forked from rpms/openssh
Avoid killing all processes on system in case of race condition
Resolves: RHEL-11548
This commit is contained in:
parent
9c7572af98
commit
ed9948fc28
@ -136,18 +136,6 @@ diff -up openssh-7.4p1/serverloop.c.coverity openssh-7.4p1/serverloop.c
|
|||||||
if (tun != SSH_TUNID_ANY &&
|
if (tun != SSH_TUNID_ANY &&
|
||||||
auth_opts->force_tun_device != (int)tun)
|
auth_opts->force_tun_device != (int)tun)
|
||||||
goto done;
|
goto done;
|
||||||
diff -up openssh-7.4p1/sftp.c.coverity openssh-7.4p1/sftp.c
|
|
||||||
--- openssh-7.4p1/sftp.c.coverity 2016-12-19 05:59:41.000000000 +0100
|
|
||||||
+++ openssh-7.4p1/sftp.c 2016-12-23 16:40:26.903788691 +0100
|
|
||||||
@@ -224,7 +224,7 @@ killchild(int signo)
|
|
||||||
{
|
|
||||||
if (sshpid > 1) {
|
|
||||||
kill(sshpid, SIGTERM);
|
|
||||||
- waitpid(sshpid, NULL, 0);
|
|
||||||
+ (void) waitpid(sshpid, NULL, 0);
|
|
||||||
}
|
|
||||||
|
|
||||||
_exit(1);
|
|
||||||
diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
|
diff -up openssh-7.4p1/ssh-agent.c.coverity openssh-7.4p1/ssh-agent.c
|
||||||
--- openssh-7.4p1/ssh-agent.c.coverity 2016-12-19 05:59:41.000000000 +0100
|
--- openssh-7.4p1/ssh-agent.c.coverity 2016-12-19 05:59:41.000000000 +0100
|
||||||
+++ openssh-7.4p1/ssh-agent.c 2016-12-23 16:40:26.903788691 +0100
|
+++ openssh-7.4p1/ssh-agent.c 2016-12-23 16:40:26.903788691 +0100
|
||||||
|
20
openssh-8.0p1-avoidkillall.patch
Normal file
20
openssh-8.0p1-avoidkillall.patch
Normal file
@ -0,0 +1,20 @@
|
|||||||
|
diff --git a/sftp.c b/sftp.c
|
||||||
|
index b66037f1..54538ff9 100644
|
||||||
|
--- a/sftp.c
|
||||||
|
+++ b/sftp.c
|
||||||
|
@@ -220,9 +220,12 @@ static const struct CMD cmds[] = {
|
||||||
|
static void
|
||||||
|
killchild(int signo)
|
||||||
|
{
|
||||||
|
- if (sshpid > 1) {
|
||||||
|
- kill(sshpid, SIGTERM);
|
||||||
|
- waitpid(sshpid, NULL, 0);
|
||||||
|
+ pid_t pid;
|
||||||
|
+
|
||||||
|
+ pid = sshpid;
|
||||||
|
+ if (pid > 1) {
|
||||||
|
+ kill(pid, SIGTERM);
|
||||||
|
+ (void)waitpid(pid, NULL, 0);
|
||||||
|
}
|
||||||
|
|
||||||
|
_exit(1);
|
@ -277,6 +277,8 @@ Patch985: openssh-8.7p1-minimize-sha1-use.patch
|
|||||||
Patch986: openssh-9.1p1-sshbanner.patch
|
Patch986: openssh-9.1p1-sshbanner.patch
|
||||||
# Upstream 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6
|
# Upstream 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6
|
||||||
Patch987: openssh-8.0p1-ipv6-process.patch
|
Patch987: openssh-8.0p1-ipv6-process.patch
|
||||||
|
# Upstream 4332b4fe49360679647a8705bc08f4e81323f6b4
|
||||||
|
Patch988: openssh-8.0p1-avoidkillall.patch
|
||||||
# upsream commit
|
# upsream commit
|
||||||
# b23fe83f06ee7e721033769cfa03ae840476d280
|
# b23fe83f06ee7e721033769cfa03ae840476d280
|
||||||
Patch1015: openssh-9.3p1-upstream-cve-2023-38408.patch
|
Patch1015: openssh-9.3p1-upstream-cve-2023-38408.patch
|
||||||
@ -515,6 +517,7 @@ popd
|
|||||||
%patch985 -p1 -b .minimize-sha1-use
|
%patch985 -p1 -b .minimize-sha1-use
|
||||||
%patch986 -p1 -b .banner
|
%patch986 -p1 -b .banner
|
||||||
%patch987 -p1 -b .sftp_ipv6
|
%patch987 -p1 -b .sftp_ipv6
|
||||||
|
%patch988 -p1 -b .killall
|
||||||
|
|
||||||
%patch200 -p1 -b .audit
|
%patch200 -p1 -b .audit
|
||||||
%patch201 -p1 -b .audit-race
|
%patch201 -p1 -b .audit-race
|
||||||
@ -814,6 +817,8 @@ getent passwd sshd >/dev/null || \
|
|||||||
Resolves: RHEL-1684
|
Resolves: RHEL-1684
|
||||||
- Add comment to OpenSSH server config about FIPS-incompatible key
|
- Add comment to OpenSSH server config about FIPS-incompatible key
|
||||||
Resolves: RHEL-5221
|
Resolves: RHEL-5221
|
||||||
|
- Avoid killing all processes on system in case of race condition
|
||||||
|
Resolves: RHEL-11548
|
||||||
|
|
||||||
* Thu Aug 24 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-19
|
* Thu Aug 24 2023 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-19
|
||||||
- rebuilt
|
- rebuilt
|
||||||
|
Loading…
Reference in New Issue
Block a user