hlrs-software-stack/spack
7
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

openssh: don't suid-install ssh-keysign (not used by default) (#31083)

Browse source
This commit is contained in:
Bernhard Kaindl 2022-06-17 20:09:52 +02:00 committed by GitHub
parent eed4a63be7
commit aedf215b90
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
var/spack/repos/builtin/packages/openssh/package.py Normal file → Executable file
View file

@ -65,6 +65,10 @@ def determine_version(cls, exe):
match = re.search(r'OpenSSH_([^, ]+)', output)
return match.group(1) if match else None
def patch(self):
# #29938: skip set-suid (also see man ssh-key-sign: it's not enabled by default)
filter_file(r'\$\(INSTALL\) -m 4711', '$(INSTALL) -m711', 'Makefile.in')
def configure_args(self):
# OpenSSH's privilege separation path defaults to /var/empty. At
# least newer versions want to create the directory during the