e1bc4facafa80b90a9 Mon Sep 17 00:00:00 2001
From: Stepan Broz <sbroz@redhat.com>
Date: Tue, 25 Jun 2024 17:38:22 +0200
Subject: [PATCH] upstream: ignore SIGPIPE earlier in main(), specifically
before
muxclient() which performs operations that could cause one; Reported by Noam
Lewis via bz3454, ok dtucker@
OpenBSD-Commit-ID: 63d8e13276869eebac6d7a05d5a96307f9026e47
---
ssh.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/ssh.c b/ssh.c
index 786e26d..e037c66 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1115,6 +1115,8 @@ main(int ac, char **av)
}
}
+ signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
+
/*
* Initialize "log" output. Since we are the client all output
* goes to stderr unless otherwise specified by -y or -E.
@@ -1545,7 +1547,6 @@ main(int ac, char **av)
options.num_system_hostfiles);
tilde_expand_paths(options.user_hostfiles, options.num_user_hostfiles);
- signal(SIGPIPE, SIG_IGN); /* ignore SIGPIPE early */
signal(SIGCHLD, main_sigchld_handler);
/* Log into the remote system. Never returns if the login fails. */
--
2.45.2

View File

@ -1,14 +0,0 @@
-----BEGIN PGP SIGNATURE-----
iQHDBAABCgAdFiEEWcIRjtIG2SfmZ+vj0+X1a22SDTAFAly3ro8ACgkQ0+X1a22S
DTCAiAx/W9XHoDs5NijyNIP43W2nFYuf6HG1duoLjdJ8rnsC3e90gx8h5RpUUh24
JDACoUFnbJsNgiQBaYpO7bOnf3Vw5Oui1gPeKnQ76KQsXDwD/N/0wLUf55+XdNJ6
tcgm6/x1W4b8bWje5bcS3qhxv6t/hSL/OxusA8zoNmnTD5XMg6QtJ0Rp9ZHPriCJ
C4eCPdHfmyHCr1IATMX9+n5CO5JUPexaDjQug7k/Z1XA/UlwVfRRs1JMpviBodC+
ZUOuk9tH11RKSBcUeR3Ef4iaR3FchryyyBZUZdYBkmDrnHrYpUK5ifdHT+ZXdzPl
laX03Kz094LqrP6L3lafk6b1PKOVjKwx1vM5fhnv+pfx4dmao9BwZMuIq6Fa5uMX
w2oHGhlIDmeT66Yny5d0APn2wCewyYUGPanSZY/HolHAPs+doOBgI361kMAR9J3e
Ii3VKhIdE8i4K3fC19uDkf7xL8UVvRVXjgM7i+GNndh1ou/vDYxmEAsW9IR/D3XC
HM/jMdq+UewAiRG46aI5rsi/A8J8/A==
=YtoH
-----END PGP SIGNATURE-----

8
gating.yaml Normal file
View File

@ -0,0 +1,8 @@
--- !Policy
product_versions:
- rhel-8
decision_context: osci_compose_gate
rules:
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tier1.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.userspace-fips-mode.functional}
- !PassingTestCaseRule {test_case_name: baseos-ci.brew-build.tedude.validation}

View File

@ -66,7 +66,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.0p1
%global openssh_rel 25
%global openssh_rel 24
%global pam_ssh_agent_ver 0.10.3
%global pam_ssh_agent_rel 7
@ -292,8 +292,6 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
Patch1019: openssh-9.6p1-CVE-2023-51385.patch
# SCP kill switch
Patch1020: openssh-8.7p1-scp-kill-switch.patch
#upstream commit 96faa0de6c673a2ce84736eba37fc9fb723d9e5c
Patch1021: openssh-8.0p1-upstream-ignore-SIGPIPE.patch
License: BSD
Group: Applications/Internet
@ -541,7 +539,6 @@ popd
%patch1018 -p1 -b .cve-2023-48795
%patch1019 -p1 -b .cve-2023-51385
%patch1020 -p1 -b .scp-kill-switch
%patch1021 -p1 -b .ignore-SIGPIPE
autoreconf
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@ -827,10 +824,6 @@ getent passwd sshd >/dev/null || \
%endif
%changelog
* Tue Jun 25 2024 Stepan Broz <sbroz@redhat.com> - 8.0p1-25
- Upstream: Ignore SIGPIPE earlier in main()
Resolves: RHEL-37743
* Tue Feb 06 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-24
- Providing a kill switch for scp to deal with CVE-2020-15778
Resolves: RHEL-22870

4
sources Normal file
View File

@ -0,0 +1,4 @@
SHA512 (openssh-8.0p1.tar.gz) = e280fa2d56f550efd37c5d2477670326261aa8b94d991f9eb17aad90e0c6c9c939efa90fe87d33260d0f709485cb05c379f0fd1bd44fc0d5190298b6398c9982
SHA512 (openssh-8.0p1.tar.gz.asc) = fe9e7383d9467e869762864f2b719165d9a3f2c5316c07067df1d45fc7819bd2cb8ef758454865595688804a4c160dd3d3aaee4c5f887859555d2c7bb8c4592b
SHA512 (DJM-GPG-KEY.gpg) = db1191ed9b6495999e05eed2ef863fb5179bdb63e94850f192dad68eed8579836f88fbcfffd9f28524fe1457aff8cd248ee3e0afc112c8f609b99a34b80ecc0d
SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66