From dfe8fee054b666314410b169cef032e91b8172ae Mon Sep 17 00:00:00 2001 From: Jan F. Chadima Date: Sep 21 2009 08:46:55 +0000 Subject: remove homechroot patch --- diff --git a/openssh-5.2p1-homechroot.patch b/openssh-5.2p1-homechroot.patch deleted file mode 100644 index 1ac7145..0000000 --- a/openssh-5.2p1-homechroot.patch +++ /dev/null @@ -1,78 +0,0 @@ -diff -up openssh-5.2p1/session.c.homechroot openssh-5.2p1/session.c ---- openssh-5.2p1/session.c.homechroot 2009-06-23 11:33:36.052163641 +0200 -+++ openssh-5.2p1/session.c 2009-06-23 11:33:36.372159228 +0200 -@@ -1398,6 +1398,8 @@ do_nologin(struct passwd *pw) - } - } - -+int chroot_no_tree = 0; -+ - /* - * Chroot into a directory after checking it for safety: all path components - * must be root-owned directories with strict permissions. -@@ -1408,6 +1410,7 @@ safely_chroot(const char *path, uid_t ui - const char *cp; - char component[MAXPATHLEN]; - struct stat st; -+ int last; - - if (*path != '/') - fatal("chroot path does not begin at root"); -@@ -1419,7 +1422,7 @@ safely_chroot(const char *path, uid_t ui - * root-owned directory with strict permissions. - */ - for (cp = path; cp != NULL;) { -- if ((cp = strchr(cp, '/')) == NULL) -+ if (((last = ((cp = strchr(cp, '/')) == NULL)))) - strlcpy(component, path, sizeof(component)); - else { - cp++; -@@ -1432,13 +1435,15 @@ safely_chroot(const char *path, uid_t ui - if (stat(component, &st) != 0) - fatal("%s: stat(\"%s\"): %s", __func__, - component, strerror(errno)); -- if (st.st_uid != 0 || (st.st_mode & 022) != 0) -+ if ((st.st_uid != 0 || (st.st_mode & 022) != 0) && !(last && st.st_uid == uid)) - fatal("bad ownership or modes for chroot " - "directory %s\"%s\"", - cp == NULL ? "" : "component ", component); - if (!S_ISDIR(st.st_mode)) - fatal("chroot path %s\"%s\" is not a directory", - cp == NULL ? "" : "component ", component); -+ if (st.st_uid != uid) -+ ++chroot_no_tree; - - } - -diff -up openssh-5.2p1/sftp-server.c.homechroot openssh-5.2p1/sftp-server.c ---- openssh-5.2p1/sftp-server.c.homechroot 2008-07-04 06:10:19.000000000 +0200 -+++ openssh-5.2p1/sftp-server.c 2009-06-23 11:33:36.374154561 +0200 -@@ -887,6 +887,7 @@ process_opendir(void) - static void - process_readdir(void) - { -+ extern int chroot_no_tree; - DIR *dirp; - struct dirent *dp; - char *path; -@@ -920,7 +921,7 @@ process_readdir(void) - continue; - stat_to_attrib(&st, &(stats[count].attrib)); - stats[count].name = xstrdup(dp->d_name); -- stats[count].long_name = ls_file(dp->d_name, &st, 0); -+ stats[count].long_name = ls_file(dp->d_name, &st, chroot_no_tree); - count++; - /* send up to 100 entries in one message */ - /* XXX check packet size instead */ -diff -up openssh-5.2p1/sftp-server-main.c.homechroot openssh-5.2p1/sftp-server-main.c ---- openssh-5.2p1/sftp-server-main.c.homechroot 2009-02-21 22:47:02.000000000 +0100 -+++ openssh-5.2p1/sftp-server-main.c 2009-06-23 11:33:36.378159051 +0200 -@@ -27,6 +27,8 @@ - #include "sftp.h" - #include "misc.h" - -+int chroot_no_tree = 0; -+ - void - cleanup_exit(int i) - { diff --git a/openssh.spec b/openssh.spec index 344fb33..7ba3578 100644 --- a/openssh.spec +++ b/openssh.spec @@ -63,7 +63,7 @@ Summary: An open source implementation of SSH protocol versions 1 and 2 Name: openssh Version: 5.2p1 -Release: 5%{?dist}%{?rescue_rel} +Release: 6%{?dist}%{?rescue_rel} URL: http://www.openssh.com/portable.html #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc @@ -97,7 +97,6 @@ Patch54: openssh-5.1p1-gssapi-role.patch Patch55: openssh-5.1p1-cloexec.patch Patch62: openssh-5.1p1-scp-manpage.patch Patch65: openssh-5.2p1-fips.patch -Patch66: openssh-5.2p1-homechroot.patch Patch67: openssh-5.2p1-selabel.patch License: BSD @@ -230,7 +229,6 @@ an X11 passphrase dialog for OpenSSH. %patch55 -p1 -b .cloexec %patch62 -p1 -b .manpage %patch65 -p1 -b .fips -%patch66 -p1 -b .homechroot %patch67 -p1 -b .selabel autoreconf @@ -476,7 +474,10 @@ fi %endif %changelog -* Tue Jun 30 2009 Jan F. Chadima - 5.2p1-11 +* Mon Sep 21 2009 Jan F. Chadima - 5.2p1-6 +- remove homechroot patch + +* Tue Jun 30 2009 Jan F. Chadima - 5.2p1-5 - create '~/.ssh/known_hosts' within proper context * Tue Jun 23 2009 Jan F. Chadima - 5.2p1-4