import openssh-8.0p1-6.el8_4.2

This commit is contained in:
CentOS Sources 2021-05-18 13:11:00 -04:00 committed by Andrew Lukoshko
parent 2a8cc759e2
commit 5658f6eec9
2 changed files with 48 additions and 3 deletions

View File

@ -0,0 +1,33 @@
diff -up openssh-8.0p1/channels.c.channel-limits openssh-8.0p1/channels.c
--- openssh-8.0p1/channels.c.channel-limits 2021-03-16 12:17:58.905576511 +0100
+++ openssh-8.0p1/channels.c 2021-03-16 12:17:58.925576667 +0100
@@ -354,6 +354,7 @@ channel_new(struct ssh *ssh, char *ctype
struct ssh_channels *sc = ssh->chanctxt;
u_int i, found;
Channel *c;
+ int r;
/* Try to find a free slot where to put the new channel. */
for (i = 0; i < sc->channels_alloc; i++) {
@@ -383,6 +384,8 @@ channel_new(struct ssh *ssh, char *ctype
(c->output = sshbuf_new()) == NULL ||
(c->extended = sshbuf_new()) == NULL)
fatal("%s: sshbuf_new failed", __func__);
+ if ((r = sshbuf_set_max_size(c->input, CHAN_INPUT_MAX)) != 0)
+ fatal("%s: sshbuf_set_max_size: %s", __func__, ssh_err(r));
c->ostate = CHAN_OUTPUT_OPEN;
c->istate = CHAN_INPUT_OPEN;
channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, 0);
diff -up openssh-8.0p1/channels.h.channel-limits openssh-8.0p1/channels.h
--- openssh-8.0p1/channels.h.channel-limits 2021-03-16 12:17:58.868576223 +0100
+++ openssh-8.0p1/channels.h 2021-03-16 12:17:58.907576527 +0100
@@ -215,6 +215,9 @@ struct Channel {
/* Read buffer size */
#define CHAN_RBUF (16*1024)
+/* Maximum channel input buffer size */
+#define CHAN_INPUT_MAX (16*1024*1024)
+
/* Hard limit on number of channels */
#define CHANNELS_MAX_CHANNELS (16*1024)

View File

@ -66,14 +66,14 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.0p1
%global openssh_rel 5
%global openssh_rel 6
%global pam_ssh_agent_ver 0.10.3
%global pam_ssh_agent_rel 7
Summary: An open source implementation of SSH protocol version 2
Name: openssh
Version: %{openssh_ver}
Release: %{openssh_rel}%{?dist}%{?rescue_rel}
Release: %{openssh_rel}%{?dist}%{?rescue_rel}.2
URL: http://www.openssh.com/portable.html
#URL1: http://pamsshagentauth.sourceforge.net
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@ -230,6 +230,8 @@ Patch970: openssh-8.0p1-rdomain.patch
# Do not fail X11 forwarding if IPv6 is disabled (#1662189)
# https://bugzilla.mindrot.org/show_bug.cgi?id=2143
Patch971: openssh-8.0p1-x11-without-ipv6.patch
# Client window fix (#1913041)
Patch972: openssh-8.0p1-channel-limits.patch
License: BSD
Group: Applications/Internet
@ -322,7 +324,7 @@ Requires: openssh = %{version}-%{release}
Summary: PAM module for authentication with ssh-agent
Group: System Environment/Base
Version: %{pam_ssh_agent_ver}
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}.1
License: BSD
%description
@ -448,6 +450,7 @@ popd
%patch969 -p1 -b .keygen-sha2
%patch970 -p1 -b .rdomain
%patch971 -p1 -b .x11-ipv6
%patch972 -p1 -b .channel-limits
%patch200 -p1 -b .audit
%patch201 -p1 -b .audit-race
@ -739,6 +742,15 @@ getent passwd sshd >/dev/null || \
%endif
%changelog
* Wed Apr 14 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-6.2 + 0.10.3-7.1
- rebuilt
* Wed Apr 14 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-6.1 + 0.10.3-7
- rebuilt
* Tue Mar 16 2021 Dmitry Belyavskiy - 8.0p1-6 + 0.10.3-7
- Openssh client window fix (#1942364)
* Tue Mar 24 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-5 + 0.10.3-7
- Do not print "no slots" warning by default (#1744220)
- Unbreak connecting using gssapi through proxy commands (#1749862)