pool/openssh
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d83100ae13
openssh/openssh-7.6p1-pts_names_formatting.patch
Petr Cerny d83100ae13 Accepting request 539322 from home:pcerny:factory 
- upgrade to 7.6p1
  see main package changelog for details

- Update to vanilla 7.6p1
  Most important changes (more details below):
  * complete removal of the ancient SSHv1 protocol
  * sshd(8) cannot run without privilege separation
  * removal of suport for arcfourm blowfish and CAST ciphers
    and RIPE-MD160 HMAC
  * refuse RSA keys shorter than 1024 bits
  Distilled upstream log:
- OpenSSH 7.3
  ---- Security
  * sshd(8): Mitigate a potential denial-of-service attack
    against the system's crypt(3) function via sshd(8). An
    attacker could send very long passwords that would cause
    excessive CPU use in crypt(3). sshd(8) now refuses to accept
    password authentication requests of length greater than 1024
    characters. Independently reported by Tomas Kuthan (Oracle),
    Andres Rojas and Javier Nieto.
  * sshd(8): Mitigate timing differences in password
    authentication that could be used to discern valid from
    invalid account names when long passwords were sent and
    particular password hashing algorithms are in use on the
    server. CVE-2016-6210, reported by EddieEzra.Harari at
    verint.com
  * ssh(1), sshd(8): Fix observable timing weakness in the CBC
    padding oracle countermeasures. Reported by Jean Paul
    Degabriele, Kenny Paterson, Torben Hansen and Martin
    Albrecht. Note that CBC ciphers are disabled by default and

OBS-URL: https://build.opensuse.org/request/show/539322
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=122
2017-11-06 14:50:53 +00:00

50 lines
1.5 KiB
Diff
Raw Blame History

# HG changeset patch
# Parent 6dd892b74f13d258dc1bb3a70db7397dfb46c5e0
# use same lines naming as utempter (prevents problems with using different
# formats in ?tmp? files)
# --used to be called '-pts'
diff --git a/openssh-7.6p1/loginrec.c b/openssh-7.6p1/loginrec.c
--- a/openssh-7.6p1/loginrec.c
+++ b/openssh-7.6p1/loginrec.c
@@ -541,17 +541,17 @@ getlast_entry(struct logininfo *li)
/*
* 'line' string utility functions
*
* These functions process the 'line' string into one of three forms:
*
* 1. The full filename (including '/dev')
* 2. The stripped name (excluding '/dev')
* 3. The abbreviated name (e.g. /dev/ttyp00 -> yp00
- * /dev/pts/1 -> ts/1 )
+ * /dev/pts/1 -> /1 )
*
* Form 3 is used on some systems to identify a .tmp.? entry when
* attempting to remove it. Typically both addition and removal is
* performed by one application - say, sshd - so as long as the choice
* uniquely identifies a terminal it's ok.
*/
@@ -602,16 +602,20 @@ line_abbrevname(char *dst, const char *s
/* Always skip prefix if present */
if (strncmp(src, "/dev/", 5) == 0)
src += 5;
#ifdef WITH_ABBREV_NO_TTY
if (strncmp(src, "tty", 3) == 0)
src += 3;
#endif
+ if (strncmp(src, "pts/", 4) == 0) {
+ src += 3;
+ if (strlen(src) > 4) src++;
+ }
len = strlen(src);
if (len > 0) {
if (((int)len - dstsize) > 0)
src += ((int)len - dstsize);
/* note: _don't_ change this to strlcpy */
Reference in New Issue View Git Blame Copy Permalink