Home
My Posts

Archive
Login
Signup

Recent Posts

Free subdomains

Want your own xyz.kpaste.net sub-domain for your community? Just type the address into your browser address bar (foo.xyz.kpaste.net is also supported).

Suggestions/Bugs?

Email us at . Try to include as much info as possible.

About

Pastebin is a tool for collaborative debugging or editing.

 

Debian OpenSSH backport to Jessie
Posted by Anonymous on Fri 17th Feb 2023 12:32
raw | new post
view followups (newest first): Debian OpenSSH backport to Jessie by Anonymous
modification of post by Anonymous (view diff)

Submit a correction or amendment below (click here to make a fresh posting)
After submitting an amendment, you'll be able to view the differences between the old and new posts easily.

Syntax highlighting: None Bash C C++ CSS Diff HTML mIRC Script Perl PHP Python Smarty XML ---------------------------- ABAP Actionscript ADA Apache Log AppleScript APT sources.list ASM ASP AutoIT Bash C C# C++ C++ (with QT) CSS Diff HTML INI (Config Files) Java Javascript Lua Make mIRC Script MySQL NSIS Perl PHP Python Q(uick)BASIC robots Ruby Ruby on Rails SDLBasic Smarty SQL TCL Text VB.NET Visual BASIC Visual Fox Pro Visual Prolog Windows Registry Files XML Xorg.conf

To highlight particular lines, prefix each line with {%HIGHLIGHT}
# Debian OpenSSH backport to Debian/Jessie # # git clone https://salsa.debian.org/ssh-team/openssh.git # cd openssh/ # patch -p1 <this_patch.patch # debuild -b -uc -us 2>&1 | tee buildlog.log # diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..204822d --- /dev/null +++ b/.gitattributes @@ -0,0 +1,6 @@ +configure -diff +aclocal.m4 -diff +config.guess -diff +aclocal.m4 -diff +config.guess -diff +config.sub -diff diff --git a/contrib/gnome-ssh-askpass3.c b/contrib/gnome-ssh-askpass3.c index e1a0533..6a6d25c 100644 --- a/contrib/gnome-ssh-askpass3.c +++ b/contrib/gnome-ssh-askpass3.c @@ -63,6 +63,22 @@ #include <gdk/gdkkeysyms.h> static void +report_failed_grab (GtkWidget *parent_window, const char *what) +{ + GtkWidget *err; + + err = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0, + GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE, + "Could not grab %s. A malicious client may be eavesdropping " + "on your session.", what); + gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER); + + gtk_dialog_run(GTK_DIALOG(err)); + + gtk_widget_destroy(err); +} + +static void ok_dialog(GtkWidget *entry, gpointer dialog) { g_return_if_fail(GTK_IS_DIALOG(dialog)); @@ -137,12 +153,9 @@ passphrase_dialog(char *message, int prompt_type) char *passphrase, *local; int result, grab_tries, grab_server, grab_pointer; int buttons, default_response; - GtkWidget *parent_window, *dialog, *entry, *err; + GtkWidget *parent_window, *dialog, *entry; GdkGrabStatus status; GdkColor fg, bg; - GdkSeat *seat; - GdkDisplay *display; - GdkSeatCapabilities caps; int fg_set = 0, bg_set = 0; grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); @@ -213,30 +226,48 @@ passphrase_dialog(char *message, int prompt_type) G_CALLBACK(check_none), dialog); } } + /* Grab focus */ gtk_widget_show_now(dialog); - display = gtk_widget_get_display(GTK_WIDGET(dialog)); - seat = gdk_display_get_default_seat(display); - caps = GDK_SEAT_CAPABILITY_KEYBOARD; - if (grab_pointer) - caps |= GDK_SEAT_CAPABILITY_ALL_POINTING; - if (grab_server) - caps = GDK_SEAT_CAPABILITY_ALL; - for (;;) { - status = gdk_seat_grab(seat, gtk_widget_get_window(dialog), - caps, TRUE, NULL, NULL, NULL, NULL); + if (grab_pointer) { + for(;;) { + status = gdk_pointer_grab( + (gtk_widget_get_window(GTK_WIDGET(dialog))), TRUE, + 0, NULL, NULL, GDK_CURRENT_TIME); + if (status == GDK_GRAB_SUCCESS) + break; + usleep(GRAB_WAIT * 1000); + if (++grab_tries > GRAB_TRIES) { + failed = "mouse"; + goto nograb; + } + } + } + for(;;) { + status = gdk_keyboard_grab( + gtk_widget_get_window(GTK_WIDGET(dialog)), FALSE, + GDK_CURRENT_TIME); if (status == GDK_GRAB_SUCCESS) break; usleep(GRAB_WAIT * 1000); - if (++grab_tries > GRAB_TRIES) - goto nograb; + if (++grab_tries > GRAB_TRIES) { + failed = "keyboard"; + goto nograbkb; + } + } + if (grab_server) { + gdk_x11_grab_server(); } result = gtk_dialog_run(GTK_DIALOG(dialog)); /* Ungrab */ - gdk_seat_ungrab(seat); - gdk_display_flush(display); + if (grab_server) + XUngrabServer(gdk_x11_get_default_xdisplay()); + if (grab_pointer) + gdk_pointer_ungrab(GDK_CURRENT_TIME); + gdk_keyboard_ungrab(GDK_CURRENT_TIME); + gdk_flush(); /* Report passphrase if user selected OK */ if (prompt_type == PROMPT_ENTRY) { @@ -264,16 +295,21 @@ passphrase_dialog(char *message, int prompt_type) return -1; return 0; + nograbkb: + /* + * At least one grab failed - ungrab what we got, and report + * the failure to the user. Note that XGrabServer() cannot + * fail. + */ + gdk_pointer_ungrab(GDK_CURRENT_TIME); nograb: + if (grab_server) + XUngrabServer(gdk_x11_get_default_xdisplay()); gtk_widget_destroy(dialog); - err = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0, - GTK_MESSAGE_ERROR, GTK_BUTTONS_CLOSE, - "Could not grab input. A malicious client may be eavesdropping " - "on your session."); - gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER); - gtk_dialog_run(GTK_DIALOG(err)); - gtk_widget_destroy(err); - return -1; + + report_failed_grab(parent_window, failed); + + return (-1); } int @@ -284,6 +320,8 @@ main(int argc, char **argv) gtk_init(&argc, &argv); + gtk_window_set_default_icon_from_file ("/usr/share/pixmaps/ssh-askpass-gnome.png", NULL); + if (argc > 1) { message = g_strjoinv(" ", argv + 1); } else { diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/control b/debian/control index f3ed979..efbfc0c 100644 --- a/debian/control +++ b/debian/control @@ -2,18 +2,15 @@ Source: openssh Section: net Priority: standard Maintainer: Debian OpenSSH Maintainers <debian-ssh@lists.debian.org> -Build-Depends: debhelper (>= 13.1~), - debhelper-compat (= 13), +Build-Depends: debhelper, dh-exec, - dh-runit (>= 2.8.8), libaudit-dev [linux-any], libedit-dev, - libfido2-dev (>= 1.5.0) [linux-any], libgtk-3-dev <!pkg.openssh.nognome>, libkrb5-dev | heimdal-dev, libpam0g-dev | libpam-dev, libselinux1-dev [linux-any], - libssl-dev (>= 1.1.0g), + libssl-dev , libsystemd-dev [linux-any] | libelogind-dev [linux-any], libwrap0-dev | libwrap-dev, pkg-config, @@ -24,7 +21,6 @@ Uploaders: Colin Watson <cjwatson@debian.org>, Homepage: https://www.openssh.com/ Vcs-Git: https://salsa.debian.org/ssh-team/openssh.git Vcs-Browser: https://salsa.debian.org/ssh-team/openssh -Rules-Requires-Root: no Package: openssh-client Architecture: any diff --git a/debian/rules b/debian/rules index 18b2bf3..2fcd3ab 100755 --- a/debian/rules +++ b/debian/rules @@ -78,7 +78,7 @@ ifeq ($(DEB_HOST_ARCH_OS),linux) confflags += --with-selinux confflags += --with-audit=linux confflags += --with-systemd -confflags += --with-security-key-builtin +#confflags += --with-security-key-builtin endif # The deb build wants xauth; the udeb build doesn't. @@ -98,15 +98,15 @@ confflags += --with-cflags='$(cflags)' confflags_udeb += --with-cflags='$(cflags_udeb)' # Linker flags. -confflags += --with-ldflags='$(strip -Wl,--as-needed $(LDFLAGS))' -confflags_udeb += --with-ldflags='-Wl,--as-needed' +#confflags += --with-ldflags='$(strip -Wl,--as-needed $(LDFLAGS))' +#confflags_udeb += --with-ldflags='-Wl,--as-needed' ifeq ($(shell dpkg-vendor --is Ubuntu && echo yes) $(DEB_HOST_ARCH), yes i386) BUILD_PACKAGES += -Nopenssh-tests endif %: - dh $@ --with=runit $(BUILD_PACKAGES) + dh $@ $(BUILD_PACKAGES) override_dh_autoreconf-indep:

Title:

Privacy: Public Private

How long should your post be retained?

15 mins an hour a day a week a month forever

All content is user-submitted.
The administrators of this site (kpaste.net) are not responsible for their content.
Abuse reports should be emailed to us at