Accepting request 46105 from Base:System

Copy from Base:System/openssh based on submit request 46105 from user anicka

OBS-URL: https://build.opensuse.org/request/show/46105
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=48
This commit is contained in:
OBS User autobuild 2010-08-24 15:31:11 +00:00 committed by Git OBS Bridge
parent df40408f27
commit 90410f9370
27 changed files with 166 additions and 131 deletions

View File

@ -1,14 +0,0 @@
Index: channels.c
===================================================================
--- channels.c.orig
+++ channels.c
@@ -2625,6 +2625,9 @@ channel_setup_fwd_listener(int type, con
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
in_port_t *lport_p;
+ if (num_adm_permitted_opens >= SSH_MAX_FORWARDS_PER_DIRECTION)
+ fatal("channel_setup_fwd_listener: too many forwards");
+
host = (type == SSH_CHANNEL_RPORT_LISTENER) ?
listen_addr : host_to_connect;
is_client = (type == SSH_CHANNEL_PORT_LISTENER);

View File

@ -1,12 +0,0 @@
Index: openssh-5.4p1/sftp-client.c
===================================================================
--- openssh-5.4p1.orig/sftp-client.c
+++ openssh-5.4p1/sftp-client.c
@@ -713,6 +713,7 @@ do_realpath(struct sftp_conn *conn, char
u_int status = buffer_get_int(&msg);
error("Couldn't canonicalise: %s", fx2txt(status));
+ buffer_free(&msg);
return(NULL);
} else if (type != SSH2_FXP_NAME)
fatal("Expected SSH2_FXP_NAME(%u) packet, got %u",

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:125862cb2709afc830c90911c106d1ef24b5b657deceedb872982cb6544cc137
size 876219

View File

@ -1,9 +1,9 @@
# add support for Linux audit (FATE #120269) # add support for Linux audit (FATE #120269)
================================================================================ ================================================================================
Index: openssh-5.4p1/Makefile.in Index: openssh-5.6p1/Makefile.in
=================================================================== ===================================================================
--- openssh-5.4p1.orig/Makefile.in --- openssh-5.6p1.orig/Makefile.in
+++ openssh-5.4p1/Makefile.in +++ openssh-5.6p1/Makefile.in
@@ -46,6 +46,7 @@ LD=@LD@ @@ -46,6 +46,7 @@ LD=@LD@
CFLAGS=@CFLAGS@ CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
@ -21,10 +21,10 @@ Index: openssh-5.4p1/Makefile.in
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
Index: openssh-5.4p1/auth.c Index: openssh-5.6p1/auth.c
=================================================================== ===================================================================
--- openssh-5.4p1.orig/auth.c --- openssh-5.6p1.orig/auth.c
+++ openssh-5.4p1/auth.c +++ openssh-5.6p1/auth.c
@@ -293,6 +293,12 @@ auth_log(Authctxt *authctxt, int authent @@ -293,6 +293,12 @@ auth_log(Authctxt *authctxt, int authent
get_canonical_hostname(options.use_dns), "ssh", &loginmsg); get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
# endif # endif
@ -38,7 +38,7 @@ Index: openssh-5.4p1/auth.c
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
if (authenticated == 0 && !authctxt->postponed) if (authenticated == 0 && !authctxt->postponed)
audit_event(audit_classify_auth(method)); audit_event(audit_classify_auth(method));
@@ -564,6 +570,10 @@ getpwnamallow(const char *user) @@ -586,6 +592,10 @@ getpwnamallow(const char *user)
record_failed_login(user, record_failed_login(user,
get_canonical_hostname(options.use_dns), "ssh"); get_canonical_hostname(options.use_dns), "ssh");
#endif #endif
@ -49,11 +49,11 @@ Index: openssh-5.4p1/auth.c
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
audit_event(SSH_INVALID_USER); audit_event(SSH_INVALID_USER);
#endif /* SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */
Index: openssh-5.4p1/config.h.in Index: openssh-5.6p1/config.h.in
=================================================================== ===================================================================
--- openssh-5.4p1.orig/config.h.in --- openssh-5.6p1.orig/config.h.in
+++ openssh-5.4p1/config.h.in +++ openssh-5.6p1/config.h.in
@@ -1415,6 +1415,9 @@ @@ -1424,6 +1424,9 @@
/* Define if you want SELinux support. */ /* Define if you want SELinux support. */
#undef WITH_SELINUX #undef WITH_SELINUX
@ -63,11 +63,11 @@ Index: openssh-5.4p1/config.h.in
/* Define to 1 if your processor stores words with the most significant byte /* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */ first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN #undef WORDS_BIGENDIAN
Index: openssh-5.4p1/configure.ac Index: openssh-5.6p1/configure.ac
=================================================================== ===================================================================
--- openssh-5.4p1.orig/configure.ac --- openssh-5.6p1.orig/configure.ac
+++ openssh-5.4p1/configure.ac +++ openssh-5.6p1/configure.ac
@@ -3363,6 +3363,20 @@ AC_ARG_WITH(selinux, @@ -3393,6 +3393,20 @@ AC_ARG_WITH(selinux,
fi ] fi ]
) )
@ -88,7 +88,7 @@ Index: openssh-5.4p1/configure.ac
# Check whether user wants Kerberos 5 support # Check whether user wants Kerberos 5 support
KRB5_MSG="no" KRB5_MSG="no"
AC_ARG_WITH(kerberos5, AC_ARG_WITH(kerberos5,
@@ -4182,6 +4196,7 @@ echo " PAM support @@ -4185,6 +4199,7 @@ echo " PAM support
echo " OSF SIA support: $SIA_MSG" echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG" echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG" echo " SELinux support: $SELINUX_MSG"
@ -96,10 +96,10 @@ Index: openssh-5.4p1/configure.ac
echo " Smartcard support: $SCARD_MSG" echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG" echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG" echo " TCP Wrappers support: $TCPW_MSG"
Index: openssh-5.4p1/loginrec.c Index: openssh-5.6p1/loginrec.c
=================================================================== ===================================================================
--- openssh-5.4p1.orig/loginrec.c --- openssh-5.6p1.orig/loginrec.c
+++ openssh-5.4p1/loginrec.c +++ openssh-5.6p1/loginrec.c
@@ -176,6 +176,10 @@ @@ -176,6 +176,10 @@
#include "auth.h" #include "auth.h"
#include "buffer.h" #include "buffer.h"
@ -121,7 +121,7 @@ Index: openssh-5.4p1/loginrec.c
int lastlog_write_entry(struct logininfo *li); int lastlog_write_entry(struct logininfo *li);
int syslogin_write_entry(struct logininfo *li); int syslogin_write_entry(struct logininfo *li);
@@ -440,6 +447,10 @@ login_write(struct logininfo *li) @@ -441,6 +448,10 @@ login_write(struct logininfo *li)
/* set the timestamp */ /* set the timestamp */
login_set_current_time(li); login_set_current_time(li);
@ -132,7 +132,7 @@ Index: openssh-5.4p1/loginrec.c
#ifdef USE_LOGIN #ifdef USE_LOGIN
syslogin_write_entry(li); syslogin_write_entry(li);
#endif #endif
@@ -1394,6 +1405,87 @@ wtmpx_get_entry(struct logininfo *li) @@ -1399,6 +1410,87 @@ wtmpx_get_entry(struct logininfo *li)
} }
#endif /* USE_WTMPX */ #endif /* USE_WTMPX */
@ -220,10 +220,10 @@ Index: openssh-5.4p1/loginrec.c
/** /**
** Low-level libutil login() functions ** Low-level libutil login() functions
**/ **/
Index: openssh-5.4p1/loginrec.h Index: openssh-5.6p1/loginrec.h
=================================================================== ===================================================================
--- openssh-5.4p1.orig/loginrec.h --- openssh-5.6p1.orig/loginrec.h
+++ openssh-5.4p1/loginrec.h +++ openssh-5.6p1/loginrec.h
@@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch @@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch
char *line_abbrevname(char *dst, const char *src, int dstsize); char *line_abbrevname(char *dst, const char *src, int dstsize);

View File

@ -1,8 +1,8 @@
Index: openssh-5.4p1/sshd.8 Index: openssh-5.6p1/sshd.8
=================================================================== ===================================================================
--- openssh-5.4p1.orig/sshd.8 --- openssh-5.6p1.orig/sshd.8
+++ openssh-5.4p1/sshd.8 +++ openssh-5.6p1/sshd.8
@@ -840,7 +840,7 @@ Contains Diffie-Hellman groups used for @@ -850,7 +850,7 @@ Contains Diffie-Hellman groups used for
The file format is described in The file format is described in
.Xr moduli 5 . .Xr moduli 5 .
.Pp .Pp
@ -11,7 +11,7 @@ Index: openssh-5.4p1/sshd.8
See See
.Xr motd 5 . .Xr motd 5 .
.Pp .Pp
@@ -853,7 +853,7 @@ are displayed to anyone trying to log in @@ -863,7 +863,7 @@ are displayed to anyone trying to log in
refused. refused.
The file should be world-readable. The file should be world-readable.
.Pp .Pp
@ -20,7 +20,7 @@ Index: openssh-5.4p1/sshd.8
This file is used in exactly the same way as This file is used in exactly the same way as
.Pa hosts.equiv , .Pa hosts.equiv ,
but allows host-based authentication without permitting login with but allows host-based authentication without permitting login with
@@ -930,8 +930,7 @@ The content of this file is not sensitiv @@ -940,8 +940,7 @@ The content of this file is not sensitiv
.Xr ssh-keyscan 1 , .Xr ssh-keyscan 1 ,
.Xr chroot 2 , .Xr chroot 2 ,
.Xr hosts_access 5 , .Xr hosts_access 5 ,
@ -30,11 +30,11 @@ Index: openssh-5.4p1/sshd.8
.Xr sshd_config 5 , .Xr sshd_config 5 ,
.Xr inetd 8 , .Xr inetd 8 ,
.Xr sftp-server 8 .Xr sftp-server 8
Index: openssh-5.4p1/sshd_config.5 Index: openssh-5.6p1/sshd_config.5
=================================================================== ===================================================================
--- openssh-5.4p1.orig/sshd_config.5 --- openssh-5.6p1.orig/sshd_config.5
+++ openssh-5.4p1/sshd_config.5 +++ openssh-5.6p1/sshd_config.5
@@ -451,7 +451,7 @@ or @@ -496,7 +496,7 @@ or
.Pp .Pp
.Pa /etc/hosts.equiv .Pa /etc/hosts.equiv
and and

View File

@ -1,7 +1,7 @@
Index: openssh-5.4p1/ssh-add.c Index: openssh-5.6p1/ssh-add.c
=================================================================== ===================================================================
--- openssh-5.4p1.orig/ssh-add.c --- openssh-5.6p1.orig/ssh-add.c
+++ openssh-5.4p1/ssh-add.c +++ openssh-5.6p1/ssh-add.c
@@ -43,6 +43,7 @@ @@ -43,6 +43,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
@ -10,7 +10,7 @@ Index: openssh-5.4p1/ssh-add.c
#include <fcntl.h> #include <fcntl.h>
#include <pwd.h> #include <pwd.h>
@@ -366,6 +367,10 @@ main(int argc, char **argv) @@ -374,6 +375,10 @@ main(int argc, char **argv)
SSLeay_add_all_algorithms(); SSLeay_add_all_algorithms();
@ -21,10 +21,10 @@ Index: openssh-5.4p1/ssh-add.c
/* At first, get a connection to the authentication agent. */ /* At first, get a connection to the authentication agent. */
ac = ssh_get_authentication_connection(); ac = ssh_get_authentication_connection();
if (ac == NULL) { if (ac == NULL) {
Index: openssh-5.4p1/ssh-agent.c Index: openssh-5.6p1/ssh-agent.c
=================================================================== ===================================================================
--- openssh-5.4p1.orig/ssh-agent.c --- openssh-5.6p1.orig/ssh-agent.c
+++ openssh-5.4p1/ssh-agent.c +++ openssh-5.6p1/ssh-agent.c
@@ -52,6 +52,7 @@ @@ -52,6 +52,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/md5.h> #include <openssl/md5.h>
@ -33,7 +33,7 @@ Index: openssh-5.4p1/ssh-agent.c
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>
@@ -1091,6 +1092,10 @@ main(int ac, char **av) @@ -1094,6 +1095,10 @@ main(int ac, char **av)
SSLeay_add_all_algorithms(); SSLeay_add_all_algorithms();
@ -44,10 +44,10 @@ Index: openssh-5.4p1/ssh-agent.c
__progname = ssh_get_progname(av[0]); __progname = ssh_get_progname(av[0]);
init_rng(); init_rng();
seed_rng(); seed_rng();
Index: openssh-5.4p1/ssh-keygen.c Index: openssh-5.6p1/ssh-keygen.c
=================================================================== ===================================================================
--- openssh-5.4p1.orig/ssh-keygen.c --- openssh-5.6p1.orig/ssh-keygen.c
+++ openssh-5.4p1/ssh-keygen.c +++ openssh-5.6p1/ssh-keygen.c
@@ -22,6 +22,7 @@ @@ -22,6 +22,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/pem.h> #include <openssl/pem.h>
@ -56,7 +56,7 @@ Index: openssh-5.4p1/ssh-keygen.c
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>
@@ -1523,6 +1524,11 @@ main(int argc, char **argv) @@ -1782,6 +1783,11 @@ main(int argc, char **argv)
__progname = ssh_get_progname(argv[0]); __progname = ssh_get_progname(argv[0]);
SSLeay_add_all_algorithms(); SSLeay_add_all_algorithms();
@ -68,10 +68,10 @@ Index: openssh-5.4p1/ssh-keygen.c
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
init_rng(); init_rng();
Index: openssh-5.4p1/ssh-keysign.c Index: openssh-5.6p1/ssh-keysign.c
=================================================================== ===================================================================
--- openssh-5.4p1.orig/ssh-keysign.c --- openssh-5.6p1.orig/ssh-keysign.c
+++ openssh-5.4p1/ssh-keysign.c +++ openssh-5.6p1/ssh-keysign.c
@@ -38,6 +38,7 @@ @@ -38,6 +38,7 @@
#include <openssl/evp.h> #include <openssl/evp.h>
#include <openssl/rand.h> #include <openssl/rand.h>
@ -92,10 +92,10 @@ Index: openssh-5.4p1/ssh-keysign.c
for (i = 0; i < 256; i++) for (i = 0; i < 256; i++)
rnd[i] = arc4random(); rnd[i] = arc4random();
RAND_seed(rnd, sizeof(rnd)); RAND_seed(rnd, sizeof(rnd));
Index: openssh-5.4p1/ssh.c Index: openssh-5.6p1/ssh.c
=================================================================== ===================================================================
--- openssh-5.4p1.orig/ssh.c --- openssh-5.6p1.orig/ssh.c
+++ openssh-5.4p1/ssh.c +++ openssh-5.6p1/ssh.c
@@ -74,6 +74,7 @@ @@ -74,6 +74,7 @@
#include <openssl/err.h> #include <openssl/err.h>
#include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/openssl-compat.h"
@ -104,7 +104,7 @@ Index: openssh-5.4p1/ssh.c
#include "xmalloc.h" #include "xmalloc.h"
#include "ssh.h" #include "ssh.h"
@@ -584,6 +585,10 @@ main(int ac, char **av) @@ -602,6 +603,10 @@ main(int ac, char **av)
SSLeay_add_all_algorithms(); SSLeay_add_all_algorithms();
ERR_load_crypto_strings(); ERR_load_crypto_strings();
@ -115,10 +115,10 @@ Index: openssh-5.4p1/ssh.c
/* Initialize the command to execute on remote host. */ /* Initialize the command to execute on remote host. */
buffer_init(&command); buffer_init(&command);
Index: openssh-5.4p1/sshd.c Index: openssh-5.6p1/sshd.c
=================================================================== ===================================================================
--- openssh-5.4p1.orig/sshd.c --- openssh-5.6p1.orig/sshd.c
+++ openssh-5.4p1/sshd.c +++ openssh-5.6p1/sshd.c
@@ -77,6 +77,7 @@ @@ -77,6 +77,7 @@
#include <openssl/md5.h> #include <openssl/md5.h>
#include <openssl/rand.h> #include <openssl/rand.h>
@ -127,7 +127,7 @@ Index: openssh-5.4p1/sshd.c
#ifdef HAVE_SECUREWARE #ifdef HAVE_SECUREWARE
#include <sys/security.h> #include <sys/security.h>
@@ -1462,6 +1463,10 @@ main(int ac, char **av) @@ -1471,6 +1472,10 @@ main(int ac, char **av)
SSLeay_add_all_algorithms(); SSLeay_add_all_algorithms();

View File

@ -75,9 +75,9 @@ Index: readconf.c
- oAddressFamily, oGssAuthentication, oGssDelegateCreds, - oAddressFamily, oGssAuthentication, oGssDelegateCreds,
+ oAddressFamily, oGssAuthentication, oGssDelegateCreds, oGssEnableMITM, + oAddressFamily, oGssAuthentication, oGssDelegateCreds, oGssEnableMITM,
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oSendEnv, oControlPath, oControlMaster, oControlPersist,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, oHashKnownHosts,
@@ -165,9 +165,11 @@ static struct { @@ -167,9 +167,11 @@ static struct {
#if defined(GSSAPI) #if defined(GSSAPI)
{ "gssapiauthentication", oGssAuthentication }, { "gssapiauthentication", oGssAuthentication },
{ "gssapidelegatecredentials", oGssDelegateCreds }, { "gssapidelegatecredentials", oGssDelegateCreds },
@ -89,7 +89,7 @@ Index: readconf.c
#endif #endif
{ "fallbacktorsh", oDeprecated }, { "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated }, { "usersh", oDeprecated },
@@ -459,6 +461,10 @@ parse_flag: @@ -477,6 +479,10 @@ parse_flag:
case oGssDelegateCreds: case oGssDelegateCreds:
intptr = &options->gss_deleg_creds; intptr = &options->gss_deleg_creds;
goto parse_flag; goto parse_flag;
@ -100,7 +100,7 @@ Index: readconf.c
case oBatchMode: case oBatchMode:
intptr = &options->batch_mode; intptr = &options->batch_mode;
@@ -1016,6 +1022,7 @@ initialize_options(Options * options) @@ -1059,6 +1065,7 @@ initialize_options(Options * options)
options->challenge_response_authentication = -1; options->challenge_response_authentication = -1;
options->gss_authentication = -1; options->gss_authentication = -1;
options->gss_deleg_creds = -1; options->gss_deleg_creds = -1;
@ -108,7 +108,7 @@ Index: readconf.c
options->password_authentication = -1; options->password_authentication = -1;
options->kbd_interactive_authentication = -1; options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL; options->kbd_interactive_devices = NULL;
@@ -1109,6 +1116,8 @@ fill_default_options(Options * options) @@ -1158,6 +1165,8 @@ fill_default_options(Options * options)
options->gss_authentication = 0; options->gss_authentication = 0;
if (options->gss_deleg_creds == -1) if (options->gss_deleg_creds == -1)
options->gss_deleg_creds = 0; options->gss_deleg_creds = 0;
@ -121,7 +121,7 @@ Index: readconf.h
=================================================================== ===================================================================
--- readconf.h.orig --- readconf.h.orig
+++ readconf.h +++ readconf.h
@@ -45,6 +45,7 @@ typedef struct { @@ -47,6 +47,7 @@ typedef struct {
/* Try S/Key or TIS, authentication. */ /* Try S/Key or TIS, authentication. */
int gss_authentication; /* Try GSS authentication */ int gss_authentication; /* Try GSS authentication */
int gss_deleg_creds; /* Delegate GSS credentials */ int gss_deleg_creds; /* Delegate GSS credentials */
@ -141,7 +141,7 @@ Index: servconf.c
options->password_authentication = -1; options->password_authentication = -1;
options->kbd_interactive_authentication = -1; options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1; options->challenge_response_authentication = -1;
@@ -216,6 +217,8 @@ fill_default_server_options(ServerOption @@ -217,6 +218,8 @@ fill_default_server_options(ServerOption
options->gss_authentication = 0; options->gss_authentication = 0;
if (options->gss_cleanup_creds == -1) if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1; options->gss_cleanup_creds = 1;
@ -150,7 +150,7 @@ Index: servconf.c
if (options->password_authentication == -1) if (options->password_authentication == -1)
options->password_authentication = 1; options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1) if (options->kbd_interactive_authentication == -1)
@@ -306,7 +309,7 @@ typedef enum { @@ -307,7 +310,7 @@ typedef enum {
sBanner, sUseDNS, sHostbasedAuthentication, sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
@ -159,7 +159,7 @@ Index: servconf.c
sMatch, sPermitOpen, sForceCommand, sChrootDirectory, sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding, sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication, sHostCertificate, sZeroKnowledgePasswordAuthentication, sHostCertificate,
@@ -369,9 +372,11 @@ static struct { @@ -370,9 +373,11 @@ static struct {
#ifdef GSSAPI #ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@ -171,7 +171,7 @@ Index: servconf.c
#endif #endif
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
@@ -928,6 +933,10 @@ process_server_config_line(ServerOptions @@ -929,6 +934,10 @@ process_server_config_line(ServerOptions
case sGssCleanupCreds: case sGssCleanupCreds:
intptr = &options->gss_cleanup_creds; intptr = &options->gss_cleanup_creds;
goto parse_flag; goto parse_flag;

View File

@ -39,7 +39,7 @@ Index: session.c
=================================================================== ===================================================================
--- session.c.orig --- session.c.orig
+++ session.c +++ session.c
@@ -119,6 +119,8 @@ void do_child(Session *, const char *); @@ -120,6 +120,8 @@ void do_child(Session *, const char *);
void do_motd(void); void do_motd(void);
int check_quietlogin(Session *, const char *); int check_quietlogin(Session *, const char *);
@ -48,7 +48,7 @@ Index: session.c
static void do_authenticated1(Authctxt *); static void do_authenticated1(Authctxt *);
static void do_authenticated2(Authctxt *); static void do_authenticated2(Authctxt *);
@@ -805,6 +807,11 @@ do_exec(Session *s, const char *command) @@ -806,6 +808,11 @@ do_exec(Session *s, const char *command)
debug("Forced command (key option) '%.900s'", command); debug("Forced command (key option) '%.900s'", command);
} }
@ -60,7 +60,7 @@ Index: session.c
#ifdef SSH_AUDIT_EVENTS #ifdef SSH_AUDIT_EVENTS
if (command != NULL) if (command != NULL)
PRIVSEP(audit_run_command(command)); PRIVSEP(audit_run_command(command));
@@ -1418,6 +1425,63 @@ do_nologin(struct passwd *pw) @@ -1419,6 +1426,63 @@ do_nologin(struct passwd *pw)
} }
/* /*
@ -124,7 +124,7 @@ Index: session.c
* Chroot into a directory after checking it for safety: all path components * Chroot into a directory after checking it for safety: all path components
* must be root-owned directories with strict permissions. * must be root-owned directories with strict permissions.
*/ */
@@ -1427,6 +1491,7 @@ safely_chroot(const char *path, uid_t ui @@ -1428,6 +1492,7 @@ safely_chroot(const char *path, uid_t ui
const char *cp; const char *cp;
char component[MAXPATHLEN]; char component[MAXPATHLEN];
struct stat st; struct stat st;
@ -132,7 +132,7 @@ Index: session.c
if (*path != '/') if (*path != '/')
fatal("chroot path does not begin at root"); fatal("chroot path does not begin at root");
@@ -1438,7 +1503,7 @@ safely_chroot(const char *path, uid_t ui @@ -1439,7 +1504,7 @@ safely_chroot(const char *path, uid_t ui
* root-owned directory with strict permissions. * root-owned directory with strict permissions.
*/ */
for (cp = path; cp != NULL;) { for (cp = path; cp != NULL;) {
@ -141,7 +141,7 @@ Index: session.c
strlcpy(component, path, sizeof(component)); strlcpy(component, path, sizeof(component));
else { else {
cp++; cp++;
@@ -1451,14 +1516,20 @@ safely_chroot(const char *path, uid_t ui @@ -1452,14 +1517,20 @@ safely_chroot(const char *path, uid_t ui
if (stat(component, &st) != 0) if (stat(component, &st) != 0)
fatal("%s: stat(\"%s\"): %s", __func__, fatal("%s: stat(\"%s\"): %s", __func__,
component, strerror(errno)); component, strerror(errno));
@ -163,7 +163,7 @@ Index: session.c
} }
if (chdir(path) == -1) if (chdir(path) == -1)
@@ -1469,6 +1540,10 @@ safely_chroot(const char *path, uid_t ui @@ -1470,6 +1541,10 @@ safely_chroot(const char *path, uid_t ui
if (chdir("/") == -1) if (chdir("/") == -1)
fatal("%s: chdir(/) after chroot: %s", fatal("%s: chdir(/) after chroot: %s",
__func__, strerror(errno)); __func__, strerror(errno));
@ -238,9 +238,9 @@ Index: sshd_config.0
=================================================================== ===================================================================
--- sshd_config.0.orig --- sshd_config.0.orig
+++ sshd_config.0 +++ sshd_config.0
@@ -115,6 +115,14 @@ DESCRIPTION @@ -143,6 +143,14 @@ DESCRIPTION
which use logging do require /dev/log inside the chroot directory though sessions which use logging do require /dev/log inside the
(see sftp-server(8) for details). chroot directory (see sftp-server(8) for details).
+ In the special case when only sftp is used, not ssh nor scp, it + In the special case when only sftp is used, not ssh nor scp, it
+ is possible to use ChrootDirectory %h or ChrootDirectory + is possible to use ChrootDirectory %h or ChrootDirectory
@ -257,7 +257,7 @@ Index: sshd_config.5
=================================================================== ===================================================================
--- sshd_config.5.orig --- sshd_config.5.orig
+++ sshd_config.5 +++ sshd_config.5
@@ -224,6 +224,17 @@ inside the chroot directory (see @@ -269,6 +269,17 @@ inside the chroot directory (see
.Xr sftp-server 8 .Xr sftp-server 8
for details). for details).
.Pp .Pp

View File

@ -0,0 +1,16 @@
Index: openssh-5.5p1/sshconnect.c
===================================================================
--- openssh-5.5p1.orig/sshconnect.c
+++ openssh-5.5p1/sshconnect.c
@@ -916,6 +916,11 @@ check_host_key(char *hostname, struct so
error("Add correct host key in %.100s to get rid of this message.",
user_hostfile);
error("Offending key in %s:%d", host_file, host_line);
+ error("You can use following command to remove all keys for this IP:");
+ if (ip_file)
+ error("ssh-keygen -R %s -f %s", hostname, ip_file);
+ else
+ error("ssh-keygen -R %s", hostname);
/*
* If strict host key checking is in use, the user will have

View File

@ -1,6 +1,8 @@
--- loginrec.c Index: loginrec.c
===================================================================
--- loginrec.c.orig
+++ loginrec.c +++ loginrec.c
@@ -549,7 +549,7 @@ @@ -554,7 +554,7 @@ getlast_entry(struct logininfo *li)
* 1. The full filename (including '/dev') * 1. The full filename (including '/dev')
* 2. The stripped name (excluding '/dev') * 2. The stripped name (excluding '/dev')
* 3. The abbreviated name (e.g. /dev/ttyp00 -> yp00 * 3. The abbreviated name (e.g. /dev/ttyp00 -> yp00
@ -9,7 +11,7 @@
* *
* Form 3 is used on some systems to identify a .tmp.? entry when * Form 3 is used on some systems to identify a .tmp.? entry when
* attempting to remove it. Typically both addition and removal is * attempting to remove it. Typically both addition and removal is
@@ -610,6 +610,10 @@ @@ -615,6 +615,10 @@ line_abbrevname(char *dst, const char *s
if (strncmp(src, "tty", 3) == 0) if (strncmp(src, "tty", 3) == 0)
src += 3; src += 3;
#endif #endif

View File

@ -10,7 +10,7 @@ Index: sshd.c
logit("Received SIGHUP; restarting."); logit("Received SIGHUP; restarting.");
close_listen_socks(); close_listen_socks();
close_startup_pipes(); close_startup_pipes();
@@ -1307,7 +1308,11 @@ main(int ac, char **av) @@ -1316,7 +1317,11 @@ main(int ac, char **av)
#ifndef HAVE_SETPROCTITLE #ifndef HAVE_SETPROCTITLE
/* Prepare for later setproctitle emulation */ /* Prepare for later setproctitle emulation */
compat_init_setproctitle(ac, av); compat_init_setproctitle(ac, av);

View File

@ -2,7 +2,7 @@ Index: ssh-agent.c
=================================================================== ===================================================================
--- ssh-agent.c.orig --- ssh-agent.c.orig
+++ ssh-agent.c +++ ssh-agent.c
@@ -1174,8 +1174,18 @@ main(int ac, char **av) @@ -1177,8 +1177,18 @@ main(int ac, char **av)
parent_pid = getpid(); parent_pid = getpid();
if (agentsocket == NULL) { if (agentsocket == NULL) {

View File

@ -2,7 +2,7 @@ Index: session.c
=================================================================== ===================================================================
--- session.c.orig --- session.c.orig
+++ session.c +++ session.c
@@ -2521,8 +2521,41 @@ void @@ -2525,8 +2525,41 @@ void
session_close(Session *s) session_close(Session *s)
{ {
u_int i; u_int i;

View File

@ -2,7 +2,7 @@ Index: session.c
=================================================================== ===================================================================
--- session.c.orig --- session.c.orig
+++ session.c +++ session.c
@@ -1113,7 +1113,7 @@ copy_environment(char **source, char *** @@ -1114,7 +1114,7 @@ copy_environment(char **source, char ***
} }
static char ** static char **
@ -11,7 +11,7 @@ Index: session.c
{ {
char buf[256]; char buf[256];
u_int i, envsize; u_int i, envsize;
@@ -1300,6 +1300,8 @@ do_setup_env(Session *s, const char *she @@ -1301,6 +1301,8 @@ do_setup_env(Session *s, const char *she
for (i = 0; env[i]; i++) for (i = 0; env[i]; i++)
fprintf(stderr, " %.200s\n", env[i]); fprintf(stderr, " %.200s\n", env[i]);
} }
@ -20,7 +20,7 @@ Index: session.c
return env; return env;
} }
@@ -1308,7 +1310,7 @@ do_setup_env(Session *s, const char *she @@ -1309,7 +1311,7 @@ do_setup_env(Session *s, const char *she
* first in this order). * first in this order).
*/ */
static void static void
@ -29,7 +29,7 @@ Index: session.c
{ {
FILE *f = NULL; FILE *f = NULL;
char cmd[1024]; char cmd[1024];
@@ -1362,12 +1364,20 @@ do_rc_files(Session *s, const char *shel @@ -1363,12 +1365,20 @@ do_rc_files(Session *s, const char *shel
options.xauth_location); options.xauth_location);
f = popen(cmd, "w"); f = popen(cmd, "w");
if (f) { if (f) {
@ -50,7 +50,7 @@ Index: session.c
} else { } else {
fprintf(stderr, "Could not run %s\n", fprintf(stderr, "Could not run %s\n",
cmd); cmd);
@@ -1669,6 +1679,7 @@ do_child(Session *s, const char *command @@ -1670,6 +1680,7 @@ do_child(Session *s, const char *command
{ {
extern char **environ; extern char **environ;
char **env; char **env;
@ -58,7 +58,7 @@ Index: session.c
char *argv[ARGV_MAX]; char *argv[ARGV_MAX];
const char *shell, *shell0, *hostname = NULL; const char *shell, *shell0, *hostname = NULL;
struct passwd *pw = s->pw; struct passwd *pw = s->pw;
@@ -1735,7 +1746,7 @@ do_child(Session *s, const char *command @@ -1736,7 +1747,7 @@ do_child(Session *s, const char *command
* Make sure $SHELL points to the shell from the password file, * Make sure $SHELL points to the shell from the password file,
* even if shell is overridden from login.conf * even if shell is overridden from login.conf
*/ */
@ -67,7 +67,7 @@ Index: session.c
#ifdef HAVE_LOGIN_CAP #ifdef HAVE_LOGIN_CAP
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
@@ -1803,7 +1814,7 @@ do_child(Session *s, const char *command @@ -1805,7 +1816,7 @@ do_child(Session *s, const char *command
closefrom(STDERR_FILENO + 1); closefrom(STDERR_FILENO + 1);
if (!options.use_login) if (!options.use_login)

3
openssh-5.6p1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7ee242e0236597108ed3156420e6a7d517fffe21d89755c37f09cceb5d796e4c
size 896204

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Tue Aug 24 15:50:17 CEST 2010 - anicka@suse.cz
- update to 5.6p1
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Mar 26 11:04:59 CET 2010 - anicka@suse.cz Fri Mar 26 11:04:59 CET 2010 - anicka@suse.cz

View File

@ -1,5 +1,5 @@
# #
# spec file for package openssh-askpass-gnome (Version 5.5p1) # spec file for package openssh-askpass-gnome (Version 5.6p1)
# #
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
@ -22,7 +22,7 @@ Name: openssh-askpass-gnome
BuildRequires: gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files BuildRequires: gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
License: BSD3c(or similar) License: BSD3c(or similar)
Group: Productivity/Networking/SSH Group: Productivity/Networking/SSH
Version: 5.5p1 Version: 5.6p1
Release: 1 Release: 1
Requires: openssh = %{version} openssh-askpass = %{version} Requires: openssh = %{version} openssh-askpass = %{version}
AutoReqProv: on AutoReqProv: on

View File

@ -1,3 +1,43 @@
-------------------------------------------------------------------
Tue Aug 24 15:43:08 CEST 2010 - anicka@suse.cz
- update to 5.6p1
* Added a ControlPersist option to ssh_config(5) that automatically
starts a background ssh(1) multiplex master when connecting.
* Hostbased authentication may now use certificate host keys.
* ssh-keygen(1) now supports signing certificate using a CA key that
has been stored in a PKCS#11 token.
* ssh(1) will now log the hostname and address that we connected to at
LogLevel=verbose after authentication is successful to mitigate
"phishing" attacks by servers with trusted keys that accept
authentication silently and automatically before presenting fake
password/passphrase prompts.
* Expand %h to the hostname in ssh_config Hostname options.
* Allow ssh-keygen(1) to import (-i) and export (-e) of PEM and PKCS#8
keys in addition to RFC4716 (SSH.COM) encodings via a new -m option
* sshd(8) will now queue debug messages for bad ownership or
permissions on the user's keyfiles encountered during authentication
and will send them after authentication has successfully completed.
* ssh(1) connection multiplexing now supports remote forwarding with
dynamic port allocation and can report the allocated port back to
the user
* sshd(8) now supports indirection in matching of principal names
listed in certificates.
* sshd(8) now has a new AuthorizedPrincipalsFile option to specify a
file containing a list of names that may be accepted in place of the
username when authorizing a certificate trusted via the
sshd_config(5) TrustedCAKeys option.
* Additional sshd_config(5) options are now valid inside Match blocks
* Revised the format of certificate keys.
* bugfixes
- removed -forward patch (SSH_MAX_FORWARDS_PER_DIRECTION not hard-coded
any more), removed memory leak fix (fixed in upstream)
-------------------------------------------------------------------
Fri Aug 20 13:00:43 CEST 2010 - anicka@suse.cz
- hint user how to remove offending keys (bnc#625552)
------------------------------------------------------------------- -------------------------------------------------------------------
Thu Jul 22 17:58:09 CEST 2010 - anicka@suse.cz Thu Jul 22 17:58:09 CEST 2010 - anicka@suse.cz

View File

@ -1,5 +1,5 @@
# #
# spec file for package openssh (Version 5.5p1) # spec file for package openssh (Version 5.6p1)
# #
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
# #
@ -35,7 +35,7 @@ Requires: /bin/netstat
PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils permissions PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils permissions
Conflicts: nonfreessh Conflicts: nonfreessh
AutoReqProv: on AutoReqProv: on
Version: 5.5p1 Version: 5.6p1
Release: 1 Release: 1
%define xversion 1.2.4.1 %define xversion 1.2.4.1
Summary: Secure Shell Client and Server (Remote Login Program) Summary: Secure Shell Client and Server (Remote Login Program)
@ -66,10 +66,9 @@ Patch12: %{name}-%{version}-xauth.diff
Patch14: %{name}-%{version}-default-protocol.diff Patch14: %{name}-%{version}-default-protocol.diff
Patch15: %{name}-%{version}-audit.patch Patch15: %{name}-%{version}-audit.patch
Patch16: %{name}-%{version}-pts.diff Patch16: %{name}-%{version}-pts.diff
Patch17: %{name}-%{version}-forwards.diff Patch17: %{name}-%{version}-homechroot.patch
Patch18: %{name}-%{version}-homechroot.patch Patch18: %{name}-%{version}-sshconfig-knownhostschanges.diff
Patch19: %{name}-%{version}-sshconfig-knownhostschanges.diff Patch19: %{name}-%{version}-host_ident.diff
Patch20: %{name}-%{version}-sftp-leak.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRoot: %{_tmppath}/%{name}-%{version}-build
%package askpass %package askpass
@ -114,8 +113,7 @@ Window System passphrase dialog for OpenSSH.
%patch16 %patch16
%patch17 %patch17
%patch18 %patch18
%patch19 %patch19 -p1
%patch20 -p1
cp -v %{SOURCE4} . cp -v %{SOURCE4} .
cp -v %{SOURCE6} . cp -v %{SOURCE6} .
cd ../x11-ssh-askpass-%{xversion} cd ../x11-ssh-askpass-%{xversion}