From c08aa4b8b17ffd59345535e6298931a8bae8ba06 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 18 Oct 2017 14:40:59 +0200 Subject: [PATCH] Fix after-release bug in PermitOpen (posted on ML) --- openssh-7.6p1-permitopen-bug.patch | 47 ++++++++++++++++++++++++++++++ openssh.spec | 3 ++ 2 files changed, 50 insertions(+) create mode 100644 openssh-7.6p1-permitopen-bug.patch diff --git a/openssh-7.6p1-permitopen-bug.patch b/openssh-7.6p1-permitopen-bug.patch new file mode 100644 index 0000000..3dd4a57 --- /dev/null +++ b/openssh-7.6p1-permitopen-bug.patch @@ -0,0 +1,47 @@ +From 7c9613fac3371cf65fb07739212cdd1ebf6575da Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 4 Oct 2017 18:49:30 +0000 +Subject: [PATCH] upstream commit + +fix (another) problem in PermitOpen introduced during the +channels.c refactor: the third and subsequent arguments to PermitOpen were +being silently ignored; ok markus@ + +Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd +--- + servconf.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/servconf.c b/servconf.c +index 2c321a4ad..956862959 100644 +--- a/servconf.c ++++ b/servconf.c +@@ -1,5 +1,5 @@ + +-/* $OpenBSD: servconf.c,v 1.312 2017/10/02 19:33:20 djm Exp $ */ ++/* $OpenBSD: servconf.c,v 1.313 2017/10/04 18:49:30 djm Exp $ */ + /* + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland + * All rights reserved +@@ -1663,9 +1663,9 @@ process_server_config_line(ServerOptions *options, char *line, + if (!arg || *arg == '\0') + fatal("%s line %d: missing PermitOpen specification", + filename, linenum); +- i = options->num_permitted_opens; /* modified later */ ++ value = options->num_permitted_opens; /* modified later */ + if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { +- if (*activep && i == 0) { ++ if (*activep && value == 0) { + options->num_permitted_opens = 1; + options->permitted_opens = xcalloc(1, + sizeof(*options->permitted_opens)); +@@ -1683,7 +1683,7 @@ process_server_config_line(ServerOptions *options, char *line, + if (arg == NULL || ((port = permitopen_port(arg)) < 0)) + fatal("%s line %d: bad port number in " + "PermitOpen", filename, linenum); +- if (*activep && i == 0) { ++ if (*activep && value == 0) { + options->permitted_opens = xrecallocarray( + options->permitted_opens, + options->num_permitted_opens, + diff --git a/openssh.spec b/openssh.spec index 81672c2..681e2fe 100644 --- a/openssh.spec +++ b/openssh.spec @@ -231,6 +231,8 @@ Patch948: openssh-7.4p1-systemd.patch Patch949: openssh-7.6p1-cleanup-selinux.patch # Sandbox adjustments for s390 and audit Patch950: openssh-7.5p1-sandbox.patch +# PermitOpen bug in OpenSSH 7.6: +Patch951: openssh-7.6p1-permitopen-bug.patch License: BSD @@ -455,6 +457,7 @@ popd %patch807 -p1 -b .gsskex-ec %patch949 -p1 -b .refactor %patch950 -p1 -b .sandbox +%patch951 -p1 -b .permitOpen %patch200 -p1 -b .audit %patch201 -p1 -b .audit-race