commit openssh for openSUSE:Factory

Tue, 02 Jul 2024 09:16:38 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package openssh for openSUSE:Factory checked 
in at 2024-07-02 18:16:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssh (Old)
 and      /work/SRC/openSUSE:Factory/.openssh.new.18349 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "openssh"

Tue Jul  2 18:16:12 2024 rev:179 rq:1184302 version:9.6p1

Changes:
--------
--- /work/SRC/openSUSE:Factory/openssh/openssh.changes  2024-06-10 
17:37:10.697934828 +0200
+++ /work/SRC/openSUSE:Factory/.openssh.new.18349/openssh.changes       
2024-07-02 18:16:21.659224267 +0200
@@ -1,0 +2,7 @@
+Mon Jul  1 07:50:28 UTC 2024 - Antonio Larrosa <[email protected]>
+
+- Add patch to fix a race condition in a signal handler by removing
+  the async-signal-unsafe code (CVE-2024-6387, bsc#1226642):
+  * fix-CVE-2024-6387.patch
+
+-------------------------------------------------------------------

New:
----
  fix-CVE-2024-6387.patch

BETA DEBUG BEGIN:
  New:/work/SRC/openSUSE:Factory/.openssh.new.18349/openssh.changes-  the 
async-signal-unsafe code (CVE-2024-6387, bsc#1226642):
/work/SRC/openSUSE:Factory/.openssh.new.18349/openssh.changes:  * 
fix-CVE-2024-6387.patch
/work/SRC/openSUSE:Factory/.openssh.new.18349/openssh.changes-
BETA DEBUG END:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ openssh.spec ++++++
--- /var/tmp/diff_new_pack.nOfU2N/_old  2024-07-02 18:16:23.007273597 +0200
+++ /var/tmp/diff_new_pack.nOfU2N/_new  2024-07-02 18:16:23.011273743 +0200
@@ -128,6 +128,8 @@
 # PATCH-FIX-OPENSUSE bsc#1211301 Add crypto-policies support
 Patch107:       openssh-9.6p1-crypto-policies.patch
 Patch108:       openssh-9.6p1-crypto-policies-man.patch
+# PATCH-FIX-SUSE bsc#1226642 fix CVE-2024-6387
+Patch109:       fix-CVE-2024-6387.patch
 %if 0%{with allow_root_password_login_by_default}
 Patch1000:      openssh-7.7p1-allow_root_password_login.patch
 %endif

++++++ fix-CVE-2024-6387.patch ++++++
Index: openssh-9.6p1/log.c
===================================================================
--- openssh-9.6p1.orig/log.c
+++ openssh-9.6p1/log.c
@@ -451,12 +451,14 @@ void
 sshsigdie(const char *file, const char *func, int line, int showfunc,
     LogLevel level, const char *suffix, const char *fmt, ...)
 {
+#if 0
        va_list args;
 
        va_start(args, fmt);
        sshlogv(file, func, line, showfunc, SYSLOG_LEVEL_FATAL,
            suffix, fmt, args);
        va_end(args);
+#endif
        _exit(1);
 }

Reply via email to