import openssh-8.0p1-6.el8_4.2
This commit is contained in:
parent
2a8cc759e2
commit
5658f6eec9
33
SOURCES/openssh-8.0p1-channel-limits.patch
Normal file
33
SOURCES/openssh-8.0p1-channel-limits.patch
Normal file
@ -0,0 +1,33 @@
|
|||||||
|
diff -up openssh-8.0p1/channels.c.channel-limits openssh-8.0p1/channels.c
|
||||||
|
--- openssh-8.0p1/channels.c.channel-limits 2021-03-16 12:17:58.905576511 +0100
|
||||||
|
+++ openssh-8.0p1/channels.c 2021-03-16 12:17:58.925576667 +0100
|
||||||
|
@@ -354,6 +354,7 @@ channel_new(struct ssh *ssh, char *ctype
|
||||||
|
struct ssh_channels *sc = ssh->chanctxt;
|
||||||
|
u_int i, found;
|
||||||
|
Channel *c;
|
||||||
|
+ int r;
|
||||||
|
|
||||||
|
/* Try to find a free slot where to put the new channel. */
|
||||||
|
for (i = 0; i < sc->channels_alloc; i++) {
|
||||||
|
@@ -383,6 +384,8 @@ channel_new(struct ssh *ssh, char *ctype
|
||||||
|
(c->output = sshbuf_new()) == NULL ||
|
||||||
|
(c->extended = sshbuf_new()) == NULL)
|
||||||
|
fatal("%s: sshbuf_new failed", __func__);
|
||||||
|
+ if ((r = sshbuf_set_max_size(c->input, CHAN_INPUT_MAX)) != 0)
|
||||||
|
+ fatal("%s: sshbuf_set_max_size: %s", __func__, ssh_err(r));
|
||||||
|
c->ostate = CHAN_OUTPUT_OPEN;
|
||||||
|
c->istate = CHAN_INPUT_OPEN;
|
||||||
|
channel_register_fds(ssh, c, rfd, wfd, efd, extusage, nonblock, 0);
|
||||||
|
diff -up openssh-8.0p1/channels.h.channel-limits openssh-8.0p1/channels.h
|
||||||
|
--- openssh-8.0p1/channels.h.channel-limits 2021-03-16 12:17:58.868576223 +0100
|
||||||
|
+++ openssh-8.0p1/channels.h 2021-03-16 12:17:58.907576527 +0100
|
||||||
|
@@ -215,6 +215,9 @@ struct Channel {
|
||||||
|
/* Read buffer size */
|
||||||
|
#define CHAN_RBUF (16*1024)
|
||||||
|
|
||||||
|
+/* Maximum channel input buffer size */
|
||||||
|
+#define CHAN_INPUT_MAX (16*1024*1024)
|
||||||
|
+
|
||||||
|
/* Hard limit on number of channels */
|
||||||
|
#define CHANNELS_MAX_CHANNELS (16*1024)
|
||||||
|
|
@ -66,14 +66,14 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%global openssh_ver 8.0p1
|
%global openssh_ver 8.0p1
|
||||||
%global openssh_rel 5
|
%global openssh_rel 6
|
||||||
%global pam_ssh_agent_ver 0.10.3
|
%global pam_ssh_agent_ver 0.10.3
|
||||||
%global pam_ssh_agent_rel 7
|
%global pam_ssh_agent_rel 7
|
||||||
|
|
||||||
Summary: An open source implementation of SSH protocol version 2
|
Summary: An open source implementation of SSH protocol version 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
Version: %{openssh_ver}
|
Version: %{openssh_ver}
|
||||||
Release: %{openssh_rel}%{?dist}%{?rescue_rel}
|
Release: %{openssh_rel}%{?dist}%{?rescue_rel}.2
|
||||||
URL: http://www.openssh.com/portable.html
|
URL: http://www.openssh.com/portable.html
|
||||||
#URL1: http://pamsshagentauth.sourceforge.net
|
#URL1: http://pamsshagentauth.sourceforge.net
|
||||||
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||||
@ -230,6 +230,8 @@ Patch970: openssh-8.0p1-rdomain.patch
|
|||||||
# Do not fail X11 forwarding if IPv6 is disabled (#1662189)
|
# Do not fail X11 forwarding if IPv6 is disabled (#1662189)
|
||||||
# https://bugzilla.mindrot.org/show_bug.cgi?id=2143
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=2143
|
||||||
Patch971: openssh-8.0p1-x11-without-ipv6.patch
|
Patch971: openssh-8.0p1-x11-without-ipv6.patch
|
||||||
|
# Client window fix (#1913041)
|
||||||
|
Patch972: openssh-8.0p1-channel-limits.patch
|
||||||
|
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
@ -322,7 +324,7 @@ Requires: openssh = %{version}-%{release}
|
|||||||
Summary: PAM module for authentication with ssh-agent
|
Summary: PAM module for authentication with ssh-agent
|
||||||
Group: System Environment/Base
|
Group: System Environment/Base
|
||||||
Version: %{pam_ssh_agent_ver}
|
Version: %{pam_ssh_agent_ver}
|
||||||
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}
|
Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}.1
|
||||||
License: BSD
|
License: BSD
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -448,6 +450,7 @@ popd
|
|||||||
%patch969 -p1 -b .keygen-sha2
|
%patch969 -p1 -b .keygen-sha2
|
||||||
%patch970 -p1 -b .rdomain
|
%patch970 -p1 -b .rdomain
|
||||||
%patch971 -p1 -b .x11-ipv6
|
%patch971 -p1 -b .x11-ipv6
|
||||||
|
%patch972 -p1 -b .channel-limits
|
||||||
|
|
||||||
%patch200 -p1 -b .audit
|
%patch200 -p1 -b .audit
|
||||||
%patch201 -p1 -b .audit-race
|
%patch201 -p1 -b .audit-race
|
||||||
@ -739,6 +742,15 @@ getent passwd sshd >/dev/null || \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Apr 14 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-6.2 + 0.10.3-7.1
|
||||||
|
- rebuilt
|
||||||
|
|
||||||
|
* Wed Apr 14 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.0p1-6.1 + 0.10.3-7
|
||||||
|
- rebuilt
|
||||||
|
|
||||||
|
* Tue Mar 16 2021 Dmitry Belyavskiy - 8.0p1-6 + 0.10.3-7
|
||||||
|
- Openssh client window fix (#1942364)
|
||||||
|
|
||||||
* Tue Mar 24 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-5 + 0.10.3-7
|
* Tue Mar 24 2020 Jakub Jelen <jjelen@redhat.com> - 8.0p1-5 + 0.10.3-7
|
||||||
- Do not print "no slots" warning by default (#1744220)
|
- Do not print "no slots" warning by default (#1744220)
|
||||||
- Unbreak connecting using gssapi through proxy commands (#1749862)
|
- Unbreak connecting using gssapi through proxy commands (#1749862)
|
||||||
|
Loading…
Reference in New Issue
Block a user