Antonio Larrosa
fef1b16e66
commented out). The keycat binary isn't really installed nor supported, so we can drop it, except for the code that is used by other SELinux patches, which is what I kept from that patch (boo#1229072). - Add patch submitted to upstream to fix RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (boo#1229010). * 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=274
39 lines
1.2 KiB
Diff
39 lines
1.2 KiB
Diff
# HG changeset patch
|
|
# Parent 8df645ca39d64de025d8838c5713812e72308c92
|
|
Correctly parse DISPLAY variable for cases where it contains an IPv6 address
|
|
(which should - but not always is - in (square) brackets).
|
|
|
|
bnc#847710 - https://bugzilla.novell.com/show_bug.cgi?id=847710
|
|
|
|
Index: openssh-8.8p1/channels.c
|
|
===================================================================
|
|
--- openssh-8.8p1.orig/channels.c
|
|
+++ openssh-8.8p1/channels.c
|
|
@@ -4776,9 +4776,10 @@ x11_connect_display(struct ssh *ssh)
|
|
/*
|
|
* Connect to an inet socket. The DISPLAY value is supposedly
|
|
* hostname:d[.s], where hostname may also be numeric IP address.
|
|
+ * Note that IPv6 numeric addresses contain colons (e.g. ::1:0)
|
|
*/
|
|
strlcpy(buf, display, sizeof(buf));
|
|
- cp = strchr(buf, ':');
|
|
+ cp = strrchr(buf, ':');
|
|
if (!cp) {
|
|
error("Could not find ':' in DISPLAY: %.100s", display);
|
|
return -1;
|
|
@@ -4793,6 +4794,14 @@ x11_connect_display(struct ssh *ssh)
|
|
display);
|
|
return -1;
|
|
}
|
|
+
|
|
+ /* Remove brackets surrounding IPv6 addresses if there are any. */
|
|
+ if (buf[0] == '[' && (cp = strchr(buf, ']'))) {
|
|
+ *cp = 0;
|
|
+ cp = buf + 1;
|
|
+ } else {
|
|
+ cp = buf;
|
|
+ }
|
|
|
|
/* Look up the host address */
|
|
memset(&hints, 0, sizeof(hints));
|