From 140ef5a0f51afcabb19d6f5899d4ecec78fc8d6a Mon Sep 17 00:00:00 2001
From: Jakub Jelen <jjelen@redhat.com>
Date: Feb 22 2017 13:56:00 +0000
Subject: Properly report errors from included files (#1408558)


---

diff --git a/openssh-7.4p1-include-errors.patch b/openssh-7.4p1-include-errors.patch
new file mode 100644
index 0000000..c4dfa0b
--- /dev/null
+++ b/openssh-7.4p1-include-errors.patch
@@ -0,0 +1,40 @@
+diff --git a/readconf.c b/readconf.c
+index fa3fab8..e7eb30d 100644
+--- a/readconf.c
++++ b/readconf.c
+@@ -1499,7 +1499,7 @@ parse_keytypes:
+ 				    oactive ? "" : " (parse only)");
+ 				r = read_config_file_depth(gl.gl_pathv[i],
+ 				    pw, host, original_host, options,
+-				    flags | SSHCONF_CHECKPERM |
++				    flags | SSHCONF_CHECKPERM | SSHCONF_IGNORE_READERR |
+ 				    (oactive ? 0 : SSHCONF_NEVERMATCH),
+ 				    activep, depth + 1);
+ 				/*
+@@ -1707,8 +1707,13 @@ read_config_file_depth(const char *filename, struct passwd *pw,
+ 	if (depth < 0 || depth > READCONF_MAX_DEPTH)
+ 		fatal("Too many recursive configuration includes");
+ 
+-	if ((f = fopen(filename, "r")) == NULL)
++	if ((f = fopen(filename, "r")) == NULL) {
++		if (flags & SSHCONF_IGNORE_READERR) {
++			error("Can not open configuration file %s", filename);
++			return 1;
++		}
+ 		return 0;
++	}
+ 
+ 	if (flags & SSHCONF_CHECKPERM) {
+ 		struct stat sb;
+diff --git a/readconf.h b/readconf.h
+index cef55f7..4f7d3b4 100644
+--- a/readconf.h
++++ b/readconf.h
+@@ -190,6 +190,7 @@ typedef struct {
+ #define SSHCONF_USERCONF	2  /* user provided config file not system */
+ #define SSHCONF_POSTCANON	4  /* After hostname canonicalisation */
+ #define SSHCONF_NEVERMATCH	8  /* Match/Host never matches; internal only */
++#define SSHCONF_IGNORE_READERR	16 /* Treat unreadable files as errors; internal only */
+ 
+ #define SSH_UPDATE_HOSTKEYS_NO	0
+ #define SSH_UPDATE_HOSTKEYS_YES	1
diff --git a/openssh.spec b/openssh.spec
index 8e58623..337e0d6 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -230,6 +230,8 @@ Patch944: openssh-7.3p1-x11-max-displays.patch
 Patch945: openssh-7.4p1-daemon.patch
 # Whitelist /usr/lib*/ as planed upstream to prevent breakage
 Patch946: openssh-7.4p1-pkcs11-whitelist.patch
+# Correct reporting errors from included files (#1408558)
+Patch947: openssh-7.4p1-include-errors.patch
 
 
 License: BSD
@@ -465,6 +467,7 @@ popd
 %patch944 -p1 -b .x11max
 %patch945 -p1 -b .daemon
 %patch946 -p1 -b .pkcs11-whitelist
+%patch947 -p1 -b .include-errors
 
 %patch200 -p1 -b .audit
 %patch201 -p1 -b .audit-race