This commit is contained in:
parent
f248bab6fd
commit
cf2a4eda22
@ -16,27 +16,33 @@
|
|||||||
|
|
||||||
if (level > log_level)
|
if (level > log_level)
|
||||||
return;
|
return;
|
||||||
@@ -351,6 +353,15 @@
|
@@ -351,6 +353,7 @@
|
||||||
pri = LOG_ERR;
|
pri = LOG_ERR;
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
+ /* Prevent a race between the grace_alarm
|
+
|
||||||
+ * which writes a log message and terminates
|
|
||||||
+ * and main sshd code that leads to deadlock
|
|
||||||
+ * as syslog is not async safe.
|
|
||||||
+ */
|
|
||||||
+ sigemptyset(&nset);
|
|
||||||
+ sigaddset(&nset, SIGALRM);
|
|
||||||
+ sigprocmask(SIG_BLOCK, &nset, &oset);
|
|
||||||
+
|
|
||||||
if (txt != NULL) {
|
if (txt != NULL) {
|
||||||
snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt);
|
snprintf(fmtbuf, sizeof(fmtbuf), "%s: %s", txt, fmt);
|
||||||
vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args);
|
vsnprintf(msgbuf, sizeof(msgbuf), fmtbuf, args);
|
||||||
@@ -372,5 +383,7 @@
|
@@ -363,6 +366,14 @@
|
||||||
|
snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
|
||||||
|
write(STDERR_FILENO, msgbuf, strlen(msgbuf));
|
||||||
|
} else {
|
||||||
|
+ /* Prevent a race between the grace_alarm
|
||||||
|
+ * which writes a log message and terminates
|
||||||
|
+ * and main sshd code that leads to deadlock
|
||||||
|
+ * as syslog is not async safe.
|
||||||
|
+ */
|
||||||
|
+ sigemptyset(&nset);
|
||||||
|
+ sigaddset(&nset, SIGALRM);
|
||||||
|
+ sigprocmask(SIG_BLOCK, &nset, &oset);
|
||||||
|
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
|
||||||
|
openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata);
|
||||||
|
syslog_r(pri, &sdata, "%.500s", fmtbuf);
|
||||||
|
@@ -372,5 +383,6 @@
|
||||||
syslog(pri, "%.500s", fmtbuf);
|
syslog(pri, "%.500s", fmtbuf);
|
||||||
closelog();
|
closelog();
|
||||||
#endif
|
#endif
|
||||||
+
|
+ sigprocmask(SIG_SETMASK, &oset, NULL);
|
||||||
}
|
}
|
||||||
+ sigprocmask(SIG_SETMASK, &oset, NULL);
|
|
||||||
}
|
}
|
||||||
|
@ -15,11 +15,11 @@ BuildRequires: gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-dev
|
|||||||
License: BSD 3-Clause
|
License: BSD 3-Clause
|
||||||
Group: Productivity/Networking/SSH
|
Group: Productivity/Networking/SSH
|
||||||
Version: 4.6p1
|
Version: 4.6p1
|
||||||
Release: 60
|
Release: 67
|
||||||
Requires: openssh = %{version} openssh-askpass = %{version}
|
Requires: openssh = %{version} openssh-askpass = %{version}
|
||||||
Autoreqprov: on
|
AutoReqProv: on
|
||||||
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
|
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
|
||||||
URL: http://www.openssh.com/
|
Url: http://www.openssh.com/
|
||||||
%define _name openssh
|
%define _name openssh
|
||||||
Source: %{_name}-%{version}.tar.bz2
|
Source: %{_name}-%{version}.tar.bz2
|
||||||
Patch: %{_name}-%{version}.dif
|
Patch: %{_name}-%{version}.dif
|
||||||
@ -109,7 +109,6 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%files
|
%files
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%attr(0755,root,root) /usr/%_lib/ssh/gnome-ssh-askpass
|
%attr(0755,root,root) /usr/%_lib/ssh/gnome-ssh-askpass
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Tue Dec 12 2006 - anicka@suse.cz
|
* Tue Dec 12 2006 - anicka@suse.cz
|
||||||
- update to 4.5p1
|
- update to 4.5p1
|
||||||
|
@ -1,3 +1,8 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Oct 8 16:34:06 CEST 2007 - anicka@suse.cz
|
||||||
|
|
||||||
|
- block SIGALRM only during calling syslog() [#331032]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Sep 13 15:50:39 CEST 2007 - nadvornik@suse.cz
|
Thu Sep 13 15:50:39 CEST 2007 - nadvornik@suse.cz
|
||||||
|
|
||||||
|
14
openssh.spec
14
openssh.spec
@ -20,19 +20,19 @@ Name: openssh
|
|||||||
%define _appdefdir %{_prefix}/share/X11/app-defaults
|
%define _appdefdir %{_prefix}/share/X11/app-defaults
|
||||||
%endif
|
%endif
|
||||||
BuildRequires: audit-devel krb5-devel opensc-devel openssl-devel pam-devel tcpd-devel xorg-x11-devel
|
BuildRequires: audit-devel krb5-devel opensc-devel openssl-devel pam-devel tcpd-devel xorg-x11-devel
|
||||||
License: BSD 3-Clause, X11/MIT
|
License: BSD 3-Clause; X11/MIT
|
||||||
Group: Productivity/Networking/SSH
|
Group: Productivity/Networking/SSH
|
||||||
Obsoletes: ssh
|
Obsoletes: ssh
|
||||||
Provides: ssh
|
Provides: ssh
|
||||||
Requires: /bin/netstat
|
Requires: /bin/netstat
|
||||||
PreReq: /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq %fillup_prereq /bin/mkdir /bin/cat permissions
|
PreReq: /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq %fillup_prereq /bin/mkdir /bin/cat permissions
|
||||||
Conflicts: nonfreessh
|
Conflicts: nonfreessh
|
||||||
Autoreqprov: on
|
AutoReqProv: on
|
||||||
Version: 4.6p1
|
Version: 4.6p1
|
||||||
Release: 53
|
Release: 60
|
||||||
%define xversion 1.2.4.1
|
%define xversion 1.2.4.1
|
||||||
Summary: Secure Shell Client and Server (Remote Login Program)
|
Summary: Secure Shell Client and Server (Remote Login Program)
|
||||||
URL: http://www.openssh.com/
|
Url: http://www.openssh.com/
|
||||||
Source: %{name}-%{version}.tar.bz2
|
Source: %{name}-%{version}.tar.bz2
|
||||||
Source1: %{name}-SuSE.tar.bz2
|
Source1: %{name}-SuSE.tar.bz2
|
||||||
Source2: sshd.pamd
|
Source2: sshd.pamd
|
||||||
@ -66,6 +66,7 @@ Patch44: %{name}-%{version}-audit.patch
|
|||||||
Patch45: %{name}-%{version}-challenge.patch
|
Patch45: %{name}-%{version}-challenge.patch
|
||||||
Patch46: %{name}-%{version}-untrusted-cookie-CVE-2007-4752.diff
|
Patch46: %{name}-%{version}-untrusted-cookie-CVE-2007-4752.diff
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
%package askpass
|
%package askpass
|
||||||
Summary: A passphrase dialog for OpenSSH and the X Window System
|
Summary: A passphrase dialog for OpenSSH and the X Window System
|
||||||
Requires: openssh = %{version}
|
Requires: openssh = %{version}
|
||||||
@ -104,7 +105,6 @@ Authors:
|
|||||||
Tudor Bosman <tudorb@jm.nu>
|
Tudor Bosman <tudorb@jm.nu>
|
||||||
Damien Miller <djm@ibs.com.au>
|
Damien Miller <djm@ibs.com.au>
|
||||||
|
|
||||||
|
|
||||||
%description askpass
|
%description askpass
|
||||||
Ssh (Secure Shell) is a program for logging into a remote machine and
|
Ssh (Secure Shell) is a program for logging into a remote machine and
|
||||||
for executing commands on a remote machine. This package contains an X
|
for executing commands on a remote machine. This package contains an X
|
||||||
@ -241,7 +241,6 @@ install -m 755 %{S:9} $RPM_BUILD_ROOT/%{_fwdefdir}/sshd
|
|||||||
%post
|
%post
|
||||||
%{fillup_and_insserv -n -s -y ssh sshd START_SSHD}
|
%{fillup_and_insserv -n -s -y ssh sshd START_SSHD}
|
||||||
%run_permissions
|
%run_permissions
|
||||||
|
|
||||||
%verifyscript
|
%verifyscript
|
||||||
%verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh
|
%verify_permissions -e /etc/ssh/sshd_config -e /etc/ssh/ssh_config -e /usr/bin/ssh
|
||||||
|
|
||||||
@ -298,8 +297,9 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%doc %_mandir/man1/ssh-askpass.1x.gz
|
%doc %_mandir/man1/ssh-askpass.1x.gz
|
||||||
%doc %_mandir/man1/x11-ssh-askpass.1x.gz
|
%doc %_mandir/man1/x11-ssh-askpass.1x.gz
|
||||||
%config %_appdefdir/SshAskpass
|
%config %_appdefdir/SshAskpass
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Oct 08 2007 - anicka@suse.cz
|
||||||
|
- block SIGALRM only during calling syslog() [#331032]
|
||||||
* Thu Sep 13 2007 - nadvornik@suse.cz
|
* Thu Sep 13 2007 - nadvornik@suse.cz
|
||||||
- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521]
|
- fixed checking of an untrusted cookie, CVE-2007-4752 [#308521]
|
||||||
* Tue Aug 28 2007 - anicka@suse.cz
|
* Tue Aug 28 2007 - anicka@suse.cz
|
||||||
|
Loading…
Reference in New Issue
Block a user