Antonio Larrosa
fef1b16e66
commented out). The keycat binary isn't really installed nor supported, so we can drop it, except for the code that is used by other SELinux patches, which is what I kept from that patch (boo#1229072). - Add patch submitted to upstream to fix RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (boo#1229010). * 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=274
24 lines
829 B
Diff
24 lines
829 B
Diff
# HG changeset patch
|
|
# Parent 44592f09f090e74432f608084069d30d808fda69
|
|
Do not throw away already open sockets for X11 forwarding if another socket
|
|
family is not available for bind()
|
|
|
|
Index: openssh-8.8p1/channels.c
|
|
===================================================================
|
|
--- openssh-8.8p1.orig/channels.c
|
|
+++ openssh-8.8p1/channels.c
|
|
@@ -4607,6 +4607,13 @@ x11_create_display_inet(struct ssh *ssh,
|
|
debug2_f("bind port %d: %.100s", port,
|
|
strerror(errno));
|
|
close(sock);
|
|
+ /* do not remove successfully opened sockets if
|
|
+ * the request failed because the protocol
|
|
+ * IPv4/6 is not available (e.g. IPv6 may be
|
|
+ * disabled while being supported)
|
|
+ */
|
|
+ if (EADDRNOTAVAIL == errno)
|
|
+ continue;
|
|
for (n = 0; n < num_socks; n++)
|
|
close(socks[n]);
|
|
num_socks = 0;
|