diff options
author | Colin Watson <cjwatson@debian.org> | 2020-06-07 13:15:05 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2020-06-07 13:19:51 +0100 |
commit | a37608b8084ff62336307f901c9139c2441c11d6 (patch) | |
tree | 9c2954130816d1c042d6d7bec9aa31ecd26706d4 | |
parent | 58c1c4c51fb50edd0080d9483a1012fd2069c9cb (diff) | |
parent | 877a000e9474ed5e32029f434dbec4de2fb1696f (diff) |
Fix the handling of Port directives after Include
Closes: #962035
LP: #1876320
-rw-r--r-- | debian/.git-dpm | 4 | ||||
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | debian/patches/avoid-extra-ports.patch | 67 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | servconf.c | 10 |
5 files changed, 77 insertions, 7 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm index 033091076..0e68bd57c 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm | |||
@@ -1,6 +1,6 @@ | |||
1 | # see git-dpm(1) from git-dpm package | 1 | # see git-dpm(1) from git-dpm package |
2 | 39b8d128ef980a410bb1ea0ee80e95ac9fff59c3 | 2 | 877a000e9474ed5e32029f434dbec4de2fb1696f |
3 | 39b8d128ef980a410bb1ea0ee80e95ac9fff59c3 | 3 | 877a000e9474ed5e32029f434dbec4de2fb1696f |
4 | 202f5a676221c244cd450086c334c2b59f339e86 | 4 | 202f5a676221c244cd450086c334c2b59f339e86 |
5 | 202f5a676221c244cd450086c334c2b59f339e86 | 5 | 202f5a676221c244cd450086c334c2b59f339e86 |
6 | openssh_8.3p1.orig.tar.gz | 6 | openssh_8.3p1.orig.tar.gz |
diff --git a/debian/changelog b/debian/changelog index 9ac2ca4b0..7ceb917bb 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -80,6 +80,8 @@ openssh (1:8.3p1-1) UNRELEASED; urgency=medium | |||
80 | - Enable SHA2-based GSSAPI key exchange methods by default as RFC 8732 | 80 | - Enable SHA2-based GSSAPI key exchange methods by default as RFC 8732 |
81 | was published. | 81 | was published. |
82 | * Use AUTOPKGTEST_TMP rather than the deprecated ADTTMP. | 82 | * Use AUTOPKGTEST_TMP rather than the deprecated ADTTMP. |
83 | * Apply upstream patch to fix the handling of Port directives after | ||
84 | Include (closes: #962035, LP: #1876320). | ||
83 | 85 | ||
84 | -- Colin Watson <cjwatson@debian.org> Sun, 07 Jun 2020 10:25:54 +0100 | 86 | -- Colin Watson <cjwatson@debian.org> Sun, 07 Jun 2020 10:25:54 +0100 |
85 | 87 | ||
diff --git a/debian/patches/avoid-extra-ports.patch b/debian/patches/avoid-extra-ports.patch new file mode 100644 index 000000000..d8df325ac --- /dev/null +++ b/debian/patches/avoid-extra-ports.patch | |||
@@ -0,0 +1,67 @@ | |||
1 | From 877a000e9474ed5e32029f434dbec4de2fb1696f Mon Sep 17 00:00:00 2001 | ||
2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
3 | Date: Wed, 27 May 2020 21:59:11 +0000 | ||
4 | Subject: upstream: Do not call process_queued_listen_addrs() for every | ||
5 | |||
6 | included file from sshd_config; patch from Jakub Jelen | ||
7 | |||
8 | OpenBSD-Commit-ID: 0ff603d6f06a7fab4881f12503b53024799d0a49 | ||
9 | |||
10 | Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=0a9a611619b0a1fecd0195ec86a9885f5d681c84 | ||
11 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3169 | ||
12 | Bug-Debian: https://bugs.debian.org/962035 | ||
13 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/1876320 | ||
14 | Last-Update: 2020-06-07 | ||
15 | |||
16 | Patch-Name: avoid-extra-ports.patch | ||
17 | --- | ||
18 | servconf.c | 10 +++++----- | ||
19 | 1 file changed, 5 insertions(+), 5 deletions(-) | ||
20 | |||
21 | diff --git a/servconf.c b/servconf.c | ||
22 | index c290e9786..5f3336365 100644 | ||
23 | --- a/servconf.c | ||
24 | +++ b/servconf.c | ||
25 | @@ -1,5 +1,5 @@ | ||
26 | |||
27 | -/* $OpenBSD: servconf.c,v 1.363 2020/04/17 03:30:05 djm Exp $ */ | ||
28 | +/* $OpenBSD: servconf.c,v 1.364 2020/05/27 21:59:11 djm Exp $ */ | ||
29 | /* | ||
30 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
31 | * All rights reserved | ||
32 | @@ -75,8 +75,8 @@ static void add_listen_addr(ServerOptions *, const char *, | ||
33 | const char *, int); | ||
34 | static void add_one_listen_addr(ServerOptions *, const char *, | ||
35 | const char *, int); | ||
36 | -void parse_server_config_depth(ServerOptions *options, const char *filename, | ||
37 | - struct sshbuf *conf, struct include_list *includes, | ||
38 | +static void parse_server_config_depth(ServerOptions *options, | ||
39 | + const char *filename, struct sshbuf *conf, struct include_list *includes, | ||
40 | struct connection_info *connectinfo, int flags, int *activep, int depth); | ||
41 | |||
42 | /* Use of privilege separation or not */ | ||
43 | @@ -2623,7 +2623,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | ||
44 | #undef M_CP_STRARRAYOPT | ||
45 | |||
46 | #define SERVCONF_MAX_DEPTH 16 | ||
47 | -void | ||
48 | +static void | ||
49 | parse_server_config_depth(ServerOptions *options, const char *filename, | ||
50 | struct sshbuf *conf, struct include_list *includes, | ||
51 | struct connection_info *connectinfo, int flags, int *activep, int depth) | ||
52 | @@ -2649,7 +2649,6 @@ parse_server_config_depth(ServerOptions *options, const char *filename, | ||
53 | if (bad_options > 0) | ||
54 | fatal("%s: terminating, %d bad configuration options", | ||
55 | filename, bad_options); | ||
56 | - process_queued_listen_addrs(options); | ||
57 | } | ||
58 | |||
59 | void | ||
60 | @@ -2660,6 +2659,7 @@ parse_server_config(ServerOptions *options, const char *filename, | ||
61 | int active = connectinfo ? 0 : 1; | ||
62 | parse_server_config_depth(options, filename, conf, includes, | ||
63 | connectinfo, 0, &active, 0); | ||
64 | + process_queued_listen_addrs(options); | ||
65 | } | ||
66 | |||
67 | static const char * | ||
diff --git a/debian/patches/series b/debian/patches/series index 8c1046a74..9abd84350 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -23,3 +23,4 @@ debian-config.patch | |||
23 | restore-authorized_keys2.patch | 23 | restore-authorized_keys2.patch |
24 | conch-old-privkey-format.patch | 24 | conch-old-privkey-format.patch |
25 | revert-ipqos-defaults.patch | 25 | revert-ipqos-defaults.patch |
26 | avoid-extra-ports.patch | ||
diff --git a/servconf.c b/servconf.c index c290e9786..5f3336365 100644 --- a/servconf.c +++ b/servconf.c | |||
@@ -1,5 +1,5 @@ | |||
1 | 1 | ||
2 | /* $OpenBSD: servconf.c,v 1.363 2020/04/17 03:30:05 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.364 2020/05/27 21:59:11 djm Exp $ */ |
3 | /* | 3 | /* |
4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
5 | * All rights reserved | 5 | * All rights reserved |
@@ -75,8 +75,8 @@ static void add_listen_addr(ServerOptions *, const char *, | |||
75 | const char *, int); | 75 | const char *, int); |
76 | static void add_one_listen_addr(ServerOptions *, const char *, | 76 | static void add_one_listen_addr(ServerOptions *, const char *, |
77 | const char *, int); | 77 | const char *, int); |
78 | void parse_server_config_depth(ServerOptions *options, const char *filename, | 78 | static void parse_server_config_depth(ServerOptions *options, |
79 | struct sshbuf *conf, struct include_list *includes, | 79 | const char *filename, struct sshbuf *conf, struct include_list *includes, |
80 | struct connection_info *connectinfo, int flags, int *activep, int depth); | 80 | struct connection_info *connectinfo, int flags, int *activep, int depth); |
81 | 81 | ||
82 | /* Use of privilege separation or not */ | 82 | /* Use of privilege separation or not */ |
@@ -2623,7 +2623,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | |||
2623 | #undef M_CP_STRARRAYOPT | 2623 | #undef M_CP_STRARRAYOPT |
2624 | 2624 | ||
2625 | #define SERVCONF_MAX_DEPTH 16 | 2625 | #define SERVCONF_MAX_DEPTH 16 |
2626 | void | 2626 | static void |
2627 | parse_server_config_depth(ServerOptions *options, const char *filename, | 2627 | parse_server_config_depth(ServerOptions *options, const char *filename, |
2628 | struct sshbuf *conf, struct include_list *includes, | 2628 | struct sshbuf *conf, struct include_list *includes, |
2629 | struct connection_info *connectinfo, int flags, int *activep, int depth) | 2629 | struct connection_info *connectinfo, int flags, int *activep, int depth) |
@@ -2649,7 +2649,6 @@ parse_server_config_depth(ServerOptions *options, const char *filename, | |||
2649 | if (bad_options > 0) | 2649 | if (bad_options > 0) |
2650 | fatal("%s: terminating, %d bad configuration options", | 2650 | fatal("%s: terminating, %d bad configuration options", |
2651 | filename, bad_options); | 2651 | filename, bad_options); |
2652 | process_queued_listen_addrs(options); | ||
2653 | } | 2652 | } |
2654 | 2653 | ||
2655 | void | 2654 | void |
@@ -2660,6 +2659,7 @@ parse_server_config(ServerOptions *options, const char *filename, | |||
2660 | int active = connectinfo ? 0 : 1; | 2659 | int active = connectinfo ? 0 : 1; |
2661 | parse_server_config_depth(options, filename, conf, includes, | 2660 | parse_server_config_depth(options, filename, conf, includes, |
2662 | connectinfo, 0, &active, 0); | 2661 | connectinfo, 0, &active, 0); |
2662 | process_queued_listen_addrs(options); | ||
2663 | } | 2663 | } |
2664 | 2664 | ||
2665 | static const char * | 2665 | static const char * |