- drop the pam-session patch from the previous build (#201341)
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
This commit is contained in:
parent
762e407bd5
commit
c12d6ba86c
11
openssh-4.3p2-no-v6only.patch
Normal file
11
openssh-4.3p2-no-v6only.patch
Normal file
@ -0,0 +1,11 @@
|
|||||||
|
--- openssh-4.3p2/channels.c.no-v6only 2006-07-17 15:39:31.000000000 +0200
|
||||||
|
+++ openssh-4.3p2/channels.c 2006-08-08 12:44:51.000000000 +0200
|
||||||
|
@@ -2794,7 +2794,7 @@
|
||||||
|
}
|
||||||
|
}
|
||||||
|
#ifdef IPV6_V6ONLY
|
||||||
|
- if (ai->ai_family == AF_INET6) {
|
||||||
|
+ if (x11_use_localhost && ai->ai_family == AF_INET6) {
|
||||||
|
int on = 1;
|
||||||
|
if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0)
|
||||||
|
error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno));
|
@ -1,91 +0,0 @@
|
|||||||
Index: auth-pam.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-pam.c,v
|
|
||||||
retrieving revision 1.134
|
|
||||||
diff -u -p -r1.134 auth-pam.c
|
|
||||||
--- auth-pam.c 15 May 2006 07:22:33 -0000 1.134
|
|
||||||
+++ auth-pam.c 22 May 2006 08:50:59 -0000
|
|
||||||
@@ -573,15 +573,17 @@ static struct pam_conv store_conv = { ss
|
|
||||||
void
|
|
||||||
sshpam_cleanup(void)
|
|
||||||
{
|
|
||||||
- debug("PAM: cleanup");
|
|
||||||
- if (sshpam_handle == NULL)
|
|
||||||
+ if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
|
|
||||||
return;
|
|
||||||
+ debug("PAM: cleanup");
|
|
||||||
pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
|
|
||||||
if (sshpam_cred_established) {
|
|
||||||
+ debug("PAM: deleting credentials");
|
|
||||||
pam_setcred(sshpam_handle, PAM_DELETE_CRED);
|
|
||||||
sshpam_cred_established = 0;
|
|
||||||
}
|
|
||||||
if (sshpam_session_open) {
|
|
||||||
+ debug("PAM: closing session");
|
|
||||||
pam_close_session(sshpam_handle, PAM_SILENT);
|
|
||||||
sshpam_session_open = 0;
|
|
||||||
}
|
|
||||||
Index: monitor.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/monitor.c,v
|
|
||||||
retrieving revision 1.104
|
|
||||||
diff -u -p -r1.104 monitor.c
|
|
||||||
--- monitor.c 21 May 2006 08:26:40 -0000 1.104
|
|
||||||
+++ monitor.c 22 May 2006 08:37:58 -0000
|
|
||||||
@@ -354,6 +354,10 @@ monitor_child_preauth(Authctxt *_authctx
|
|
||||||
MONITOR_REQ_PAM_ACCOUNT, &m);
|
|
||||||
authenticated = mm_answer_pam_account(pmonitor->m_sendfd, &m);
|
|
||||||
buffer_free(&m);
|
|
||||||
+ if (authenticated) {
|
|
||||||
+ do_pam_session();
|
|
||||||
+ do_pam_setcred(0);
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
}
|
|
||||||
@@ -1531,6 +1535,11 @@ mm_answer_term(int sock, Buffer *req)
|
|
||||||
/* The child is terminating */
|
|
||||||
session_destroy_all(&mm_session_close);
|
|
||||||
|
|
||||||
+#ifdef USE_PAM
|
|
||||||
+ if (options.use_pam)
|
|
||||||
+ sshpam_cleanup();
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
while (waitpid(pmonitor->m_pid, &status, 0) == -1)
|
|
||||||
if (errno != EINTR)
|
|
||||||
exit(1);
|
|
||||||
Index: session.c
|
|
||||||
===================================================================
|
|
||||||
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/session.c,v
|
|
||||||
retrieving revision 1.328
|
|
||||||
diff -u -p -r1.328 session.c
|
|
||||||
--- session.c 4 May 2006 06:24:34 -0000 1.328
|
|
||||||
+++ session.c 22 May 2006 08:14:24 -0000
|
|
||||||
@@ -541,7 +541,7 @@ do_exec_pty(Session *s, const char *comm
|
|
||||||
ttyfd = s->ttyfd;
|
|
||||||
|
|
||||||
#if defined(USE_PAM)
|
|
||||||
- if (options.use_pam) {
|
|
||||||
+ if (options.use_pam && !use_privsep) {
|
|
||||||
do_pam_set_tty(s->tty);
|
|
||||||
if (!use_privsep)
|
|
||||||
do_pam_setcred(1);
|
|
||||||
@@ -1284,7 +1284,7 @@ do_setusercontext(struct passwd *pw)
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
# ifdef USE_PAM
|
|
||||||
- if (options.use_pam) {
|
|
||||||
+ if (options.use_pam && !use_privsep) {
|
|
||||||
do_pam_session();
|
|
||||||
do_pam_setcred(0);
|
|
||||||
}
|
|
||||||
@@ -1326,7 +1326,7 @@ do_setusercontext(struct passwd *pw)
|
|
||||||
* These will have been wiped by the above initgroups() call.
|
|
||||||
* Reestablish them here.
|
|
||||||
*/
|
|
||||||
- if (options.use_pam) {
|
|
||||||
+ if (options.use_pam && !use_privsep) {
|
|
||||||
do_pam_session();
|
|
||||||
do_pam_setcred(0);
|
|
||||||
}
|
|
18
openssh.spec
18
openssh.spec
@ -2,6 +2,8 @@
|
|||||||
%if %{WITH_SELINUX}
|
%if %{WITH_SELINUX}
|
||||||
# Audit patch applicable only over SELinux patch
|
# Audit patch applicable only over SELinux patch
|
||||||
%define WITH_AUDIT 1
|
%define WITH_AUDIT 1
|
||||||
|
%else
|
||||||
|
%define WITH_AUDIT 0
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# OpenSSH privilege separation requires a user & group ID
|
# OpenSSH privilege separation requires a user & group ID
|
||||||
@ -49,6 +51,7 @@
|
|||||||
# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
|
# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
|
||||||
%define rescue 0
|
%define rescue 0
|
||||||
%{?build_rescue:%define rescue 1}
|
%{?build_rescue:%define rescue 1}
|
||||||
|
%{?build_rescue:%define rescue_rel rescue}
|
||||||
|
|
||||||
# Turn off some stuff for resuce builds
|
# Turn off some stuff for resuce builds
|
||||||
%if %{rescue}
|
%if %{rescue}
|
||||||
@ -58,12 +61,7 @@
|
|||||||
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
|
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
Version: 4.3p2
|
Version: 4.3p2
|
||||||
%define rel 7
|
Release: 8%{?rescue_rel}
|
||||||
%if %{rescue}
|
|
||||||
%define %{rel}rescue
|
|
||||||
%else
|
|
||||||
Release: %{rel}
|
|
||||||
%endif
|
|
||||||
URL: http://www.openssh.com/portable.html
|
URL: http://www.openssh.com/portable.html
|
||||||
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||||
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
|
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
|
||||||
@ -92,7 +90,7 @@ Patch35: openssh-4.2p1-askpass-progress.patch
|
|||||||
Patch36: openssh-4.3p2-buffer-len.patch
|
Patch36: openssh-4.3p2-buffer-len.patch
|
||||||
Patch37: openssh-4.3p2-configure-typo.patch
|
Patch37: openssh-4.3p2-configure-typo.patch
|
||||||
Patch38: openssh-4.3p2-askpass-grab-info.patch
|
Patch38: openssh-4.3p2-askpass-grab-info.patch
|
||||||
Patch39: openssh-4.3p2-pam-session.patch
|
Patch39: openssh-4.3p2-no-v6only.patch
|
||||||
License: BSD
|
License: BSD
|
||||||
Group: Applications/Internet
|
Group: Applications/Internet
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
|
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
|
||||||
@ -220,7 +218,7 @@ an X11 passphrase dialog for OpenSSH.
|
|||||||
%patch36 -p0 -b .buffer-len
|
%patch36 -p0 -b .buffer-len
|
||||||
%patch37 -p1 -b .typo
|
%patch37 -p1 -b .typo
|
||||||
%patch38 -p1 -b .grab-info
|
%patch38 -p1 -b .grab-info
|
||||||
%patch39 -p0 -b .pam-session
|
%patch39 -p1 -b .no-v6only
|
||||||
|
|
||||||
autoreconf
|
autoreconf
|
||||||
|
|
||||||
@ -462,6 +460,10 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Aug 8 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-8
|
||||||
|
- drop the pam-session patch from the previous build (#201341)
|
||||||
|
- don't set IPV6_V6ONLY sock opt when listening on wildcard addr (#201594)
|
||||||
|
|
||||||
* Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-7
|
* Thu Jul 20 2006 Tomas Mraz <tmraz@redhat.com> - 4.3p2-7
|
||||||
- dropped old ssh obsoletes
|
- dropped old ssh obsoletes
|
||||||
- call the pam_session_open/close from the monitor when privsep is
|
- call the pam_session_open/close from the monitor when privsep is
|
||||||
|
Loading…
Reference in New Issue
Block a user