From 5658f6eec94d6138c6cec6d3beb7508b3e885627 Mon Sep 17 00:00:00 2001 From: CentOS Sources Date: Tue, 18 May 2021 13:11:00 -0400 Subject: [PATCH] import openssh-8.0p1-6.el8_4.2 --- SOURCES/openssh-8.0p1-channel-limits.patch | 33 ++++++++++++++++++++++ SPECS/openssh.spec | 18 ++++++++++-- 2 files changed, 48 insertions(+), 3 deletions(-) create mode 100644 SOURCES/openssh-8.0p1-channel-limits.patch diff --git a/SOURCES/openssh-8.0p1-channel-limits.patch b/SOURCES/openssh-8.0p1-channel-limits.patch new file mode 100644 index 0000000..47e1f87 --- /dev/null +++ b/SOURCES/openssh-8.0p1-channel-limits.patch @@ -0,0 +1,33 @@ +diff -up openssh-8.0p1/channels.c.channel-limits openssh-8.0p1/channels.c +--- openssh-8.0p1/channels.c.channel-limits 2021-03-16 12:17:58.905576511 +0100 ++++ openssh-8.0p1/channels.c 2021-03-16 12:17:58.925576667 +0100 +@@ -354,6 +354,7 @@ channel_new(struct ssh *ssh, char *ctype + struct ssh_channels *sc = ssh->chanctxt; + u_int i, found; + Channel *c; ++ int r; + + /* Try to find a free slot where to put the new channel. */ + for (i = 0; i < sc->channels_alloc; i++) { +@@ -383,6 +384,8 @@ channel_new(struct ssh *ssh, char *ctype + (c->output = sshbuf_new()) == NULL || + (c->extended = sshbuf_new()) == NULL) + fatal("%s: sshbuf_new failed", __func__); ++ if ((r = sshbuf_set_max_size(c->input, CHAN_INPUT_MAX)) != 0) ++ fatal("%s: sshbuf_set_max_size: %s", __func__, ssh_err(r)); + c->ostate = CHAN_OUTPUT_OPEN; + c->istate = CHAN_INPUT_OPEN; + channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, 0); +diff -up openssh-8.0p1/channels.h.channel-limits openssh-8.0p1/channels.h +--- openssh-8.0p1/channels.h.channel-limits 2021-03-16 12:17:58.868576223 +0100 ++++ openssh-8.0p1/channels.h 2021-03-16 12:17:58.907576527 +0100 +@@ -215,6 +215,9 @@ struct Channel { + /* Read buffer size */ + #define CHAN_RBUF (16*1024) + ++/* Maximum channel input buffer size */ ++#define CHAN_INPUT_MAX (16*1024*1024) ++ + /* Hard limit on number of channels */ + #define CHANNELS_MAX_CHANNELS (16*1024) + diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec index feecf68..6c281fc 100644 --- a/SPECS/openssh.spec +++ b/SPECS/openssh.spec @@ -66,14 +66,14 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.0p1 -%global openssh_rel 5 +%global openssh_rel 6 %global pam_ssh_agent_ver 0.10.3 %global pam_ssh_agent_rel 7 Summary: An open source implementation of SSH protocol version 2 Name: openssh Version: %{openssh_ver} -Release: %{openssh_rel}%{?dist}%{?rescue_rel} +Release: %{openssh_rel}%{?dist}%{?rescue_rel}.2 URL: http://www.openssh.com/portable.html #URL1: http://pamsshagentauth.sourceforge.net Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz @@ -230,6 +230,8 @@ Patch970: openssh-8.0p1-rdomain.patch # Do not fail X11 forwarding if IPv6 is disabled (#1662189) # https://bugzilla.mindrot.org/show_bug.cgi?id=2143 Patch971: openssh-8.0p1-x11-without-ipv6.patch +# Client window fix (#1913041) +Patch972: openssh-8.0p1-channel-limits.patch License: BSD Group: Applications/Internet @@ -322,7 +324,7 @@ Requires: openssh = %{version}-%{release} Summary: PAM module for authentication with ssh-agent Group: System Environment/Base Version: %{pam_ssh_agent_ver} -Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel} +Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}.1 License: BSD %description @@ -448,6 +450,7 @@ popd %patch969 -p1 -b .keygen-sha2 %patch970 -p1 -b .rdomain %patch971 -p1 -b .x11-ipv6 +%patch972 -p1 -b .channel-limits %patch200 -p1 -b .audit %patch201 -p1 -b .audit-race @@ -739,6 +742,15 @@ getent passwd sshd >/dev/null || \ %endif %changelog +* Wed Apr 14 2021 Dmitry Belyavskiy - 8.0p1-6.2 + 0.10.3-7.1 +- rebuilt + +* Wed Apr 14 2021 Dmitry Belyavskiy - 8.0p1-6.1 + 0.10.3-7 +- rebuilt + +* Tue Mar 16 2021 Dmitry Belyavskiy - 8.0p1-6 + 0.10.3-7 +- Openssh client window fix (#1942364) + * Tue Mar 24 2020 Jakub Jelen - 8.0p1-5 + 0.10.3-7 - Do not print "no slots" warning by default (#1744220) - Unbreak connecting using gssapi through proxy commands (#1749862)