rpms/openssh/FC-4 openssh-4.2p1-gnu-source.patch, NONE, 1.1 openssh-4.2p1-pam-auth-fail-info.patch, NONE, 1.1 openssh-4.2p1-scp-no-system.patch, NONE, 1.1 openssh-4.2p1-session-x11-detach.patch, NONE, 1.1 openssh.spec, 1.60, 1.61
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Jan 23 16:21:09 UTC 2006
- Previous message (by thread): rpms/kudzu/devel .cvsignore, 1.97, 1.98 kudzu.spec, 1.110, 1.111 sources, 1.108, 1.109
- Next message (by thread): rpms/gnome-utils/devel .cvsignore, 1.35, 1.36 gnome-utils.spec, 1.84, 1.85 sources, 1.38, 1.39 gcalctool-5.7.26-make-subtract-work.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/dist/rpms/openssh/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv16380
Modified Files:
openssh.spec
Added Files:
openssh-4.2p1-gnu-source.patch
openssh-4.2p1-pam-auth-fail-info.patch
openssh-4.2p1-scp-no-system.patch
openssh-4.2p1-session-x11-detach.patch
Log Message:
* Mon Jan 23 2006 Tomas Mraz <tmraz at redhat.com> 4.2p1-fc4.10
- upstream patch for regression in X11 forwarding (#168703)
- _GNU_SOURCE should be used instead of __USE_GNU
- use fork+exec instead of system in scp - CVE-2006-0225 (#168167)
- upstream patch for displaying authentication errors
- install ssh-copy-id from contrib (#88707)
openssh-4.2p1-gnu-source.patch:
includes.h | 3 ++-
1 files changed, 2 insertions(+), 1 deletion(-)
--- NEW FILE openssh-4.2p1-gnu-source.patch ---
--- openssh-4.2p1/includes.h.gnu-source 2005-08-26 22:15:20.000000000 +0200
+++ openssh-4.2p1/includes.h 2005-11-21 16:02:23.000000000 +0100
@@ -21,6 +21,8 @@
#include "config.h"
+#define _GNU_SOURCE /* activate extra prototypes for glibc */
+
#include <stdarg.h>
#include <stdio.h>
#include <ctype.h>
@@ -67,7 +69,6 @@
#ifdef HAVE_NEXT
# include <libc.h>
#endif
-#define __USE_GNU /* before unistd.h, activate extra prototypes for glibc */
#include <unistd.h> /* For STDIN_FILENO, etc */
#include <termios.h> /* Struct winsize */
openssh-4.2p1-pam-auth-fail-info.patch:
auth-pam.c | 12 +++++++++++-
1 files changed, 11 insertions(+), 1 deletion(-)
--- NEW FILE openssh-4.2p1-pam-auth-fail-info.patch ---
Index: auth-pam.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v
retrieving revision 1.121
diff -u -p -r1.121 auth-pam.c
--- auth-pam.c 20 Jan 2005 02:29:51 -0000 1.121
+++ auth-pam.c 2 May 2005 05:49:45 -0000
@@ -691,8 +691,18 @@ sshpam_query(void *ctx, char **name, cha
plen++;
xfree(msg);
break;
- case PAM_SUCCESS:
case PAM_AUTH_ERR:
+ debug3("PAM: PAM_AUTH_ERR");
+ if (**prompts != NULL && strlen(**prompts) != 0) {
+ *info = **prompts;
+ **prompts = NULL;
+ *num = 0;
+ **echo_on = 0;
+ ctxt->pam_done = -1;
+ return 0;
+ }
+ /* FALLTHROUGH */
+ case PAM_SUCCESS:
if (**prompts != NULL) {
/* drain any accumulated messages */
debug("PAM: %s", **prompts);
openssh-4.2p1-scp-no-system.patch:
scp.c | 129 ++++++++++++++++++++++++++++++++++++++++++++++--------------------
1 files changed, 90 insertions(+), 39 deletions(-)
--- NEW FILE openssh-4.2p1-scp-no-system.patch ---
--- openssh-4.2p1/scp.c.no-system 2005-09-06 15:27:10.000000000 +0200
+++ openssh-4.2p1/scp.c 2005-09-28 21:58:07.000000000 +0200
@@ -185,6 +185,46 @@
return 0;
}
+int
+do_spawnwait(arglist *alist)
+{
+ int status;
+
+ if (verbose_mode) {
+ int i;
+
+ fprintf(stderr, "Executing:");
+ for (i = 0; alist->list[i] != NULL; i++) {
+ fprintf(stderr, " %s", alist->list[i]);
+ }
+ fprintf(stderr, "\n");
+ }
+ /* Fork a child to execute the command. */
+ do_cmd_pid = fork();
+ if (do_cmd_pid == 0) {
+ /* Child. */
+
+ execvp(alist->list[0], alist->list);
+ perror(alist->list[0]);
+ exit(1);
+ } else if (do_cmd_pid == -1) {
+ fatal("fork: %s", strerror(errno));
+ }
+ signal(SIGTERM, killchild);
+ signal(SIGINT, killchild);
+ signal(SIGHUP, killchild);
+
+ while (waitpid(do_cmd_pid, &status, 0) != do_cmd_pid) {
+ if (errno != EINTR) {
+ fatal("waitpid: %s", strerror(errno));
+ }
+ }
+ if (!WIFEXITED(status) || WEXITSTATUS(status) != 0)
+ return 1;
+
+ return 0;
+}
+
typedef struct {
size_t cnt;
char *buf;
@@ -360,10 +400,27 @@
}
void
+clearargs(arglist *alist)
+{
+ int i = alist->num;
+ while (i > 0) {
+ i--;
+ if (alist->list[i]) {
+ xfree(alist->list[i]);
+ alist->list[i] = NULL;
+ }
+ }
+ alist->num = 0;
+}
+
+void
toremote(char *targ, int argc, char **argv)
{
int i, len;
char *bp, *host, *src, *suser, *thost, *tuser, *arg;
+ arglist alist;
+ memset(&alist, 0, sizeof(alist));
+
*targ++ = 0;
if (*targ == 0)
@@ -381,20 +438,26 @@
tuser = NULL;
}
+ if (tuser && !okname(tuser)) {
+ xfree(arg);
+ return;
+ }
+
for (i = 0; i < argc - 1; i++) {
src = colon(argv[i]);
if (src) { /* remote to remote */
- static char *ssh_options =
- "-x -o'ClearAllForwardings yes'";
+ clearargs(&alist);
+ addargs(&alist, "%s", ssh_program);
+ if (verbose_mode)
+ addargs(&alist, "-v");
+ addargs(&alist, "-x");
+ addargs(&alist, "-oClearAllForwardings yes");
+ addargs(&alist, "-t");
*src++ = 0;
if (*src == 0)
src = ".";
host = strrchr(argv[i], '@');
- len = strlen(ssh_program) + strlen(argv[i]) +
- strlen(src) + (tuser ? strlen(tuser) : 0) +
- strlen(thost) + strlen(targ) +
- strlen(ssh_options) + CMDNEEDS + 20;
- bp = xmalloc(len);
+
if (host) {
*host++ = 0;
host = cleanhostname(host);
@@ -402,35 +465,22 @@
if (*suser == '\0')
suser = pwd->pw_name;
else if (!okname(suser)) {
- xfree(bp);
- continue;
- }
- if (tuser && !okname(tuser)) {
- xfree(bp);
continue;
}
- snprintf(bp, len,
- "%s%s %s -t "
- "-l %s %s %s %s '%s%s%s:%s'",
- ssh_program, verbose_mode ? " -v" : "",
- ssh_options, suser, host, cmd, src,
- tuser ? tuser : "", tuser ? "@" : "",
- thost, targ);
+ addargs(&alist, "-l");
+ addargs(&alist, "%s", suser);
} else {
host = cleanhostname(argv[i]);
- snprintf(bp, len,
- "exec %s%s %s -t %s "
- "%s %s '%s%s%s:%s'",
- ssh_program, verbose_mode ? " -v" : "",
- ssh_options, host, cmd, src,
+ }
+
+ addargs(&alist, "%s", host);
+ addargs(&alist, "%s", cmd);
+ addargs(&alist, "%s", src);
+ addargs(&alist, "%s%s%s:%s",
tuser ? tuser : "", tuser ? "@" : "",
thost, targ);
- }
- if (verbose_mode)
- fprintf(stderr, "Executing: %s\n", bp);
- if (system(bp) != 0)
+ if (do_spawnwait(&alist) != 0)
errs = 1;
- (void) xfree(bp);
} else { /* local to remote */
if (remin == -1) {
len = strlen(targ) + CMDNEEDS + 20;
@@ -454,20 +504,21 @@
{
int i, len;
char *bp, *host, *src, *suser;
+ arglist alist;
+ memset(&alist, 0, sizeof(alist));
for (i = 0; i < argc - 1; i++) {
if (!(src = colon(argv[i]))) { /* Local to local. */
- len = strlen(_PATH_CP) + strlen(argv[i]) +
- strlen(argv[argc - 1]) + 20;
- bp = xmalloc(len);
- (void) snprintf(bp, len, "exec %s%s%s %s %s", _PATH_CP,
- iamrecursive ? " -r" : "", pflag ? " -p" : "",
- argv[i], argv[argc - 1]);
- if (verbose_mode)
- fprintf(stderr, "Executing: %s\n", bp);
- if (system(bp))
+ clearargs(&alist);
+ addargs(&alist, "%s", _PATH_CP);
+ if (iamrecursive)
+ addargs(&alist, "-r");
+ if (pflag)
+ addargs(&alist, "-p");
+ addargs(&alist, "%s", argv[i]);
+ addargs(&alist, "%s", argv[argc-1]);
+ if (do_spawnwait(&alist))
++errs;
- (void) xfree(bp);
continue;
}
*src++ = 0;
openssh-4.2p1-session-x11-detach.patch:
channels.c | 7 +++++--
channels.h | 5 +++--
clientloop.c | 2 +-
serverloop.c | 2 +-
session.c | 35 ++++++++++++++++++++++-------------
5 files changed, 32 insertions(+), 19 deletions(-)
--- NEW FILE openssh-4.2p1-session-x11-detach.patch ---
Index: channels.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/channels.c,v
retrieving revision 1.224
diff -u -p -r1.224 channels.c
--- channels.c 7 Sep 2005 08:53:53 -0000 1.224
+++ channels.c 26 Sep 2005 11:40:23 -0000
@@ -268,6 +268,7 @@ channel_new(char *ctype, int type, int r
c->force_drain = 0;
c->single_connection = 0;
c->detach_user = NULL;
+ c->detach_close = 0;
c->confirm = NULL;
c->confirm_ctx = NULL;
c->input_filter = NULL;
@@ -627,7 +628,7 @@ channel_register_confirm(int id, channel
c->confirm_ctx = ctx;
}
void
-channel_register_cleanup(int id, channel_callback_fn *fn)
+channel_register_cleanup(int id, channel_callback_fn *fn, int do_close)
{
Channel *c = channel_lookup(id);
@@ -636,6 +637,7 @@ channel_register_cleanup(int id, channel
return;
}
c->detach_user = fn;
+ c->detach_close = do_close;
}
void
channel_cancel_cleanup(int id)
@@ -647,6 +649,7 @@ channel_cancel_cleanup(int id)
return;
}
c->detach_user = NULL;
+ c->detach_close = 0;
}
void
channel_register_filter(int id, channel_filter_fn *fn)
@@ -1660,7 +1676,7 @@ channel_garbage_collect(Channel *c)
if (c == NULL)
return;
if (c->detach_user != NULL) {
- if (!chan_is_dead(c, 0))
+ if (!chan_is_dead(c, c->detach_close))
return;
debug2("channel %d: gc: notify user", c->self);
c->detach_user(c->self, NULL);
Index: channels.h
===================================================================
RCS file: /cvs/src/usr.bin/ssh/channels.h,v
retrieving revision 1.79
diff -u -p -r1.79 channels.h
--- channels.h 17 Jul 2005 06:49:04 -0000 1.79
+++ channels.h 26 Sep 2005 11:40:23 -0000
@@ -105,8 +105,9 @@ struct Channel {
/* callback */
channel_callback_fn *confirm;
- channel_callback_fn *detach_user;
void *confirm_ctx;
+ channel_callback_fn *detach_user;
+ int detach_close;
/* filter */
channel_filter_fn *input_filter;
@@ -162,7 +163,7 @@ void channel_stop_listening(void);
void channel_send_open(int);
void channel_request_start(int, char *, int);
-void channel_register_cleanup(int, channel_callback_fn *);
+void channel_register_cleanup(int, channel_callback_fn *, int);
void channel_register_confirm(int, channel_callback_fn *, void *);
void channel_register_filter(int, channel_filter_fn *);
void channel_cancel_cleanup(int);
Index: clientloop.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/clientloop.c,v
retrieving revision 1.142
diff -u -p -r1.142 clientloop.c
--- clientloop.c 9 Sep 2005 19:18:05 -0000 1.142
+++ clientloop.c 26 Sep 2005 11:40:25 -0000
@@ -1379,7 +1379,7 @@ client_loop(int have_pty, int escape_cha
simple_escape_filter);
if (session_ident != -1)
channel_register_cleanup(session_ident,
- client_channel_closed);
+ client_channel_closed, 0);
} else {
/* Check if we should immediately send eof on stdin. */
client_check_initial_eof_on_stdin();
Index: serverloop.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/serverloop.c,v
retrieving revision 1.118
diff -u -p -r1.118 serverloop.c
--- serverloop.c 17 Jul 2005 07:17:55 -0000 1.118
+++ serverloop.c 26 Sep 2005 11:40:25 -0000
@@ -898,7 +898,7 @@ server_request_session(void)
channel_free(c);
return NULL;
}
- channel_register_cleanup(c->self, session_close_by_channel);
+ channel_register_cleanup(c->self, session_close_by_channel, 0);
return c;
}
Index: session.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/session.c,v
retrieving revision 1.186
diff -u -p -r1.186 session.c
--- session.c 25 Jul 2005 11:59:40 -0000 1.186
+++ session.c 26 Sep 2005 11:40:27 -0000
@@ -1792,7 +1792,6 @@ static void
session_exit_message(Session *s, int status)
{
Channel *c;
- u_int i;
if ((c = channel_lookup(s->chanid)) == NULL)
fatal("session_exit_message: session %d: no channel %d",
@@ -1818,7 +1817,15 @@ session_exit_message(Session *s, int sta
/* disconnect channel */
debug("session_exit_message: release channel %d", s->chanid);
- channel_cancel_cleanup(s->chanid);
+ s->pid = 0;
+
+ /*
+ * Adjust cleanup callback attachment to send close messages when
+ * the channel gets EOF. The session will be then be closed
+ * by session_close_by_channel when the childs close their fds.
+ */
+ channel_register_cleanup(c->self, session_close_by_channel, 1);
+
/*
* emulate a write failure with 'chan_write_failed', nobody will be
* interested in data we write.
@@ -1827,15 +1834,6 @@ session_exit_message(Session *s, int sta
*/
if (c->ostate != CHAN_OUTPUT_CLOSED)
chan_write_failed(c);
- s->chanid = -1;
-
- /* Close any X11 listeners associated with this session */
- if (s->x11_chanids != NULL) {
- for (i = 0; s->x11_chanids[i] != -1; i++) {
- session_close_x11(s->x11_chanids[i]);
- s->x11_chanids[i] = -1;
- }
- }
}
void
@@ -1879,7 +1877,8 @@ session_close_by_pid(pid_t pid, int stat
}
if (s->chanid != -1)
session_exit_message(s, status);
- session_close(s);
+ if (s->ttyfd != -1)
+ session_pty_cleanup(s);
}
/*
@@ -1890,6 +1889,7 @@ void
session_close_by_channel(int id, void *arg)
{
Session *s = session_by_channel(id);
+ u_int i;
if (s == NULL) {
debug("session_close_by_channel: no session for id %d", id);
@@ -1909,6 +1909,15 @@ session_close_by_channel(int id, void *a
}
/* detach by removing callback */
channel_cancel_cleanup(s->chanid);
+
+ /* Close any X11 listeners associated with this session */
+ if (s->x11_chanids != NULL) {
+ for (i = 0; s->x11_chanids[i] != -1; i++) {
+ session_close_x11(s->x11_chanids[i]);
+ s->x11_chanids[i] = -1;
+ }
+ }
+
s->chanid = -1;
session_close(s);
}
@@ -1994,7 +2003,7 @@ session_setup_x11fwd(Session *s)
}
for (i = 0; s->x11_chanids[i] != -1; i++) {
channel_register_cleanup(s->x11_chanids[i],
- session_close_single_x11);
+ session_close_single_x11, 0);
}
/* Set up a suitable value for the DISPLAY variable. */
Index: openssh.spec
===================================================================
RCS file: /cvs/dist/rpms/openssh/FC-4/openssh.spec,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- openssh.spec 7 Sep 2005 13:35:46 -0000 1.60
+++ openssh.spec 23 Jan 2006 16:21:06 -0000 1.61
@@ -74,7 +74,7 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
Name: openssh
Version: 4.2p1
-%define rel fc4.1
+%define rel fc4.10
%if %{rescue}
Release: %{rel}rescue
%else
@@ -104,6 +104,10 @@
Patch28: openssh-4.1p1-nologin.patch
Patch30: openssh-4.0p1-exit-deadlock.patch
Patch31: openssh-3.9p1-skip-used.patch
+Patch32: openssh-4.2p1-pam-auth-fail-info.patch
+Patch33: openssh-4.2p1-scp-no-system.patch
+Patch34: openssh-4.2p1-gnu-source.patch
+Patch36: openssh-4.2p1-session-x11-detach.patch
License: BSD
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -245,6 +249,10 @@
%patch28 -p1 -b .nologin
%patch30 -p1 -b .exit-deadlock
%patch31 -p1 -b .skip-used
+%patch32 -p0 -b .auth-fail-info
+%patch33 -p1 -b .no-system
+%patch34 -p1 -b .gnu-source
+%patch36 -p0 -b .session-detach
autoreconf
@@ -475,10 +483,12 @@
%attr(0755,root,root) %{_bindir}/ssh-add
%attr(0755,root,root) %{_bindir}/ssh-keyscan
%attr(0755,root,root) %{_bindir}/sftp
+%attr(0755,root,root) %{_bindir}/ssh-copy-id
%attr(0644,root,root) %{_mandir}/man1/ssh-agent.1*
%attr(0644,root,root) %{_mandir}/man1/ssh-add.1*
%attr(0644,root,root) %{_mandir}/man1/ssh-keyscan.1*
%attr(0644,root,root) %{_mandir}/man1/sftp.1*
+%attr(0644,root,root) %{_mandir}/man1/ssh-copy-id.1*
%endif
%if ! %{rescue}
@@ -514,6 +524,13 @@
%endif
%changelog
+* Mon Jan 23 2006 Tomas Mraz <tmraz at redhat.com> 4.2p1-fc4.10
+- upstream patch for regression in X11 forwarding (#168703)
+- _GNU_SOURCE should be used instead of __USE_GNU
+- use fork+exec instead of system in scp - CVE-2006-0225 (#168167)
+- upstream patch for displaying authentication errors
+- install ssh-copy-id from contrib (#88707)
+
* Wed Sep 7 2005 Tomas Mraz <tmraz at redhat.com> 4.2p1-fc4.1
- upgrade to a new upstream version
- don't use X11 port which can't be bound on all IP families (#163732)
- Previous message (by thread): rpms/kudzu/devel .cvsignore, 1.97, 1.98 kudzu.spec, 1.110, 1.111 sources, 1.108, 1.109
- Next message (by thread): rpms/gnome-utils/devel .cvsignore, 1.35, 1.36 gnome-utils.spec, 1.84, 1.85 sources, 1.38, 1.39 gcalctool-5.7.26-make-subtract-work.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list