318211936a
Version update to 8.1p1: * ssh-keygen(1): when acting as a CA and signing certificates with an RSA key, default to using the rsa-sha2-512 signature algorithm. Certificates signed by RSA keys will therefore be incompatible with OpenSSH versions prior to 7.2 unless the default is overridden (using "ssh-keygen -t ssh-rsa -s ..."). * ssh(1): Allow %n to be expanded in ProxyCommand strings * ssh(1), sshd(8): Allow prepending a list of algorithms to the default set by starting the list with the '^' character, E.g. "HostKeyAlgorithms ^ssh-ed25519" * ssh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email). * ssh-keygen(1): print key comment when extracting public key from a private key. * ssh-keygen(1): accept the verbose flag when searching for host keys in known hosts (i.e. "ssh-keygen -vF host") to print the matching host's random-art signature too. * All: support PKCS8 as an optional format for storage of private keys to disk. The OpenSSH native key format remains the default, but PKCS8 is a superior format to PEM if interoperability with non-OpenSSH software is required, as it may use a less insecure key derivation function than PEM's. - Additional changes from 8.0p1 release: * scp(1): Add "-T" flag to disable client-side filtering of server file list. * sshd(8): Remove support for obsolete "host/port" syntax. OBS-URL: https://build.opensuse.org/request/show/737034 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=197
24 lines
803 B
Diff
24 lines
803 B
Diff
# HG changeset patch
|
|
# Parent 44592f09f090e74432f608084069d30d808fda69
|
|
Do not throw away already open sockets for X11 forwarding if another socket
|
|
family is not available for bind()
|
|
|
|
diff --git a/channels.c b/channels.c
|
|
index f51b7e3..95af47e 100644
|
|
--- a/channels.c
|
|
+++ b/channels.c
|
|
@@ -4637,6 +4637,13 @@ x11_create_display_inet(struct ssh *ssh, int x11_display_offset,
|
|
debug2("%s: bind port %d: %.100s", __func__,
|
|
port, strerror(errno));
|
|
close(sock);
|
|
+ /* do not remove successfully opened sockets if
|
|
+ * the request failed because the protocol
|
|
+ * IPv4/6 is not available (e.g. IPv6 may be
|
|
+ * disabled while being supported)
|
|
+ */
|
|
+ if (EADDRNOTAVAIL == errno)
|
|
+ continue;
|
|
for (n = 0; n < num_socks; n++)
|
|
close(socks[n]);
|
|
num_socks = 0;
|