From 47d02ef83b371ecd907ea810cb91312f5da88d8e Mon Sep 17 00:00:00 2001
From: "taifu.gc" <taifu.gc@alibaba-inc.com>
Date: Tue, 2 Jul 2024 12:14:33 +0000
Subject: [PATCH] Fix CVE-2024-6387

---
 1018-fix-CVE-2024-6387.patch | 31 +++++++++++++++++++++++++++++++
 openssh.spec                 |  9 ++++++++-
 2 files changed, 39 insertions(+), 1 deletion(-)
 create mode 100644 1018-fix-CVE-2024-6387.patch

diff --git a/1018-fix-CVE-2024-6387.patch b/1018-fix-CVE-2024-6387.patch
new file mode 100644
index 0000000..dba5364
--- /dev/null
+++ b/1018-fix-CVE-2024-6387.patch
@@ -0,0 +1,31 @@
+From f953de5c4bf14be4b0cf7a9556a8d148f1b4023f Mon Sep 17 00:00:00 2001
+From: "taifu.gc" <taifu.gc@alibaba-inc.com>
+Date: Tue, 2 Jul 2024 12:08:43 +0000
+Subject: [PATCH] fix CVE-2024-6387.patch
+
+---
+ log.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/log.c b/log.c
+index dca08e4..5ca403a 100644
+--- a/log.c
++++ b/log.c
+@@ -458,12 +458,14 @@ void
+ sshsigdie(const char *file, const char *func, int line, int showfunc,
+     LogLevel level, const char *suffix, const char *fmt, ...)
+ {
++#if 0
+ 	va_list args;
+ 
+ 	va_start(args, fmt);
+ 	sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
+ 	    suffix, fmt, args);
+ 	va_end(args);
++#endif
+ 	_exit(1);
+ }
+ 
+-- 
+2.39.3
+
diff --git a/openssh.spec b/openssh.spec
index 3373600..08dcdc0 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -1,4 +1,4 @@
-%define anolis_release 1
+%define anolis_release 2
 
 %global WITH_SELINUX 1
 
@@ -219,6 +219,8 @@ Patch1014: openssh-8.7p1-nohostsha1proof.patch
 Patch1016: openssh-9.3p1-openssl-compat.patch
 # for loongarch
 Patch1017: add-loongarch64-support-for-openssh.patch
+# Fix CVE-2024-6387
+Patch1018: 1018-fix-CVE-2024-6387.patch 
 
 License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant
 Requires: /sbin/nologin
@@ -435,6 +437,8 @@ popd
 
 #patch for loongarch
 %patch -P 1017 -p1
+# cve fix
+%patch -P 1018 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@@ -746,6 +750,9 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Tue July 2 2024 Chang Gao <gc-taifu@linux.alibaba.com> - 9.3p2-2
+- Fix CVE-2024-6387
+
 * Fri Mar 22 2024 mgb01105731 <mgb01105731@alibaba-inc.com> - 9.3p2-1
 - update to 9.3p2
 
-- 
Gitee