openssh/openssh-7.6p1-hostname_changes_when_forwarding_X.patch

# HG changeset patch
# Parent  e4a7e5799420a3d4b8047c5984c75c4bd4331951
# -- uset do be called '-xauthlocalhostname'
handle hostname changes when forwarding X

bnc#98627

diff --git a/openssh-7.6p1/session.c b/openssh-7.6p1/session.c
--- a/openssh-7.6p1/session.c
+++ b/openssh-7.6p1/session.c
@@ -953,17 +953,17 @@ copy_environment_blacklist(char **source
 
 void
 copy_environment(char **source, char ***env, u_int *envsize)
 {
 	copy_environment_blacklist(source, env, envsize, NULL);
 }
 
 static char **
-do_setup_env(struct ssh *ssh, Session *s, const char *shell)
+do_setup_env(struct ssh *ssh, Session *s, const char *shell, int *env_size)
 {
 	char buf[256];
 	u_int i, envsize;
 	char **env, *laddr;
 	struct passwd *pw = s->pw;
 #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN)
 	char *path = NULL;
 #endif
@@ -1142,25 +1142,27 @@ do_setup_env(struct ssh *ssh, Session *s
 		read_environment_file(&env, &envsize, buf);
 	}
 	if (debug_flag) {
 		/* dump the environment */
 		fprintf(stderr, "Environment:\n");
 		for (i = 0; env[i]; i++)
 			fprintf(stderr, "  %.200s\n", env[i]);
 	}
+
+	*env_size = envsize;
 	return env;
 }
 
 /*
  * Run $HOME/.ssh/rc, /etc/ssh/sshrc, or xauth (whichever is found
  * first in this order).
  */
 static void
-do_rc_files(Session *s, const char *shell)
+do_rc_files(Session *s, const char *shell, char **env, int *env_size)
 {
 	FILE *f = NULL;
 	char cmd[1024];
 	int do_xauth;
 	struct stat st;
 
 	do_xauth =
 	    s->display != NULL && s->auth_proto != NULL && s->auth_data != NULL;
@@ -1205,22 +1207,30 @@ do_rc_files(Session *s, const char *shel
 			    "%.500s add %.100s %.100s %.100s\n",
 			    options.xauth_location, s->auth_display,
 			    s->auth_proto, s->auth_data);
 		}
 		snprintf(cmd, sizeof cmd, "%s -q -",
 		    options.xauth_location);
 		f = popen(cmd, "w");
 		if (f) {
+			char hostname[MAXHOSTNAMELEN];
+
 			fprintf(f, "remove %s\n",
 			    s->auth_display);
 			fprintf(f, "add %s %s %s\n",
 			    s->auth_display, s->auth_proto,
 			    s->auth_data);
 			pclose(f);
+			if (gethostname(hostname,sizeof(hostname)) >= 0)
+			    child_set_env(&env,env_size,"XAUTHLOCALHOSTNAME",
+					  hostname);
+			else
+			    debug("Cannot set up XAUTHLOCALHOSTNAME %s\n",
+				  strerror(errno));
 		} else {
 			fprintf(stderr, "Could not run %s\n",
 			    cmd);
 		}
 	}
 }
 
 static void
@@ -1461,16 +1471,17 @@ child_close_fds(struct ssh *ssh)
  * ids, and executing the command or shell.
  */
 #define ARGV_MAX 10
 void
 do_child(struct ssh *ssh, Session *s, const char *command)
 {
 	extern char **environ;
 	char **env;
+	int env_size;
 	char *argv[ARGV_MAX];
 	const char *shell, *shell0;
 	struct passwd *pw = s->pw;
 	int r = 0;
 
 	/* remove hostkey from the child's memory */
 	destroy_sensitive_data();
 	packet_clear_keys();
@@ -1522,17 +1533,17 @@ do_child(struct ssh *ssh, Session *s, co
 	 * legal, and means /bin/sh.
 	 */
 	shell = (pw->pw_shell[0] == '\0') ? _PATH_BSHELL : pw->pw_shell;
 
 	/*
 	 * Make sure $SHELL points to the shell from the password file,
 	 * even if shell is overridden from login.conf
 	 */
-	env = do_setup_env(ssh, s, shell);
+	env = do_setup_env(ssh, s, shell, &env_size);
 
 #ifdef HAVE_LOGIN_CAP
 	shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
 #endif
 
 	/*
 	 * Close the connection descriptors; note that this is the child, and
 	 * the server will still have the socket open, and it is important
@@ -1586,17 +1597,17 @@ do_child(struct ssh *ssh, Session *s, co
 			    strerror(errno));
 		}
 		if (r)
 			exit(1);
 	}
 
 	closefrom(STDERR_FILENO + 1);
 
-	do_rc_files(s, shell);
+	do_rc_files(s, shell, env, &env_size);
 
 	/* restore SIGPIPE for child */
 	signal(SIGPIPE, SIG_DFL);
 
 	if (s->is_subsystem == SUBSYSTEM_INT_SFTP_ERROR) {
 		printf("This service allows sftp connections only.\n");
 		fflush(NULL);
 		exit(1);