rpms/openssh/devel openssh-5.2p1-homechroot.patch, NONE, 1.1 openssh-5.1p1-log-in-chroot.patch, 1.1, 1.2 openssh.spec, 1.139, 1.140
Jan F. Chadima
jfch2222 at fedoraproject.org
Fri Apr 3 12:37:30 UTC 2009
- Previous message: rpms/kdebase/F-9 kdebase.spec, 1.351, 1.352 sources, 1.102, 1.103 kdebase-4.2.1-konsole-layout-regression.patch, 1.1, NONE kdebase-4.2.1-konsole-selection.patch, 1.1, NONE
- Next message: rpms/nautilus-sendto/devel .cvsignore, 1.18, 1.19 nautilus-sendto.spec, 1.66, 1.67 sources, 1.18, 1.19 nautilus-sendto-empathy-contact-selector.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jfch2222
Update of /cvs/pkgs/rpms/openssh/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv15231
Modified Files:
openssh-5.1p1-log-in-chroot.patch openssh.spec
Added Files:
openssh-5.2p1-homechroot.patch
Log Message:
- fix logging after chroot
- enable non root users to use chroot %h in internal-sftp
openssh-5.2p1-homechroot.patch:
--- NEW FILE openssh-5.2p1-homechroot.patch ---
--- openssh-5.2p1/session.c 2009-03-20 18:08:11.263662384 +0100
+++ openssh-5.2p1/session.c 2009-03-20 18:26:29.925498409 +0100
@@ -1408,6 +1408,7 @@
const char *cp;
char component[MAXPATHLEN];
struct stat st;
+ int last;
if (*path != '/')
fatal("chroot path does not begin at root");
@@ -1419,7 +1420,7 @@
* root-owned directory with strict permissions.
*/
for (cp = path; cp != NULL;) {
- if ((cp = strchr(cp, '/')) == NULL)
+ if (((last = ((cp = strchr(cp, '/')) == NULL))))
strlcpy(component, path, sizeof(component));
else {
cp++;
@@ -1432,7 +1433,7 @@
if (stat(component, &st) != 0)
fatal("%s: stat(\"%s\"): %s", __func__,
component, strerror(errno));
- if (st.st_uid != 0 || (st.st_mode & 022) != 0)
+ if ((st.st_uid != 0 || (st.st_mode & 022) != 0) && !(last && st.st_uid == uid))
fatal("bad ownership or modes for chroot "
"directory %s\"%s\"",
cp == NULL ? "" : "component ", component);
openssh-5.1p1-log-in-chroot.patch:
Index: openssh-5.1p1-log-in-chroot.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh-5.1p1-log-in-chroot.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openssh-5.1p1-log-in-chroot.patch 23 Jul 2008 14:47:19 -0000 1.1
+++ openssh-5.1p1-log-in-chroot.patch 3 Apr 2009 12:37:30 -0000 1.2
@@ -15,15 +15,32 @@
diff -up openssh-5.1p1/log.c.log-chroot openssh-5.1p1/log.c
--- openssh-5.1p1/log.c.log-chroot 2008-06-10 15:01:51.000000000 +0200
+++ openssh-5.1p1/log.c 2008-07-23 15:18:52.000000000 +0200
-@@ -56,6 +56,7 @@ static LogLevel log_level = SYSLOG_LEVEL
+@@ -45,6 +45,7 @@
+ #include <syslog.h>
+ #include <unistd.h>
+ #include <errno.h>
++#include <fcntl.h>
+ #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
+ # include <vis.h>
+ #endif
+@@ -56,6 +57,7 @@
static int log_on_stderr = 1;
static int log_facility = LOG_AUTH;
static char *argv0;
-+static int log_fd_keep;
++int log_fd_keep = 0;
extern char *__progname;
-@@ -392,10 +393,21 @@ do_log(LogLevel level, const char *fmt,
+@@ -310,6 +312,8 @@
+ exit(1);
+ }
+
++ if (log_fd_keep != 0)
++ return;
+ /*
+ * If an external library (eg libwrap) attempts to use syslog
+ * immediately after reexec, syslog may be pointing to the wrong
+@@ -392,10 +396,33 @@
syslog_r(pri, &sdata, "%.500s", fmtbuf);
closelog_r(&sdata);
#else
@@ -42,16 +59,58 @@
+void
+open_log(void)
+{
++ int temp1, temp2;
++
++ temp1 = open("/dev/null", O_RDONLY);
+ openlog(argv0 ? argv0 : __progname, LOG_PID|LOG_NDELAY, log_facility);
-+ log_fd_keep = 1;
++ temp2 = open("/dev/null", O_RDONLY);
++ if (temp1 + 2 == temp2)
++ log_fd_keep = temp1 + 1;
++ else
++ log_fd_keep = -1;
++
++ if (temp1 != -1)
++ close(temp1);
++ if (temp2 != -1)
++ close(temp2);
+}
diff -up openssh-5.1p1/log.h.log-chroot openssh-5.1p1/log.h
--- openssh-5.1p1/log.h.log-chroot 2008-06-13 02:22:54.000000000 +0200
+++ openssh-5.1p1/log.h 2008-07-23 15:20:11.000000000 +0200
-@@ -66,4 +66,6 @@ void debug3(const char *, ...) __att
+@@ -46,6 +46,9 @@
+ SYSLOG_LEVEL_NOT_SET = -1
+ } LogLevel;
+
++
++extern int log_fd_keep;
++
+ void log_init(char *, LogLevel, SyslogFacility, int);
+
+ SyslogFacility log_facility_number(char *);
+@@ -66,4 +69,6 @@
void do_log(LogLevel, const char *, va_list);
void cleanup_exit(int) __attribute__((noreturn));
+
+void open_log(void);
#endif
+--- openssh-5.2p1/session.c. 2009-03-20 18:32:01.004151364 +0100
++++ openssh-5.2p1/session.c 2009-03-20 19:00:28.328742384 +0100
+@@ -1445,6 +1456,7 @@
+ if (chdir(path) == -1)
+ fatal("Unable to chdir to chroot path \"%s\": "
+ "%s", path, strerror(errno));
++ open_log ();
+ if (chroot(path) == -1)
+ fatal("chroot(\"%s\"): %s", path, strerror(errno));
+ if (chdir("/") == -1)
+@@ -1632,7 +1644,8 @@
+ * descriptors open.
+ */
+ for (i = 3; i < 64; i++)
+- close(i);
++ if (i != log_fd_keep)
++ close(i);
+ }
+
+ /*
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.139
retrieving revision 1.140
diff -u -r1.139 -r1.140
--- openssh.spec 13 Mar 2009 10:32:52 -0000 1.139
+++ openssh.spec 3 Apr 2009 12:37:30 -0000 1.140
@@ -63,7 +63,7 @@
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
Version: 5.2p1
-Release: 2%{?dist}%{?rescue_rel}
+Release: 3%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -97,6 +97,7 @@
Patch55: openssh-5.1p1-cloexec.patch
Patch62: openssh-5.1p1-scp-manpage.patch
Patch65: openssh-5.2p1-fips.patch
+Patch66: openssh-5.2p1-homechroot.patch
License: BSD
Group: Applications/Internet
@@ -228,6 +229,7 @@
%patch55 -p1 -b .cloexec
%patch62 -p1 -b .manpage
%patch65 -p1 -b .fips
+%patch66 -p1 -b .homechroot
autoreconf
@@ -472,6 +474,10 @@
%endif
%changelog
+* Fri Apr 3 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-3
+- fix logging after chroot
+- enable non root users to use chroot %h in internal-sftp
+
* Fri Mar 13 2009 Tomas Mraz <tmraz at redhat.com> - 5.2p1-2
- add AES-CTR ciphers to the FIPS mode proposal
- Previous message: rpms/kdebase/F-9 kdebase.spec, 1.351, 1.352 sources, 1.102, 1.103 kdebase-4.2.1-konsole-layout-regression.patch, 1.1, NONE kdebase-4.2.1-konsole-selection.patch, 1.1, NONE
- Next message: rpms/nautilus-sendto/devel .cvsignore, 1.18, 1.19 nautilus-sendto.spec, 1.66, 1.67 sources, 1.18, 1.19 nautilus-sendto-empathy-contact-selector.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list