[gsi-openssh/f17] Based on openssh-5.9p1-30.fc17
Mattias Ellert
ellert at fedoraproject.org
Mon Jun 24 05:18:18 UTC 2013
commit bdfd499d993200cdae8c20b5f9459d071530b86e
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Mon Jun 24 06:35:28 2013 +0200
Based on openssh-5.9p1-30.fc17
gsi-openssh.spec | 8 ++++-
openssh-5.9p1-sftp-multibyte.patch | 59 ++++++++++++++++++++++++++++++++++++
2 files changed, 66 insertions(+), 1 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index 1cf1398..e2bc27f 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -32,7 +32,7 @@
%global nologin 1
%global openssh_ver 5.9p1
-%global openssh_rel 11
+%global openssh_rel 12
Summary: An implementation of the SSH protocol with GSI authentication
Name: gsi-openssh
@@ -163,6 +163,8 @@ Patch902: openssh-5.9p1-man-moduli.patch
Patch903: openssh-5.9p1-ipqos.patch
# change default value of MaxStartups - CVE-2010-5107 - #908707
Patch904: openssh-5.9p1-change-max-startups.patch
+# make sftp's libedit interface marginally multibyte aware (#841771)
+Patch908: openssh-5.9p1-sftp-multibyte.patch
# This is the patch that adds GSI support
# Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-5.9p1.patch
@@ -332,6 +334,7 @@ This version of OpenSSH has been modified to support GSI authentication.
%patch902 -p1 -b .man-moduli
%patch903 -p1 -b .ipqos
%patch904 -p1 -b .max-startups
+%patch908 -p1 -b .sftp-multibyte
%patch98 -p1 -b .gsi
@@ -555,6 +558,9 @@ fi
%attr(0644,root,root) %{_unitdir}/gsisshd.service
%changelog
+* Mon Jun 24 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.9p1-12
+- Based on openssh-5.9p1-30.fc17
+
* Sat Apr 06 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.9p1-11
- Security fix for vulnerability
http://grid.ncsa.illinois.edu/ssh/pamuserchange-2013-01.adv
diff --git a/openssh-5.9p1-sftp-multibyte.patch b/openssh-5.9p1-sftp-multibyte.patch
new file mode 100644
index 0000000..7466aa2
--- /dev/null
+++ b/openssh-5.9p1-sftp-multibyte.patch
@@ -0,0 +1,59 @@
+diff -U0 openssh-5.9p1/ChangeLog.sftp-multibyte openssh-5.9p1/ChangeLog
+--- openssh-5.9p1/ChangeLog.sftp-multibyte 2011-09-07 01:13:15.000000000 +0200
++++ openssh-5.9p1/ChangeLog 2013-06-20 10:46:26.236734807 +0200
+@@ -0,0 +1,8 @@
++20130605
++ - dtucker at cvs.openbsd.org 2013/06/04 20:42:36
++ [sftp.c]
++ Make sftp's libedit interface marginally multibyte aware by building up
++ the quoted string by character instead of by byte. Prevents failures
++ when linked against a libedit built with wide character support (bz#1990).
++ "looks ok" djm
++
+diff -up openssh-5.9p1/sftp.c.sftp-multibyte openssh-5.9p1/sftp.c
+--- openssh-5.9p1/sftp.c.sftp-multibyte 2013-06-20 10:46:26.050735604 +0200
++++ openssh-5.9p1/sftp.c 2013-06-20 10:46:26.237734803 +0200
+@@ -38,6 +38,7 @@
+ #ifdef HAVE_LIBGEN_H
+ #include <libgen.h>
+ #endif
++#include <locale.h>
+ #ifdef USE_LIBEDIT
+ #include <histedit.h>
+ #else
+@@ -1692,8 +1693,9 @@ complete_match(EditLine *el, struct sftp
+ char *file, int remote, int lastarg, char quote, int terminated)
+ {
+ glob_t g;
+- char *tmp, *tmp2, ins[3];
++ char *tmp, *tmp2, ins[8];
+ u_int i, hadglob, pwdlen, len, tmplen, filelen;
++ int clen;
+ const LineInfo *lf;
+
+ /* Glob from "file" location */
+@@ -1749,10 +1751,13 @@ complete_match(EditLine *el, struct sftp
+ tmp2 = tmp + filelen;
+ len = strlen(tmp2);
+ /* quote argument on way out */
+- for (i = 0; i < len; i++) {
++ for (i = 0; i < len; i += clen) {
++ if ((clen = mblen(tmp2 + i, len - i)) < 0 ||
++ (size_t)clen > sizeof(ins) - 2)
++ fatal("invalid multibyte character");
+ ins[0] = '\\';
+- ins[1] = tmp2[i];
+- ins[2] = '\0';
++ memcpy(ins + 1, tmp2 + i, clen);
++ ins[clen + 1] = '\0';
+ switch (tmp2[i]) {
+ case '\'':
+ case '"':
+@@ -2099,6 +2104,7 @@ main(int argc, char **argv)
+
+ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
+ sanitise_stdfd();
++ setlocale(LC_CTYPE, "");
+
+ __progname = ssh_get_progname(argv[0]);
+ memset(&args, '\0', sizeof(args));
More information about the scm-commits
mailing list