- Add patch to fix sshd not logging in the audit failed login
attempts (submitted to upstream in https://github.com/openssh/openssh-portable/pull/516): * fix-audit-fail-attempt.patch - Use --enable-dsa-keys when building openssh. It's required if the user sets the crypto-policy mode to LEGACY, where DSA keys should be allowed. The option was added by upstream in 9.7 and set to disabled by default. - These two changes fix 2 of the 3 issues reported in bsc#1229650. OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=273
This commit is contained in:
parent
da2c6cc517
commit
dd9c4b9bb1
23
fix-audit-fail-attempt.patch
Normal file
23
fix-audit-fail-attempt.patch
Normal file
@ -0,0 +1,23 @@
|
||||
Index: openssh-9.8p1/sshd-session.c
|
||||
===================================================================
|
||||
--- openssh-9.8p1.orig/sshd-session.c
|
||||
+++ openssh-9.8p1/sshd-session.c
|
||||
@@ -1624,9 +1624,6 @@ cleanup_exit(int i)
|
||||
}
|
||||
}
|
||||
}
|
||||
- /* Override default fatal exit value when auth was attempted */
|
||||
- if (i == 255 && auth_attempted)
|
||||
- _exit(EXIT_AUTH_ATTEMPTED);
|
||||
#ifdef SSH_AUDIT_EVENTS
|
||||
/* done after do_cleanup so it can cancel the PAM auth 'thread' */
|
||||
if (the_active_state != NULL &&
|
||||
@@ -1636,5 +1633,8 @@ cleanup_exit(int i)
|
||||
#endif
|
||||
|
||||
clobber_stack();
|
||||
+ /* Override default fatal exit value when auth was attempted */
|
||||
+ if (i == 255 && auth_attempted)
|
||||
+ _exit(EXIT_AUTH_ATTEMPTED);
|
||||
_exit(i);
|
||||
}
|
@ -1,3 +1,16 @@
|
||||
-------------------------------------------------------------------
|
||||
Fri Aug 23 12:10:00 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
- Add patch to fix sshd not logging in the audit failed login
|
||||
attempts (submitted to upstream in
|
||||
https://github.com/openssh/openssh-portable/pull/516):
|
||||
* fix-audit-fail-attempt.patch
|
||||
- Use --enable-dsa-keys when building openssh. It's required if
|
||||
the user sets the crypto-policy mode to LEGACY, where DSA keys
|
||||
should be allowed. The option was added by upstream in 9.7 and
|
||||
set to disabled by default.
|
||||
- These two changes fix 2 of the 3 issues reported in bsc#1229650.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Aug 12 08:55:38 UTC 2024 - Antonio Larrosa <alarrosa@suse.com>
|
||||
|
||||
|
@ -130,6 +130,8 @@ Patch106: openssh-7.6p1-cleanup-selinux.patch
|
||||
Patch107: openssh-9.6p1-crypto-policies.patch
|
||||
Patch108: openssh-9.6p1-crypto-policies-man.patch
|
||||
Patch109: fix-memleak-in-process_server_config_line_depth.patch
|
||||
# PATCH-FIX-UPSTREAM alarrosa@suse.com -- https://github.com/openssh/openssh-portable/pull/516
|
||||
Patch110: fix-audit-fail-attempt.patch
|
||||
%if 0%{with allow_root_password_login_by_default}
|
||||
Patch1000: openssh-7.7p1-allow_root_password_login.patch
|
||||
%endif
|
||||
@ -368,6 +370,7 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS
|
||||
--disable-lastlog \
|
||||
--with-logind \
|
||||
%endif
|
||||
--enable-dsa-keys \
|
||||
--with-security-key-builtin \
|
||||
--target=%{_target_cpu}-suse-linux
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user