rpms/openssh/devel openssh-4.2p1-pam-auth-fail-info.patch, NONE, 1.1 openssh-4.2p1-pam-no-stack.patch, NONE, 1.1 openssh-4.2p1-scp-no-system.patch, NONE, 1.1 openssh-4.1p1-nologin.patch, 1.2, 1.3 openssh.spec, 1.65, 1.66 openssh-4.1p1-pam-loginuid.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Fri Oct 7 12:29:19 UTC 2005
Author: tmraz
Update of /cvs/dist/rpms/openssh/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv10729
Modified Files:
openssh-4.1p1-nologin.patch openssh.spec
Added Files:
openssh-4.2p1-pam-auth-fail-info.patch
openssh-4.2p1-pam-no-stack.patch
openssh-4.2p1-scp-no-system.patch
Removed Files:
openssh-4.1p1-pam-loginuid.patch
Log Message:
* Fri Oct 7 2005 Tomas Mraz <tmraz at redhat.com> 4.2p1-2
- use include instead of pam_stack in pam config
- use fork+exec instead of system in scp (#168167)
- upstream patch for displaying authentication errors
openssh-4.2p1-pam-auth-fail-info.patch:
auth-pam.c | 12 +++++++++++-
1 files changed, 11 insertions(+), 1 deletion(-)
--- NEW FILE openssh-4.2p1-pam-auth-fail-info.patch ---
Index: auth-pam.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v
retrieving revision 1.121
diff -u -p -r1.121 auth-pam.c
--- auth-pam.c 20 Jan 2005 02:29:51 -0000 1.121
+++ auth-pam.c 2 May 2005 05:49:45 -0000
@@ -691,8 +691,18 @@ sshpam_query(void *ctx, char **name, cha
plen++;
xfree(msg);
break;
- case PAM_SUCCESS:
case PAM_AUTH_ERR:
+ debug3("PAM: PAM_AUTH_ERR");
+ if (**prompts != NULL && strlen(**prompts) != 0) {
+ *info = **prompts;
+ **prompts = NULL;
+ *num = 0;
+ **echo_on = 0;
+ ctxt->pam_done = -1;
+ return 0;
+ }
+ /* FALLTHROUGH */
+ case PAM_SUCCESS:
if (**prompts != NULL) {
/* drain any accumulated messages */
debug("PAM: %s", **prompts);
openssh-4.2p1-pam-no-stack.patch:
sshd.pam | 11 ++++++-----
1 files changed, 6 insertions(+), 5 deletions(-)
--- NEW FILE openssh-4.2p1-pam-no-stack.patch ---
--- openssh-4.2p1/contrib/redhat/sshd.pam.stack 2004-07-21 03:01:41.000000000 +0200
+++ openssh-4.2p1/contrib/redhat/sshd.pam 2005-10-07 14:18:50.000000000 +0200
@@ -1,6 +1,7 @@
#%PAM-1.0
-auth required pam_stack.so service=system-auth
-auth required pam_nologin.so
-account required pam_stack.so service=system-auth
-password required pam_stack.so service=system-auth
-session required pam_stack.so service=system-auth
+auth include system-auth
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session include system-auth
+session required pam_loginuid.so
openssh-4.2p1-scp-no-system.patch:
scp.c | 129 ++++++++++++++++++++++++++++++++++++++++++++++--------------------
1 files changed, 90 insertions(+), 39 deletions(-)
--- NEW FILE openssh-4.2p1-scp-no-system.patch ---
--- openssh-4.2p1/scp.c.no-system 2005-09-06 15:27:10.000000000 +0200
+++ openssh-4.2p1/scp.c 2005-09-28 21:58:07.000000000 +0200
@@ -185,6 +185,46 @@
return 0;
}
+int
+do_spawnwait(arglist *alist)
+{
+ int status;
+
+ if (verbose_mode) {
+ int i;
+
+ fprintf(stderr, "Executing:");
+ for (i = 0; alist->list[i] != NULL; i++) {
+ fprintf(stderr, " %s", alist->list[i]);
+ }
+ fprintf(stderr, "\n");
+ }
+ /* Fork a child to execute the command. */
+ do_cmd_pid = fork();
+ if (do_cmd_pid == 0) {
+ /* Child. */
+
+ execvp(alist->list[0], alist->list);
+ perror(alist->list[0]);
+ exit(1);
+ } else if (do_cmd_pid == -1) {
+ fatal("fork: %s", strerror(errno));
+ }
+ signal(SIGTERM, killchild);
+ signal(SIGINT, killchild);
+ signal(SIGHUP, killchild);
+
+ while (waitpid(do_cmd_pid, &status, 0) != do_cmd_pid) {
+ if (errno != EINTR) {
+ fatal("waitpid: %s", strerror(errno));
+ }
+ }
+ if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
+ return 1;
+
+ return 0;
+}
+
typedef struct {
size_t cnt;
char *buf;
@@ -360,10 +400,27 @@
}
void
+clearargs(arglist *alist)
+{
+ int i = alist->num;
+ while (i > 0) {
+ i--;
+ if (alist->list[i]) {
+ xfree(alist->list[i]);
+ alist->list[i] = NULL;
+ }
+ }
+ alist->num = 0;
+}
+
+void
toremote(char *targ, int argc, char **argv)
{
int i, len;
char *bp, *host, *src, *suser, *thost, *tuser, *arg;
+ arglist alist;
+ memset(&alist, 0, sizeof(alist));
+
*targ++ = 0;
if (*targ == 0)
@@ -381,20 +438,26 @@
tuser = NULL;
}
+ if (tuser && !okname(tuser)) {
+ xfree(arg);
+ return;
+ }
+
for (i = 0; i < argc - 1; i++) {
src = colon(argv[i]);
if (src) { /* remote to remote */
- static char *ssh_options =
- "-x -o'ClearAllForwardings yes'";
+ clearargs(&alist);
+ addargs(&alist, "%s", ssh_program);
+ if (verbose_mode)
+ addargs(&alist, "-v");
+ addargs(&alist, "-x");
+ addargs(&alist, "-oClearAllForwardings yes");
+ addargs(&alist, "-t");
*src++ = 0;
if (*src == 0)
src = ".";
host = strrchr(argv[i], '@');
- len = strlen(ssh_program) + strlen(argv[i]) +
- strlen(src) + (tuser ? strlen(tuser) : 0) +
- strlen(thost) + strlen(targ) +
- strlen(ssh_options) + CMDNEEDS + 20;
- bp = xmalloc(len);
+
if (host) {
*host++ = 0;
host = cleanhostname(host);
@@ -402,35 +465,22 @@
if (*suser == '\0')
suser = pwd->pw_name;
else if (!okname(suser)) {
- xfree(bp);
- continue;
- }
- if (tuser && !okname(tuser)) {
- xfree(bp);
continue;
}
- snprintf(bp, len,
- "%s%s %s -t "
- "-l %s %s %s %s '%s%s%s:%s'",
- ssh_program, verbose_mode ? " -v" : "",
- ssh_options, suser, host, cmd, src,
- tuser ? tuser : "", tuser ? "@" : "",
- thost, targ);
+ addargs(&alist, "-l");
+ addargs(&alist, "%s", suser);
} else {
host = cleanhostname(argv[i]);
- snprintf(bp, len,
- "exec %s%s %s -t %s "
- "%s %s '%s%s%s:%s'",
- ssh_program, verbose_mode ? " -v" : "",
- ssh_options, host, cmd, src,
+ }
+
+ addargs(&alist, "%s", host);
+ addargs(&alist, "%s", cmd);
+ addargs(&alist, "%s", src);
+ addargs(&alist, "%s%s%s:%s",
tuser ? tuser : "", tuser ? "@" : "",
thost, targ);
- }
- if (verbose_mode)
- fprintf(stderr, "Executing: %s\n", bp);
- if (system(bp) != 0)
+ if (do_spawnwait(&alist) != 0)
errs = 1;
- (void) xfree(bp);
} else { /* local to remote */
if (remin == -1) {
len = strlen(targ) + CMDNEEDS + 20;
@@ -454,20 +504,21 @@
{
int i, len;
char *bp, *host, *src, *suser;
+ arglist alist;
+ memset(&alist, 0, sizeof(alist));
for (i = 0; i < argc - 1; i++) {
if (!(src = colon(argv[i]))) { /* Local to local. */
- len = strlen(_PATH_CP) + strlen(argv[i]) +
- strlen(argv[argc - 1]) + 20;
- bp = xmalloc(len);
- (void) snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP,
- iamrecursive ? " -r" : "", pflag ? " -p" : "",
- argv[i], argv[argc - 1]);
- if (verbose_mode)
- fprintf(stderr, "Executing: %s\n", bp);
- if (system(bp))
+ clearargs(&alist);
+ addargs(&alist, "%s", _PATH_CP);
+ if (iamrecursive)
+ addargs(&alist, "-r");
+ if (pflag)
+ addargs(&alist, "-p");
+ addargs(&alist, "%s", argv[i]);
+ addargs(&alist, "%s", argv[argc-1]);
+ if (do_spawnwait(&alist))
++errs;
- (void) xfree(bp);
continue;
}
*src++ = 0;
openssh-4.1p1-nologin.patch:
monitor.c | 4 +---
session.c | 4 ++++
2 files changed, 5 insertions(+), 3 deletions(-)
Index: openssh-4.1p1-nologin.patch
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/openssh-4.1p1-nologin.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- openssh-4.1p1-nologin.patch 29 Jun 2005 11:24:36 -0000 1.2
+++ openssh-4.1p1-nologin.patch 7 Oct 2005 12:29:15 -0000 1.3
@@ -1,13 +1,3 @@
---- openssh-4.1p1/contrib/redhat/sshd.pam.nologin 2005-06-29 11:30:56.000000000 +0200
-+++ openssh-4.1p1/contrib/redhat/sshd.pam 2005-06-29 11:30:56.000000000 +0200
-@@ -1,6 +1,6 @@
- #%PAM-1.0
- auth required pam_stack.so service=system-auth
--auth required pam_nologin.so
-+account required pam_nologin.so
- account required pam_stack.so service=system-auth
- password required pam_stack.so service=system-auth
- session required pam_stack.so service=system-auth
--- openssh-4.1p1/session.c.nologin 2005-06-29 11:30:56.000000000 +0200
+++ openssh-4.1p1/session.c 2005-06-29 11:30:56.000000000 +0200
@@ -1236,6 +1236,10 @@
Index: openssh.spec
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -r1.65 -r1.66
--- openssh.spec 6 Sep 2005 19:55:17 -0000 1.65
+++ openssh.spec 7 Oct 2005 12:29:15 -0000 1.66
@@ -74,7 +74,7 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
Name: openssh
Version: 4.2p1
-%define rel 1
+%define rel 2
%if %{rescue}
Release: %{rel}rescue
%else
@@ -102,10 +102,12 @@
Patch23: openssh-3.9p1-no-log-signal.patch
Patch24: openssh-3.9p1-fromto-remote.patch
Patch26: openssh-4.0p1-krb5-valid.patch
-Patch27: openssh-4.1p1-pam-loginuid.patch
+Patch27: openssh-4.2p1-pam-stack.patch
Patch28: openssh-4.1p1-nologin.patch
Patch30: openssh-4.0p1-exit-deadlock.patch
Patch31: openssh-3.9p1-skip-used.patch
+Patch32: openssh-4.2p1-pam-auth-fail-info.patch
+Patch33: openssh-4.2p1-scp-no-system.patch
License: BSD
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -243,10 +245,12 @@
%patch23 -p1 -b .signal
%patch24 -p1 -b .fromto-remote
%patch26 -p0 -b .krb5-valid
-%patch27 -p1 -b .loginuid
+%patch27 -p1 -b .stack
%patch28 -p1 -b .nologin
%patch30 -p1 -b .exit-deadlock
%patch31 -p1 -b .skip-used
+%patch32 -p1 -b .auth-fail-info
+%patch33 -p1 -b .no-system
autoreconf
@@ -524,6 +528,11 @@
%endif
%changelog
+* Fri Oct 7 2005 Tomas Mraz <tmraz at redhat.com> 4.2p1-2
+- use include instead of pam_stack in pam config
+- use fork+exec instead of system in scp (#168167)
+- upstream patch for displaying authentication errors
+
* Tue Sep 06 2005 Tomas Mraz <tmraz at redhat.com> 4.2p1-1
- upgrade to a new upstream version
--- openssh-4.1p1-pam-loginuid.patch DELETED ---
More information about the fedora-cvs-commits
mailing list