rpms/openssh/F-11 openssh-5.2p1-homechroot.patch, 1.1, 1.2 openssh.spec, 1.141, 1.142
Jan F. Chadima
jfch2222 at fedoraproject.org
Tue Jun 23 18:22:09 UTC 2009
- Previous message (by thread): rpms/php-pecl-geoip/F-11 import.log, NONE, 1.1 php-pecl-geoip.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/kexec-tools/devel firstboot_kdump.py, 1.1, 1.2 kexec-tools.spec, 1.139, 1.140
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jfch2222
Update of /cvs/pkgs/rpms/openssh/F-11
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8092
Modified Files:
openssh-5.2p1-homechroot.patch openssh.spec
Log Message:
repair broken ls in chroot %%h
openssh-5.2p1-homechroot.patch:
Index: openssh-5.2p1-homechroot.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-11/openssh-5.2p1-homechroot.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- openssh-5.2p1-homechroot.patch 3 Apr 2009 12:37:30 -0000 1.1
+++ openssh-5.2p1-homechroot.patch 23 Jun 2009 18:21:38 -0000 1.2
@@ -1,6 +1,16 @@
---- openssh-5.2p1/session.c 2009-03-20 18:08:11.263662384 +0100
-+++ openssh-5.2p1/session.c 2009-03-20 18:26:29.925498409 +0100
-@@ -1408,6 +1408,7 @@
+diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c
+--- openssh-5.2p1/session.c.homechroot 2009-06-23 11:33:36.052163641 +0200
++++ openssh-5.2p1/session.c 2009-06-23 11:33:36.372159228 +0200
+@@ -1398,6 +1398,8 @@ do_nologin(struct passwd *pw)
+ }
+ }
+
++int chroot_no_tree = 0;
++
+ /*
+ * Chroot into a directory after checking it for safety: all path components
+ * must be root-owned directories with strict permissions.
+@@ -1408,6 +1410,7 @@ safely_chroot(const char *path, uid_t ui
const char *cp;
char component[MAXPATHLEN];
struct stat st;
@@ -8,7 +18,7 @@
if (*path != '/')
fatal("chroot path does not begin at root");
-@@ -1419,7 +1420,7 @@
+@@ -1419,7 +1422,7 @@ safely_chroot(const char *path, uid_t ui
* root-owned directory with strict permissions.
*/
for (cp = path; cp != NULL;) {
@@ -17,7 +27,7 @@
strlcpy(component, path, sizeof(component));
else {
cp++;
-@@ -1432,7 +1433,7 @@
+@@ -1432,13 +1435,15 @@ safely_chroot(const char *path, uid_t ui
if (stat(component, &st) != 0)
fatal("%s: stat(\"%s\"): %s", __func__,
component, strerror(errno));
@@ -26,3 +36,43 @@
fatal("bad ownership or modes for chroot "
"directory %s\"%s\"",
cp == NULL ? "" : "component ", component);
+ if (!S_ISDIR(st.st_mode))
+ fatal("chroot path %s\"%s\" is not a directory",
+ cp == NULL ? "" : "component ", component);
++ if (st.st_uid != uid)
++ ++chroot_no_tree;
+
+ }
+
+diff -up openssh-5.2p1/sftp-server.c.homechroot openssh-5.2p1/sftp-server.c
+--- openssh-5.2p1/sftp-server.c.homechroot 2008-07-04 06:10:19.000000000 +0200
++++ openssh-5.2p1/sftp-server.c 2009-06-23 11:33:36.374154561 +0200
+@@ -887,6 +887,7 @@ process_opendir(void)
+ static void
+ process_readdir(void)
+ {
++ extern int chroot_no_tree;
+ DIR *dirp;
+ struct dirent *dp;
+ char *path;
+@@ -920,7 +921,7 @@ process_readdir(void)
+ continue;
+ stat_to_attrib(&st, &(stats[count].attrib));
+ stats[count].name = xstrdup(dp->d_name);
+- stats[count].long_name = ls_file(dp->d_name, &st, 0);
++ stats[count].long_name = ls_file(dp->d_name, &st, chroot_no_tree);
+ count++;
+ /* send up to 100 entries in one message */
+ /* XXX check packet size instead */
+diff -up openssh-5.2p1/sftp-server-main.c.homechroot openssh-5.2p1/sftp-server-main.c
+--- openssh-5.2p1/sftp-server-main.c.homechroot 2009-02-21 22:47:02.000000000 +0100
++++ openssh-5.2p1/sftp-server-main.c 2009-06-23 11:33:36.378159051 +0200
+@@ -27,6 +27,8 @@
+ #include "sftp.h"
+ #include "misc.h"
+
++int chroot_no_tree = 0;
++
+ void
+ cleanup_exit(int i)
+ {
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-11/openssh.spec,v
retrieving revision 1.141
retrieving revision 1.142
diff -u -p -r1.141 -r1.142
--- openssh.spec 3 Apr 2009 13:03:29 -0000 1.141
+++ openssh.spec 23 Jun 2009 18:21:38 -0000 1.142
@@ -63,7 +63,7 @@
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
Version: 5.2p1
-Release: 3%{?dist}%{?rescue_rel}
+Release: 4%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -474,6 +474,9 @@ fi
%endif
%changelog
+* Tue Jun 23 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-4
+- repair broken ls in chroot %%h
+
* Fri Apr 3 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-3
- fix logging after chroot
- enable non root users to use chroot %%h in internal-sftp
- Previous message (by thread): rpms/php-pecl-geoip/F-11 import.log, NONE, 1.1 php-pecl-geoip.spec, NONE, 1.1 .cvsignore, 1.1, 1.2 sources, 1.1, 1.2
- Next message (by thread): rpms/kexec-tools/devel firstboot_kdump.py, 1.1, 1.2 kexec-tools.spec, 1.139, 1.140
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list