Accepting request 866401 from network
OBS-URL: https://build.opensuse.org/request/show/866401 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=148
This commit is contained in:
commit
c0e6bf589a
30
openssh-fix-ssh-copy-id.patch
Normal file
30
openssh-fix-ssh-copy-id.patch
Normal file
@ -0,0 +1,30 @@
|
||||
From 66f16e5425eb881570e82bfef7baeac2e7accc0a Mon Sep 17 00:00:00 2001
|
||||
From: Oleg <Fallmay@users.noreply.github.com>
|
||||
Date: Thu, 1 Oct 2020 12:09:08 +0300
|
||||
Subject: [PATCH] Fix `EOF: command not found` error in ssh-copy-id
|
||||
|
||||
---
|
||||
contrib/ssh-copy-id | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
|
||||
index 392f64f94..a76907717 100644
|
||||
--- a/contrib/ssh-copy-id
|
||||
+++ b/contrib/ssh-copy-id
|
||||
@@ -247,7 +247,7 @@ installkeys_sh() {
|
||||
# the -z `tail ...` checks for a trailing newline. The echo adds one if was missing
|
||||
# the cat adds the keys we're getting via STDIN
|
||||
# and if available restorecon is used to restore the SELinux context
|
||||
- INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF)
|
||||
+ INSTALLKEYS_SH=$(tr '\t\n' ' ' <<-EOF
|
||||
cd;
|
||||
umask 077;
|
||||
mkdir -p $(dirname "${AUTH_KEY_FILE}") &&
|
||||
@@ -258,6 +258,7 @@ installkeys_sh() {
|
||||
restorecon -F .ssh ${AUTH_KEY_FILE};
|
||||
fi
|
||||
EOF
|
||||
+ )
|
||||
|
||||
# to defend against quirky remote shells: use 'exec sh -c' to get POSIX;
|
||||
printf "exec sh -c '%s'" "${INSTALLKEYS_SH}"
|
41
openssh-reenable-dh-group14-sha1-default.patch
Normal file
41
openssh-reenable-dh-group14-sha1-default.patch
Normal file
@ -0,0 +1,41 @@
|
||||
diff --git a/myproposal.h b/myproposal.h
|
||||
index 5312e60..83fd62d 100644
|
||||
--- a/myproposal.h
|
||||
+++ b/myproposal.h
|
||||
@@ -33,7 +33,8 @@
|
||||
"diffie-hellman-group-exchange-sha256," \
|
||||
"diffie-hellman-group16-sha512," \
|
||||
"diffie-hellman-group18-sha512," \
|
||||
- "diffie-hellman-group14-sha256"
|
||||
+ "diffie-hellman-group14-sha256," \
|
||||
+ "diffie-hellman-group14-sha1"
|
||||
|
||||
#define KEX_CLIENT_KEX KEX_SERVER_KEX
|
||||
|
||||
diff --git a/ssh_config.5 b/ssh_config.5
|
||||
index d5888f2..100563e 100644
|
||||
--- a/ssh_config.5
|
||||
+++ b/ssh_config.5
|
||||
@@ -1170,7 +1170,8 @@ ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
|
||||
diffie-hellman-group-exchange-sha256,
|
||||
diffie-hellman-group16-sha512,
|
||||
diffie-hellman-group18-sha512,
|
||||
-diffie-hellman-group14-sha256
|
||||
+diffie-hellman-group14-sha256,
|
||||
+diffie-hellman-group14-sha1
|
||||
.Ed
|
||||
.Pp
|
||||
The list of available key exchange algorithms may also be obtained using
|
||||
diff --git a/sshd_config.5 b/sshd_config.5
|
||||
index 0f5fe53..97364f5 100644
|
||||
--- a/sshd_config.5
|
||||
+++ b/sshd_config.5
|
||||
@@ -986,7 +986,7 @@ curve25519-sha256,curve25519-sha256@libssh.org,
|
||||
ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521,
|
||||
diffie-hellman-group-exchange-sha256,
|
||||
diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,
|
||||
-diffie-hellman-group14-sha256
|
||||
+diffie-hellman-group14-sha256,diffie-hellman-group14-sha1
|
||||
.Ed
|
||||
.Pp
|
||||
The list of available key exchange algorithms may also be obtained using
|
@ -1,3 +1,35 @@
|
||||
-------------------------------------------------------------------
|
||||
Sat Jan 23 18:28:19 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
|
||||
|
||||
- Add openssh-fix-ssh-copy-id.patch, which fixes breakage
|
||||
introduced in 8.4p1 (bsc#1181311).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 22 21:06:42 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
|
||||
|
||||
- Improve robustness of sshd init detection when upgrading from
|
||||
a pre-systemd distribution.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 22 03:30:59 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
|
||||
|
||||
- Add openssh-reenable-dh-group14-sha1-default.patch, which adds
|
||||
diffie-hellman-group14-sha1 key exchange back to the default
|
||||
list (bsc#1180958). This is needed for backwards compatibility
|
||||
with older platforms.
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Jan 22 02:54:02 UTC 2021 - Hans Petter Jansson <hpj@suse.com>
|
||||
|
||||
- Make sure sshd is enabled correctly when upgrading from a
|
||||
pre-systemd distribution (bsc#1180083).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 18 11:04:41 UTC 2021 - Thorsten Kukuk <kukuk@suse.com>
|
||||
|
||||
- sysusers-sshd.conf: use sysusers.d configuration file to create
|
||||
sshd user (avoid hard dependency on shadow).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jan 18 00:30:37 UTC 2021 - Dirk Müller <dmueller@suse.com>
|
||||
|
||||
|
34
openssh.spec
34
openssh.spec
@ -58,6 +58,7 @@ Source10: sshd.service
|
||||
Source11: README.FIPS
|
||||
Source12: cavs_driver-ssh.pl
|
||||
Source13: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/RELEASE_KEY.asc#/openssh.keyring
|
||||
Source14: sysusers-sshd.conf
|
||||
Patch0: openssh-7.7p1-allow_root_password_login.patch
|
||||
Patch1: openssh-7.7p1-X11_trusted_forwarding.patch
|
||||
Patch3: openssh-7.7p1-enable_PAM_by_default.patch
|
||||
@ -107,6 +108,8 @@ Patch39: openssh-8.1p1-use-openssl-kdf.patch
|
||||
Patch40: openssh-8.1p1-ed25519-use-openssl-rng.patch
|
||||
Patch41: openssh-fips-ensure-approved-moduli.patch
|
||||
Patch42: openssh-link-with-sk.patch
|
||||
Patch43: openssh-reenable-dh-group14-sha1-default.patch
|
||||
Patch44: openssh-fix-ssh-copy-id.patch
|
||||
BuildRequires: audit-devel
|
||||
BuildRequires: automake
|
||||
BuildRequires: groff
|
||||
@ -119,6 +122,8 @@ BuildRequires: pkgconfig
|
||||
BuildRequires: zlib-devel
|
||||
BuildRequires: pkgconfig(libfido2)
|
||||
BuildRequires: pkgconfig(libsystemd)
|
||||
BuildRequires: sysuser-shadow
|
||||
BuildRequires: sysuser-tools
|
||||
Requires: %{name}-clients = %{version}-%{release}
|
||||
Requires: %{name}-server = %{version}-%{release}
|
||||
%if %{with tirpc}
|
||||
@ -129,6 +134,8 @@ BuildRequires: pkgconfig(krb5)
|
||||
%else
|
||||
BuildRequires: krb5-mini-devel
|
||||
%endif
|
||||
Requires(pre): findutils
|
||||
Requires(pre): grep
|
||||
|
||||
%description
|
||||
SSH (Secure Shell) is a program for logging into and executing commands
|
||||
@ -166,10 +173,12 @@ Summary: SSH (Secure Shell) server
|
||||
Group: Productivity/Networking/SSH
|
||||
Requires: %{name}-common = %{version}-%{release}
|
||||
Recommends: audit
|
||||
Requires(pre): shadow
|
||||
Requires(pre): findutils
|
||||
Requires(pre): grep
|
||||
Requires(post): %fillup_prereq
|
||||
Requires(post): permissions
|
||||
Provides: openssh:%{_sbindir}/sshd
|
||||
%sysusers_requires
|
||||
|
||||
%description server
|
||||
SSH (Secure Shell) is a program for logging into and executing commands
|
||||
@ -287,6 +296,7 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS
|
||||
--target=%{_target_cpu}-suse-linux
|
||||
|
||||
%make_build
|
||||
%sysusers_generate_pre %{SOURCE14} sshd
|
||||
|
||||
%install
|
||||
%make_install
|
||||
@ -322,6 +332,10 @@ rm -f %{buildroot}%{_datadir}/Ssh.bin
|
||||
# sshd keys generator wrapper
|
||||
install -D -m 0755 %{SOURCE9} %{buildroot}%{_sbindir}/sshd-gen-keys-start
|
||||
|
||||
# Install sysusers.d config for sshd user
|
||||
mkdir -p %{buildroot}%{_sysusersdir}
|
||||
install -m 644 %{SOURCE14} %{buildroot}%{_sysusersdir}/sshd.conf
|
||||
|
||||
# the hmac hashes - taken from openssl
|
||||
#
|
||||
# re-define the __os_install_post macro: the macro strips
|
||||
@ -346,24 +360,29 @@ done
|
||||
# %%service_add_post scriptlet (in %%post server) will see it as a new service
|
||||
# and apply the preset, disabling it. We need to reenable it afterwards if
|
||||
# necessary.
|
||||
mkdir -p %{_tmpenableddir} || :
|
||||
if [ -x %{_bindir}/systemctl ]; then
|
||||
mkdir -p %{_tmpenableddir} || :
|
||||
%{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
|
||||
else
|
||||
if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \
|
||||
-exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1
|
||||
then echo "enabled" > %{_tmpenabledfile} || :; fi
|
||||
fi
|
||||
|
||||
%pre server
|
||||
getent group sshd >/dev/null || %{_sbindir}/groupadd -r sshd
|
||||
getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d %{_localstatedir}/lib/sshd -s /bin/false -c "SSH daemon" sshd
|
||||
%pre server -f sshd.pre
|
||||
%if %{defined _distconfdir}
|
||||
# move outdated pam.d/*.rpmsave file away
|
||||
test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd.rpmsave.old ||:
|
||||
%endif
|
||||
|
||||
|
||||
# See %%pre.
|
||||
mkdir -p %{_tmpenableddir} || :
|
||||
if [ -x %{_bindir}/systemctl ]; then
|
||||
mkdir -p %{_tmpenableddir} || :
|
||||
%{_bindir}/systemctl is-enabled sshd > %{_tmpenabledfile} || :
|
||||
else
|
||||
if find %{_sysconfdir}/init.d/rc[35].d -type l -regex '.*/S[0-9]+sshd' \
|
||||
-exec readlink -f {} \; | grep '/etc/init.d/sshd$' >/dev/null 2>&1
|
||||
then echo "enabled" > %{_tmpenabledfile} || :; fi
|
||||
fi
|
||||
|
||||
%service_add_pre sshd.service
|
||||
@ -434,6 +453,7 @@ test -f /etc/pam.d/sshd.rpmsave && mv -v /etc/pam.d/sshd.rpmsave /etc/pam.d/sshd
|
||||
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pam.d/sshd
|
||||
%endif
|
||||
%attr(0644,root,root) %{_unitdir}/sshd.service
|
||||
%attr(0644,root,root) %{_sysusersdir}/sshd.conf
|
||||
%attr(0444,root,root) %{_mandir}/man5/sshd_config*
|
||||
%attr(0444,root,root) %{_mandir}/man8/sftp-server.8*
|
||||
%attr(0444,root,root) %{_mandir}/man8/sshd.8*
|
||||
|
2
sysusers-sshd.conf
Normal file
2
sysusers-sshd.conf
Normal file
@ -0,0 +1,2 @@
|
||||
# Type Name ID GECOS [HOME]
|
||||
u sshd - "SSH daemon" /var/lib/sshd
|
Loading…
Reference in New Issue
Block a user