OBS User unknown 2007-10-08 14:50:28 +00:00 committed by Git OBS Bridge
parent f248bab6fd
commit cf2a4eda22
4 changed files with 34 additions and 24 deletions

View File

@ -16,27 +16,33 @@
if (level > log_level) if (level > log_level)
return; return;
@@ -351,6 +353,15 @@ @@ -351,6 +353,7 @@
pri = LOG_ERR; pri = LOG_ERR;
break; break;
} }
+ /* Prevent a race between the grace_alarm +
+ * which writes a log message and terminates
+ * and main sshd code that leads to deadlock
+ * as syslog is not async safe.
+ */
+ sigemptyset(&nset);
+ sigaddset(&nset, SIGALRM);
+ sigprocmask(SIG_BLOCK, &nset, &oset);
+
if (txt != NULL) { if (txt != NULL) {
snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt); snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt);
vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args); vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args);
@@ -372,5 +383,7 @@ @@ -363,6 +366,14 @@
snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
write(STDERR_FILENO, msgbuf, strlen(msgbuf));
} else {
+ /* Prevent a race between the grace_alarm
+ * which writes a log message and terminates
+ * and main sshd code that leads to deadlock
+ * as syslog is not async safe.
+ */
+ sigemptyset(&nset);
+ sigaddset(&nset, SIGALRM);
+ sigprocmask(SIG_BLOCK, &nset, &oset);
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata);
syslog_r(pri, &sdata, "%.500s", fmtbuf);
@@ -372,5 +383,6 @@
syslog(pri, "%.500s", fmtbuf); syslog(pri, "%.500s", fmtbuf);
closelog(); closelog();
#endif #endif
+ + sigprocmask(SIG_SETMASK, &oset, NULL);
} }
+ sigprocmask(SIG_SETMASK, &oset, NULL);
} }

View File

@ -15,11 +15,11 @@ BuildRequires: gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-dev
License: BSD 3-Clause License: BSD 3-Clause
Group: Productivity/Networking/SSH Group: Productivity/Networking/SSH
Version: 4.6p1 Version: 4.6p1
Release: 60 Release: 67
Requires: openssh = %{version} openssh-askpass = %{version} Requires: openssh = %{version} openssh-askpass = %{version}
Autoreqprov: on AutoReqProv: on
Summary: A GNOME-Based Passphrase Dialog for OpenSSH Summary: A GNOME-Based Passphrase Dialog for OpenSSH
URL: http://www.openssh.com/ Url: http://www.openssh.com/
%define _name openssh %define _name openssh
Source: %{_name}-%{version}.tar.bz2 Source: %{_name}-%{version}.tar.bz2
Patch: %{_name}-%{version}.dif Patch: %{_name}-%{version}.dif
@ -109,7 +109,6 @@ rm -rf $RPM_BUILD_ROOT
%files %files
%defattr(-,root,root) %defattr(-,root,root)
%attr(0755,root,root) /usr/%_lib/ssh/gnome-ssh-askpass %attr(0755,root,root) /usr/%_lib/ssh/gnome-ssh-askpass
%changelog %changelog
* Tue Dec 12 2006 - anicka@suse.cz * Tue Dec 12 2006 - anicka@suse.cz
- update to 4.5p1 - update to 4.5p1

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Oct 8 16:34:06 CEST 2007 - anicka@suse.cz
- block SIGALRM only during calling syslog() [#331032]
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Sep 13 15:50:39 CEST 2007 - nadvornik@suse.cz Thu Sep 13 15:50:39 CEST 2007 - nadvornik@suse.cz

View File

@ -20,19 +20,19 @@ Name: openssh
%define _appdefdir %{_prefix}/share/X11/app-defaults %define _appdefdir %{_prefix}/share/X11/app-defaults
%endif %endif
BuildRequires: audit-devel krb5-devel opensc-devel openssl-devel pam-devel tcpd-devel xorg-x11-devel BuildRequires: audit-devel krb5-devel opensc-devel openssl-devel pam-devel tcpd-devel xorg-x11-devel
License: BSD 3-Clause, X11/MIT License: BSD 3-Clause; X11/MIT
Group: Productivity/Networking/SSH Group: Productivity/Networking/SSH
Obsoletes: ssh Obsoletes: ssh
Provides: ssh Provides: ssh
Requires: /bin/netstat Requires: /bin/netstat
PreReq: /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq %fillup_prereq /bin/mkdir /bin/cat permissions PreReq: /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq %fillup_prereq /bin/mkdir /bin/cat permissions
Conflicts: nonfreessh Conflicts: nonfreessh
Autoreqprov: on AutoReqProv: on
Version: 4.6p1 Version: 4.6p1
Release: 53 Release: 60
%define xversion 1.2.4.1 %define xversion 1.2.4.1
Summary: Secure Shell Client and Server (Remote Login Program) Summary: Secure Shell Client and Server (Remote Login Program)
URL: http://www.openssh.com/ Url: http://www.openssh.com/
Source: %{name}-%{version}.tar.bz2 Source: %{name}-%{version}.tar.bz2
Source1: %{name}-SuSE.tar.bz2 Source1: %{name}-SuSE.tar.bz2
Source2: sshd.pamd Source2: sshd.pamd
@ -66,6 +66,7 @@ Patch44: %{name}-%{version}-audit.patch
Patch45: %{name}-%{version}-challenge.patch Patch45: %{name}-%{version}-challenge.patch
Patch46: %{name}-%{version}-untrusted-cookie-CVE-2007-4752.diff Patch46: %{name}-%{version}-untrusted-cookie-CVE-2007-4752.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%package askpass %package askpass
Summary: A passphrase dialog for OpenSSH and the X Window System Summary: A passphrase dialog for OpenSSH and the X Window System
Requires: openssh = %{version} Requires: openssh = %{version}
@ -104,7 +105,6 @@ Authors:
Tudor Bosman <tudorb@jm.nu> Tudor Bosman <tudorb@jm.nu>
Damien Miller <djm@ibs.com.au> Damien Miller <djm@ibs.com.au>
%description askpass %description askpass
Ssh (Secure Shell) is a program for logging into a remote machine and Ssh (Secure Shell) is a program for logging into a remote machine and
for executing commands on a remote machine. This package contains an X for executing commands on a remote machine. This package contains an X
@ -241,7 +241,6 @@ install -m 755 %{S:9} $RPM_BUILD_ROOT/%{_fwdefdir}/sshd
%post %post
%{fillup_and_insserv -n -s -y ssh sshd START_SSHD} %{fillup_and_insserv -n -s -y ssh sshd START_SSHD}
%run_permissions %run_permissions
%verifyscript %verifyscript
%verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh %verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh
@ -298,8 +297,9 @@ rm -rf $RPM_BUILD_ROOT
%doc %_mandir/man1/ssh-askpass.1x.gz %doc %_mandir/man1/ssh-askpass.1x.gz
%doc %_mandir/man1/x11-ssh-askpass.1x.gz %doc %_mandir/man1/x11-ssh-askpass.1x.gz
%config %_appdefdir/SshAskpass %config %_appdefdir/SshAskpass
%changelog %changelog
* Mon Oct 08 2007 - anicka@suse.cz
- block SIGALRM only during calling syslog() [#331032]
* Thu Sep 13 2007 - nadvornik@suse.cz * Thu Sep 13 2007 - nadvornik@suse.cz
- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521] - fixed checking of an untrusted cookie, CVE-2007-4752 [#308521]
* Tue Aug 28 2007 - anicka@suse.cz * Tue Aug 28 2007 - anicka@suse.cz