From 919d0f552165a868504aa88127590f232598f545 Mon Sep 17 00:00:00 2001
From: Corwin-Song <songjuntao@kylinos.cn>
Date: Wed, 10 Jul 2024 18:16:56 +0800
Subject: [PATCH] fix CVE-2024-6409

Signed-off-by: Corwin-Song <songjuntao@kylinos.cn>
(cherry picked from commit 7d112ee7f10801f8739d84a43400373e03464709)
---
 backport-fix-CVE-2024-6409.patch | 22 ++++++++++++++++++++++
 openssh.spec                     | 10 +++++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)
 create mode 100644 backport-fix-CVE-2024-6409.patch

diff --git a/backport-fix-CVE-2024-6409.patch b/backport-fix-CVE-2024-6409.patch
new file mode 100644
index 0000000..522a380
--- /dev/null
+++ b/backport-fix-CVE-2024-6409.patch
@@ -0,0 +1,22 @@
+Reference:https://www.openwall.com/lists/oss-security/2024/07/08/2
+Conflict:NA
+---
+ sshd.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/sshd.c b/sshd.c
+index cf7381e..04b7357 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -384,7 +384,7 @@ grace_alarm_handler(int sig)
+ 
+ 	/* Log error and exit. */
+ 	if (use_privsep && pmonitor != NULL && pmonitor->m_pid <= 0)
+-		cleanup_exit(255); /* don't log in privsep child */
++		_exit(1); /* don't log in privsep child */
+ 	else {
+ 		sigdie("Timeout before authentication for %s port %d",
+ 		    ssh_remote_ipaddr(the_active_state),
+-- 
+2.43.0
+
diff --git a/openssh.spec b/openssh.spec
index c87d68a..73f5d25 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -6,7 +6,7 @@
 %{?no_gtk2:%global gtk2 0}
 
 %global sshd_uid    74
-%global openssh_release 31
+%global openssh_release 32
 
 Name:           openssh
 Version:        8.8p1
@@ -132,6 +132,7 @@ Patch102:       backport-CVE-2023-51385-upstream-ban-user-hostnames-with-most-sh
 Patch103:       backport-CVE-2023-48795.patch
 Patch104:       fix-memory-leak-in-kex-exchange.patch 
 Patch105:       backport-fix-CVE-2024-6387.patch
+Patch106:       backport-fix-CVE-2024-6409.patch
 
 Requires:       /sbin/nologin
 Requires:       libselinux >= 2.3-5 audit-libs >= 1.0.8
@@ -314,6 +315,7 @@ popd
 %patch103 -p1
 %patch104 -p1
 %patch105 -p1
+%patch106 -p1
 
 autoreconf
 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
@@ -520,6 +522,12 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 
 %changelog
+* Wed Jul 10 2024 songjuntao<songjuntao@kylinos.cn> - 8.8p1-32
+- Type:CVE
+- CVE:CVE-2024-6409
+- SUG:NA
+- DESC:Fix CVE-2024-6409
+
 * Tue Jul 2 2024 renmingshuai<renmingshuai@huawei.com> - 8.8p1-31
 - Type:CVE
 - CVE:CVE-2024-6387
-- 
Gitee