Hello community, here is the log from the commit of package lftp for openSUSE:Factory checked in at 2019-03-20 13:20:19 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lftp (Old) and /work/SRC/openSUSE:Factory/.lftp.new.28833 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lftp" Wed Mar 20 13:20:19 2019 rev:74 rq:686409 version:4.8.4 Changes: -------- --- /work/SRC/openSUSE:Factory/lftp/lftp.changes 2019-02-28 21:44:33.137495662 +0100 +++ /work/SRC/openSUSE:Factory/.lftp.new.28833/lftp.changes 2019-03-20 13:20:23.321327859 +0100 @@ -1,0 +2,8 @@ +Tue Mar 19 12:18:35 UTC 2019 - Peter Simons <psim...@suse.com> + +- Refresh "relax-ssh-password-prompt-recognition.patch" to the + solution upstream chose in commit 0bcd1d2d6bfb9d53. The previous + patch assumed incorrectly that the underlying buffer would always + contain a NUL-terminated string. [bsc#1120946] + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ relax-ssh-password-prompt-recognition.patch ++++++ --- /var/tmp/diff_new_pack.D2UTmx/_old 2019-03-20 13:20:24.237327636 +0100 +++ /var/tmp/diff_new_pack.D2UTmx/_new 2019-03-20 13:20:24.237327636 +0100 @@ -1,26 +1,66 @@ -diff -Naur lftp-4.7.4/src/SSH_Access.cc lftp-4.7.4.new/src/SSH_Access.cc ---- lftp-4.7.4/src/SSH_Access.cc 2016-09-08 14:38:15.000000000 +0200 -+++ lftp-4.7.4.new/src/SSH_Access.cc 2019-01-07 15:32:39.151156788 +0100 -@@ -44,6 +44,11 @@ +From 0bcd1d2d6bfb9d5397c34433ddb62a9b92eba27b Mon Sep 17 00:00:00 2001 +From: Peter Simons <psim...@suse.com> +Date: Wed, 27 Feb 2019 10:09:27 +0100 +Subject: [PATCH] SSH_Access: be more liberal about recognizing password + prompts + +A SUSE customer reported an issue where the use of a 3rd party +PAM module in stack changed the password prompt to: + + UNIXADS password for username: + +Unfortunately, the ssh parsing code in lftp does not recognize +this as a password prompt, which means that the login process +gets stuck. + +We have found that accepting all strings that contain the phrase +"password" and end in a colon works very well and it also covers +this particular case. +--- + src/SSH_Access.cc | 19 ++++++++++++++++--- + 1 file changed, 16 insertions(+), 3 deletions(-) + +Index: lftp-4.8.4/src/SSH_Access.cc +=================================================================== +--- lftp-4.8.4.orig/src/SSH_Access.cc 2019-03-19 12:26:52.246752720 +0000 ++++ lftp-4.8.4/src/SSH_Access.cc 2019-03-19 12:27:10.578919458 +0000 +@@ -20,6 +20,9 @@ + #include <config.h> + #include "SSH_Access.h" + #include "misc.h" ++#include <algorithm> ++#include <cctype> ++#include <string> + + void SSH_Access::MakePtyBuffers() + { +@@ -44,6 +47,18 @@ static bool begins_with(const char *b,co return (e-b>=len && !strncasecmp(b,suffix,len)); } -+static bool contains(const char *b, const char *e) ++static bool contains(char const * begin, char const * end, std::string const & needle) +{ -+ return (1 && strcasestr(b,e)); ++ struct nocase_eq ++ { ++ inline bool operator() (char lhs, char rhs) const ++ { ++ return std::tolower(lhs) == std::tolower(rhs); ++ }; ++ }; ++ return std::search(begin, end, needle.begin(), needle.end(), nocase_eq()) != end; +} + int SSH_Access::HandleSSHMessage() { int m=STALL; -@@ -55,9 +60,7 @@ +@@ -55,9 +70,7 @@ int SSH_Access::HandleSSHMessage() { if(s>0 && b[s-1]==' ') s--; - if(ends_with(b,b+s,"password:") - || (ends_with(b,b+s,"':") && s>10) - || (begins_with(b,b+s,"password for ") && b[s-1]==':')) -+ if(contains(b,"password") && b[s-1]==':') ++ if((contains(b,b+s,"password") && b[s-1]==':')) { if(!pass) {