|
|
Author: tmraz
Update of /cvs/dist/rpms/openssh/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv22315
Modified Files:
.cvsignore openssh-4.0p1-redhat.patch openssh.spec sources
Added Files:
openssh-4.0p1-exit-deadlock.patch
openssh-4.1p1-getpeername-race.patch
openssh-4.1p1-nologin.patch openssh-4.1p1-pam-loginuid.patch
Removed Files:
openssh-4.0p1-local-forward.patch
Log Message:
* Wed Jun 29 2005 Tomas Mraz <tmraz@xxxxxxxxxx> 4.1p1-3.1
- fix small regression caused by the nologin patch (#161956)
- fix race in getpeername error checking (mindrot #1054)
- don't deadlock on exit with multiple X forwarded channels (#152432)
openssh-4.0p1-exit-deadlock.patch:
channels.c | 4 ++++
1 files changed, 4 insertions(+)
--- NEW FILE openssh-4.0p1-exit-deadlock.patch ---
--- openssh-4.0p1/channels.c.exit-deadlock 2005-03-01 11:24:33.000000000
+0100
+++ openssh-4.0p1/channels.c 2005-04-05 22:25:15.197226237 +0200
@@ -1403,6 +1403,10 @@
u_int dlen;
int len;
+ if(c->wfd != -1 && buffer_len(&c->output) > 0 && c->ostate ==
CHAN_OUTPUT_WAIT_DRAIN) {
+ debug("channel %d: forcing write", c->self);
+ FD_SET(c->wfd, writeset);
+ }
/* Send buffered output data to the socket. */
if (c->wfd != -1 &&
FD_ISSET(c->wfd, writeset) &&
openssh-4.1p1-getpeername-race.patch:
canohost.c | 2 +-
channels.c | 4 ++--
sshd.c | 5 ++++-
3 files changed, 7 insertions(+), 4 deletions(-)
--- NEW FILE openssh-4.1p1-getpeername-race.patch ---
revision 1.43
date: 2005/06/16 08:00:00; author: markus; state: Exp; lines: +2 -2
don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
=============================================================================
Index: canohost.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/canohost.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -p -u -r1.42 -r1.43
--- canohost.c 18 Feb 2005 03:05:53 -0000 1.42
+++ canohost.c 16 Jun 2005 08:00:00 -0000 1.43
@@ -307,7 +307,7 @@ get_sock_port(int sock, int local)
} else {
if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
debug("getpeername failed: %.100s", strerror(errno));
- cleanup_exit(255);
+ return -1;
}
}
/* Return port number. */
revision 1.216
date: 2005/06/16 08:00:00; author: markus; state: Exp; lines: +3 -3
don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
=============================================================================
Index: channels.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/channels.c,v
retrieving revision 1.215
retrieving revision 1.216
diff -u -p -u -r1.215 -r1.216
--- channels.c 16 Jun 2005 03:38:36 -0000 1.215
+++ channels.c 16 Jun 2005 08:00:00 -0000 1.216
@@ -1177,7 +1177,7 @@ port_open_helper(Channel *c, char *rtype
int direct;
char buf[1024];
char *remote_ipaddr = get_peer_ipaddr(c->sock);
- u_short remote_port = get_peer_port(c->sock);
+ int remote_port = get_peer_port(c->sock);
direct = (strcmp(rtype, "direct-tcpip") == 0);
@@ -1207,7 +1207,7 @@ port_open_helper(Channel *c, char *rtype
}
/* originator host and port */
packet_put_cstring(remote_ipaddr);
- packet_put_int(remote_port);
+ packet_put_int((u_int)remote_port);
packet_send();
} else {
packet_start(SSH_MSG_PORT_OPEN);
revision 1.310
date: 2005/06/16 08:00:00; author: markus; state: Exp; lines: +5 -2
don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
=============================================================================
Index: sshd.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd.c,v
retrieving revision 1.309
retrieving revision 1.310
diff -u -p -u -r1.309 -r1.310
--- sshd.c 6 Apr 2005 09:43:59 -0000 1.309
+++ sshd.c 16 Jun 2005 08:00:00 -0000 1.310
@@ -1556,7 +1556,10 @@ main(int ac, char **av)
setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
- remote_port = get_remote_port();
+ if ((remote_port = get_remote_port()) < 0) {
+ debug("get_remote_port failed");
+ cleanup_exit(255);
+ }
remote_ip = get_remote_ipaddr();
#ifdef LIBWRAP
openssh-4.1p1-nologin.patch:
contrib/redhat/sshd.pam | 2 +-
monitor.c | 4 +---
session.c | 4 ++++
3 files changed, 6 insertions(+), 4 deletions(-)
--- NEW FILE openssh-4.1p1-nologin.patch ---
--- openssh-4.1p1/contrib/redhat/sshd.pam.nologin 2005-06-29
11:30:56.000000000 +0200
+++ openssh-4.1p1/contrib/redhat/sshd.pam 2005-06-29 11:30:56.000000000
+0200
@@ -1,6 +1,6 @@
#%PAM-1.0
auth required pam_stack.so service=system-auth
-auth required pam_nologin.so
+account required pam_nologin.so
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
--- openssh-4.1p1/session.c.nologin 2005-06-29 11:30:56.000000000 +0200
+++ openssh-4.1p1/session.c 2005-06-29 11:30:56.000000000 +0200
@@ -1236,6 +1236,10 @@
FILE *f = NULL;
char buf[1024];
+#ifdef USE_PAM
+ if (options.use_pam)
+ return;
+#endif
#ifdef HAVE_LOGIN_CAP
if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN,
--- openssh-4.1p1/monitor.c.nologin 2005-06-29 11:30:56.000000000 +0200
+++ openssh-4.1p1/monitor.c 2005-06-29 11:32:18.000000000 +0200
@@ -854,9 +854,7 @@
ret = do_pam_account();
buffer_put_int(m, ret);
- buffer_append(&loginmsg, "\0", 1);
- buffer_put_cstring(m, buffer_ptr(&loginmsg));
- buffer_clear(&loginmsg);
+ buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m);
openssh-4.1p1-pam-loginuid.patch:
sshd.pam | 1 +
1 files changed, 1 insertion(+)
--- NEW FILE openssh-4.1p1-pam-loginuid.patch ---
--- openssh-4.1p1/contrib/redhat/sshd.pam.loginuid 2004-07-21
03:01:41.000000000 +0200
+++ openssh-4.1p1/contrib/redhat/sshd.pam 2005-06-06 21:38:52.000000000
+0200
@@ -4,3 +4,4 @@
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
+session required pam_loginuid.so
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/openssh/FC-4/.cvsignore,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- .cvsignore 24 Mar 2005 12:02:37 -0000 1.14
+++ .cvsignore 29 Jun 2005 11:57:49 -0000 1.15
@@ -1,2 +1,2 @@
x11-ssh-askpass-1.2.4.1.tar.gz
-openssh-4.0p1-noacss.tar.bz2
+openssh-4.1p1-noacss.tar.bz2
openssh-4.0p1-redhat.patch:
ssh_config | 6 ++++++
sshd_config | 8 ++++++++
sshd_config.0 | 6 +++---
sshd_config.5 | 2 +-
4 files changed, 18 insertions(+), 4 deletions(-)
Index: openssh-4.0p1-redhat.patch
===================================================================
RCS file: /cvs/dist/rpms/openssh/FC-4/openssh-4.0p1-redhat.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openssh-4.0p1-redhat.patch 24 Mar 2005 12:02:37 -0000 1.1
+++ openssh-4.0p1-redhat.patch 29 Jun 2005 11:57:49 -0000 1.2
@@ -1,6 +1,32 @@
---- openssh-3.9p1/ssh_config.redhat 2003-08-13 12:37:05.000000000 +0200
-+++ openssh-3.9p1/ssh_config 2005-02-08 15:29:36.027027051 +0100
-@@ -35,3 +35,9 @@
+--- openssh-4.0p1/sshd_config.5.redhat 2005-03-01 11:24:34.000000000 +0100
++++ openssh-4.0p1/sshd_config.5 2005-05-25 10:14:44.739843801 +0200
+@@ -603,7 +603,7 @@
+ .It Cm SyslogFacility
+ Gives the facility code that is used when logging messages from
+ .Nm sshd .
+-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
++The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
+ LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
+ .It Cm TCPKeepAlive
+--- openssh-4.0p1/sshd_config.0.redhat 2005-03-09 05:54:19.000000000 +0100
++++ openssh-4.0p1/sshd_config.0 2005-05-25 10:16:39.057656582 +0200
+@@ -362,9 +362,9 @@
+
+ SyslogFacility
+ Gives the facility code that is used when logging messages from
+- sshd. The possible values are: DAEMON, USER, AUTH, LOCAL0, LO-
+- CAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de-
+- fault is AUTH.
++ sshd. The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
++ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
++ The default is AUTH.
+
+ TCPKeepAlive
+ Specifies whether the system should send TCP keepalive messages
+--- openssh-4.0p1/ssh_config.redhat 2005-02-08 23:46:48.000000000 +0100
++++ openssh-4.0p1/ssh_config 2005-05-25 10:12:37.891035384 +0200
+@@ -37,3 +37,9 @@
# Cipher 3des
# Ciphers
aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
@@ -10,8 +36,8 @@
+# to the original X11 display. As virtually no X11 client supports the
untrusted
+# mode correctly we set this to yes.
+ ForwardX11Trusted yes
---- openssh-3.9p1/sshd_config.redhat 2004-05-24 02:36:24.000000000 +0200
-+++ openssh-3.9p1/sshd_config 2005-02-08 15:32:55.063381056 +0100
+--- openssh-4.0p1/sshd_config.redhat 2005-01-20 00:57:56.000000000 +0100
++++ openssh-4.0p1/sshd_config 2005-05-25 10:12:37.893035065 +0200
@@ -12,6 +12,7 @@
#Port 22
@@ -19,8 +45,8 @@
+Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
-
-@@ -28,6 +29,7 @@
+ #ListenAddress ::
+@@ -29,6 +30,7 @@
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
@@ -28,7 +54,7 @@
#LogLevel INFO
# Authentication:
-@@ -54,9 +56,11 @@
+@@ -55,9 +57,11 @@
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
@@ -40,7 +66,7 @@
# Kerberos options
#KerberosAuthentication no
-@@ -66,7 +70,9 @@
+@@ -67,7 +71,9 @@
# GSSAPI options
#GSSAPIAuthentication no
@@ -50,7 +76,7 @@
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
-@@ -77,10 +83,12 @@
+@@ -78,10 +84,12 @@
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
Index: openssh.spec
===================================================================
RCS file: /cvs/dist/rpms/openssh/FC-4/openssh.spec,v
retrieving revision 1.58
retrieving revision 1.59
diff -u -r1.58 -r1.59
--- openssh.spec 16 May 2005 17:18:02 -0000 1.58
+++ openssh.spec 29 Jun 2005 11:57:49 -0000 1.59
@@ -73,8 +73,8 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
Name: openssh
-Version: 4.0p1
-%define rel 3
+Version: 4.1p1
+%define rel 3.1
%if %{rescue}
Release: %{rel}rescue
%else
@@ -99,8 +99,11 @@
Patch22: openssh-3.9p1-askpass-keep-above.patch
Patch23: openssh-3.9p1-no-log-signal.patch
Patch24: openssh-3.9p1-fromto-remote.patch
-Patch25: openssh-4.0p1-local-forward.patch
Patch26: openssh-4.0p1-krb5-valid.patch
+Patch27: openssh-4.1p1-pam-loginuid.patch
+Patch28: openssh-4.1p1-nologin.patch
+Patch29: openssh-4.1p1-getpeername-race.patch
+Patch30: openssh-4.0p1-exit-deadlock.patch
License: BSD
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -160,7 +163,7 @@
Obsoletes: ssh-server
PreReq: openssh = %{version}-%{release}, chkconfig >= 0.9, /usr/sbin/useradd
%if ! %{build6x}
-Requires: /etc/pam.d/system-auth
+Requires: /etc/pam.d/system-auth, /%{_lib}/security/pam_loginuid.so
%endif
%package askpass
@@ -237,8 +240,11 @@
%patch22 -p1 -b .keep-above
%patch23 -p1 -b .signal
%patch24 -p1 -b .fromto-remote
-%patch25 -p1 -b .local-forward
%patch26 -p0 -b .krb5-valid
+%patch27 -p1 -b .loginuid
+%patch28 -p1 -b .nologin
+%patch29 -p0 -b .getpeername-race
+%patch30 -p1 -b .exit-deadlock
autoreconf
@@ -507,6 +513,18 @@
%endif
%changelog
+* Wed Jun 29 2005 Tomas Mraz <tmraz@xxxxxxxxxx> 4.1p1-3.1
+- fix small regression caused by the nologin patch (#161956)
+- fix race in getpeername error checking (mindrot #1054)
+- don't deadlock on exit with multiple X forwarded channels (#152432)
+
+* Thu Jun 9 2005 Tomas Mraz <tmraz@xxxxxxxxxx> 4.1p1-2
+- use only pam_nologin for nologin testing
+
+* Mon Jun 6 2005 Tomas Mraz <tmraz@xxxxxxxxxx> 4.1p1-1
+- upgrade to a new upstream version
+- call pam_loginuid as a pam session module
+
* Mon May 16 2005 Tomas Mraz <tmraz@xxxxxxxxxx> 4.0p1-3
- link libselinux only to sshd (#157678)
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/openssh/FC-4/sources,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -r1.14 -r1.15
--- sources 24 Mar 2005 12:02:37 -0000 1.14
+++ sources 29 Jun 2005 11:57:49 -0000 1.15
@@ -1,2 +1,2 @@
8f2e41f3f7eaa8543a2440454637f3c3 x11-ssh-askpass-1.2.4.1.tar.gz
-0b2ec566a44a88bffb00219bf6aa78db openssh-4.0p1-noacss.tar.bz2
+85a161a501f4b7779eb0dc8fd60872bc openssh-4.1p1-noacss.tar.bz2
--- openssh-4.0p1-local-forward.patch DELETED ---
--
fedora-cvs-commits mailing list
fedora-cvs-commits@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-cvs-commits
|
|