From baaf94e7954104714830eadcfe7ae37df6bc77af Mon Sep 17 00:00:00 2001
From: zhaohang_mskdxl <wb-zh951434@alibaba-inc.com>
Date: Tue, 9 Dec 2025 16:48:22 +0800
Subject: [PATCH] Update code from upstream

---
 ...9.9p1-reject-null-char-in-url-string.patch | 24 +++++++++++++++++++
 openssh.spec                                  |  9 +++++--
 2 files changed, 31 insertions(+), 2 deletions(-)
 create mode 100644 openssh-9.9p1-reject-null-char-in-url-string.patch

diff --git a/openssh-9.9p1-reject-null-char-in-url-string.patch b/openssh-9.9p1-reject-null-char-in-url-string.patch
new file mode 100644
index 0000000..9b2d378
--- /dev/null
+++ b/openssh-9.9p1-reject-null-char-in-url-string.patch
@@ -0,0 +1,24 @@
+diff --color -ruNp a/misc.c b/misc.c
+--- a/misc.c	2025-12-03 16:19:11.255135131 +0100
++++ b/misc.c	2025-12-03 16:21:53.769590836 +0100
+@@ -998,7 +998,7 @@ urldecode(const char *src)
+ 	size_t srclen;
+ 
+ 	if ((srclen = strlen(src)) >= SIZE_MAX)
+-		fatal_f("input too large");
++		return NULL;
+ 	ret = xmalloc(srclen + 1);
+ 	for (dst = ret; *src != '\0'; src++) {
+ 		switch (*src) {
+@@ -1006,9 +1006,10 @@ urldecode(const char *src)
+ 			*dst++ = ' ';
+ 			break;
+ 		case '%':
++			/* note: don't allow \0 characters */
+ 			if (!isxdigit((unsigned char)src[1]) ||
+ 			    !isxdigit((unsigned char)src[2]) ||
+-			    (ch = hexchar(src + 1)) == -1) {
++			    (ch = hexchar(src + 1)) == -1 || ch == 0) {
+ 				free(ret);
+ 				return NULL;
+ 			}
diff --git a/openssh.spec b/openssh.spec
index 4b524dc..98760ec 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -1,4 +1,4 @@
-%define anolis_release 3
+%define anolis_release 4
 
 %global WITH_SELINUX 1
 
@@ -238,6 +238,7 @@ Patch1021: bugfix-for-cve-2024-39894.patch
 # CVE-2025-26466
 # https://github.com/openssh/openssh-portable/commit/6ce00f0c2ecbb9f75023dbe627ee6460bcec78c2
 Patch1022: bugfix-for-cve-2025-26466.patch
+Patch1033: openssh-9.9p1-reject-null-char-in-url-string.patch
 
 # https://github.com/openssh/openssh-portable/commit/81c1099d22b81ebfd20a334ce986c4f753b0db29
 License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant
@@ -371,7 +372,7 @@ remote ssh-agent instance.
 The module is most useful for su and sudo service stacks.
 
 %prep
-gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
+|
 %setup -q -a 4
 
 %if %{pam_ssh_agent}
@@ -767,6 +768,10 @@ test -f %{sysconfig_anaconda} && \
 %endif
 
 %changelog
+|
+* Wed Dec 04 2025 Zoltan Fridrich <zfridric@redhat.com> - 9.6p1-4
+- CVE-2025-61985: Reject URL-strings with NULL characters
+
 * Tue Sep 2 2025 zjl02254423 <zjl02254423@libaba-inc.com> - 9.6p1-3
 - add patch to fix CVE-2024-39894,CVE-2025-26466
 
-- 
Gitee