rpms/openssh/devel openssh-4.1p1-getpeername-race.patch, NONE, 1.1 openssh-4.1p1-nologin.patch, 1.1, 1.2 openssh.spec, 1.61, 1.62
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Wed Jun 29 11:24:38 UTC 2005
- Previous message (by thread): rpms/openoffice.org/devel openoffice.org-1.9.87.rh151357.patch, 1.7, 1.8 openoffice.org.spec, 1.255, 1.256
- Next message (by thread): rpms/openoffice.org/devel .cvsignore, 1.56, 1.57 openoffice.org.spec, 1.256, 1.257 sources, 1.80, 1.81
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: tmraz
Update of /cvs/dist/rpms/openssh/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv8611
Modified Files:
openssh-4.1p1-nologin.patch openssh.spec
Added Files:
openssh-4.1p1-getpeername-race.patch
Log Message:
* Wed Jun 29 2005 Tomas Mraz <tmraz at redhat.com> 4.1p1-3
- fix small regression caused by the nologin patch (#161956)
- fix race in getpeername error checking (mindrot #1054)
openssh-4.1p1-getpeername-race.patch:
canohost.c | 2 +-
channels.c | 4 ++--
sshd.c | 5 ++++-
3 files changed, 7 insertions(+), 4 deletions(-)
--- NEW FILE openssh-4.1p1-getpeername-race.patch ---
revision 1.43
date: 2005/06/16 08:00:00; author: markus; state: Exp; lines: +2 -2
don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
=============================================================================
Index: canohost.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/canohost.c,v
retrieving revision 1.42
retrieving revision 1.43
diff -u -p -u -r1.42 -r1.43
--- canohost.c 18 Feb 2005 03:05:53 -0000 1.42
+++ canohost.c 16 Jun 2005 08:00:00 -0000 1.43
@@ -307,7 +307,7 @@ get_sock_port(int sock, int local)
} else {
if (getpeername(sock, (struct sockaddr *)&from, &fromlen) < 0) {
debug("getpeername failed: %.100s", strerror(errno));
- cleanup_exit(255);
+ return -1;
}
}
/* Return port number. */
revision 1.216
date: 2005/06/16 08:00:00; author: markus; state: Exp; lines: +3 -3
don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
=============================================================================
Index: channels.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/channels.c,v
retrieving revision 1.215
retrieving revision 1.216
diff -u -p -u -r1.215 -r1.216
--- channels.c 16 Jun 2005 03:38:36 -0000 1.215
+++ channels.c 16 Jun 2005 08:00:00 -0000 1.216
@@ -1177,7 +1177,7 @@ port_open_helper(Channel *c, char *rtype
int direct;
char buf[1024];
char *remote_ipaddr = get_peer_ipaddr(c->sock);
- u_short remote_port = get_peer_port(c->sock);
+ int remote_port = get_peer_port(c->sock);
direct = (strcmp(rtype, "direct-tcpip") == 0);
@@ -1207,7 +1207,7 @@ port_open_helper(Channel *c, char *rtype
}
/* originator host and port */
packet_put_cstring(remote_ipaddr);
- packet_put_int(remote_port);
+ packet_put_int((u_int)remote_port);
packet_send();
} else {
packet_start(SSH_MSG_PORT_OPEN);
revision 1.310
date: 2005/06/16 08:00:00; author: markus; state: Exp; lines: +5 -2
don't exit if getpeername fails for forwarded ports; bugzilla #1054; ok djm
=============================================================================
Index: sshd.c
===================================================================
RCS file: /cvs/src/usr.bin/ssh/sshd.c,v
retrieving revision 1.309
retrieving revision 1.310
diff -u -p -u -r1.309 -r1.310
--- sshd.c 6 Apr 2005 09:43:59 -0000 1.309
+++ sshd.c 16 Jun 2005 08:00:00 -0000 1.310
@@ -1556,7 +1556,10 @@ main(int ac, char **av)
setsockopt(sock_in, SOL_SOCKET, SO_KEEPALIVE, &on, sizeof(on)) < 0)
error("setsockopt SO_KEEPALIVE: %.100s", strerror(errno));
- remote_port = get_remote_port();
+ if ((remote_port = get_remote_port()) < 0) {
+ debug("get_remote_port failed");
+ cleanup_exit(255);
+ }
remote_ip = get_remote_ipaddr();
#ifdef LIBWRAP
openssh-4.1p1-nologin.patch:
contrib/redhat/sshd.pam | 2 +-
monitor.c | 4 +---
session.c | 4 ++++
3 files changed, 6 insertions(+), 4 deletions(-)
Index: openssh-4.1p1-nologin.patch
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/openssh-4.1p1-nologin.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openssh-4.1p1-nologin.patch 9 Jun 2005 19:58:01 -0000 1.1
+++ openssh-4.1p1-nologin.patch 29 Jun 2005 11:24:36 -0000 1.2
@@ -1,8 +1,5 @@
-Disables nologin processing directly by openssh if pam is used.
-To be able to display the nologin message it must be moved to the account stage.
-The remaining part is necessary for displaying the nologin file for root.
---- openssh-4.1p1/contrib/redhat/sshd.pam.nologin 2005-06-09 15:51:39.000000000 +0200
-+++ openssh-4.1p1/contrib/redhat/sshd.pam 2005-06-09 20:41:06.000000000 +0200
+--- openssh-4.1p1/contrib/redhat/sshd.pam.nologin 2005-06-29 11:30:56.000000000 +0200
++++ openssh-4.1p1/contrib/redhat/sshd.pam 2005-06-29 11:30:56.000000000 +0200
@@ -1,6 +1,6 @@
#%PAM-1.0
auth required pam_stack.so service=system-auth
@@ -11,8 +8,8 @@
account required pam_stack.so service=system-auth
password required pam_stack.so service=system-auth
session required pam_stack.so service=system-auth
---- openssh-4.1p1/session.c.nologin 2005-06-09 15:51:39.000000000 +0200
-+++ openssh-4.1p1/session.c 2005-06-09 20:40:41.000000000 +0200
+--- openssh-4.1p1/session.c.nologin 2005-06-29 11:30:56.000000000 +0200
++++ openssh-4.1p1/session.c 2005-06-29 11:30:56.000000000 +0200
@@ -1236,6 +1236,10 @@
FILE *f = NULL;
char buf[1024];
@@ -24,13 +21,16 @@
#ifdef HAVE_LOGIN_CAP
if (!login_getcapbool(lc, "ignorenologin", 0) && pw->pw_uid)
f = fopen(login_getcapstr(lc, "nologin", _PATH_NOLOGIN,
---- openssh-4.1p1/monitor.c.nologin 2005-06-09 20:38:18.000000000 +0200
-+++ openssh-4.1p1/monitor.c 2005-06-09 20:38:35.000000000 +0200
-@@ -856,7 +856,6 @@
+--- openssh-4.1p1/monitor.c.nologin 2005-06-29 11:30:56.000000000 +0200
++++ openssh-4.1p1/monitor.c 2005-06-29 11:32:18.000000000 +0200
+@@ -854,9 +854,7 @@
+ ret = do_pam_account();
+
buffer_put_int(m, ret);
- buffer_append(&loginmsg, "\0", 1);
- buffer_put_cstring(m, buffer_ptr(&loginmsg));
+- buffer_append(&loginmsg, "\0", 1);
+- buffer_put_cstring(m, buffer_ptr(&loginmsg));
- buffer_clear(&loginmsg);
++ buffer_put_string(m, buffer_ptr(&loginmsg), buffer_len(&loginmsg));
mm_request_send(sock, MONITOR_ANS_PAM_ACCOUNT, m);
Index: openssh.spec
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.61
retrieving revision 1.62
diff -u -r1.61 -r1.62
--- openssh.spec 9 Jun 2005 19:59:04 -0000 1.61
+++ openssh.spec 29 Jun 2005 11:24:36 -0000 1.62
@@ -74,7 +74,7 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
Name: openssh
Version: 4.1p1
-%define rel 2
+%define rel 3
%if %{rescue}
Release: %{rel}rescue
%else
@@ -102,6 +102,7 @@
Patch26: openssh-4.0p1-krb5-valid.patch
Patch27: openssh-4.1p1-pam-loginuid.patch
Patch28: openssh-4.1p1-nologin.patch
+Patch29: openssh-4.1p1-getpeername-race.patch
License: BSD
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -241,6 +242,7 @@
%patch26 -p0 -b .krb5-valid
%patch27 -p1 -b .loginuid
%patch28 -p1 -b .nologin
+%patch29 -p0 -b .getpeername-race
autoreconf
@@ -509,6 +511,10 @@
%endif
%changelog
+* Wed Jun 29 2005 Tomas Mraz <tmraz at redhat.com> 4.1p1-3
+- fix small regression caused by the nologin patch (#161956)
+- fix race in getpeername error checking (mindrot #1054)
+
* Thu Jun 9 2005 Tomas Mraz <tmraz at redhat.com> 4.1p1-2
- use only pam_nologin for nologin testing
- Previous message (by thread): rpms/openoffice.org/devel openoffice.org-1.9.87.rh151357.patch, 1.7, 1.8 openoffice.org.spec, 1.255, 1.256
- Next message (by thread): rpms/openoffice.org/devel .cvsignore, 1.56, 1.57 openoffice.org.spec, 1.256, 1.257 sources, 1.80, 1.81
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list