Switch to SFTP protocol in scp utility by default - upstream fixes
Related: rhbz#2001002
This commit is contained in:
parent
829ee6e4ad
commit
0b7faaf14a
167
openssh-8.7p1-sftpscp-dir-create.patch
Normal file
167
openssh-8.7p1-sftpscp-dir-create.patch
Normal file
@ -0,0 +1,167 @@
|
||||
diff -up openssh-8.7p1/scp.c.sftpdirs openssh-8.7p1/scp.c
|
||||
--- openssh-8.7p1/scp.c.sftpdirs 2022-02-02 14:11:12.553447509 +0100
|
||||
+++ openssh-8.7p1/scp.c 2022-02-02 14:12:56.081316414 +0100
|
||||
@@ -130,6 +130,7 @@
|
||||
#include "misc.h"
|
||||
#include "progressmeter.h"
|
||||
#include "utf8.h"
|
||||
+#include "sftp.h"
|
||||
|
||||
#include "sftp-common.h"
|
||||
#include "sftp-client.h"
|
||||
@@ -660,7 +661,7 @@ main(int argc, char **argv)
|
||||
* Finally check the exit status of the ssh process, if one was forked
|
||||
* and no error has occurred yet
|
||||
*/
|
||||
- if (do_cmd_pid != -1 && errs == 0) {
|
||||
+ if (do_cmd_pid != -1 && (mode == MODE_SFTP || errs == 0)) {
|
||||
if (remin != -1)
|
||||
(void) close(remin);
|
||||
if (remout != -1)
|
||||
@@ -1264,13 +1265,18 @@ tolocal(int argc, char **argv, enum scp_
|
||||
static char *
|
||||
prepare_remote_path(struct sftp_conn *conn, const char *path)
|
||||
{
|
||||
+ size_t nslash;
|
||||
+
|
||||
/* Handle ~ prefixed paths */
|
||||
- if (*path != '~')
|
||||
- return xstrdup(path);
|
||||
if (*path == '\0' || strcmp(path, "~") == 0)
|
||||
return xstrdup(".");
|
||||
- if (strncmp(path, "~/", 2) == 0)
|
||||
- return xstrdup(path + 2);
|
||||
+ if (*path != '~')
|
||||
+ return xstrdup(path);
|
||||
+ if (strncmp(path, "~/", 2) == 0) {
|
||||
+ if ((nslash = strspn(path + 2, "/")) == strlen(path + 2))
|
||||
+ return xstrdup(".");
|
||||
+ return xstrdup(path + 2 + nslash);
|
||||
+ }
|
||||
if (can_expand_path(conn))
|
||||
return do_expand_path(conn, path);
|
||||
/* No protocol extension */
|
||||
@@ -1282,10 +1288,16 @@ void
|
||||
source_sftp(int argc, char *src, char *targ, struct sftp_conn *conn)
|
||||
{
|
||||
char *target = NULL, *filename = NULL, *abs_dst = NULL;
|
||||
- int target_is_dir;
|
||||
-
|
||||
+ int src_is_dir, target_is_dir;
|
||||
+ Attrib a;
|
||||
+ struct stat st;
|
||||
+
|
||||
+ memset(&a, '\0', sizeof(a));
|
||||
+ if (stat(src, &st) != 0)
|
||||
+ fatal("stat local \"%s\": %s", src, strerror(errno));
|
||||
+ src_is_dir = S_ISDIR(st.st_mode);
|
||||
if ((filename = basename(src)) == NULL)
|
||||
- fatal("basename %s: %s", src, strerror(errno));
|
||||
+ fatal("basename \"%s\": %s", src, strerror(errno));
|
||||
|
||||
/*
|
||||
* No need to glob here - the local shell already took care of
|
||||
@@ -1295,8 +1307,12 @@ source_sftp(int argc, char *src, char *t
|
||||
cleanup_exit(255);
|
||||
target_is_dir = remote_is_dir(conn, target);
|
||||
if (targetshouldbedirectory && !target_is_dir) {
|
||||
- fatal("Target is not a directory, but more files selected "
|
||||
- "for upload");
|
||||
+ debug("target directory \"%s\" does not exist", target);
|
||||
+ a.flags = SSH2_FILEXFER_ATTR_PERMISSIONS;
|
||||
+ a.perm = st.st_mode | 0700; /* ensure writable */
|
||||
+ if (do_mkdir(conn, target, &a, 1) != 0)
|
||||
+ cleanup_exit(255); /* error already logged */
|
||||
+ target_is_dir = 1;
|
||||
}
|
||||
if (target_is_dir)
|
||||
abs_dst = path_append(target, filename);
|
||||
@@ -1306,14 +1322,17 @@ source_sftp(int argc, char *src, char *t
|
||||
}
|
||||
debug3_f("copying local %s to remote %s", src, abs_dst);
|
||||
|
||||
- if (local_is_dir(src) && iamrecursive) {
|
||||
+ if (src_is_dir && iamrecursive) {
|
||||
if (upload_dir(conn, src, abs_dst, pflag,
|
||||
SFTP_PROGRESS_ONLY, 0, 0, 1) != 0) {
|
||||
- fatal("failed to upload directory %s to %s",
|
||||
+ error("failed to upload directory %s to %s",
|
||||
src, abs_dst);
|
||||
+ errs = 1;
|
||||
}
|
||||
- } else if (do_upload(conn, src, abs_dst, pflag, 0, 0) != 0)
|
||||
- fatal("failed to upload file %s to %s", src, abs_dst);
|
||||
+ } else if (do_upload(conn, src, abs_dst, pflag, 0, 0) != 0) {
|
||||
+ error("failed to upload file %s to %s", src, abs_dst);
|
||||
+ errs = 1;
|
||||
+ }
|
||||
|
||||
free(abs_dst);
|
||||
free(target);
|
||||
@@ -1487,14 +1506,15 @@ sink_sftp(int argc, char *dst, const cha
|
||||
char *abs_dst = NULL;
|
||||
glob_t g;
|
||||
char *filename, *tmp = NULL;
|
||||
- int i, r, err = 0;
|
||||
+ int i, r, err = 0, dst_is_dir;
|
||||
+ struct stat st;
|
||||
|
||||
memset(&g, 0, sizeof(g));
|
||||
+
|
||||
/*
|
||||
* Here, we need remote glob as SFTP can not depend on remote shell
|
||||
* expansions
|
||||
*/
|
||||
-
|
||||
if ((abs_src = prepare_remote_path(conn, src)) == NULL) {
|
||||
err = -1;
|
||||
goto out;
|
||||
@@ -1510,11 +1530,24 @@ sink_sftp(int argc, char *dst, const cha
|
||||
goto out;
|
||||
}
|
||||
|
||||
- if (g.gl_matchc > 1 && !local_is_dir(dst)) {
|
||||
- error("Multiple files match pattern, but destination "
|
||||
- "\"%s\" is not a directory", dst);
|
||||
- err = -1;
|
||||
- goto out;
|
||||
+ if ((r = stat(dst, &st)) != 0)
|
||||
+ debug2_f("stat local \"%s\": %s", dst, strerror(errno));
|
||||
+ dst_is_dir = r == 0 && S_ISDIR(st.st_mode);
|
||||
+
|
||||
+ if (g.gl_matchc > 1 && !dst_is_dir) {
|
||||
+ if (r == 0) {
|
||||
+ error("Multiple files match pattern, but destination "
|
||||
+ "\"%s\" is not a directory", dst);
|
||||
+ err = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+ debug2_f("creating destination \"%s\"", dst);
|
||||
+ if (mkdir(dst, 0777) != 0) {
|
||||
+ error("local mkdir \"%s\": %s", dst, strerror(errno));
|
||||
+ err = -1;
|
||||
+ goto out;
|
||||
+ }
|
||||
+ dst_is_dir = 1;
|
||||
}
|
||||
|
||||
for (i = 0; g.gl_pathv[i] && !interrupted; i++) {
|
||||
@@ -1525,7 +1558,7 @@ sink_sftp(int argc, char *dst, const cha
|
||||
goto out;
|
||||
}
|
||||
|
||||
- if (local_is_dir(dst))
|
||||
+ if (dst_is_dir)
|
||||
abs_dst = path_append(dst, filename);
|
||||
else
|
||||
abs_dst = xstrdup(dst);
|
||||
@@ -1551,7 +1584,8 @@ out:
|
||||
free(tmp);
|
||||
globfree(&g);
|
||||
if (err == -1) {
|
||||
- fatal("Failed to download file '%s'", src);
|
||||
+ error("Failed to download '%s'", src);
|
||||
+ errs = 1;
|
||||
}
|
||||
}
|
||||
|
@ -51,7 +51,7 @@
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%global openssh_ver 8.7p1
|
||||
%global openssh_rel 6
|
||||
%global openssh_rel 7
|
||||
%global pam_ssh_agent_ver 0.10.4
|
||||
%global pam_ssh_agent_rel 4
|
||||
|
||||
@ -201,6 +201,8 @@ Patch977: openssh-8.7p1-scp-kill-switch.patch
|
||||
Patch978: openssh-8.7p1-upstream-cve-2021-41617.patch
|
||||
# fix for `ssh-keygen -Y find-principals -f /dev/null -s /dev/null` (#2024902)
|
||||
Patch979: openssh-8.7p1-find-principals-fix.patch
|
||||
# Create non-existent directories when scp works in sftp mode
|
||||
Patch980: openssh-8.7p1-sftpscp-dir-create.patch
|
||||
|
||||
Patch1000: openssh-8.7p1-minimize-sha1-use.patch
|
||||
|
||||
@ -382,6 +384,7 @@ popd
|
||||
%patch977 -p1 -b .kill-scp
|
||||
%patch978 -p1 -b .cve-2021-41617
|
||||
%patch979 -p1 -b .find-principals
|
||||
%patch980 -p1 -b .sftpdirs
|
||||
|
||||
%patch200 -p1 -b .audit
|
||||
%patch201 -p1 -b .audit-race
|
||||
@ -668,6 +671,10 @@ test -f %{sysconfig_anaconda} && \
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Feb 02 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-7
|
||||
- Switch to SFTP protocol in scp utility by default - upstream fixes
|
||||
Related: rhbz#2001002
|
||||
|
||||
* Tue Dec 21 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-6
|
||||
- Fix SSH connection to localhost not possible in FIPS
|
||||
Related: rhbz#2031868
|
||||
|
Loading…
Reference in New Issue
Block a user