7bccbbd821
- Update to 7.8p1:
* no actual changes for the askpass
- Format with spec-cleaner
- Respect cflags
- Use gtk3 rather than gtk2 which is being phased out
- Remove the mention of the SLE12 in the README.SUSE
- Install firewall rules only when really needed (<SLE15)
- Version update to 7.8p1:
* For most details see release notes file
* ssh-keygen(1): write OpenSSH format private keys by default
instead of using OpenSSL's PEM format
- Rebase patches to apply on 7.8p1 release:
* openssh-7.7p1-fips.patch
* openssh-7.7p1-cavstest-kdf.patch
* openssh-7.7p1-fips_checks.patch
* openssh-7.7p1-gssapi_key_exchange.patch
* openssh-7.7p1-audit.patch
* openssh-7.7p1-openssl_1.1.0.patch
* openssh-7.7p1-ldap.patch
* openssh-7.7p1-IPv6_X_forwarding.patch
* openssh-7.7p1-sftp_print_diagnostic_messages.patch
* openssh-7.7p1-disable_short_DH_parameters.patch
* openssh-7.7p1-hostname_changes_when_forwarding_X.patch
* openssh-7.7p1-pam_check_locks.patch
* openssh-7.7p1-seed-prng.patch
* openssh-7.7p1-systemd-notify.patch
* openssh-7.7p1-X11_trusted_forwarding.patch
- Dropped patches:
OBS-URL: https://build.opensuse.org/request/show/642573
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=153
87 lines
2.5 KiB
Diff
87 lines
2.5 KiB
Diff
# HG changeset patch
|
|
# Parent d296e85dc414b8cd1b4b55ad03d8216feb26531a
|
|
Send signals to systemd to prevent various race conditions
|
|
bsc#1048367
|
|
|
|
Index: openssh-7.8p1/configure.ac
|
|
===================================================================
|
|
--- openssh-7.8p1.orig/configure.ac
|
|
+++ openssh-7.8p1/configure.ac
|
|
@@ -4378,6 +4378,30 @@ AC_ARG_WITH([kerberos5],
|
|
AC_SUBST([GSSLIBS])
|
|
AC_SUBST([K5LIBS])
|
|
|
|
+# Check whether user wants systemd support
|
|
+SYSTEMD_MSG="no"
|
|
+AC_ARG_WITH(systemd,
|
|
+ [ --with-systemd Enable systemd support],
|
|
+ [ if test "x$withval" != "xno" ; then
|
|
+ AC_PATH_TOOL([PKGCONFIG], [pkg-config], [no])
|
|
+ if test "$PKGCONFIG" != "no"; then
|
|
+ AC_MSG_CHECKING([for libsystemd])
|
|
+ if $PKGCONFIG --exists libsystemd; then
|
|
+ SYSTEMD_CFLAGS=`$PKGCONFIG --cflags libsystemd`
|
|
+ SYSTEMD_LIBS=`$PKGCONFIG --libs libsystemd`
|
|
+ CPPFLAGS="$CPPFLAGS $SYSTEMD_CFLAGS"
|
|
+ SSHDLIBS="$SSHDLIBS $SYSTEMD_LIBS"
|
|
+ AC_MSG_RESULT([yes])
|
|
+ AC_DEFINE(HAVE_SYSTEMD, 1, [Define if you want systemd support.])
|
|
+ SYSTEMD_MSG="yes"
|
|
+ else
|
|
+ AC_MSG_RESULT([no])
|
|
+ fi
|
|
+ fi
|
|
+ fi ]
|
|
+)
|
|
+
|
|
+
|
|
# Looking for programs, paths and files
|
|
|
|
PRIVSEP_PATH=/var/empty
|
|
@@ -5183,6 +5207,7 @@ echo " libldns support
|
|
echo " Solaris process contract support: $SPC_MSG"
|
|
echo " Solaris project support: $SP_MSG"
|
|
echo " Solaris privilege support: $SPP_MSG"
|
|
+echo " systemd support: $SYSTEMD_MSG"
|
|
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
|
|
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
|
|
echo " BSD Auth support: $BSD_AUTH_MSG"
|
|
Index: openssh-7.8p1/sshd.c
|
|
===================================================================
|
|
--- openssh-7.8p1.orig/sshd.c
|
|
+++ openssh-7.8p1/sshd.c
|
|
@@ -87,6 +87,10 @@
|
|
#include <prot.h>
|
|
#endif
|
|
|
|
+#ifdef HAVE_SYSTEMD
|
|
+#include <systemd/sd-daemon.h>
|
|
+#endif
|
|
+
|
|
#include "xmalloc.h"
|
|
#include "ssh.h"
|
|
#include "ssh2.h"
|
|
@@ -308,6 +312,10 @@ sighup_handler(int sig)
|
|
static void
|
|
sighup_restart(void)
|
|
{
|
|
+#ifdef HAVE_SYSTEMD
|
|
+ /* Signal systemd that we are reloading */
|
|
+ sd_notify(0, "RELOADING=1");
|
|
+#endif
|
|
logit("Received SIGHUP; restarting.");
|
|
if (options.pid_file != NULL)
|
|
unlink(options.pid_file);
|
|
@@ -1995,6 +2003,11 @@ main(int ac, char **av)
|
|
}
|
|
}
|
|
|
|
+#ifdef HAVE_SYSTEMD
|
|
+ /* Signal systemd that we are ready to accept connections */
|
|
+ sd_notify(0, "READY=1");
|
|
+#endif
|
|
+
|
|
/* Accept a connection and return in a forked child */
|
|
server_accept_loop(&sock_in, &sock_out,
|
|
&newsock, config_s);
|