Accepting request 60057 from home:leonardocf:branches:network

reviewed ok.

OBS-URL: https://build.opensuse.org/request/show/60057
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=7

openssh-5.7p1-selinux.diff

@@ -1,173 +0,0 @@
-Index: openssh-5.7p1/ChangeLog
-===================================================================
---- openssh-5.7p1.orig/ChangeLog
-+++ openssh-5.7p1/ChangeLog
-@@ -1,3 +1,10 @@
-+20110125
-+ - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
-+   openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
-+   port-linux.c to avoid compilation errors. Add -lselinux to ssh when
-+   building with SELinux support to avoid linking failure; report from
-+   amk AT spamfence.net; ok dtucker
-+
- 20110122
-  - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
-    RSA_get_default_method() for the benefit of openssl versions that don't
-Index: openssh-5.7p1/configure.ac
-===================================================================
---- openssh-5.7p1.orig/configure.ac
-+++ openssh-5.7p1/configure.ac
-@@ -1,4 +1,4 @@
--# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $
-+# $Id: configure.ac,v 1.470 2011/01/25 01:16:17 djm Exp $
- #
- # Copyright (c) 1999-2004 Damien Miller
- #
-@@ -15,7 +15,7 @@
- # OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- 
- AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
--AC_REVISION($Revision: 1.469 $)
-+AC_REVISION($Revision: 1.470 $)
- AC_CONFIG_SRCDIR([ssh.c])
- 
- # local macros
-@@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4)
- 			[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
- 				[Define if you have Solaris process contracts])
- 			  SSHDLIBS="$SSHDLIBS -lcontract"
--			  AC_SUBST(SSHDLIBS)
- 			  SPC_MSG="yes" ], )
- 		],
- 	)
-@@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4)
- 			[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
- 				[Define if you have Solaris projects])
- 			SSHDLIBS="$SSHDLIBS -lproject"
--			AC_SUBST(SSHDLIBS)
- 			SP_MSG="yes" ], )
- 		],
- 	)
-@@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux,
- 			  LIBS="$LIBS -lselinux"
- 			],
- 			AC_MSG_ERROR(SELinux support requires libselinux library))
-+		SSHLIBS="$SSHLIBS $LIBSELINUX"
- 		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
- 		AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
- 		LIBS="$save_LIBS"
- 	fi ]
- )
-+AC_SUBST(SSHLIBS)
-+AC_SUBST(SSHDLIBS)
- 
- # Check whether user wants Linux audit support
- LINUX_AUDIT_MSG="no"
-@@ -4356,6 +4357,9 @@ echo "         Libraries: ${LIBS}"
- if test ! -z "${SSHDLIBS}"; then
- echo "         +for sshd: ${SSHDLIBS}"
- fi
-+if test ! -z "${SSHLIBS}"; then
-+echo "          +for ssh: ${SSHLIBS}"
-+fi
- 
- echo ""
- 
-Index: openssh-5.7p1/Makefile.in
-===================================================================
---- openssh-5.7p1.orig/Makefile.in
-+++ openssh-5.7p1/Makefile.in
-@@ -1,4 +1,4 @@
--# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $
-+# $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $
- 
- # uncomment if you run a non bourne compatable shell. Ie. csh
- #SHELL = @SH@
-@@ -47,6 +47,7 @@ CFLAGS=@CFLAGS@
- CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
- LIBS=@LIBS@
- LIBAUDIT=@LIBAUDIT@
-+SSHLIBS=@SSHLIBS@
- SSHDLIBS=@SSHDLIBS@
- LIBEDIT=@LIBEDIT@
- AR=@AR@
-@@ -143,7 +144,7 @@ libssh.a: $(LIBSSH_OBJS)
- 	$(RANLIB) $@
- 
- ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
--	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-+	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
- 
- sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
- 	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(LIBAUDIT)
-Index: openssh-5.7p1/openbsd-compat/port-linux.c
-===================================================================
---- openssh-5.7p1.orig/openbsd-compat/port-linux.c
-+++ openssh-5.7p1/openbsd-compat/port-linux.c
-@@ -1,4 +1,4 @@
--/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */
-+/* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */
- 
- /*
-  * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
-@@ -205,6 +205,20 @@ ssh_selinux_change_context(const char *n
- 	xfree(oldctx);
- 	xfree(newctx);
- }
-+
-+void
-+ssh_selinux_setfscreatecon(const char *path)
-+{
-+		security_context_t context;
-+
-+		if (path == NULL) {
-+			setfscreatecon(NULL);
-+			return;
-+		}
-+		matchpathcon(path, 0700, &context);
-+		setfscreatecon(context);
-+}
-+
- #endif /* WITH_SELINUX */
- 
- #ifdef LINUX_OOM_ADJUST
-Index: openssh-5.7p1/openbsd-compat/port-linux.h
-===================================================================
---- openssh-5.7p1.orig/openbsd-compat/port-linux.h
-+++ openssh-5.7p1/openbsd-compat/port-linux.h
-@@ -1,4 +1,4 @@
--/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */
-+/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */
- 
- /*
-  * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
-@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
- void ssh_selinux_setup_pty(char *, const char *);
- void ssh_selinux_setup_exec_context(char *);
- void ssh_selinux_change_context(const char *);
-+void ssh_selinux_setfscreatecon(const char *);
- #endif
- 
- #ifdef LINUX_OOM_ADJUST
-Index: openssh-5.7p1/ssh.c
-===================================================================
---- openssh-5.7p1.orig/ssh.c
-+++ openssh-5.7p1/ssh.c
-@@ -857,15 +857,12 @@ main(int ac, char **av)
- 	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
- 	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
- #ifdef WITH_SELINUX
--		char *scon;
--
--		matchpathcon(buf, 0700, &scon);
--		setfscreatecon(scon);
-+		ssh_selinux_setfscreatecon(buf);
- #endif
- 		if (mkdir(buf, 0700) < 0)
- 			error("Could not create directory '%.200s'.", buf);
- #ifdef WITH_SELINUX
--		setfscreatecon(NULL);
-+		ssh_selinux_setfscreatecon(NULL);
- #endif
- 	}
- 	/* load options.identity_files */

openssh-5.7p1.tar.bz2

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e8e4d63cbfdd0c97f8856693b4412e0bda78bb152ec1cb6f426193dc16d412c3
-size 894451

openssh-5.8p1-audit.patch

@@ -1,19 +1,19 @@
 # add support for Linux audit (FATE #120269)
 ================================================================================
-Index: openssh-5.7p1/Makefile.in
+Index: openssh-5.8p1/Makefile.in
 ===================================================================
---- openssh-5.7p1.orig/Makefile.in
-+++ openssh-5.7p1/Makefile.in
-@@ -46,6 +46,7 @@ LD=@LD@
- CFLAGS=@CFLAGS@
+--- openssh-5.8p1.orig/Makefile.in
++++ openssh-5.8p1/Makefile.in
+@@ -47,6 +47,7 @@ CFLAGS=@CFLAGS@
  CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
  LIBS=@LIBS@
+ SSHLIBS=@SSHLIBS@
 +LIBAUDIT=@LIBAUDIT@
  SSHDLIBS=@SSHDLIBS@
  LIBEDIT=@LIBEDIT@
  AR=@AR@
-@@ -145,7 +146,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS
- 	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+@@ -146,7 +147,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS
+ 	$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
  
  sshd$(EXEEXT): libssh.a	$(LIBCOMPAT) $(SSHDOBJS)
 -	$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
@@ -21,10 +21,10 @@ Index: openssh-5.7p1/Makefile.in
  
  scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
  	$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-Index: openssh-5.7p1/auth.c
+Index: openssh-5.8p1/auth.c
 ===================================================================
---- openssh-5.7p1.orig/auth.c
-+++ openssh-5.7p1/auth.c
+--- openssh-5.8p1.orig/auth.c
++++ openssh-5.8p1/auth.c
 @@ -293,6 +293,12 @@ auth_log(Authctxt *authctxt, int authent
  		    get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
  # endif
@@ -49,10 +49,10 @@ Index: openssh-5.7p1/auth.c
  #ifdef SSH_AUDIT_EVENTS
  		audit_event(SSH_INVALID_USER);
  #endif /* SSH_AUDIT_EVENTS */
-Index: openssh-5.7p1/config.h.in
+Index: openssh-5.8p1/config.h.in
 ===================================================================
---- openssh-5.7p1.orig/config.h.in
-+++ openssh-5.7p1/config.h.in
+--- openssh-5.8p1.orig/config.h.in
++++ openssh-5.8p1/config.h.in
 @@ -1460,6 +1460,9 @@
  /* Define if you want SELinux support. */
  #undef WITH_SELINUX
@@ -63,13 +63,13 @@ Index: openssh-5.7p1/config.h.in
  /* Define to 1 if your processor stores words with the most significant byte
     first (like Motorola and SPARC, unlike Intel and VAX). */
  #undef WORDS_BIGENDIAN
-Index: openssh-5.7p1/configure.ac
+Index: openssh-5.8p1/configure.ac
 ===================================================================
---- openssh-5.7p1.orig/configure.ac
-+++ openssh-5.7p1/configure.ac
-@@ -3521,6 +3521,20 @@ AC_ARG_WITH(selinux,
- 	fi ]
- )
+--- openssh-5.8p1.orig/configure.ac
++++ openssh-5.8p1/configure.ac
+@@ -3522,6 +3522,20 @@ AC_ARG_WITH(selinux,
+ AC_SUBST(SSHLIBS)
+ AC_SUBST(SSHDLIBS)
  
 +# Check whether user wants Linux audit support
 +LINUX_AUDIT_MSG="no"
@@ -88,7 +88,7 @@ Index: openssh-5.7p1/configure.ac
  # Check whether user wants Kerberos 5 support
  KRB5_MSG="no"
  AC_ARG_WITH(kerberos5,
-@@ -4315,6 +4329,7 @@ echo "                       PAM support
+@@ -4316,6 +4330,7 @@ echo "                       PAM support
  echo "                   OSF SIA support: $SIA_MSG"
  echo "                 KerberosV support: $KRB5_MSG"
  echo "                   SELinux support: $SELINUX_MSG"
@@ -96,10 +96,10 @@ Index: openssh-5.7p1/configure.ac
  echo "                 Smartcard support: $SCARD_MSG"
  echo "                     S/KEY support: $SKEY_MSG"
  echo "              TCP Wrappers support: $TCPW_MSG"
-Index: openssh-5.7p1/loginrec.c
+Index: openssh-5.8p1/loginrec.c
 ===================================================================
---- openssh-5.7p1.orig/loginrec.c
-+++ openssh-5.7p1/loginrec.c
+--- openssh-5.8p1.orig/loginrec.c
++++ openssh-5.8p1/loginrec.c
 @@ -176,6 +176,10 @@
  #include "auth.h"
  #include "buffer.h"
@@ -220,10 +220,10 @@ Index: openssh-5.7p1/loginrec.c
  /**
   ** Low-level libutil login() functions
   **/
-Index: openssh-5.7p1/loginrec.h
+Index: openssh-5.8p1/loginrec.h
 ===================================================================
---- openssh-5.7p1.orig/loginrec.h
-+++ openssh-5.7p1/loginrec.h
+--- openssh-5.8p1.orig/loginrec.h
++++ openssh-5.8p1/loginrec.h
 @@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch
  char *line_abbrevname(char *dst, const char *src, int dstsize);
  

openssh-5.8p1-eal3.diff

@@ -1,7 +1,7 @@
-Index: openssh-5.7p1/sshd.8
+Index: openssh-5.8p1/sshd.8
 ===================================================================
---- openssh-5.7p1.orig/sshd.8
-+++ openssh-5.7p1/sshd.8
+--- openssh-5.8p1.orig/sshd.8
++++ openssh-5.8p1/sshd.8
 @@ -855,7 +855,7 @@ Contains Diffie-Hellman groups used for
  The file format is described in
  .Xr moduli 5 .
@@ -30,10 +30,10 @@ Index: openssh-5.7p1/sshd.8
  .Xr sshd_config 5 ,
  .Xr inetd 8 ,
  .Xr sftp-server 8
-Index: openssh-5.7p1/sshd_config.5
+Index: openssh-5.8p1/sshd_config.5
 ===================================================================
---- openssh-5.7p1.orig/sshd_config.5
-+++ openssh-5.7p1/sshd_config.5
+--- openssh-5.8p1.orig/sshd_config.5
++++ openssh-5.8p1/sshd_config.5
 @@ -497,7 +497,7 @@ or
  .Pp
  .Pa /etc/hosts.equiv

openssh-5.8p1-engines.diff

@@ -1,7 +1,7 @@
-Index: openssh-5.7p1/ssh-add.c
+Index: openssh-5.8p1/ssh-add.c
 ===================================================================
---- openssh-5.7p1.orig/ssh-add.c
-+++ openssh-5.7p1/ssh-add.c
+--- openssh-5.8p1.orig/ssh-add.c
++++ openssh-5.8p1/ssh-add.c
 @@ -43,6 +43,7 @@
  
  #include <openssl/evp.h>
@@ -21,10 +21,10 @@ Index: openssh-5.7p1/ssh-add.c
  	/* At first, get a connection to the authentication agent. */
  	ac = ssh_get_authentication_connection();
  	if (ac == NULL) {
-Index: openssh-5.7p1/ssh-agent.c
+Index: openssh-5.8p1/ssh-agent.c
 ===================================================================
---- openssh-5.7p1.orig/ssh-agent.c
-+++ openssh-5.7p1/ssh-agent.c
+--- openssh-5.8p1.orig/ssh-agent.c
++++ openssh-5.8p1/ssh-agent.c
 @@ -52,6 +52,7 @@
  #include <openssl/evp.h>
  #include <openssl/md5.h>
@@ -44,10 +44,10 @@ Index: openssh-5.7p1/ssh-agent.c
  	__progname = ssh_get_progname(av[0]);
  	init_rng();
  	seed_rng();
-Index: openssh-5.7p1/ssh-keygen.c
+Index: openssh-5.8p1/ssh-keygen.c
 ===================================================================
---- openssh-5.7p1.orig/ssh-keygen.c
-+++ openssh-5.7p1/ssh-keygen.c
+--- openssh-5.8p1.orig/ssh-keygen.c
++++ openssh-5.8p1/ssh-keygen.c
 @@ -22,6 +22,7 @@
  #include <openssl/evp.h>
  #include <openssl/pem.h>
@@ -68,10 +68,10 @@ Index: openssh-5.7p1/ssh-keygen.c
  	log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
  
  	init_rng();
-Index: openssh-5.7p1/ssh-keysign.c
+Index: openssh-5.8p1/ssh-keysign.c
 ===================================================================
---- openssh-5.7p1.orig/ssh-keysign.c
-+++ openssh-5.7p1/ssh-keysign.c
+--- openssh-5.8p1.orig/ssh-keysign.c
++++ openssh-5.8p1/ssh-keysign.c
 @@ -38,6 +38,7 @@
  #include <openssl/evp.h>
  #include <openssl/rand.h>
@@ -92,10 +92,10 @@ Index: openssh-5.7p1/ssh-keysign.c
  	for (i = 0; i < 256; i++)
  		rnd[i] = arc4random();
  	RAND_seed(rnd, sizeof(rnd));
-Index: openssh-5.7p1/ssh.c
+Index: openssh-5.8p1/ssh.c
 ===================================================================
---- openssh-5.7p1.orig/ssh.c
-+++ openssh-5.7p1/ssh.c
+--- openssh-5.8p1.orig/ssh.c
++++ openssh-5.8p1/ssh.c
 @@ -75,6 +75,7 @@
  #include <openssl/err.h>
  #include "openbsd-compat/openssl-compat.h"
@@ -115,10 +115,10 @@ Index: openssh-5.7p1/ssh.c
  	/* Initialize the command to execute on remote host. */
  	buffer_init(&command);
  
-Index: openssh-5.7p1/sshd.c
+Index: openssh-5.8p1/sshd.c
 ===================================================================
---- openssh-5.7p1.orig/sshd.c
-+++ openssh-5.7p1/sshd.c
+--- openssh-5.8p1.orig/sshd.c
++++ openssh-5.8p1/sshd.c
 @@ -77,6 +77,7 @@
  #include <openssl/md5.h>
  #include <openssl/rand.h>

openssh-5.8p1-syntax-error.diff

@@ -0,0 +1,13 @@
+Index: openssh-5.8p1/openbsd-compat/port-linux.c
+===================================================================
+--- openssh-5.8p1.orig/openbsd-compat/port-linux.c
++++ openssh-5.8p1/openbsd-compat/port-linux.c
+@@ -213,7 +213,7 @@ ssh_selinux_setfscreatecon(const char *p
+ 
+ 	if (!ssh_selinux_enabled())
+ 		return;
+-	if (path == NULL)
++	if (path == NULL) {
+ 		setfscreatecon(NULL);
+ 		return;
+ 	}

openssh-5.8p1-xauth.diff

@@ -2,7 +2,7 @@ Index: session.c
 ===================================================================
 --- session.c.orig
 +++ session.c
-@@ -2463,8 +2463,41 @@ void
+@@ -2463,8 +2463,40 @@ void
  session_close(Session *s)
  {
  	u_int i;
@@ -23,7 +23,7 @@ Index: session.c
 +			/* Remove authority data from .Xauthority if appropriate. */
 +			debug("Running %.500s remove %.100s\n",
 +				options.xauth_location, s->auth_display);
-+            
++
 +			snprintf(cmd, sizeof cmd, "unset XAUTHORITY && HOME=\"%.200s\" %s -q -",
 +                     		s->pw->pw_dir, options.xauth_location);
 +            		f = popen(cmd, "w");
@@ -40,7 +40,6 @@ Index: session.c
 +		}
 +	}
 +
-+        
  	if (s->ttyfd != -1)
  		session_pty_cleanup(s);
  	if (s->term)

openssh-5.8p1.tar.bz2

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:41f2622b7c804dae31eda39c67d7ccedb1ec418b0811e626b85a6ec184b21108
+size 894842

openssh-askpass-gnome.changes

@@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Fri Feb  4 11:19:14 UTC 2011 - lchiquitto@novell.com
+
+- Update to 5.8p1
+
 -------------------------------------------------------------------
 Mon Jan 24 11:51:10 UTC 2011 - lchiquitto@novell.com
 

openssh-askpass-gnome.spec

@@ -22,7 +22,7 @@ Name:           openssh-askpass-gnome
 BuildRequires:  gtk2-devel krb5-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
 License:        BSD3c(or similar)
 Group:          Productivity/Networking/SSH
-Version:        5.7p1
+Version:        5.8p1
 Release:        1
 Requires:       openssh = %{version} openssh-askpass = %{version}
 AutoReqProv:    on
@@ -30,7 +30,7 @@ Summary:        A GNOME-Based Passphrase Dialog for OpenSSH
 Url:            http://www.openssh.com/
 %define _name openssh
 Source:         %{_name}-%{version}.tar.bz2
-Patch:          %{_name}-%{version}.dif
+Patch:          %{_name}-%{version}-sshd_config.diff
 Patch1:         %{_name}-%{version}-pam-fix2.diff
 Patch2:         %{_name}-%{version}-saveargv-fix.diff
 Patch3:         %{_name}-%{version}-pam-fix3.diff

openssh.changes

@@ -1,3 +1,15 @@
+-------------------------------------------------------------------
+Fri Feb  4 11:19:25 UTC 2011 - lchiquitto@novell.com
+
+- Update to 5.8p1
+ * Fix vulnerability in legacy certificate signing introduced in
+   OpenSSH-5.6 and found by Mateusz Kocielski.
+ * Fix compilation failure when enableing SELinux support.
+ * Do not attempt to call SELinux functions when SELinux is
+   disabled.
+- Remove patch that is now upstream:
+ * openssh-5.7p1-selinux.diff
+
 -------------------------------------------------------------------
 Thu Feb  3 16:42:01 UTC 2011 - pcerny@novell.com
 

openssh.spec

@@ -29,7 +29,7 @@ Requires:       /bin/netstat
 PreReq:         pwdutils %insserv_prereq  %fillup_prereq coreutils
 Conflicts:      nonfreessh
 AutoReqProv:    on
-Version:        5.7p1
+Version:        5.8p1
 Release:        2
 %define xversion 1.2.4.1
 Summary:        Secure Shell Client and Server (Remote Login Program)
@@ -62,7 +62,7 @@ Patch16:        %{name}-%{version}-pts.diff
 Patch17:        %{name}-%{version}-homechroot.patch
 Patch18:        %{name}-%{version}-sshconfig-knownhostschanges.diff
 Patch19:        %{name}-%{version}-host_ident.diff
-Patch21:        %{name}-%{version}-selinux.diff
+Patch20:        %{name}-%{version}-syntax-error.diff
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %package        askpass
@@ -107,7 +107,7 @@ Window System passphrase dialog for OpenSSH.
 %patch17
 %patch18
 %patch19 -p1
-%patch21 -p1
+%patch20 -p1
 cp -v %{SOURCE4} .
 cp -v %{SOURCE6} .
 cd ../x11-ssh-askpass-%{xversion}