rpms/openssh/devel openssh-4.5p1-controlcleanup.patch, NONE, 1.1 openssh-4.7p1-master-race.patch, NONE, 1.1 sshd.init, NONE, 1.1 sshd.pam, NONE, 1.1 .cvsignore, 1.20, 1.21 openssh-4.7p1-mls.patch, 1.2, 1.3 openssh.spec, 1.124, 1.125 sources, 1.20, 1.21 openssh-3.9p1-skip-used.patch, 1.1, NONE openssh-4.2p1-pam-no-stack.patch, 1.2, NONE openssh-4.3p2-initscript.patch, 1.3, NONE openssh-4.7p1-packetdefsize.patch, 1.1, NONE openssh-4.7p1-pam-session.patch, 1.1, NONE openssh-4.7p1-sftp-doclose.patch, 1.1, NONE openssh-4.7p1-sftp-drain-acks.patch, 1.1, NONE openssh-4.7p1-sshd-v6only.patch, 1.1, NONE
Tomáš Mráz (tmraz)
fedora-extras-commits at redhat.com
Mon Apr 7 20:15:11 UTC 2008
- Previous message (by thread): rpms/vdr-femon/devel vdr-femon.spec,1.11,1.12
- Next message (by thread): rpms/coreutils/devel coreutils-selinuxmanpages.patch, NONE, 1.1 coreutils-5.2.1-runuser.patch, 1.17, 1.18 coreutils-colorls.sh, 1.11, 1.12 coreutils-selinux.patch, 1.42, 1.43 coreutils.spec, 1.204, 1.205
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/pkgs/rpms/openssh/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv25578
Modified Files:
.cvsignore openssh-4.7p1-mls.patch openssh.spec sources
Added Files:
openssh-4.5p1-controlcleanup.patch
openssh-4.7p1-master-race.patch sshd.init sshd.pam
Removed Files:
openssh-3.9p1-skip-used.patch openssh-4.2p1-pam-no-stack.patch
openssh-4.3p2-initscript.patch
openssh-4.7p1-packetdefsize.patch
openssh-4.7p1-pam-session.patch
openssh-4.7p1-sftp-doclose.patch
openssh-4.7p1-sftp-drain-acks.patch
openssh-4.7p1-sshd-v6only.patch
Log Message:
* Mon Apr 7 2008 Tomas Mraz <tmraz at redhat.com> - 5.0p1-1
- upgrade to new upstream (#441066)
- prevent initscript from killing itself on halt with upstart (#438449)
- initscript status should show that the daemon is running
only when the main daemon is still alive (#430882)
openssh-4.5p1-controlcleanup.patch:
--- NEW FILE openssh-4.5p1-controlcleanup.patch ---
--- openssh-4.5p1/ssh.c~ 2007-03-24 16:25:18.000000000 +0000
+++ openssh-4.5p1/ssh.c 2007-03-24 16:31:06.000000000 +0000
@@ -1347,7 +1347,11 @@
}
if (errno == ENOENT)
debug("Control socket \"%.100s\" does not exist", path);
- else {
+ else if (errno == ECONNREFUSED) {
+ debug("Control socket connect(%.100s): %s", path,
+ strerror(errno));
+ unlink(path);
+ } else {
error("Control socket connect(%.100s): %s", path,
strerror(errno));
}
openssh-4.7p1-master-race.patch:
--- NEW FILE openssh-4.7p1-master-race.patch ---
--- openssh-4.7p1/ssh.c.masterrace 2008-03-06 13:55:11.000000000 +0000
+++ openssh-4.7p1/ssh.c 2008-03-06 13:55:19.000000000 +0000
@@ -1065,7 +1065,7 @@ client_global_request_reply_fwd(int type
}
}
-static void
+static int
ssh_control_listener(void)
{
struct sockaddr_un addr;
@@ -1073,10 +1073,11 @@ ssh_control_listener(void)
int addr_len;
if (options.control_path == NULL ||
- options.control_master == SSHCTL_MASTER_NO)
- return;
+ options.control_master == SSHCTL_MASTER_NO ||
+ control_fd != -1)
+ return 1;
- debug("setting up multiplex master socket");
+ debug("trying to set up multiplex master socket");
memset(&addr, '\0', sizeof(addr));
addr.sun_family = AF_UNIX;
@@ -1093,11 +1094,9 @@ ssh_control_listener(void)
old_umask = umask(0177);
if (bind(control_fd, (struct sockaddr *)&addr, addr_len) == -1) {
control_fd = -1;
- if (errno == EINVAL || errno == EADDRINUSE)
- fatal("ControlSocket %s already exists",
- options.control_path);
- else
+ if (errno != EINVAL && errno != EADDRINUSE)
fatal("%s bind(): %s", __func__, strerror(errno));
+ return 0;
}
umask(old_umask);
@@ -1105,6 +1104,9 @@ ssh_control_listener(void)
fatal("%s listen(): %s", __func__, strerror(errno));
set_nonblock(control_fd);
+
+ debug("control master listening on %s", options.control_path);
+ return 1;
}
/* request pty/x11/agent/tcpfwd/shell for channel */
@@ -1196,7 +1198,9 @@ ssh_session2(void)
ssh_init_forwarding();
/* Start listening for multiplex clients */
- ssh_control_listener();
+ if (!ssh_control_listener())
+ fatal("control master socket %s already exists",
+ options.control_path);
/*
* If we are the control master, and if control_persist is set,
@@ -1375,7 +1379,13 @@ control_client(const char *path)
switch (options.control_master) {
case SSHCTL_MASTER_AUTO:
case SSHCTL_MASTER_AUTO_ASK:
- debug("auto-mux: Trying existing master");
+ /* see if we can create a control master socket
+ to avoid a race between two auto clients */
+ if (mux_command == SSHMUX_COMMAND_OPEN &&
+ ssh_control_listener())
+ return;
+ debug("trying to connect to control master socket %s",
+ options.control_path);
/* FALLTHROUGH */
case SSHCTL_MASTER_NO:
break;
@@ -1522,6 +1532,8 @@ control_client(const char *path)
signal(SIGTERM, control_client_sighandler);
signal(SIGWINCH, control_client_sigrelay);
+ debug("connected to control master; waiting for exit");
+
if (tty_flag)
enter_raw_mode();
--- NEW FILE sshd.init ---
#!/bin/bash
#
# Init file for OpenSSH server daemon
#
# chkconfig: 2345 55 25
# description: OpenSSH server daemon
#
# processname: sshd
# config: /etc/ssh/ssh_host_key
# config: /etc/ssh/ssh_host_key.pub
# config: /etc/ssh/ssh_random_seed
# config: /etc/ssh/sshd_config
# pidfile: /var/run/sshd.pid
# source function library
. /etc/rc.d/init.d/functions
# pull in sysconfig settings
[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
RETVAL=0
prog="sshd"
# Some functions to make the below more readable
KEYGEN=/usr/bin/ssh-keygen
SSHD=/usr/sbin/sshd
RSA1_KEY=/etc/ssh/ssh_host_key
RSA_KEY=/etc/ssh/ssh_host_rsa_key
DSA_KEY=/etc/ssh/ssh_host_dsa_key
PID_FILE=/var/run/sshd.pid
runlevel=$(set -- $(runlevel); eval "echo \$$#" )
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
echo -n $"Generating SSH1 RSA host key: "
if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA1_KEY
chmod 644 $RSA1_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA1_KEY.pub
fi
success $"RSA1 key generation"
echo
else
failure $"RSA1 key generation"
echo
exit 1
fi
fi
}
do_rsa_keygen() {
if [ ! -s $RSA_KEY ]; then
echo -n $"Generating SSH2 RSA host key: "
if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $RSA_KEY
chmod 644 $RSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $RSA_KEY.pub
fi
success $"RSA key generation"
echo
else
failure $"RSA key generation"
echo
exit 1
fi
fi
}
do_dsa_keygen() {
if [ ! -s $DSA_KEY ]; then
echo -n $"Generating SSH2 DSA host key: "
if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
chmod 600 $DSA_KEY
chmod 644 $DSA_KEY.pub
if [ -x /sbin/restorecon ]; then
/sbin/restorecon $DSA_KEY.pub
fi
success $"DSA key generation"
echo
else
failure $"DSA key generation"
echo
exit 1
fi
fi
}
do_restart_sanity_check()
{
$SSHD -t
RETVAL=$?
if [ ! "$RETVAL" = 0 ]; then
failure $"Configuration file or keys are invalid"
echo
fi
}
start()
{
# Create keys if necessary
if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
do_rsa1_keygen
do_rsa_keygen
do_dsa_keygen
fi
echo -n $"Starting $prog: "
$SSHD $OPTIONS && success || failure
RETVAL=$?
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
echo
}
stop()
{
echo -n $"Stopping $prog: "
if [ -n "`pidfileofproc $SSHD`" ] ; then
killproc $SSHD
else
failure $"Stopping $prog"
fi
RETVAL=$?
# if we are in halt or reboot runlevel kill all running sessions
# so the TCP connections are closed cleanly
if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
trap '' TERM
killall $prog 2>/dev/null
trap TERM
fi
[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
echo
}
reload()
{
echo -n $"Reloading $prog: "
if [ -n "`pidfileofproc $SSHD`" ] ; then
killproc $SSHD -HUP
else
failure $"Reloading $prog"
fi
RETVAL=$?
echo
}
case "$1" in
start)
start
;;
stop)
stop
;;
restart)
stop
start
;;
reload)
reload
;;
condrestart)
if [ -f /var/lock/subsys/sshd ] ; then
do_restart_sanity_check
if [ "$RETVAL" = 0 ] ; then
stop
# avoid race
sleep 3
start
fi
fi
;;
status)
status -p $PID_FILE openssh-daemon
RETVAL=$?
;;
*)
echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
RETVAL=1
esac
exit $RETVAL
--- NEW FILE sshd.pam ---
#%PAM-1.0
auth include system-auth
account required pam_nologin.so
account include system-auth
password include system-auth
session optional pam_keyinit.so force revoke
session include system-auth
session required pam_loginuid.so
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/.cvsignore,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- .cvsignore 6 Sep 2007 19:49:16 -0000 1.20
+++ .cvsignore 7 Apr 2008 20:14:31 -0000 1.21
@@ -1 +1 @@
-openssh-4.7p1-noacss.tar.bz2
+openssh-5.0p1-noacss.tar.bz2
openssh-4.7p1-mls.patch:
Index: openssh-4.7p1-mls.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh-4.7p1-mls.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- openssh-4.7p1-mls.patch 20 Nov 2007 14:53:45 -0000 1.2
+++ openssh-4.7p1-mls.patch 7 Apr 2008 20:14:31 -0000 1.3
@@ -42,12 +42,6 @@
diff -up openssh-4.7p1/openbsd-compat/port-linux.c.mls openssh-4.7p1/openbsd-compat/port-linux.c
--- openssh-4.7p1/openbsd-compat/port-linux.c.mls 2007-09-06 17:39:28.000000000 +0200
+++ openssh-4.7p1/openbsd-compat/port-linux.c 2007-08-07 17:38:18.000000000 +0200
-@@ -1,4 +1,4 @@
--/* $Id$ */
-+/* $Id$ */
-
- /*
- * Copyright (c) 2005 Daniel Walsh <dwalsh at redhat.com>
@@ -33,12 +33,23 @@
#include "key.h"
#include "hostfile.h"
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.124
retrieving revision 1.125
diff -u -r1.124 -r1.125
--- openssh.spec 29 Feb 2008 16:11:23 -0000 1.124
+++ openssh.spec 7 Apr 2008 20:14:31 -0000 1.125
@@ -62,8 +62,8 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
Name: openssh
-Version: 4.7p1
-Release: 9%{?dist}%{?rescue_rel}
+Version: 5.0p1
+Release: 1%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -72,34 +72,30 @@
# the unpacked source directory.
Source0: openssh-%{version}-noacss.tar.bz2
Source1: openssh-nukeacss.sh
+Source2: sshd.pam
+Source3: sshd.init
Patch0: openssh-4.7p1-redhat.patch
Patch2: openssh-3.8.1p1-skip-initial.patch
Patch3: openssh-3.8.1p1-krb5-config.patch
Patch4: openssh-4.7p1-vendor.patch
-Patch5: openssh-4.3p2-initscript.patch
-Patch10: openssh-4.7p1-pam-session.patch
Patch12: openssh-4.7p1-selinux.patch
Patch13: openssh-4.7p1-mls.patch
Patch16: openssh-4.7p1-audit.patch
Patch17: openssh-4.3p2-cve-2007-3102.patch
Patch22: openssh-3.9p1-askpass-keep-above.patch
Patch24: openssh-4.3p1-fromto-remote.patch
-Patch26: openssh-4.2p1-pam-no-stack.patch
Patch27: openssh-4.7p1-log-in-chroot.patch
Patch30: openssh-4.0p1-exit-deadlock.patch
-Patch31: openssh-3.9p1-skip-used.patch
Patch35: openssh-4.2p1-askpass-progress.patch
Patch38: openssh-4.3p2-askpass-grab-info.patch
Patch39: openssh-4.3p2-no-v6only.patch
Patch44: openssh-4.3p2-allow-ip-opts.patch
Patch49: openssh-4.3p2-gssapi-canohost.patch
Patch51: openssh-4.7p1-nss-keys.patch
-Patch52: openssh-4.7p1-sftp-drain-acks.patch
-Patch53: openssh-4.7p1-packetdefsize.patch
Patch54: openssh-4.7p1-gssapi-role.patch
Patch55: openssh-4.7p1-cloexec.patch
-Patch56: openssh-4.7p1-sshd-v6only.patch
-Patch57: openssh-4.7p1-sftp-doclose.patch
+Patch58: openssh-4.5p1-controlcleanup.patch
+Patch59: openssh-4.7p1-master-race.patch
License: BSD
Group: Applications/Internet
@@ -209,9 +205,6 @@
%patch2 -p1 -b .skip-initial
%patch3 -p1 -b .krb5-config
%patch4 -p1 -b .vendor
-%patch5 -p1 -b .initscript
-
-%patch10 -p1 -b .pam-session
%if %{WITH_SELINUX}
#SELinux
@@ -223,22 +216,18 @@
%patch22 -p1 -b .keep-above
%patch24 -p1 -b .fromto-remote
-%patch26 -p1 -b .stack
%patch27 -p1 -b .log-chroot
%patch30 -p1 -b .exit-deadlock
-%patch31 -p1 -b .skip-used
%patch35 -p1 -b .progress
%patch38 -p1 -b .grab-info
%patch39 -p1 -b .no-v6only
%patch44 -p1 -b .ip-opts
%patch49 -p1 -b .canohost
%patch51 -p1 -b .nss-keys
-%patch52 -p1 -b .drain-acks
-%patch53 -p0 -b .defsize
%patch54 -p0 -b .gssapi-role
%patch55 -p1 -b .cloexec
-%patch56 -p0 -b .sshd-v6only
-%patch57 -p3 -b .doclose
+%patch58 -p1 -b .controlcleanup
+%patch59 -p1 -b .master-race
autoreconf
@@ -343,8 +332,8 @@
install -d $RPM_BUILD_ROOT/etc/pam.d/
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
-install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
-install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
+install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
+install -m755 %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
@@ -489,6 +478,16 @@
%endif
%changelog
+* Mon Apr 7 2008 Tomas Mraz <tmraz at redhat.com> - 5.0p1-1
+- upgrade to new upstream (#441066)
+- prevent initscript from killing itself on halt with upstart (#438449)
+- initscript status should show that the daemon is running
+ only when the main daemon is still alive (#430882)
+
+* Thu Mar 6 2008 Tomas Mraz <tmraz at redhat.com> - 4.7p1-10
+- fix race on control master and cleanup stale control socket (#436311)
+ patches by David Woodhouse
+
* Fri Feb 29 2008 Tomas Mraz <tmraz at redhat.com> - 4.7p1-9
- set FD_CLOEXEC on client socket
- apply real fix for window size problem (#286181) from upstream
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/sources,v
retrieving revision 1.20
retrieving revision 1.21
diff -u -r1.20 -r1.21
--- sources 6 Sep 2007 19:49:16 -0000 1.20
+++ sources 7 Apr 2008 20:14:31 -0000 1.21
@@ -1 +1 @@
-21634329a8f1cd0e7a7974ade7280bdc openssh-4.7p1-noacss.tar.bz2
+e39c15a5fb9036bd64256c78a6fbf394 openssh-5.0p1-noacss.tar.bz2
--- openssh-3.9p1-skip-used.patch DELETED ---
--- openssh-4.2p1-pam-no-stack.patch DELETED ---
--- openssh-4.3p2-initscript.patch DELETED ---
--- openssh-4.7p1-packetdefsize.patch DELETED ---
--- openssh-4.7p1-pam-session.patch DELETED ---
--- openssh-4.7p1-sftp-doclose.patch DELETED ---
--- openssh-4.7p1-sftp-drain-acks.patch DELETED ---
--- openssh-4.7p1-sshd-v6only.patch DELETED ---
- Previous message (by thread): rpms/vdr-femon/devel vdr-femon.spec,1.11,1.12
- Next message (by thread): rpms/coreutils/devel coreutils-selinuxmanpages.patch, NONE, 1.1 coreutils-5.2.1-runuser.patch, 1.17, 1.18 coreutils-colorls.sh, 1.11, 1.12 coreutils-selinux.patch, 1.42, 1.43 coreutils.spec, 1.204, 1.205
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list