OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=18

openssh-5.0p1.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fafd3e0fe129d372340f17906bcdee4150823c2435fe8e85208b23df27ee3d4b
-size 810512

openssh-5.1p1-audit.patch

@@ -1,7 +1,7 @@
 # add support for Linux audit (FATE #120269)
 ================================================================================
---- openssh-4.7p1/Makefile.in
-+++ openssh-4.7p1/Makefile.in
+--- openssh-5.1p1/Makefile.in
++++ openssh-5.1p1/Makefile.in
 @@ -44,6 +44,7 @@
  CFLAGS=@CFLAGS@
  CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
@@ -10,7 +10,7 @@
  SSHDLIBS=@SSHDLIBS@
  LIBEDIT=@LIBEDIT@
  AR=@AR@
-@@ -136,7 +137,7 @@
+@@ -137,7 +138,7 @@
  	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
  
  sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
@@ -19,9 +19,9 @@
  
  scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
  	$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
---- openssh-4.7p1/auth.c
-+++ openssh-4.7p1/auth.c
-@@ -286,6 +286,12 @@
+--- openssh-5.1p1/auth.c
++++ openssh-5.1p1/auth.c
+@@ -287,6 +287,12 @@
  		    get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
  # endif
  #endif
@@ -34,7 +34,7 @@
  #ifdef SSH_AUDIT_EVENTS
  	if (authenticated == 0 && !authctxt->postponed)
  		audit_event(audit_classify_auth(method));
-@@ -492,6 +498,10 @@
+@@ -533,6 +539,10 @@
  		record_failed_login(user,
  		    get_canonical_hostname(options.use_dns), "ssh");
  #endif
@@ -45,9 +45,9 @@
  #ifdef SSH_AUDIT_EVENTS
  		audit_event(SSH_INVALID_USER);
  #endif /* SSH_AUDIT_EVENTS */
---- openssh-4.7p1/config.h.in
-+++ openssh-4.7p1/config.h.in
-@@ -1334,6 +1334,9 @@
+--- openssh-5.1p1/config.h.in
++++ openssh-5.1p1/config.h.in
+@@ -1388,6 +1388,9 @@
  /* Define if you want SELinux support. */
  #undef WITH_SELINUX
  
@@ -57,9 +57,9 @@
  /* Define to 1 if your processor stores words with the most significant byte
     first (like Motorola and SPARC, unlike Intel and VAX). */
  #undef WORDS_BIGENDIAN
---- openssh-4.7p1/configure.ac
-+++ openssh-4.7p1/configure.ac
-@@ -3216,6 +3216,20 @@
+--- openssh-5.1p1/configure.ac
++++ openssh-5.1p1/configure.ac
+@@ -3314,6 +3314,20 @@
  	fi ]
  )
  
@@ -80,7 +80,7 @@
  # Check whether user wants Kerberos 5 support
  KRB5_MSG="no"
  AC_ARG_WITH(kerberos5,
-@@ -4036,6 +4050,7 @@
+@@ -4134,6 +4148,7 @@
  echo "                   OSF SIA support: $SIA_MSG"
  echo "                 KerberosV support: $KRB5_MSG"
  echo "                   SELinux support: $SELINUX_MSG"
@@ -88,8 +88,8 @@
  echo "                 Smartcard support: $SCARD_MSG"
  echo "                     S/KEY support: $SKEY_MSG"
  echo "              TCP Wrappers support: $TCPW_MSG"
---- openssh-4.7p1/loginrec.c
-+++ openssh-4.7p1/loginrec.c
+--- openssh-5.1p1/loginrec.c
++++ openssh-5.1p1/loginrec.c
 @@ -176,6 +176,10 @@
  #include "auth.h"
  #include "buffer.h"
@@ -174,8 +174,8 @@
  /**
   ** Low-level libutil login() functions
   **/
---- openssh-4.7p1/loginrec.h
-+++ openssh-4.7p1/loginrec.h
+--- openssh-5.1p1/loginrec.h
++++ openssh-5.1p1/loginrec.h
 @@ -127,5 +127,9 @@
  char *line_abbrevname(char *dst, const char *src, int dstsize);
  

openssh-5.1p1-blocksigalrm.diff

@@ -8,7 +8,7 @@
  
  static LogLevel log_level = SYSLOG_LEVEL_INFO;
  static int log_on_stderr = 1;
-@@ -314,6 +315,7 @@
+@@ -336,6 +337,7 @@
  	char fmtbuf[MSGBUFSIZ];
  	char *txt = NULL;
  	int pri = LOG_INFO;
@@ -16,7 +16,7 @@
  	int saved_errno = errno;
  
  	if (level > log_level)
-@@ -365,6 +367,14 @@
+@@ -387,6 +389,14 @@
  		snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
  		write(STDERR_FILENO, msgbuf, strlen(msgbuf));
  	} else {
@@ -31,7 +31,7 @@
  #if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
  		openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata);
  		syslog_r(pri, &sdata, "%.500s", fmtbuf);
-@@ -374,6 +384,7 @@
+@@ -396,6 +406,7 @@
  		syslog(pri, "%.500s", fmtbuf);
  		closelog();
  #endif

openssh-5.1p1-eal3.diff

@@ -1,6 +1,6 @@
---- openssh-4.6p1/sshd.8
-+++ openssh-4.6p1/sshd.8
-@@ -739,7 +739,7 @@
+--- openssh-5.1p1/sshd.8
++++ openssh-5.1p1/sshd.8
+@@ -785,7 +785,7 @@
  The file format is described in
  .Xr moduli 5 .
  .Pp
@@ -9,7 +9,7 @@
  See
  .Xr motd 5 .
  .Pp
-@@ -752,7 +752,7 @@
+@@ -798,7 +798,7 @@
  refused.
  The file should be world-readable.
  .Pp
@@ -18,8 +18,8 @@
  This file is used in exactly the same way as
  .Pa hosts.equiv ,
  but allows host-based authentication without permitting login with
-@@ -828,8 +828,7 @@
- .Xr ssh-keygen 1 ,
+@@ -875,8 +875,7 @@
+ .Xr ssh-keyscan 1 ,
  .Xr chroot 2 ,
  .Xr hosts_access 5 ,
 -.Xr login.conf 5 ,
@@ -28,9 +28,9 @@
  .Xr sshd_config 5 ,
  .Xr inetd 8 ,
  .Xr sftp-server 8
---- openssh-4.6p1/sshd_config.5
-+++ openssh-4.6p1/sshd_config.5
-@@ -167,9 +167,6 @@
+--- openssh-5.1p1/sshd_config.5
++++ openssh-5.1p1/sshd_config.5
+@@ -177,9 +177,6 @@
  By default, no banner is displayed.
  .It Cm ChallengeResponseAuthentication
  Specifies whether challenge-response authentication is allowed.
@@ -39,8 +39,8 @@
 -are supported.
  The default is
  .Dq yes .
- .It Cm Ciphers
-@@ -382,7 +379,7 @@
+ .It Cm ChrootDirectory
+@@ -438,7 +435,7 @@
  .Pp
  .Pa /etc/hosts.equiv
  and

openssh-5.1p1-engines.diff

@@ -1,5 +1,5 @@
---- openssh-4.9p1/ssh-add.c
-+++ openssh-4.9p1/ssh-add.c
+--- openssh-5.1p1/ssh-add.c
++++ openssh-5.1p1/ssh-add.c
 @@ -43,6 +43,7 @@
  
  #include <openssl/evp.h>
@@ -19,8 +19,8 @@
  	/* At first, get a connection to the authentication agent. */
  	ac = ssh_get_authentication_connection();
  	if (ac == NULL) {
---- openssh-4.9p1/ssh-agent.c
-+++ openssh-4.9p1/ssh-agent.c
+--- openssh-5.1p1/ssh-agent.c
++++ openssh-5.1p1/ssh-agent.c
 @@ -52,6 +52,7 @@
  #include <openssl/evp.h>
  #include <openssl/md5.h>
@@ -29,7 +29,7 @@
  
  #include <errno.h>
  #include <fcntl.h>
-@@ -1063,6 +1064,10 @@
+@@ -1076,6 +1077,10 @@
  
  	SSLeay_add_all_algorithms();
  
@@ -40,8 +40,8 @@
  	__progname = ssh_get_progname(av[0]);
  	init_rng();
  	seed_rng();
---- openssh-4.9p1/ssh-keygen.c
-+++ openssh-4.9p1/ssh-keygen.c
+--- openssh-5.1p1/ssh-keygen.c
++++ openssh-5.1p1/ssh-keygen.c
 @@ -22,6 +22,7 @@
  #include <openssl/evp.h>
  #include <openssl/pem.h>
@@ -50,7 +50,7 @@
  
  #include <errno.h>
  #include <fcntl.h>
-@@ -1072,6 +1073,11 @@
+@@ -1099,6 +1100,11 @@
  	__progname = ssh_get_progname(argv[0]);
  
  	SSLeay_add_all_algorithms();
@@ -62,8 +62,8 @@
  	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
  
  	init_rng();
---- openssh-4.9p1/ssh-keysign.c
-+++ openssh-4.9p1/ssh-keysign.c
+--- openssh-5.1p1/ssh-keysign.c
++++ openssh-5.1p1/ssh-keysign.c
 @@ -38,6 +38,7 @@
  #include <openssl/evp.h>
  #include <openssl/rand.h>
@@ -84,17 +84,17 @@
  	for (i = 0; i < 256; i++)
  		rnd[i] = arc4random();
  	RAND_seed(rnd, sizeof(rnd));
---- openssh-4.9p1/ssh.c
-+++ openssh-4.9p1/ssh.c
+--- openssh-5.1p1/ssh.c
++++ openssh-5.1p1/ssh.c
 @@ -73,6 +73,7 @@
- #include <openssl/evp.h>
  #include <openssl/err.h>
  #include "openbsd-compat/openssl-compat.h"
+ #include "openbsd-compat/sys-queue.h"
 +#include <openssl/engine.h>
  
  #include "xmalloc.h"
  #include "ssh.h"
-@@ -561,6 +562,10 @@
+@@ -562,6 +563,10 @@
  	SSLeay_add_all_algorithms();
  	ERR_load_crypto_strings();
  
@@ -105,9 +105,9 @@
  	/* Initialize the command to execute on remote host. */
  	buffer_init(&command);
  
---- openssh-4.9p1/sshd.c
-+++ openssh-4.9p1/sshd.c
-@@ -76,6 +76,7 @@
+--- openssh-5.1p1/sshd.c
++++ openssh-5.1p1/sshd.c
+@@ -77,6 +77,7 @@
  #include <openssl/md5.h>
  #include <openssl/rand.h>
  #include "openbsd-compat/openssl-compat.h"
@@ -115,7 +115,7 @@
  
  #ifdef HAVE_SECUREWARE
  #include <sys/security.h>
-@@ -1465,6 +1466,10 @@
+@@ -1416,6 +1417,10 @@
  
  	SSLeay_add_all_algorithms();
  

openssh-5.1p1-gssapimitm.patch

@@ -46,7 +46,7 @@ Index: auth2-gss.c
  #endif /* GSSAPI */
 --- auth2.c
 +++ auth2.c
-@@ -65,6 +65,7 @@
+@@ -70,6 +70,7 @@
  extern Authmethod method_hostbased;
  #ifdef GSSAPI
  extern Authmethod method_gssapi;
@@ -54,7 +54,7 @@ Index: auth2-gss.c
  #endif
  
  Authmethod *authmethods[] = {
-@@ -72,6 +73,7 @@
+@@ -77,6 +78,7 @@
  	&method_pubkey,
  #ifdef GSSAPI
  	&method_gssapi,
@@ -73,7 +73,7 @@ Index: auth2-gss.c
  	oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
  	oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
  	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
-@@ -164,9 +164,11 @@
+@@ -165,9 +165,11 @@
  #if defined(GSSAPI)
  	{ "gssapiauthentication", oGssAuthentication },
  	{ "gssapidelegatecredentials", oGssDelegateCreds },
@@ -85,7 +85,7 @@ Index: auth2-gss.c
  #endif
  	{ "fallbacktorsh", oDeprecated },
  	{ "usersh", oDeprecated },
-@@ -445,6 +447,10 @@
+@@ -447,6 +449,10 @@
  	case oGssDelegateCreds:
  		intptr = &options->gss_deleg_creds;
  		goto parse_flag;
@@ -96,7 +96,7 @@ Index: auth2-gss.c
  
  	case oBatchMode:
  		intptr = &options->batch_mode;
-@@ -1011,6 +1017,7 @@
+@@ -1017,6 +1023,7 @@
  	options->challenge_response_authentication = -1;
  	options->gss_authentication = -1;
  	options->gss_deleg_creds = -1;
@@ -104,7 +104,7 @@ Index: auth2-gss.c
  	options->password_authentication = -1;
  	options->kbd_interactive_authentication = -1;
  	options->kbd_interactive_devices = NULL;
-@@ -1101,6 +1108,8 @@
+@@ -1108,6 +1115,8 @@
  		options->gss_authentication = 0;
  	if (options->gss_deleg_creds == -1)
  		options->gss_deleg_creds = 0;
@@ -125,7 +125,7 @@ Index: auth2-gss.c
  	int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 --- servconf.c
 +++ servconf.c
-@@ -91,6 +91,7 @@
+@@ -93,6 +93,7 @@
  	options->kerberos_get_afs_token = -1;
  	options->gss_authentication=-1;
  	options->gss_cleanup_creds = -1;
@@ -133,7 +133,7 @@ Index: auth2-gss.c
  	options->password_authentication = -1;
  	options->kbd_interactive_authentication = -1;
  	options->challenge_response_authentication = -1;
-@@ -207,6 +208,8 @@
+@@ -211,6 +212,8 @@
  		options->gss_authentication = 0;
  	if (options->gss_cleanup_creds == -1)
  		options->gss_cleanup_creds = 1;
@@ -142,16 +142,16 @@ Index: auth2-gss.c
  	if (options->password_authentication == -1)
  		options->password_authentication = 1;
  	if (options->kbd_interactive_authentication == -1)
-@@ -291,7 +294,7 @@
+@@ -299,7 +302,7 @@
  	sBanner, sUseDNS, sHostbasedAuthentication,
  	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
  	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
 -	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
 +	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM,
  	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
- 	sUsePrivilegeSeparation,
+ 	sUsePrivilegeSeparation, sAllowAgentForwarding,
  	sDeprecated, sUnsupported
-@@ -352,9 +355,11 @@
+@@ -360,9 +363,11 @@
  #ifdef GSSAPI
  	{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
  	{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -163,7 +163,7 @@ Index: auth2-gss.c
  #endif
  	{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
  	{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
-@@ -878,6 +883,10 @@
+@@ -885,6 +890,10 @@
  	case sGssCleanupCreds:
  		intptr = &options->gss_cleanup_creds;
  		goto parse_flag;
@@ -176,7 +176,7 @@ Index: auth2-gss.c
  		intptr = &options->password_authentication;
 --- servconf.h
 +++ servconf.h
-@@ -91,6 +91,7 @@
+@@ -92,6 +92,7 @@
  						 * authenticated with Kerberos. */
  	int     gss_authentication;	/* If true, permit GSSAPI authentication */
  	int     gss_cleanup_creds;	/* If true, destroy cred cache on logout */
@@ -202,7 +202,7 @@ Index: auth2-gss.c
 +>>>>>>>
 --- sshconnect2.c
 +++ sshconnect2.c
-@@ -243,6 +243,10 @@
+@@ -246,6 +246,10 @@
  		userauth_gssapi,
  		&options.gss_authentication,
  		NULL},
@@ -213,7 +213,7 @@ Index: auth2-gss.c
  #endif
  	{"hostbased",
  		userauth_hostbased,
-@@ -577,7 +581,9 @@
+@@ -587,7 +591,9 @@
  
  	if (status == GSS_S_COMPLETE) {
  		/* send either complete or MIC, depending on mechanism */
@@ -226,7 +226,7 @@ Index: auth2-gss.c
  		} else {
 --- sshd_config
 +++ sshd_config
-@@ -73,6 +73,13 @@
+@@ -74,6 +74,13 @@
  #GSSAPIAuthentication no
  #GSSAPICleanupCredentials yes
  

openssh-5.1p1-pam-fix2.diff

@@ -1,6 +1,6 @@
 --- sshd_config
 +++ sshd_config
-@@ -53,7 +53,7 @@
+@@ -58,7 +58,7 @@
  #IgnoreRhosts yes
  
  # To disable tunneled clear text passwords, change to no here!
@@ -9,12 +9,12 @@
  #PermitEmptyPasswords no
  
  # Change to no to disable s/key passwords
-@@ -78,7 +78,7 @@
+@@ -83,7 +83,7 @@
  # If you just want the PAM account and session checks to run without
  # PAM authentication, then enable this but set PasswordAuthentication
  # and ChallengeResponseAuthentication to 'no'.
 -#UsePAM no
 +UsePAM yes
  
+ #AllowAgentForwarding yes
  #AllowTcpForwarding yes
- #GatewayPorts no

openssh-5.1p1-pam-fix3.diff

@@ -1,6 +1,6 @@
 --- auth-pam.c
 +++ auth-pam.c
-@@ -785,7 +785,9 @@
+@@ -786,7 +786,9 @@
  					fatal("Internal error: PAM auth "
  					    "succeeded when it should have "
  					    "failed");

openssh-5.1p1-pts.diff

@@ -1,6 +1,6 @@
 --- loginrec.c
-+++ loginrec.c	2008-04-18 17:58:59.585065028 +0200
-@@ -549,7 +549,7 @@ getlast_entry(struct logininfo *li)
++++ loginrec.c
+@@ -549,7 +549,7 @@
   * 1. The full filename (including '/dev')
   * 2. The stripped name (excluding '/dev')
   * 3. The abbreviated name (e.g. /dev/ttyp00 -> yp00
@@ -9,7 +9,7 @@
   *
   * Form 3 is used on some systems to identify a .tmp.? entry when
   * attempting to remove it. Typically both addition and removal is
-@@ -610,6 +610,10 @@ line_abbrevname(char *dst, const char *s
+@@ -610,6 +610,10 @@
  	if (strncmp(src, "tty", 3) == 0)
  		src += 3;
  #endif

openssh-5.1p1-saveargv-fix.diff

@@ -1,6 +1,6 @@
 --- sshd.c
 +++ sshd.c
-@@ -358,6 +358,7 @@
+@@ -305,6 +305,7 @@
  static void
  sighup_restart(void)
  {
@@ -8,7 +8,7 @@
  	logit("Received SIGHUP; restarting.");
  	close_listen_socks();
  	close_startup_pipes();
-@@ -1318,7 +1319,11 @@
+@@ -1270,7 +1271,11 @@
  #ifndef HAVE_SETPROCTITLE
  	/* Prepare for later setproctitle emulation */
  	compat_init_setproctitle(ac, av);

openssh-5.1p1-send_locale.diff

@@ -1,6 +1,6 @@
 --- ssh_config
 +++ ssh_config
-@@ -62,4 +62,7 @@
+@@ -63,4 +63,7 @@
  # potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
  #   GSSAPIEnableMITMAttack no
  
@@ -11,7 +11,7 @@
 +SendEnv LC_IDENTIFICATION LC_ALL
 --- sshd_config
 +++ sshd_config
-@@ -112,6 +112,11 @@
+@@ -119,6 +119,11 @@
  # override default of no subsystems
  Subsystem	sftp	/usr/libexec/sftp-server
  

openssh-5.1p1-tmpdir.diff

@@ -1,6 +1,6 @@
 --- ssh-agent.c
 +++ ssh-agent.c
-@@ -1126,8 +1126,18 @@
+@@ -1159,8 +1159,18 @@
  	parent_pid = getpid();
  
  	if (agentsocket == NULL) {

openssh-5.1p1-xauth.diff

@@ -1,6 +1,6 @@
 --- session.c
 +++ session.c
-@@ -2250,8 +2250,41 @@
+@@ -2487,8 +2487,41 @@
  session_close(Session *s)
  {
  	u_int i;

openssh-5.1p1-xauthlocalhostname.diff

@@ -1,6 +1,6 @@
 --- session.c
 +++ session.c
-@@ -997,7 +997,7 @@
+@@ -1104,7 +1104,7 @@
  }
  
  static char **
@@ -9,7 +9,7 @@
  {
  	char buf[256];
  	u_int i, envsize;
-@@ -1184,6 +1184,8 @@
+@@ -1291,6 +1291,8 @@
  		for (i = 0; env[i]; i++)
  			fprintf(stderr, "  %.200s\n", env[i]);
  	}
@@ -18,7 +18,7 @@
  	return env;
  }
  
-@@ -1192,7 +1194,7 @@
+@@ -1299,7 +1301,7 @@
   * first in this order).
   */
  static void
@@ -27,7 +27,7 @@
  {
  	FILE *f = NULL;
  	char cmd[1024];
-@@ -1246,12 +1248,20 @@
+@@ -1353,12 +1355,20 @@
  		    options.xauth_location);
  		f = popen(cmd, "w");
  		if (f) {
@@ -48,7 +48,7 @@
  		} else {
  			fprintf(stderr, "Could not run %s\n",
  			    cmd);
-@@ -1537,6 +1547,7 @@
+@@ -1644,6 +1654,7 @@
  {
  	extern char **environ;
  	char **env;
@@ -56,7 +56,7 @@
  	char *argv[ARGV_MAX];
  	const char *shell, *shell0, *hostname = NULL;
  	struct passwd *pw = s->pw;
-@@ -1602,7 +1613,7 @@
+@@ -1710,7 +1721,7 @@
  	 * Make sure $SHELL points to the shell from the password file,
  	 * even if shell is overridden from login.conf
  	 */
@@ -65,7 +65,7 @@
  
  #ifdef HAVE_LOGIN_CAP
  	shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
-@@ -1666,7 +1677,7 @@
+@@ -1778,7 +1789,7 @@
  	closefrom(STDERR_FILENO + 1);
  
  	if (!options.use_login)

openssh-5.1p1.dif

@@ -24,8 +24,8 @@
  #   PasswordAuthentication yes
 --- sshd_config
 +++ sshd_config
-@@ -82,7 +82,7 @@
- 
+@@ -88,7 +88,7 @@
+ #AllowAgentForwarding yes
  #AllowTcpForwarding yes
  #GatewayPorts no
 -#X11Forwarding no
@@ -35,7 +35,7 @@
  #PrintMotd yes
 --- sshlogin.c
 +++ sshlogin.c
-@@ -126,6 +126,7 @@
+@@ -125,6 +125,7 @@
  
  	li = login_alloc_entry(pid, user, host, tty);
  	login_set_addr(li, addr, addrlen);

openssh-5.1p1.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bbe533aa4d2d083011035e3b63e558eaf8db83f7b062410a2035aeb822904472
+size 835720

openssh-askpass-gnome.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package openssh-askpass-gnome (Version 5.0p1)
+# spec file for package openssh-askpass-gnome (Version 5.1p1)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -15,8 +15,8 @@ Name:           openssh-askpass-gnome
 BuildRequires:  gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
 License:        BSD 3-Clause
 Group:          Productivity/Networking/SSH
-Version:        5.0p1
-Release:        5
+Version:        5.1p1
+Release:        1
 Requires:       openssh = %{version} openssh-askpass = %{version}
 AutoReqProv:    on
 Summary:        A GNOME-Based Passphrase Dialog for OpenSSH
@@ -31,7 +31,6 @@ Patch21:        %{_name}-%{version}-gssapimitm.patch
 Patch26:        %{_name}-%{version}-eal3.diff
 Patch27:        %{_name}-%{version}-engines.diff
 Patch28:        %{_name}-%{version}-blocksigalrm.diff
-Patch42:        %{_name}-gssapi_krb5-fix.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description
@@ -74,7 +73,6 @@ Authors:
 %patch26 -p1
 %patch27 -p1
 %patch28
-%patch42
 
 %build
 %{?suse_update_config:%{suse_update_config}}

openssh-gssapi_krb5-fix.patch

@@ -1,18 +0,0 @@
---- configure.ac
-+++ configure.ac
-@@ -3283,7 +3283,14 @@
- 				  K5LIBS="-lgssapi $K5LIBS" ],
- 				[ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context,
- 					[ AC_DEFINE(GSSAPI)
--					  K5LIBS="-lgssapi_krb5 $K5LIBS" ],
-+					  K5LIBS="-lgssapi_krb5 $K5LIBS" ]
-+					  AC_CHECK_LIB(gssapi_krb5, gss_krb5_copy_ccache, [
-+		                                K5LIBS="-lgssapi_krb5 $K5LIBS"
-+                		          ], [
-+                                		AC_MSG_WARN([Cannot find -lgssapi_krb5 with gss_krb5_copy_ccache()])
-+                            		  ],
-+                                	$K5LIBS
-+                                ),
- 					AC_MSG_WARN([Cannot find any suitable gss-api library - build may fail]),
- 					$K5LIBS)
- 				],

openssh.changes

@@ -1,3 +1,87 @@
+-------------------------------------------------------------------
+Tue Jul 22 20:39:29 CEST 2008 - anicka@suse.cz
+
+- update to 5.1p1
+ * sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly
+   other platforms) when X11UseLocalhost=no
+ * Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1)
+   and ssh-keygen(1). Visual fingerprinnt display is controlled by a new
+   ssh_config(5) option "VisualHostKey".
+ * sshd_config(5) now supports CIDR address/masklen matching in "Match
+   address" blocks, with a fallback to classic wildcard matching.
+ * sshd(8) now supports CIDR matching in ~/.ssh/authorized_keys
+   from="..." restrictions, also with a fallback to classic wildcard
+   matching.
+ * Added an extended test mode (-T) to sshd(8) to request that it write
+   its effective configuration to stdout and exit. Extended test mode
+   also supports the specification of connection parameters (username,
+   source address and hostname) to test the application of
+   sshd_config(5) Match rules. 
+ * ssh(1) now prints the number of bytes transferred and the overall
+   connection throughput for SSH protocol 2 sessions when in verbose
+   mode (previously these statistics were displayed for protocol 1
+   connections only).
+ * sftp-server(8) now supports extension methods statvfs@openssh.com and
+   fstatvfs@openssh.com that implement statvfs(2)-like operations.
+ * sftp(1) now has a "df" command to the sftp client that uses the
+   statvfs@openssh.com to produce a df(1)-like display of filesystem
+   space and inode utilisation (requires statvfs@openssh.com support on
+   the server)
+ * Added a MaxSessions option to sshd_config(5) to allow control of the
+   number of multiplexed sessions supported over a single TCP connection.
+   This allows increasing the number of allowed sessions above the
+   previous default of 10, disabling connection multiplexing 
+   (MaxSessions=1) or disallowing login/shell/subsystem sessions
+   entirely (MaxSessions=0).
+ * Added a no-more-sessions@openssh.com global request extension that is
+   sent from ssh(1) to sshd(8) when the client knows that it will never
+   request another session (i.e. when session multiplexing is disabled). 
+   This allows a server to disallow further session requests and
+   terminate the session in cases where the client has been hijacked.
+ * ssh-keygen(1) now supports the use of the -l option in combination
+   with -F to search for a host in ~/.ssh/known_hosts and display its 
+   fingerprint.
+ * ssh-keyscan(1) now defaults to "rsa" (protocol 2) keys, instead of
+   "rsa1".
+ * Added an AllowAgentForwarding option to sshd_config(8) to control
+   whether authentication agent forwarding is permitted. Note that this
+   is a loose control, as a client may install their own unofficial
+   forwarder.
+ * ssh(1) and sshd(8): avoid unnecessary malloc/copy/free when receiving
+   network data, resulting in a ~10% speedup
+ * ssh(1) and sshd(8) will now try additional addresses when connecting
+   to a port forward destination whose DNS name resolves to more than
+   one address. The previous behaviour was to try the only first address
+   and give up if that failed. (bz#383)
+ * ssh(1) and sshd(8) now support signalling that channels are
+   half-closed for writing, through a channel protocol extension
+   notification "eow@openssh.com". This allows propagation of closed
+   file descriptors, so that commands such as:
+       "ssh -2 localhost od /bin/ls | true"
+   do not send unnecessary data over the wire. (bz#85)
+ * sshd(8): increased the default size of ssh protocol 1 ephemeral keys 
+   from 768 to 1024 bits.
+ * When ssh(1) has been requested to fork after authentication
+   ("ssh -f") with ExitOnForwardFailure enabled, delay the fork until
+   after replies for any -R forwards have been seen. Allows for robust
+   detection of -R forward failure when using -f. (bz#92)
+ * "Match group" blocks in sshd_config(5) now support negation of
+   groups. E.g. "Match group staff,!guests" (bz#1315)
+ * sftp(1) and sftp-server(8) now allow chmod-like operations to set 
+   set[ug]id/sticky bits. (bz#1310)
+ * The MaxAuthTries option is now permitted in sshd_config(5) match
+   blocks.
+ * Multiplexed ssh(1) sessions now support a subset of the ~ escapes
+   that are available to a primary connection. (bz#1331)
+ * ssh(1) connection multiplexing will now fall back to creating a new
+   connection in most error cases. (bz#1439 bz#1329)
+ * Added some basic interoperability tests against Twisted Conch.
+ * Documented OpenSSH's extensions to and deviations from the published
+   SSH protocols (the PROTOCOL file in the distribution)
+ * Documented OpenSSH's ssh-agent protocol (PROTOCOL.agent).
+ * bugfixes
+- remove gssapi_krb5-fix patch
+
 -------------------------------------------------------------------
 Fri Apr 18 17:53:30 CEST 2008 - werner@suse.de
 

openssh.spec

@@ -1,5 +1,5 @@
 #
-# spec file for package openssh (Version 5.0p1)
+# spec file for package openssh (Version 5.1p1)
 #
 # Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
@@ -29,8 +29,8 @@ Requires:       /bin/netstat
 PreReq:         /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq  %fillup_prereq /bin/mkdir /bin/cat permissions
 Conflicts:      nonfreessh
 AutoReqProv:    on
-Version:        5.0p1
-Release:        4
+Version:        5.1p1
+Release:        1
 %define xversion 1.2.4.1
 Summary:        Secure Shell Client and Server (Remote Login Program)
 Url:            http://www.openssh.com/
@@ -58,7 +58,6 @@ Patch36:        %{name}-%{version}-xauthlocalhostname.diff
 Patch37:        %{name}-%{version}-tmpdir.diff
 Patch40:        %{name}-%{version}-xauth.diff
 Patch41:        %{name}-%{version}-gcc-fix.patch
-Patch42:        %{name}-gssapi_krb5-fix.patch
 Patch43:        %{name}-%{version}-default-protocol.diff
 Patch44:        %{name}-%{version}-audit.patch
 Patch45:        %{name}-%{version}-pts.diff
@@ -148,7 +147,6 @@ Authors:
 %patch37
 %patch40
 %patch41
-%patch42
 %patch43
 %patch44 -p1
 %patch45
@@ -252,7 +250,7 @@ rm -rf $RPM_BUILD_ROOT
 %files
 %defattr(-,root,root)
 %dir %attr(755,root,root) /var/lib/sshd
-%doc README.SuSE README.kerberos ChangeLog OVERVIEW README RFC.nroff TODO LICENCE CREDITS
+%doc README.SuSE README.kerberos ChangeLog OVERVIEW README TODO LICENCE CREDITS
 %attr(0755,root,root) %dir /etc/ssh
 %attr(0600,root,root) %config(noreplace) /etc/ssh/moduli
 %verify(not mode) %attr(0644,root,root) %config(noreplace) /etc/ssh/ssh_config
@@ -294,6 +292,87 @@ rm -rf $RPM_BUILD_ROOT
 %config %_appdefdir/SshAskpass
 
 %changelog
+* Tue Jul 22 2008 anicka@suse.cz
+- update to 5.1p1
+  * sshd(8): Avoid X11 man-in-the-middle attack on HP/UX (and possibly
+  other platforms) when X11UseLocalhost=no
+  * Introduce experimental SSH Fingerprint ASCII Visualisation to ssh(1)
+  and ssh-keygen(1). Visual fingerprinnt display is controlled by a new
+  ssh_config(5) option "VisualHostKey".
+  * sshd_config(5) now supports CIDR address/masklen matching in "Match
+  address" blocks, with a fallback to classic wildcard matching.
+  * sshd(8) now supports CIDR matching in ~/.ssh/authorized_keys
+  from="..." restrictions, also with a fallback to classic wildcard
+  matching.
+  * Added an extended test mode (-T) to sshd(8) to request that it write
+  its effective configuration to stdout and exit. Extended test mode
+  also supports the specification of connection parameters (username,
+  source address and hostname) to test the application of
+  sshd_config(5) Match rules.
+  * ssh(1) now prints the number of bytes transferred and the overall
+  connection throughput for SSH protocol 2 sessions when in verbose
+  mode (previously these statistics were displayed for protocol 1
+  connections only).
+  * sftp-server(8) now supports extension methods statvfs@openssh.com and
+  fstatvfs@openssh.com that implement statvfs(2)-like operations.
+  * sftp(1) now has a "df" command to the sftp client that uses the
+  statvfs@openssh.com to produce a df(1)-like display of filesystem
+  space and inode utilisation (requires statvfs@openssh.com support on
+  the server)
+  * Added a MaxSessions option to sshd_config(5) to allow control of the
+  number of multiplexed sessions supported over a single TCP connection.
+  This allows increasing the number of allowed sessions above the
+  previous default of 10, disabling connection multiplexing
+  (MaxSessions=1) or disallowing login/shell/subsystem sessions
+  entirely (MaxSessions=0).
+  * Added a no-more-sessions@openssh.com global request extension that is
+  sent from ssh(1) to sshd(8) when the client knows that it will never
+  request another session (i.e. when session multiplexing is disabled).
+  This allows a server to disallow further session requests and
+  terminate the session in cases where the client has been hijacked.
+  * ssh-keygen(1) now supports the use of the -l option in combination
+  with -F to search for a host in ~/.ssh/known_hosts and display its
+  fingerprint.
+  * ssh-keyscan(1) now defaults to "rsa" (protocol 2) keys, instead of
+  "rsa1".
+  * Added an AllowAgentForwarding option to sshd_config(8) to control
+  whether authentication agent forwarding is permitted. Note that this
+  is a loose control, as a client may install their own unofficial
+  forwarder.
+  * ssh(1) and sshd(8): avoid unnecessary malloc/copy/free when receiving
+  network data, resulting in a ~10%% speedup
+  * ssh(1) and sshd(8) will now try additional addresses when connecting
+  to a port forward destination whose DNS name resolves to more than
+  one address. The previous behaviour was to try the only first address
+  and give up if that failed. (bz#383)
+  * ssh(1) and sshd(8) now support signalling that channels are
+  half-closed for writing, through a channel protocol extension
+  notification "eow@openssh.com". This allows propagation of closed
+  file descriptors, so that commands such as:
+  "ssh -2 localhost od /bin/ls | true"
+  do not send unnecessary data over the wire. (bz#85)
+  * sshd(8): increased the default size of ssh protocol 1 ephemeral keys
+  from 768 to 1024 bits.
+  * When ssh(1) has been requested to fork after authentication
+  ("ssh -f") with ExitOnForwardFailure enabled, delay the fork until
+  after replies for any -R forwards have been seen. Allows for robust
+  detection of -R forward failure when using -f. (bz#92)
+  * "Match group" blocks in sshd_config(5) now support negation of
+  groups. E.g. "Match group staff,!guests" (bz#1315)
+  * sftp(1) and sftp-server(8) now allow chmod-like operations to set
+  set[ug]id/sticky bits. (bz#1310)
+  * The MaxAuthTries option is now permitted in sshd_config(5) match
+  blocks.
+  * Multiplexed ssh(1) sessions now support a subset of the ~ escapes
+  that are available to a primary connection. (bz#1331)
+  * ssh(1) connection multiplexing will now fall back to creating a new
+  connection in most error cases. (bz#1439 bz#1329)
+  * Added some basic interoperability tests against Twisted Conch.
+  * Documented OpenSSH's extensions to and deviations from the published
+  SSH protocols (the PROTOCOL file in the distribution)
+  * Documented OpenSSH's ssh-agent protocol (PROTOCOL.agent).
+  * bugfixes
+- remove gssapi_krb5-fix patch
 * Fri Apr 18 2008 werner@suse.de
 - Handle pts slave lines like utemper
 * Wed Apr 09 2008 anicka@suse.cz