Skip to content

Commit

Permalink
net-misc/openssh: Backport patch for CVE-2024-6387
Browse files Browse the repository at this point in the history 
Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
  • Loading branch information
@sayanchowdhury
sayanchowdhury committed Jul 1, 2024
1 parent 993c139 commit 6e8892c
Show file tree
Hide file tree
Showing 2 changed files with 35 additions and 0 deletions.
34 changes: 34 additions & 0 deletions .../src/third_party/coreos-overlay/net-misc/openssh/files/openssh-9.1_p1-CVE-2024-6387.patch
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
From 200e59c2d58b27906c07a98b33420dc92ebc5920 Mon Sep 17 00:00:00 2001
From: Sayan Chowdhury <schowdhury@microsoft.com>
Date: Mon, 1 Jul 2024 19:14:55 +0530
Subject: [PATCH] This applies upstream's backport suggestions from
https://marc.info/?l=oss-security&m=171982317624594&w=2 for both
CVE-2024-6387

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
---
log.c | 2 ++
1 file changed, 2 insertions(+)

diff --git a/log.c b/log.c
index 99bf046a7..10e41bde7 100644
--- a/log.c
+++ b/log.c
@@ -451,12 +451,14 @@ void
sshsigdie(const char *file, const char *func, int line, int showfunc,
LogLevel level, const char *suffix, const char *fmt, ...)
{
+#ifdef SYSLOG_R_SAFE_IN_SIGHAND
va_list args;

va_start(args, fmt);
sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
suffix, fmt, args);
va_end(args);
+#endif
_exit(1);
}

--
2.45.0

1 change: 1 addition & 0 deletions sdk_container/src/third_party/coreos-overlay/net-misc/openssh/openssh-9.1_p1.ebuild
View file
Original file line number Diff line number Diff line change
Expand Up @@ -124,6 +124,7 @@ PATCHES=(
"${FILESDIR}/${PN}-8.9_p1-allow-ppoll_time64.patch" #834019
"${FILESDIR}/${PN}-8.9_p1-gss-use-HOST_NAME_MAX.patch" #834044
"${FILESDIR}/${PN}-9.1_p1-build-tests.patch"
"${FILESDIR}/${PN}-9.1_p1-CVE-2024-6387.patch"
)

pkg_pretend() {
Expand Down

0 comments on commit 6e8892c

Please sign in to comment.