diff --git a/0001-add-include-pkcs11.patch b/0001-add-include-pkcs11.patch new file mode 100644 index 0000000000000000000000000000000000000000..860dcbf27837ef11fb83db4e160ddae442aecba0 --- /dev/null +++ b/0001-add-include-pkcs11.patch @@ -0,0 +1,38 @@ +From df8b36b20e40855848e4fd5c1f447a2607976809 Mon Sep 17 00:00:00 2001 +From: "Shencb@123" <1944340417@qq.com> +Date: Sun, 1 Sep 2024 21:13:41 +0800 +Subject: [PATCH] add include + +--- + ssh-ecdsa.c | 2 +- + ssh-rsa.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index 341c324..6fe5e42 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -42,7 +42,7 @@ + #include "digest.h" + #define SSHKEY_INTERNAL + #include "sshkey.h" +- ++#include "ssh-pkcs11.h" + #include "openbsd-compat/openssl-compat.h" + + static u_int +diff --git a/ssh-rsa.c b/ssh-rsa.c +index be8f51e..2c8b044 100644 +--- a/ssh-rsa.c ++++ b/ssh-rsa.c +@@ -26,7 +26,7 @@ + + #include + #include +- ++#include "ssh-pkcs11.h" + #include "sshbuf.h" + #include "ssherr.h" + #define SSHKEY_INTERNAL +-- +2.45.2.windows.1 \ No newline at end of file diff --git a/openssh.spec b/openssh.spec index 50b2c374d06d49eb503ec60952c3d3fb7b9b1b68..3c336f003a5941da05b867d7dbc6dedb80bc2570 100644 --- a/openssh.spec +++ b/openssh.spec @@ -10,7 +10,7 @@ Name: openssh Version: 9.3p2 -Release: %{openssh_release} +Release: 6 URL: http://www.openssh.com/portable.html License: BSD Summary: An open source implementation of SSH protocol version 2 @@ -101,6 +101,7 @@ Patch78: backport-CVE-2023-48795-upstream-implement-strict-key-exchange-i Patch79: backport-CVE-2023-51385-upstream-ban-user-hostnames-with-most-shell-metachar.patch Patch80: backport-fix-CVE-2024-6387.patch Patch81: backport-CVE-2023-51384-upstream-apply-destination-constraints-to-all-p11-ke.patch +Patch82: 0001-add-include-pkcs11.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -251,6 +252,7 @@ popd %patch79 -p1 %patch80 -p1 %patch81 -p1 +%patch82 -p1 autoreconf pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4 @@ -467,6 +469,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Tue Aug 27 2024 shenchenbang <1944340417@qq.com> - 9.3p2-6 +- Type:CVE +- CVE:CVE-2023-51384 +- SUG:NA +- DESC:Fix CVE-2023-51384 + * Fri Jul 12 2024 renmingshuai - 9.3p2-5 - Type:CVE - CVE:CVE-2023-51384