From dd7a5a9d22048346031dee83e156dd2108cb6966 Mon Sep 17 00:00:00 2001 From: Dmitry Belyavskiy Date: Aug 16 2024 10:26:57 +0000 Subject: Address SAST scan issues Resolves: RHEL-36766 --- diff --git a/openssh-8.0p1-pkcs11-uri.patch b/openssh-8.0p1-pkcs11-uri.patch index c3958cd..9931d92 100644 --- a/openssh-8.0p1-pkcs11-uri.patch +++ b/openssh-8.0p1-pkcs11-uri.patch @@ -964,7 +964,7 @@ diff -up openssh-9.6p1/ssh-add.c.pkcs11-uri openssh-9.6p1/ssh-add.c diff -up openssh-9.6p1/ssh-agent.c.pkcs11-uri openssh-9.6p1/ssh-agent.c --- openssh-9.6p1/ssh-agent.c.pkcs11-uri 2023-12-18 15:59:50.000000000 +0100 +++ openssh-9.6p1/ssh-agent.c 2024-01-12 14:25:25.234942360 +0100 -@@ -1549,10 +1549,72 @@ add_p11_identity(struct sshkey *key, cha +@@ -1549,10 +1549,74 @@ add_p11_identity(struct sshkey *key, cha idtab->nentries++; } @@ -978,6 +978,8 @@ diff -up openssh-9.6p1/ssh-agent.c.pkcs11-uri openssh-9.6p1/ssh-agent.c + if (provider == NULL) + return NULL; + ++ memset(canonical_provider, 0, sizeof(canonical_provider)); ++ + if (strlen(provider) >= strlen(PKCS11_URI_SCHEME) && + strncmp(provider, PKCS11_URI_SCHEME, + strlen(PKCS11_URI_SCHEME)) == 0) { diff --git a/openssh.spec b/openssh.spec index dd6cb46..aa1e5e7 100644 --- a/openssh.spec +++ b/openssh.spec @@ -39,7 +39,7 @@ %{?static_openssl:%global static_libcrypto 1} %global openssh_ver 9.8p1 -%global openssh_rel 3 +%global openssh_rel 4 Summary: An open source implementation of SSH protocol version 2 Name: openssh @@ -653,6 +653,10 @@ test -f %{sysconfig_anaconda} && \ %attr(0755,root,root) %{_libdir}/sshtest/sk-dummy.so %changelog +* Fri Aug 16 2024 Dmitry Belyavskiy - 9.8p1-4 +- Address SAST scan issues + Resolves: RHEL-36766 + * Mon Aug 05 2024 Dmitry Belyavskiy - 9.8p1-3 - sshd doesn't propose to enter password again when a non-existing user is specified Resolves: RHEL-11981