Accepting request 684353 from home:vitezslav_cizek:branches:network

- Minor clean-up of the fips patches, modified openssh-7.7p1-fips.patch openssh-7.7p1-fips_checks.patch OBS-URL: https://build.opensuse.org/request/show/684353 OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=185
2019-03-12 15:19:34 +00:00 · 2019-03-12 15:19:34 +00:00 · 8ca4d6f6f4
commit 8ca4d6f6f4
parent d9fe580505
3 changed files with 26 additions and 38 deletions
--- a/openssh-7.7p1-fips.patch
+++ b/openssh-7.7p1-fips.patch
@ -6,7 +6,7 @@ algorithms.
 Index: openssh-7.9p1/Makefile.in
 ===================================================================
 --- openssh-7.9p1.orig/Makefile.in	2019-02-28 17:20:15.767164591 +0100
-+++ openssh-7.9p1/Makefile.in	2019-02-28 20:18:30.666473978 +0100
+++ openssh-7.9p1/Makefile.in	2019-03-12 11:41:49.662894934 +0100
@@ -102,6 +102,8 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \
 	kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o \
 	platform-pledge.o platform-tracing.o platform-misc.o
@ -41,7 +41,7 @@ Index: openssh-7.9p1/cipher-ctr.c
 Index: openssh-7.9p1/cipher.c
 ===================================================================
 --- openssh-7.9p1.orig/cipher.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/cipher.c	2019-02-28 20:18:30.666473978 +0100
+++ openssh-7.9p1/cipher.c	2019-03-12 11:41:49.662894934 +0100
@@ -51,6 +51,8 @@
 #include "openbsd-compat/openssl-compat.h"
@ -134,8 +134,8 @@ Index: openssh-7.9p1/cipher.c
 Index: openssh-7.9p1/fips.c
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssh-7.9p1/fips.c	2019-02-28 20:18:30.534473204 +0100
+++ openssh-7.9p1/fips.c	2019-03-12 11:42:10.971006569 +0100
-@@ -0,0 +1,215 @@
+@@ -0,0 +1,212 @@
 +/*
 + * Copyright (c) 2012 Petr Cerny.  All rights reserved.
 + *
@ -176,9 +176,6 @@ Index: openssh-7.9p1/fips.c
 +#include <string.h>
 +#include <openssl/crypto.h>
 +
 +/* import from dh.c */
 +extern int dh_grp_min;
 +
 +static int fips_state = -1;
 +
 +static int
@ -354,7 +351,7 @@ Index: openssh-7.9p1/fips.c
 Index: openssh-7.9p1/fips.h
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssh-7.9p1/fips.h	2019-02-28 20:18:30.534473204 +0100
+++ openssh-7.9p1/fips.h	2019-03-12 11:41:49.514894158 +0100
@@ -0,0 +1,44 @@
 +/*
 + * Copyright (c) 2012 Petr Cerny.  All rights reserved.
@ -512,19 +509,6 @@ Index: openssh-7.9p1/kex.c
 			free(s);
 			return 0;
 		}
 Index: openssh-7.9p1/kexgexs.c
 ===================================================================
 --- openssh-7.9p1.orig/kexgexs.c	2018-10-17 02:01:20.000000000 +0200
 +++ openssh-7.9p1/kexgexs.c	2019-02-28 17:20:15.923165569 +0100
@@ -56,6 +56,8 @@
 #include "sshbuf.h"
 #include "misc.h"
 +#include "fips.h"
 +
 static int input_kex_dh_gex_request(int, u_int32_t, struct ssh *);
 static int input_kex_dh_gex_init(int, u_int32_t, struct ssh *);
 Index: openssh-7.9p1/mac.c
 ===================================================================
 --- openssh-7.9p1.orig/mac.c	2018-10-17 02:01:20.000000000 +0200
@ -624,7 +608,7 @@ Index: openssh-7.9p1/myproposal.h
 Index: openssh-7.9p1/readconf.c
 ===================================================================
 --- openssh-7.9p1.orig/readconf.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/readconf.c	2019-02-28 20:18:54.650614520 +0100
+++ openssh-7.9p1/readconf.c	2019-02-28 20:20:19.619112418 +0100
@@ -68,6 +68,8 @@
 #include "myproposal.h"
 #include "digest.h"
@ -857,7 +841,7 @@ Index: openssh-7.9p1/ssh_config.5
 Index: openssh-7.9p1/sshd.c
 ===================================================================
 --- openssh-7.9p1.orig/sshd.c	2018-10-17 02:01:20.000000000 +0200
-+++ openssh-7.9p1/sshd.c	2019-02-28 20:18:30.534473204 +0100
+++ openssh-7.9p1/sshd.c	2019-03-12 11:41:49.514894158 +0100
@@ -123,6 +123,8 @@
 #include "version.h"
 #include "ssherr.h"
--- a/openssh-7.7p1-fips_checks.patch
+++ b/openssh-7.7p1-fips_checks.patch
@ -17,7 +17,7 @@
 Index: openssh-7.9p1/fips-check.c
 ===================================================================
 --- /dev/null	1970-01-01 00:00:00.000000000 +0000
-+++ openssh-7.9p1/fips-check.c	2019-02-27 14:03:03.383988170 +0100
+++ openssh-7.9p1/fips-check.c	2019-03-12 11:42:19.299050200 +0100
@@ -0,0 +1,34 @@
 +#include "includes.h"
 +#include <fcntl.h>
@ -55,9 +55,9 @@ Index: openssh-7.9p1/fips-check.c
 +}
 Index: openssh-7.9p1/fips.c
 ===================================================================
--- openssh-7.9p1.orig/fips.c	2019-02-27 14:03:03.323987792 +0100
+--- openssh-7.9p1.orig/fips.c	2019-03-12 11:42:19.299050200 +0100
-+++ openssh-7.9p1/fips.c	2019-02-27 14:03:03.383988170 +0100
+++ openssh-7.9p1/fips.c	2019-03-12 11:43:02.363275819 +0100
-@@ -35,33 +35,296 @@
+@@ -35,30 +35,293 @@
 #include "log.h"
 #include "xmalloc.h"
@ -72,9 +72,6 @@ Index: openssh-7.9p1/fips.c
 +#include <openssl/err.h>
 +#include <openssl/hmac.h>
 /* import from dh.c */
 extern int dh_grp_min;
 static int fips_state = -1;
 +/* calculates HMAC of contents of a file given by filename using the hash
@ -367,8 +364,8 @@ Index: openssh-7.9p1/fips.c
 {
 Index: openssh-7.9p1/fips.h
 ===================================================================
--- openssh-7.9p1.orig/fips.h	2019-02-27 14:03:03.323987792 +0100
+--- openssh-7.9p1.orig/fips.h	2019-03-12 11:42:13.819021490 +0100
-+++ openssh-7.9p1/fips.h	2019-02-27 14:03:03.383988170 +0100
+++ openssh-7.9p1/fips.h	2019-03-12 11:42:19.303050221 +0100
@@ -1,5 +1,5 @@
 /*
 - * Copyright (c) 2012 Petr Cerny.  All rights reserved.
@ -412,8 +409,8 @@ Index: openssh-7.9p1/fips.h
 -
 Index: openssh-7.9p1/sftp-server.c
 ===================================================================
--- openssh-7.9p1.orig/sftp-server.c	2018-10-17 02:01:20.000000000 +0200
+--- openssh-7.9p1.orig/sftp-server.c	2019-03-12 11:42:13.819021490 +0100
-+++ openssh-7.9p1/sftp-server.c	2019-02-27 14:03:03.383988170 +0100
+++ openssh-7.9p1/sftp-server.c	2019-03-12 11:42:19.303050221 +0100
@@ -51,6 +51,8 @@
 #include "sftp.h"
 #include "sftp-common.h"
@ -435,8 +432,8 @@ Index: openssh-7.9p1/sftp-server.c
 	log_init(__progname, log_level, log_facility, log_stderr);
 Index: openssh-7.9p1/ssh.c
 ===================================================================
--- openssh-7.9p1.orig/ssh.c	2018-10-17 02:01:20.000000000 +0200
+--- openssh-7.9p1.orig/ssh.c	2019-03-12 11:42:13.823021511 +0100
-+++ openssh-7.9p1/ssh.c	2019-02-27 14:03:03.387988194 +0100
+++ openssh-7.9p1/ssh.c	2019-03-12 11:42:19.303050221 +0100
@@ -113,6 +113,8 @@
 #include "ssh-pkcs11.h"
 #endif
@ -459,8 +456,8 @@ Index: openssh-7.9p1/ssh.c
 	sanitise_stdfd();
 Index: openssh-7.9p1/sshd.c
 ===================================================================
--- openssh-7.9p1.orig/sshd.c	2019-02-27 14:03:03.327987816 +0100
+--- openssh-7.9p1.orig/sshd.c	2019-03-12 11:42:13.823021511 +0100
-+++ openssh-7.9p1/sshd.c	2019-02-27 14:03:03.387988194 +0100
+++ openssh-7.9p1/sshd.c	2019-03-12 11:42:19.303050221 +0100
@@ -1485,6 +1485,10 @@ main(int ac, char **av)
 	Authctxt *authctxt;
 	struct connection_info *connection_info = NULL;
--- a/openssh.changes
+++ b/openssh.changes
@ -1,3 +1,10 @@
 -------------------------------------------------------------------
 Tue Mar 12 15:16:20 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>
 - Minor clean-up of the fips patches, modified
  openssh-7.7p1-fips.patch
  openssh-7.7p1-fips_checks.patch
 -------------------------------------------------------------------
 Mon Mar 11 15:06:17 UTC 2019 - Vítězslav Čížek <vcizek@suse.com>