From 02af5cfa174bc210ea3b4aa11c8417c59c6963df Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Tue, 24 Mar 2020 09:37:47 +0100 Subject: [PATCH] Do not break X11 forwarding without IPv6 --- openssh-8.2p1-x11-without-ipv6.patch | 30 ++++++++++++++++++++++++++++ openssh.spec | 3 +++ 2 files changed, 33 insertions(+) create mode 100644 openssh-8.2p1-x11-without-ipv6.patch diff --git a/openssh-8.2p1-x11-without-ipv6.patch b/openssh-8.2p1-x11-without-ipv6.patch new file mode 100644 index 0000000..18b0376 --- /dev/null +++ b/openssh-8.2p1-x11-without-ipv6.patch @@ -0,0 +1,30 @@ +diff --git a/channels.c b/channels.c +--- a/channels.c ++++ b/channels.c +@@ -3933,16 +3933,26 @@ x11_create_display_inet(int x11_display_ + if (ai->ai_family == AF_INET6) + sock_set_v6only(sock); + if (x11_use_localhost) + set_reuseaddr(sock); + if (bind(sock, ai->ai_addr, ai->ai_addrlen) == -1) { + debug2("%s: bind port %d: %.100s", __func__, + port, strerror(errno)); + close(sock); ++ ++ /* do not remove successfully opened ++ * sockets if the request failed because ++ * the protocol IPv4/6 is not available ++ * (e.g. IPv6 may be disabled while being ++ * supported) ++ */ ++ if (EADDRNOTAVAIL == errno) ++ continue; ++ + for (n = 0; n < num_socks; n++) + close(socks[n]); + num_socks = 0; + break; + } + socks[num_socks++] = sock; + if (num_socks == NUM_SOCKS) + break; diff --git a/openssh.spec b/openssh.spec index 0c85e46..0214fc2 100644 --- a/openssh.spec +++ b/openssh.spec @@ -213,6 +213,8 @@ Patch963: openssh-8.0p1-openssl-evp.patch Patch964: openssh-8.0p1-openssl-kdf.patch # sk-dummy.so built with -fvisibility=hidden does not work Patch965: openssh-8.2p1-visibility.patch +# Do not break X11 without IPv6 +Patch966: openssh-8.2p1-x11-without-ipv6.patch License: BSD Requires: /sbin/nologin @@ -415,6 +417,7 @@ popd %patch963 -p1 -b .openssl-evp %patch964 -p1 -b .openssl-kdf %patch965 -p1 -b .visibility +%patch966 -p1 -b .x11-ipv6 %patch200 -p1 -b .audit %patch201 -p1 -b .audit-race