From 9e2e1d633c113dffec9e95afcc21dd041c65f378 Mon Sep 17 00:00:00 2001
From: sa-buc <zjl02254423@alibaba-inc.com>
Date: Wed, 20 Aug 2025 13:18:46 +0800
Subject: [PATCH] add patch to fix cve

---
 bugfix-for-cve-2024-39894.patch | 32 ++++++++++++++++++++++++++++++++
 openssh.spec                    |  5 ++++-
 2 files changed, 36 insertions(+), 1 deletion(-)
 create mode 100644 bugfix-for-cve-2024-39894.patch

diff --git a/bugfix-for-cve-2024-39894.patch b/bugfix-for-cve-2024-39894.patch
new file mode 100644
index 0000000..1f0203e
--- /dev/null
+++ b/bugfix-for-cve-2024-39894.patch
@@ -0,0 +1,32 @@
+From 146c420d29d055cc75c8606327a1cf8439fe3a08 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Mon, 1 Jul 2024 04:31:17 +0000
+Subject: upstream: when sending ObscureKeystrokeTiming chaff packets, we
+
+can't rely on channel_did_enqueue to tell that there is data to send. This
+flag indicates that the channels code enqueued a packet on _this_ ppoll()
+iteration, not that data was enqueued in _any_ ppoll() iteration in the
+timeslice. ok markus@
+
+OpenBSD-Commit-ID: 009b74fd2769b36b5284a0188ade182f00564136
+---
+ clientloop.c | 5 ++++---
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/clientloop.c b/clientloop.c
+index 0b6f3c9b..8ed8b1c3 100644
+--- a/clientloop.c
++++ b/clientloop.c
+@@ -607,8 +607,9 @@ obfuscate_keystroke_timing(struct ssh *ssh, struct timespec *timeout,
+ 		if (timespeccmp(&now, &chaff_until, >=)) {
+ 			/* Stop if there have been no keystrokes for a while */
+ 			stop_reason = "chaff time expired";
+-		} else if (timespeccmp(&now, &next_interval, >=)) {
+-			/* Otherwise if we were due to send, then send chaff */
++		} else if (timespeccmp(&now, &next_interval, >=) &&
++		    !ssh_packet_have_data_to_write(ssh)) {
++			/* If due to send but have no data, then send chaff */
+ 			if (send_chaff(ssh))
+ 				nchaff++;
+ 		}
+
diff --git a/openssh.spec b/openssh.spec
index aaf6f07..c8f8112 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -1,4 +1,4 @@
-%define anolis_release 2
+%define anolis_release 3
 
 %global WITH_SELINUX 1
 
@@ -757,6 +757,9 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+* Wed Aug 20 2025 zjl02254423 <zjl02254423@libaba-inc.com> - 9.6p1-3
+- add patch to fix CVE-2024-39894
+
 * Tue Aug 19 2025 zjl02254423 <zjl02254423@libaba-inc.com> - 9.6p1-2
 - add patch to fix CVE-2024-6387
 
-- 
Gitee