Missing patch
Resolves: rhbz#1952957
This commit is contained in:
		
							parent
							
								
									d075fa1cd6
								
							
						
					
					
						commit
						c3e6e4a2e6
					
				| @ -77,21 +77,6 @@ diff -up openssh-8.5p1/auth-options.c.coverity openssh-8.5p1/auth-options.c | ||||
| diff -up openssh-7.4p1/channels.c.coverity openssh-7.4p1/channels.c
 | ||||
| --- openssh-7.4p1/channels.c.coverity	2016-12-23 16:40:26.881788686 +0100
 | ||||
| +++ openssh-7.4p1/channels.c	2016-12-23 16:42:36.244818763 +0100
 | ||||
| @@ -288,11 +288,11 @@ channel_register_fds(Channel *c, int rfd
 | ||||
|   | ||||
|  	/* enable nonblocking mode */ | ||||
|  	if (nonblock) { | ||||
| -		if (rfd != -1)
 | ||||
| +		if (rfd >= 0)
 | ||||
|  			set_nonblock(rfd); | ||||
| -		if (wfd != -1)
 | ||||
| +		if (wfd >= 0)
 | ||||
|  			set_nonblock(wfd); | ||||
| -		if (efd != -1)
 | ||||
| +		if (efd >= 0)
 | ||||
|  			set_nonblock(efd); | ||||
|  	} | ||||
|  } | ||||
| @@ -1875,7 +1875,7 @@ channel_post_connecting(struct ssh *ssh,
 | ||||
|  		debug("channel %d: connection failed: %s", | ||||
|  		    c->self, strerror(err)); | ||||
|  | ||||
							
								
								
									
										241
									
								
								openssh-8.0p1-restore-nonblock.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										241
									
								
								openssh-8.0p1-restore-nonblock.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,241 @@ | ||||
| diff -up openssh-8.6p1/channels.c.restore-nonblock openssh-8.6p1/channels.c
 | ||||
| --- openssh-8.6p1/channels.c.restore-nonblock	2021-05-10 10:55:46.981156096 +0200
 | ||||
| +++ openssh-8.6p1/channels.c	2021-05-10 11:05:14.674641053 +0200
 | ||||
| @@ -298,32 +298,38 @@ channel_lookup(struct ssh *ssh, int id)
 | ||||
|  } | ||||
|   | ||||
|  /* | ||||
| - * Register filedescriptors for a channel, used when allocating a channel or
 | ||||
| - * when the channel consumer/producer is ready, e.g. shell exec'd
 | ||||
| + * Register a filedescriptor.
 | ||||
|   */ | ||||
|  static void | ||||
| -channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd,
 | ||||
| -    int extusage, int nonblock, int is_tty)
 | ||||
| +channel_register_fd(struct ssh *ssh, int fd, int nonblock)
 | ||||
|  { | ||||
|  	struct ssh_channels *sc = ssh->chanctxt; | ||||
|   | ||||
|  	/* Update the maximum file descriptor value. */ | ||||
| -	sc->channel_max_fd = MAXIMUM(sc->channel_max_fd, rfd);
 | ||||
| -	sc->channel_max_fd = MAXIMUM(sc->channel_max_fd, wfd);
 | ||||
| -	sc->channel_max_fd = MAXIMUM(sc->channel_max_fd, efd);
 | ||||
| -
 | ||||
| -	if (rfd != -1)
 | ||||
| -		fcntl(rfd, F_SETFD, FD_CLOEXEC);
 | ||||
| -	if (wfd != -1 && wfd != rfd)
 | ||||
| -		fcntl(wfd, F_SETFD, FD_CLOEXEC);
 | ||||
| -	if (efd != -1 && efd != rfd && efd != wfd)
 | ||||
| -		fcntl(efd, F_SETFD, FD_CLOEXEC);
 | ||||
| +	sc->channel_max_fd = MAXIMUM(sc->channel_max_fd, fd);
 | ||||
| +
 | ||||
| +	if (fd != -1)
 | ||||
| +		fcntl(fd, F_SETFD, FD_CLOEXEC);
 | ||||
|   | ||||
| +	/* enable nonblocking mode */
 | ||||
| +	if (nonblock && fd != -1 && !isatty(fd))
 | ||||
| +		set_nonblock(fd);
 | ||||
| +}
 | ||||
| +
 | ||||
| +/*
 | ||||
| + * Register filedescriptors for a channel, used when allocating a channel or
 | ||||
| + * when the channel consumer/producer is ready, e.g. shell exec'd
 | ||||
| + */
 | ||||
| +static void
 | ||||
| +channel_register_fds(struct ssh *ssh, Channel *c, int rfd, int wfd, int efd,
 | ||||
| +    int extusage, int nonblock, int is_tty)
 | ||||
| +{
 | ||||
|  	c->rfd = rfd; | ||||
|  	c->wfd = wfd; | ||||
|  	c->sock = (rfd == wfd) ? rfd : -1; | ||||
|  	c->efd = efd; | ||||
|  	c->extended_usage = extusage; | ||||
| +	c->nonblock = 0;
 | ||||
|   | ||||
|  	if ((c->isatty = is_tty) != 0) | ||||
|  		debug2("channel %d: rfd %d isatty", c->self, c->rfd); | ||||
| @@ -332,14 +338,20 @@ channel_register_fds(struct ssh *ssh, Ch
 | ||||
|  	c->wfd_isatty = is_tty || isatty(c->wfd); | ||||
|  #endif | ||||
|   | ||||
| -	/* enable nonblocking mode */
 | ||||
| -	if (nonblock) {
 | ||||
| -		if (rfd != -1)
 | ||||
| -			set_nonblock(rfd);
 | ||||
| -		if (wfd != -1)
 | ||||
| -			set_nonblock(wfd);
 | ||||
| -		if (efd != -1)
 | ||||
| -			set_nonblock(efd);
 | ||||
| +	if (rfd != -1) {
 | ||||
| +		if ((fcntl(rfd, F_GETFL) & O_NONBLOCK) == 0)
 | ||||
| +			c->nonblock |= NEED_RESTORE_STDIN_NONBLOCK;
 | ||||
| +		channel_register_fd(ssh, rfd, nonblock);
 | ||||
| +	}
 | ||||
| +	if (wfd != -1 && wfd != rfd) {
 | ||||
| +		if ((fcntl(wfd, F_GETFL) & O_NONBLOCK) == 0)
 | ||||
| +			c->nonblock |= NEED_RESTORE_STDOUT_NONBLOCK;
 | ||||
| +		channel_register_fd(ssh, wfd, nonblock);
 | ||||
| +	}
 | ||||
| +	if (efd != -1 && efd != rfd && efd != wfd) {
 | ||||
| +		if ((fcntl(efd, F_GETFL) & O_NONBLOCK) == 0)
 | ||||
| +			c->nonblock |= NEED_RESTORE_STDERR_NONBLOCK;
 | ||||
| +		channel_register_fd(ssh, efd, nonblock);
 | ||||
|  	} | ||||
|  } | ||||
|   | ||||
| @@ -422,11 +434,15 @@ channel_find_maxfd(struct ssh_channels *
 | ||||
|  } | ||||
|   | ||||
|  int | ||||
| -channel_close_fd(struct ssh *ssh, int *fdp)
 | ||||
| +channel_close_fd(struct ssh *ssh, int *fdp, int nonblock)
 | ||||
|  { | ||||
|  	struct ssh_channels *sc = ssh->chanctxt; | ||||
|  	int ret = 0, fd = *fdp; | ||||
|   | ||||
| +	/* As the fd is duped, restoring the block mode
 | ||||
| +	 * affects the original fd */
 | ||||
| +	if (nonblock && fd != -1 && !isatty(fd))
 | ||||
| +		unset_nonblock(fd);
 | ||||
|  	if (fd != -1) { | ||||
|  		ret = close(fd); | ||||
|  		*fdp = -1; | ||||
| @@ -442,13 +458,13 @@ channel_close_fds(struct ssh *ssh, Chann
 | ||||
|  { | ||||
|  	int sock = c->sock, rfd = c->rfd, wfd = c->wfd, efd = c->efd; | ||||
|   | ||||
| -	channel_close_fd(ssh, &c->sock);
 | ||||
| +	channel_close_fd(ssh, &c->sock, 0);
 | ||||
|  	if (rfd != sock) | ||||
| -		channel_close_fd(ssh, &c->rfd);
 | ||||
| +		channel_close_fd(ssh, &c->rfd, c->nonblock & NEED_RESTORE_STDIN_NONBLOCK);
 | ||||
|  	if (wfd != sock && wfd != rfd) | ||||
| -		channel_close_fd(ssh, &c->wfd);
 | ||||
| +		channel_close_fd(ssh, &c->wfd, c->nonblock & NEED_RESTORE_STDOUT_NONBLOCK);
 | ||||
|  	if (efd != sock && efd != rfd && efd != wfd) | ||||
| -		channel_close_fd(ssh, &c->efd);
 | ||||
| +		channel_close_fd(ssh, &c->efd, c->nonblock & NEED_RESTORE_STDERR_NONBLOCK);
 | ||||
|  } | ||||
|   | ||||
|  static void | ||||
| @@ -702,7 +718,7 @@ channel_stop_listening(struct ssh *ssh)
 | ||||
|  			case SSH_CHANNEL_X11_LISTENER: | ||||
|  			case SSH_CHANNEL_UNIX_LISTENER: | ||||
|  			case SSH_CHANNEL_RUNIX_LISTENER: | ||||
| -				channel_close_fd(ssh, &c->sock);
 | ||||
| +				channel_close_fd(ssh, &c->sock, 0);
 | ||||
|  				channel_free(ssh, c); | ||||
|  				break; | ||||
|  			} | ||||
| @@ -1649,7 +1665,7 @@ channel_post_x11_listener(struct ssh *ss
 | ||||
|  	if (c->single_connection) { | ||||
|  		oerrno = errno; | ||||
|  		debug2("single_connection: closing X11 listener."); | ||||
| -		channel_close_fd(ssh, &c->sock);
 | ||||
| +		channel_close_fd(ssh, &c->sock, 0);
 | ||||
|  		chan_mark_dead(ssh, c); | ||||
|  		errno = oerrno; | ||||
|  	} | ||||
| @@ -2058,7 +2074,7 @@ channel_handle_efd_write(struct ssh *ssh
 | ||||
|  		return 1; | ||||
|  	if (len <= 0) { | ||||
|  		debug2("channel %d: closing write-efd %d", c->self, c->efd); | ||||
| -		channel_close_fd(ssh, &c->efd);
 | ||||
| +		channel_close_fd(ssh, &c->efd, c->nonblock & NEED_RESTORE_STDERR_NONBLOCK);
 | ||||
|  	} else { | ||||
|  		if ((r = sshbuf_consume(c->extended, len)) != 0) | ||||
|  			fatal_fr(r, "channel %i: consume", c->self); | ||||
| @@ -2087,7 +2103,7 @@ channel_handle_efd_read(struct ssh *ssh,
 | ||||
|  		return 1; | ||||
|  	if (len <= 0) { | ||||
|  		debug2("channel %d: closing read-efd %d", c->self, c->efd); | ||||
| -		channel_close_fd(ssh, &c->efd);
 | ||||
| +		channel_close_fd(ssh, &c->efd, c->nonblock & NEED_RESTORE_STDERR_NONBLOCK);
 | ||||
|  	} else if (c->extended_usage == CHAN_EXTENDED_IGNORE) | ||||
|  		debug3("channel %d: discard efd", c->self); | ||||
|  	else if ((r = sshbuf_put(c->extended, buf, len)) != 0) | ||||
| diff -up openssh-8.6p1/channels.h.restore-nonblock openssh-8.6p1/channels.h
 | ||||
| --- openssh-8.6p1/channels.h.restore-nonblock	2021-05-10 10:55:46.942155788 +0200
 | ||||
| +++ openssh-8.6p1/channels.h	2021-05-10 11:01:41.123953937 +0200
 | ||||
| @@ -188,8 +188,15 @@ struct Channel {
 | ||||
|  	void			*mux_ctx; | ||||
|  	int			mux_pause; | ||||
|  	int			mux_downstream_id; | ||||
| +
 | ||||
| +	/* whether non-blocking is set to descriptors */
 | ||||
| +	int 			nonblock;
 | ||||
|  }; | ||||
|   | ||||
| +#define NEED_RESTORE_STDIN_NONBLOCK  1
 | ||||
| +#define NEED_RESTORE_STDOUT_NONBLOCK 2
 | ||||
| +#define NEED_RESTORE_STDERR_NONBLOCK 4
 | ||||
| +
 | ||||
|  #define CHAN_EXTENDED_IGNORE		0 | ||||
|  #define CHAN_EXTENDED_READ		1 | ||||
|  #define CHAN_EXTENDED_WRITE		2 | ||||
| @@ -266,7 +273,7 @@ void	 channel_register_filter(struct ssh
 | ||||
|  void	 channel_register_status_confirm(struct ssh *, int, | ||||
|  	    channel_confirm_cb *, channel_confirm_abandon_cb *, void *); | ||||
|  void	 channel_cancel_cleanup(struct ssh *, int); | ||||
| -int	 channel_close_fd(struct ssh *, int *);
 | ||||
| +int	 channel_close_fd(struct ssh *, int *, int);
 | ||||
|  void	 channel_send_window_changes(struct ssh *); | ||||
|   | ||||
|  /* mux proxy support */ | ||||
| diff -up openssh-8.6p1/nchan.c.restore-nonblock openssh-8.6p1/nchan.c
 | ||||
| --- openssh-8.6p1/nchan.c.restore-nonblock	2021-05-10 10:55:46.990156168 +0200
 | ||||
| +++ openssh-8.6p1/nchan.c	2021-05-10 11:03:46.679945863 +0200
 | ||||
| @@ -384,7 +384,7 @@ chan_shutdown_write(struct ssh *ssh, Cha
 | ||||
|  			    c->istate, c->ostate, strerror(errno)); | ||||
|  		} | ||||
|  	} else { | ||||
| -		if (channel_close_fd(ssh, &c->wfd) < 0) {
 | ||||
| +		if (channel_close_fd(ssh, &c->wfd, c->nonblock & NEED_RESTORE_STDOUT_NONBLOCK) < 0) {
 | ||||
|  			logit_f("channel %d: close() failed for " | ||||
|  			    "fd %d [i%d o%d]: %.100s", c->self, c->wfd, | ||||
|  			    c->istate, c->ostate, strerror(errno)); | ||||
| @@ -412,7 +412,7 @@ chan_shutdown_read(struct ssh *ssh, Chan
 | ||||
|  			    c->istate, c->ostate, strerror(errno)); | ||||
|  		} | ||||
|  	} else { | ||||
| -		if (channel_close_fd(ssh, &c->rfd) < 0) {
 | ||||
| +		if (channel_close_fd(ssh, &c->rfd, c->nonblock & NEED_RESTORE_STDIN_NONBLOCK) < 0) {
 | ||||
|  			logit_f("channel %d: close() failed for " | ||||
|  			    "fd %d [i%d o%d]: %.100s", c->self, c->rfd, | ||||
|  			    c->istate, c->ostate, strerror(errno)); | ||||
| @@ -431,7 +431,7 @@ chan_shutdown_extended_read(struct ssh *
 | ||||
|  	debug_f("channel %d: (i%d o%d sock %d wfd %d efd %d [%s])", | ||||
|  	    c->self, c->istate, c->ostate, c->sock, c->rfd, c->efd, | ||||
|  	    channel_format_extended_usage(c)); | ||||
| -	if (channel_close_fd(ssh, &c->efd) < 0) {
 | ||||
| +	if (channel_close_fd(ssh, &c->efd, c->nonblock & NEED_RESTORE_STDERR_NONBLOCK) < 0) {
 | ||||
|  		logit_f("channel %d: close() failed for " | ||||
|  		    "extended fd %d [i%d o%d]: %.100s", c->self, c->efd, | ||||
|  		    c->istate, c->ostate, strerror(errno)); | ||||
| diff -up openssh-8.6p1/ssh.c.restore-nonblock openssh-8.6p1/ssh.c
 | ||||
| --- openssh-8.6p1/ssh.c.restore-nonblock	2021-05-10 10:55:46.991156175 +0200
 | ||||
| +++ openssh-8.6p1/ssh.c	2021-05-10 11:06:28.315222828 +0200
 | ||||
| @@ -2085,14 +2085,6 @@ ssh_session2_open(struct ssh *ssh)
 | ||||
|  	if (in == -1 || out == -1 || err == -1) | ||||
|  		fatal("dup() in/out/err failed"); | ||||
|   | ||||
| -	/* enable nonblocking unless tty */
 | ||||
| -	if (!isatty(in))
 | ||||
| -		set_nonblock(in);
 | ||||
| -	if (!isatty(out))
 | ||||
| -		set_nonblock(out);
 | ||||
| -	if (!isatty(err))
 | ||||
| -		set_nonblock(err);
 | ||||
| -
 | ||||
|  	window = CHAN_SES_WINDOW_DEFAULT; | ||||
|  	packetmax = CHAN_SES_PACKET_DEFAULT; | ||||
|  	if (tty_flag) { | ||||
| @@ -2102,7 +2094,7 @@ ssh_session2_open(struct ssh *ssh)
 | ||||
|  	c = channel_new(ssh, | ||||
|  	    "session", SSH_CHANNEL_OPENING, in, out, err, | ||||
|  	    window, packetmax, CHAN_EXTENDED_WRITE, | ||||
| -	    "client-session", /*nonblock*/0);
 | ||||
| +	    "client-session", /*nonblock*/1);
 | ||||
|   | ||||
|  	debug3_f("channel_new: %d", c->self); | ||||
|   | ||||
| @ -51,7 +51,7 @@ | ||||
| 
 | ||||
| # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 | ||||
| %global openssh_ver 8.6p1 | ||||
| %global openssh_rel 1 | ||||
| %global openssh_rel 2 | ||||
| %global pam_ssh_agent_ver 0.10.4 | ||||
| %global pam_ssh_agent_rel 3 | ||||
| 
 | ||||
| @ -195,6 +195,8 @@ Patch969: openssh-8.4p1-debian-compat.patch | ||||
| Patch974: openssh-8.0p1-keygen-strip-doseol.patch | ||||
| # sshd provides PAM an incorrect error code (#1879503) | ||||
| Patch975: openssh-8.0p1-preserve-pam-errors.patch | ||||
| # ssh incorrectly restores the blocking mode on standard output (#1942901) | ||||
| Patch976: openssh-8.0p1-restore-nonblock.patch | ||||
| 
 | ||||
| License: BSD | ||||
| Requires: /sbin/nologin | ||||
| @ -372,6 +374,7 @@ popd | ||||
| %patch969 -p0 -b .debian | ||||
| %patch974 -p1 -b .keygen-strip-doseol | ||||
| %patch975 -p1 -b .preserve-pam-errors | ||||
| %patch976 -p1 -b .restore-nonblock | ||||
| 
 | ||||
| %patch200 -p1 -b .audit | ||||
| %patch201 -p1 -b .audit-race | ||||
| @ -656,6 +659,9 @@ test -f %{sysconfig_anaconda} && \ | ||||
| %endif | ||||
| 
 | ||||
| %changelog | ||||
| * Mon May 10 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-2 | ||||
| - rebuilt | ||||
| 
 | ||||
| * Thu May 06 2021 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.6p1-1 + 0.10.4-3 | ||||
| - New upstream release (#1952957) | ||||
| - GSS KEX broken beginning with (GSI-)OpenSSH 8.0p1 (#1957306) | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user