fedora-cvs-commits@redhat.com
[Top] [All Lists]

rpms/openssh/FC-4 openssh-4.0p1-exit-deadlock.patch, NONE, 1.1 openssh-4

Subject: rpms/openssh/FC-4 openssh-4.0p1-exit-deadlock.patch, NONE, 1.1 openssh-4.1p1-getpeername-race.patch, NONE, 1.1 openssh-4.1p1-nologin.patch, NONE, 1.1 openssh-4.1p1-pam-loginuid.patch, NONE, 1.1 .cvsignore, 1.14, 1.15 openssh-4.0p1-redhat.patch, 1.1, 1.2 openssh.spec, 1.58, 1.59 sources, 1.14, 1.15 openssh-4.0p1-local-forward.patch, 1.1, NONE
From:
Date: Wed, 29 Jun 2005 07:57:53 -0400
Author: tmraz

Update of /cvs/dist/rpms/openssh/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv22315

Modified Files:
        .cvsignore openssh-4.0p1-redhat.patch openssh.spec sources 
Added Files:
        openssh-4.0p1-exit-deadlock.patch 
        openssh-4.1p1-getpeername-race.patch 
        openssh-4.1p1-nologin.patch openssh-4.1p1-pam-loginuid.patch 
Removed Files:
        openssh-4.0p1-local-forward.patch 
Log Message:
* Wed Jun 29 2005 Tomas Mraz <tmraz@xxxxxxxxxx> 4.1p1-3.1
- fix small regression caused by the nologin patch (#161956)
- fix race in getpeername error checking (mindrot #1054)
- don't deadlock on exit with multiple X forwarded channels (#152432)


openssh-4.0p1-exit-deadlock.patch:
 channels.c |    4 ++++
 1 files changed, 4 insertions(+)

--- NEW FILE openssh-4.0p1-exit-deadlock.patch ---
--- openssh-4.0p1/channels.c.exit-deadlock      2005-03-01 11:24:33.000000000 
+0100
+++ openssh-4.0p1/channels.c    2005-04-05 22:25:15.197226237 +0200
@@ -1403,6 +1403,10 @@
        u_int dlen;
        int len;
 
+       if(c->wfd != -1 && buffer_len(&c->output) > 0 && c->ostate == 
CHAN_OUTPUT_WAIT_DRAIN) {
+               debug("channel %d: forcing write", c->self);
+               FD_SET(c->wfd, writeset);
+       }
        /* Send buffered output data to the socket. */
        if (c->wfd != -1 &&
            FD_ISSET(c->wfd, writeset) &&

openssh-4.1p1-getpeername-race.patch:
 canohost.c |    2 +-
 channels.c |    4 ++--
 sshd.c     |    5 ++++-
 3 files changed, 7 insertions(+), 4 deletions(-)

--- NEW FILE openssh-4.1p1-getpeername-race.patch ---
revision 1.43
date: 2005/06/16 08:00:00;  author: markus;  state: Exp;  lines: +2 -2
don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
=============================================================================

Index: canohost.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/canohost.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -p -u -r1.42 -r1.43
--- canohost.c  18 Feb 2005 03:05:53 -0000      1.42
+++ canohost.c  16 Jun 2005 08:00:00 -0000      1.43
@@ -307,7 +307,7 @@ get_sock_port(int sock, int local)
        } else {
                if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
                        debug("getpeername failed: %.100s", strerror(errno));
-                       cleanup_exit(255);
+                       return -1;
                }
        }
        /* Return port number. */
revision 1.216
date: 2005/06/16 08:00:00;  author: markus;  state: Exp;  lines: +3 -3
don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
=============================================================================

Index: channels.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/channels.c,v
retrieving revision 1.215
retrieving revision 1.216
diff -u -p -u -r1.215 -r1.216
--- channels.c  16 Jun 2005 03:38:36 -0000      1.215
+++ channels.c  16 Jun 2005 08:00:00 -0000      1.216
@@ -1177,7 +1177,7 @@ port_open_helper(Channel *c, char *rtype
        int direct;
        char buf[1024];
        char *remote_ipaddr = get_peer_ipaddr(c->sock);
-       u_short remote_port = get_peer_port(c->sock);
+       int remote_port = get_peer_port(c->sock);
 
        direct = (strcmp(rtype, "direct-tcpip") == 0);
 
@@ -1207,7 +1207,7 @@ port_open_helper(Channel *c, char *rtype
                }
                /* originator host and port */
                packet_put_cstring(remote_ipaddr);
-               packet_put_int(remote_port);
+               packet_put_int((u_int)remote_port);
                packet_send();
        } else {
                packet_start(SSH_MSG_PORT_OPEN);
revision 1.310
date: 2005/06/16 08:00:00;  author: markus;  state: Exp;  lines: +5 -2
don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
=============================================================================

Index: sshd.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd.c,v
retrieving revision 1.309
retrieving revision 1.310
diff -u -p -u -r1.309 -r1.310
--- sshd.c      6 Apr 2005 09:43:59 -0000       1.309
+++ sshd.c      16 Jun 2005 08:00:00 -0000      1.310
@@ -1556,7 +1556,10 @@ main(int ac, char **av)
            setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
                error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
 
-       remote_port = get_remote_port();
+       if ((remote_port = get_remote_port()) < 0) {
+               debug("get_remote_port failed");
+               cleanup_exit(255);
+       }
        remote_ip = get_remote_ipaddr();
 
 #ifdef LIBWRAP

openssh-4.1p1-nologin.patch:
 contrib/redhat/sshd.pam |    2 +-
 monitor.c               |    4 +---
 session.c               |    4 ++++
 3 files changed, 6 insertions(+), 4 deletions(-)

--- NEW FILE openssh-4.1p1-nologin.patch ---
--- openssh-4.1p1/contrib/redhat/sshd.pam.nologin       2005-06-29 
11:30:56.000000000 +0200
+++ openssh-4.1p1/contrib/redhat/sshd.pam       2005-06-29 11:30:56.000000000 
+0200
@@ -1,6 +1,6 @@
 #%PAM-1.0
 auth       required     pam_stack.so service=system-auth
-auth       required     pam_nologin.so
+account    required     pam_nologin.so
 account    required     pam_stack.so service=system-auth
 password   required     pam_stack.so service=system-auth
 session    required     pam_stack.so service=system-auth
--- openssh-4.1p1/session.c.nologin     2005-06-29 11:30:56.000000000 +0200
+++ openssh-4.1p1/session.c     2005-06-29 11:30:56.000000000 +0200
@@ -1236,6 +1236,10 @@
        FILE *f = NULL;
        char buf[1024];
 
+#ifdef USE_PAM
+       if (options.use_pam)
+               return;
+#endif         
 #ifdef HAVE_LOGIN_CAP
        if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
                f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN,
--- openssh-4.1p1/monitor.c.nologin     2005-06-29 11:30:56.000000000 +0200
+++ openssh-4.1p1/monitor.c     2005-06-29 11:32:18.000000000 +0200
@@ -854,9 +854,7 @@
        ret = do_pam_account();
 
        buffer_put_int(m, ret);
-       buffer_append(&loginmsg, "\0", 1);
-       buffer_put_cstring(m, buffer_ptr(&loginmsg));
-       buffer_clear(&loginmsg);
+       buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
 
        mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m);
 

openssh-4.1p1-pam-loginuid.patch:
 sshd.pam |    1 +
 1 files changed, 1 insertion(+)

--- NEW FILE openssh-4.1p1-pam-loginuid.patch ---
--- openssh-4.1p1/contrib/redhat/sshd.pam.loginuid      2004-07-21 
03:01:41.000000000 +0200
+++ openssh-4.1p1/contrib/redhat/sshd.pam       2005-06-06 21:38:52.000000000 
+0200
@@ -4,3 +4,4 @@
 account    required     pam_stack.so service=system-auth
 password   required     pam_stack.so service=system-auth
 session    required     pam_stack.so service=system-auth
+session    required     pam_loginuid.so


Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/openssh/FC-4/.cvsignore,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- .cvsignore  24 Mar 2005 12:02:37 -0000      1.14
+++ .cvsignore  29 Jun 2005 11:57:49 -0000      1.15
@@ -1,2 +1,2 @@
 x11-ssh-askpass-1.2.4.1.tar.gz
-openssh-4.0p1-noacss.tar.bz2
+openssh-4.1p1-noacss.tar.bz2

openssh-4.0p1-redhat.patch:
 ssh_config    |    6 ++++++
 sshd_config   |    8 ++++++++
 sshd_config.0 |    6 +++---
 sshd_config.5 |    2 +-
 4 files changed, 18 insertions(+), 4 deletions(-)

Index: openssh-4.0p1-redhat.patch
===================================================================
RCS file: /cvs/dist/rpms/openssh/FC-4/openssh-4.0p1-redhat.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openssh-4.0p1-redhat.patch  24 Mar 2005 12:02:37 -0000      1.1
+++ openssh-4.0p1-redhat.patch  29 Jun 2005 11:57:49 -0000      1.2
@@ -1,6 +1,32 @@
---- openssh-3.9p1/ssh_config.redhat    2003-08-13 12:37:05.000000000 +0200
-+++ openssh-3.9p1/ssh_config   2005-02-08 15:29:36.027027051 +0100
-@@ -35,3 +35,9 @@
+--- openssh-4.0p1/sshd_config.5.redhat 2005-03-01 11:24:34.000000000 +0100
++++ openssh-4.0p1/sshd_config.5        2005-05-25 10:14:44.739843801 +0200
+@@ -603,7 +603,7 @@
+ .It Cm SyslogFacility
+ Gives the facility code that is used when logging messages from
+ .Nm sshd .
+-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
++The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
+ LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
+ .It Cm TCPKeepAlive
+--- openssh-4.0p1/sshd_config.0.redhat 2005-03-09 05:54:19.000000000 +0100
++++ openssh-4.0p1/sshd_config.0        2005-05-25 10:16:39.057656582 +0200
+@@ -362,9 +362,9 @@
+ 
+      SyslogFacility
+              Gives the facility code that is used when logging messages from
+-             sshd.  The possible values are: DAEMON, USER, AUTH, LOCAL0, LO-
+-             CAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The de-
+-             fault is AUTH.
++             sshd.  The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
++             LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
++             The default is AUTH.
+ 
+      TCPKeepAlive
+              Specifies whether the system should send TCP keepalive messages
+--- openssh-4.0p1/ssh_config.redhat    2005-02-08 23:46:48.000000000 +0100
++++ openssh-4.0p1/ssh_config   2005-05-25 10:12:37.891035384 +0200
+@@ -37,3 +37,9 @@
  #   Cipher 3des
  #   Ciphers 
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
  #   EscapeChar ~
@@ -10,8 +36,8 @@
 +# to the original X11 display. As virtually no X11 client supports the 
untrusted
 +# mode correctly we set this to yes.
 +      ForwardX11Trusted yes
---- openssh-3.9p1/sshd_config.redhat   2004-05-24 02:36:24.000000000 +0200
-+++ openssh-3.9p1/sshd_config  2005-02-08 15:32:55.063381056 +0100
+--- openssh-4.0p1/sshd_config.redhat   2005-01-20 00:57:56.000000000 +0100
++++ openssh-4.0p1/sshd_config  2005-05-25 10:12:37.893035065 +0200
 @@ -12,6 +12,7 @@
  
  #Port 22
@@ -19,8 +45,8 @@
 +Protocol 2
  #AddressFamily any
  #ListenAddress 0.0.0.0
- 
-@@ -28,6 +29,7 @@
+ #ListenAddress ::
+@@ -29,6 +30,7 @@
  # Logging
  #obsoletes QuietMode and FascistLogging
  #SyslogFacility AUTH
@@ -28,7 +54,7 @@
  #LogLevel INFO
  
  # Authentication:
-@@ -54,9 +56,11 @@
+@@ -55,9 +57,11 @@
  # To disable tunneled clear text passwords, change to no here!
  #PasswordAuthentication yes
  #PermitEmptyPasswords no
@@ -40,7 +66,7 @@
  
  # Kerberos options
  #KerberosAuthentication no
-@@ -66,7 +70,9 @@
+@@ -67,7 +71,9 @@
  
  # GSSAPI options
  #GSSAPIAuthentication no
@@ -50,7 +76,7 @@
  
  # Set this to 'yes' to enable PAM authentication, account processing, 
  # and session processing. If this is enabled, PAM authentication will 
-@@ -77,10 +83,12 @@
+@@ -78,10 +84,12 @@
  # session checks to run without PAM authentication, then enable this but set 
  # ChallengeResponseAuthentication=no
  #UsePAM no


Index: openssh.spec
===================================================================
RCS file: /cvs/dist/rpms/openssh/FC-4/openssh.spec,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- openssh.spec        16 May 2005 17:18:02 -0000      1.58
+++ openssh.spec        29 Jun 2005 11:57:49 -0000      1.59
@@ -73,8 +73,8 @@
 
 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
 Name: openssh
-Version: 4.0p1
-%define rel 3
+Version: 4.1p1
+%define rel 3.1
 %if %{rescue}
 Release: %{rel}rescue
 %else
@@ -99,8 +99,11 @@
 Patch22: openssh-3.9p1-askpass-keep-above.patch
 Patch23: openssh-3.9p1-no-log-signal.patch
 Patch24: openssh-3.9p1-fromto-remote.patch
-Patch25: openssh-4.0p1-local-forward.patch
 Patch26: openssh-4.0p1-krb5-valid.patch
+Patch27: openssh-4.1p1-pam-loginuid.patch
+Patch28: openssh-4.1p1-nologin.patch
+Patch29: openssh-4.1p1-getpeername-race.patch
+Patch30: openssh-4.0p1-exit-deadlock.patch
 License: BSD
 Group: Applications/Internet
 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -160,7 +163,7 @@
 Obsoletes: ssh-server
 PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9, /usr/sbin/useradd
 %if ! %{build6x}
-Requires: /etc/pam.d/system-auth
+Requires: /etc/pam.d/system-auth, /%{_lib}/security/pam_loginuid.so
 %endif
 
 %package askpass
@@ -237,8 +240,11 @@
 %patch22 -p1 -b .keep-above
 %patch23 -p1 -b .signal
 %patch24 -p1 -b .fromto-remote
-%patch25 -p1 -b .local-forward
 %patch26 -p0 -b .krb5-valid
+%patch27 -p1 -b .loginuid
+%patch28 -p1 -b .nologin
+%patch29 -p0 -b .getpeername-race
+%patch30 -p1 -b .exit-deadlock
 
 autoreconf
 
@@ -507,6 +513,18 @@
 %endif
 
 %changelog
+* Wed Jun 29 2005 Tomas Mraz <tmraz@xxxxxxxxxx> 4.1p1-3.1
+- fix small regression caused by the nologin patch (#161956)
+- fix race in getpeername error checking (mindrot #1054)
+- don't deadlock on exit with multiple X forwarded channels (#152432)
+
+* Thu Jun  9 2005 Tomas Mraz <tmraz@xxxxxxxxxx> 4.1p1-2
+- use only pam_nologin for nologin testing
+
+* Mon Jun  6 2005 Tomas Mraz <tmraz@xxxxxxxxxx> 4.1p1-1
+- upgrade to a new upstream version
+- call pam_loginuid as a pam session module
+
 * Mon May 16 2005 Tomas Mraz <tmraz@xxxxxxxxxx> 4.0p1-3
 - link libselinux only to sshd (#157678)
 


Index: sources
===================================================================
RCS file: /cvs/dist/rpms/openssh/FC-4/sources,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- sources     24 Mar 2005 12:02:37 -0000      1.14
+++ sources     29 Jun 2005 11:57:49 -0000      1.15
@@ -1,2 +1,2 @@
 8f2e41f3f7eaa8543a2440454637f3c3  x11-ssh-askpass-1.2.4.1.tar.gz
-0b2ec566a44a88bffb00219bf6aa78db  openssh-4.0p1-noacss.tar.bz2
+85a161a501f4b7779eb0dc8fd60872bc  openssh-4.1p1-noacss.tar.bz2


--- openssh-4.0p1-local-forward.patch DELETED ---

--
fedora-cvs-commits mailing list
fedora-cvs-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-cvs-commits

<Prev in Thread] Current Thread [Next in Thread>
  • rpms/openssh/FC-4 openssh-4.0p1-exit-deadlock.patch, NONE, 1.1 openssh-4.1p1-getpeername-race.patch, NONE, 1.1 openssh-4.1p1-nologin.patch, NONE, 1.1 openssh-4.1p1-pam-loginuid.patch, NONE, 1.1 .cvsignore, 1.14, 1.15 openssh-4.0p1-redhat.patch, 1.1, 1.2 openssh.spec, 1.58, 1.59 sources, 1.14, 1.15 openssh-4.0p1-local-forward.patch, 1.1, NONE, fedora-cvs-commits <=