commit e24ec364a8a89d209b87a0ffbe00d8a046d4a9e6 Author: Arkadiusz Miśkiewicz <ar...@maven.pl> Date: Tue Nov 16 20:44:34 2021 +0100
Rel 2; upstream 'Don't trust closefrom() on Linux.'. Should fix problems with closefrom in chroot. closefrom.patch | 57 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ openssh.spec | 6 +++--- 2 files changed, 60 insertions(+), 3 deletions(-) --- diff --git a/openssh.spec b/openssh.spec index bacae21..e991060 100644 --- a/openssh.spec +++ b/openssh.spec @@ -37,7 +37,7 @@ Summary(ru.UTF-8): OpenSSH - свободная реализация прото Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) Name: openssh Version: 8.8p1 -Release: 1 +Release: 2 Epoch: 2 License: BSD Group: Applications/Networking @@ -68,7 +68,7 @@ Patch8: ldap-helper-sigpipe.patch # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/ # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz Patch9: %{name}-5.2p1-hpn13v6.diff - +Patch10: closefrom.patch Patch11: %{name}-chroot.patch Patch13: %{name}-skip-interop-tests.patch @@ -550,7 +550,7 @@ openldap-a. %patch8 -p1 %{?with_hpn:%patch9 -p1} - +%patch10 -p1 %patch11 -p1 %patch13 -p1 diff --git a/closefrom.patch b/closefrom.patch new file mode 100644 index 0000000..760e2cd --- /dev/null +++ b/closefrom.patch @@ -0,0 +1,57 @@ +commit 10b899a15c88eb40eb5f73cd0fa84ef0966f79c9 +Author: Darren Tucker <dtuc...@dtucker.net> +Date: Wed Nov 10 12:34:25 2021 +1100 + + Don't trust closefrom() on Linux. + + glibc's closefrom implementation does not work in a chroot when the kernel + does not have close_range. It tries to read from /proc/self/fd and when + that fails dies with an assertion of sorts. Instead, call close_range + ourselves from our compat code and fall back if that fails. bz#3349, + with william.wilson at canonical.com and fweimer at redhat.com. + +diff --git a/configure.ac b/configure.ac +index 165b391f..cd4cadec 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -839,6 +839,7 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) + dnl Target SUSv3/POSIX.1-2001 plus BSD specifics. + dnl _DEFAULT_SOURCE is the new name for _BSD_SOURCE + CPPFLAGS="$CPPFLAGS -D_XOPEN_SOURCE=600 -D_BSD_SOURCE -D_DEFAULT_SOURCE" ++ AC_DEFINE([BROKEN_CLOSEFROM], [1], [broken in chroots on older kernels]) + AC_DEFINE([PAM_TTY_KLUDGE], [1], + [Work around problematic Linux PAM modules handling of PAM_TTY]) + AC_DEFINE([LOCKED_PASSWD_PREFIX], ["!"], +@@ -1820,6 +1821,7 @@ AC_CHECK_FUNCS([ \ + cap_rights_limit \ + clock \ + closefrom \ ++ close_range \ + dirfd \ + endgrent \ + err \ +diff --git a/openbsd-compat/bsd-closefrom.c b/openbsd-compat/bsd-closefrom.c +index 8fadca2d..08b7da69 100644 +--- a/openbsd-compat/bsd-closefrom.c ++++ b/openbsd-compat/bsd-closefrom.c +@@ -16,7 +16,7 @@ + + #include "includes.h" + +-#ifndef HAVE_CLOSEFROM ++#if !defined(HAVE_CLOSEFROM) || defined(BROKEN_CLOSEFROM) + + #include <sys/types.h> + #include <sys/param.h> +@@ -130,6 +130,11 @@ closefrom(int lowfd) + DIR *dirp; + int len; + ++#ifdef HAVE_CLOSE_RANGE ++ if (close_range(lowfd, INT_MAX, 0) == 0) ++ return; ++#endif ++ + /* Check for a /proc/$$/fd directory. */ + len = snprintf(fdpath, sizeof(fdpath), "/proc/%ld/fd", (long)getpid()); + if (len > 0 && (size_t)len < sizeof(fdpath) && (dirp = opendir(fdpath))) { ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/openssh.git/commitdiff/e24ec364a8a89d209b87a0ffbe00d8a046d4a9e6 _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit