Accepting request 60057 from home:leonardocf:branches:network

reviewed ok.

OBS-URL: https://build.opensuse.org/request/show/60057
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=7
This commit is contained in:
Petr Cerny 2011-02-04 13:58:22 +00:00 committed by Git OBS Bridge
parent 5920438cad
commit ceda754f5a
26 changed files with 90 additions and 234 deletions

View File

@ -1,173 +0,0 @@
Index: openssh-5.7p1/ChangeLog
===================================================================
--- openssh-5.7p1.orig/ChangeLog
+++ openssh-5.7p1/ChangeLog
@@ -1,3 +1,10 @@
+20110125
+ - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
+ openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
+ port-linux.c to avoid compilation errors. Add -lselinux to ssh when
+ building with SELinux support to avoid linking failure; report from
+ amk AT spamfence.net; ok dtucker
+
20110122
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
RSA_get_default_method() for the benefit of openssl versions that don't
Index: openssh-5.7p1/configure.ac
===================================================================
--- openssh-5.7p1.orig/configure.ac
+++ openssh-5.7p1/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $
+# $Id: configure.ac,v 1.470 2011/01/25 01:16:17 djm Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.469 $)
+AC_REVISION($Revision: 1.470 $)
AC_CONFIG_SRCDIR([ssh.c])
# local macros
@@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4)
[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
[Define if you have Solaris process contracts])
SSHDLIBS="$SSHDLIBS -lcontract"
- AC_SUBST(SSHDLIBS)
SPC_MSG="yes" ], )
],
)
@@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4)
[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
[Define if you have Solaris projects])
SSHDLIBS="$SSHDLIBS -lproject"
- AC_SUBST(SSHDLIBS)
SP_MSG="yes" ], )
],
)
@@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux,
LIBS="$LIBS -lselinux"
],
AC_MSG_ERROR(SELinux support requires libselinux library))
+ SSHLIBS="$SSHLIBS $LIBSELINUX"
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
LIBS="$save_LIBS"
fi ]
)
+AC_SUBST(SSHLIBS)
+AC_SUBST(SSHDLIBS)
# Check whether user wants Linux audit support
LINUX_AUDIT_MSG="no"
@@ -4356,6 +4357,9 @@ echo " Libraries: ${LIBS}"
if test ! -z "${SSHDLIBS}"; then
echo " +for sshd: ${SSHDLIBS}"
fi
+if test ! -z "${SSHLIBS}"; then
+echo " +for ssh: ${SSHLIBS}"
+fi
echo ""
Index: openssh-5.7p1/Makefile.in
===================================================================
--- openssh-5.7p1.orig/Makefile.in
+++ openssh-5.7p1/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $
+# $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@@ -47,6 +47,7 @@ CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
LIBAUDIT=@LIBAUDIT@
+SSHLIBS=@SSHLIBS@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
AR=@AR@
@@ -143,7 +144,7 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(LIBAUDIT)
Index: openssh-5.7p1/openbsd-compat/port-linux.c
===================================================================
--- openssh-5.7p1.orig/openbsd-compat/port-linux.c
+++ openssh-5.7p1/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */
+/* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */
/*
* Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -205,6 +205,20 @@ ssh_selinux_change_context(const char *n
xfree(oldctx);
xfree(newctx);
}
+
+void
+ssh_selinux_setfscreatecon(const char *path)
+{
+ security_context_t context;
+
+ if (path == NULL) {
+ setfscreatecon(NULL);
+ return;
+ }
+ matchpathcon(path, 0700, &context);
+ setfscreatecon(context);
+}
+
#endif /* WITH_SELINUX */
#ifdef LINUX_OOM_ADJUST
Index: openssh-5.7p1/openbsd-compat/port-linux.h
===================================================================
--- openssh-5.7p1.orig/openbsd-compat/port-linux.h
+++ openssh-5.7p1/openbsd-compat/port-linux.h
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */
+/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */
/*
* Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
void ssh_selinux_setup_pty(char *, const char *);
void ssh_selinux_setup_exec_context(char *);
void ssh_selinux_change_context(const char *);
+void ssh_selinux_setfscreatecon(const char *);
#endif
#ifdef LINUX_OOM_ADJUST
Index: openssh-5.7p1/ssh.c
===================================================================
--- openssh-5.7p1.orig/ssh.c
+++ openssh-5.7p1/ssh.c
@@ -857,15 +857,12 @@ main(int ac, char **av)
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
#ifdef WITH_SELINUX
- char *scon;
-
- matchpathcon(buf, 0700, &scon);
- setfscreatecon(scon);
+ ssh_selinux_setfscreatecon(buf);
#endif
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);
#ifdef WITH_SELINUX
- setfscreatecon(NULL);
+ ssh_selinux_setfscreatecon(NULL);
#endif
}
/* load options.identity_files */

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e8e4d63cbfdd0c97f8856693b4412e0bda78bb152ec1cb6f426193dc16d412c3
size 894451

View File

@ -1,19 +1,19 @@
# add support for Linux audit (FATE #120269)
================================================================================
Index: openssh-5.7p1/Makefile.in
Index: openssh-5.8p1/Makefile.in
===================================================================
--- openssh-5.7p1.orig/Makefile.in
+++ openssh-5.7p1/Makefile.in
@@ -46,6 +46,7 @@ LD=@LD@
CFLAGS=@CFLAGS@
--- openssh-5.8p1.orig/Makefile.in
+++ openssh-5.8p1/Makefile.in
@@ -47,6 +47,7 @@ CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
SSHLIBS=@SSHLIBS@
+LIBAUDIT=@LIBAUDIT@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
AR=@AR@
@@ -145,7 +146,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
@@ -146,7 +147,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
@ -21,10 +21,10 @@ Index: openssh-5.7p1/Makefile.in
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
Index: openssh-5.7p1/auth.c
Index: openssh-5.8p1/auth.c
===================================================================
--- openssh-5.7p1.orig/auth.c
+++ openssh-5.7p1/auth.c
--- openssh-5.8p1.orig/auth.c
+++ openssh-5.8p1/auth.c
@@ -293,6 +293,12 @@ auth_log(Authctxt *authctxt, int authent
get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
# endif
@ -49,10 +49,10 @@ Index: openssh-5.7p1/auth.c
#ifdef SSH_AUDIT_EVENTS
audit_event(SSH_INVALID_USER);
#endif /* SSH_AUDIT_EVENTS */
Index: openssh-5.7p1/config.h.in
Index: openssh-5.8p1/config.h.in
===================================================================
--- openssh-5.7p1.orig/config.h.in
+++ openssh-5.7p1/config.h.in
--- openssh-5.8p1.orig/config.h.in
+++ openssh-5.8p1/config.h.in
@@ -1460,6 +1460,9 @@
/* Define if you want SELinux support. */
#undef WITH_SELINUX
@ -63,13 +63,13 @@ Index: openssh-5.7p1/config.h.in
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
Index: openssh-5.7p1/configure.ac
Index: openssh-5.8p1/configure.ac
===================================================================
--- openssh-5.7p1.orig/configure.ac
+++ openssh-5.7p1/configure.ac
@@ -3521,6 +3521,20 @@ AC_ARG_WITH(selinux,
fi ]
)
--- openssh-5.8p1.orig/configure.ac
+++ openssh-5.8p1/configure.ac
@@ -3522,6 +3522,20 @@ AC_ARG_WITH(selinux,
AC_SUBST(SSHLIBS)
AC_SUBST(SSHDLIBS)
+# Check whether user wants Linux audit support
+LINUX_AUDIT_MSG="no"
@ -88,7 +88,7 @@ Index: openssh-5.7p1/configure.ac
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
@@ -4315,6 +4329,7 @@ echo " PAM support
@@ -4316,6 +4330,7 @@ echo " PAM support
echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG"
@ -96,10 +96,10 @@ Index: openssh-5.7p1/configure.ac
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
Index: openssh-5.7p1/loginrec.c
Index: openssh-5.8p1/loginrec.c
===================================================================
--- openssh-5.7p1.orig/loginrec.c
+++ openssh-5.7p1/loginrec.c
--- openssh-5.8p1.orig/loginrec.c
+++ openssh-5.8p1/loginrec.c
@@ -176,6 +176,10 @@
#include "auth.h"
#include "buffer.h"
@ -220,10 +220,10 @@ Index: openssh-5.7p1/loginrec.c
/**
** Low-level libutil login() functions
**/
Index: openssh-5.7p1/loginrec.h
Index: openssh-5.8p1/loginrec.h
===================================================================
--- openssh-5.7p1.orig/loginrec.h
+++ openssh-5.7p1/loginrec.h
--- openssh-5.8p1.orig/loginrec.h
+++ openssh-5.8p1/loginrec.h
@@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch
char *line_abbrevname(char *dst, const char *src, int dstsize);

View File

@ -1,7 +1,7 @@
Index: openssh-5.7p1/sshd.8
Index: openssh-5.8p1/sshd.8
===================================================================
--- openssh-5.7p1.orig/sshd.8
+++ openssh-5.7p1/sshd.8
--- openssh-5.8p1.orig/sshd.8
+++ openssh-5.8p1/sshd.8
@@ -855,7 +855,7 @@ Contains Diffie-Hellman groups used for
The file format is described in
.Xr moduli 5 .
@ -30,10 +30,10 @@ Index: openssh-5.7p1/sshd.8
.Xr sshd_config 5 ,
.Xr inetd 8 ,
.Xr sftp-server 8
Index: openssh-5.7p1/sshd_config.5
Index: openssh-5.8p1/sshd_config.5
===================================================================
--- openssh-5.7p1.orig/sshd_config.5
+++ openssh-5.7p1/sshd_config.5
--- openssh-5.8p1.orig/sshd_config.5
+++ openssh-5.8p1/sshd_config.5
@@ -497,7 +497,7 @@ or
.Pp
.Pa /etc/hosts.equiv

View File

@ -1,7 +1,7 @@
Index: openssh-5.7p1/ssh-add.c
Index: openssh-5.8p1/ssh-add.c
===================================================================
--- openssh-5.7p1.orig/ssh-add.c
+++ openssh-5.7p1/ssh-add.c
--- openssh-5.8p1.orig/ssh-add.c
+++ openssh-5.8p1/ssh-add.c
@@ -43,6 +43,7 @@
#include <openssl/evp.h>
@ -21,10 +21,10 @@ Index: openssh-5.7p1/ssh-add.c
/* At first, get a connection to the authentication agent. */
ac = ssh_get_authentication_connection();
if (ac == NULL) {
Index: openssh-5.7p1/ssh-agent.c
Index: openssh-5.8p1/ssh-agent.c
===================================================================
--- openssh-5.7p1.orig/ssh-agent.c
+++ openssh-5.7p1/ssh-agent.c
--- openssh-5.8p1.orig/ssh-agent.c
+++ openssh-5.8p1/ssh-agent.c
@@ -52,6 +52,7 @@
#include <openssl/evp.h>
#include <openssl/md5.h>
@ -44,10 +44,10 @@ Index: openssh-5.7p1/ssh-agent.c
__progname = ssh_get_progname(av[0]);
init_rng();
seed_rng();
Index: openssh-5.7p1/ssh-keygen.c
Index: openssh-5.8p1/ssh-keygen.c
===================================================================
--- openssh-5.7p1.orig/ssh-keygen.c
+++ openssh-5.7p1/ssh-keygen.c
--- openssh-5.8p1.orig/ssh-keygen.c
+++ openssh-5.8p1/ssh-keygen.c
@@ -22,6 +22,7 @@
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -68,10 +68,10 @@ Index: openssh-5.7p1/ssh-keygen.c
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
init_rng();
Index: openssh-5.7p1/ssh-keysign.c
Index: openssh-5.8p1/ssh-keysign.c
===================================================================
--- openssh-5.7p1.orig/ssh-keysign.c
+++ openssh-5.7p1/ssh-keysign.c
--- openssh-5.8p1.orig/ssh-keysign.c
+++ openssh-5.8p1/ssh-keysign.c
@@ -38,6 +38,7 @@
#include <openssl/evp.h>
#include <openssl/rand.h>
@ -92,10 +92,10 @@ Index: openssh-5.7p1/ssh-keysign.c
for (i = 0; i < 256; i++)
rnd[i] = arc4random();
RAND_seed(rnd, sizeof(rnd));
Index: openssh-5.7p1/ssh.c
Index: openssh-5.8p1/ssh.c
===================================================================
--- openssh-5.7p1.orig/ssh.c
+++ openssh-5.7p1/ssh.c
--- openssh-5.8p1.orig/ssh.c
+++ openssh-5.8p1/ssh.c
@@ -75,6 +75,7 @@
#include <openssl/err.h>
#include "openbsd-compat/openssl-compat.h"
@ -115,10 +115,10 @@ Index: openssh-5.7p1/ssh.c
/* Initialize the command to execute on remote host. */
buffer_init(&command);
Index: openssh-5.7p1/sshd.c
Index: openssh-5.8p1/sshd.c
===================================================================
--- openssh-5.7p1.orig/sshd.c
+++ openssh-5.7p1/sshd.c
--- openssh-5.8p1.orig/sshd.c
+++ openssh-5.8p1/sshd.c
@@ -77,6 +77,7 @@
#include <openssl/md5.h>
#include <openssl/rand.h>

View File

@ -0,0 +1,13 @@
Index: openssh-5.8p1/openbsd-compat/port-linux.c
===================================================================
--- openssh-5.8p1.orig/openbsd-compat/port-linux.c
+++ openssh-5.8p1/openbsd-compat/port-linux.c
@@ -213,7 +213,7 @@ ssh_selinux_setfscreatecon(const char *p
if (!ssh_selinux_enabled())
return;
- if (path == NULL)
+ if (path == NULL) {
setfscreatecon(NULL);
return;
}

View File

@ -2,7 +2,7 @@ Index: session.c
===================================================================
--- session.c.orig
+++ session.c
@@ -2463,8 +2463,41 @@ void
@@ -2463,8 +2463,40 @@ void
session_close(Session *s)
{
u_int i;
@ -23,7 +23,7 @@ Index: session.c
+ /* Remove authority data from .Xauthority if appropriate. */
+ debug("Running %.500s remove %.100s\n",
+ options.xauth_location, s->auth_display);
+
+
+ snprintf(cmd, sizeof cmd, "unset XAUTHORITY && HOME=\"%.200s\" %s -q -",
+ s->pw->pw_dir, options.xauth_location);
+ f = popen(cmd, "w");
@ -40,7 +40,6 @@ Index: session.c
+ }
+ }
+
+
if (s->ttyfd != -1)
session_pty_cleanup(s);
if (s->term)

3
openssh-5.8p1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:41f2622b7c804dae31eda39c67d7ccedb1ec418b0811e626b85a6ec184b21108
size 894842

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Fri Feb 4 11:19:14 UTC 2011 - lchiquitto@novell.com
- Update to 5.8p1
-------------------------------------------------------------------
Mon Jan 24 11:51:10 UTC 2011 - lchiquitto@novell.com

View File

@ -22,7 +22,7 @@ Name: openssh-askpass-gnome
BuildRequires: gtk2-devel krb5-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
License: BSD3c(or similar)
Group: Productivity/Networking/SSH
Version: 5.7p1
Version: 5.8p1
Release: 1
Requires: openssh = %{version} openssh-askpass = %{version}
AutoReqProv: on
@ -30,7 +30,7 @@ Summary: A GNOME-Based Passphrase Dialog for OpenSSH
Url: http://www.openssh.com/
%define _name openssh
Source: %{_name}-%{version}.tar.bz2
Patch: %{_name}-%{version}.dif
Patch: %{_name}-%{version}-sshd_config.diff
Patch1: %{_name}-%{version}-pam-fix2.diff
Patch2: %{_name}-%{version}-saveargv-fix.diff
Patch3: %{_name}-%{version}-pam-fix3.diff

View File

@ -1,3 +1,15 @@
-------------------------------------------------------------------
Fri Feb 4 11:19:25 UTC 2011 - lchiquitto@novell.com
- Update to 5.8p1
* Fix vulnerability in legacy certificate signing introduced in
OpenSSH-5.6 and found by Mateusz Kocielski.
* Fix compilation failure when enableing SELinux support.
* Do not attempt to call SELinux functions when SELinux is
disabled.
- Remove patch that is now upstream:
* openssh-5.7p1-selinux.diff
-------------------------------------------------------------------
Thu Feb 3 16:42:01 UTC 2011 - pcerny@novell.com

View File

@ -29,7 +29,7 @@ Requires: /bin/netstat
PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils
Conflicts: nonfreessh
AutoReqProv: on
Version: 5.7p1
Version: 5.8p1
Release: 2
%define xversion 1.2.4.1
Summary: Secure Shell Client and Server (Remote Login Program)
@ -62,7 +62,7 @@ Patch16: %{name}-%{version}-pts.diff
Patch17: %{name}-%{version}-homechroot.patch
Patch18: %{name}-%{version}-sshconfig-knownhostschanges.diff
Patch19: %{name}-%{version}-host_ident.diff
Patch21: %{name}-%{version}-selinux.diff
Patch20: %{name}-%{version}-syntax-error.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%package askpass
@ -107,7 +107,7 @@ Window System passphrase dialog for OpenSSH.
%patch17
%patch18
%patch19 -p1
%patch21 -p1
%patch20 -p1
cp -v %{SOURCE4} .
cp -v %{SOURCE6} .
cd ../x11-ssh-askpass-%{xversion}