diff options
| author | Colin Watson <cjwatson@debian.org> | 2017-10-07 13:43:16 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2017-10-07 13:43:45 +0100 |
| commit | 1f58a7cbdd7f85a9a04a540ff3886881091bfe8a (patch) | |
| tree | 5a719c1736d94fc6d483b58adf5d1691e089105d | |
| parent | 1e0d55f9163793742d20eaadd4784db16fd3459d (diff) | |
| parent | e293f21da513a7db59fe1997c9e90e2e9cdbceda (diff) | |
Apply upstream patch to fix PermitOpen argument handling.
| -rw-r--r-- | debian/.git-dpm | 4 | ||||
| -rw-r--r-- | debian/changelog | 6 | ||||
| -rw-r--r-- | debian/patches/permitopen-argument-handling.patch | 51 | ||||
| -rw-r--r-- | debian/patches/series | 1 | ||||
| -rw-r--r-- | servconf.c | 8 |
5 files changed, 64 insertions, 6 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm index f621e7ad8..f73621e9d 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm | |||
| @@ -1,6 +1,6 @@ | |||
| 1 | # see git-dpm(1) from git-dpm package | 1 | # see git-dpm(1) from git-dpm package |
| 2 | 801a62eedaaf47b20dbf4b426dc3e084bf0c8d49 | 2 | e293f21da513a7db59fe1997c9e90e2e9cdbceda |
| 3 | 801a62eedaaf47b20dbf4b426dc3e084bf0c8d49 | 3 | e293f21da513a7db59fe1997c9e90e2e9cdbceda |
| 4 | 62f54f20bf351468e0124f63cc2902ee40d9b0e9 | 4 | 62f54f20bf351468e0124f63cc2902ee40d9b0e9 |
| 5 | 62f54f20bf351468e0124f63cc2902ee40d9b0e9 | 5 | 62f54f20bf351468e0124f63cc2902ee40d9b0e9 |
| 6 | openssh_7.6p1.orig.tar.gz | 6 | openssh_7.6p1.orig.tar.gz |
diff --git a/debian/changelog b/debian/changelog index cbf84cbca..f63728e66 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -1,3 +1,9 @@ | |||
| 1 | openssh (1:7.6p1-2) UNRELEASED; urgency=medium | ||
| 2 | |||
| 3 | * Apply upstream patch to fix PermitOpen argument handling. | ||
| 4 | |||
| 5 | -- Colin Watson <cjwatson@debian.org> Sat, 07 Oct 2017 13:43:21 +0100 | ||
| 6 | |||
| 1 | openssh (1:7.6p1-1) unstable; urgency=medium | 7 | openssh (1:7.6p1-1) unstable; urgency=medium |
| 2 | 8 | ||
| 3 | * New upstream release (https://www.openssh.com/txt/release-7.6): | 9 | * New upstream release (https://www.openssh.com/txt/release-7.6): |
diff --git a/debian/patches/permitopen-argument-handling.patch b/debian/patches/permitopen-argument-handling.patch new file mode 100644 index 000000000..6369c395c --- /dev/null +++ b/debian/patches/permitopen-argument-handling.patch | |||
| @@ -0,0 +1,51 @@ | |||
| 1 | From e293f21da513a7db59fe1997c9e90e2e9cdbceda Mon Sep 17 00:00:00 2001 | ||
| 2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
| 3 | Date: Wed, 4 Oct 2017 18:49:30 +0000 | ||
| 4 | Subject: Fix PermitOpen argument handling | ||
| 5 | |||
| 6 | fix (another) problem in PermitOpen introduced during the | ||
| 7 | channels.c refactor: the third and subsequent arguments to PermitOpen were | ||
| 8 | being silently ignored; ok markus@ | ||
| 9 | |||
| 10 | Upstream-ID: 067c89f1f53cbc381628012ba776d6861e6782fd | ||
| 11 | |||
| 12 | Origin: https://anongit.mindrot.org/openssh.git/commit/?id=7c9613fac3371cf65fb07739212cdd1ebf6575da | ||
| 13 | Last-Update: 2017-10-07 | ||
| 14 | |||
| 15 | Patch-Name: permitopen-argument-handling.patch | ||
| 16 | --- | ||
| 17 | servconf.c | 8 ++++---- | ||
| 18 | 1 file changed, 4 insertions(+), 4 deletions(-) | ||
| 19 | |||
| 20 | diff --git a/servconf.c b/servconf.c | ||
| 21 | index 5e996cf8..9daa182c 100644 | ||
| 22 | --- a/servconf.c | ||
| 23 | +++ b/servconf.c | ||
| 24 | @@ -1,5 +1,5 @@ | ||
| 25 | |||
| 26 | -/* $OpenBSD: servconf.c,v 1.312 2017/10/02 19:33:20 djm Exp $ */ | ||
| 27 | +/* $OpenBSD: servconf.c,v 1.313 2017/10/04 18:49:30 djm Exp $ */ | ||
| 28 | /* | ||
| 29 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
| 30 | * All rights reserved | ||
| 31 | @@ -1690,9 +1690,9 @@ process_server_config_line(ServerOptions *options, char *line, | ||
| 32 | if (!arg || *arg == '\0') | ||
| 33 | fatal("%s line %d: missing PermitOpen specification", | ||
| 34 | filename, linenum); | ||
| 35 | - i = options->num_permitted_opens; /* modified later */ | ||
| 36 | + value = options->num_permitted_opens; /* modified later */ | ||
| 37 | if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { | ||
| 38 | - if (*activep && i == 0) { | ||
| 39 | + if (*activep && value == 0) { | ||
| 40 | options->num_permitted_opens = 1; | ||
| 41 | options->permitted_opens = xcalloc(1, | ||
| 42 | sizeof(*options->permitted_opens)); | ||
| 43 | @@ -1710,7 +1710,7 @@ process_server_config_line(ServerOptions *options, char *line, | ||
| 44 | if (arg == NULL || ((port = permitopen_port(arg)) < 0)) | ||
| 45 | fatal("%s line %d: bad port number in " | ||
| 46 | "PermitOpen", filename, linenum); | ||
| 47 | - if (*activep && i == 0) { | ||
| 48 | + if (*activep && value == 0) { | ||
| 49 | options->permitted_opens = xrecallocarray( | ||
| 50 | options->permitted_opens, | ||
| 51 | options->num_permitted_opens, | ||
diff --git a/debian/patches/series b/debian/patches/series index d1bb1ff5c..7b9d0e39b 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
| @@ -26,3 +26,4 @@ restore-authorized_keys2.patch | |||
| 26 | seccomp-s390-flock-ipc.patch | 26 | seccomp-s390-flock-ipc.patch |
| 27 | seccomp-getuid-geteuid.patch | 27 | seccomp-getuid-geteuid.patch |
| 28 | seccomp-s390-ioctl-ep11-crypto.patch | 28 | seccomp-s390-ioctl-ep11-crypto.patch |
| 29 | permitopen-argument-handling.patch | ||
diff --git a/servconf.c b/servconf.c index 5e996cf8f..9daa182c0 100644 --- a/servconf.c +++ b/servconf.c | |||
| @@ -1,5 +1,5 @@ | |||
| 1 | 1 | ||
| 2 | /* $OpenBSD: servconf.c,v 1.312 2017/10/02 19:33:20 djm Exp $ */ | 2 | /* $OpenBSD: servconf.c,v 1.313 2017/10/04 18:49:30 djm Exp $ */ |
| 3 | /* | 3 | /* |
| 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | 4 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland |
| 5 | * All rights reserved | 5 | * All rights reserved |
| @@ -1690,9 +1690,9 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1690 | if (!arg || *arg == '\0') | 1690 | if (!arg || *arg == '\0') |
| 1691 | fatal("%s line %d: missing PermitOpen specification", | 1691 | fatal("%s line %d: missing PermitOpen specification", |
| 1692 | filename, linenum); | 1692 | filename, linenum); |
| 1693 | i = options->num_permitted_opens; /* modified later */ | 1693 | value = options->num_permitted_opens; /* modified later */ |
| 1694 | if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { | 1694 | if (strcmp(arg, "any") == 0 || strcmp(arg, "none") == 0) { |
| 1695 | if (*activep && i == 0) { | 1695 | if (*activep && value == 0) { |
| 1696 | options->num_permitted_opens = 1; | 1696 | options->num_permitted_opens = 1; |
| 1697 | options->permitted_opens = xcalloc(1, | 1697 | options->permitted_opens = xcalloc(1, |
| 1698 | sizeof(*options->permitted_opens)); | 1698 | sizeof(*options->permitted_opens)); |
| @@ -1710,7 +1710,7 @@ process_server_config_line(ServerOptions *options, char *line, | |||
| 1710 | if (arg == NULL || ((port = permitopen_port(arg)) < 0)) | 1710 | if (arg == NULL || ((port = permitopen_port(arg)) < 0)) |
| 1711 | fatal("%s line %d: bad port number in " | 1711 | fatal("%s line %d: bad port number in " |
| 1712 | "PermitOpen", filename, linenum); | 1712 | "PermitOpen", filename, linenum); |
| 1713 | if (*activep && i == 0) { | 1713 | if (*activep && value == 0) { |
| 1714 | options->permitted_opens = xrecallocarray( | 1714 | options->permitted_opens = xrecallocarray( |
| 1715 | options->permitted_opens, | 1715 | options->permitted_opens, |
| 1716 | options->num_permitted_opens, | 1716 | options->num_permitted_opens, |