forked from pool/openssh
6dac324cb7
- enable support for SSHv1 protocol and discourage its usage
(bsc#983307)
- enable DSA by default for backward compatibility and discourage
its usage (bsc#983784)
[openssh-7.2p2-allow_DSS_by_default.patch]
- upgrade to 7.2p2
upstream package without any SUSE patches
Distilled upstream log:
- OpenSSH 6.7
Potentially-incompatible changes:
* sshd(8): The default set of ciphers and MACs has been
altered to remove unsafe algorithms. In particular, CBC
ciphers and arcfour* are disabled by default.
The full set of algorithms remains available if configured
explicitly via the Ciphers and MACs sshd_config options.
* sshd(8): Support for tcpwrappers/libwrap has been removed.
* OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of
connections using the curve25519-sha256@libssh.org KEX
exchange method to fail when connecting with something that
implements the specification correctly. OpenSSH 6.7 disables
this KEX method when speaking to one of the affected
versions.
New Features:
* ssh(1), sshd(8): Add support for Unix domain socket
forwarding. A remote TCP port may be forwarded to a local
Unix domain socket and vice versa or both ends may be a Unix
domain socket.
* ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for
ED25519 key types.
OBS-URL: https://build.opensuse.org/request/show/407066
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=107
56 lines
1.4 KiB
Diff
56 lines
1.4 KiB
Diff
# HG changeset patch
|
|
# Parent 07998e381c9867b8b6f7b9205261811934bef40f
|
|
# --used to be called '-xauth'
|
|
try to remove xauth cookies on logout
|
|
|
|
bnc#98815
|
|
|
|
diff --git a/openssh-7.2p2/session.c b/openssh-7.2p2/session.c
|
|
--- a/openssh-7.2p2/session.c
|
|
+++ b/openssh-7.2p2/session.c
|
|
@@ -2540,16 +2540,44 @@ session_close(Session *s)
|
|
u_int i;
|
|
|
|
verbose("Close session: user %s from %.200s port %d id %d",
|
|
s->pw->pw_name,
|
|
get_remote_ipaddr(),
|
|
get_remote_port(),
|
|
s->self);
|
|
|
|
+ if ((s->display != NULL) && (s->auth_proto != NULL) &&
|
|
+ (s->auth_data != NULL) && (options.xauth_location != NULL)) {
|
|
+ pid_t pid;
|
|
+ FILE *f;
|
|
+ char cmd[1024];
|
|
+ struct passwd * pw = s->pw;
|
|
+
|
|
+ if (!(pid = fork())) {
|
|
+ permanently_set_uid(pw);
|
|
+
|
|
+ /* Remove authority data from .Xauthority if appropriate. */
|
|
+ debug("Running %.500s remove %.100s\n",
|
|
+ options.xauth_location, s->auth_display);
|
|
+
|
|
+ snprintf(cmd, sizeof cmd, "unset XAUTHORITY && HOME=\"%.200s\" %s -q -",
|
|
+ s->pw->pw_dir, options.xauth_location);
|
|
+ f = popen(cmd, "w");
|
|
+ if (f) {
|
|
+ fprintf(f, "remove %s\n", s->auth_display);
|
|
+ pclose(f);
|
|
+ } else
|
|
+ error("Could not run %s\n", cmd);
|
|
+ exit(0);
|
|
+ } else if (pid > 0) {
|
|
+ waitpid(pid, NULL, 0);
|
|
+ }
|
|
+ }
|
|
+
|
|
if (s->ttyfd != -1)
|
|
session_pty_cleanup(s);
|
|
free(s->term);
|
|
free(s->display);
|
|
free(s->x11_chanids);
|
|
free(s->auth_display);
|
|
free(s->auth_data);
|
|
free(s->auth_proto);
|