Ubuntu
openssh package

Merge ~enr0n/ubuntu/+source/openssh:lp2011458-follow-up-kinetic into ubuntu/+source/openssh:ubuntu/kinetic-devel

  1. Git
  2. lp:~enr0n/ubuntu/+source/openssh
  3. lp2011458-follow-up-kinetic
  4. Merge into ubuntu/kinetic-devel
Proposed by Nick Rosbrook
Status: Merged
Merged at revision: 795c51ef1076bab486aacf17030303e694035089
Proposed branch: ~enr0n/ubuntu/+source/openssh:lp2011458-follow-up-kinetic
Merge into: ubuntu/+source/openssh:ubuntu/kinetic-devel
Diff against target: 75 lines (+18/-28)
2 files modified
debian/changelog (+7/-0)
debian/patches/systemd-socket-activation.patch (+11/-28)
Reviewer Review Type Date Requested Status
Steve Langasek (community) Approve
git-ubuntu import Pending
Review via email: mp+443901@code.launchpad.net

Description of the change

This is a follow-on adjust to the fix for LP: #2011458 so that we do not introduce LP: #2020474 into Kinetic.

To post a comment you must log in.
Revision history for this message
Steve Langasek (vorlon) wrote :

Uploaded to kinetic-proposed.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/debian/changelog b/debian/changelog
2index e6b838f..3dc6dc8 100644
3--- a/debian/changelog
4+++ b/debian/changelog
5@@ -1,3 +1,10 @@
6+openssh (1:9.0p1-1ubuntu7.3) kinetic; urgency=medium
7+
8+ * debian/patches/systemd-socket-activation.patch: do not leak sockets in
9+ child process. Follow-up fix for LP: #2011458.
10+
11+ -- Nick Rosbrook <nick.rosbrook@canonical.com> Tue, 30 May 2023 16:58:06 -0400
12+
13 openssh (1:9.0p1-1ubuntu7.2) kinetic; urgency=medium
14
15 * debian/patches/systemd-socket-activation.patch: Fix re-execution behavior
16diff --git a/debian/patches/systemd-socket-activation.patch b/debian/patches/systemd-socket-activation.patch
17index f61639b..587b5c4 100644
18--- a/debian/patches/systemd-socket-activation.patch
19+++ b/debian/patches/systemd-socket-activation.patch
20@@ -202,44 +202,27 @@ Last-Update: 2023-04-17
21 startup_pipe = startup_p[1];
22 close_startup_pipes();
23 - close_listen_socks();
24-+ close_listen_socks(/* force = */ 0);
25++ close_listen_socks(/* force = */ 1);
26 *sock_in = *newsock;
27 *sock_out = *newsock;
28 log_init(__progname,
29-@@ -1701,6 +1777,38 @@
30+@@ -1701,6 +1777,21 @@
31 break;
32 }
33 }
34 +
35 +#ifdef HAVE_SYSTEMD
36-+ /* We should call sd_listen_fds() exactly once, and only in the parent
37-+ * process.
38-+ *
39-+ * If the parent calls sd_listen_fds() more than once, then FD_CLOEXEC
40-+ * will be re-configured for the passed fds, which will cause problems
41-+ * during re-execution. The FD_CLOEXEC flag will be cleared by
42-+ * setup_systemd_socket().
43-+ *
44-+ * If the child calls sd_listen_fds(), it will return 0 because it will
45-+ * compare our pid to the LISTEN_PID environment variable, and only
46-+ * return LISTEN_FDS if they match. Thus, when we are a child process,
47-+ * check the LISTEN_FDS ourselves. */
48-+ if (rexeced_flag) {
49-+ const char* s = getenv("LISTEN_FDS");
50-+ if (s && s[0] != '\0') {
51-+ errno = 0;
52-+ r = (int)strtonum(s, 0, MAX_LISTEN_SOCKS, NULL);
53-+ if (errno > 0)
54-+ fatal("Failed to parse LISTEN_FDS: %s", strerror(errno));
55-+ } else
56-+ r = 0;
57-+ } else {
58-+ r = sd_listen_fds(0);
59-+ if (r < 0)
60-+ fatal("Failed to get systemd socket fds: %s", strerror(-r));
61-+ }
62++ /* We should call sd_listen_fds() exactly once. If we call
63++ * sd_listen_fds() more than once, then FD_CLOEXEC will be
64++ * re-configured for the passed fds, which will cause problems during
65++ * re-execution. The FD_CLOEXEC flag will be cleared by
66++ * setup_systemd_socket(). */
67++ r = sd_listen_fds(0);
68++ if (r < 0)
69++ fatal("Failed to get systemd socket fds: %s", strerror(-r));
70 +
71 + systemd_num_listen_fds = r;
72++ rexec_flag = 0;
73 +#endif
74 +
75 if (rexeced_flag || inetd_flag)

Subscribers

People subscribed via source and target branches