diff --git a/dist b/dist index 9c0e36ec42a2d9bfefacb21ac6354c9ddd910533..535c6900412d365bb0ff6de8d1f27110833b3ae3 100644 --- a/dist +++ b/dist @@ -1 +1 @@ -an8 +an8_7 diff --git a/openssh-8.0p1-ipv6-process.patch b/openssh-8.0p1-ipv6-process.patch new file mode 100644 index 0000000000000000000000000000000000000000..cb769382472a81eb994394a0bf4b87a0435bc3e0 --- /dev/null +++ b/openssh-8.0p1-ipv6-process.patch @@ -0,0 +1,27 @@ +diff --git a/sftp.c b/sftp.c +index 04881c83..03c7a5c7 100644 +--- a/sftp.c ++++ b/sftp.c +@@ -2527,12 +2527,17 @@ main(int argc, char **argv) + port = tmp; + break; + default: ++ /* Try with user, host and path. */ + if (parse_user_host_path(*argv, &user, &host, +- &file1) == -1) { +- /* Treat as a plain hostname. */ +- host = xstrdup(*argv); +- host = cleanhostname(host); +- } ++ &file1) == 0) ++ break; ++ /* Try with user and host. */ ++ if (parse_user_host_port(*argv, &user, &host, NULL) ++ == 0) ++ break; ++ /* Treat as a plain hostname. */ ++ host = xstrdup(*argv); ++ host = cleanhostname(host); + break; + } + file2 = *(argv + 1); diff --git a/openssh-8.3p1-fix-desynchronised-utimes-failed.patch b/openssh-8.3p1-fix-desynchronised-utimes-failed.patch new file mode 100644 index 0000000000000000000000000000000000000000..d522f28591ecd51fffaeaa8e92eacb2e49d9dd31 --- /dev/null +++ b/openssh-8.3p1-fix-desynchronised-utimes-failed.patch @@ -0,0 +1,14 @@ +diff --color -ru openssh-8.0p1/scp.c openssh-8.0p1-new/scp.c +--- openssh-8.0p1/scp.c 2023-03-17 16:27:55.831000000 -0400 ++++ openssh-8.0p1-new/scp.c 2023-03-17 16:29:49.246000000 -0400 +@@ -1431,9 +1431,7 @@ + sink(1, vect, src); + if (setimes) { + setimes = 0; +- if (utimes(vect[0], tv) < 0) +- run_err("%s: set times: %s", +- vect[0], strerror(errno)); ++ (void) utimes(vect[0], tv); + } + if (mod_flag) + (void) chmod(vect[0], mode); diff --git a/openssh.spec b/openssh.spec index 8eacb8d18f0f7992fdaadf0157b8c2f3bb19b8a3..877c024ef88bf1194e514e4f819f0d4f9798b11e 100644 --- a/openssh.spec +++ b/openssh.spec @@ -67,7 +67,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.0p1 -%global openssh_rel 16 +%global openssh_rel 17 %global pam_ssh_agent_ver 0.10.3 %global pam_ssh_agent_rel 7 @@ -273,6 +273,8 @@ Patch984: openssh-8.0p1-crypto-policy-doc.patch # 0fa33683223c76289470a954404047bc762be84c # f8df0413f0a057b6a3d3dd7bd8bc7c5d80911d3a Patch985: openssh-8.7p1-minimize-sha1-use.patch +# Upstream 25e3bccbaa63d27b9d5e09c123f1eb28594d2bd6 +Patch987: openssh-8.0p1-ipv6-process.patch Patch1001: 1001-openssh-8.1p1-seccomp-nanosleep.patch @@ -282,6 +284,8 @@ Patch1002: 1000-openssh-anolis-fix-seccomp-error.patch # End # Fix a one-byte overflow in SSH-banner processing Patch1003: openssh-9.1p1-fix-onebyte-buffer-overflow.patch +Patch1004: openssh-8.3p1-fix-desynchronised-utimes-failed.patch +Patch10000: openssh-8.0p1-sw.patch License: BSD Group: Applications/Internet @@ -513,6 +517,7 @@ popd %patch983 -p1 -b .sftp-realpath %patch984 -p1 -b .crypto-policy-doc %patch985 -p1 -b .minimize-sha1-use +%patch987 -p1 -b .sftp_ipv6 %patch200 -p1 -b .audit %patch201 -p1 -b .audit-race @@ -523,6 +528,8 @@ popd %patch1001 -p1 %patch1002 -p1 %patch1003 -p1 +%patch1004 -p1 +%patch10000 -p1 autoreconf pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver} @@ -808,12 +815,17 @@ getent passwd sshd >/dev/null || \ %endif %changelog -* Sat Mar 18 2023 JiangYong - 8.0p1-16.0.2 -- Fix a one-byte overflow in SSH-banner processing +* Wed May 17 2023 wxiat - 8.0p1-17.0.2 +- add sw patch -* Thu Dec 29 2022 Weitao Zhou - 8.0p1-16.0.1 +* Thu May 11 2023 Weitao Zhou - 8.0p1-17.0.1 - seccomp: Allow check_nanosleep to better compatibility for both glibc2.28 and glibc2.32 - Support loongarch64 seccomp_filter sandbox (xuezhixin@uniontech.com) +- Fix a one-byte overflow in SSH-banner processing (jiang.yong5@zte.com.cn) +- another case where a utimes() failure could make scp send (jiang.yong5@zte.com.cn) + +* Mon Jan 23 2023 Dmitry Belyavskiy - 8.0p1-17 +- Fix parsing of IPv6 IPs in sftp client (#2162733) * Wed Jun 29 2022 Zoltan Fridrich - 8.0p1-16 - Omit client side from minimize-sha1-use.patch to prevent regression (#2093897)