diff --git a/openssh-3.9p1-log-in-chroot.patch b/openssh-3.9p1-log-in-chroot.patch new file mode 100644 index 0000000..222487b --- /dev/null +++ b/openssh-3.9p1-log-in-chroot.patch @@ -0,0 +1,53 @@ +--- openssh-3.9p1/log.h.log-chroot 2006-02-22 10:54:04.000000000 +0100 ++++ openssh-3.9p1/log.h 2006-02-22 10:53:29.000000000 +0100 +@@ -63,4 +63,6 @@ + + void do_log(LogLevel, const char *, va_list); + void cleanup_exit(int) __dead; ++ ++void open_log(void); + #endif +--- openssh-3.9p1/log.c.log-chroot 2006-02-22 13:29:48.000000000 +0100 ++++ openssh-3.9p1/log.c 2006-02-22 10:56:01.000000000 +0100 +@@ -48,6 +48,7 @@ + static int log_on_stderr = 1; + static int log_facility = LOG_AUTH; + static char *argv0; ++static int log_fd_keep; + + extern char *__progname; + +@@ -330,9 +331,20 @@ + syslog_r(pri, &sdata, "%.500s", fmtbuf); + closelog_r(&sdata); + #else ++ if (!log_fd_keep) { + openlog(argv0 ? argv0 : __progname, LOG_PID, log_facility); ++ } + syslog(pri, "%.500s", fmtbuf); ++ if (!log_fd_keep) { + closelog(); ++ } + #endif + } + } ++ ++void ++open_log(void) ++{ ++ openlog(argv0 ? argv0 : __progname, LOG_PID|LOG_NDELAY, log_facility); ++ log_fd_keep = 1; ++} +--- openssh-3.9p1/sshd.c.log-chroot 2006-01-11 13:42:32.000000000 +0100 ++++ openssh-3.9p1/sshd.c 2006-02-22 18:58:24.000000000 +0100 +@@ -565,6 +565,10 @@ + memset(pw->pw_passwd, 0, strlen(pw->pw_passwd)); + endpwent(); + ++ /* Open the syslog permanently so the chrooted process still ++ can write to syslog. */ ++ open_log(); ++ + /* Change our root directory */ + if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) + fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, diff --git a/openssh.spec b/openssh.spec index 75df4ca..2f2530c 100644 --- a/openssh.spec +++ b/openssh.spec @@ -58,7 +58,7 @@ Summary: The OpenSSH implementation of SSH protocol versions 1 and 2. Name: openssh Version: 4.3p2 -%define rel 2 +%define rel 3 %if %{rescue} %define %{rel}rescue %else @@ -84,7 +84,8 @@ Patch22: openssh-3.9p1-askpass-keep-above.patch Patch23: openssh-3.9p1-no-log-signal.patch Patch24: openssh-4.3p1-fromto-remote.patch Patch25: openssh-4.3p2-scp-print-err.patch -Patch27: openssh-4.2p1-pam-no-stack.patch +Patch26: openssh-4.2p1-pam-no-stack.patch +Patch27: openssh-3.9p1-log-in-chroot.patch Patch30: openssh-4.0p1-exit-deadlock.patch Patch31: openssh-3.9p1-skip-used.patch Patch35: openssh-4.2p1-askpass-progress.patch @@ -207,7 +208,8 @@ an X11 passphrase dialog for OpenSSH. %patch23 -p1 -b .signal %patch24 -p1 -b .fromto-remote %patch25 -p1 -b .print-err -%patch27 -p1 -b .stack +%patch26 -p1 -b .stack +%patch27 -p1 -b .log-chroot %patch30 -p1 -b .exit-deadlock %patch31 -p1 -b .skip-used %patch35 -p1 -b .progress @@ -452,6 +454,10 @@ fi %endif %changelog +* Fri Feb 24 2006 Tomas Mraz - 4.3p2-3 +- enable the subprocess in chroot to send messages to system log +- sshd should prevent login if audit call fails + * Tue Feb 21 2006 Tomas Mraz - 4.3p2-2 - print error from scp if not remote (patch by Bjorn Augustsson #178923)