From 8ecc35d44b263032a646174f776163c3a3cc3b37 Mon Sep 17 00:00:00 2001 From: Arkadiusz Miśkiewicz Date: Tue, 1 Mar 2022 15:07:33 +0100 Subject: Up to 8.9p1. diff --git a/closefrom.patch b/closefrom.patch deleted file mode 100644 index 760e2cd..0000000 --- a/closefrom.patch +++ /dev/null @@ -1,57 +0,0 @@ -commit 10b899a15c88eb40eb5f73cd0fa84ef0966f79c9 -Author: Darren Tucker -Date: Wed Nov 10 12:34:25 2021 +1100 - - Don't trust closefrom() on Linux. - - glibc's closefrom implementation does not work in a chroot when the kernel - does not have close_range. It tries to read from /proc/self/fd and when - that fails dies with an assertion of sorts. Instead, call close_range - ourselves from our compat code and fall back if that fails. bz#3349, - with william.wilson at canonical.com and fweimer at redhat.com. - -diff --git a/configure.ac b/configure.ac -index 165b391f..cd4cadec 100644 ---- a/configure.ac -+++ b/configure.ac -@@ -839,6 +839,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) - dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. - dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE - CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" -+ AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) - AC_DEFINE([PAM_TTY_KLUDGE], [1], - [Work around problematic Linux PAM modules handling of PAM_TTY]) - AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], -@@ -1820,6 +1821,7 @@ AC_CHECK_FUNCS([ \ - cap_rights_limit \ - clock \ - closefrom \ -+ close_range \ - dirfd \ - endgrent \ - err \ -diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c -index 8fadca2d..08b7da69 100644 ---- a/openbsd-compat/bsd-closefrom.c -+++ b/openbsd-compat/bsd-closefrom.c -@@ -16,7 +16,7 @@ - - #include "includes.h" - --#ifndef HAVE_CLOSEFROM -+#if !defined(HAVE_CLOSEFROM) || defined(BROKEN_CLOSEFROM) - - #include - #include -@@ -130,6 +130,11 @@ closefrom(int lowfd) - DIR *dirp; - int len; - -+#ifdef HAVE_CLOSE_RANGE -+ if (close_range(lowfd, INT_MAX, 0) == 0) -+ return; -+#endif -+ - /* Check for a /proc/$$/fd directory. */ - len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid()); - if (len > 0 && (size_t)len < sizeof(fdpath) && (dirp = opendir(fdpath))) { diff --git a/openssh.spec b/openssh.spec index 1af592e..1434428 100644 --- a/openssh.spec +++ b/openssh.spec @@ -36,13 +36,13 @@ Summary(pt_BR.UTF-8): Implementação livre do SSH Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH) Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) Name: openssh -Version: 8.8p1 -Release: 3 +Version: 8.9p1 +Release: 1 Epoch: 2 License: BSD Group: Applications/Networking Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz -# Source0-md5: 8ce5f390958baeeab635aafd0ef41453 +# Source0-md5: f33910174f0af52491277211e2b105bb Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2 # Source1-md5: 66943d481cc422512b537bcc2c7400d1 Source2: %{name}d.init @@ -68,7 +68,7 @@ Patch8: ldap-helper-sigpipe.patch # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/ # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz Patch9: %{name}-5.2p1-hpn13v6.diff -Patch10: closefrom.patch + Patch11: %{name}-chroot.patch Patch13: %{name}-skip-interop-tests.patch @@ -550,7 +550,7 @@ openldap-a. %patch8 -p1 %{?with_hpn:%patch9 -p1} -%patch10 -p1 + %patch11 -p1 %patch13 -p1 -- cgit v0.10.2