import openssh-8.0p1-6.el8_4.2
This commit is contained in:
parent
2a8cc759e2
commit
5658f6eec9
33
SOURCES/openssh-8.0p1-channel-limits.patch
Normal file
33
SOURCES/openssh-8.0p1-channel-limits.patch
Normal file
@ -0,0 +1,33 @@
|
||||
diff -up openssh-8.0p1/channels.c.channel-limits openssh-8.0p1/channels.c
|
||||
--- openssh-8.0p1/channels.c.channel-limits 2021-03-16 12:17:58.905576511 +0100
|
||||
+++ openssh-8.0p1/channels.c 2021-03-16 12:17:58.925576667 +0100
|
||||
@@ -354,6 +354,7 @@ channel_new(struct ssh *ssh, char *ctype
|
||||
struct ssh_channels *sc = ssh->chanctxt;
|
||||
u_int i, found;
|
||||
Channel *c;
|
||||
+ int r;
|
||||
|
||||
/* Try to find a free slot where to put the new channel. */
|
||||
for (i = 0; i < sc->channels_alloc; i++) {
|
||||
@@ -383,6 +384,8 @@ channel_new(struct ssh *ssh, char *ctype
|
||||
(c->output = sshbuf_new()) == NULL ||
|
||||
(c->extended = sshbuf_new()) == NULL)
|
||||
fatal("%s: sshbuf_new failed", __func__);
|
||||
+ if ((r = sshbuf_set_max_size(c->input, CHAN_INPUT_MAX)) != 0)
|
||||
+ fatal("%s: sshbuf_set_max_size: %s", __func__, ssh_err(r));
|
||||
c->ostate = CHAN_OUTPUT_OPEN;
|
||||
c->istate = CHAN_INPUT_OPEN;
|
||||
channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, 0);
|
||||
diff -up openssh-8.0p1/channels.h.channel-limits openssh-8.0p1/channels.h
|
||||
--- openssh-8.0p1/channels.h.channel-limits 2021-03-16 12:17:58.868576223 +0100
|
||||
+++ openssh-8.0p1/channels.h 2021-03-16 12:17:58.907576527 +0100
|
||||
@@ -215,6 +215,9 @@ struct Channel {
|
||||
/* Read buffer size */
|
||||
#define CHAN_RBUF (16*1024)
|
||||
|
||||
+/* Maximum channel input buffer size */
|
||||
+#define CHAN_INPUT_MAX (16*1024*1024)
|
||||
+
|
||||
/* Hard limit on number of channels */
|
||||
#define CHANNELS_MAX_CHANNELS (16*1024)
|
||||
|
@ -66,14 +66,14 @@
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%global openssh_ver 8.0p1
|
||||
%global openssh_rel 5
|
||||
%global openssh_rel 6
|
||||
%global pam_ssh_agent_ver 0.10.3
|
||||
%global pam_ssh_agent_rel 7
|
||||
|
||||
Summary: An open source implementation of SSH protocol version 2
|
||||
Name: openssh
|
||||
Version: %{openssh_ver}
|
||||
Release: %{openssh_rel}%{?dist}%{?rescue_rel}
|
||||
Release: %{openssh_rel}%{?dist}%{?rescue_rel}.2
|
||||
URL: http://www.openssh.com/portable.html
|
||||
#URL1: http://pamsshagentauth.sourceforge.net
|
||||
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||
@ -230,6 +230,8 @@ Patch970: openssh-8.0p1-rdomain.patch
|
||||
# Do not fail X11 forwarding if IPv6 is disabled (#1662189)
|
||||
# https://bugzilla.mindrot.org/show_bug.cgi?id=2143
|
||||
Patch971: openssh-8.0p1-x11-without-ipv6.patch
|
||||
# Client window fix (#1913041)
|
||||
Patch972: openssh-8.0p1-channel-limits.patch
|
||||
|
||||
License: BSD
|
||||
Group: Applications/Internet
|
||||
@ -322,7 +324,7 @@ Requires: openssh = %{version}-%{release}
|
||||
Summary: PAM module for authentication with ssh-agent
|
||||
Group: System Environment/Base
|
||||
Version: %{pam_ssh_agent_ver}
|
||||
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}
|
||||
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}.1
|
||||
License: BSD
|
||||
|
||||
%description
|
||||
@ -448,6 +450,7 @@ popd
|
||||
%patch969 -p1 -b .keygen-sha2
|
||||
%patch970 -p1 -b .rdomain
|
||||
%patch971 -p1 -b .x11-ipv6
|
||||
%patch972 -p1 -b .channel-limits
|
||||
|
||||
%patch200 -p1 -b .audit
|
||||
%patch201 -p1 -b .audit-race
|
||||
@ -739,6 +742,15 @@ getent passwd sshd >/dev/null || \
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Wed Apr 14 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-6.2 + 0.10.3-7.1
|
||||
- rebuilt
|
||||
|
||||
* Wed Apr 14 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-6.1 + 0.10.3-7
|
||||
- rebuilt
|
||||
|
||||
* Tue Mar 16 2021 Dmitry Belyavskiy - 8.0p1-6 + 0.10.3-7
|
||||
- Openssh client window fix (#1942364)
|
||||
|
||||
* Tue Mar 24 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-5 + 0.10.3-7
|
||||
- Do not print "no slots" warning by default (#1744220)
|
||||
- Unbreak connecting using gssapi through proxy commands (#1749862)
|
||||
|
Loading…
Reference in New Issue
Block a user