From 616ae5907d3fd9e8e13ac8c042800aabea97843c1e90af62c7bf57879d791699 Mon Sep 17 00:00:00 2001 From: Marcus Meissner Date: Mon, 5 Aug 2013 07:15:19 +0000 Subject: [PATCH] Accepting request 185789 from home:elvigia:branches:network - Update for 6.2p2 - Update to version 6.2p2 * ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption * ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes * ssh(1)/sshd(8): Added support for the UMAC-128 MAC * sshd(8): Added support for multiple required authentication * sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists * ssh(1): When SSH protocol 2 only is selected (the default), ssh(1) now immediately sends its SSH protocol banner to the server without waiting to receive the server's banner, saving time when connecting. * dozens of other changes, see http://www.openssh.org/txt/release-6.2 OBS-URL: https://build.opensuse.org/request/show/185789 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=51 --- openssh-5.9p1-audit.patch | 66 ++++++++++++++--------------------- openssh-6.1p1.tar.gz | 3 -- openssh-6.2p2.tar.gz | 3 ++ openssh-askpass-gnome.changes | 5 +++ openssh-askpass-gnome.spec | 2 +- openssh.changes | 14 ++++++++ openssh.spec | 5 ++- 7 files changed, 54 insertions(+), 44 deletions(-) delete mode 100644 openssh-6.1p1.tar.gz create mode 100644 openssh-6.2p2.tar.gz diff --git a/openssh-5.9p1-audit.patch b/openssh-5.9p1-audit.patch index 643f69b..aed05e2 100644 --- a/openssh-5.9p1-audit.patch +++ b/openssh-5.9p1-audit.patch @@ -1,31 +1,27 @@ # add support for Linux audit (FATE #120269) ================================================================================ -Index: openssh-5.8p1/Makefile.in -=================================================================== ---- openssh-5.8p1.orig/Makefile.in -+++ openssh-5.8p1/Makefile.in -@@ -47,6 +47,7 @@ CFLAGS=@CFLAGS@ - CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ +--- openssh-6.2p2.orig/Makefile.in ++++ openssh-6.2p2/Makefile.in +@@ -47,6 +47,7 @@ LIBS=@LIBS@ + K5LIBS=@K5LIBS@ + GSSLIBS=@GSSLIBS@ SSHLIBS=@SSHLIBS@ +LIBAUDIT=@LIBAUDIT@ SSHDLIBS=@SSHDLIBS@ LIBEDIT=@LIBEDIT@ AR=@AR@ -@@ -146,7 +147,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS - $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) +@@ -144,7 +145,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS + $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) -- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) -+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(LIBAUDIT) +- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) ++ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(LIBAUDIT) scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -Index: openssh-5.8p1/auth.c -=================================================================== ---- openssh-5.8p1.orig/auth.c -+++ openssh-5.8p1/auth.c -@@ -293,6 +293,12 @@ auth_log(Authctxt *authctxt, int authent +--- openssh-6.2p2.orig/auth.c ++++ openssh-6.2p2/auth.c +@@ -298,6 +298,12 @@ auth_log(Authctxt *authctxt, int authent get_canonical_hostname(options.use_dns), "ssh", &loginmsg); # endif #endif @@ -38,7 +34,7 @@ Index: openssh-5.8p1/auth.c #ifdef SSH_AUDIT_EVENTS if (authenticated == 0 && !authctxt->postponed) audit_event(audit_classify_auth(method)); -@@ -592,6 +598,10 @@ getpwnamallow(const char *user) +@@ -606,6 +612,10 @@ getpwnamallow(const char *user) record_failed_login(user, get_canonical_hostname(options.use_dns), "ssh"); #endif @@ -49,11 +45,9 @@ Index: openssh-5.8p1/auth.c #ifdef SSH_AUDIT_EVENTS audit_event(SSH_INVALID_USER); #endif /* SSH_AUDIT_EVENTS */ -Index: openssh-5.8p1/config.h.in -=================================================================== ---- openssh-5.8p1.orig/config.h.in -+++ openssh-5.8p1/config.h.in -@@ -1460,6 +1460,9 @@ +--- openssh-6.2p2.orig/config.h.in ++++ openssh-6.2p2/config.h.in +@@ -1554,6 +1554,9 @@ /* Define if you want SELinux support. */ #undef WITH_SELINUX @@ -63,11 +57,9 @@ Index: openssh-5.8p1/config.h.in /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel). */ #if defined AC_APPLE_UNIVERSAL_BUILD -Index: openssh-5.8p1/configure.ac -=================================================================== ---- openssh-5.8p1.orig/configure.ac -+++ openssh-5.8p1/configure.ac -@@ -3522,6 +3522,20 @@ AC_ARG_WITH(selinux, +--- openssh-6.2p2.orig/configure.ac ++++ openssh-6.2p2/configure.ac +@@ -3653,6 +3653,20 @@ AC_ARG_WITH([selinux], AC_SUBST([SSHLIBS]) AC_SUBST([SSHDLIBS]) @@ -88,7 +80,7 @@ Index: openssh-5.8p1/configure.ac # Check whether user wants Kerberos 5 support KRB5_MSG="no" AC_ARG_WITH([kerberos5], -@@ -4316,6 +4330,7 @@ echo " PAM support +@@ -4569,6 +4583,7 @@ echo " PAM support echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" @@ -96,10 +88,8 @@ Index: openssh-5.8p1/configure.ac echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" -Index: openssh-5.8p1/loginrec.c -=================================================================== ---- openssh-5.8p1.orig/loginrec.c -+++ openssh-5.8p1/loginrec.c +--- openssh-6.2p2.orig/loginrec.c ++++ openssh-6.2p2/loginrec.c @@ -176,6 +176,10 @@ #include "auth.h" #include "buffer.h" @@ -111,7 +101,7 @@ Index: openssh-5.8p1/loginrec.c #ifdef HAVE_UTIL_H # include #endif -@@ -202,6 +206,9 @@ int utmp_write_entry(struct logininfo *l +@@ -198,6 +202,9 @@ int utmp_write_entry(struct logininfo *l int utmpx_write_entry(struct logininfo *li); int wtmp_write_entry(struct logininfo *li); int wtmpx_write_entry(struct logininfo *li); @@ -121,7 +111,7 @@ Index: openssh-5.8p1/loginrec.c int lastlog_write_entry(struct logininfo *li); int syslogin_write_entry(struct logininfo *li); -@@ -442,6 +449,10 @@ login_write(struct logininfo *li) +@@ -438,6 +445,10 @@ login_write(struct logininfo *li) /* set the timestamp */ login_set_current_time(li); @@ -132,7 +122,7 @@ Index: openssh-5.8p1/loginrec.c #ifdef USE_LOGIN syslogin_write_entry(li); #endif -@@ -1406,6 +1417,87 @@ wtmpx_get_entry(struct logininfo *li) +@@ -1402,6 +1413,87 @@ wtmpx_get_entry(struct logininfo *li) } #endif /* USE_WTMPX */ @@ -220,10 +210,8 @@ Index: openssh-5.8p1/loginrec.c /** ** Low-level libutil login() functions **/ -Index: openssh-5.8p1/loginrec.h -=================================================================== ---- openssh-5.8p1.orig/loginrec.h -+++ openssh-5.8p1/loginrec.h +--- openssh-6.2p2.orig/loginrec.h ++++ openssh-6.2p2/loginrec.h @@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch char *line_abbrevname(char *dst, const char *src, int dstsize); diff --git a/openssh-6.1p1.tar.gz b/openssh-6.1p1.tar.gz deleted file mode 100644 index b200e48..0000000 --- a/openssh-6.1p1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411 -size 1134820 diff --git a/openssh-6.2p2.tar.gz b/openssh-6.2p2.tar.gz new file mode 100644 index 0000000..2159c85 --- /dev/null +++ b/openssh-6.2p2.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7f29b9d2ad672ae0f9e1dcbff871fc5c2e60a194e90c766432e32161b842313b +size 1182922 diff --git a/openssh-askpass-gnome.changes b/openssh-askpass-gnome.changes index d108c12..a983ec3 100644 --- a/openssh-askpass-gnome.changes +++ b/openssh-askpass-gnome.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Sat Aug 3 18:12:20 UTC 2013 - crrodriguez@opensuse.org + +- Update for 6.2p2 + ------------------------------------------------------------------- Tue Nov 13 10:51:12 UTC 2012 - meissner@suse.com diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index 8c99098..1559a88 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -26,7 +26,7 @@ BuildRequires: openssl-devel BuildRequires: pam-devel BuildRequires: tcpd-devel BuildRequires: update-desktop-files -Version: 6.1p1 +Version: 6.2p2 Release: 0 Requires: openssh = %{version} Summary: A GNOME-Based Passphrase Dialog for OpenSSH diff --git a/openssh.changes b/openssh.changes index d8dd51d..b9053a5 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,17 @@ +------------------------------------------------------------------- +Sat Aug 3 17:57:06 UTC 2013 - crrodriguez@opensuse.org + +- Update to version 6.2p2 +* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption +* ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes +* ssh(1)/sshd(8): Added support for the UMAC-128 MAC +* sshd(8): Added support for multiple required authentication +* sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists +* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1) + now immediately sends its SSH protocol banner to the server without + waiting to receive the server's banner, saving time when connecting. +* dozens of other changes, see http://www.openssh.org/txt/release-6.2 + ------------------------------------------------------------------- Mon Jul 1 18:54:31 UTC 2013 - coolo@suse.com diff --git a/openssh.spec b/openssh.spec index 921ce07..cc7481c 100644 --- a/openssh.spec +++ b/openssh.spec @@ -34,7 +34,7 @@ Requires: /bin/netstat PreReq: pwdutils %{insserv_prereq} %{fillup_prereq} coreutils Conflicts: nonfreessh Recommends: xauth -Version: 6.1p1 +Version: 6.2p2 Release: 0 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program) @@ -127,6 +127,9 @@ export CFLAGS="%{optflags} $PIEFLAGS -fstack-protector" export CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector" export LDFLAGS="-pie" %configure \ +%if 0%{?has_systemd} + --with-pid-dir=/run \ +%endif --with-ssl-engine \ %if 0%{suse_version} >= 1140 --with-libedit \