rpms/openssh/F-12 openssh-5.1p1-cloexec.patch, 1.3, 1.4 openssh-5.3p1-randclean.patch, 1.1, 1.2 openssh.spec, 1.178, 1.179
Jan F. Chadima
jfch2222 at fedoraproject.org
Thu Jan 28 11:52:51 UTC 2010
- Previous message: rpms/psacct/devel psacct-logrotate.in,NONE,1.1 psacct.spec,1.45,1.46
- Next message: rpms/fmtools/F-12 .cvsignore, 1.6, 1.7 fmtools.spec, 1.14, 1.15 import.log, 1.9, 1.10 sources, 1.6, 1.7 tkradio.py, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jfch2222
Update of /cvs/pkgs/rpms/openssh/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv9785
Modified Files:
openssh-5.1p1-cloexec.patch openssh-5.3p1-randclean.patch
openssh.spec
Log Message:
optimized FD_CLOEXEC on accept socket
openssh-5.1p1-cloexec.patch:
channels.c | 13 +++++++++++++
sshconnect.c | 6 +++++-
sshconnect2.c | 2 ++
sshd.c | 4 ++++
4 files changed, 24 insertions(+), 1 deletion(-)
Index: openssh-5.1p1-cloexec.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-12/openssh-5.1p1-cloexec.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- openssh-5.1p1-cloexec.patch 19 Jan 2010 09:24:07 -0000 1.3
+++ openssh-5.1p1-cloexec.patch 28 Jan 2010 11:52:51 -0000 1.4
@@ -1,6 +1,6 @@
diff -up openssh-5.3p1/channels.c.cloexec openssh-5.3p1/channels.c
---- openssh-5.3p1/channels.c.cloexec 2010-01-19 09:26:50.000000000 +0100
-+++ openssh-5.3p1/channels.c 2010-01-19 09:26:51.000000000 +0100
+--- openssh-5.3p1/channels.c.cloexec 2010-01-25 17:25:58.000000000 +0100
++++ openssh-5.3p1/channels.c 2010-01-25 17:26:01.000000000 +0100
@@ -60,6 +60,7 @@
#include <termios.h>
#include <unistd.h>
@@ -29,8 +29,8 @@ diff -up openssh-5.3p1/channels.c.cloexe
c->wfd = wfd;
c->sock = (rfd == wfd) ? rfd : -1;
diff -up openssh-5.3p1/sshconnect2.c.cloexec openssh-5.3p1/sshconnect2.c
---- openssh-5.3p1/sshconnect2.c.cloexec 2010-01-19 09:26:50.000000000 +0100
-+++ openssh-5.3p1/sshconnect2.c 2010-01-19 09:26:51.000000000 +0100
+--- openssh-5.3p1/sshconnect2.c.cloexec 2010-01-25 17:25:58.000000000 +0100
++++ openssh-5.3p1/sshconnect2.c 2010-01-25 17:26:01.000000000 +0100
@@ -39,6 +39,7 @@
#include <stdio.h>
#include <string.h>
@@ -49,7 +49,7 @@ diff -up openssh-5.3p1/sshconnect2.c.clo
if (dup2(from[1], STDOUT_FILENO) < 0)
diff -up openssh-5.3p1/sshconnect.c.cloexec openssh-5.3p1/sshconnect.c
--- openssh-5.3p1/sshconnect.c.cloexec 2009-06-21 10:53:53.000000000 +0200
-+++ openssh-5.3p1/sshconnect.c 2010-01-19 09:26:51.000000000 +0100
++++ openssh-5.3p1/sshconnect.c 2010-01-25 17:26:01.000000000 +0100
@@ -38,6 +38,7 @@
#include <stdlib.h>
#include <string.h>
@@ -72,13 +72,16 @@ diff -up openssh-5.3p1/sshconnect.c.cloe
/* Bind the socket to an alternative local IP address */
if (options.bind_address == NULL)
diff -up openssh-5.3p1/sshd.c.cloexec openssh-5.3p1/sshd.c
---- openssh-5.3p1/sshd.c.cloexec 2010-01-19 09:43:45.000000000 +0100
-+++ openssh-5.3p1/sshd.c 2010-01-19 09:47:04.000000000 +0100
-@@ -1105,6 +1105,7 @@ server_accept_loop(int *sock_in, int *so
- error("accept: %.100s", strerror(errno));
- continue;
- }
-+ fcntl(*newsock, F_SETFD, FD_CLOEXEC);
- if (unset_nonblock(*newsock) == -1) {
- close(*newsock);
- continue;
+--- openssh-5.3p1/sshd.c.cloexec 2010-01-25 17:25:55.000000000 +0100
++++ openssh-5.3p1/sshd.c 2010-01-25 18:29:23.000000000 +0100
+@@ -1756,6 +1756,10 @@ main(int ac, char **av)
+ sock_in, sock_out, newsock, startup_pipe, config_s[0]);
+ }
+
++ /* set fd cloexec on io/sockets to avoid to forward them to childern */
++ fcntl(sock_out, F_SETFD, FD_CLOEXEC);
++ fcntl(sock_in, F_SETFD, FD_CLOEXEC);
++
+ /*
+ * Disable the key regeneration alarm. We will not regenerate the
+ * key since we are no longer in a position to give it to anyone. We
openssh-5.3p1-randclean.patch:
entropy.c | 3 +++
1 file changed, 3 insertions(+)
Index: openssh-5.3p1-randclean.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-12/openssh-5.3p1-randclean.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- openssh-5.3p1-randclean.patch 20 Jan 2010 19:12:59 -0000 1.1
+++ openssh-5.3p1-randclean.patch 28 Jan 2010 11:52:51 -0000 1.2
@@ -1,110 +1,13 @@
-diff -up openssh-5.3p1/ssh-add.c.randclean openssh-5.3p1/ssh-add.c
---- openssh-5.3p1/ssh-add.c.randclean 2010-01-20 19:13:28.000000000 +0100
-+++ openssh-5.3p1/ssh-add.c 2010-01-20 19:13:29.000000000 +0100
-@@ -41,6 +41,7 @@
- #include <sys/stat.h>
- #include <sys/param.h>
-
-+#include <openssl/rand.h>
- #include <openssl/evp.h>
- #include <openssl/fips.h>
- #include "openbsd-compat/openssl-compat.h"
-@@ -471,6 +472,9 @@ main(int argc, char **argv)
- int use_nss = 0;
- #endif
-
-+ /* clean the PRNG status when exiting the program */
-+ atexit(RAND_cleanup);
-+
- /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
- sanitise_stdfd();
-
-diff -up openssh-5.3p1/ssh.c.randclean openssh-5.3p1/ssh.c
---- openssh-5.3p1/ssh.c.randclean 2010-01-20 19:13:29.000000000 +0100
-+++ openssh-5.3p1/ssh.c 2010-01-20 19:13:29.000000000 +0100
-@@ -70,6 +70,7 @@
- #include <netinet/in.h>
- #include <arpa/inet.h>
-
-+#include <openssl/rand.h>
- #include <openssl/evp.h>
- #include <openssl/err.h>
- #include <openssl/fips.h>
-@@ -220,6 +221,9 @@ main(int ac, char **av)
- struct servent *sp;
- Forward fwd;
-
-+ /* clean the PRNG status when exiting the program */
-+ atexit(RAND_cleanup);
-+
- /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
- sanitise_stdfd();
-
-diff -up openssh-5.3p1/sshd.c.randclean openssh-5.3p1/sshd.c
---- openssh-5.3p1/sshd.c.randclean 2010-01-20 19:13:29.000000000 +0100
-+++ openssh-5.3p1/sshd.c 2010-01-20 19:13:29.000000000 +0100
-@@ -1263,6 +1263,9 @@ main(int ac, char **av)
- Key *key;
- Authctxt *authctxt;
-
-+ /* clean the PRNG status when exiting the program */
-+ atexit(RAND_cleanup);
-+
- #ifdef HAVE_SECUREWARE
- (void)set_auth_parameters(ac, av);
- #endif
-diff -up openssh-5.3p1/ssh-keygen.c.randclean openssh-5.3p1/ssh-keygen.c
---- openssh-5.3p1/ssh-keygen.c.randclean 2010-01-20 19:13:29.000000000 +0100
-+++ openssh-5.3p1/ssh-keygen.c 2010-01-20 19:13:29.000000000 +0100
-@@ -19,6 +19,7 @@
- #include <sys/stat.h>
- #include <sys/param.h>
-
-+#include <openssl/rand.h>
- #include <openssl/evp.h>
- #include <openssl/pem.h>
- #include <openssl/fips.h>
-@@ -1120,6 +1121,9 @@ main(int argc, char **argv)
- extern int optind;
- extern char *optarg;
-
-+ /* clean the PRNG status when exiting the program */
-+ atexit(RAND_cleanup);
-+
- /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
- sanitise_stdfd();
-
-diff -up openssh-5.3p1/ssh-keyscan.c.randclean openssh-5.3p1/ssh-keyscan.c
---- openssh-5.3p1/ssh-keyscan.c.randclean 2009-01-28 06:31:23.000000000 +0100
-+++ openssh-5.3p1/ssh-keyscan.c 2010-01-20 19:21:16.000000000 +0100
-@@ -18,6 +18,7 @@
- #include <netinet/in.h>
- #include <arpa/inet.h>
-
-+#include <openssl/rand.h>
- #include <openssl/bn.h>
-
- #include <netdb.h>
-@@ -730,6 +731,9 @@ main(int argc, char **argv)
- extern int optind;
- extern char *optarg;
-
-+ /* clean the PRNG status when exiting the program */
-+ atexit(RAND_cleanup);
-+
- __progname = ssh_get_progname(argv[0]);
- init_rng();
- seed_rng();
-diff -up openssh-5.3p1/ssh-keysign.c.randclean openssh-5.3p1/ssh-keysign.c
---- openssh-5.3p1/ssh-keysign.c.randclean 2006-09-01 07:38:37.000000000 +0200
-+++ openssh-5.3p1/ssh-keysign.c 2010-01-20 19:13:29.000000000 +0100
-@@ -158,6 +158,9 @@ main(int argc, char **argv)
- u_int slen, dlen;
- u_int32_t rnd[256];
+diff -up openssh-5.3p1/entropy.c.randclean openssh-5.3p1/entropy.c
+--- openssh-5.3p1/entropy.c.randclean 2010-01-21 09:26:30.000000000 +0100
++++ openssh-5.3p1/entropy.c 2010-01-21 09:26:37.000000000 +0100
+@@ -159,6 +159,9 @@ init_rng(void)
+ fatal("OpenSSL version mismatch. Built against %lx, you "
+ "have %lx", OPENSSL_VERSION_NUMBER, SSLeay());
+ /* clean the PRNG status when exiting the program */
+ atexit(RAND_cleanup);
+
- /* Ensure that stdin and stdout are connected */
- if ((fd = open(_PATH_DEVNULL, O_RDWR)) < 2)
- exit(1);
+ #ifndef OPENSSL_PRNG_ONLY
+ original_uid = getuid();
+ original_euid = geteuid();
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-12/openssh.spec,v
retrieving revision 1.178
retrieving revision 1.179
diff -u -p -r1.178 -r1.179
--- openssh.spec 20 Jan 2010 19:12:59 -0000 1.178
+++ openssh.spec 28 Jan 2010 11:52:51 -0000 1.179
@@ -69,7 +69,7 @@
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
Version: 5.3p1
-Release: 16%{?dist}%{?rescue_rel}
+Release: 18%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#URL1: http://pamsshauth.sourceforge.net
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@@ -527,6 +527,12 @@ fi
%endif
%changelog
+* Thu Jan 28 2010 Jan F. Chadima <jchadima at redhat.com> - 5.3p1-18
+- optimized FD_CLOEXEC on accept socket (#541809)
+
+* Thu Jan 21 2010 Jan F. Chadima <jchadima at redhat.com> - 5.3p1-17
+- optimized RAND_cleanup patch (#557166)
+
* Wed Jan 20 2010 Jan F. Chadima <jchadima at redhat.com> - 5.3p1-16
- add RAND_cleanup at the exit of each program using RAND (#557166)
- Previous message: rpms/psacct/devel psacct-logrotate.in,NONE,1.1 psacct.spec,1.45,1.46
- Next message: rpms/fmtools/F-12 .cvsignore, 1.6, 1.7 fmtools.spec, 1.14, 1.15 import.log, 1.9, 1.10 sources, 1.6, 1.7 tkradio.py, 1.5, 1.6
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the scm-commits
mailing list