- Comment spec.file
- Sync patches from upstream
This commit is contained in:
parent
6fa4d807de
commit
bd929b4662
@ -1,87 +0,0 @@
|
|||||||
diff -up openssh-5.3p1/channels.c.cloexec openssh-5.3p1/channels.c
|
|
||||||
--- openssh-5.3p1/channels.c.cloexec 2010-01-25 17:25:58.000000000 +0100
|
|
||||||
+++ openssh-5.3p1/channels.c 2010-01-25 17:26:01.000000000 +0100
|
|
||||||
@@ -60,6 +60,7 @@
|
|
||||||
#include <termios.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
#include <stdarg.h>
|
|
||||||
+#include <fcntl.h>
|
|
||||||
|
|
||||||
#include "openbsd-compat/sys-queue.h"
|
|
||||||
#include "xmalloc.h"
|
|
||||||
@@ -230,6 +231,18 @@ channel_register_fds(Channel *c, int rfd
|
|
||||||
|
|
||||||
/* XXX set close-on-exec -markus */
|
|
||||||
|
|
||||||
+ if (rfd != -1) {
|
|
||||||
+ fcntl(rfd, F_SETFD, FD_CLOEXEC);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (wfd != -1 && wfd != rfd) {
|
|
||||||
+ fcntl(wfd, F_SETFD, FD_CLOEXEC);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
+ if (efd != -1 && efd != rfd && efd != wfd) {
|
|
||||||
+ fcntl(efd, F_SETFD, FD_CLOEXEC);
|
|
||||||
+ }
|
|
||||||
+
|
|
||||||
c->rfd = rfd;
|
|
||||||
c->wfd = wfd;
|
|
||||||
c->sock = (rfd == wfd) ? rfd : -1;
|
|
||||||
diff -up openssh-5.3p1/sshconnect2.c.cloexec openssh-5.3p1/sshconnect2.c
|
|
||||||
--- openssh-5.3p1/sshconnect2.c.cloexec 2010-01-25 17:25:58.000000000 +0100
|
|
||||||
+++ openssh-5.3p1/sshconnect2.c 2010-01-25 17:26:01.000000000 +0100
|
|
||||||
@@ -39,6 +39,7 @@
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
+#include <fcntl.h>
|
|
||||||
#if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
|
|
||||||
#include <vis.h>
|
|
||||||
#endif
|
|
||||||
@@ -1512,6 +1513,7 @@ ssh_keysign(Key *key, u_char **sigp, u_i
|
|
||||||
return -1;
|
|
||||||
}
|
|
||||||
if (pid == 0) {
|
|
||||||
+ fcntl(packet_get_connection_in(), F_SETFD, 0); /* keep the socket on exec */
|
|
||||||
permanently_drop_suid(getuid());
|
|
||||||
close(from[0]);
|
|
||||||
if (dup2(from[1], STDOUT_FILENO) < 0)
|
|
||||||
diff -up openssh-5.3p1/sshconnect.c.cloexec openssh-5.3p1/sshconnect.c
|
|
||||||
--- openssh-5.3p1/sshconnect.c.cloexec 2009-06-21 10:53:53.000000000 +0200
|
|
||||||
+++ openssh-5.3p1/sshconnect.c 2010-01-25 17:26:01.000000000 +0100
|
|
||||||
@@ -38,6 +38,7 @@
|
|
||||||
#include <stdlib.h>
|
|
||||||
#include <string.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
+#include <fcntl.h>
|
|
||||||
|
|
||||||
#include "xmalloc.h"
|
|
||||||
#include "key.h"
|
|
||||||
@@ -191,8 +192,11 @@ ssh_create_socket(int privileged, struct
|
|
||||||
return sock;
|
|
||||||
}
|
|
||||||
sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
|
|
||||||
- if (sock < 0)
|
|
||||||
+ if (sock < 0) {
|
|
||||||
error("socket: %.100s", strerror(errno));
|
|
||||||
+ return -1;
|
|
||||||
+ }
|
|
||||||
+ fcntl(sock, F_SETFD, FD_CLOEXEC);
|
|
||||||
|
|
||||||
/* Bind the socket to an alternative local IP address */
|
|
||||||
if (options.bind_address == NULL)
|
|
||||||
diff -up openssh-5.3p1/sshd.c.cloexec openssh-5.3p1/sshd.c
|
|
||||||
--- openssh-5.3p1/sshd.c.cloexec 2010-01-25 17:25:55.000000000 +0100
|
|
||||||
+++ openssh-5.3p1/sshd.c 2010-01-25 18:29:23.000000000 +0100
|
|
||||||
@@ -1756,6 +1756,10 @@ main(int ac, char **av)
|
|
||||||
sock_in, sock_out, newsock, startup_pipe, config_s[0]);
|
|
||||||
}
|
|
||||||
|
|
||||||
+ /* set fd cloexec on io/sockets to avoid to forward them to childern */
|
|
||||||
+ fcntl(sock_out, F_SETFD, FD_CLOEXEC);
|
|
||||||
+ fcntl(sock_in, F_SETFD, FD_CLOEXEC);
|
|
||||||
+
|
|
||||||
/*
|
|
||||||
* Disable the key regeneration alarm. We will not regenerate the
|
|
||||||
* key since we are no longer in a position to give it to anyone. We
|
|
@ -1,14 +0,0 @@
|
|||||||
diff -up openssh-5.4p1/ssh-keygen.c.staterr openssh-5.4p1/ssh-keygen.c
|
|
||||||
--- openssh-5.4p1/ssh-keygen.c.staterr 2010-03-19 20:56:12.000000000 +0100
|
|
||||||
+++ openssh-5.4p1/ssh-keygen.c 2010-03-19 20:59:41.000000000 +0100
|
|
||||||
@@ -1829,7 +1829,9 @@ main(int argc, char **argv)
|
|
||||||
snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
|
|
||||||
if (strstr(identity_file, dotsshdir) != NULL &&
|
|
||||||
stat(dotsshdir, &st) < 0) {
|
|
||||||
- if (mkdir(dotsshdir, 0700) < 0)
|
|
||||||
+ if (errno == EPERM)
|
|
||||||
+ error("Do not have permisions to stat directory '%s'.", dotsshdir);
|
|
||||||
+ else if (mkdir(dotsshdir, 0700) < 0)
|
|
||||||
error("Could not create directory '%s'.", dotsshdir);
|
|
||||||
else if (!quiet)
|
|
||||||
printf("Created directory '%s'.\n", dotsshdir);
|
|
80
openssh-5.5p1-keygen.patch
Normal file
80
openssh-5.5p1-keygen.patch
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
diff -up openssh-5.5p1/ssh-keygen.0.keygen openssh-5.5p1/ssh-keygen.0
|
||||||
|
--- openssh-5.5p1/ssh-keygen.0.keygen 2010-04-16 02:17:11.000000000 +0200
|
||||||
|
+++ openssh-5.5p1/ssh-keygen.0 2010-05-04 08:19:22.000000000 +0200
|
||||||
|
@@ -4,7 +4,7 @@ NAME
|
||||||
|
ssh-keygen - authentication key generation, management and conversion
|
||||||
|
|
||||||
|
SYNOPSIS
|
||||||
|
- ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment]
|
||||||
|
+ ssh-keygen [-q] [-o] [-b bits] -t type [-N new_passphrase] [-C comment]
|
||||||
|
[-f output_keyfile]
|
||||||
|
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
|
||||||
|
ssh-keygen -i [-f input_keyfile]
|
||||||
|
@@ -222,6 +222,8 @@ DESCRIPTION
|
||||||
|
|
||||||
|
-q Silence ssh-keygen. Used by /etc/rc when creating a new key.
|
||||||
|
|
||||||
|
+ -o Overwrite the key without prompting user.
|
||||||
|
+
|
||||||
|
-R hostname
|
||||||
|
Removes all keys belonging to hostname from a known_hosts file.
|
||||||
|
This option is useful to delete hashed hosts (see the -H option
|
||||||
|
diff -up openssh-5.5p1/ssh-keygen.1.keygen openssh-5.5p1/ssh-keygen.1
|
||||||
|
--- openssh-5.5p1/ssh-keygen.1.keygen 2010-03-21 19:57:49.000000000 +0100
|
||||||
|
+++ openssh-5.5p1/ssh-keygen.1 2010-05-04 08:19:22.000000000 +0200
|
||||||
|
@@ -47,6 +47,7 @@
|
||||||
|
.Nm ssh-keygen
|
||||||
|
.Bk -words
|
||||||
|
.Op Fl q
|
||||||
|
+.Op Fl o
|
||||||
|
.Op Fl b Ar bits
|
||||||
|
.Fl t Ar type
|
||||||
|
.Op Fl N Ar new_passphrase
|
||||||
|
@@ -370,6 +371,8 @@ Silence
|
||||||
|
Used by
|
||||||
|
.Pa /etc/rc
|
||||||
|
when creating a new key.
|
||||||
|
+.It Fl o
|
||||||
|
+Overwrite the key without prompting user.
|
||||||
|
.It Fl R Ar hostname
|
||||||
|
Removes all keys belonging to
|
||||||
|
.Ar hostname
|
||||||
|
diff -up openssh-5.5p1/ssh-keygen.c.keygen openssh-5.5p1/ssh-keygen.c
|
||||||
|
--- openssh-5.5p1/ssh-keygen.c.keygen 2010-03-21 19:58:24.000000000 +0100
|
||||||
|
+++ openssh-5.5p1/ssh-keygen.c 2010-05-04 08:22:22.000000000 +0200
|
||||||
|
@@ -72,6 +72,7 @@ int change_passphrase = 0;
|
||||||
|
int change_comment = 0;
|
||||||
|
|
||||||
|
int quiet = 0;
|
||||||
|
+int overwrite = 0;
|
||||||
|
|
||||||
|
int log_level = SYSLOG_LEVEL_INFO;
|
||||||
|
|
||||||
|
@@ -1540,7 +1541,7 @@ main(int argc, char **argv)
|
||||||
|
exit(1);
|
||||||
|
}
|
||||||
|
|
||||||
|
- while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:N:n:"
|
||||||
|
+ while ((opt = getopt(argc, argv, "degiqopclBHLhvxXyF:b:f:t:D:I:P:N:n:"
|
||||||
|
"O:C:r:g:R:T:G:M:S:s:a:V:W:")) != -1) {
|
||||||
|
switch (opt) {
|
||||||
|
case 'b':
|
||||||
|
@@ -1605,6 +1606,9 @@ main(int argc, char **argv)
|
||||||
|
case 'q':
|
||||||
|
quiet = 1;
|
||||||
|
break;
|
||||||
|
+ case 'o':
|
||||||
|
+ overwrite = 1;
|
||||||
|
+ break;
|
||||||
|
case 'e':
|
||||||
|
case 'x':
|
||||||
|
/* export key */
|
||||||
|
@@ -1835,7 +1839,7 @@ main(int argc, char **argv)
|
||||||
|
printf("Created directory '%s'.\n", dotsshdir);
|
||||||
|
}
|
||||||
|
/* If the file already exists, ask the user to confirm. */
|
||||||
|
- if (stat(identity_file, &st) >= 0) {
|
||||||
|
+ if (!overwrite && stat(identity_file, &st) >= 0) {
|
||||||
|
char yesno[3];
|
||||||
|
printf("%s already exists.\n", identity_file);
|
||||||
|
printf("Overwrite (y/n)? ");
|
30
openssh-5.5p1-staterr.patch
Normal file
30
openssh-5.5p1-staterr.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
diff -up openssh-5.5p1/ssh-keygen.c.staterr openssh-5.5p1/ssh-keygen.c
|
||||||
|
--- openssh-5.5p1/ssh-keygen.c.staterr 2010-05-04 09:01:14.000000000 +0200
|
||||||
|
+++ openssh-5.5p1/ssh-keygen.c 2010-05-04 09:03:32.000000000 +0200
|
||||||
|
@@ -1831,13 +1831,19 @@ main(int argc, char **argv)
|
||||||
|
ask_filename(pw, "Enter file in which to save the key");
|
||||||
|
|
||||||
|
/* Create ~/.ssh directory if it doesn't already exist. */
|
||||||
|
- snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
|
||||||
|
- if (strstr(identity_file, dotsshdir) != NULL &&
|
||||||
|
- stat(dotsshdir, &st) < 0) {
|
||||||
|
- if (mkdir(dotsshdir, 0700) < 0)
|
||||||
|
- error("Could not create directory '%s'.", dotsshdir);
|
||||||
|
- else if (!quiet)
|
||||||
|
- printf("Created directory '%s'.\n", dotsshdir);
|
||||||
|
+ snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",
|
||||||
|
+ pw->pw_dir, _PATH_SSH_USER_DIR);
|
||||||
|
+ if (strstr(identity_file, dotsshdir) != NULL) {
|
||||||
|
+ if (stat(dotsshdir, &st) < 0) {
|
||||||
|
+ if (errno != ENOENT) {
|
||||||
|
+ error("Could not stat %s: %s", dotsshdir,
|
||||||
|
+ strerror(errno));
|
||||||
|
+ } else if (mkdir(dotsshdir, 0700) < 0) {
|
||||||
|
+ error("Could not create directory '%s': %s",
|
||||||
|
+ dotsshdir, strerror(errno));
|
||||||
|
+ } else if (!quiet)
|
||||||
|
+ printf("Created directory '%s'.\n", dotsshdir);
|
||||||
|
+ }
|
||||||
|
}
|
||||||
|
/* If the file already exists, ask the user to confirm. */
|
||||||
|
if (!overwrite && stat(identity_file, &st) >= 0) {
|
@ -120,6 +120,7 @@ Patch44: openssh-5.2p1-allow-ip-opts.patch
|
|||||||
Patch49: openssh-4.3p2-gssapi-canohost.patch
|
Patch49: openssh-4.3p2-gssapi-canohost.patch
|
||||||
Patch62: openssh-5.1p1-scp-manpage.patch
|
Patch62: openssh-5.1p1-scp-manpage.patch
|
||||||
Patch65: openssh-5.5p1-fips.patch
|
Patch65: openssh-5.5p1-fips.patch
|
||||||
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1614
|
||||||
Patch69: openssh-5.3p1-selabel.patch
|
Patch69: openssh-5.3p1-selabel.patch
|
||||||
Patch71: openssh-5.2p1-edns.patch
|
Patch71: openssh-5.2p1-edns.patch
|
||||||
Patch73: openssh-5.5p1-gsskex.patch
|
Patch73: openssh-5.5p1-gsskex.patch
|
||||||
|
Loading…
Reference in New Issue
Block a user