similar to: Building RPM for Openssh5.6p1 fails on RHEL 6.0

Hello, I have noticed that the -u parameter to the sftp-server or internal-sftp subsystem is not working correctly. For openssh-5.6p1 I believe that the problem lies in this code, starting at line 1414 in sftp-server.c: ---------------------------------------------------------- case 'u': mask = (mode_t)strtonum(optarg, 0, 0777, &errmsg); if (errmsg != NULL)

Hello again, Even with umask working (thanks very much!) I have found that I require more control over file permissions with sftp-server/internal-sftp. Please see the attached patch. It adds yet another option to sftp-server (-m) that will force file permissions. I have a been running a patched version of 5.6p1 under RHEL4 in production with no problems. Please consider including this change

https://bugzilla.mindrot.org/show_bug.cgi?id=1844 Summary: Explicit file permissions enhancement to sftp-server Product: Portable OpenSSH Version: 5.6p1 Platform: All OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sftp-server AssignedTo: unassigned-bugs at mindrot.org

Hi folks. We were made aware of a MITRE CVE assignment on OpenSSH for a remote DoS in sftp, described as: The (1) remote_glob function in sftp-glob.c and the (2) process_put function in sftp.c in OpenSSH 5.8 and earlier, as used in FreeBSD 7.3 and 8.1, NetBSD 5.0.2, OpenBSD 4.7, and other products, allow remote authenticated users to cause a denial of service (CPU and memory consumption) via

I have successfully created a packaged version of openssh that has the LPK patch. LPK allows you to store your public keys in LDAP. However when I go to install the package I created it complains about dependencies: [root at VIRTCENT13:/home/bluethundr/rpm]#rpm -Uvh openssh-5.6p1-1.i386.rpm error: Failed dependencies: openssh = 5.5p1-1.el5 is needed by (installed)

Hi all. I've looked at the archives and it seems to be quiet regarding this supposed "0-day" openssh vulnerability and I'm wondering if anyone here may have some insight or further information regarding it. We've been monitoring things and the amount of speculative info flying around is incredible. Some claim it's the CPNI-957037 issue, thus affecting <5.2, others

I'm curious as to whether or not there is a way to restrict forwarded ports server side. For instance, I'm running an IRC server and am allowing users to connect via ssh forwarding (so I can take advantange of using openssh's public key method for authentication). Each client I tell to setup their ~/.ssh/config in a certain way, but the relevant line is: LocalForward 6667

Hello again, Now that umask is working (thanks very much!) I have found that I would like to see more control over sftp-server/internal-sftp file permissions. Given that previous patches (sftp file control comes to mind) were produced indicates there are other users that would also like more control over file permissions. My solution was to add yet another option to sftp-server/internal-sftp

Hi, Has anyone had success getting the Inventory Service running in RHEL 6? My Puppet Nodes are getting the following error: > [root@puppetnode-01 ~]# puppetd --debug --verbose --no-daemonize > ... > err: Could not retrieve catalog from remote server: Error 400 on SERVER: > Could not autoload inventory_active_record: uninitialized constant > ActiveRecord > ...

Hi, This is my current patch queue. The patches are independent, AFAIK, so feel free to cherry-pick or reject them independently. The bottom one was needed for a successful build here; the top one contains all the modifications you requested on IRC, and more. Meanwhile I hit one of the four stray TABs in tftpd.c, and decided to get rid of them. Comments welcome. --- Ferenc Wagner (5):

Hello everybody, I write an update version of ssh-copy-id script in order to support sshd non running on standard port 22. So I added another parameter to the script to allow user to specify the daemon port. I've also changed the way the command line parameter are retrieved in order to have a more "robust" way of getting them using getopts. Due to this change host name must be

I was directed to the following site by one of our customers regarding a keyserver built into openssh. There's a patch for 3.4p1 on their site, but the license isn't very clear, nor is it clear if they have approached the openssh team regarding the inclusion of this subsystem into openssh proper. I've been asked to patch Mandrake's openssh with this feature, but I'm

As Eric Blake noted in: https://www.redhat.com/archives/libguestfs/2016-April/msg00154.html libguestfs doesn't correctly handle the case where waitpid receives a SIGCHLD signal and the main program has registered a non-restartable signal handler. In this case waitpid would return -EINTR and we would print an error, but actually we should retry this case. This adds two new internal functions,

building rpm for mandrake 8.1 gives me this error what should i try? checking for two-argument statfs with struct fs_data (Ultrix)... no checking if large file support can be enabled... yes checking whether to support ACLs... no checking whether to build winbind... yes checking for poptGetContext in -lpopt... no checking whether to use included popt... ./popt checking configure summary configure:

Hi all, I was trying to rebuild mtr (http://vault.centos.org/6.7/os/Source/SPackages/mtr-0.75-5.el6.src.rpm) and I keep getting: ==== Executing(%install): /bin/sh -e /var/tmp/rpm-tmp.gu9Ds0 + umask 022 + cd /root/rpmbuild/BUILD + '[' /root/rpmbuild/BUILDROOT/mtr-0.75-5.el6.x86_64 '!=' / ']' + rm -rf /root/rpmbuild/BUILDROOT/mtr-0.75-5.el6.x86_64 ++ dirname

=================================================================== "Birthdays are nature's way of telling us to eat more cake." Source Unknown ================================================================== Release Announcements ===================== This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.11 include: o Fix access to

=================================================================== "Birthdays are nature's way of telling us to eat more cake." Source Unknown ================================================================== Release Announcements ===================== This is the latest stable release of Samba 3.5. Major enhancements in Samba 3.5.11 include: o Fix access to

I need to set the umask for apache to 002. I've tried every idea I've found on the internet, but nothing make a difference. Most suggest that I put "umask 002" in /etc/sysconfig/httpd, but that doesn't seem to make a difference. Other's suggest adding something to the httpd.service script for systemd. And that doesn't make any difference. Any suggestion from

> On 7/19/20 10:41 PM, Simon Matter via CentOS wrote: >>> On 7/13/20 6:40 PM, Emmett Culley via CentOS wrote: >>>> I need to set the umask for apache to 002.? I've tried every idea I've >>>> found on the internet, but nothing make a difference.? Most suggest >>>> that >>>> I put "umask 002" in /etc/sysconfig/httpd, but

> On 7/13/20 6:40 PM, Emmett Culley via CentOS wrote: >> I need to set the umask for apache to 002.? I've tried every idea I've >> found on the internet, but nothing make a difference.? Most suggest that >> I put "umask 002" in /etc/sysconfig/httpd, but that doesn't seem to make >> a difference.? Other's suggest adding something to the