From 4b24967a9c4684057ebc8fefa15473f0d18b4261 Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Thu, 25 Sep 2014 11:45:47 +0200 Subject: [PATCH 1/2] fix parsing of empty arguments in sshd_conf https://bugzilla.mindrot.org/show_bug.cgi?id=2281 --- openssh-6.6.1p1-servconf-parser.patch | 31 +++++++++++++++++++++++++++ openssh.spec | 4 ++++ 2 files changed, 35 insertions(+) create mode 100644 openssh-6.6.1p1-servconf-parser.patch diff --git a/openssh-6.6.1p1-servconf-parser.patch b/openssh-6.6.1p1-servconf-parser.patch new file mode 100644 index 0000000..b93f6f3 --- /dev/null +++ b/openssh-6.6.1p1-servconf-parser.patch @@ -0,0 +1,31 @@ +diff --git a/servconf.c b/servconf.c +index b7f3294..bc1e909 100644 +--- a/servconf.c ++++ b/servconf.c +@@ -1550,7 +1550,7 @@ process_server_config_line(ServerOptions *options, char *line, + break; + + case sForceCommand: +- if (cp == NULL) ++ if (cp == NULL || *cp == '\0') + fatal("%.200s line %d: Missing argument.", filename, + linenum); + len = strspn(cp, WHITESPACE); +@@ -1595,7 +1595,7 @@ process_server_config_line(ServerOptions *options, char *line, + break; + + case sVersionAddendum: +- if (cp == NULL) ++ if (cp == NULL || *cp == '\0') + fatal("%.200s line %d: Missing argument.", filename, + linenum); + len = strspn(cp, WHITESPACE); +@@ -1630,6 +1630,8 @@ process_server_config_line(ServerOptions *options, char *line, + break; + + case sAuthenticationMethods: ++ if (cp == NULL || *cp == '\0') ++ fatal("%.200s line %d: Missing argument.", filename, linenum); + if (*activep && options->num_auth_methods == 0) { + while ((arg = strdelim(&cp)) && *arg != '\0') { + if (options->num_auth_methods >= diff --git a/openssh.spec b/openssh.spec index e0e6806..ca58e0c 100644 --- a/openssh.spec +++ b/openssh.spec @@ -201,6 +201,9 @@ Patch912: openssh-6.6.1p1-utf8-banner.patch # don't consider a partial success as a failure # https://bugzilla.mindrot.org/show_bug.cgi?id=2270 Patch913: openssh-6.6.1p1-partial-success.patch +# fix parsing of empty options in sshd_conf +# https://bugzilla.mindrot.org/show_bug.cgi?id=2281 +Patch914: openssh-6.6.1p1-servconf-parser.patch License: BSD @@ -409,6 +412,7 @@ popd %patch911 -p1 -b .set_remote_ipaddr %patch912 -p1 -b .utf8-banner %patch913 -p1 -b .partial-success +%patch914 -p1 -b .servconf %patch200 -p1 -b .audit %patch700 -p1 -b .fips From 0f0e055d6ad8dd53819043e8d7fc69bf1dd9022c Mon Sep 17 00:00:00 2001 From: Petr Lautrbach Date: Mon, 29 Sep 2014 08:37:05 +0200 Subject: [PATCH 2/2] Ignore SIGXFSZ in postauth monitor https://bugzilla.mindrot.org/show_bug.cgi?id=2263 --- ...h-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch | 28 +++++++++++++++++++ openssh.spec | 4 +++ 2 files changed, 32 insertions(+) create mode 100644 openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch diff --git a/openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch b/openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch new file mode 100644 index 0000000..87434ce --- /dev/null +++ b/openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch @@ -0,0 +1,28 @@ +diff --git a/ChangeLog b/ChangeLog +index 3887495..a4dc72f 100644 +--- a/ChangeLog ++++ b/ChangeLog +@@ -1,3 +1,9 @@ ++20140823 ++ - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on ++ lastlog writing on platforms with high UIDs; bz#2263 ++ - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth ++ monitor, not preauth; bz#2263 ++ + 20140703 + - OpenBSD CVS Sync + - djm@cvs.openbsd.org 2014/07/03 03:34:09 +diff --git a/monitor.c b/monitor.c +index bdabe21..5a65114 100644 +--- a/monitor.c ++++ b/monitor.c +@@ -501,6 +501,9 @@ monitor_child_postauth(struct monitor *pmonitor) + signal(SIGHUP, &monitor_child_handler); + signal(SIGTERM, &monitor_child_handler); + signal(SIGINT, &monitor_child_handler); ++#ifdef SIGXFSZ ++ signal(SIGXFSZ, SIG_IGN); ++#endif + + if (compat20) { + mon_dispatch = mon_dispatch_postauth20; diff --git a/openssh.spec b/openssh.spec index ca58e0c..0150a51 100644 --- a/openssh.spec +++ b/openssh.spec @@ -204,6 +204,9 @@ Patch913: openssh-6.6.1p1-partial-success.patch # fix parsing of empty options in sshd_conf # https://bugzilla.mindrot.org/show_bug.cgi?id=2281 Patch914: openssh-6.6.1p1-servconf-parser.patch +# Ignore SIGXFSZ in postauth monitor +# https://bugzilla.mindrot.org/show_bug.cgi?id=2263 +Patch915: openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch License: BSD @@ -413,6 +416,7 @@ popd %patch912 -p1 -b .utf8-banner %patch913 -p1 -b .partial-success %patch914 -p1 -b .servconf +%patch915 -p1 -b .SIGXFSZ %patch200 -p1 -b .audit %patch700 -p1 -b .fips