From aec82ff63bb2d7df6e9cbddc400dc507e1eb7849 Mon Sep 17 00:00:00 2001
From: zhaohang_mskdxl <wb-zh951434@alibaba-inc.com>
Date: Tue, 9 Dec 2025 16:43:33 +0800
Subject: [PATCH] Update code from upstream

---
 ...9.9p1-reject-cntrl-chars-in-username.patch | 59 +++++++++++++++++++
 openssh.spec                                  | 10 +++-
 2 files changed, 67 insertions(+), 2 deletions(-)
 create mode 100644 openssh-9.9p1-reject-cntrl-chars-in-username.patch

diff --git a/openssh-9.9p1-reject-cntrl-chars-in-username.patch b/openssh-9.9p1-reject-cntrl-chars-in-username.patch
new file mode 100644
index 0000000..05bbe4d
--- /dev/null
+++ b/openssh-9.9p1-reject-cntrl-chars-in-username.patch
@@ -0,0 +1,59 @@
+diff --color -ruNp a/ssh.c b/ssh.c
+--- a/ssh.c	2025-12-03 15:22:36.754555231 +0100
++++ b/ssh.c	2025-12-03 16:12:16.715320349 +0100
+@@ -662,6 +662,8 @@ valid_ruser(const char *s)
+ 	if (*s == '-')
+ 		return 0;
+ 	for (i = 0; s[i] != 0; i++) {
++		if (iscntrl((u_char)s[i]))
++			return 0;
+ 		if (strchr("'`\";&<>|(){}", s[i]) != NULL)
+ 			return 0;
+ 		/* Disallow '-' after whitespace */
+@@ -683,6 +685,7 @@ main(int ac, char **av)
+ 	struct ssh *ssh = NULL;
+ 	int i, r, opt, exit_status, use_syslog, direct, timeout_ms;
+ 	int was_addr, config_test = 0, opt_terminated = 0, want_final_pass = 0;
++	int user_on_commandline = 0;
+ 	char *p, *cp, *line, *argv0, *logfile;
+ 	char cname[NI_MAXHOST], thishost[NI_MAXHOST];
+ 	struct stat st;
+@@ -1039,8 +1042,10 @@ main(int ac, char **av)
+ 			}
+ 			break;
+ 		case 'l':
+-			if (options.user == NULL)
++			if (options.user == NULL) {
+ 				options.user = optarg;
++				user_on_commandline = 1;
++			}
+ 			break;
+ 
+ 		case 'L':
+@@ -1143,6 +1148,7 @@ main(int ac, char **av)
+ 			if (options.user == NULL) {
+ 				options.user = tuser;
+ 				tuser = NULL;
++				user_on_commandline = 1;
+ 			}
+ 			free(tuser);
+ 			if (options.port == -1 && tport != -1)
+@@ -1157,6 +1163,7 @@ main(int ac, char **av)
+ 				if (options.user == NULL) {
+ 					options.user = p;
+ 					p = NULL;
++					user_on_commandline = 1;
+ 				}
+ 				*cp++ = '\0';
+ 				host = xstrdup(cp);
+@@ -1459,6 +1466,10 @@ main(int ac, char **av)
+ 	cinfo->locuser = xstrdup(pw->pw_name);
+ 	cinfo->jmphost = xstrdup(options.jump_host == NULL ?
+ 	    "" : options.jump_host);
++
++	if (user_on_commandline && !valid_ruser(options.user))
++		fatal("remote username contains invalid characters");
++
+ 	cinfo->conn_hash_hex = ssh_connection_hash(cinfo->thishost,
+ 	    cinfo->remhost, cinfo->portstr, cinfo->remuser, cinfo->jmphost);
+ 
diff --git a/openssh.spec b/openssh.spec
index 4b524dc..386070c 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -1,4 +1,4 @@
-%define anolis_release 3
+%define anolis_release 4
 
 %global WITH_SELINUX 1
 
@@ -238,6 +238,7 @@ Patch1021: bugfix-for-cve-2024-39894.patch
 # CVE-2025-26466
 # https://github.com/openssh/openssh-portable/commit/6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2
 Patch1022: bugfix-for-cve-2025-26466.patch
+Patch1023: openssh-9.9p1-reject-cntrl-chars-in-username.patch
 
 # https://github.com/openssh/openssh-portable/commit/81c1099d22b81ebfd20a334ce986c4f753b0db29
 License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant
@@ -371,7 +372,7 @@ remote ssh-agent instance.
 The module is most useful for su and sudo service stacks.
 
 %prep
-gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
+|
 %setup -q -a 4
 
 %if %{pam_ssh_agent}
@@ -767,6 +768,11 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+|
+* Wed Dec 04 2025 Zoltan Fridrich <zfridric@redhat.com> - 9.6p1-4
+- CVE-2025-61984: Reject usernames with control characters
+- Sync upstream changes from commit 3ed25d6be719da9095cb4b7fc9673825cd096cf0
+
 * Tue Sep 2 2025 zjl02254423 <zjl02254423@libaba-inc.com> - 9.6p1-3
 - add patch to fix CVE-2024-39894,CVE-2025-26466
 
-- 
Gitee