SOURCES/openssh-8.7p1-CVE-2024-6387.patch

@@ -0,0 +1,30 @@
+From 0e3e0757b4fba0799f045594ad03cb55fb21560a Mon Sep 17 00:00:00 2001
+From: Jonathan Wright <jonathan@almalinux.org>
+Date: Mon, 1 Jul 2024 08:41:24 -0500
+Subject: [PATCH] fix CVE-2024-6387
+
+---
+ log.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/log.c b/log.c
+index 42c6f9a..679c527 100644
+--- a/log.c
++++ b/log.c
+@@ -448,12 +448,14 @@ void
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+     LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#if 0
+        va_list args;
+
+        va_start(args, fmt);
+        sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+            suffix, fmt, args);
+        va_end(args);
++#endif
+        _exit(1);
+ }
+
+--
+2.45.2

SPECS/openssh.spec

@@ -54,7 +54,7 @@
 Summary: An open source implementation of SSH protocol version 2
 Name: openssh
 Version: %{openssh_ver}
-Release: %{openssh_rel}%{?dist}
+Release: %{openssh_rel}%{?dist}.alma.1
 URL: http://www.openssh.com/portable.html
 #URL1: https://github.com/jbeverly/pam_ssh_agent_auth/
 Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@@ -289,6 +289,10 @@ Patch1018: openssh-9.6p1-CVE-2023-48795.patch
 #upstream commit 7ef3787c84b6b524501211b11a26c742f829af1a
 Patch1019: openssh-9.6p1-CVE-2023-51385.patch
 
+# fix CVE-2024-6387
+# https://openwall.com/lists/oss-security/2024/07/01/3
+Patch1020: openssh-8.7p1-CVE-2024-6387.patch
+
 License: BSD
 Requires: /sbin/nologin
 
@@ -798,6 +802,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Mon July 01 2024 Jonathan Wright <jonathan@almalinux.org> - 8.7p1-38.alma.1
+- Fix regreSSHion attack
+  Resolves: CVE-2024-6387
+
 * Fri Jan 05 2024 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-38
 - Fix Terrapin attack
   Resolves: CVE-2023-48795