metalefty/openssh
1
0
Fork 0
forked from rpms/openssh
Code Pull Requests Activity

- Comment spec.file

Browse Source 
- Sync patches from upstream
This commit is contained in:
Jan F. Chadima 2010-05-04 07:50:13 +00:00
parent 6fa4d807de
commit bd929b4662
5 changed files with 111 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
openssh-5.1p1-cloexec.patch
View File

@ -1,87 +0,0 @@
diff -up openssh-5.3p1/channels.c.cloexec openssh-5.3p1/channels.c
--- openssh-5.3p1/channels.c.cloexec 2010-01-25 17:25:58.000000000 +0100
+++ openssh-5.3p1/channels.c 2010-01-25 17:26:01.000000000 +0100
@@ -60,6 +60,7 @@
#include <termios.h>
#include <unistd.h>
#include <stdarg.h>
+#include <fcntl.h>
#include "openbsd-compat/sys-queue.h"
#include "xmalloc.h"
@@ -230,6 +231,18 @@ channel_register_fds(Channel *c, int rfd
/* XXX set close-on-exec -markus */
+ if (rfd != -1) {
+ fcntl(rfd, F_SETFD, FD_CLOEXEC);
+ }
+
+ if (wfd != -1 && wfd != rfd) {
+ fcntl(wfd, F_SETFD, FD_CLOEXEC);
+ }
+
+ if (efd != -1 && efd != rfd && efd != wfd) {
+ fcntl(efd, F_SETFD, FD_CLOEXEC);
+ }
+
c->rfd = rfd;
c->wfd = wfd;
c->sock = (rfd == wfd) ? rfd : -1;
diff -up openssh-5.3p1/sshconnect2.c.cloexec openssh-5.3p1/sshconnect2.c
--- openssh-5.3p1/sshconnect2.c.cloexec 2010-01-25 17:25:58.000000000 +0100
+++ openssh-5.3p1/sshconnect2.c 2010-01-25 17:26:01.000000000 +0100
@@ -39,6 +39,7 @@
#include <stdio.h>
#include <string.h>
#include <unistd.h>
+#include <fcntl.h>
#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
#include <vis.h>
#endif
@@ -1512,6 +1513,7 @@ ssh_keysign(Key *key, u_char **sigp, u_i
return -1;
}
if (pid == 0) {
+ fcntl(packet_get_connection_in(), F_SETFD, 0); /* keep the socket on exec */
permanently_drop_suid(getuid());
close(from[0]);
if (dup2(from[1], STDOUT_FILENO) < 0)
diff -up openssh-5.3p1/sshconnect.c.cloexec openssh-5.3p1/sshconnect.c
--- openssh-5.3p1/sshconnect.c.cloexec 2009-06-21 10:53:53.000000000 +0200
+++ openssh-5.3p1/sshconnect.c 2010-01-25 17:26:01.000000000 +0100
@@ -38,6 +38,7 @@
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
+#include <fcntl.h>
#include "xmalloc.h"
#include "key.h"
@@ -191,8 +192,11 @@ ssh_create_socket(int privileged, struct
return sock;
}
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
- if (sock < 0)
+ if (sock < 0) {
error("socket: %.100s", strerror(errno));
+ return -1;
+ }
+ fcntl(sock, F_SETFD, FD_CLOEXEC);
/* Bind the socket to an alternative local IP address */
if (options.bind_address == NULL)
diff -up openssh-5.3p1/sshd.c.cloexec openssh-5.3p1/sshd.c
--- openssh-5.3p1/sshd.c.cloexec 2010-01-25 17:25:55.000000000 +0100
+++ openssh-5.3p1/sshd.c 2010-01-25 18:29:23.000000000 +0100
@@ -1756,6 +1756,10 @@ main(int ac, char **av)
sock_in, sock_out, newsock, startup_pipe, config_s[0]);
}
+ /* set fd cloexec on io/sockets to avoid to forward them to childern */
+ fcntl(sock_out, F_SETFD, FD_CLOEXEC);
+ fcntl(sock_in, F_SETFD, FD_CLOEXEC);
+
/*
* Disable the key regeneration alarm. We will not regenerate the
* key since we are no longer in a position to give it to anyone. We

14
openssh-5.4p1-staterr.patch
View File

@ -1,14 +0,0 @@
diff -up openssh-5.4p1/ssh-keygen.c.staterr openssh-5.4p1/ssh-keygen.c
--- openssh-5.4p1/ssh-keygen.c.staterr 2010-03-19 20:56:12.000000000 +0100
+++ openssh-5.4p1/ssh-keygen.c 2010-03-19 20:59:41.000000000 +0100
@@ -1829,7 +1829,9 @@ main(int argc, char **argv)
snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
if (strstr(identity_file, dotsshdir) != NULL &&
stat(dotsshdir, &st) < 0) {
- if (mkdir(dotsshdir, 0700) < 0)
+ if (errno == EPERM)
+ error("Do not have permisions to stat directory '%s'.", dotsshdir);
+ else if (mkdir(dotsshdir, 0700) < 0)
error("Could not create directory '%s'.", dotsshdir);
else if (!quiet)
printf("Created directory '%s'.\n", dotsshdir);

80
openssh-5.5p1-keygen.patch Normal file
View File

@ -0,0 +1,80 @@
diff -up openssh-5.5p1/ssh-keygen.0.keygen openssh-5.5p1/ssh-keygen.0
--- openssh-5.5p1/ssh-keygen.0.keygen 2010-04-16 02:17:11.000000000 +0200
+++ openssh-5.5p1/ssh-keygen.0 2010-05-04 08:19:22.000000000 +0200
@@ -4,7 +4,7 @@ NAME
ssh-keygen - authentication key generation, management and conversion
SYNOPSIS
- ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment]
+ ssh-keygen [-q] [-o] [-b bits] -t type [-N new_passphrase] [-C comment]
[-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
ssh-keygen -i [-f input_keyfile]
@@ -222,6 +222,8 @@ DESCRIPTION
-q Silence ssh-keygen. Used by /etc/rc when creating a new key.
+ -o Overwrite the key without prompting user.
+
-R hostname
Removes all keys belonging to hostname from a known_hosts file.
This option is useful to delete hashed hosts (see the -H option
diff -up openssh-5.5p1/ssh-keygen.1.keygen openssh-5.5p1/ssh-keygen.1
--- openssh-5.5p1/ssh-keygen.1.keygen 2010-03-21 19:57:49.000000000 +0100
+++ openssh-5.5p1/ssh-keygen.1 2010-05-04 08:19:22.000000000 +0200
@@ -47,6 +47,7 @@
.Nm ssh-keygen
.Bk -words
.Op Fl q
+.Op Fl o
.Op Fl b Ar bits
.Fl t Ar type
.Op Fl N Ar new_passphrase
@@ -370,6 +371,8 @@ Silence
Used by
.Pa /etc/rc
when creating a new key.
+.It Fl o
+Overwrite the key without prompting user.
.It Fl R Ar hostname
Removes all keys belonging to
.Ar hostname
diff -up openssh-5.5p1/ssh-keygen.c.keygen openssh-5.5p1/ssh-keygen.c
--- openssh-5.5p1/ssh-keygen.c.keygen 2010-03-21 19:58:24.000000000 +0100
+++ openssh-5.5p1/ssh-keygen.c 2010-05-04 08:22:22.000000000 +0200
@@ -72,6 +72,7 @@ int change_passphrase = 0;
int change_comment = 0;
int quiet = 0;
+int overwrite = 0;
int log_level = SYSLOG_LEVEL_INFO;
@@ -1540,7 +1541,7 @@ main(int argc, char **argv)
exit(1);
}
- while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:N:n:"
+ while ((opt = getopt(argc, argv, "degiqopclBHLhvxXyF:b:f:t:D:I:P:N:n:"
"O:C:r:g:R:T:G:M:S:s:a:V:W:")) != -1) {
switch (opt) {
case 'b':
@@ -1605,6 +1606,9 @@ main(int argc, char **argv)
case 'q':
quiet = 1;
break;
+ case 'o':
+ overwrite = 1;
+ break;
case 'e':
case 'x':
/* export key */
@@ -1835,7 +1839,7 @@ main(int argc, char **argv)
printf("Created directory '%s'.\n", dotsshdir);
}
/* If the file already exists, ask the user to confirm. */
- if (stat(identity_file, &st) >= 0) {
+ if (!overwrite && stat(identity_file, &st) >= 0) {
char yesno[3];
printf("%s already exists.\n", identity_file);
printf("Overwrite (y/n)? ");

30
openssh-5.5p1-staterr.patch Normal file
View File

@ -0,0 +1,30 @@
diff -up openssh-5.5p1/ssh-keygen.c.staterr openssh-5.5p1/ssh-keygen.c
--- openssh-5.5p1/ssh-keygen.c.staterr 2010-05-04 09:01:14.000000000 +0200
+++ openssh-5.5p1/ssh-keygen.c 2010-05-04 09:03:32.000000000 +0200
@@ -1831,13 +1831,19 @@ main(int argc, char **argv)
ask_filename(pw, "Enter file in which to save the key");
/* Create ~/.ssh directory if it doesn't already exist. */
- snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
- if (strstr(identity_file, dotsshdir) != NULL &&
- stat(dotsshdir, &st) < 0) {
- if (mkdir(dotsshdir, 0700) < 0)
- error("Could not create directory '%s'.", dotsshdir);
- else if (!quiet)
- printf("Created directory '%s'.\n", dotsshdir);
+ snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",
+ pw->pw_dir, _PATH_SSH_USER_DIR);
+ if (strstr(identity_file, dotsshdir) != NULL) {
+ if (stat(dotsshdir, &st) < 0) {
+ if (errno != ENOENT) {
+ error("Could not stat %s: %s", dotsshdir,
+ strerror(errno));
+ } else if (mkdir(dotsshdir, 0700) < 0) {
+ error("Could not create directory '%s': %s",
+ dotsshdir, strerror(errno));
+ } else if (!quiet)
+ printf("Created directory '%s'.\n", dotsshdir);
+ }
}
/* If the file already exists, ask the user to confirm. */
if (!overwrite && stat(identity_file, &st) >= 0) {

1
openssh.spec
View File

@ -120,6 +120,7 @@ Patch44: openssh-5.2p1-allow-ip-opts.patch
Patch49: openssh-4.3p2-gssapi-canohost.patch
Patch62: openssh-5.1p1-scp-manpage.patch
Patch65: openssh-5.5p1-fips.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1614
Patch69: openssh-5.3p1-selabel.patch
Patch71: openssh-5.2p1-edns.patch
Patch73: openssh-5.5p1-gsskex.patch