gentoo-ebuilds/net-misc/openssh-contrib/files/openssh-9.7_p1-X509-CVE-2024-6387.patch
Patrick McLean 615ab9d0a7
net-misc/openssh-contrib: Revbump, add fix for CVE-2024-6387
Bug: https://bugs.gentoo.org/935271
Signed-off-by: Patrick McLean <chutzpah@gentoo.org>
2024-07-02 10:07:07 -07:00

29 lines
867 B
Diff

diff -u a/openssh-9.7p1+x509-15.0.diff b/openssh-9.7p1+x509-15.0.diff
--- a/openssh-9.7p1+x509-15.0.diff 2024-07-02 08:34:12.300470515 -0700
+++ b/openssh-9.7p1+x509-15.0.diff 2024-07-02 08:35:27.016991183 -0700
@@ -69916,7 +69916,7 @@
closelog();
#endif
}
-@@ -424,81 +473,121 @@
+@@ -424,81 +473,113 @@
}
void
@@ -69955,15 +69955,7 @@
+sshsigdie(const char *file, const char *func, int line,
+ const char *fmt,...)
{
-+#if 1
-+/* NOTE: "OpenSSH bug 3286". See grace_alarm_handler() in sshd.c.
-+ * Logging in signal handler cannot be considered as safe.
-+ * Let enable log as now daemon does not sent explicitly alarm
-+ * signal. This should avoid logging in child signal handler.
-+ */
-+# define DO_LOG_SAFE_IN_SIGHAND
-+#endif
-+#ifdef DO_LOG_SAFE_IN_SIGHAND
++#ifdef SYSLOG_R_SAFE_IN_SIGHAND
va_list args;
va_start(args, fmt);