summaryrefslogtreecommitdiffstats
path: root/debian/patches
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-17 17:01:42 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-17 17:01:42 +0000
commit647ff1f9aea86fe3247ff5e240f46c4fe5d5bba6 (patch)
tree09588aac41224bcae08582607d2e195ef400aa5e /debian/patches
parentReleasing progress-linux version 1:9.7p1-4~progress7.99u1. (diff)
downloadopenssh-647ff1f9aea86fe3247ff5e240f46c4fe5d5bba6.tar.xz
openssh-647ff1f9aea86fe3247ff5e240f46c4fe5d5bba6.zip
Merging debian version 1:9.7p1-5.
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/pam-avoid-unknown-host.patch34
-rw-r--r--debian/patches/series1
2 files changed, 35 insertions, 0 deletions
diff --git a/debian/patches/pam-avoid-unknown-host.patch b/debian/patches/pam-avoid-unknown-host.patch
new file mode 100644
index 0000000..2887ee4
--- /dev/null
+++ b/debian/patches/pam-avoid-unknown-host.patch
@@ -0,0 +1,34 @@
+From d4ae5b68870bf65747084f4ed3060bb13c586c9e Mon Sep 17 00:00:00 2001
+From: Daan De Meyer <daan.j.demeyer@gmail.com>
+Date: Mon, 20 Mar 2023 20:22:14 +0100
+Subject: Only set PAM_RHOST if the remote host is not "UNKNOWN"
+
+When using sshd's -i option with stdio that is not a AF_INET/AF_INET6
+socket, auth_get_canonical_hostname() returns "UNKNOWN" which is then
+set as the value of PAM_RHOST, causing pam to try to do a reverse DNS
+query of "UNKNOWN", which times out multiple times, causing a
+substantial slowdown when logging in.
+
+To fix this, let's only set PAM_RHOST if the hostname is not "UNKNOWN".
+
+Author: Daan De Meyer <daan.j.demeyer@gmail.com>
+Last-Update: 2024-04-03
+
+Patch-Name: pam-avoid-unknown-host.patch
+---
+ auth-pam.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/auth-pam.c b/auth-pam.c
+index b49d415e7..81de88bba 100644
+--- a/auth-pam.c
++++ b/auth-pam.c
+@@ -735,7 +735,7 @@ sshpam_init(struct ssh *ssh, Authctxt *authctxt)
+ sshpam_laddr = get_local_ipaddr(
+ ssh_packet_get_connection_in(ssh));
+ }
+- if (sshpam_rhost != NULL) {
++ if (sshpam_rhost != NULL && strcmp(sshpam_rhost, "UNKNOWN") != 0) {
+ debug("PAM: setting PAM_RHOST to \"%s\"", sshpam_rhost);
+ sshpam_err = pam_set_item(sshpam_handle, PAM_RHOST,
+ sshpam_rhost);
diff --git a/debian/patches/series b/debian/patches/series
index 311759a..48c673a 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -28,6 +28,7 @@ skip-utimensat-test-on-zfs.patch
zero-call-used-regs-m68k.patch
regress-conch-dev-zero.patch
configure-cache-vars.patch
+pam-avoid-unknown-host.patch
progress-linux/0001-ssh-keygen-default-rsa-size.patch
progress-linux/0002-ssh-keygen-default-ecdsa-size.patch
progress-linux/0003-ssh_config-update.patch