import openssh-8.0p1-17.el8_7

11 months ago · daadc5b4be
parent 030eea574d
commit daadc5b4be
3 changed files with 2 additions and 53 deletions
--- a/SOURCES/openssh-8.0p1-sshd_include.patch
+++ b/SOURCES/openssh-8.0p1-sshd_include.patch
@ -790,16 +790,3 @@ diff -up openssh-8.0p1/sshd.c.sshdinclude openssh-8.0p1/sshd.c
 		dump_config(&options);
 	}
 diff -up openssh-8.0p1/sshbuf-getput-basic.c.stringb openssh-8.0p1/sshbuf-getput-basic.c
 --- openssh-8.0p1/sshbuf-getput-basic.c.stringb	2022-12-21 12:18:43.274799163 +0100
 +++ openssh-8.0p1/sshbuf-getput-basic.c	2022-12-21 12:19:19.758081516 +0100
@@ -371,6 +371,9 @@ sshbuf_put_cstring(struct sshbuf *buf, c
 int
 sshbuf_put_stringb(struct sshbuf *buf, const struct sshbuf *v)
 {
 +	if (v == NULL)
 +		return sshbuf_put_string(buf, NULL, 0);
 +
 	return sshbuf_put_string(buf, sshbuf_ptr(v), sshbuf_len(v));
 }
--- a/SOURCES/openssh-9.1p1-sshbanner.patch
+++ b/SOURCES/openssh-9.1p1-sshbanner.patch
@ -1,32 +0,0 @@
 diff --git a/ssh-keyscan.c b/ssh-keyscan.c
 index d29a03b4..d7283136 100644
 --- a/ssh-keyscan.c
 +++ b/ssh-keyscan.c
@@ -490,6 +490,15 @@ congreet(int s)
 		return;
 	}
 +	/*
 +	 * Read the server banner as per RFC4253 section 4.2.  The "SSH-"
 +	 * protocol identification string may be preceeded by an arbitarily
 +	 * large banner which we must read and ignore.  Loop while reading
 +	 * newline-terminated lines until we have one starting with "SSH-".
 +	 * The ID string cannot be longer than 255 characters although the
 +	 * preceeding banner lines may (in which case they'll be discarded
 +	 * in multiple iterations of the outer loop).
 +	 */
 	for (;;) {
 		memset(buf, '\0', sizeof(buf));
 		bufsiz = sizeof(buf);
@@ -517,6 +526,11 @@ congreet(int s)
 		conrecycle(s);
 		return;
 	}
 +	if (cp >= buf + sizeof(buf)) {
 +		error("%s: greeting exceeds allowable length", c->c_name);
 +		confree(s);
 +		return;
 +	}
 	if (*cp != '\n' && *cp != '\r') {
 		error("%s: bad greeting", c->c_name);
 		confree(s);
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@ -252,7 +252,6 @@ Patch980: openssh-8.7p1-upstream-cve-2021-41617.patch
 # c2bd7f74b0e0f3a3ee9d19ac549e6ba89013abaf~1..677d0ece67634262b3b96c3cd6410b19f3a603b7
 # 8bdc3bb7cf4c82c3344cfcb82495a43406e87e83
 # 47adfdc07f4f8ea0064a1495500244de08d311ed~1..7af1e92cd289b7eaa9a683e9a6f2fddd98f37a01
 # supplementary commit 612b1dd1ec91ffb1e01f58cca0c6eb1d47bf4423
 Patch981: openssh-8.0p1-sshd_include.patch
 # Port upstream ClientAliveCountMax behaviour
 # upstream commit:
@ -273,8 +272,6 @@ Patch984: openssh-8.0p1-crypto-policy-doc.patch
 # 0fa33683223c76289470a954404047bc762be84c
 # f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a
 Patch985: openssh-8.7p1-minimize-sha1-use.patch
 # Upstream ff89b1bed80721295555bd083b173247a9c0484e
 Patch986: openssh-9.1p1-sshbanner.patch
 # Upstream 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6
 Patch987: openssh-8.0p1-ipv6-process.patch
@ -508,7 +505,6 @@ popd
 %patch983 -p1 -b .sftp-realpath
 %patch984 -p1 -b .crypto-policy-doc
 %patch985 -p1 -b .minimize-sha1-use
 %patch986 -p1 -b .banner
 %patch987 -p1 -b .sftp_ipv6
 %patch200 -p1 -b .audit
@ -804,10 +800,8 @@ getent passwd sshd >/dev/null || \
 * Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 8.0p1-17
 - Rebuilt for MSVSphere 8.8
-* Tue Dec 20 2022 Dmitry Belyavskiy - 8.0p1-17
+* Mon Jan 23 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-17
- Fix parsing of IPv6 IPs in sftp client (#2151334)
+- Fix parsing of IPv6 IPs in sftp client (#2162733)
 - Avoid ssh banner one-byte overflow (#2138344)
 - Avoid crash of sshd when Include folder does not exist (#2133087)
 * Wed Jun 29 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.0p1-16
 - Omit client side from minimize-sha1-use.patch to prevent regression (#2093897)