6c861e0b33
- remaining patches that were still missing since the update to 7.2p2 (FATE#319675): [openssh-7.2p2-disable_openssl_abi_check.patch] - fix forwarding with IPv6 addresses in DISPLAY (bnc#847710) [openssh-7.2p2-IPv6_X_forwarding.patch] - ignore PAM environment when using login (bsc#975865, CVE-2015-8325) [openssh-7.2p2-ignore_PAM_with_UseLogin.patch] - limit accepted password length (prevents possible DoS) (bsc#992533, CVE-2016-6515) [openssh-7.2p2-limit_password_length.patch] - Prevent user enumeration through the timing of password processing (bsc#989363, CVE-2016-6210) [openssh-7.2p2-prevent_timing_user_enumeration.patch] - Add auditing for PRNG re-seeding [openssh-7.2p2-audit_seed_prng.patch] OBS-URL: https://build.opensuse.org/request/show/433779 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=113
30 lines
949 B
Diff
30 lines
949 B
Diff
# HG changeset patch
|
|
# Parent e4886597a8984ae1594b6866fe1b232370b23529
|
|
# posix threads are generally not supported nor safe
|
|
# (see upstream log from 2005-05-24)
|
|
# --used to be called '-pam-fix3'
|
|
|
|
diff --git a/openssh-7.2p2/auth-pam.c b/openssh-7.2p2/auth-pam.c
|
|
--- a/openssh-7.2p2/auth-pam.c
|
|
+++ b/openssh-7.2p2/auth-pam.c
|
|
@@ -782,17 +782,19 @@ sshpam_query(void *ctx, char **name, cha
|
|
}
|
|
if (type == PAM_SUCCESS) {
|
|
if (!sshpam_authctxt->valid ||
|
|
(sshpam_authctxt->pw->pw_uid == 0 &&
|
|
options.permit_root_login != PERMIT_YES))
|
|
fatal("Internal error: PAM auth "
|
|
"succeeded when it should have "
|
|
"failed");
|
|
+#ifndef UNSUPPORTED_POSIX_THREADS_HACK
|
|
import_environments(&buffer);
|
|
+#endif
|
|
*num = 0;
|
|
**echo_on = 0;
|
|
ctxt->pam_done = 1;
|
|
free(msg);
|
|
return (0);
|
|
}
|
|
error("PAM: %s for %s%.100s from %.100s", msg,
|
|
sshpam_authctxt->valid ? "" : "illegal user ",
|