diff --git a/0001-an-undeclared-function-is-called-in-the-patch.patch b/0001-an-undeclared-function-is-called-in-the-patch.patch new file mode 100644 index 0000000000000000000000000000000000000000..809461c70e7b21da939798847894df817c66dfc0 --- /dev/null +++ b/0001-an-undeclared-function-is-called-in-the-patch.patch @@ -0,0 +1,39 @@ +From 359fa52f78a85bfe99911cb6a58834bf4686a972 Mon Sep 17 00:00:00 2001 +From: "Shencb@123" <1944340417@qq.com> +Date: Sat, 7 Sep 2024 19:57:20 +0800 +Subject: [PATCH] an undeclared function is called in the patch + +--- + ssh-ecdsa.c | 2 +- + ssh-rsa.c | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index 341c324..6fe5e42 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -42,7 +42,7 @@ + #include "digest.h" + #define SSHKEY_INTERNAL + #include "sshkey.h" +- ++#include "ssh-pkcs11.h" + #include "openbsd-compat/openssl-compat.h" + + static u_int +diff --git a/ssh-rsa.c b/ssh-rsa.c +index be8f51e..2c8b044 100644 +--- a/ssh-rsa.c ++++ b/ssh-rsa.c +@@ -26,7 +26,7 @@ + + #include + #include +- ++#include "ssh-pkcs11.h" + #include "sshbuf.h" + #include "ssherr.h" + #define SSHKEY_INTERNAL +-- +2.45.2.windows.1 + diff --git a/openssh.spec b/openssh.spec index 50b2c374d06d49eb503ec60952c3d3fb7b9b1b68..b617a0fef248628ca475d399c79486f2577cb9e8 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 5 +%global openssh_release 6 Name: openssh Version: 9.3p2 @@ -101,6 +101,7 @@ Patch78: backport-CVE-2023-48795-upstream-implement-strict-key-exchange-i Patch79: backport-CVE-2023-51385-upstream-ban-user-hostnames-with-most-shell-metachar.patch Patch80: backport-fix-CVE-2024-6387.patch Patch81: backport-CVE-2023-51384-upstream-apply-destination-constraints-to-all-p11-ke.patch +Patch82:0001-an-undeclared-function-is-called-in-the-patch.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -251,6 +252,7 @@ popd %patch79 -p1 %patch80 -p1 %patch81 -p1 +%patch82 -p1 autoreconf pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4 @@ -322,16 +324,28 @@ make popd %check -if [ -e /sys/fs/selinux/enforce ]; then - # Store the SElinux state - cat /sys/fs/selinux/enforce > selinux.tmp - setenforce 0 +if [ -e /sys/fs/selinux/enforce ]; then + # Store the SElinux state only if the file exists + if [ -w /sys/fs/selinux/enforce ] && [ -w. ]; then + cat /sys/fs/selinux/enforce > selinux.tmp + setenforce 0 + else + echo "Insufficient permissions to handle SELinux state. Skipping modification." + fi +else + echo "SELinux is not enabled or enforce file not found. Skipping modification." fi + make tests + if [ -e /sys/fs/selinux/enforce ]; then - # Restore the SElinux state - cat selinux.tmp > /sys/fs/selinux/enforce - rm -rf selinux.tmp + # Restore the SElinux state only if the file exists + if [ -w /sys/fs/selinux/enforce ] && [ -f selinux.tmp ]; then + cat selinux.tmp > /sys/fs/selinux/enforce + rm -rf selinux.tmp + else + echo "Insufficient permissions or temp file not found. Skipping restoration of SELinux state." + fi fi %install @@ -467,6 +481,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Tue Aug 27 2024 shenchenbang <1944340417@qq.com> - 9.3p2-6 +- Type:CVE +- CVE:CVE-2023-51384 +- SUG:NA +- DESC:Fix add include pkcs11 + * Fri Jul 12 2024 renmingshuai - 9.3p2-5 - Type:CVE - CVE:CVE-2023-51384