Antonio Larrosa
869b2ae788
* 0001-upstream-fix-proxy-multiplexing-mode_-broken-when-keystroke.patch - Add patch from upstream to restore correctly sigprocmask * 0001-upstream-correctly-restore-sigprocmask-around-ppoll.patch - Add patch from upstream to fix a logic error in ObscureKeystrokeTiming that rendered this feature ineffective, allowing a passive observer to detect which network packets contained real keystrokes (bsc#1227318, CVE-2024-39894): * 0001-upstream-when-sending-ObscureKeystrokeTiming-chaff-packets_.patch OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=271
56 lines
2.1 KiB
Diff
56 lines
2.1 KiB
Diff
From 66aaa678dbe59aa21d0d9d89a3596ecedde0254b Mon Sep 17 00:00:00 2001
|
|
From: "djm@openbsd.org" <djm@openbsd.org>
|
|
Date: Tue, 30 Apr 2024 02:14:10 +0000
|
|
Subject: [PATCH] upstream: correctly restore sigprocmask around ppoll()
|
|
reported
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
by Tõivo Leedjärv; ok deraadt@
|
|
|
|
OpenBSD-Commit-ID: c0c0f89de5294a166578f071eade2501929c4686
|
|
---
|
|
clientloop.c | 4 ++--
|
|
serverloop.c | 4 ++--
|
|
2 files changed, 4 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/clientloop.c b/clientloop.c
|
|
index be8bb5fc1f2..8ea2ada4216 100644
|
|
--- a/clientloop.c
|
|
+++ b/clientloop.c
|
|
#@@ -1,4 +1,4 @@
|
|
#-/* $OpenBSD: clientloop.c,v 1.404 2024/04/30 02:10:49 djm Exp $ */
|
|
#+/* $OpenBSD: clientloop.c,v 1.405 2024/04/30 02:14:10 djm Exp $ */
|
|
# /*
|
|
# * Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
# * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
@@ -1585,7 +1585,7 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg,
|
|
client_wait_until_can_do_something(ssh, &pfd, &npfd_alloc,
|
|
&npfd_active, channel_did_enqueue, &osigset,
|
|
&conn_in_ready, &conn_out_ready);
|
|
- if (sigprocmask(SIG_UNBLOCK, &bsigset, &osigset) == -1)
|
|
+ if (sigprocmask(SIG_SETMASK, &osigset, NULL) == -1)
|
|
error_f("osigset sigprocmask: %s", strerror(errno));
|
|
|
|
if (quit_pending)
|
|
diff --git a/serverloop.c b/serverloop.c
|
|
index f3683c2e4a6..94c8943a616 100644
|
|
--- a/serverloop.c
|
|
+++ b/serverloop.c
|
|
@@ -1,4 +1,4 @@
|
|
-/* $OpenBSD: serverloop.c,v 1.237 2023/08/21 04:59:54 djm Exp $ */
|
|
+/* $OpenBSD: serverloop.c,v 1.238 2024/04/30 02:14:10 djm Exp $ */
|
|
/*
|
|
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
@@ -380,7 +380,7 @@ server_loop2(struct ssh *ssh, Authctxt *authctxt)
|
|
wait_until_can_do_something(ssh, connection_in, connection_out,
|
|
&pfd, &npfd_alloc, &npfd_active, &osigset,
|
|
&conn_in_ready, &conn_out_ready);
|
|
- if (sigprocmask(SIG_UNBLOCK, &bsigset, &osigset) == -1)
|
|
+ if (sigprocmask(SIG_SETMASK, &osigset, NULL) == -1)
|
|
error_f("osigset sigprocmask: %s", strerror(errno));
|
|
|
|
if (received_sigterm) {
|