From 077dad73204a8a6b2dfbbcb1db3a4f890f2e8dfb Mon Sep 17 00:00:00 2001 From: Tomáš Mráz Date: May 21 2008 08:16:23 +0000 Subject: - pass the connection socket to ssh-keysign (#447680) --- diff --git a/openssh-4.7p1-cloexec.patch b/openssh-4.7p1-cloexec.patch index 23d2746..b1442bf 100644 --- a/openssh-4.7p1-cloexec.patch +++ b/openssh-4.7p1-cloexec.patch @@ -1,6 +1,25 @@ +diff -up openssh-4.7p1/sshconnect2.c.cloexec openssh-4.7p1/sshconnect2.c +--- openssh-4.7p1/sshconnect2.c.cloexec 2008-03-06 15:58:03.000000000 +0100 ++++ openssh-4.7p1/sshconnect2.c 2008-05-21 09:27:06.000000000 +0200 +@@ -38,6 +38,7 @@ + #include + #include + #include ++#include + + #include "openbsd-compat/sys-queue.h" + +@@ -1257,6 +1258,7 @@ ssh_keysign(Key *key, u_char **sigp, u_i + return -1; + } + if (pid == 0) { ++ fcntl(packet_get_connection_in(), F_SETFD, 0); /* keep the socket on exec */ + permanently_drop_suid(getuid()); + close(from[0]); + if (dup2(from[1], STDOUT_FILENO) < 0) diff -up openssh-4.7p1/sshconnect.c.cloexec openssh-4.7p1/sshconnect.c --- openssh-4.7p1/sshconnect.c.cloexec 2006-10-23 19:02:24.000000000 +0200 -+++ openssh-4.7p1/sshconnect.c 2008-02-05 23:14:28.000000000 +0100 ++++ openssh-4.7p1/sshconnect.c 2008-03-06 15:58:03.000000000 +0100 @@ -38,6 +38,7 @@ #include #include diff --git a/openssh.spec b/openssh.spec index 5968e88..2849676 100644 --- a/openssh.spec +++ b/openssh.spec @@ -63,7 +63,7 @@ Summary: The OpenSSH implementation of SSH protocol versions 1 and 2 Name: openssh Version: 5.0p1 -Release: 2%{?dist}%{?rescue_rel} +Release: 3%{?dist}%{?rescue_rel} URL: http://www.openssh.com/portable.html #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc @@ -484,6 +484,9 @@ fi %endif %changelog +* Wed May 21 2008 Tomas Mraz - 5.0p1-3 +- pass the connection socket to ssh-keysign (#447680) + * Mon May 19 2008 Tomas Mraz - 5.0p1-2 - add LANGUAGE to accepted/sent environment variables (#443231) - use pam_selinux to obtain the user context instead of doing it itself