diff --git a/bugfix-for-cve-2024-6387.patch b/bugfix-for-cve-2024-6387.patch new file mode 100644 index 0000000000000000000000000000000000000000..993151be8e5b815abc0701e0cb19e1f439b9d500 --- /dev/null +++ b/bugfix-for-cve-2024-6387.patch @@ -0,0 +1,28 @@ +Reference:https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt +Conflict:NA +--- + log.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/log.c b/log.c +index dca08e4..5ca403a 100644 +--- a/log.c ++++ b/log.c +@@ -458,12 +458,14 @@ void + sshsigdie(const char *file, const char *func, int line, int showfunc, + LogLevel level, const char *suffix, const char *fmt, ...) + { ++#if 0 + va_list args; + + va_start(args, fmt); + sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL, + suffix, fmt, args); + va_end(args); ++#endif + _exit(1); + } + +-- +2.33.0 + diff --git a/openssh.spec b/openssh.spec index 93d32151608f8158cf3cf45afe5955727e3655c3..aaf6f0772e66963777d3a382d014391ff477a8d9 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,4 +1,4 @@ -%define anolis_release 1 +%define anolis_release 2 %global WITH_SELINUX 1 @@ -227,6 +227,11 @@ Patch1018: 0001-upstream-Fix-logic-error-in-DisableForwarding-option.patch # https://anongit.mindrot.org/openssh.git/commit/?id=0832aac79517611dd4de93ad0a83577994d9c907 Patch1019: bugfix-for-cve-2025-26465.patch +# CVE-2024-6387 +# https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt +Patch1020: bugfix-for-cve-2024-6387.patch + +# https://github.com/openssh/openssh-portable/commit/81c1099d22b81ebfd20a334ce986c4f753b0db29 License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant Requires: /sbin/nologin @@ -443,6 +448,7 @@ popd %patch -P 1017 -p1 %patch -P 1018 -p1 %patch -P 1019 -p1 +%patch -P 1020 -p1 autoreconf pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver} @@ -751,6 +757,9 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Tue Aug 19 2025 zjl02254423 - 9.6p1-2 +- add patch to fix CVE-2024-6387 + * Tue Jun 03 2025 Cheng Yang - 9.6p1-1 - update to 9.6p1 - The patch was removed because the new version already included the patch content