Accepting request 185789 from home:elvigia:branches:network

- Update for 6.2p2 

- Update to version 6.2p2 
* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption
* ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes
* ssh(1)/sshd(8): Added support for the UMAC-128 MAC
* sshd(8): Added support for multiple required authentication
* sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists
* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
  now immediately sends its SSH protocol banner to the server without
  waiting to receive the server's banner, saving time when connecting.
* dozens of other changes, see http://www.openssh.org/txt/release-6.2

OBS-URL: https://build.opensuse.org/request/show/185789
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=51
This commit is contained in:
Marcus Meissner 2013-08-05 07:15:19 +00:00 committed by Git OBS Bridge
parent d3a2cdd766
commit 616ae5907d
7 changed files with 54 additions and 44 deletions

View File

@ -1,31 +1,27 @@
# add support for Linux audit (FATE #120269) # add support for Linux audit (FATE #120269)
================================================================================ ================================================================================
Index: openssh-5.8p1/Makefile.in --- openssh-6.2p2.orig/Makefile.in
=================================================================== +++ openssh-6.2p2/Makefile.in
--- openssh-5.8p1.orig/Makefile.in @@ -47,6 +47,7 @@ LIBS=@LIBS@
+++ openssh-5.8p1/Makefile.in K5LIBS=@K5LIBS@
@@ -47,6 +47,7 @@ CFLAGS=@CFLAGS@ GSSLIBS=@GSSLIBS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
SSHLIBS=@SSHLIBS@ SSHLIBS=@SSHLIBS@
+LIBAUDIT=@LIBAUDIT@ +LIBAUDIT=@LIBAUDIT@
SSHDLIBS=@SSHDLIBS@ SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@ LIBEDIT=@LIBEDIT@
AR=@AR@ AR=@AR@
@@ -146,7 +147,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS @@ -144,7 +145,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) $(GSSLIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS)
+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(LIBAUDIT) + $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(GSSLIBS) $(K5LIBS) $(LIBAUDIT)
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
Index: openssh-5.8p1/auth.c --- openssh-6.2p2.orig/auth.c
=================================================================== +++ openssh-6.2p2/auth.c
--- openssh-5.8p1.orig/auth.c @@ -298,6 +298,12 @@ auth_log(Authctxt *authctxt, int authent
+++ openssh-5.8p1/auth.c
@@ -293,6 +293,12 @@ auth_log(Authctxt *authctxt, int authent
get_canonical_hostname(options.use_dns), "ssh", &loginmsg); get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
# endif # endif
#endif #endif
@ -38,7 +34,7 @@ Index: openssh-5.8p1/auth.c
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
if (authenticated == 0 && !authctxt->postponed) if (authenticated == 0 && !authctxt->postponed)
audit_event(audit_classify_auth(method)); audit_event(audit_classify_auth(method));
@@ -592,6 +598,10 @@ getpwnamallow(const char *user) @@ -606,6 +612,10 @@ getpwnamallow(const char *user)
record_failed_login(user, record_failed_login(user,
get_canonical_hostname(options.use_dns), "ssh"); get_canonical_hostname(options.use_dns), "ssh");
#endif #endif
@ -49,11 +45,9 @@ Index: openssh-5.8p1/auth.c
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
audit_event(SSH_INVALID_USER); audit_event(SSH_INVALID_USER);
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
Index: openssh-5.8p1/config.h.in --- openssh-6.2p2.orig/config.h.in
=================================================================== +++ openssh-6.2p2/config.h.in
--- openssh-5.8p1.orig/config.h.in @@ -1554,6 +1554,9 @@
+++ openssh-5.8p1/config.h.in
@@ -1460,6 +1460,9 @@
/* Define if you want SELinux support. */ /* Define if you want SELinux support. */
#undef WITH_SELINUX #undef WITH_SELINUX
@ -63,11 +57,9 @@ Index: openssh-5.8p1/config.h.in
/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
significant byte first (like Motorola and SPARC, unlike Intel). */ significant byte first (like Motorola and SPARC, unlike Intel). */
#if defined AC_APPLE_UNIVERSAL_BUILD #if defined AC_APPLE_UNIVERSAL_BUILD
Index: openssh-5.8p1/configure.ac --- openssh-6.2p2.orig/configure.ac
=================================================================== +++ openssh-6.2p2/configure.ac
--- openssh-5.8p1.orig/configure.ac @@ -3653,6 +3653,20 @@ AC_ARG_WITH([selinux],
+++ openssh-5.8p1/configure.ac
@@ -3522,6 +3522,20 @@ AC_ARG_WITH(selinux,
AC_SUBST([SSHLIBS]) AC_SUBST([SSHLIBS])
AC_SUBST([SSHDLIBS]) AC_SUBST([SSHDLIBS])
@ -88,7 +80,7 @@ Index: openssh-5.8p1/configure.ac
# Check whether user wants Kerberos 5 support # Check whether user wants Kerberos 5 support
KRB5_MSG="no" KRB5_MSG="no"
AC_ARG_WITH([kerberos5], AC_ARG_WITH([kerberos5],
@@ -4316,6 +4330,7 @@ echo " PAM support @@ -4569,6 +4583,7 @@ echo " PAM support
echo " OSF SIA support: $SIA_MSG" echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG" echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG" echo " SELinux support: $SELINUX_MSG"
@ -96,10 +88,8 @@ Index: openssh-5.8p1/configure.ac
echo " Smartcard support: $SCARD_MSG" echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG" echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG" echo " TCP Wrappers support: $TCPW_MSG"
Index: openssh-5.8p1/loginrec.c --- openssh-6.2p2.orig/loginrec.c
=================================================================== +++ openssh-6.2p2/loginrec.c
--- openssh-5.8p1.orig/loginrec.c
+++ openssh-5.8p1/loginrec.c
@@ -176,6 +176,10 @@ @@ -176,6 +176,10 @@
#include "auth.h" #include "auth.h"
#include "buffer.h" #include "buffer.h"
@ -111,7 +101,7 @@ Index: openssh-5.8p1/loginrec.c
#ifdef HAVE_UTIL_H #ifdef HAVE_UTIL_H
# include <util.h> # include <util.h>
#endif #endif
@@ -202,6 +206,9 @@ int utmp_write_entry(struct logininfo *l @@ -198,6 +202,9 @@ int utmp_write_entry(struct logininfo *l
int utmpx_write_entry(struct logininfo *li); int utmpx_write_entry(struct logininfo *li);
int wtmp_write_entry(struct logininfo *li); int wtmp_write_entry(struct logininfo *li);
int wtmpx_write_entry(struct logininfo *li); int wtmpx_write_entry(struct logininfo *li);
@ -121,7 +111,7 @@ Index: openssh-5.8p1/loginrec.c
int lastlog_write_entry(struct logininfo *li); int lastlog_write_entry(struct logininfo *li);
int syslogin_write_entry(struct logininfo *li); int syslogin_write_entry(struct logininfo *li);
@@ -442,6 +449,10 @@ login_write(struct logininfo *li) @@ -438,6 +445,10 @@ login_write(struct logininfo *li)
/* set the timestamp */ /* set the timestamp */
login_set_current_time(li); login_set_current_time(li);
@ -132,7 +122,7 @@ Index: openssh-5.8p1/loginrec.c
#ifdef USE_LOGIN #ifdef USE_LOGIN
syslogin_write_entry(li); syslogin_write_entry(li);
#endif #endif
@@ -1406,6 +1417,87 @@ wtmpx_get_entry(struct logininfo *li) @@ -1402,6 +1413,87 @@ wtmpx_get_entry(struct logininfo *li)
} }
#endif /* USE_WTMPX */ #endif /* USE_WTMPX */
@ -220,10 +210,8 @@ Index: openssh-5.8p1/loginrec.c
/** /**
** Low-level libutil login() functions ** Low-level libutil login() functions
**/ **/
Index: openssh-5.8p1/loginrec.h --- openssh-6.2p2.orig/loginrec.h
=================================================================== +++ openssh-6.2p2/loginrec.h
--- openssh-5.8p1.orig/loginrec.h
+++ openssh-5.8p1/loginrec.h
@@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch @@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch
char *line_abbrevname(char *dst, const char *src, int dstsize); char *line_abbrevname(char *dst, const char *src, int dstsize);

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:d1c157f6c0852e90c191cc7c9018a583b51e3db4035489cb262639d337a1c411
size 1134820

3
openssh-6.2p2.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7f29b9d2ad672ae0f9e1dcbff871fc5c2e60a194e90c766432e32161b842313b
size 1182922

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Sat Aug 3 18:12:20 UTC 2013 - crrodriguez@opensuse.org
- Update for 6.2p2
------------------------------------------------------------------- -------------------------------------------------------------------
Tue Nov 13 10:51:12 UTC 2012 - meissner@suse.com Tue Nov 13 10:51:12 UTC 2012 - meissner@suse.com

View File

@ -26,7 +26,7 @@ BuildRequires: openssl-devel
BuildRequires: pam-devel BuildRequires: pam-devel
BuildRequires: tcpd-devel BuildRequires: tcpd-devel
BuildRequires: update-desktop-files BuildRequires: update-desktop-files
Version: 6.1p1 Version: 6.2p2
Release: 0 Release: 0
Requires: openssh = %{version} Requires: openssh = %{version}
Summary: A GNOME-Based Passphrase Dialog for OpenSSH Summary: A GNOME-Based Passphrase Dialog for OpenSSH

View File

@ -1,3 +1,17 @@
-------------------------------------------------------------------
Sat Aug 3 17:57:06 UTC 2013 - crrodriguez@opensuse.org
- Update to version 6.2p2
* ssh(1)/sshd(8): Added support for AES-GCM authenticated encryption
* ssh(1)/sshd(8): Added support for encrypt-then-mac (EtM) MAC modes
* ssh(1)/sshd(8): Added support for the UMAC-128 MAC
* sshd(8): Added support for multiple required authentication
* sshd(8)/ssh-keygen(1): Added support for Key Revocation Lists
* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
now immediately sends its SSH protocol banner to the server without
waiting to receive the server's banner, saving time when connecting.
* dozens of other changes, see http://www.openssh.org/txt/release-6.2
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jul 1 18:54:31 UTC 2013 - coolo@suse.com Mon Jul 1 18:54:31 UTC 2013 - coolo@suse.com

View File

@ -34,7 +34,7 @@ Requires: /bin/netstat
PreReq: pwdutils %{insserv_prereq} %{fillup_prereq} coreutils PreReq: pwdutils %{insserv_prereq} %{fillup_prereq} coreutils
Conflicts: nonfreessh Conflicts: nonfreessh
Recommends: xauth Recommends: xauth
Version: 6.1p1 Version: 6.2p2
Release: 0 Release: 0
%define xversion 1.2.4.1 %define xversion 1.2.4.1
Summary: Secure Shell Client and Server (Remote Login Program) Summary: Secure Shell Client and Server (Remote Login Program)
@ -127,6 +127,9 @@ export CFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
export CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector" export CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector"
export LDFLAGS="-pie" export LDFLAGS="-pie"
%configure \ %configure \
%if 0%{?has_systemd}
--with-pid-dir=/run \
%endif
--with-ssl-engine \ --with-ssl-engine \
%if 0%{suse_version} >= 1140 %if 0%{suse_version} >= 1140
--with-libedit \ --with-libedit \