From 0f0e055d6ad8dd53819043e8d7fc69bf1dd9022c Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 29 Sep 2014 08:37:05 +0200 Subject: [PATCH] Ignore SIGXFSZ in postauth monitor https://bugzilla.mindrot.org/show_bug.cgi?id=2263 --- ...h-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch | 28 +++++++++++++++++++ openssh.spec | 4 +++ 2 files changed, 32 insertions(+) create mode 100644 openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch diff --git a/openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch b/openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch new file mode 100644 index 0000000..87434ce --- /dev/null +++ b/openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch @@ -0,0 +1,28 @@ +diff --git a/ChangeLog b/ChangeLog +index 3887495..a4dc72f 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,9 @@ ++20140823 ++ - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on ++ lastlog writing on platforms with high UIDs; bz#2263 ++ - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth ++ monitor, not preauth; bz#2263 ++ + 20140703 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2014/07/03 03:34:09 +diff --git a/monitor.c b/monitor.c +index bdabe21..5a65114 100644 +--- a/monitor.c ++++ b/monitor.c +@@ -501,6 +501,9 @@ monitor_child_postauth(struct monitor *pmonitor) + signal(SIGHUP, &monitor_child_handler); + signal(SIGTERM, &monitor_child_handler); + signal(SIGINT, &monitor_child_handler); ++#ifdef SIGXFSZ ++ signal(SIGXFSZ, SIG_IGN); ++#endif + + if (compat20) { + mon_dispatch = mon_dispatch_postauth20; diff --git a/openssh.spec b/openssh.spec index ca58e0c..0150a51 100644 --- a/openssh.spec +++ b/openssh.spec @@ -204,6 +204,9 @@ Patch913: openssh-6.6.1p1-partial-success.patch # fix parsing of empty options in sshd_conf # https://bugzilla.mindrot.org/show_bug.cgi?id=2281 Patch914: openssh-6.6.1p1-servconf-parser.patch +# Ignore SIGXFSZ in postauth monitor +# https://bugzilla.mindrot.org/show_bug.cgi?id=2263 +Patch915: openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch License: BSD @@ -413,6 +416,7 @@ popd %patch912 -p1 -b .utf8-banner %patch913 -p1 -b .partial-success %patch914 -p1 -b .servconf +%patch915 -p1 -b .SIGXFSZ %patch200 -p1 -b .audit %patch700 -p1 -b .fips