openssh/openssh-6.5p1-xauth.patch
Petr Cerny 08f9072513 Accepting request 222365 from home:pcerny:factory
- Update of the underlying OpenSSH to 6.5p1

- Update to 6.5p1
  Features since 6.4p1:
  * ssh(1), sshd(8): support for key exchange using ECDH in
    Daniel Bernstein's Curve25519; default when both the client
    and server support it.
  * ssh(1), sshd(8): support for Ed25519 as a public key type fo
    rboth server and client.  Ed25519 is an EC signature offering
    better security than ECDSA and DSA and good performance.
  * Add a new private key format that uses a bcrypt KDF to better
    protect keys at rest. Used unconditionally for Ed25519 keys,
    on demand for other key types via the -o ssh-keygen(1)
    option.  Intended to become default in the near future.
    Details documented in PROTOCOL.key.
  * ssh(1), sshd(8): new transport cipher
    "chacha20-poly1305@openssh.com" combining Daniel Bernstein's
    ChaCha20 stream cipher and Poly1305 MAC to build an
    authenticated encryption mode. Details documented
    PROTOCOL.chacha20poly1305.
  * ssh(1), sshd(8): refuse RSA keys from old proprietary clients
    and servers that use the obsolete RSA+MD5 signature scheme.
    It will still be possible to connect with these
    clients/servers but only DSA keys will be accepted, and
    OpenSSH will refuse connection entirely in a future release.
  * ssh(1), sshd(8): refuse old proprietary clients and servers
    that use a weaker key exchange hash calculation.
  * ssh(1): increase the size of the Diffie-Hellman groups
    requested for each symmetric key size. New values from NIST
    Special Publication 800-57 with the upper limit specified by

OBS-URL: https://build.opensuse.org/request/show/222365
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=63
2014-02-14 14:54:10 +00:00

58 lines
1.4 KiB
Diff

# try to remove xauth cookies on logout
# bnc#98815
diff --git a/openssh-6.5p1/session.c b/openssh-6.5p1/session.c
--- a/openssh-6.5p1/session.c
+++ b/openssh-6.5p1/session.c
@@ -2505,18 +2505,50 @@ session_exit_message(Session *s, int sta
if (c->ostate != CHAN_OUTPUT_CLOSED)
chan_write_failed(c);
}
void
session_close(Session *s)
{
u_int i;
+ int do_xauth;
debug("session_close: session %d pid %ld", s->self, (long)s->pid);
+
+ do_xauth = (s->display != NULL) && (s->auth_proto != NULL) && (s->auth_data != NULL);
+ if (do_xauth && options.xauth_location != NULL) {
+ pid_t pid;
+ FILE *f;
+ char cmd[1024];
+ struct passwd * pw = s->pw;
+
+ if (!(pid = fork())) {
+ permanently_set_uid(pw);
+
+ /* Remove authority data from .Xauthority if appropriate. */
+ debug("Running %.500s remove %.100s\n",
+ options.xauth_location, s->auth_display);
+
+ snprintf(cmd, sizeof cmd, "unset XAUTHORITY && HOME=\"%.200s\" %s -q -",
+ s->pw->pw_dir, options.xauth_location);
+ f = popen(cmd, "w");
+ if (f) {
+ fprintf(f, "remove %s\n", s->auth_display);
+ pclose(f);
+ } else
+ error("Could not run %s\n", cmd);
+ exit(0);
+ } else if (pid > 0) {
+ int status;
+
+ waitpid(pid, &status, 0);
+ }
+ }
+
if (s->ttyfd != -1)
session_pty_cleanup(s);
free(s->term);
free(s->display);
free(s->x11_chanids);
free(s->auth_display);
free(s->auth_data);
free(s->auth_proto);