Accepting request 358392 from home:elvigia:branches:network
- openssh-alloc_size.patch: anotate xmalloc.h with alloc_size attribute so the compiler knows these functions allocate memory so overflow or misuse can be detected sooner. - openssh-allow_getrandom.patch; allow the getrandom(2) system call in the seccomp sandbox, upstream commit 26ad18247213 - openssh-fix-b64_xx-detection.patch: configure.ac has incorrect tests for b64_ntop, b64_pton on linux/glibc. OBS-URL: https://build.opensuse.org/request/show/358392 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=96
This commit is contained in:
parent
642f5e8889
commit
b83f96744f
28
openssh-alloc_size.patch
Normal file
28
openssh-alloc_size.patch
Normal file
@ -0,0 +1,28 @@
|
|||||||
|
--- openssh-7.1p2.orig/xmalloc.h
|
||||||
|
+++ openssh-7.1p2/xmalloc.h
|
||||||
|
@@ -16,10 +16,10 @@
|
||||||
|
* called by a name other than "ssh" or "Secure Shell".
|
||||||
|
*/
|
||||||
|
|
||||||
|
-void *xmalloc(size_t);
|
||||||
|
-void *xcalloc(size_t, size_t);
|
||||||
|
-void *xreallocarray(void *, size_t, size_t);
|
||||||
|
-char *xstrdup(const char *);
|
||||||
|
+void *xmalloc(size_t) __attribute__((__malloc__, __alloc_size__(1)));
|
||||||
|
+void *xcalloc(size_t, size_t) __attribute__((__malloc__, __alloc_size__(1,2)));
|
||||||
|
+void *xreallocarray(void *, size_t, size_t) __attribute__((__alloc_size__(2,3)));
|
||||||
|
+char *xstrdup(const char *) __attribute__((__malloc__));
|
||||||
|
int xasprintf(char **, const char *, ...)
|
||||||
|
__attribute__((__format__ (printf, 2, 3)))
|
||||||
|
__attribute__((__nonnull__ (2)));
|
||||||
|
--- openssh-7.1p2.orig/openbsd-compat/openbsd-compat.h
|
||||||
|
+++ openssh-7.1p2/openbsd-compat/openbsd-compat.h
|
||||||
|
@@ -66,7 +66,7 @@ char *getcwd(char *pt, size_t size);
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#ifndef HAVE_REALLOCARRAY
|
||||||
|
-void *reallocarray(void *, size_t, size_t);
|
||||||
|
+void *reallocarray(void *, size_t, size_t) __attribute__((__alloc_size__(2,3)));
|
||||||
|
#endif
|
||||||
|
|
||||||
|
#if !defined(HAVE_REALPATH) || defined(BROKEN_REALPATH)
|
12
openssh-allow_getrandom.patch
Normal file
12
openssh-allow_getrandom.patch
Normal file
@ -0,0 +1,12 @@
|
|||||||
|
--- openssh-7.1p2.orig/sandbox-seccomp-filter.c
|
||||||
|
+++ openssh-7.1p2/sandbox-seccomp-filter.c
|
||||||
|
@@ -153,6 +153,9 @@ static const struct sock_filter preauth_
|
||||||
|
#ifdef __NR_getuid32
|
||||||
|
SC_ALLOW(getuid32),
|
||||||
|
#endif
|
||||||
|
+#ifdef __NR_getrandom
|
||||||
|
+ SC_ALLOW(getrandom),
|
||||||
|
+#endif
|
||||||
|
#ifdef __NR_gettimeofday
|
||||||
|
SC_ALLOW(gettimeofday),
|
||||||
|
#endif
|
24
openssh-fix-b64_xx-detection.patch
Normal file
24
openssh-fix-b64_xx-detection.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
--- openssh-7.1p2.orig/configure.ac
|
||||||
|
+++ openssh-7.1p2/configure.ac
|
||||||
|
@@ -2873,6 +2873,10 @@ else
|
||||||
|
AC_CHECK_FUNCS([crypt])
|
||||||
|
fi
|
||||||
|
|
||||||
|
+AC_CHECK_DECLS([b64_ntop, b64_pton], [], [], [#include <resolv.h>])
|
||||||
|
+AC_SEARCH_LIBS([__b64_ntop], [resolv])
|
||||||
|
+AC_SEARCH_LIBS([__b64_pton], [resolv])
|
||||||
|
+
|
||||||
|
AC_CHECK_FUNCS([ \
|
||||||
|
arc4random \
|
||||||
|
arc4random_buf \
|
||||||
|
--- openssh-7.1p2.orig/Makefile.in
|
||||||
|
+++ openssh-7.1p2/Makefile.in
|
||||||
|
@@ -45,7 +45,7 @@ PATHS= -DSSHDIR=\"$(sysconfdir)\" \
|
||||||
|
CC=@CC@
|
||||||
|
LD=@LD@
|
||||||
|
CFLAGS=@CFLAGS@
|
||||||
|
-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
|
||||||
|
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ -include config.h
|
||||||
|
LIBS=@LIBS@
|
||||||
|
K5LIBS=@K5LIBS@
|
||||||
|
GSSLIBS=@GSSLIBS@
|
@ -1,3 +1,14 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Feb 8 16:54:22 UTC 2016 - crrodriguez@opensuse.org
|
||||||
|
|
||||||
|
- openssh-alloc_size.patch: anotate xmalloc.h with alloc_size
|
||||||
|
attribute so the compiler knows these functions allocate memory
|
||||||
|
so overflow or misuse can be detected sooner.
|
||||||
|
- openssh-allow_getrandom.patch; allow the getrandom(2) system
|
||||||
|
call in the seccomp sandbox, upstream commit 26ad18247213
|
||||||
|
- openssh-fix-b64_xx-detection.patch: configure.ac has incorrect
|
||||||
|
tests for b64_ntop, b64_pton on linux/glibc.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 20 11:18:48 UTC 2016 - tchvatal@suse.com
|
Wed Jan 20 11:18:48 UTC 2016 - tchvatal@suse.com
|
||||||
|
|
||||||
|
@ -93,6 +93,9 @@ Patch35: openssh-6.6p1-sftp_force_permissions.patch
|
|||||||
Patch36: openssh-6.6p1-seccomp_getuid.patch
|
Patch36: openssh-6.6p1-seccomp_getuid.patch
|
||||||
Patch37: openssh-6.6p1-X_forward_with_disabled_ipv6.patch
|
Patch37: openssh-6.6p1-X_forward_with_disabled_ipv6.patch
|
||||||
Patch39: openssh-6.6p1-ldap.patch
|
Patch39: openssh-6.6p1-ldap.patch
|
||||||
|
Patch40: openssh-alloc_size.patch
|
||||||
|
Patch41: openssh-allow_getrandom.patch
|
||||||
|
Patch42: openssh-fix-b64_xx-detection.patch
|
||||||
BuildRequires: audit-devel
|
BuildRequires: audit-devel
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: fipscheck-devel
|
BuildRequires: fipscheck-devel
|
||||||
@ -181,7 +184,11 @@ cryptomodule.
|
|||||||
%patch36 -p1
|
%patch36 -p1
|
||||||
%patch37 -p2
|
%patch37 -p2
|
||||||
%patch39 -p1
|
%patch39 -p1
|
||||||
|
%patch40 -p1
|
||||||
|
%patch41 -p1
|
||||||
|
%patch42 -p1
|
||||||
%patch17 -p1
|
%patch17 -p1
|
||||||
|
|
||||||
cp %{SOURCE3} %{SOURCE4} .
|
cp %{SOURCE3} %{SOURCE4} .
|
||||||
|
|
||||||
%build
|
%build
|
||||||
|
Loading…
Reference in New Issue
Block a user