SHA256
1
0
forked from pool/openssh

Accepting request 59094 from home:leonardocf:branches:network

ok

OBS-URL: https://build.opensuse.org/request/show/59094
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=4
This commit is contained in:
Marcus Meissner 2011-01-31 12:24:57 +00:00 committed by Git OBS Bridge
parent c87fe92d21
commit 2e210d7ee3
29 changed files with 398 additions and 296 deletions

View File

@ -1,16 +0,0 @@
Index: openssh-5.5p1/sshconnect.c
===================================================================
--- openssh-5.5p1.orig/sshconnect.c
+++ openssh-5.5p1/sshconnect.c
@@ -916,6 +916,11 @@ check_host_key(char *hostname, struct so
error("Add correct host key in %.100s to get rid of this message.",
user_hostfile);
error("Offending key in %s:%d", host_file, host_line);
+ error("You can use following command to remove all keys for this IP:");
+ if (ip_file)
+ error("ssh-keygen -R %s -f %s", hostname, ip_file);
+ else
+ error("ssh-keygen -R %s", hostname);
/*
* If strict host key checking is in use, the user will have

View File

@ -1,24 +0,0 @@
Index: ssh-agent.c
===================================================================
--- ssh-agent.c.orig
+++ ssh-agent.c
@@ -1177,8 +1177,18 @@ main(int ac, char **av)
parent_pid = getpid();
if (agentsocket == NULL) {
+ char *tmp1, *tmp;
+ char *tmp2 = "ssh-XXXXXXXXXX";
+ size_t len;
+
+ if ((tmp1 = getenv("TMPDIR")) == NULL)
+ tmp1 = "/tmp";
+ len = strlen(tmp1) + strlen(tmp2) + 1;
+ tmp = malloc(len);
+ snprintf(tmp, len, "%s%s%s", tmp1, tmp1 && strlen(tmp1) > 0 ? "/" : "", tmp2);
/* Create private directory for agent socket */
- strlcpy(socket_dir, "/tmp/ssh-XXXXXXXXXX", sizeof socket_dir);
+ strlcpy(socket_dir, tmp, sizeof socket_dir);
+ free(tmp);
if (mkdtemp(socket_dir) == NULL) {
perror("mkdtemp: private socket dir");
exit(1);

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7ee242e0236597108ed3156420e6a7d517fffe21d89755c37f09cceb5d796e4c
size 896204

View File

@ -1,6 +1,8 @@
--- x11-ssh-askpass.c
Index: x11-ssh-askpass.c
===================================================================
--- x11-ssh-askpass.c.orig
+++ x11-ssh-askpass.c
@@ -1301,7 +1301,7 @@
@@ -1301,7 +1301,7 @@ void handleKeyPress(AppInfo *app, XEvent
}
}
@ -9,7 +11,7 @@
{
/* 'gcc -Wall' complains about 'app' being an unused parameter.
* Tough. We might want to use it later, and then we don't have
@@ -1343,11 +1343,11 @@
@@ -1343,11 +1343,11 @@ void handleButtonPress(AppInfo *app, XEv
return;
}
if (ButtonPress == event->type) {
@ -23,7 +25,7 @@
d->pressedButton = CANCEL_BUTTON;
d->cancelButton.pressed = True;
paintButton(app, d->dialogWindow, d->cancelButton);
@@ -1356,7 +1356,7 @@
@@ -1356,7 +1356,7 @@ void handleButtonPress(AppInfo *app, XEv
}
} else if (ButtonRelease == event->type) {
if (OK_BUTTON == d->pressedButton) {
@ -32,7 +34,7 @@
acceptAction(app);
} else {
if (d->okButton.pressed) {
@@ -1365,7 +1365,7 @@
@@ -1365,7 +1365,7 @@ void handleButtonPress(AppInfo *app, XEv
}
}
} else if (CANCEL_BUTTON == d->pressedButton) {
@ -41,7 +43,7 @@
cancelAction(app);
} else {
if (d->cancelButton.pressed) {
@@ -1385,7 +1385,7 @@
@@ -1385,7 +1385,7 @@ void handlePointerMotion(AppInfo *app, X
if (NO_BUTTON == d->pressedButton) {
return;
} else if (OK_BUTTON == d->pressedButton) {
@ -50,7 +52,7 @@
if (!(d->okButton.pressed)) {
d->okButton.pressed = True;
paintButton(app, d->dialogWindow, d->okButton);
@@ -1397,7 +1397,7 @@
@@ -1397,7 +1397,7 @@ void handlePointerMotion(AppInfo *app, X
}
}
} else if (CANCEL_BUTTON == d->pressedButton) {
@ -59,9 +61,11 @@
if (!(d->cancelButton.pressed)) {
d->cancelButton.pressed = True;
paintButton(app, d->dialogWindow, d->cancelButton);
--- x11-ssh-askpass.h
Index: x11-ssh-askpass.h
===================================================================
--- x11-ssh-askpass.h.orig
+++ x11-ssh-askpass.h
@@ -258,7 +258,7 @@
@@ -258,7 +258,7 @@ void erasePassphrase(AppInfo *app);
void addToPassphrase(AppInfo *app, char c);
void handleKeyPress(AppInfo *app, XEvent *event);

View File

@ -1,9 +1,9 @@
# add support for Linux audit (FATE #120269)
================================================================================
Index: openssh-5.6p1/Makefile.in
Index: openssh-5.7p1/Makefile.in
===================================================================
--- openssh-5.6p1.orig/Makefile.in
+++ openssh-5.6p1/Makefile.in
--- openssh-5.7p1.orig/Makefile.in
+++ openssh-5.7p1/Makefile.in
@@ -46,6 +46,7 @@ LD=@LD@
CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
@ -12,7 +12,7 @@ Index: openssh-5.6p1/Makefile.in
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
AR=@AR@
@@ -142,7 +143,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS
@@ -145,7 +146,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
@ -21,10 +21,10 @@ Index: openssh-5.6p1/Makefile.in
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
Index: openssh-5.6p1/auth.c
Index: openssh-5.7p1/auth.c
===================================================================
--- openssh-5.6p1.orig/auth.c
+++ openssh-5.6p1/auth.c
--- openssh-5.7p1.orig/auth.c
+++ openssh-5.7p1/auth.c
@@ -293,6 +293,12 @@ auth_log(Authctxt *authctxt, int authent
get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
# endif
@ -38,7 +38,7 @@ Index: openssh-5.6p1/auth.c
#ifdef SSH_AUDIT_EVENTS
if (authenticated == 0 && !authctxt->postponed)
audit_event(audit_classify_auth(method));
@@ -586,6 +592,10 @@ getpwnamallow(const char *user)
@@ -592,6 +598,10 @@ getpwnamallow(const char *user)
record_failed_login(user,
get_canonical_hostname(options.use_dns), "ssh");
#endif
@ -49,11 +49,11 @@ Index: openssh-5.6p1/auth.c
#ifdef SSH_AUDIT_EVENTS
audit_event(SSH_INVALID_USER);
#endif /* SSH_AUDIT_EVENTS */
Index: openssh-5.6p1/config.h.in
Index: openssh-5.7p1/config.h.in
===================================================================
--- openssh-5.6p1.orig/config.h.in
+++ openssh-5.6p1/config.h.in
@@ -1424,6 +1424,9 @@
--- openssh-5.7p1.orig/config.h.in
+++ openssh-5.7p1/config.h.in
@@ -1460,6 +1460,9 @@
/* Define if you want SELinux support. */
#undef WITH_SELINUX
@ -63,11 +63,11 @@ Index: openssh-5.6p1/config.h.in
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
Index: openssh-5.6p1/configure.ac
Index: openssh-5.7p1/configure.ac
===================================================================
--- openssh-5.6p1.orig/configure.ac
+++ openssh-5.6p1/configure.ac
@@ -3393,6 +3393,20 @@ AC_ARG_WITH(selinux,
--- openssh-5.7p1.orig/configure.ac
+++ openssh-5.7p1/configure.ac
@@ -3521,6 +3521,20 @@ AC_ARG_WITH(selinux,
fi ]
)
@ -88,7 +88,7 @@ Index: openssh-5.6p1/configure.ac
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
@@ -4185,6 +4199,7 @@ echo " PAM support
@@ -4315,6 +4329,7 @@ echo " PAM support
echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG"
@ -96,10 +96,10 @@ Index: openssh-5.6p1/configure.ac
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
Index: openssh-5.6p1/loginrec.c
Index: openssh-5.7p1/loginrec.c
===================================================================
--- openssh-5.6p1.orig/loginrec.c
+++ openssh-5.6p1/loginrec.c
--- openssh-5.7p1.orig/loginrec.c
+++ openssh-5.7p1/loginrec.c
@@ -176,6 +176,10 @@
#include "auth.h"
#include "buffer.h"
@ -121,7 +121,7 @@ Index: openssh-5.6p1/loginrec.c
int lastlog_write_entry(struct logininfo *li);
int syslogin_write_entry(struct logininfo *li);
@@ -441,6 +448,10 @@ login_write(struct logininfo *li)
@@ -442,6 +449,10 @@ login_write(struct logininfo *li)
/* set the timestamp */
login_set_current_time(li);
@ -132,7 +132,7 @@ Index: openssh-5.6p1/loginrec.c
#ifdef USE_LOGIN
syslogin_write_entry(li);
#endif
@@ -1399,6 +1410,87 @@ wtmpx_get_entry(struct logininfo *li)
@@ -1406,6 +1417,87 @@ wtmpx_get_entry(struct logininfo *li)
}
#endif /* USE_WTMPX */
@ -220,10 +220,10 @@ Index: openssh-5.6p1/loginrec.c
/**
** Low-level libutil login() functions
**/
Index: openssh-5.6p1/loginrec.h
Index: openssh-5.7p1/loginrec.h
===================================================================
--- openssh-5.6p1.orig/loginrec.h
+++ openssh-5.6p1/loginrec.h
--- openssh-5.7p1.orig/loginrec.h
+++ openssh-5.7p1/loginrec.h
@@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch
char *line_abbrevname(char *dst, const char *src, int dstsize);

View File

@ -1,4 +1,6 @@
--- log.c
Index: log.c
===================================================================
--- log.c.orig
+++ log.c
@@ -51,6 +51,7 @@
@ -8,7 +10,7 @@
static LogLevel log_level = SYSLOG_LEVEL_INFO;
static int log_on_stderr = 1;
@@ -336,6 +337,7 @@
@@ -336,6 +337,7 @@ do_log(LogLevel level, const char *fmt,
char fmtbuf[MSGBUFSIZ];
char *txt = NULL;
int pri = LOG_INFO;
@ -16,7 +18,7 @@
int saved_errno = errno;
if (level > log_level)
@@ -387,6 +389,14 @@
@@ -387,6 +389,14 @@ do_log(LogLevel level, const char *fmt,
snprintf(msgbuf, sizeof msgbuf, "%s\r\n", fmtbuf);
write(STDERR_FILENO, msgbuf, strlen(msgbuf));
} else {
@ -31,7 +33,7 @@
#if defined(HAVE_OPENLOG_R) && defined(SYSLOG_DATA_INIT)
openlog_r(argv0 ? argv0 : __progname, LOG_PID, log_facility, &sdata);
syslog_r(pri, &sdata, "%.500s", fmtbuf);
@@ -396,6 +406,7 @@
@@ -396,6 +406,7 @@ do_log(LogLevel level, const char *fmt,
syslog(pri, "%.500s", fmtbuf);
closelog();
#endif

View File

@ -1,26 +1,26 @@
Index: openssh-5.6p1/sshd.8
Index: openssh-5.7p1/sshd.8
===================================================================
--- openssh-5.6p1.orig/sshd.8
+++ openssh-5.6p1/sshd.8
@@ -850,7 +850,7 @@ Contains Diffie-Hellman groups used for
--- openssh-5.7p1.orig/sshd.8
+++ openssh-5.7p1/sshd.8
@@ -855,7 +855,7 @@ Contains Diffie-Hellman groups used for
The file format is described in
.Xr moduli 5 .
.Pp
-.It /etc/motd
+.It /etc/lib/motd
-.It Pa /etc/motd
+.It Pa /etc/lib/motd
See
.Xr motd 5 .
.Pp
@@ -863,7 +863,7 @@ are displayed to anyone trying to log in
@@ -868,7 +868,7 @@ are displayed to anyone trying to log in
refused.
The file should be world-readable.
.Pp
-.It /etc/shosts.equiv
+.It /etc/ssh/shosts.equiv
-.It Pa /etc/shosts.equiv
+.It Pa /etc/ssh/shosts.equiv
This file is used in exactly the same way as
.Pa hosts.equiv ,
but allows host-based authentication without permitting login with
@@ -940,8 +940,7 @@ The content of this file is not sensitiv
@@ -947,8 +947,7 @@ The content of this file is not sensitiv
.Xr ssh-keyscan 1 ,
.Xr chroot 2 ,
.Xr hosts_access 5 ,
@ -30,11 +30,11 @@ Index: openssh-5.6p1/sshd.8
.Xr sshd_config 5 ,
.Xr inetd 8 ,
.Xr sftp-server 8
Index: openssh-5.6p1/sshd_config.5
Index: openssh-5.7p1/sshd_config.5
===================================================================
--- openssh-5.6p1.orig/sshd_config.5
+++ openssh-5.6p1/sshd_config.5
@@ -496,7 +496,7 @@ or
--- openssh-5.7p1.orig/sshd_config.5
+++ openssh-5.7p1/sshd_config.5
@@ -497,7 +497,7 @@ or
.Pp
.Pa /etc/hosts.equiv
and

View File

@ -1,7 +1,7 @@
Index: openssh-5.6p1/ssh-add.c
Index: openssh-5.7p1/ssh-add.c
===================================================================
--- openssh-5.6p1.orig/ssh-add.c
+++ openssh-5.6p1/ssh-add.c
--- openssh-5.7p1.orig/ssh-add.c
+++ openssh-5.7p1/ssh-add.c
@@ -43,6 +43,7 @@
#include <openssl/evp.h>
@ -10,9 +10,9 @@ Index: openssh-5.6p1/ssh-add.c
#include <fcntl.h>
#include <pwd.h>
@@ -374,6 +375,10 @@ main(int argc, char **argv)
@@ -377,6 +378,10 @@ main(int argc, char **argv)
SSLeay_add_all_algorithms();
OpenSSL_add_all_algorithms();
+ /* Init available hardware crypto engines. */
+ ENGINE_load_builtin_engines();
@ -21,10 +21,10 @@ Index: openssh-5.6p1/ssh-add.c
/* At first, get a connection to the authentication agent. */
ac = ssh_get_authentication_connection();
if (ac == NULL) {
Index: openssh-5.6p1/ssh-agent.c
Index: openssh-5.7p1/ssh-agent.c
===================================================================
--- openssh-5.6p1.orig/ssh-agent.c
+++ openssh-5.6p1/ssh-agent.c
--- openssh-5.7p1.orig/ssh-agent.c
+++ openssh-5.7p1/ssh-agent.c
@@ -52,6 +52,7 @@
#include <openssl/evp.h>
#include <openssl/md5.h>
@ -33,9 +33,9 @@ Index: openssh-5.6p1/ssh-agent.c
#include <errno.h>
#include <fcntl.h>
@@ -1094,6 +1095,10 @@ main(int ac, char **av)
@@ -1153,6 +1154,10 @@ main(int ac, char **av)
SSLeay_add_all_algorithms();
OpenSSL_add_all_algorithms();
+ /* Init available hardware crypto engines. */
+ ENGINE_load_builtin_engines();
@ -44,10 +44,10 @@ Index: openssh-5.6p1/ssh-agent.c
__progname = ssh_get_progname(av[0]);
init_rng();
seed_rng();
Index: openssh-5.6p1/ssh-keygen.c
Index: openssh-5.7p1/ssh-keygen.c
===================================================================
--- openssh-5.6p1.orig/ssh-keygen.c
+++ openssh-5.6p1/ssh-keygen.c
--- openssh-5.7p1.orig/ssh-keygen.c
+++ openssh-5.7p1/ssh-keygen.c
@@ -22,6 +22,7 @@
#include <openssl/evp.h>
#include <openssl/pem.h>
@ -56,10 +56,10 @@ Index: openssh-5.6p1/ssh-keygen.c
#include <errno.h>
#include <fcntl.h>
@@ -1782,6 +1783,11 @@ main(int argc, char **argv)
@@ -1815,6 +1816,11 @@ main(int argc, char **argv)
__progname = ssh_get_progname(argv[0]);
SSLeay_add_all_algorithms();
OpenSSL_add_all_algorithms();
+
+ /* Init available hardware crypto engines. */
+ ENGINE_load_builtin_engines();
@ -68,10 +68,10 @@ Index: openssh-5.6p1/ssh-keygen.c
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
init_rng();
Index: openssh-5.6p1/ssh-keysign.c
Index: openssh-5.7p1/ssh-keysign.c
===================================================================
--- openssh-5.6p1.orig/ssh-keysign.c
+++ openssh-5.6p1/ssh-keysign.c
--- openssh-5.7p1.orig/ssh-keysign.c
+++ openssh-5.7p1/ssh-keysign.c
@@ -38,6 +38,7 @@
#include <openssl/evp.h>
#include <openssl/rand.h>
@ -83,7 +83,7 @@ Index: openssh-5.6p1/ssh-keysign.c
@@ -195,6 +196,11 @@ main(int argc, char **argv)
fatal("could not open any host key");
SSLeay_add_all_algorithms();
OpenSSL_add_all_algorithms();
+
+ /* Init available hardware crypto engines. */
+ ENGINE_load_builtin_engines();
@ -92,11 +92,11 @@ Index: openssh-5.6p1/ssh-keysign.c
for (i = 0; i < 256; i++)
rnd[i] = arc4random();
RAND_seed(rnd, sizeof(rnd));
Index: openssh-5.6p1/ssh.c
Index: openssh-5.7p1/ssh.c
===================================================================
--- openssh-5.6p1.orig/ssh.c
+++ openssh-5.6p1/ssh.c
@@ -74,6 +74,7 @@
--- openssh-5.7p1.orig/ssh.c
+++ openssh-5.7p1/ssh.c
@@ -75,6 +75,7 @@
#include <openssl/err.h>
#include "openbsd-compat/openssl-compat.h"
#include "openbsd-compat/sys-queue.h"
@ -104,8 +104,8 @@ Index: openssh-5.6p1/ssh.c
#include "xmalloc.h"
#include "ssh.h"
@@ -602,6 +603,10 @@ main(int ac, char **av)
SSLeay_add_all_algorithms();
@@ -601,6 +602,10 @@ main(int ac, char **av)
OpenSSL_add_all_algorithms();
ERR_load_crypto_strings();
+ /* Init available hardware crypto engines. */
@ -115,10 +115,10 @@ Index: openssh-5.6p1/ssh.c
/* Initialize the command to execute on remote host. */
buffer_init(&command);
Index: openssh-5.6p1/sshd.c
Index: openssh-5.7p1/sshd.c
===================================================================
--- openssh-5.6p1.orig/sshd.c
+++ openssh-5.6p1/sshd.c
--- openssh-5.7p1.orig/sshd.c
+++ openssh-5.7p1/sshd.c
@@ -77,6 +77,7 @@
#include <openssl/md5.h>
#include <openssl/rand.h>
@ -127,9 +127,9 @@ Index: openssh-5.6p1/sshd.c
#ifdef HAVE_SECUREWARE
#include <sys/security.h>
@@ -1471,6 +1472,10 @@ main(int ac, char **av)
@@ -1474,6 +1475,10 @@ main(int ac, char **av)
SSLeay_add_all_algorithms();
OpenSSL_add_all_algorithms();
+ /* Init available hardware crypto engines. */
+ ENGINE_load_builtin_engines();

View File

@ -68,7 +68,7 @@ Index: readconf.c
===================================================================
--- readconf.c.orig
+++ readconf.c
@@ -126,7 +126,7 @@ typedef enum {
@@ -128,7 +128,7 @@ typedef enum {
oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@ -77,7 +77,7 @@ Index: readconf.c
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oControlPersist,
oHashKnownHosts,
@@ -167,9 +167,11 @@ static struct {
@@ -170,9 +170,11 @@ static struct {
#if defined(GSSAPI)
{ "gssapiauthentication", oGssAuthentication },
{ "gssapidelegatecredentials", oGssDelegateCreds },
@ -89,18 +89,18 @@ Index: readconf.c
#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
@@ -477,6 +479,10 @@ parse_flag:
case oGssDelegateCreds:
@@ -483,6 +485,10 @@ parse_flag:
intptr = &options->gss_deleg_creds;
goto parse_flag;
+
+ case oGssEnableMITM:
+ intptr = &options->gss_enable_mitm;
+ goto parse_flag;
+
case oBatchMode:
intptr = &options->batch_mode;
@@ -1059,6 +1065,7 @@ initialize_options(Options * options)
goto parse_flag;
@@ -1093,6 +1099,7 @@ initialize_options(Options * options)
options->challenge_response_authentication = -1;
options->gss_authentication = -1;
options->gss_deleg_creds = -1;
@ -108,7 +108,7 @@ Index: readconf.c
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
@@ -1158,6 +1165,8 @@ fill_default_options(Options * options)
@@ -1195,6 +1202,8 @@ fill_default_options(Options * options)
options->gss_authentication = 0;
if (options->gss_deleg_creds == -1)
options->gss_deleg_creds = 0;
@ -133,7 +133,7 @@ Index: servconf.c
===================================================================
--- servconf.c.orig
+++ servconf.c
@@ -94,6 +94,7 @@ initialize_server_options(ServerOptions
@@ -98,6 +98,7 @@ initialize_server_options(ServerOptions
options->kerberos_get_afs_token = -1;
options->gss_authentication=-1;
options->gss_cleanup_creds = -1;
@ -141,7 +141,7 @@ Index: servconf.c
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
@@ -217,6 +218,8 @@ fill_default_server_options(ServerOption
@@ -228,6 +229,8 @@ fill_default_server_options(ServerOption
options->gss_authentication = 0;
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
@ -150,7 +150,7 @@ Index: servconf.c
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
@@ -307,7 +310,7 @@ typedef enum {
@@ -322,7 +325,7 @@ typedef enum {
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
@ -159,7 +159,7 @@ Index: servconf.c
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication, sHostCertificate,
@@ -370,9 +373,11 @@ static struct {
@@ -386,9 +389,11 @@ static struct {
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@ -171,22 +171,22 @@ Index: servconf.c
#endif
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
@@ -929,6 +934,10 @@ process_server_config_line(ServerOptions
case sGssCleanupCreds:
@@ -948,6 +953,10 @@ process_server_config_line(ServerOptions
intptr = &options->gss_cleanup_creds;
goto parse_flag;
+
+ case sGssEnableMITM:
+ intptr = &options->gss_enable_mitm;
+ goto parse_flag;
+
case sPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_flag;
Index: servconf.h
===================================================================
--- servconf.h.orig
+++ servconf.h
@@ -95,6 +95,7 @@ typedef struct {
@@ -98,6 +98,7 @@ typedef struct {
* authenticated with Kerberos. */
int gss_authentication; /* If true, permit GSSAPI authentication */
int gss_cleanup_creds; /* If true, destroy cred cache on logout */
@ -218,7 +218,7 @@ Index: sshconnect2.c
===================================================================
--- sshconnect2.c.orig
+++ sshconnect2.c
@@ -263,6 +263,10 @@ Authmethod authmethods[] = {
@@ -324,6 +324,10 @@ Authmethod authmethods[] = {
NULL,
&options.gss_authentication,
NULL},
@ -229,7 +229,7 @@ Index: sshconnect2.c
#endif
{"hostbased",
userauth_hostbased,
@@ -640,7 +644,9 @@ process_gssapi_token(void *ctxt, gss_buf
@@ -701,7 +705,9 @@ process_gssapi_token(void *ctxt, gss_buf
if (status == GSS_S_COMPLETE) {
/* send either complete or MIC, depending on mechanism */
@ -244,7 +244,7 @@ Index: sshd_config
===================================================================
--- sshd_config.orig
+++ sshd_config
@@ -72,6 +72,13 @@ PasswordAuthentication no
@@ -73,6 +73,12 @@ PasswordAuthentication no
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
@ -253,7 +253,6 @@ Index: sshd_config
+# in this release. The use of 'gssapi' is deprecated due to the presence of
+# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
+#GSSAPIEnableMITMAttack no
+
+
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will

View File

@ -48,7 +48,7 @@ Index: session.c
static void do_authenticated1(Authctxt *);
static void do_authenticated2(Authctxt *);
@@ -806,6 +808,11 @@ do_exec(Session *s, const char *command)
@@ -808,6 +810,11 @@ do_exec(Session *s, const char *command)
debug("Forced command (key option) '%.900s'", command);
}
@ -60,7 +60,7 @@ Index: session.c
#ifdef SSH_AUDIT_EVENTS
if (command != NULL)
PRIVSEP(audit_run_command(command));
@@ -1419,6 +1426,63 @@ do_nologin(struct passwd *pw)
@@ -1421,6 +1428,63 @@ do_nologin(struct passwd *pw)
}
/*
@ -124,7 +124,7 @@ Index: session.c
* Chroot into a directory after checking it for safety: all path components
* must be root-owned directories with strict permissions.
*/
@@ -1428,6 +1492,7 @@ safely_chroot(const char *path, uid_t ui
@@ -1430,6 +1494,7 @@ safely_chroot(const char *path, uid_t ui
const char *cp;
char component[MAXPATHLEN];
struct stat st;
@ -132,7 +132,7 @@ Index: session.c
if (*path != '/')
fatal("chroot path does not begin at root");
@@ -1439,7 +1504,7 @@ safely_chroot(const char *path, uid_t ui
@@ -1441,7 +1506,7 @@ safely_chroot(const char *path, uid_t ui
* root-owned directory with strict permissions.
*/
for (cp = path; cp != NULL;) {
@ -141,7 +141,7 @@ Index: session.c
strlcpy(component, path, sizeof(component));
else {
cp++;
@@ -1452,14 +1517,20 @@ safely_chroot(const char *path, uid_t ui
@@ -1454,14 +1519,20 @@ safely_chroot(const char *path, uid_t ui
if (stat(component, &st) != 0)
fatal("%s: stat(\"%s\"): %s", __func__,
component, strerror(errno));
@ -163,7 +163,7 @@ Index: session.c
}
if (chdir(path) == -1)
@@ -1470,6 +1541,10 @@ safely_chroot(const char *path, uid_t ui
@@ -1472,6 +1543,10 @@ safely_chroot(const char *path, uid_t ui
if (chdir("/") == -1)
fatal("%s: chdir(/) after chroot: %s",
__func__, strerror(errno));
@ -257,7 +257,7 @@ Index: sshd_config.5
===================================================================
--- sshd_config.5.orig
+++ sshd_config.5
@@ -269,6 +269,17 @@ inside the chroot directory (see
@@ -268,6 +268,17 @@ inside the chroot directory (see
.Xr sftp-server 8
for details).
.Pp

View File

@ -0,0 +1,16 @@
Index: openssh-5.7p1/sshconnect.c
===================================================================
--- openssh-5.7p1.orig/sshconnect.c
+++ openssh-5.7p1/sshconnect.c
@@ -958,6 +958,11 @@ check_host_key(char *hostname, struct so
user_hostfile);
error("Offending %s key in %s:%lu", key_type(host_found->key),
host_found->file, host_found->line);
+ error("You can use following command to remove all keys for this IP:");
+ if (host_found->file)
+ error("ssh-keygen -R %s -f %s", hostname, host_found->file);
+ else
+ error("ssh-keygen -R %s", hostname);
/*
* If strict host key checking is in use, the user will have

View File

@ -2,7 +2,7 @@ Index: sshd_config
===================================================================
--- sshd_config.orig
+++ sshd_config
@@ -56,7 +56,7 @@
@@ -57,7 +57,7 @@
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
@ -11,7 +11,7 @@ Index: sshd_config
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
@@ -81,7 +81,7 @@
@@ -82,7 +82,7 @@
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.

View File

@ -1,6 +1,8 @@
--- auth-pam.c
Index: auth-pam.c
===================================================================
--- auth-pam.c.orig
+++ auth-pam.c
@@ -786,7 +786,9 @@
@@ -786,7 +786,9 @@ sshpam_query(void *ctx, char **name, cha
fatal("Internal error: PAM auth "
"succeeded when it should have "
"failed");

View File

@ -2,7 +2,7 @@ Index: loginrec.c
===================================================================
--- loginrec.c.orig
+++ loginrec.c
@@ -554,7 +554,7 @@ getlast_entry(struct logininfo *li)
@@ -555,7 +555,7 @@ getlast_entry(struct logininfo *li)
* 1. The full filename (including '/dev')
* 2. The stripped name (excluding '/dev')
* 3. The abbreviated name (e.g. /dev/ttyp00 -> yp00
@ -11,7 +11,7 @@ Index: loginrec.c
*
* Form 3 is used on some systems to identify a .tmp.? entry when
* attempting to remove it. Typically both addition and removal is
@@ -615,6 +615,10 @@ line_abbrevname(char *dst, const char *s
@@ -616,6 +616,10 @@ line_abbrevname(char *dst, const char *s
if (strncmp(src, "tty", 3) == 0)
src += 3;
#endif

View File

@ -10,7 +10,7 @@ Index: sshd.c
logit("Received SIGHUP; restarting.");
close_listen_socks();
close_startup_pipes();
@@ -1316,7 +1317,11 @@ main(int ac, char **av)
@@ -1319,7 +1320,11 @@ main(int ac, char **av)
#ifndef HAVE_SETPROCTITLE
/* Prepare for later setproctitle emulation */
compat_init_setproctitle(ac, av);

173
openssh-5.7p1-selinux.diff Normal file
View File

@ -0,0 +1,173 @@
Index: openssh-5.7p1/ChangeLog
===================================================================
--- openssh-5.7p1.orig/ChangeLog
+++ openssh-5.7p1/ChangeLog
@@ -1,3 +1,10 @@
+20110125
+ - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
+ openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
+ port-linux.c to avoid compilation errors. Add -lselinux to ssh when
+ building with SELinux support to avoid linking failure; report from
+ amk AT spamfence.net; ok dtucker
+
20110122
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
RSA_get_default_method() for the benefit of openssl versions that don't
Index: openssh-5.7p1/configure.ac
===================================================================
--- openssh-5.7p1.orig/configure.ac
+++ openssh-5.7p1/configure.ac
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $
+# $Id: configure.ac,v 1.470 2011/01/25 01:16:17 djm Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.469 $)
+AC_REVISION($Revision: 1.470 $)
AC_CONFIG_SRCDIR([ssh.c])
# local macros
@@ -737,7 +737,6 @@ mips-sony-bsd|mips-sony-newsos4)
[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
[Define if you have Solaris process contracts])
SSHDLIBS="$SSHDLIBS -lcontract"
- AC_SUBST(SSHDLIBS)
SPC_MSG="yes" ], )
],
)
@@ -748,7 +747,6 @@ mips-sony-bsd|mips-sony-newsos4)
[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
[Define if you have Solaris projects])
SSHDLIBS="$SSHDLIBS -lproject"
- AC_SUBST(SSHDLIBS)
SP_MSG="yes" ], )
],
)
@@ -3515,11 +3513,14 @@ AC_ARG_WITH(selinux,
LIBS="$LIBS -lselinux"
],
AC_MSG_ERROR(SELinux support requires libselinux library))
+ SSHLIBS="$SSHLIBS $LIBSELINUX"
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
LIBS="$save_LIBS"
fi ]
)
+AC_SUBST(SSHLIBS)
+AC_SUBST(SSHDLIBS)
# Check whether user wants Linux audit support
LINUX_AUDIT_MSG="no"
@@ -4356,6 +4357,9 @@ echo " Libraries: ${LIBS}"
if test ! -z "${SSHDLIBS}"; then
echo " +for sshd: ${SSHDLIBS}"
fi
+if test ! -z "${SSHLIBS}"; then
+echo " +for ssh: ${SSHLIBS}"
+fi
echo ""
Index: openssh-5.7p1/Makefile.in
===================================================================
--- openssh-5.7p1.orig/Makefile.in
+++ openssh-5.7p1/Makefile.in
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $
+# $Id: Makefile.in,v 1.321 2011/01/25 01:16:16 djm Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@@ -47,6 +47,7 @@ CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
LIBAUDIT=@LIBAUDIT@
+SSHLIBS=@SSHLIBS@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
AR=@AR@
@@ -143,7 +144,7 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) $(LIBAUDIT)
Index: openssh-5.7p1/openbsd-compat/port-linux.c
===================================================================
--- openssh-5.7p1.orig/openbsd-compat/port-linux.c
+++ openssh-5.7p1/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */
+/* $Id: port-linux.c,v 1.12 2011/01/25 01:16:18 djm Exp $ */
/*
* Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -205,6 +205,20 @@ ssh_selinux_change_context(const char *n
xfree(oldctx);
xfree(newctx);
}
+
+void
+ssh_selinux_setfscreatecon(const char *path)
+{
+ security_context_t context;
+
+ if (path == NULL) {
+ setfscreatecon(NULL);
+ return;
+ }
+ matchpathcon(path, 0700, &context);
+ setfscreatecon(context);
+}
+
#endif /* WITH_SELINUX */
#ifdef LINUX_OOM_ADJUST
Index: openssh-5.7p1/openbsd-compat/port-linux.h
===================================================================
--- openssh-5.7p1.orig/openbsd-compat/port-linux.h
+++ openssh-5.7p1/openbsd-compat/port-linux.h
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */
+/* $Id: port-linux.h,v 1.5 2011/01/25 01:16:18 djm Exp $ */
/*
* Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
void ssh_selinux_setup_pty(char *, const char *);
void ssh_selinux_setup_exec_context(char *);
void ssh_selinux_change_context(const char *);
+void ssh_selinux_setfscreatecon(const char *);
#endif
#ifdef LINUX_OOM_ADJUST
Index: openssh-5.7p1/ssh.c
===================================================================
--- openssh-5.7p1.orig/ssh.c
+++ openssh-5.7p1/ssh.c
@@ -857,15 +857,12 @@ main(int ac, char **av)
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
#ifdef WITH_SELINUX
- char *scon;
-
- matchpathcon(buf, 0700, &scon);
- setfscreatecon(scon);
+ ssh_selinux_setfscreatecon(buf);
#endif
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);
#ifdef WITH_SELINUX
- setfscreatecon(NULL);
+ ssh_selinux_setfscreatecon(NULL);
#endif
}
/* load options.identity_files */

View File

@ -2,11 +2,12 @@ Index: ssh_config
===================================================================
--- ssh_config.orig
+++ ssh_config
@@ -67,5 +67,12 @@ ForwardX11Trusted yes
@@ -67,5 +67,13 @@ ForwardX11Trusted yes
SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
SendEnv LC_IDENTIFICATION LC_ALL
-# VisualHostKey no
+
+# This will print the fingerprint of the host key in "visual" form
+# this should make it easier to also recognize bad things
+VisualHostKey no

View File

@ -2,7 +2,7 @@ Index: session.c
===================================================================
--- session.c.orig
+++ session.c
@@ -2525,8 +2525,41 @@ void
@@ -2463,8 +2463,41 @@ void
session_close(Session *s)
{
u_int i;

View File

@ -2,7 +2,7 @@ Index: session.c
===================================================================
--- session.c.orig
+++ session.c
@@ -1114,7 +1114,7 @@ copy_environment(char **source, char ***
@@ -1116,7 +1116,7 @@ copy_environment(char **source, char ***
}
static char **
@ -11,7 +11,7 @@ Index: session.c
{
char buf[256];
u_int i, envsize;
@@ -1301,6 +1301,8 @@ do_setup_env(Session *s, const char *she
@@ -1303,6 +1303,8 @@ do_setup_env(Session *s, const char *she
for (i = 0; env[i]; i++)
fprintf(stderr, " %.200s\n", env[i]);
}
@ -20,7 +20,7 @@ Index: session.c
return env;
}
@@ -1309,7 +1311,7 @@ do_setup_env(Session *s, const char *she
@@ -1311,7 +1313,7 @@ do_setup_env(Session *s, const char *she
* first in this order).
*/
static void
@ -29,7 +29,7 @@ Index: session.c
{
FILE *f = NULL;
char cmd[1024];
@@ -1363,12 +1365,20 @@ do_rc_files(Session *s, const char *shel
@@ -1365,12 +1367,20 @@ do_rc_files(Session *s, const char *shel
options.xauth_location);
f = popen(cmd, "w");
if (f) {
@ -50,7 +50,7 @@ Index: session.c
} else {
fprintf(stderr, "Could not run %s\n",
cmd);
@@ -1670,6 +1680,7 @@ do_child(Session *s, const char *command
@@ -1608,6 +1618,7 @@ do_child(Session *s, const char *command
{
extern char **environ;
char **env;
@ -58,7 +58,7 @@ Index: session.c
char *argv[ARGV_MAX];
const char *shell, *shell0, *hostname = NULL;
struct passwd *pw = s->pw;
@@ -1736,7 +1747,7 @@ do_child(Session *s, const char *command
@@ -1674,7 +1685,7 @@ do_child(Session *s, const char *command
* Make sure $SHELL points to the shell from the password file,
* even if shell is overridden from login.conf
*/
@ -67,7 +67,7 @@ Index: session.c
#ifdef HAVE_LOGIN_CAP
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
@@ -1805,7 +1816,7 @@ do_child(Session *s, const char *command
@@ -1743,7 +1754,7 @@ do_child(Session *s, const char *command
closefrom(STDERR_FILENO + 1);
if (!options.use_login)

View File

@ -28,7 +28,7 @@ Index: sshd_config
===================================================================
--- sshd_config.orig
+++ sshd_config
@@ -86,7 +86,7 @@
@@ -87,7 +87,7 @@
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no

3
openssh-5.7p1.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e8e4d63cbfdd0c97f8856693b4412e0bda78bb152ec1cb6f426193dc16d412c3
size 894451

View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:0b46d50d58800dc184448c70485265894d97da90749019917708c22ac8845753
size 1943
oid sha256:a73f20ff86a679a64f3b94a666dc9e7e1b442fb2da09ddb56f9a01f4dbdbc241
size 1975

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Jan 24 11:51:10 UTC 2011 - lchiquitto@novell.com
- Update to 5.7p1
-------------------------------------------------------------------
Wed Jan 12 13:37:38 CET 2011 - sbrabec@suse.cz

View File

@ -1,5 +1,5 @@
#
# spec file for package openssh-askpass-gnome (Version 5.6p1)
# spec file for package openssh-askpass-gnome (Version 5.7p1)
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -22,8 +22,8 @@ Name: openssh-askpass-gnome
BuildRequires: gtk2-devel krb5-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
License: BSD3c(or similar)
Group: Productivity/Networking/SSH
Version: 5.6p1
Release: 8
Version: 5.7p1
Release: 1
Requires: openssh = %{version} openssh-askpass = %{version}
AutoReqProv: on
Summary: A GNOME-Based Passphrase Dialog for OpenSSH

View File

@ -1,94 +0,0 @@
Index: openbsd-compat/port-linux.c
===================================================================
RCS file: /home/dtucker/openssh/cvs/openssh/openbsd-compat/port-linux.c,v
retrieving revision 1.9
diff -u -p -r1.9 port-linux.c
--- openbsd-compat/port-linux.c 10 Sep 2010 00:30:25 -0000 1.9
+++ openbsd-compat/port-linux.c 16 Nov 2010 05:10:13 -0000
@@ -208,14 +208,21 @@ ssh_selinux_change_context(const char *n
#endif /* WITH_SELINUX */
#ifdef LINUX_OOM_ADJUST
-#define OOM_ADJ_PATH "/proc/self/oom_adj"
/*
- * The magic "don't kill me", as documented in eg:
+ * The magic "don't kill me" values, old and new, as documented in eg:
* http://lxr.linux.no/#linux+v2.6.32/Documentation/filesystems/proc.txt
+ * http://lxr.linux.no/#linux+v2.6.36/Documentation/filesystems/proc.txt
*/
-#define OOM_ADJ_NOKILL -17
static int oom_adj_save = INT_MIN;
+static char *oom_adj_path = NULL;
+struct {
+ char *path;
+ int value;
+} oom_adjust[] = {
+ {"/proc/self/oom_score_adj", -1000}, /* new values, 2.6.36 and up */
+ {"/proc/self/oom_adj", -17}, /* old values, 2.6.35 and down */
+};
/*
* Tell the kernel's out-of-memory killer to avoid sshd.
@@ -224,23 +231,31 @@ static int oom_adj_save = INT_MIN;
void
oom_adjust_setup(void)
{
+ int i, value;
FILE *fp;
debug3("%s", __func__);
- if ((fp = fopen(OOM_ADJ_PATH, "r+")) != NULL) {
- if (fscanf(fp, "%d", &oom_adj_save) != 1)
- verbose("error reading %s: %s", OOM_ADJ_PATH, strerror(errno));
- else {
- rewind(fp);
- if (fprintf(fp, "%d\n", OOM_ADJ_NOKILL) <= 0)
- verbose("error writing %s: %s",
- OOM_ADJ_PATH, strerror(errno));
- else
- verbose("Set %s from %d to %d",
- OOM_ADJ_PATH, oom_adj_save, OOM_ADJ_NOKILL);
+ for (i = 0; i < 2; i++) {
+ oom_adj_path = oom_adjust[i].path;
+ value = oom_adjust[i].value;
+ if ((fp = fopen(oom_adj_path, "r+")) != NULL) {
+ if (fscanf(fp, "%d", &oom_adj_save) != 1)
+ verbose("error reading %s: %s", oom_adj_path,
+ strerror(errno));
+ else {
+ rewind(fp);
+ if (fprintf(fp, "%d\n", value) <= 0)
+ verbose("error writing %s: %s",
+ oom_adj_path, strerror(errno));
+ else
+ verbose("Set %s from %d to %d",
+ oom_adj_path, oom_adj_save, value);
+ }
+ fclose(fp);
+ return;
}
- fclose(fp);
}
+ oom_adj_path = NULL;
}
/* Restore the saved OOM adjustment */
@@ -250,13 +265,14 @@ oom_adjust_restore(void)
FILE *fp;
debug3("%s", __func__);
- if (oom_adj_save == INT_MIN || (fp = fopen(OOM_ADJ_PATH, "w")) == NULL)
+ if (oom_adj_save == INT_MIN || oom_adj_save == NULL ||
+ (fp = fopen(oom_adj_path, "w")) == NULL)
return;
if (fprintf(fp, "%d\n", oom_adj_save) <= 0)
- verbose("error writing %s: %s", OOM_ADJ_PATH, strerror(errno));
+ verbose("error writing %s: %s", oom_adj_path, strerror(errno));
else
- verbose("Set %s to %d", OOM_ADJ_PATH, oom_adj_save);
+ verbose("Set %s to %d", oom_adj_path, oom_adj_save);
fclose(fp);
return;

View File

@ -1,3 +1,39 @@
-------------------------------------------------------------------
Mon Jan 24 11:24:59 UTC 2011 - lchiquitto@novell.com
- Update to 5.7p1
* Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
and host/user keys (ECDSA) as specified by RFC5656.
* sftp(1)/sftp-server(8): add a protocol extension to support a hard
link operation.
* scp(1): Add a new -3 option to scp: Copies between two remote hosts
are transferred through the local host.
* ssh(1): automatically order the hostkeys requested by the client
based on which hostkeys are already recorded in known_hosts.
* ssh(1)/sshd(8): add a new IPQoS option to specify arbitrary
TOS/DSCP/QoS values instead of hardcoding lowdelay/throughput.
* sftp(1): the sftp client is now significantly faster at performing
directory listings, using OpenBSD glob(3) extensions to preserve
the results of stat(3) operations performed in the course of its
execution rather than performing expensive round trips to fetch
them again afterwards.
* ssh(1): "atomically" create the listening mux socket by binding it on
a temporary name and then linking it into position after listen() has
succeeded.
* ssh(1)/sshd(8): add a KexAlgorithms knob to the client and server
configuration to allow selection of which key exchange methods are
used by ssh(1) and sshd(8) and their order of preference.
* sftp(1)/scp(1): factor out bandwidth limiting code from scp(1) into
a generic bandwidth limiter that can be attached using the atomicio
callback mechanism and use it to add a bandwidth limit option to
sftp(1).
* Support building against openssl-1.0.0a.
* Bug fixes.
- Remove patches that are now upstream:
* openssh-5.6p1-tmpdir.diff
* openssh-linux-new-oomkill.patch
- Add upstream patch to fix build with SELinux enabled.
-------------------------------------------------------------------
Wed Jan 12 13:37:38 CET 2011 - sbrabec@suse.cz

View File

@ -1,5 +1,5 @@
#
# spec file for package openssh (Version 5.6p1)
# spec file for package openssh (Version 5.7p1)
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -29,8 +29,8 @@ Requires: /bin/netstat
PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils
Conflicts: nonfreessh
AutoReqProv: on
Version: 5.6p1
Release: 8
Version: 5.7p1
Release: 1
%define xversion 1.2.4.1
Summary: Secure Shell Client and Server (Remote Login Program)
Url: http://www.openssh.com/
@ -55,7 +55,6 @@ Patch7: %{name}-%{version}-engines.diff
Patch8: %{name}-%{version}-blocksigalrm.diff
Patch9: %{name}-%{version}-send_locale.diff
Patch10: %{name}-%{version}-xauthlocalhostname.diff
Patch11: %{name}-%{version}-tmpdir.diff
Patch12: %{name}-%{version}-xauth.diff
Patch14: %{name}-%{version}-default-protocol.diff
Patch15: %{name}-%{version}-audit.patch
@ -63,7 +62,7 @@ Patch16: %{name}-%{version}-pts.diff
Patch17: %{name}-%{version}-homechroot.patch
Patch18: %{name}-%{version}-sshconfig-knownhostschanges.diff
Patch19: %{name}-%{version}-host_ident.diff
Patch20: openssh-linux-new-oomkill.patch
Patch20: %{name}-%{version}-selinux.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%package askpass
@ -101,7 +100,6 @@ Window System passphrase dialog for OpenSSH.
%patch8
%patch9
%patch10
%patch11
%patch12
%patch14
%patch15 -p1
@ -109,7 +107,7 @@ Window System passphrase dialog for OpenSSH.
%patch17
%patch18
%patch19 -p1
%patch20
%patch20 -p1
cp -v %{SOURCE4} .
cp -v %{SOURCE6} .
cd ../x11-ssh-askpass-%{xversion}