Compare commits
9 Commits
Author | SHA1 | Date |
---|---|---|
|
90b0fb9d2c | |
|
5280ccf00d | |
|
3835f5aeb9 | |
|
f93df13b51 | |
|
10e85cd595 | |
|
9e4020a205 | |
|
ec00eac52b | |
|
c6ca976c08 | |
|
68893bbd93 |
|
@ -0,0 +1,24 @@
|
|||
diff -up openssh-5.6p1/channels.c.getaddrinfo openssh-5.6p1/channels.c
|
||||
--- openssh-5.6p1/channels.c.getaddrinfo 2012-02-14 16:12:54.427852524 +0100
|
||||
+++ openssh-5.6p1/channels.c 2012-02-14 16:13:22.818928690 +0100
|
||||
@@ -3275,6 +3275,9 @@ x11_create_display_inet(int x11_display_
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = IPv4or6;
|
||||
hints.ai_flags = x11_use_localhost ? 0: AI_PASSIVE;
|
||||
+#ifdef AI_ADDRCONFIG
|
||||
+ hints.ai_flags |= AI_ADDRCONFIG;
|
||||
+#endif
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
snprintf(strport, sizeof strport, "%d", port);
|
||||
if ((gaierr = getaddrinfo(NULL, strport, &hints, &aitop)) != 0) {
|
||||
diff -up openssh-5.6p1/sshconnect.c.getaddrinfo openssh-5.6p1/sshconnect.c
|
||||
--- openssh-5.6p1/sshconnect.c.getaddrinfo 2012-02-14 16:09:25.057964291 +0100
|
||||
+++ openssh-5.6p1/sshconnect.c 2012-02-14 16:09:25.106047007 +0100
|
||||
@@ -343,6 +343,7 @@ ssh_connect(const char *host, struct soc
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = family;
|
||||
hints.ai_socktype = SOCK_STREAM;
|
||||
+ hints.ai_flags = AI_V4MAPPED | AI_ADDRCONFIG;
|
||||
snprintf(strport, sizeof strport, "%u", port);
|
||||
if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0)
|
||||
fatal("%s: Could not resolve hostname %.100s: %s", __progname,
|
|
@ -0,0 +1,14 @@
|
|||
diff --git a/key.c b/key.c
|
||||
index 57ad9fd..5886d44 100644
|
||||
--- a/key.c
|
||||
+++ b/key.c
|
||||
@@ -1517,8 +1517,8 @@ key_certify(Key *k, Key *ca)
|
||||
buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
|
||||
|
||||
/* -v01 certs put nonce first */
|
||||
+ arc4random_buf(&nonce, sizeof(nonce));
|
||||
if (k->type == KEY_DSA_CERT || k->type == KEY_RSA_CERT) {
|
||||
- arc4random_buf(&nonce, sizeof(nonce));
|
||||
buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
|
||||
}
|
||||
|
|
@ -0,0 +1,96 @@
|
|||
? build
|
||||
Index: openbsd-compat/port-linux.c
|
||||
===================================================================
|
||||
RCS file: /var/cvs/openssh/openbsd-compat/port-linux.c,v
|
||||
retrieving revision 1.9
|
||||
diff -u -p -r1.9 port-linux.c
|
||||
--- openbsd-compat/port-linux.c 10 Sep 2010 00:30:25 -0000 1.9
|
||||
+++ openbsd-compat/port-linux.c 17 Jan 2011 00:02:45 -0000
|
||||
@@ -208,14 +208,22 @@ ssh_selinux_change_context(const char *n
|
||||
#endif /* WITH_SELINUX */
|
||||
|
||||
#ifdef LINUX_OOM_ADJUST
|
||||
-#define OOM_ADJ_PATH "/proc/self/oom_adj"
|
||||
/*
|
||||
- * The magic "don't kill me", as documented in eg:
|
||||
+ * The magic "don't kill me" values, old and new, as documented in eg:
|
||||
* http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt
|
||||
+ * http://lxr.linux.no/#linux+v2.6.36/Documentation/filesystems/proc.txt
|
||||
*/
|
||||
-#define OOM_ADJ_NOKILL -17
|
||||
|
||||
static int oom_adj_save = INT_MIN;
|
||||
+static char *oom_adj_path = NULL;
|
||||
+struct {
|
||||
+ char *path;
|
||||
+ int value;
|
||||
+} oom_adjust[] = {
|
||||
+ {"/proc/self/oom_score_adj", -1000}, /* kernels >= 2.6.36 */
|
||||
+ {"/proc/self/oom_adj", -17}, /* kernels <= 2.6.35 */
|
||||
+ {NULL, 0},
|
||||
+};
|
||||
|
||||
/*
|
||||
* Tell the kernel's out-of-memory killer to avoid sshd.
|
||||
@@ -224,23 +232,31 @@ static int oom_adj_save = INT_MIN;
|
||||
void
|
||||
oom_adjust_setup(void)
|
||||
{
|
||||
+ int i, value;
|
||||
FILE *fp;
|
||||
|
||||
debug3("%s", __func__);
|
||||
- if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) {
|
||||
- if (fscanf(fp, "%d", &oom_adj_save) != 1)
|
||||
- verbose("error reading %s: %s", OOM_ADJ_PATH, strerror(errno));
|
||||
- else {
|
||||
- rewind(fp);
|
||||
- if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0)
|
||||
- verbose("error writing %s: %s",
|
||||
- OOM_ADJ_PATH, strerror(errno));
|
||||
- else
|
||||
- verbose("Set %s from %d to %d",
|
||||
- OOM_ADJ_PATH, oom_adj_save, OOM_ADJ_NOKILL);
|
||||
+ for (i = 0; oom_adjust[i].path != NULL; i++) {
|
||||
+ oom_adj_path = oom_adjust[i].path;
|
||||
+ value = oom_adjust[i].value;
|
||||
+ if ((fp = fopen(oom_adj_path, "r+")) != NULL) {
|
||||
+ if (fscanf(fp, "%d", &oom_adj_save) != 1)
|
||||
+ verbose("error reading %s: %s", oom_adj_path,
|
||||
+ strerror(errno));
|
||||
+ else {
|
||||
+ rewind(fp);
|
||||
+ if (fprintf(fp, "%d\n", value) <= 0)
|
||||
+ verbose("error writing %s: %s",
|
||||
+ oom_adj_path, strerror(errno));
|
||||
+ else
|
||||
+ verbose("Set %s from %d to %d",
|
||||
+ oom_adj_path, oom_adj_save, value);
|
||||
+ }
|
||||
+ fclose(fp);
|
||||
+ return;
|
||||
}
|
||||
- fclose(fp);
|
||||
}
|
||||
+ oom_adj_path = NULL;
|
||||
}
|
||||
|
||||
/* Restore the saved OOM adjustment */
|
||||
@@ -250,13 +266,14 @@ oom_adjust_restore(void)
|
||||
FILE *fp;
|
||||
|
||||
debug3("%s", __func__);
|
||||
- if (oom_adj_save == INT_MIN || (fp = fopen(OOM_ADJ_PATH, "w")) == NULL)
|
||||
+ if (oom_adj_save == INT_MIN || oom_adj_path == NULL ||
|
||||
+ (fp = fopen(oom_adj_path, "w")) == NULL)
|
||||
return;
|
||||
|
||||
if (fprintf(fp, "%d\n", oom_adj_save) <= 0)
|
||||
- verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno));
|
||||
+ verbose("error writing %s: %s", oom_adj_path, strerror(errno));
|
||||
else
|
||||
- verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save);
|
||||
+ verbose("Set %s to %d", oom_adj_path, oom_adj_save);
|
||||
|
||||
fclose(fp);
|
||||
return;
|
30
openssh.spec
30
openssh.spec
|
@ -71,14 +71,14 @@
|
|||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%define openssh_ver 5.6p1
|
||||
%define openssh_rel 30
|
||||
%define openssh_rel 36
|
||||
%define pam_ssh_agent_ver 0.9.2
|
||||
%define pam_ssh_agent_rel 29
|
||||
|
||||
Summary: An open source implementation of SSH protocol versions 1 and 2
|
||||
Name: openssh
|
||||
Version: %{openssh_ver}
|
||||
Release: %{openssh_rel}%{?dist}%{?rescue_rel}.1
|
||||
Release: %{openssh_rel}%{?dist}%{?rescue_rel}
|
||||
URL: http://www.openssh.com/portable.html
|
||||
#URL1: http://pamsshagentauth.sourceforge.net
|
||||
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||
|
@ -139,6 +139,13 @@ Patch79: openssh-5.5p1-x11.patch
|
|||
Patch80: openssh-5.6p1-biguid.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1842
|
||||
Patch81: openssh-5.6p1-clientloop.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1894
|
||||
#https://bugzilla.redhat.com/show_bug.cgi?id=735889
|
||||
Patch82:openssh-5.6p1-getaddrinfo.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1838
|
||||
Patch83:openssh-5.6p1-linux-oomkiller.patch
|
||||
#https://bugzilla.redhat.com//show_bug.cgi?id=784641
|
||||
Patch84:openssh-5.6p1-legacy-certificate.patch
|
||||
|
||||
License: BSD
|
||||
Group: Applications/Internet
|
||||
|
@ -322,6 +329,9 @@ popd
|
|||
%patch79 -p1 -b .x11
|
||||
%patch80 -p1 -b .biguid
|
||||
%patch81 -p1 -b .clientloop
|
||||
%patch82 -p1 -b .getaddrinfo
|
||||
%patch83 -p0 -b .oomkiller
|
||||
%patch84 -p1 -b .legacy
|
||||
|
||||
autoreconf
|
||||
pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
||||
|
@ -603,6 +613,22 @@ fi
|
|||
%endif
|
||||
|
||||
%changelog
|
||||
* Mon Apr 16 2012 Petr Lautrbach <plautrba@redhat.com> 5.6p1-36 + 0.9.2-29
|
||||
- fix out-of-memory killer patch (#812676)
|
||||
|
||||
* Tue Feb 14 2012 Petr Lautrbach <plautrba@redhat.com> 5.6p1-35 + 0.9.2-29
|
||||
- Fill fields in legacy certificates with random data (#784641)
|
||||
- Look for x11 forward sockets with AI_ADDRCONFIG flag getaddrinfo (#735889)
|
||||
|
||||
* Wed Aug 3 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p2-34 + 0.9.2-29
|
||||
- Improve oom_adj (#727335)
|
||||
|
||||
* Thu Jul 14 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p2-33 + 0.9.2-29
|
||||
- Add postlogin to pam. (#718807)
|
||||
|
||||
* Fri Apr 29 2011 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-31 + 0.9.2-29
|
||||
- add flags AI_V4MAPPED and AI_ADDRCONFIG to getaddrinfo
|
||||
|
||||
* Tue Feb 08 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 5.6p1-30.1
|
||||
- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild
|
||||
|
||||
|
|
4
sshd.pam
4
sshd.pam
|
@ -1,6 +1,7 @@
|
|||
#%PAM-1.0
|
||||
auth required pam_sepermit.so
|
||||
auth include password-auth
|
||||
auth substack password-auth
|
||||
auth include postlogin
|
||||
account required pam_nologin.so
|
||||
account include password-auth
|
||||
password include password-auth
|
||||
|
@ -11,3 +12,4 @@ session required pam_loginuid.so
|
|||
session required pam_selinux.so open env_params
|
||||
session optional pam_keyinit.so force revoke
|
||||
session include password-auth
|
||||
session include postlogin
|
||||
|
|
Loading…
Reference in New Issue