- merge sshd initscript patches
- kill all ssh sessions when stop is called in halt or reboot runlevel - remove -TERM option from killproc so we don't race on sshd restart
This commit is contained in:
parent
7114c4238b
commit
19675afc7c
60
openssh-4.3p2-initscript.patch
Normal file
60
openssh-4.3p2-initscript.patch
Normal file
@ -0,0 +1,60 @@
|
|||||||
|
--- openssh-4.3p2/contrib/redhat/sshd.init 2002-05-10 04:19:23.000000000 +0200
|
||||||
|
+++ sshd 2006-11-02 14:23:27.000000000 +0100
|
||||||
|
@@ -29,6 +29,8 @@
|
||||||
|
DSA_KEY=/etc/ssh/ssh_host_dsa_key
|
||||||
|
PID_FILE=/var/run/sshd.pid
|
||||||
|
|
||||||
|
+runlevel=$(set -- $(runlevel); eval "echo \$$#" )
|
||||||
|
+
|
||||||
|
do_rsa1_keygen() {
|
||||||
|
if [ ! -s $RSA1_KEY ]; then
|
||||||
|
echo -n $"Generating SSH1 RSA host key: "
|
||||||
|
@@ -93,9 +95,11 @@
|
||||||
|
do_rsa1_keygen
|
||||||
|
do_rsa_keygen
|
||||||
|
do_dsa_keygen
|
||||||
|
+
|
||||||
|
+ cp -af /etc/localtime /var/empty/sshd/etc
|
||||||
|
|
||||||
|
- echo -n $"Starting $prog:"
|
||||||
|
- initlog -c "$SSHD $OPTIONS" && success || failure
|
||||||
|
+ echo -n $"Starting $prog: "
|
||||||
|
+ $SSHD $OPTIONS && success || failure
|
||||||
|
RETVAL=$?
|
||||||
|
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
|
||||||
|
echo
|
||||||
|
@@ -103,17 +107,30 @@
|
||||||
|
|
||||||
|
stop()
|
||||||
|
{
|
||||||
|
- echo -n $"Stopping $prog:"
|
||||||
|
- killproc $SSHD -TERM
|
||||||
|
+ echo -n $"Stopping $prog: "
|
||||||
|
+ if [ -n "`pidfileofproc $SSHD`" ] ; then
|
||||||
|
+ killproc $SSHD
|
||||||
|
+ else
|
||||||
|
+ failure $"Stopping $prog"
|
||||||
|
+ fi
|
||||||
|
RETVAL=$?
|
||||||
|
+ # if we are in halt or reboot runlevel kill all running sessions
|
||||||
|
+ # so the TCP connections are closed cleanly
|
||||||
|
+ if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
|
||||||
|
+ killall $prog 2>/dev/null
|
||||||
|
+ fi
|
||||||
|
[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
|
||||||
|
echo
|
||||||
|
}
|
||||||
|
|
||||||
|
reload()
|
||||||
|
{
|
||||||
|
- echo -n $"Reloading $prog:"
|
||||||
|
- killproc $SSHD -HUP
|
||||||
|
+ echo -n $"Reloading $prog: "
|
||||||
|
+ if [ -n "`pidfileofproc $SSHD`" ] ; then
|
||||||
|
+ killproc $SSHD -HUP
|
||||||
|
+ else
|
||||||
|
+ failure $"Reloading $prog"
|
||||||
|
+ fi
|
||||||
|
RETVAL=$?
|
||||||
|
echo
|
||||||
|
}
|
15
openssh.spec
15
openssh.spec
@ -61,7 +61,7 @@
|
|||||||
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
|
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
Version: 4.3p2
|
Version: 4.3p2
|
||||||
Release: 10%{?rescue_rel}
|
Release: 11%{?dist}%{?rescue_rel}
|
||||||
URL: http://www.openssh.com/portable.html
|
URL: http://www.openssh.com/portable.html
|
||||||
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||||
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
|
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
|
||||||
@ -73,11 +73,10 @@ Patch0: openssh-4.3p1-redhat.patch
|
|||||||
Patch2: openssh-3.8.1p1-skip-initial.patch
|
Patch2: openssh-3.8.1p1-skip-initial.patch
|
||||||
Patch3: openssh-3.8.1p1-krb5-config.patch
|
Patch3: openssh-3.8.1p1-krb5-config.patch
|
||||||
Patch4: openssh-4.3p1-vendor.patch
|
Patch4: openssh-4.3p1-vendor.patch
|
||||||
Patch5: openssh-3.9p1-noinitlog.patch
|
Patch5: openssh-4.3p2-initscript.patch
|
||||||
Patch12: openssh-selinux.patch
|
Patch12: openssh-selinux.patch
|
||||||
Patch16: openssh-4.3p1-audit.patch
|
Patch16: openssh-4.3p1-audit.patch
|
||||||
Patch20: openssh-3.9p1-gssapimitm.patch
|
Patch20: openssh-3.9p1-gssapimitm.patch
|
||||||
Patch21: openssh-3.9p1-safe-stop.patch
|
|
||||||
Patch22: openssh-3.9p1-askpass-keep-above.patch
|
Patch22: openssh-3.9p1-askpass-keep-above.patch
|
||||||
Patch23: openssh-3.9p1-no-log-signal.patch
|
Patch23: openssh-3.9p1-no-log-signal.patch
|
||||||
Patch24: openssh-4.3p1-fromto-remote.patch
|
Patch24: openssh-4.3p1-fromto-remote.patch
|
||||||
@ -94,7 +93,6 @@ Patch39: openssh-4.3p2-no-v6only.patch
|
|||||||
Patch40: openssh-4.3p2-coverity-memleaks.patch
|
Patch40: openssh-4.3p2-coverity-memleaks.patch
|
||||||
Patch41: openssh-4.3p2-gssapi-no-spnego.patch
|
Patch41: openssh-4.3p2-gssapi-no-spnego.patch
|
||||||
Patch42: openssh-4.3p2-no-dup-logs.patch
|
Patch42: openssh-4.3p2-no-dup-logs.patch
|
||||||
Patch43: openssh-4.3p2-localtime.patch
|
|
||||||
Patch44: openssh-4.3p2-allow-ip-opts.patch
|
Patch44: openssh-4.3p2-allow-ip-opts.patch
|
||||||
Patch45: openssh-4.3p2-cve-2006-4924.patch
|
Patch45: openssh-4.3p2-cve-2006-4924.patch
|
||||||
Patch46: openssh-3.9p1-cve-2006-5051.patch
|
Patch46: openssh-3.9p1-cve-2006-5051.patch
|
||||||
@ -200,7 +198,7 @@ an X11 passphrase dialog for OpenSSH.
|
|||||||
%patch2 -p1 -b .skip-initial
|
%patch2 -p1 -b .skip-initial
|
||||||
%patch3 -p1 -b .krb5-config
|
%patch3 -p1 -b .krb5-config
|
||||||
%patch4 -p1 -b .vendor
|
%patch4 -p1 -b .vendor
|
||||||
%patch5 -p1 -b .noinitlog
|
%patch5 -p1 -b .initscript
|
||||||
|
|
||||||
%if %{WITH_SELINUX}
|
%if %{WITH_SELINUX}
|
||||||
#SELinux
|
#SELinux
|
||||||
@ -212,7 +210,6 @@ an X11 passphrase dialog for OpenSSH.
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
#%patch20 -p0 -b .gssapimitm
|
#%patch20 -p0 -b .gssapimitm
|
||||||
%patch21 -p1 -b .safe-stop
|
|
||||||
%patch22 -p1 -b .keep-above
|
%patch22 -p1 -b .keep-above
|
||||||
%patch23 -p1 -b .signal
|
%patch23 -p1 -b .signal
|
||||||
%patch24 -p1 -b .fromto-remote
|
%patch24 -p1 -b .fromto-remote
|
||||||
@ -229,7 +226,6 @@ an X11 passphrase dialog for OpenSSH.
|
|||||||
%patch40 -p1 -b .memleaks
|
%patch40 -p1 -b .memleaks
|
||||||
%patch41 -p1 -b .no-spnego
|
%patch41 -p1 -b .no-spnego
|
||||||
%patch42 -p1 -b .no-dups
|
%patch42 -p1 -b .no-dups
|
||||||
%patch43 -p1 -b .localtime
|
|
||||||
%patch44 -p1 -b .ip-opts
|
%patch44 -p1 -b .ip-opts
|
||||||
%patch45 -p1 -b .deattack-dos
|
%patch45 -p1 -b .deattack-dos
|
||||||
%patch46 -p1 -b .sig-no-cleanup
|
%patch46 -p1 -b .sig-no-cleanup
|
||||||
@ -477,6 +473,11 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Thu Nov 2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-11
|
||||||
|
- merge sshd initscript patches
|
||||||
|
- kill all ssh sessions when stop is called in halt or reboot runlevel
|
||||||
|
- remove -TERM option from killproc so we don't race on sshd restart
|
||||||
|
|
||||||
* Mon Oct 2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-10
|
* Mon Oct 2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-10
|
||||||
- improve gssapi-no-spnego patch (#208102)
|
- improve gssapi-no-spnego patch (#208102)
|
||||||
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
|
- CVE-2006-4924 - prevent DoS on deattack detector (#207957)
|
||||||
|
Loading…
Reference in New Issue
Block a user