- pass the connection socket to ssh-keysign (#447680)

openssh-4.7p1-cloexec.patch

@@ -1,6 +1,25 @@
+diff -up openssh-4.7p1/sshconnect2.c.cloexec openssh-4.7p1/sshconnect2.c
+--- openssh-4.7p1/sshconnect2.c.cloexec	2008-03-06 15:58:03.000000000 +0100
++++ openssh-4.7p1/sshconnect2.c	2008-05-21 09:27:06.000000000 +0200
+@@ -38,6 +38,7 @@
+ #include <stdio.h>
+ #include <string.h>
+ #include <unistd.h>
++#include <fcntl.h>
+ 
+ #include "openbsd-compat/sys-queue.h"
+ 
+@@ -1257,6 +1258,7 @@ ssh_keysign(Key *key, u_char **sigp, u_i
+ 		return -1;
+ 	}
+ 	if (pid == 0) {
++		fcntl(packet_get_connection_in(), F_SETFD, 0); /* keep the socket on exec */
+ 		permanently_drop_suid(getuid());
+ 		close(from[0]);
+ 		if (dup2(from[1], STDOUT_FILENO) < 0)
 diff -up openssh-4.7p1/sshconnect.c.cloexec openssh-4.7p1/sshconnect.c
 --- openssh-4.7p1/sshconnect.c.cloexec	2006-10-23 19:02:24.000000000 +0200
-+++ openssh-4.7p1/sshconnect.c	2008-02-05 23:14:28.000000000 +0100
++++ openssh-4.7p1/sshconnect.c	2008-03-06 15:58:03.000000000 +0100
 @@ -38,6 +38,7 @@
  #include <stdlib.h>
  #include <string.h>

openssh.spec

@@ -63,7 +63,7 @@
 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
 Name: openssh
 Version: 5.0p1
-Release: 2%{?dist}%{?rescue_rel}
+Release: 3%{?dist}%{?rescue_rel}
 URL: http://www.openssh.com/portable.html
 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -484,6 +484,9 @@ fi
 %endif
 
 %changelog
+* Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-3
+- pass the connection socket to ssh-keysign (#447680)
+
 * Mon May 19 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-2
 - add LANGUAGE to accepted/sent environment variables (#443231)
 - use pam_selinux to obtain the user context instead of doing it itself