From d4de5c0c42b04b30d4a1cc7047b69542e654d4b58025d924356f8f780e4dd802 Mon Sep 17 00:00:00 2001 From: OBS User unknown Date: Thu, 15 Mar 2007 00:56:27 +0000 Subject: [PATCH] OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openssh?expand=0&rev=5 --- openssh-4.5p1.tar.bz2 | 3 - ...addrlist.dif => openssh-4.6p1-addrlist.dif | 4 +- ...fix.diff => openssh-4.6p1-askpass-fix.diff | 0 ...1-audit.patch => openssh-4.6p1-audit.patch | 185 +++++++++--------- ...rm.diff => openssh-4.6p1-blocksigalrm.diff | 0 ...iff => openssh-4.6p1-default-protocol.diff | 0 ...4.5p1-eal3.diff => openssh-4.6p1-eal3.diff | 12 +- ...engines.diff => openssh-4.6p1-engines.diff | 38 ++-- ...c-fix.patch => openssh-4.6p1-gcc-fix.patch | 0 ...tm.patch => openssh-4.6p1-gssapimitm.patch | 8 +- ...m-fix2.diff => openssh-4.6p1-pam-fix2.diff | 0 ...m-fix3.diff => openssh-4.6p1-pam-fix3.diff | 0 ...ome.diff => openssh-4.6p1-pwname-home.diff | 12 +- ...ix.diff => openssh-4.6p1-saveargv-fix.diff | 2 +- ...ale.diff => openssh-4.6p1-send_locale.diff | 0 ... => openssh-4.6p1-strict-aliasing-fix.diff | 0 ...1-tmpdir.diff => openssh-4.6p1-tmpdir.diff | 2 +- ...5p1-xauth.diff => openssh-4.6p1-xauth.diff | 0 ...f => openssh-4.6p1-xauthlocalhostname.diff | 0 openssh-4.5p1.dif => openssh-4.6p1.dif | 0 openssh-4.6p1.tar.bz2 | 3 + openssh-askpass-gnome.spec | 6 +- openssh-gssapi_krb5-fix.patch | 2 +- openssh.changes | 16 ++ openssh.spec | 21 +- 25 files changed, 170 insertions(+), 144 deletions(-) delete mode 100644 openssh-4.5p1.tar.bz2 rename openssh-4.5p1-addrlist.dif => openssh-4.6p1-addrlist.dif (97%) rename openssh-4.5p1-askpass-fix.diff => openssh-4.6p1-askpass-fix.diff (100%) rename openssh-4.5p1-audit.patch => openssh-4.6p1-audit.patch (85%) rename openssh-4.5p1-blocksigalrm.diff => openssh-4.6p1-blocksigalrm.diff (100%) rename openssh-4.5p1-default-protocol.diff => openssh-4.6p1-default-protocol.diff (100%) rename openssh-4.5p1-eal3.diff => openssh-4.6p1-eal3.diff (86%) rename openssh-4.5p1-engines.diff => openssh-4.6p1-engines.diff (76%) rename openssh-4.5p1-gcc-fix.patch => openssh-4.6p1-gcc-fix.patch (100%) rename openssh-4.5p1-gssapimitm.patch => openssh-4.6p1-gssapimitm.patch (97%) rename openssh-4.5p1-pam-fix2.diff => openssh-4.6p1-pam-fix2.diff (100%) rename openssh-4.5p1-pam-fix3.diff => openssh-4.6p1-pam-fix3.diff (100%) rename openssh-4.5p1-pwname-home.diff => openssh-4.6p1-pwname-home.diff (91%) rename openssh-4.5p1-saveargv-fix.diff => openssh-4.6p1-saveargv-fix.diff (95%) rename openssh-4.5p1-send_locale.diff => openssh-4.6p1-send_locale.diff (100%) rename openssh-4.5p1-strict-aliasing-fix.diff => openssh-4.6p1-strict-aliasing-fix.diff (100%) rename openssh-4.5p1-tmpdir.diff => openssh-4.6p1-tmpdir.diff (96%) rename openssh-4.5p1-xauth.diff => openssh-4.6p1-xauth.diff (100%) rename openssh-4.5p1-xauthlocalhostname.diff => openssh-4.6p1-xauthlocalhostname.diff (100%) rename openssh-4.5p1.dif => openssh-4.6p1.dif (100%) create mode 100644 openssh-4.6p1.tar.bz2 diff --git a/openssh-4.5p1.tar.bz2 b/openssh-4.5p1.tar.bz2 deleted file mode 100644 index a76b871..0000000 --- a/openssh-4.5p1.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:1b2826c2c9b94cd2c2c441a3acf2b0f954b8556a0db6aa938cac13c44504e186 -size 776871 diff --git a/openssh-4.5p1-addrlist.dif b/openssh-4.6p1-addrlist.dif similarity index 97% rename from openssh-4.5p1-addrlist.dif rename to openssh-4.6p1-addrlist.dif index 56b54d9..f1bb95a 100644 --- a/openssh-4.5p1-addrlist.dif +++ b/openssh-4.6p1-addrlist.dif @@ -63,7 +63,7 @@ /* * Close all listening sockets -@@ -941,6 +997,7 @@ +@@ -942,6 +998,7 @@ int ret, listen_sock, on = 1; struct addrinfo *ai; char ntop[NI_MAXHOST], strport[NI_MAXSERV]; @@ -71,7 +71,7 @@ for (ai = options.listen_addrs; ai; ai = ai->ai_next) { if (ai->ai_family != AF_INET && ai->ai_family != AF_INET6) -@@ -986,6 +1043,13 @@ +@@ -987,6 +1044,13 @@ continue; } listen_socks[num_listen_socks] = listen_sock; diff --git a/openssh-4.5p1-askpass-fix.diff b/openssh-4.6p1-askpass-fix.diff similarity index 100% rename from openssh-4.5p1-askpass-fix.diff rename to openssh-4.6p1-askpass-fix.diff diff --git a/openssh-4.5p1-audit.patch b/openssh-4.6p1-audit.patch similarity index 85% rename from openssh-4.5p1-audit.patch rename to openssh-4.6p1-audit.patch index 8742565..8e994b7 100644 --- a/openssh-4.5p1-audit.patch +++ b/openssh-4.6p1-audit.patch @@ -1,5 +1,94 @@ ---- openssh-4.5p1/loginrec.c.audit 2006-09-07 14:57:54.000000000 +0200 -+++ openssh-4.5p1/loginrec.c 2006-12-21 12:17:35.000000000 +0100 +# add support for Linux audit (FATE #120269) +--- openssh-4.6p1/Makefile.in ++++ openssh-4.6p1/Makefile.in +@@ -45,6 +45,7 @@ + CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + LIBSELINUX=@LIBSELINUX@ ++LIBAUDIT=@LIBAUDIT@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBPAM=@LIBPAM@ +@@ -139,7 +140,7 @@ + $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) + + sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) +- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(SSHDLIBS) $(LIBS) ++ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) $(SSHDLIBS) $(LIBS) + + scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o + $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) +--- openssh-4.6p1/auth.c ++++ openssh-4.6p1/auth.c +@@ -286,6 +286,12 @@ + get_canonical_hostname(options.use_dns), "ssh", &loginmsg); + # endif + #endif ++#if HAVE_LINUX_AUDIT ++ if (authenticated == 0 && !authctxt->postponed) { ++ linux_audit_record_event(-1, authctxt->user, NULL, ++ get_remote_ipaddr(), "sshd", 0); ++ } ++#endif + #ifdef SSH_AUDIT_EVENTS + if (authenticated == 0 && !authctxt->postponed) + audit_event(audit_classify_auth(method)); +@@ -492,6 +498,10 @@ + record_failed_login(user, + get_canonical_hostname(options.use_dns), "ssh"); + #endif ++#ifdef HAVE_LINUX_AUDIT ++ linux_audit_record_event(-1, user, NULL, get_remote_ipaddr(), ++ "sshd", 0); ++#endif + #ifdef SSH_AUDIT_EVENTS + audit_event(SSH_INVALID_USER); + #endif /* SSH_AUDIT_EVENTS */ +--- openssh-4.6p1/config.h.in ++++ openssh-4.6p1/config.h.in +@@ -1305,6 +1305,9 @@ + /* Define if you want SELinux support. */ + #undef WITH_SELINUX + ++/* Define if you want Linux audit support. */ ++#undef HAVE_LINUX_AUDIT ++ + /* Define to 1 if your processor stores words with the most significant byte + first (like Motorola and SPARC, unlike Intel and VAX). */ + #undef WORDS_BIGENDIAN +--- openssh-4.6p1/configure.ac ++++ openssh-4.6p1/configure.ac +@@ -3170,6 +3170,20 @@ + ) + AC_SUBST(LIBSELINUX) + ++# Check whether user wants Linux audit support ++LINUX_AUDIT_MSG="no" ++LIBAUDIT="" ++AC_ARG_WITH(linux-audit, ++ [ --with-linux-audit Enable Linux audit support], ++ [ if test "x$withval" != "xno" ; then ++ AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.]) ++ LINUX_AUDIT_MSG="yes" ++ AC_CHECK_HEADERS(libaudit.h) ++ LIBAUDIT="-laudit" ++ fi ++ ]) ++AC_SUBST(LIBAUDIT) ++ + # Check whether user wants Kerberos 5 support + KRB5_MSG="no" + AC_ARG_WITH(kerberos5, +@@ -3990,6 +4004,7 @@ + echo " OSF SIA support: $SIA_MSG" + echo " KerberosV support: $KRB5_MSG" + echo " SELinux support: $SELINUX_MSG" ++echo " Linux audit support: $LINUX_AUDIT_MSG" + echo " Smartcard support: $SCARD_MSG" + echo " S/KEY support: $SKEY_MSG" + echo " TCP Wrappers support: $TCPW_MSG" +--- openssh-4.6p1/loginrec.c ++++ openssh-4.6p1/loginrec.c @@ -175,6 +175,10 @@ #include "auth.h" #include "buffer.h" @@ -84,8 +173,8 @@ /** ** Low-level libutil login() functions **/ ---- openssh-4.5p1/loginrec.h.audit 2006-08-05 04:39:40.000000000 +0200 -+++ openssh-4.5p1/loginrec.h 2006-12-21 12:17:35.000000000 +0100 +--- openssh-4.6p1/loginrec.h ++++ openssh-4.6p1/loginrec.h @@ -127,5 +127,9 @@ char *line_abbrevname(char *dst, const char *src, int dstsize); @@ -96,91 +185,3 @@ +#endif /* HAVE_LINUX_AUDIT */ #endif /* _HAVE_LOGINREC_H_ */ ---- openssh-4.5p1/Makefile.in.audit 2006-10-23 23:44:47.000000000 +0200 -+++ openssh-4.5p1/Makefile.in 2006-12-21 12:19:39.000000000 +0100 -@@ -45,6 +45,7 @@ - CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ - LIBS=@LIBS@ - LIBSELINUX=@LIBSELINUX@ -+LIBAUDIT=@LIBAUDIT@ - SSHDLIBS=@SSHDLIBS@ - LIBEDIT=@LIBEDIT@ - LIBPAM=@LIBPAM@ -@@ -139,7 +140,7 @@ - $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) - - sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) -- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(SSHDLIBS) $(LIBS) -+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBWRAP) $(LIBPAM) $(LIBSELINUX) $(LIBAUDIT) $(SSHDLIBS) $(LIBS) - - scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o - $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ---- openssh-4.5p1/config.h.in.audit 2006-11-07 14:07:01.000000000 +0100 -+++ openssh-4.5p1/config.h.in 2006-12-21 12:17:35.000000000 +0100 -@@ -1305,6 +1305,9 @@ - /* Define if you want SELinux support. */ - #undef WITH_SELINUX - -+/* Define if you want Linux audit support. */ -+#undef HAVE_LINUX_AUDIT -+ - /* Define to 1 if your processor stores words with the most significant byte - first (like Motorola and SPARC, unlike Intel and VAX). */ - #undef WORDS_BIGENDIAN ---- openssh-4.5p1/configure.ac.audit 2006-12-21 12:17:34.000000000 +0100 -+++ openssh-4.5p1/configure.ac 2006-12-21 12:17:35.000000000 +0100 -@@ -3161,6 +3161,20 @@ - ) - AC_SUBST(LIBSELINUX) - -+# Check whether user wants Linux audit support -+LINUX_AUDIT_MSG="no" -+LIBAUDIT="" -+AC_ARG_WITH(linux-audit, -+ [ --with-linux-audit Enable Linux audit support], -+ [ if test "x$withval" != "xno" ; then -+ AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.]) -+ LINUX_AUDIT_MSG="yes" -+ AC_CHECK_HEADERS(libaudit.h) -+ LIBAUDIT="-laudit" -+ fi -+ ]) -+AC_SUBST(LIBAUDIT) -+ - # Check whether user wants Kerberos 5 support - KRB5_MSG="no" - AC_ARG_WITH(kerberos5, -@@ -3982,6 +3996,7 @@ - echo " OSF SIA support: $SIA_MSG" - echo " KerberosV support: $KRB5_MSG" - echo " SELinux support: $SELINUX_MSG" -+echo " Linux audit support: $LINUX_AUDIT_MSG" - echo " Smartcard support: $SCARD_MSG" - echo " S/KEY support: $SKEY_MSG" - echo " TCP Wrappers support: $TCPW_MSG" ---- openssh-4.5p1/auth.c.audit 2006-10-27 17:10:16.000000000 +0200 -+++ openssh-4.5p1/auth.c 2006-12-21 12:17:35.000000000 +0100 -@@ -286,6 +286,12 @@ - get_canonical_hostname(options.use_dns), "ssh", &loginmsg); - # endif - #endif -+#if HAVE_LINUX_AUDIT -+ if (authenticated == 0 && !authctxt->postponed) { -+ linux_audit_record_event(-1, authctxt->user, NULL, -+ get_remote_ipaddr(), "sshd", 0); -+ } -+#endif - #ifdef SSH_AUDIT_EVENTS - if (authenticated == 0 && !authctxt->postponed) - audit_event(audit_classify_auth(method)); -@@ -492,6 +498,10 @@ - record_failed_login(user, - get_canonical_hostname(options.use_dns), "ssh"); - #endif -+#ifdef HAVE_LINUX_AUDIT -+ linux_audit_record_event(-1, user, NULL, get_remote_ipaddr(), -+ "sshd", 0); -+#endif - #ifdef SSH_AUDIT_EVENTS - audit_event(SSH_INVALID_USER); - #endif /* SSH_AUDIT_EVENTS */ diff --git a/openssh-4.5p1-blocksigalrm.diff b/openssh-4.6p1-blocksigalrm.diff similarity index 100% rename from openssh-4.5p1-blocksigalrm.diff rename to openssh-4.6p1-blocksigalrm.diff diff --git a/openssh-4.5p1-default-protocol.diff b/openssh-4.6p1-default-protocol.diff similarity index 100% rename from openssh-4.5p1-default-protocol.diff rename to openssh-4.6p1-default-protocol.diff diff --git a/openssh-4.5p1-eal3.diff b/openssh-4.6p1-eal3.diff similarity index 86% rename from openssh-4.5p1-eal3.diff rename to openssh-4.6p1-eal3.diff index 1117294..54cd896 100644 --- a/openssh-4.5p1-eal3.diff +++ b/openssh-4.6p1-eal3.diff @@ -1,5 +1,5 @@ ---- openssh-4.5p1/sshd.8 -+++ openssh-4.5p1/sshd.8 +--- openssh-4.6p1/sshd.8 ++++ openssh-4.6p1/sshd.8 @@ -739,7 +739,7 @@ The file format is described in .Xr moduli 5 . @@ -28,9 +28,9 @@ .Xr sshd_config 5 , .Xr inetd 8 , .Xr sftp-server 8 ---- openssh-4.5p1/sshd_config.5 -+++ openssh-4.5p1/sshd_config.5 -@@ -169,9 +169,6 @@ +--- openssh-4.6p1/sshd_config.5 ++++ openssh-4.6p1/sshd_config.5 +@@ -167,9 +167,6 @@ By default, no banner is displayed. .It Cm ChallengeResponseAuthentication Specifies whether challenge-response authentication is allowed. @@ -40,7 +40,7 @@ The default is .Dq yes . .It Cm Ciphers -@@ -384,7 +381,7 @@ +@@ -382,7 +379,7 @@ .Pp .Pa /etc/hosts.equiv and diff --git a/openssh-4.5p1-engines.diff b/openssh-4.6p1-engines.diff similarity index 76% rename from openssh-4.5p1-engines.diff rename to openssh-4.6p1-engines.diff index 6aa8f20..0787786 100644 --- a/openssh-4.5p1-engines.diff +++ b/openssh-4.6p1-engines.diff @@ -1,9 +1,5 @@ -# Load drivers for available hardware crypto accelerators. -# -- mludvig@suse.cz -Index: openssh-3.8p1/ssh-add.c -================================================================================ ---- openssh-4.5p1/ssh-add.c -+++ openssh-4.5p1/ssh-add.c +--- openssh-4.6p1/ssh-add.c ++++ openssh-4.6p1/ssh-add.c @@ -42,6 +42,7 @@ #include @@ -23,8 +19,8 @@ Index: openssh-3.8p1/ssh-add.c /* At first, get a connection to the authentication agent. */ ac = ssh_get_authentication_connection(); if (ac == NULL) { ---- openssh-4.5p1/ssh-agent.c -+++ openssh-4.5p1/ssh-agent.c +--- openssh-4.6p1/ssh-agent.c ++++ openssh-4.6p1/ssh-agent.c @@ -51,6 +51,7 @@ #include @@ -33,7 +29,7 @@ Index: openssh-3.8p1/ssh-add.c #include #include -@@ -1044,6 +1045,10 @@ +@@ -1043,6 +1044,10 @@ SSLeay_add_all_algorithms(); @@ -44,8 +40,8 @@ Index: openssh-3.8p1/ssh-add.c __progname = ssh_get_progname(av[0]); init_rng(); seed_rng(); ---- openssh-4.5p1/ssh-keygen.c -+++ openssh-4.5p1/ssh-keygen.c +--- openssh-4.6p1/ssh-keygen.c ++++ openssh-4.6p1/ssh-keygen.c @@ -21,6 +21,7 @@ #include @@ -54,8 +50,8 @@ Index: openssh-3.8p1/ssh-add.c #include #include -@@ -1074,6 +1075,11 @@ - __progname = ssh_get_progname(av[0]); +@@ -1073,6 +1074,11 @@ + __progname = ssh_get_progname(argv[0]); SSLeay_add_all_algorithms(); + @@ -63,11 +59,11 @@ Index: openssh-3.8p1/ssh-add.c + ENGINE_load_builtin_engines(); + ENGINE_register_all_complete(); + - log_init(av[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); + log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); init_rng(); ---- openssh-4.5p1/ssh-keysign.c -+++ openssh-4.5p1/ssh-keysign.c +--- openssh-4.6p1/ssh-keysign.c ++++ openssh-4.6p1/ssh-keysign.c @@ -38,6 +38,7 @@ #include #include @@ -88,8 +84,8 @@ Index: openssh-3.8p1/ssh-add.c for (i = 0; i < 256; i++) rnd[i] = arc4random(); RAND_seed(rnd, sizeof(rnd)); ---- openssh-4.5p1/ssh.c -+++ openssh-4.5p1/ssh.c +--- openssh-4.6p1/ssh.c ++++ openssh-4.6p1/ssh.c @@ -72,6 +72,7 @@ #include @@ -109,8 +105,8 @@ Index: openssh-3.8p1/ssh-add.c /* Initialize the command to execute on remote host. */ buffer_init(&command); ---- openssh-4.5p1/sshd.c -+++ openssh-4.5p1/sshd.c +--- openssh-4.6p1/sshd.c ++++ openssh-4.6p1/sshd.c @@ -75,6 +75,7 @@ #include #include @@ -119,7 +115,7 @@ Index: openssh-3.8p1/ssh-add.c #ifdef HAVE_SECUREWARE #include #include -@@ -1444,6 +1445,10 @@ +@@ -1445,6 +1446,10 @@ SSLeay_add_all_algorithms(); diff --git a/openssh-4.5p1-gcc-fix.patch b/openssh-4.6p1-gcc-fix.patch similarity index 100% rename from openssh-4.5p1-gcc-fix.patch rename to openssh-4.6p1-gcc-fix.patch diff --git a/openssh-4.5p1-gssapimitm.patch b/openssh-4.6p1-gssapimitm.patch similarity index 97% rename from openssh-4.5p1-gssapimitm.patch rename to openssh-4.6p1-gssapimitm.patch index b755f84..ad42ff8 100644 --- a/openssh-4.5p1-gssapimitm.patch +++ b/openssh-4.6p1-gssapimitm.patch @@ -153,16 +153,16 @@ Index: auth2-gss.c sDeprecated, sUnsupported @@ -351,9 +354,11 @@ #ifdef GSSAPI - { "gssapiauthentication", sGssAuthentication, SSHCFG_GLOBAL }, + { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, + { "gssapienablemitmattack", sGssEnableMITM }, #else - { "gssapiauthentication", sUnsupported, SSHCFG_GLOBAL }, + { "gssapiauthentication", sUnsupported, SSHCFG_ALL }, { "gssapicleanupcredentials", sUnsupported, SSHCFG_GLOBAL }, + { "gssapienablemitmattack", sUnsupported }, #endif - { "passwordauthentication", sPasswordAuthentication, SSHCFG_GLOBAL }, - { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_GLOBAL }, + { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, + { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, @@ -877,6 +882,10 @@ case sGssCleanupCreds: intptr = &options->gss_cleanup_creds; diff --git a/openssh-4.5p1-pam-fix2.diff b/openssh-4.6p1-pam-fix2.diff similarity index 100% rename from openssh-4.5p1-pam-fix2.diff rename to openssh-4.6p1-pam-fix2.diff diff --git a/openssh-4.5p1-pam-fix3.diff b/openssh-4.6p1-pam-fix3.diff similarity index 100% rename from openssh-4.5p1-pam-fix3.diff rename to openssh-4.6p1-pam-fix3.diff diff --git a/openssh-4.5p1-pwname-home.diff b/openssh-4.6p1-pwname-home.diff similarity index 91% rename from openssh-4.5p1-pwname-home.diff rename to openssh-4.6p1-pwname-home.diff index 024ede3..1e860db 100644 --- a/openssh-4.5p1-pwname-home.diff +++ b/openssh-4.6p1-pwname-home.diff @@ -1,5 +1,5 @@ ---- openssh-4.5p1/misc.c -+++ openssh-4.5p1/misc.c +--- openssh-4.6p1/misc.c ++++ openssh-4.6p1/misc.c @@ -186,6 +186,29 @@ return (old); } @@ -39,8 +39,8 @@ fatal("tilde_expand_filename: No such uid %d", uid); if (strlcpy(ret, pw->pw_dir, sizeof(ret)) >= sizeof(ret)) ---- openssh-4.5p1/misc.h -+++ openssh-4.5p1/misc.h +--- openssh-4.6p1/misc.h ++++ openssh-4.6p1/misc.h @@ -34,6 +34,7 @@ char *tohex(const void *, size_t); void sanitise_stdfd(void); @@ -49,8 +49,8 @@ struct passwd *pwcopy(struct passwd *); typedef struct arglist arglist; ---- openssh-4.5p1/ssh.c -+++ openssh-4.5p1/ssh.c +--- openssh-4.6p1/ssh.c ++++ openssh-4.6p1/ssh.c @@ -249,7 +249,7 @@ } #endif diff --git a/openssh-4.5p1-saveargv-fix.diff b/openssh-4.6p1-saveargv-fix.diff similarity index 95% rename from openssh-4.5p1-saveargv-fix.diff rename to openssh-4.6p1-saveargv-fix.diff index 2f6ab7d..0ff56ca 100644 --- a/openssh-4.5p1-saveargv-fix.diff +++ b/openssh-4.6p1-saveargv-fix.diff @@ -8,7 +8,7 @@ logit("Received SIGHUP; restarting."); close_listen_socks(); close_startup_pipes(); -@@ -1317,7 +1318,11 @@ +@@ -1318,7 +1319,11 @@ #ifndef HAVE_SETPROCTITLE /* Prepare for later setproctitle emulation */ compat_init_setproctitle(ac, av); diff --git a/openssh-4.5p1-send_locale.diff b/openssh-4.6p1-send_locale.diff similarity index 100% rename from openssh-4.5p1-send_locale.diff rename to openssh-4.6p1-send_locale.diff diff --git a/openssh-4.5p1-strict-aliasing-fix.diff b/openssh-4.6p1-strict-aliasing-fix.diff similarity index 100% rename from openssh-4.5p1-strict-aliasing-fix.diff rename to openssh-4.6p1-strict-aliasing-fix.diff diff --git a/openssh-4.5p1-tmpdir.diff b/openssh-4.6p1-tmpdir.diff similarity index 96% rename from openssh-4.5p1-tmpdir.diff rename to openssh-4.6p1-tmpdir.diff index dcf9ac7..d03ec2b 100644 --- a/openssh-4.5p1-tmpdir.diff +++ b/openssh-4.6p1-tmpdir.diff @@ -1,6 +1,6 @@ --- ssh-agent.c +++ ssh-agent.c -@@ -1127,8 +1127,18 @@ +@@ -1126,8 +1126,18 @@ parent_pid = getpid(); if (agentsocket == NULL) { diff --git a/openssh-4.5p1-xauth.diff b/openssh-4.6p1-xauth.diff similarity index 100% rename from openssh-4.5p1-xauth.diff rename to openssh-4.6p1-xauth.diff diff --git a/openssh-4.5p1-xauthlocalhostname.diff b/openssh-4.6p1-xauthlocalhostname.diff similarity index 100% rename from openssh-4.5p1-xauthlocalhostname.diff rename to openssh-4.6p1-xauthlocalhostname.diff diff --git a/openssh-4.5p1.dif b/openssh-4.6p1.dif similarity index 100% rename from openssh-4.5p1.dif rename to openssh-4.6p1.dif diff --git a/openssh-4.6p1.tar.bz2 b/openssh-4.6p1.tar.bz2 new file mode 100644 index 0000000..b462a5b --- /dev/null +++ b/openssh-4.6p1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c19f14140fbbbf912b9a033e961910ab5510a6c625bbd1a443e7aa9bbe6c09b9 +size 781338 diff --git a/openssh-askpass-gnome.spec b/openssh-askpass-gnome.spec index dd8bf65..ed0cf1c 100644 --- a/openssh-askpass-gnome.spec +++ b/openssh-askpass-gnome.spec @@ -1,5 +1,5 @@ # -# spec file for package openssh-askpass-gnome (Version 4.5p1) +# spec file for package openssh-askpass-gnome (Version 4.6p1) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -14,8 +14,8 @@ Name: openssh-askpass-gnome BuildRequires: gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files License: Other License(s), see package Group: Productivity/Networking/SSH -Version: 4.5p1 -Release: 19 +Version: 4.6p1 +Release: 1 Requires: openssh = %{version} openssh-askpass = %{version} Autoreqprov: on Summary: A GNOME-Based Passphrase Dialog for OpenSSH diff --git a/openssh-gssapi_krb5-fix.patch b/openssh-gssapi_krb5-fix.patch index 4902c72..4f49c9f 100644 --- a/openssh-gssapi_krb5-fix.patch +++ b/openssh-gssapi_krb5-fix.patch @@ -1,6 +1,6 @@ --- configure.ac +++ configure.ac -@@ -3220,7 +3220,14 @@ +@@ -3237,7 +3237,14 @@ K5LIBS="-lgssapi $K5LIBS" ], [ AC_CHECK_LIB(gssapi_krb5,gss_init_sec_context, [ AC_DEFINE(GSSAPI) diff --git a/openssh.changes b/openssh.changes index 0bc7d82..9e55161 100644 --- a/openssh.changes +++ b/openssh.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Mon Mar 12 10:56:31 CET 2007 - anicka@suse.cz + +- update to 4.6p1 + * sshd now allows the enabling and disabling of authentication + methods on a per user, group, host and network basis via the + Match directive in sshd_config. + * Allow multiple forwarding options to work when specified in a + PermitOpen directive + * Clear SIGALRM when restarting due to SIGHUP. Prevents stray + signal from taking down sshd if a connection was pending at + the time SIGHUP was received + * hang on exit" when background processes are running at the + time of exit on a ttyful/login session + * some more bugfixes + ------------------------------------------------------------------- Mon Mar 5 11:03:41 CET 2007 - anicka@suse.cz diff --git a/openssh.spec b/openssh.spec index 5a0bb65..4fa22b7 100644 --- a/openssh.spec +++ b/openssh.spec @@ -1,5 +1,5 @@ # -# spec file for package openssh (Version 4.5p1) +# spec file for package openssh (Version 4.6p1) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine @@ -28,8 +28,8 @@ Requires: /bin/netstat PreReq: /usr/sbin/groupadd /usr/sbin/useradd %insserv_prereq %fillup_prereq /bin/mkdir /bin/cat permissions Conflicts: nonfreessh Autoreqprov: on -Version: 4.5p1 -Release: 19 +Version: 4.6p1 +Release: 1 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program) URL: http://www.openssh.com/ @@ -283,7 +283,7 @@ rm -rf $RPM_BUILD_ROOT %dir /etc/slp.reg.d /etc/slp.reg.d/ssh.reg /var/adm/fillup-templates/sysconfig.ssh -%{_fwdefdir}/sshd +%config %{_fwdefdir}/sshd %files askpass %defattr(-,root,root) @@ -294,6 +294,19 @@ rm -rf $RPM_BUILD_ROOT %config %_appdefdir/SshAskpass %changelog +* Mon Mar 12 2007 - anicka@suse.cz +- update to 4.6p1 + * sshd now allows the enabling and disabling of authentication + methods on a per user, group, host and network basis via the + Match directive in sshd_config. + * Allow multiple forwarding options to work when specified in a + PermitOpen directive + * Clear SIGALRM when restarting due to SIGHUP. Prevents stray + signal from taking down sshd if a connection was pending at + the time SIGHUP was received + * hang on exit" when background processes are running at the + time of exit on a ttyful/login session + * some more bugfixes * Mon Mar 05 2007 - anicka@suse.cz - fix path for firewall definition * Thu Mar 01 2007 - anicka@suse.cz