openssh/openssh-7.7p1-hostname_changes_when_forwarding_X.patch
Marcus Meissner dbcbd30908 Accepting request 811897 from home:hpjansson:openssh-8.3
- Version update to 8.3p1:
  = Potentially-incompatible changes
  * sftp(1): reject an argument of "-1" in the same way as ssh(1) and
    scp(1) do instead of accepting and silently ignoring it.
  = New features
  * sshd(8): make IgnoreRhosts a tri-state option: "yes" to ignore
    rhosts/shosts, "no" allow rhosts/shosts or (new) "shosts-only"
    to allow .shosts files but not .rhosts.
  * sshd(8): allow the IgnoreRhosts directive to appear anywhere in a
    sshd_config, not just before any Match blocks.
  * ssh(1): add %TOKEN percent expansion for the LocalFoward and
    RemoteForward keywords when used for Unix domain socket forwarding.
  * all: allow loading public keys from the unencrypted envelope of a
    private key file if no corresponding public key file is present.
  * ssh(1), sshd(8): prefer to use chacha20 from libcrypto where
    possible instead of the (slower) portable C implementation included
    in OpenSSH.
  * ssh-keygen(1): add ability to dump the contents of a binary key
    revocation list via "ssh-keygen -lQf /path".
- Additional changes from 8.2p1 release:
  = Potentially-incompatible changes
  * ssh(1), sshd(8), ssh-keygen(1): this release removes the "ssh-rsa"
    (RSA/SHA1) algorithm from those accepted for certificate signatures
    (i.e. the client and server CASignatureAlgorithms option) and will
    use the rsa-sha2-512 signature algorithm by default when the
    ssh-keygen(1) CA signs new certificates.
  * ssh(1), sshd(8): this release removes diffie-hellman-group14-sha1
    from the default key exchange proposal for both the client and
    server.
  * ssh-keygen(1): the command-line options related to the generation

OBS-URL: https://build.opensuse.org/request/show/811897
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=211
2020-06-06 06:49:00 +00:00

84 lines
2.6 KiB
Diff

# HG changeset patch
# Parent 5e19a205fa03584bb0d829ecbba7495ce1899b65
# -- uset do be called '-xauthlocalhostname'
handle hostname changes when forwarding X
diff --git a/session.c b/session.c
index 18cdfa8..85a9ee2 100644
--- a/session.c
+++ b/session.c
@@ -985,7 +985,7 @@ copy_environment(char **source, char ***env, u_int *envsize)
#endif
static char **
-do_setup_env(struct ssh *ssh, Session *s, const char *shell)
+do_setup_env(struct ssh *ssh, Session *s, const char *shell, int *env_size)
{
char buf[256];
size_t n;
@@ -1195,6 +1195,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
for (i = 0; env[i]; i++)
fprintf(stderr, " %.200s\n", env[i]);
}
+
+ *env_size = envsize;
return env;
}
@@ -1203,7 +1205,7 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
* first in this order).
*/
static void
-do_rc_files(struct ssh *ssh, Session *s, const char *shell)
+do_rc_files(struct ssh *ssh, Session *s, const char *shell, char **env, int *env_size)
{
FILE *f = NULL;
char cmd[1024];
@@ -1258,12 +1260,20 @@ do_rc_files(struct ssh *ssh, Session *s, const char *shell)
options.xauth_location);
f = popen(cmd, "w");
if (f) {
+ char hostname[MAXHOSTNAMELEN];
+
fprintf(f, "remove %s\n",
s->auth_display);
fprintf(f, "add %s %s %s\n",
s->auth_display, s->auth_proto,
s->auth_data);
pclose(f);
+ if (gethostname(hostname,sizeof(hostname)) >= 0)
+ child_set_env(&env,env_size,"XAUTHLOCALHOSTNAME",
+ hostname);
+ else
+ debug("Cannot set up XAUTHLOCALHOSTNAME %s\n",
+ strerror(errno));
} else {
fprintf(stderr, "Could not run %s\n",
cmd);
@@ -1519,6 +1529,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
char **env, *argv[ARGV_MAX], remote_id[512];
const char *shell, *shell0;
struct passwd *pw = s->pw;
+ int env_size;
int r = 0;
sshpkt_fmt_connection_id(ssh, remote_id, sizeof(remote_id));
@@ -1575,7 +1586,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
* Make sure $SHELL points to the shell from the password file,
* even if shell is overridden from login.conf
*/
- env = do_setup_env(ssh, s, shell);
+ env = do_setup_env(ssh, s, shell, &env_size);
#ifdef HAVE_LOGIN_CAP
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
@@ -1639,7 +1650,7 @@ do_child(struct ssh *ssh, Session *s, const char *command)
closefrom(STDERR_FILENO + 1);
- do_rc_files(ssh, s, shell);
+ do_rc_files(ssh, s, shell, env, &env_size);
/* restore SIGPIPE for child */
ssh_signal(SIGPIPE, SIG_DFL);