- merge sshd initscript patches

- kill all ssh sessions when stop is called in halt or reboot runlevel
- remove -TERM option from killproc so we don't race on sshd restart
This commit is contained in:
Tomáš Mráz 2006-11-02 13:33:37 +00:00
parent 7114c4238b
commit 19675afc7c
2 changed files with 68 additions and 7 deletions

View File

@ -0,0 +1,60 @@
--- openssh-4.3p2/contrib/redhat/sshd.init 2002-05-10 04:19:23.000000000 +0200
+++ sshd 2006-11-02 14:23:27.000000000 +0100
@@ -29,6 +29,8 @@
DSA_KEY=/etc/ssh/ssh_host_dsa_key
PID_FILE=/var/run/sshd.pid
+runlevel=$(set -- $(runlevel); eval "echo \$$#" )
+
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
echo -n $"Generating SSH1 RSA host key: "
@@ -93,9 +95,11 @@
do_rsa1_keygen
do_rsa_keygen
do_dsa_keygen
+
+ cp -af /etc/localtime /var/empty/sshd/etc
- echo -n $"Starting $prog:"
- initlog -c "$SSHD $OPTIONS" && success || failure
+ echo -n $"Starting $prog: "
+ $SSHD $OPTIONS && success || failure
RETVAL=$?
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
echo
@@ -103,17 +107,30 @@
stop()
{
- echo -n $"Stopping $prog:"
- killproc $SSHD -TERM
+ echo -n $"Stopping $prog: "
+ if [ -n "`pidfileofproc $SSHD`" ] ; then
+ killproc $SSHD
+ else
+ failure $"Stopping $prog"
+ fi
RETVAL=$?
+ # if we are in halt or reboot runlevel kill all running sessions
+ # so the TCP connections are closed cleanly
+ if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
+ killall $prog 2>/dev/null
+ fi
[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
echo
}
reload()
{
- echo -n $"Reloading $prog:"
- killproc $SSHD -HUP
+ echo -n $"Reloading $prog: "
+ if [ -n "`pidfileofproc $SSHD`" ] ; then
+ killproc $SSHD -HUP
+ else
+ failure $"Reloading $prog"
+ fi
RETVAL=$?
echo
}

View File

@ -61,7 +61,7 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
Name: openssh Name: openssh
Version: 4.3p2 Version: 4.3p2
Release: 10%{?rescue_rel} Release: 11%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html URL: http://www.openssh.com/portable.html
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
@ -73,11 +73,10 @@ Patch0: openssh-4.3p1-redhat.patch
Patch2: openssh-3.8.1p1-skip-initial.patch Patch2: openssh-3.8.1p1-skip-initial.patch
Patch3: openssh-3.8.1p1-krb5-config.patch Patch3: openssh-3.8.1p1-krb5-config.patch
Patch4: openssh-4.3p1-vendor.patch Patch4: openssh-4.3p1-vendor.patch
Patch5: openssh-3.9p1-noinitlog.patch Patch5: openssh-4.3p2-initscript.patch
Patch12: openssh-selinux.patch Patch12: openssh-selinux.patch
Patch16: openssh-4.3p1-audit.patch Patch16: openssh-4.3p1-audit.patch
Patch20: openssh-3.9p1-gssapimitm.patch Patch20: openssh-3.9p1-gssapimitm.patch
Patch21: openssh-3.9p1-safe-stop.patch
Patch22: openssh-3.9p1-askpass-keep-above.patch Patch22: openssh-3.9p1-askpass-keep-above.patch
Patch23: openssh-3.9p1-no-log-signal.patch Patch23: openssh-3.9p1-no-log-signal.patch
Patch24: openssh-4.3p1-fromto-remote.patch Patch24: openssh-4.3p1-fromto-remote.patch
@ -94,7 +93,6 @@ Patch39: openssh-4.3p2-no-v6only.patch
Patch40: openssh-4.3p2-coverity-memleaks.patch Patch40: openssh-4.3p2-coverity-memleaks.patch
Patch41: openssh-4.3p2-gssapi-no-spnego.patch Patch41: openssh-4.3p2-gssapi-no-spnego.patch
Patch42: openssh-4.3p2-no-dup-logs.patch Patch42: openssh-4.3p2-no-dup-logs.patch
Patch43: openssh-4.3p2-localtime.patch
Patch44: openssh-4.3p2-allow-ip-opts.patch Patch44: openssh-4.3p2-allow-ip-opts.patch
Patch45: openssh-4.3p2-cve-2006-4924.patch Patch45: openssh-4.3p2-cve-2006-4924.patch
Patch46: openssh-3.9p1-cve-2006-5051.patch Patch46: openssh-3.9p1-cve-2006-5051.patch
@ -200,7 +198,7 @@ an X11 passphrase dialog for OpenSSH.
%patch2 -p1 -b .skip-initial %patch2 -p1 -b .skip-initial
%patch3 -p1 -b .krb5-config %patch3 -p1 -b .krb5-config
%patch4 -p1 -b .vendor %patch4 -p1 -b .vendor
%patch5 -p1 -b .noinitlog %patch5 -p1 -b .initscript
%if %{WITH_SELINUX} %if %{WITH_SELINUX}
#SELinux #SELinux
@ -212,7 +210,6 @@ an X11 passphrase dialog for OpenSSH.
%endif %endif
#%patch20 -p0 -b .gssapimitm #%patch20 -p0 -b .gssapimitm
%patch21 -p1 -b .safe-stop
%patch22 -p1 -b .keep-above %patch22 -p1 -b .keep-above
%patch23 -p1 -b .signal %patch23 -p1 -b .signal
%patch24 -p1 -b .fromto-remote %patch24 -p1 -b .fromto-remote
@ -229,7 +226,6 @@ an X11 passphrase dialog for OpenSSH.
%patch40 -p1 -b .memleaks %patch40 -p1 -b .memleaks
%patch41 -p1 -b .no-spnego %patch41 -p1 -b .no-spnego
%patch42 -p1 -b .no-dups %patch42 -p1 -b .no-dups
%patch43 -p1 -b .localtime
%patch44 -p1 -b .ip-opts %patch44 -p1 -b .ip-opts
%patch45 -p1 -b .deattack-dos %patch45 -p1 -b .deattack-dos
%patch46 -p1 -b .sig-no-cleanup %patch46 -p1 -b .sig-no-cleanup
@ -477,6 +473,11 @@ fi
%endif %endif
%changelog %changelog
* Thu Nov 2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-11
- merge sshd initscript patches
- kill all ssh sessions when stop is called in halt or reboot runlevel
- remove -TERM option from killproc so we don't race on sshd restart
* Mon Oct 2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-10 * Mon Oct 2 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-10
- improve gssapi-no-spnego patch (#208102) - improve gssapi-no-spnego patch (#208102)
- CVE-2006-4924 - prevent DoS on deattack detector (#207957) - CVE-2006-4924 - prevent DoS on deattack detector (#207957)