From 397970d96a0bdc4aa814952aa00a03bcd8f34ba0261e8c09a08ba06afbe2592f Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Tue, 1 Feb 2011 14:14:14 +0000 Subject: [PATCH 1/3] Updating link to change in openSUSE:Factory/openssh revision 63.0 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=863b93373a19919c5385d950bb98b64d --- openssh-askpass-gnome.spec | 2 +- openssh.spec | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index 9894733..48032cc 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -1,5 +1,5 @@ # -# spec file for package openssh-askpass-gnome (Version 5.7p1) +# spec file for package openssh-askpass-gnome # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # diff --git a/openssh.spec b/openssh.spec index 1a36f5b..78222f8 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,5 +1,5 @@ # -# spec file for package openssh (Version 5.7p1) +# spec file for package openssh # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # From 5920438cad002df8d471381df6a6c7cdf1be865c802ae12495c54ed0aa20cd21 Mon Sep 17 00:00:00 2001 From: Petr Cerny Date: Fri, 4 Feb 2011 10:44:51 +0000 Subject: [PATCH 2/3] Accepting request 60035 from home:pcerny:factory reviewed ok. OBS-URL: https://build.opensuse.org/request/show/60035 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=6 --- ....7p1.dif => openssh-5.7p1-sshd_config.diff | 0 openssh.changes | 5 ++ openssh.spec | 46 +++++++++---------- 3 files changed, 28 insertions(+), 23 deletions(-) rename openssh-5.7p1.dif => openssh-5.7p1-sshd_config.diff (100%) diff --git a/openssh-5.7p1.dif b/openssh-5.7p1-sshd_config.diff similarity index 100% rename from openssh-5.7p1.dif rename to openssh-5.7p1-sshd_config.diff diff --git a/openssh.changes b/openssh.changes index 23de35e..dd14df7 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Thu Feb 3 16:42:01 UTC 2011 - pcerny@novell.com + +- specfile/patches cleanup + ------------------------------------------------------------------- Mon Jan 24 11:24:59 UTC 2011 - lchiquitto@novell.com diff --git a/openssh.spec b/openssh.spec index 78222f8..2178e3d 100644 --- a/openssh.spec +++ b/openssh.spec @@ -30,7 +30,7 @@ PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils Conflicts: nonfreessh AutoReqProv: on Version: 5.7p1 -Release: 1 +Release: 2 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program) Url: http://www.openssh.com/ @@ -44,7 +44,7 @@ Source6: README.kerberos Source7: ssh.reg Source8: ssh-askpass Source9: sshd.fw -Patch: %{name}-%{version}.dif +Patch: %{name}-%{version}-sshd_config.diff Patch1: %{name}-%{version}-askpass-fix.diff Patch2: %{name}-%{version}-pam-fix2.diff Patch3: %{name}-%{version}-saveargv-fix.diff @@ -62,10 +62,10 @@ Patch16: %{name}-%{version}-pts.diff Patch17: %{name}-%{version}-homechroot.patch Patch18: %{name}-%{version}-sshconfig-knownhostschanges.diff Patch19: %{name}-%{version}-host_ident.diff -Patch20: %{name}-%{version}-selinux.diff +Patch21: %{name}-%{version}-selinux.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build -%package askpass +%package askpass License: BSD3c(or similar) ; MIT License (or similar) Summary: A passphrase dialog for OpenSSH and the X Window System Requires: openssh = %{version} @@ -107,7 +107,7 @@ Window System passphrase dialog for OpenSSH. %patch17 %patch18 %patch19 -p1 -%patch20 -p1 +%patch21 -p1 cp -v %{SOURCE4} . cp -v %{SOURCE6} . cd ../x11-ssh-askpass-%{xversion} @@ -130,30 +130,30 @@ PIEFLAGS="-fpie" #Obsoleted LDFLAGS="-lpthread" \ LDFLAGS="-pie" CFLAGS="$RPM_OPT_FLAGS $PIEFLAGS -fstack-protector" CXXFLAGS="$RPM_OPT_FLAGS $PIEFLAGS -fstack-protector" \ ./configure --with-ssl-engine \ - --mandir=%{_mandir} \ - --prefix=%{prefix} \ - --infodir=%{_infodir} \ - --sysconfdir=/etc/ssh \ - --libexecdir=%{prefix}/%_lib/ssh \ - --with-tcp-wrappers \ - --with-selinux \ - --with-pam \ - --with-kerberos5=/usr \ - --with-privsep-path=/var/lib/empty \ - --disable-strip \ - --with-linux-audit \ - --with-xauth=%{_prefix}/bin/xauth \ - --target=%{_target_cpu}-suse-linux -# --with-afs=/usr \ + --mandir=%{_mandir} \ + --prefix=%{prefix} \ + --infodir=%{_infodir} \ + --sysconfdir=/etc/ssh \ + --libexecdir=%{prefix}/%_lib/ssh \ + --with-tcp-wrappers \ + --with-selinux \ + --with-pam \ + --with-kerberos5=/usr \ + --with-privsep-path=/var/lib/empty \ + --disable-strip \ + --with-linux-audit \ + --with-xauth=%{_prefix}/bin/xauth \ + --target=%{_target_cpu}-suse-linux +# --with-afs=/usr \ make %{?_smp_mflags} (cd converter; make %{?_smp_mflags}) cd contrib cd ../../x11-ssh-askpass-%{xversion} CFLAGS="$RPM_OPT_FLAGS" CXXFLAGS="$RPM_OPT_FLAGS" ./configure \ - --mandir=%{_mandir} \ - --prefix=%{_prefix} \ - --libexecdir=%{prefix}/%_lib/ssh + --mandir=%{_mandir} \ + --prefix=%{_prefix} \ + --libexecdir=%{prefix}/%_lib/ssh xmkmf make includes USRLIBDIR=%_prefix/%_lib make %{?_smp_mflags} USRLIBDIR=%_prefix/%_lib CCOPTIONS="$RPM_OPT_FLAGS" From ceda754f5aa387fe9cf627b1615100c796569340fdd140fcdfeba8c75588c146 Mon Sep 17 00:00:00 2001 From: Petr Cerny Date: Fri, 4 Feb 2011 13:58:22 +0000 Subject: [PATCH 3/3] Accepting request 60057 from home:leonardocf:branches:network reviewed ok. OBS-URL: https://build.opensuse.org/request/show/60057 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=7 --- openssh-5.7p1-selinux.diff | 173 ------------------ openssh-5.7p1.tar.bz2 | 3 - ...fix.diff => openssh-5.8p1-askpass-fix.diff | 0 ...1-audit.patch => openssh-5.8p1-audit.patch | 52 +++--- ...rm.diff => openssh-5.8p1-blocksigalrm.diff | 0 ...iff => openssh-5.8p1-default-protocol.diff | 0 ...5.7p1-eal3.diff => openssh-5.8p1-eal3.diff | 12 +- ...engines.diff => openssh-5.8p1-engines.diff | 36 ++-- ...tm.patch => openssh-5.8p1-gssapimitm.patch | 0 ...ot.patch => openssh-5.8p1-homechroot.patch | 0 ...dent.diff => openssh-5.8p1-host_ident.diff | 0 ...m-fix2.diff => openssh-5.8p1-pam-fix2.diff | 0 ...m-fix3.diff => openssh-5.8p1-pam-fix3.diff | 0 ...h-5.7p1-pts.diff => openssh-5.8p1-pts.diff | 0 ...ix.diff => openssh-5.8p1-saveargv-fix.diff | 0 ...ale.diff => openssh-5.8p1-send_locale.diff | 0 ...ssh-5.8p1-sshconfig-knownhostschanges.diff | 0 ...fig.diff => openssh-5.8p1-sshd_config.diff | 0 openssh-5.8p1-syntax-error.diff | 13 ++ ...7p1-xauth.diff => openssh-5.8p1-xauth.diff | 5 +- ...f => openssh-5.8p1-xauthlocalhostname.diff | 0 openssh-5.8p1.tar.bz2 | 3 + openssh-askpass-gnome.changes | 5 + openssh-askpass-gnome.spec | 4 +- openssh.changes | 12 ++ openssh.spec | 6 +- 26 files changed, 90 insertions(+), 234 deletions(-) delete mode 100644 openssh-5.7p1-selinux.diff delete mode 100644 openssh-5.7p1.tar.bz2 rename openssh-5.7p1-askpass-fix.diff => openssh-5.8p1-askpass-fix.diff (100%) rename openssh-5.7p1-audit.patch => openssh-5.8p1-audit.patch (87%) rename openssh-5.7p1-blocksigalrm.diff => openssh-5.8p1-blocksigalrm.diff (100%) rename openssh-5.7p1-default-protocol.diff => openssh-5.8p1-default-protocol.diff (100%) rename openssh-5.7p1-eal3.diff => openssh-5.8p1-eal3.diff (84%) rename openssh-5.7p1-engines.diff => openssh-5.8p1-engines.diff (85%) rename openssh-5.7p1-gssapimitm.patch => openssh-5.8p1-gssapimitm.patch (100%) rename openssh-5.7p1-homechroot.patch => openssh-5.8p1-homechroot.patch (100%) rename openssh-5.7p1-host_ident.diff => openssh-5.8p1-host_ident.diff (100%) rename openssh-5.7p1-pam-fix2.diff => openssh-5.8p1-pam-fix2.diff (100%) rename openssh-5.7p1-pam-fix3.diff => openssh-5.8p1-pam-fix3.diff (100%) rename openssh-5.7p1-pts.diff => openssh-5.8p1-pts.diff (100%) rename openssh-5.7p1-saveargv-fix.diff => openssh-5.8p1-saveargv-fix.diff (100%) rename openssh-5.7p1-send_locale.diff => openssh-5.8p1-send_locale.diff (100%) rename openssh-5.7p1-sshconfig-knownhostschanges.diff => openssh-5.8p1-sshconfig-knownhostschanges.diff (100%) rename openssh-5.7p1-sshd_config.diff => openssh-5.8p1-sshd_config.diff (100%) create mode 100644 openssh-5.8p1-syntax-error.diff rename openssh-5.7p1-xauth.diff => openssh-5.8p1-xauth.diff (95%) rename openssh-5.7p1-xauthlocalhostname.diff => openssh-5.8p1-xauthlocalhostname.diff (100%) create mode 100644 openssh-5.8p1.tar.bz2 diff --git a/openssh-5.7p1-selinux.diff b/openssh-5.7p1-selinux.diff deleted file mode 100644 index cb00e8e..0000000 --- a/openssh-5.7p1-selinux.diff +++ /dev/null @@ -1,173 +0,0 @@ -Index: openssh-5.7p1/ChangeLog -=================================================================== ---- openssh-5.7p1.orig/ChangeLog -+++ openssh-5.7p1/ChangeLog -@@ -1,3 +1,10 @@ -+20110125 -+ - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c -+ openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to -+ port-linux.c to avoid compilation errors. Add -lselinux to ssh when -+ building with SELinux support to avoid linking failure; report from -+ amk AT spamfence.net; ok dtucker -+ - 20110122 - - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add - RSA_get_default_method() for the benefit of openssl versions that don't -Index: openssh-5.7p1/configure.ac -=================================================================== ---- openssh-5.7p1.orig/configure.ac -+++ openssh-5.7p1/configure.ac -@@ -1,4 +1,4 @@ --# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $ -+# $Id: configure.ac,v 1.470 2011/01/25 01:16:17 djm Exp $ - # - # Copyright (c) 1999-2004 Damien Miller - # -@@ -15,7 +15,7 @@ - # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. - - AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) --AC_REVISION($Revision: 1.469 $) -+AC_REVISION($Revision: 1.470 $) - AC_CONFIG_SRCDIR([ssh.c]) - - # local macros -@@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4) - [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, - [Define if you have Solaris process contracts]) - SSHDLIBS="$SSHDLIBS -lcontract" -- AC_SUBST(SSHDLIBS) - SPC_MSG="yes" ], ) - ], - ) -@@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4) - [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1, - [Define if you have Solaris projects]) - SSHDLIBS="$SSHDLIBS -lproject" -- AC_SUBST(SSHDLIBS) - SP_MSG="yes" ], ) - ], - ) -@@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux, - LIBS="$LIBS -lselinux" - ], - AC_MSG_ERROR(SELinux support requires libselinux library)) -+ SSHLIBS="$SSHLIBS $LIBSELINUX" - SSHDLIBS="$SSHDLIBS $LIBSELINUX" - AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) - LIBS="$save_LIBS" - fi ] - ) -+AC_SUBST(SSHLIBS) -+AC_SUBST(SSHDLIBS) - - # Check whether user wants Linux audit support - LINUX_AUDIT_MSG="no" -@@ -4356,6 +4357,9 @@ echo " Libraries: ${LIBS}" - if test ! -z "${SSHDLIBS}"; then - echo " +for sshd: ${SSHDLIBS}" - fi -+if test ! -z "${SSHLIBS}"; then -+echo " +for ssh: ${SSHLIBS}" -+fi - - echo "" - -Index: openssh-5.7p1/Makefile.in -=================================================================== ---- openssh-5.7p1.orig/Makefile.in -+++ openssh-5.7p1/Makefile.in -@@ -1,4 +1,4 @@ --# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $ -+# $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $ - - # uncomment if you run a non bourne compatable shell. Ie. csh - #SHELL = @SH@ -@@ -47,6 +47,7 @@ CFLAGS=@CFLAGS@ - CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - LIBAUDIT=@LIBAUDIT@ -+SSHLIBS=@SSHLIBS@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - AR=@AR@ -@@ -143,7 +144,7 @@ libssh.a: $(LIBSSH_OBJS) - $(RANLIB) $@ - - ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) -- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) - - sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(LIBAUDIT) -Index: openssh-5.7p1/openbsd-compat/port-linux.c -=================================================================== ---- openssh-5.7p1.orig/openbsd-compat/port-linux.c -+++ openssh-5.7p1/openbsd-compat/port-linux.c -@@ -1,4 +1,4 @@ --/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */ -+/* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */ - - /* - * Copyright (c) 2005 Daniel Walsh -@@ -205,6 +205,20 @@ ssh_selinux_change_context(const char *n - xfree(oldctx); - xfree(newctx); - } -+ -+void -+ssh_selinux_setfscreatecon(const char *path) -+{ -+ security_context_t context; -+ -+ if (path == NULL) { -+ setfscreatecon(NULL); -+ return; -+ } -+ matchpathcon(path, 0700, &context); -+ setfscreatecon(context); -+} -+ - #endif /* WITH_SELINUX */ - - #ifdef LINUX_OOM_ADJUST -Index: openssh-5.7p1/openbsd-compat/port-linux.h -=================================================================== ---- openssh-5.7p1.orig/openbsd-compat/port-linux.h -+++ openssh-5.7p1/openbsd-compat/port-linux.h -@@ -1,4 +1,4 @@ --/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */ -+/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */ - - /* - * Copyright (c) 2006 Damien Miller -@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void); - void ssh_selinux_setup_pty(char *, const char *); - void ssh_selinux_setup_exec_context(char *); - void ssh_selinux_change_context(const char *); -+void ssh_selinux_setfscreatecon(const char *); - #endif - - #ifdef LINUX_OOM_ADJUST -Index: openssh-5.7p1/ssh.c -=================================================================== ---- openssh-5.7p1.orig/ssh.c -+++ openssh-5.7p1/ssh.c -@@ -857,15 +857,12 @@ main(int ac, char **av) - strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); - if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { - #ifdef WITH_SELINUX -- char *scon; -- -- matchpathcon(buf, 0700, &scon); -- setfscreatecon(scon); -+ ssh_selinux_setfscreatecon(buf); - #endif - if (mkdir(buf, 0700) < 0) - error("Could not create directory '%.200s'.", buf); - #ifdef WITH_SELINUX -- setfscreatecon(NULL); -+ ssh_selinux_setfscreatecon(NULL); - #endif - } - /* load options.identity_files */ diff --git a/openssh-5.7p1.tar.bz2 b/openssh-5.7p1.tar.bz2 deleted file mode 100644 index 187903c..0000000 --- a/openssh-5.7p1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e8e4d63cbfdd0c97f8856693b4412e0bda78bb152ec1cb6f426193dc16d412c3 -size 894451 diff --git a/openssh-5.7p1-askpass-fix.diff b/openssh-5.8p1-askpass-fix.diff similarity index 100% rename from openssh-5.7p1-askpass-fix.diff rename to openssh-5.8p1-askpass-fix.diff diff --git a/openssh-5.7p1-audit.patch b/openssh-5.8p1-audit.patch similarity index 87% rename from openssh-5.7p1-audit.patch rename to openssh-5.8p1-audit.patch index fbab4af..e3af877 100644 --- a/openssh-5.7p1-audit.patch +++ b/openssh-5.8p1-audit.patch @@ -1,19 +1,19 @@ # add support for Linux audit (FATE #120269) ================================================================================ -Index: openssh-5.7p1/Makefile.in +Index: openssh-5.8p1/Makefile.in =================================================================== ---- openssh-5.7p1.orig/Makefile.in -+++ openssh-5.7p1/Makefile.in -@@ -46,6 +46,7 @@ LD=@LD@ - CFLAGS=@CFLAGS@ +--- openssh-5.8p1.orig/Makefile.in ++++ openssh-5.8p1/Makefile.in +@@ -47,6 +47,7 @@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ + SSHLIBS=@SSHLIBS@ +LIBAUDIT=@LIBAUDIT@ SSHDLIBS=@SSHDLIBS@ LIBEDIT=@LIBEDIT@ AR=@AR@ -@@ -145,7 +146,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS - $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +@@ -146,7 +147,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS + $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) - $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) @@ -21,10 +21,10 @@ Index: openssh-5.7p1/Makefile.in scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) -Index: openssh-5.7p1/auth.c +Index: openssh-5.8p1/auth.c =================================================================== ---- openssh-5.7p1.orig/auth.c -+++ openssh-5.7p1/auth.c +--- openssh-5.8p1.orig/auth.c ++++ openssh-5.8p1/auth.c @@ -293,6 +293,12 @@ auth_log(Authctxt *authctxt, int authent get_canonical_hostname(options.use_dns), "ssh", &loginmsg); # endif @@ -49,10 +49,10 @@ Index: openssh-5.7p1/auth.c #ifdef SSH_AUDIT_EVENTS audit_event(SSH_INVALID_USER); #endif /* SSH_AUDIT_EVENTS */ -Index: openssh-5.7p1/config.h.in +Index: openssh-5.8p1/config.h.in =================================================================== ---- openssh-5.7p1.orig/config.h.in -+++ openssh-5.7p1/config.h.in +--- openssh-5.8p1.orig/config.h.in ++++ openssh-5.8p1/config.h.in @@ -1460,6 +1460,9 @@ /* Define if you want SELinux support. */ #undef WITH_SELINUX @@ -63,13 +63,13 @@ Index: openssh-5.7p1/config.h.in /* Define to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel and VAX). */ #undef WORDS_BIGENDIAN -Index: openssh-5.7p1/configure.ac +Index: openssh-5.8p1/configure.ac =================================================================== ---- openssh-5.7p1.orig/configure.ac -+++ openssh-5.7p1/configure.ac -@@ -3521,6 +3521,20 @@ AC_ARG_WITH(selinux, - fi ] - ) +--- openssh-5.8p1.orig/configure.ac ++++ openssh-5.8p1/configure.ac +@@ -3522,6 +3522,20 @@ AC_ARG_WITH(selinux, + AC_SUBST(SSHLIBS) + AC_SUBST(SSHDLIBS) +# Check whether user wants Linux audit support +LINUX_AUDIT_MSG="no" @@ -88,7 +88,7 @@ Index: openssh-5.7p1/configure.ac # Check whether user wants Kerberos 5 support KRB5_MSG="no" AC_ARG_WITH(kerberos5, -@@ -4315,6 +4329,7 @@ echo " PAM support +@@ -4316,6 +4330,7 @@ echo " PAM support echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" @@ -96,10 +96,10 @@ Index: openssh-5.7p1/configure.ac echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" -Index: openssh-5.7p1/loginrec.c +Index: openssh-5.8p1/loginrec.c =================================================================== ---- openssh-5.7p1.orig/loginrec.c -+++ openssh-5.7p1/loginrec.c +--- openssh-5.8p1.orig/loginrec.c ++++ openssh-5.8p1/loginrec.c @@ -176,6 +176,10 @@ #include "auth.h" #include "buffer.h" @@ -220,10 +220,10 @@ Index: openssh-5.7p1/loginrec.c /** ** Low-level libutil login() functions **/ -Index: openssh-5.7p1/loginrec.h +Index: openssh-5.8p1/loginrec.h =================================================================== ---- openssh-5.7p1.orig/loginrec.h -+++ openssh-5.7p1/loginrec.h +--- openssh-5.8p1.orig/loginrec.h ++++ openssh-5.8p1/loginrec.h @@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch char *line_abbrevname(char *dst, const char *src, int dstsize); diff --git a/openssh-5.7p1-blocksigalrm.diff b/openssh-5.8p1-blocksigalrm.diff similarity index 100% rename from openssh-5.7p1-blocksigalrm.diff rename to openssh-5.8p1-blocksigalrm.diff diff --git a/openssh-5.7p1-default-protocol.diff b/openssh-5.8p1-default-protocol.diff similarity index 100% rename from openssh-5.7p1-default-protocol.diff rename to openssh-5.8p1-default-protocol.diff diff --git a/openssh-5.7p1-eal3.diff b/openssh-5.8p1-eal3.diff similarity index 84% rename from openssh-5.7p1-eal3.diff rename to openssh-5.8p1-eal3.diff index 7ebdb22..dc0f058 100644 --- a/openssh-5.7p1-eal3.diff +++ b/openssh-5.8p1-eal3.diff @@ -1,7 +1,7 @@ -Index: openssh-5.7p1/sshd.8 +Index: openssh-5.8p1/sshd.8 =================================================================== ---- openssh-5.7p1.orig/sshd.8 -+++ openssh-5.7p1/sshd.8 +--- openssh-5.8p1.orig/sshd.8 ++++ openssh-5.8p1/sshd.8 @@ -855,7 +855,7 @@ Contains Diffie-Hellman groups used for The file format is described in .Xr moduli 5 . @@ -30,10 +30,10 @@ Index: openssh-5.7p1/sshd.8 .Xr sshd_config 5 , .Xr inetd 8 , .Xr sftp-server 8 -Index: openssh-5.7p1/sshd_config.5 +Index: openssh-5.8p1/sshd_config.5 =================================================================== ---- openssh-5.7p1.orig/sshd_config.5 -+++ openssh-5.7p1/sshd_config.5 +--- openssh-5.8p1.orig/sshd_config.5 ++++ openssh-5.8p1/sshd_config.5 @@ -497,7 +497,7 @@ or .Pp .Pa /etc/hosts.equiv diff --git a/openssh-5.7p1-engines.diff b/openssh-5.8p1-engines.diff similarity index 85% rename from openssh-5.7p1-engines.diff rename to openssh-5.8p1-engines.diff index a1ff2f0..e6521d2 100644 --- a/openssh-5.7p1-engines.diff +++ b/openssh-5.8p1-engines.diff @@ -1,7 +1,7 @@ -Index: openssh-5.7p1/ssh-add.c +Index: openssh-5.8p1/ssh-add.c =================================================================== ---- openssh-5.7p1.orig/ssh-add.c -+++ openssh-5.7p1/ssh-add.c +--- openssh-5.8p1.orig/ssh-add.c ++++ openssh-5.8p1/ssh-add.c @@ -43,6 +43,7 @@ #include @@ -21,10 +21,10 @@ Index: openssh-5.7p1/ssh-add.c /* At first, get a connection to the authentication agent. */ ac = ssh_get_authentication_connection(); if (ac == NULL) { -Index: openssh-5.7p1/ssh-agent.c +Index: openssh-5.8p1/ssh-agent.c =================================================================== ---- openssh-5.7p1.orig/ssh-agent.c -+++ openssh-5.7p1/ssh-agent.c +--- openssh-5.8p1.orig/ssh-agent.c ++++ openssh-5.8p1/ssh-agent.c @@ -52,6 +52,7 @@ #include #include @@ -44,10 +44,10 @@ Index: openssh-5.7p1/ssh-agent.c __progname = ssh_get_progname(av[0]); init_rng(); seed_rng(); -Index: openssh-5.7p1/ssh-keygen.c +Index: openssh-5.8p1/ssh-keygen.c =================================================================== ---- openssh-5.7p1.orig/ssh-keygen.c -+++ openssh-5.7p1/ssh-keygen.c +--- openssh-5.8p1.orig/ssh-keygen.c ++++ openssh-5.8p1/ssh-keygen.c @@ -22,6 +22,7 @@ #include #include @@ -68,10 +68,10 @@ Index: openssh-5.7p1/ssh-keygen.c log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); init_rng(); -Index: openssh-5.7p1/ssh-keysign.c +Index: openssh-5.8p1/ssh-keysign.c =================================================================== ---- openssh-5.7p1.orig/ssh-keysign.c -+++ openssh-5.7p1/ssh-keysign.c +--- openssh-5.8p1.orig/ssh-keysign.c ++++ openssh-5.8p1/ssh-keysign.c @@ -38,6 +38,7 @@ #include #include @@ -92,10 +92,10 @@ Index: openssh-5.7p1/ssh-keysign.c for (i = 0; i < 256; i++) rnd[i] = arc4random(); RAND_seed(rnd, sizeof(rnd)); -Index: openssh-5.7p1/ssh.c +Index: openssh-5.8p1/ssh.c =================================================================== ---- openssh-5.7p1.orig/ssh.c -+++ openssh-5.7p1/ssh.c +--- openssh-5.8p1.orig/ssh.c ++++ openssh-5.8p1/ssh.c @@ -75,6 +75,7 @@ #include #include "openbsd-compat/openssl-compat.h" @@ -115,10 +115,10 @@ Index: openssh-5.7p1/ssh.c /* Initialize the command to execute on remote host. */ buffer_init(&command); -Index: openssh-5.7p1/sshd.c +Index: openssh-5.8p1/sshd.c =================================================================== ---- openssh-5.7p1.orig/sshd.c -+++ openssh-5.7p1/sshd.c +--- openssh-5.8p1.orig/sshd.c ++++ openssh-5.8p1/sshd.c @@ -77,6 +77,7 @@ #include #include diff --git a/openssh-5.7p1-gssapimitm.patch b/openssh-5.8p1-gssapimitm.patch similarity index 100% rename from openssh-5.7p1-gssapimitm.patch rename to openssh-5.8p1-gssapimitm.patch diff --git a/openssh-5.7p1-homechroot.patch b/openssh-5.8p1-homechroot.patch similarity index 100% rename from openssh-5.7p1-homechroot.patch rename to openssh-5.8p1-homechroot.patch diff --git a/openssh-5.7p1-host_ident.diff b/openssh-5.8p1-host_ident.diff similarity index 100% rename from openssh-5.7p1-host_ident.diff rename to openssh-5.8p1-host_ident.diff diff --git a/openssh-5.7p1-pam-fix2.diff b/openssh-5.8p1-pam-fix2.diff similarity index 100% rename from openssh-5.7p1-pam-fix2.diff rename to openssh-5.8p1-pam-fix2.diff diff --git a/openssh-5.7p1-pam-fix3.diff b/openssh-5.8p1-pam-fix3.diff similarity index 100% rename from openssh-5.7p1-pam-fix3.diff rename to openssh-5.8p1-pam-fix3.diff diff --git a/openssh-5.7p1-pts.diff b/openssh-5.8p1-pts.diff similarity index 100% rename from openssh-5.7p1-pts.diff rename to openssh-5.8p1-pts.diff diff --git a/openssh-5.7p1-saveargv-fix.diff b/openssh-5.8p1-saveargv-fix.diff similarity index 100% rename from openssh-5.7p1-saveargv-fix.diff rename to openssh-5.8p1-saveargv-fix.diff diff --git a/openssh-5.7p1-send_locale.diff b/openssh-5.8p1-send_locale.diff similarity index 100% rename from openssh-5.7p1-send_locale.diff rename to openssh-5.8p1-send_locale.diff diff --git a/openssh-5.7p1-sshconfig-knownhostschanges.diff b/openssh-5.8p1-sshconfig-knownhostschanges.diff similarity index 100% rename from openssh-5.7p1-sshconfig-knownhostschanges.diff rename to openssh-5.8p1-sshconfig-knownhostschanges.diff diff --git a/openssh-5.7p1-sshd_config.diff b/openssh-5.8p1-sshd_config.diff similarity index 100% rename from openssh-5.7p1-sshd_config.diff rename to openssh-5.8p1-sshd_config.diff diff --git a/openssh-5.8p1-syntax-error.diff b/openssh-5.8p1-syntax-error.diff new file mode 100644 index 0000000..1f423c4 --- /dev/null +++ b/openssh-5.8p1-syntax-error.diff @@ -0,0 +1,13 @@ +Index: openssh-5.8p1/openbsd-compat/port-linux.c +=================================================================== +--- openssh-5.8p1.orig/openbsd-compat/port-linux.c ++++ openssh-5.8p1/openbsd-compat/port-linux.c +@@ -213,7 +213,7 @@ ssh_selinux_setfscreatecon(const char *p + + if (!ssh_selinux_enabled()) + return; +- if (path == NULL) ++ if (path == NULL) { + setfscreatecon(NULL); + return; + } diff --git a/openssh-5.7p1-xauth.diff b/openssh-5.8p1-xauth.diff similarity index 95% rename from openssh-5.7p1-xauth.diff rename to openssh-5.8p1-xauth.diff index fa26468..bb4c5c6 100644 --- a/openssh-5.7p1-xauth.diff +++ b/openssh-5.8p1-xauth.diff @@ -2,7 +2,7 @@ Index: session.c =================================================================== --- session.c.orig +++ session.c -@@ -2463,8 +2463,41 @@ void +@@ -2463,8 +2463,40 @@ void session_close(Session *s) { u_int i; @@ -23,7 +23,7 @@ Index: session.c + /* Remove authority data from .Xauthority if appropriate. */ + debug("Running %.500s remove %.100s\n", + options.xauth_location, s->auth_display); -+ ++ + snprintf(cmd, sizeof cmd, "unset XAUTHORITY && HOME=\"%.200s\" %s -q -", + s->pw->pw_dir, options.xauth_location); + f = popen(cmd, "w"); @@ -40,7 +40,6 @@ Index: session.c + } + } + -+ if (s->ttyfd != -1) session_pty_cleanup(s); if (s->term) diff --git a/openssh-5.7p1-xauthlocalhostname.diff b/openssh-5.8p1-xauthlocalhostname.diff similarity index 100% rename from openssh-5.7p1-xauthlocalhostname.diff rename to openssh-5.8p1-xauthlocalhostname.diff diff --git a/openssh-5.8p1.tar.bz2 b/openssh-5.8p1.tar.bz2 new file mode 100644 index 0000000..df68870 --- /dev/null +++ b/openssh-5.8p1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:41f2622b7c804dae31eda39c67d7ccedb1ec418b0811e626b85a6ec184b21108 +size 894842 diff --git a/openssh-askpass-gnome.changes b/openssh-askpass-gnome.changes index 55fec3e..1fe64e8 100644 --- a/openssh-askpass-gnome.changes +++ b/openssh-askpass-gnome.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Feb 4 11:19:14 UTC 2011 - lchiquitto@novell.com + +- Update to 5.8p1 + ------------------------------------------------------------------- Mon Jan 24 11:51:10 UTC 2011 - lchiquitto@novell.com diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index 48032cc..ffd3899 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -22,7 +22,7 @@ Name: openssh-askpass-gnome BuildRequires: gtk2-devel krb5-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files License: BSD3c(or similar) Group: Productivity/Networking/SSH -Version: 5.7p1 +Version: 5.8p1 Release: 1 Requires: openssh = %{version} openssh-askpass = %{version} AutoReqProv: on @@ -30,7 +30,7 @@ Summary: A GNOME-Based Passphrase Dialog for OpenSSH Url: http://www.openssh.com/ %define _name openssh Source: %{_name}-%{version}.tar.bz2 -Patch: %{_name}-%{version}.dif +Patch: %{_name}-%{version}-sshd_config.diff Patch1: %{_name}-%{version}-pam-fix2.diff Patch2: %{_name}-%{version}-saveargv-fix.diff Patch3: %{_name}-%{version}-pam-fix3.diff diff --git a/openssh.changes b/openssh.changes index dd14df7..81b03a8 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Fri Feb 4 11:19:25 UTC 2011 - lchiquitto@novell.com + +- Update to 5.8p1 + * Fix vulnerability in legacy certificate signing introduced in + OpenSSH-5.6 and found by Mateusz Kocielski. + * Fix compilation failure when enableing SELinux support. + * Do not attempt to call SELinux functions when SELinux is + disabled. +- Remove patch that is now upstream: + * openssh-5.7p1-selinux.diff + ------------------------------------------------------------------- Thu Feb 3 16:42:01 UTC 2011 - pcerny@novell.com diff --git a/openssh.spec b/openssh.spec index 2178e3d..e71c6bb 100644 --- a/openssh.spec +++ b/openssh.spec @@ -29,7 +29,7 @@ Requires: /bin/netstat PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils Conflicts: nonfreessh AutoReqProv: on -Version: 5.7p1 +Version: 5.8p1 Release: 2 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program) @@ -62,7 +62,7 @@ Patch16: %{name}-%{version}-pts.diff Patch17: %{name}-%{version}-homechroot.patch Patch18: %{name}-%{version}-sshconfig-knownhostschanges.diff Patch19: %{name}-%{version}-host_ident.diff -Patch21: %{name}-%{version}-selinux.diff +Patch20: %{name}-%{version}-syntax-error.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %package askpass @@ -107,7 +107,7 @@ Window System passphrase dialog for OpenSSH. %patch17 %patch18 %patch19 -p1 -%patch21 -p1 +%patch20 -p1 cp -v %{SOURCE4} . cp -v %{SOURCE6} . cd ../x11-ssh-askpass-%{xversion}