From 22c9eba47d2bad085fe25fdd610864d0cbfea983 Mon Sep 17 00:00:00 2001
From: CentOS Sources <bugs@centos.org>
Date: Apr 12 2017 10:06:41 +0000
Subject: import openssh-6.6.1p1-35.el7_3


---

diff --git a/SOURCES/openssh-6.6p1-systemd.patch b/SOURCES/openssh-6.6p1-systemd.patch
new file mode 100644
index 0000000..4351e5a
--- /dev/null
+++ b/SOURCES/openssh-6.6p1-systemd.patch
@@ -0,0 +1,98 @@
+commit 0e22b79bfde45a7cf7a2e51a68ec11c4285f3b31
+Author: Jakub Jelen <jjelen@redhat.com>
+Date:   Mon Nov 21 15:04:06 2016 +0100
+
+    systemd stuff
+
+diff --git a/configure.ac b/configure.ac
+index 2ffc369..162ce92 100644
+--- a/configure.ac
++++ b/configure.ac
+@@ -4265,6 +4265,30 @@ AC_ARG_WITH([kerberos5],
+ AC_SUBST([GSSLIBS])
+ AC_SUBST([K5LIBS])
+ 
++# Check whether user wants systemd support
++SYSTEMD_MSG="no"
++AC_ARG_WITH(systemd,
++	[  --with-systemd          Enable systemd support],
++	[ if test "x$withval" != "xno" ; then
++		AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
++		if test "$PKGCONFIG" != "no"; then
++			AC_MSG_CHECKING([for libsystemd])
++			if $PKGCONFIG --exists libsystemd; then
++				SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
++				SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
++				CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
++				SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
++				AC_MSG_RESULT([yes])
++				AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
++				SYSTEMD_MSG="yes"
++			else
++				AC_MSG_RESULT([no])
++			fi
++		fi
++	fi ]
++)
++
++
+ # Looking for programs, paths and files
+ 
+ PRIVSEP_PATH=/var/empty
+@@ -5097,6 +5121,7 @@ echo "                   libedit support: $LIBEDIT_MSG"
+ echo "                   libedit support: $LIBEDIT_MSG"
+ echo "  Solaris process contract support: $SPC_MSG"
+ echo "           Solaris project support: $SP_MSG"
++echo "                   systemd support: $SYSTEMD_MSG"
+ echo "       IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
+ echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
+ echo "                  BSD Auth support: $BSD_AUTH_MSG"
+diff --git a/contrib/sshd.service b/contrib/sshd.service
+new file mode 100644
+index 0000000..e0d4923
+--- /dev/null
++++ b/contrib/sshd.service
+@@ -0,0 +1,16 @@
++[Unit]
++Description=OpenSSH server daemon
++Documentation=man:sshd(8) man:sshd_config(5)
++After=network.target
++
++[Service]
++Type=notify
++ExecStart=/usr/sbin/sshd -D $OPTIONS
++ExecReload=/bin/kill -HUP $MAINPID
++KillMode=process
++Restart=on-failure
++RestartPreventExitStatus=255
++
++[Install]
++WantedBy=multi-user.target
++
+diff --git a/sshd.c b/sshd.c
+index 816611c..b8b9d13 100644
+--- a/sshd.c
++++ b/sshd.c
+@@ -85,6 +85,10 @@
+ #include <prot.h>
+ #endif
+ 
++#ifdef HAVE_SYSTEMD
++#include <systemd/sd-daemon.h>
++#endif
++
+ #include "xmalloc.h"
+ #include "ssh.h"
+ #include "ssh1.h"
+@@ -1833,6 +1837,11 @@ main(int ac, char **av)
+ 			}
+ 		}
+ 
++#ifdef HAVE_SYSTEMD
++	/* Signal systemd that we are ready to accept connections */
++	sd_notify(0, "READY=1");
++#endif
++
+ 		/* Accept a connection and return in a forked child */
+ 		server_accept_loop(&sock_in, &sock_out,
+ 		    &newsock, config_s);
diff --git a/SOURCES/sshd.service b/SOURCES/sshd.service
index 089d4a7..ce0cdee 100644
--- a/SOURCES/sshd.service
+++ b/SOURCES/sshd.service
@@ -5,14 +5,14 @@ After=network.target sshd-keygen.service
 Wants=sshd-keygen.service
 
 [Service]
-Type=forking
-PIDFile=/var/run/sshd.pid
+Type=notify
 EnvironmentFile=/etc/sysconfig/sshd
-ExecStart=/usr/sbin/sshd $OPTIONS
+ExecStart=/usr/sbin/sshd -D $OPTIONS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
 RestartSec=42s
+RestartPreventExitStatus=255
 
 [Install]
 WantedBy=multi-user.target
diff --git a/SPECS/openssh.spec b/SPECS/openssh.spec
index f0a67fb..4738d20 100644
--- a/SPECS/openssh.spec
+++ b/SPECS/openssh.spec
@@ -64,7 +64,7 @@
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 6.6.1p1
-%define openssh_rel 33
+%define openssh_rel 35
 %define pam_ssh_agent_ver 0.9.3
 %define pam_ssh_agent_rel 9
 
@@ -268,6 +268,8 @@ Patch939: openssh-6.6p1-x11-max-displays.patch
 Patch940: openssh-6.6p1-permitopen-any-host.patch
 # Rework capabilities handling for SELinux confined users (#1357859)
 Patch941: openssh-6.6p1-chroot-capabilities.patch
+# Add systemd stuff so it can track running service (#1381997)
+Patch942: openssh-6.6p1-systemd.patch
 
 
 License: BSD
@@ -295,6 +297,7 @@ BuildRequires: tcp_wrappers-devel
 BuildRequires: fipscheck-devel >= 1.3.0
 BuildRequires: openssl-devel >= 0.9.8j
 BuildRequires: perl-podlators
+BuildRequires: systemd-devel
 
 %if %{kerberos5}
 BuildRequires: krb5-devel
@@ -515,6 +518,7 @@ popd
 %patch939 -p1 -b .x11max
 %patch940 -p1 -b .permitopen
 %patch941 -p1 -b .chroot-cap
+%patch942 -p1 -b .patch
 
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-fps
@@ -581,6 +585,7 @@ fi
 	--without-zlib-version-check \
 	--with-ssl-engine \
 	--with-ipaddr-display \
+	--with-systemd \
 %if %{ldap}
 	--with-ldap \
 %endif
@@ -828,6 +833,12 @@ getent passwd sshd >/dev/null || \
 %endif
 
 %changelog
+* Wed Mar 01 2017 Jakub Jelen <jjelen@redhat.com> - 6.6.1p1-35 + 0.9.3-9
+- Do not send SD_NOTIFY from forked childern (#1381997)
+
+* Fri Feb 24 2017 Jakub Jelen <jjelen@redhat.com> - 6.6.1p1-34 + 0.9.3-9
+- Add SD_NOTIFY code to help systemd to track running service (#1381997)
+
 * Mon Dec 19 2016 Jakub Jelen <jjelen@redhat.com> - 6.6.1p1-33 + 0.9.3-9
 - Restore login with large MOTD (#1404018)