Hello community, here is the log from the commit of package openssh for openSUSE:Factory checked in at Fri Mar 26 16:29:10 CET 2010. -------- --- openssh/openssh-askpass-gnome.changes 2009-03-03 22:42:45.000000000 +0100 +++ openssh/openssh-askpass-gnome.changes 2010-03-26 11:15:59.000000000 +0100 @@ -1,0 +2,6 @@ +Fri Mar 26 11:04:59 CET 2010 - anicka@suse.cz + +- update to 5.4p1 +- remove -pam-fix4.diff (in upstream now) + +------------------------------------------------------------------- --- openssh/openssh.changes 2010-03-02 10:09:55.000000000 +0100 +++ openssh/openssh.changes 2010-03-23 18:59:32.000000000 +0100 @@ -1,0 +2,61 @@ +Tue Mar 23 18:57:07 CET 2010 - anicka@suse.cz + +- update to 5.4p1 + * After a transition period of about 10 years, this release disables + SSH protocol 1 by default. Clients and servers that need to use the + legacy protocol must explicitly enable it in ssh_config / sshd_config + or on the command-line. + * Remove the libsectok/OpenSC-based smartcard code and add support for + PKCS#11 tokens. This support is automatically enabled on all + platforms that support dlopen(3) and was inspired by patches written + by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages. + * Add support for certificate authentication of users and hosts using a + new, minimal OpenSSH certificate format (not X.509). Certificates + contain a public key, identity information and some validity + constraints and are signed with a standard SSH public key using + ssh-keygen(1). CA keys may be marked as trusted in authorized_keys + or via a TrustedUserCAKeys option in sshd_config(5) (for user + authentication), or in known_hosts (for host authentication). + Documentation for certificate support may be found in ssh-keygen(1), + sshd(8) and ssh(1) and a description of the protocol extensions in + PROTOCOL.certkeys. + * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects + stdio on the client to a single port forward on the server. This + allows, for example, using ssh as a ProxyCommand to route connections + via intermediate servers. bz#1618 + * Add the ability to revoke keys in sshd(8) and ssh(1). User keys may + be revoked using a new sshd_config(5) option "RevokedKeys". Host keys + are revoked through known_hosts (details in the sshd(8) man page). + Revoked keys cannot be used for user or host authentication and will + trigger a warning if used. + * Rewrite the ssh(1) multiplexing support to support non-blocking + operation of the mux master, improve the resilience of the master to + malformed messages sent to it by the slave and add support for + requesting port- forwardings via the multiplex protocol. The new + stdio-to-local forward mode ("ssh -W host:port ...") is also + supported. The revised multiplexing protocol is documented in the + file PROTOCOL.mux in the source distribution. + * Add a 'read-only' mode to sftp-server(8) that disables open in write + mode and all other fs-modifying protocol methods. bz#430 + * Allow setting an explicit umask on the sftp-server(8) commandline to + override whatever default the user has. bz#1229 + * Many improvements to the sftp(1) client, many of which were + implemented by Carlos Silva through the Google Summer of Code + program: + - Support the "-h" (human-readable units) flag for ls + - Implement tab-completion of commands, local and remote filenames + - Support most of scp(1)'s commandline arguments in sftp(1), as a + first step towards making sftp(1) a drop-in replacement for scp(1). + Note that the rarely-used "-P sftp_server_path" option has been + moved to "-D sftp_server_path" to make way for "-P port" to match + scp(1). + - Add recursive transfer support for get/put and on the commandline + * New RSA keys will be generated with a public exponent of RSA_F4 == + (2**16)+1 == 65537 instead of the previous value 35. + * Passphrase-protected SSH protocol 2 private keys are now protected + with AES-128 instead of 3DES. This applied to newly-generated keys + as well as keys that are reencrypted (e.g. by changing their + passphrase). +- cleanup in patches + +------------------------------------------------------------------- calling whatdependson for head-i586 Old: ---- openssh-5.2p1-askpass-fix.diff openssh-5.2p1-audit.patch openssh-5.2p1-blocksigalrm.diff openssh-5.2p1-default-protocol.diff openssh-5.2p1-eal3.diff openssh-5.2p1-engines.diff openssh-5.2p1-forwards.diff openssh-5.2p1-gcc-fix.patch openssh-5.2p1-gssapimitm.patch openssh-5.2p1-homechroot.patch openssh-5.2p1-pam-fix2.diff openssh-5.2p1-pam-fix3.diff openssh-5.2p1-pam-fix4.diff openssh-5.2p1-pts.diff openssh-5.2p1-saveargv-fix.diff openssh-5.2p1-send_locale.diff openssh-5.2p1-tmpdir.diff openssh-5.2p1-xauth.diff openssh-5.2p1-xauthlocalhostname.diff openssh-5.2p1.dif openssh-5.2p1.tar.bz2 New: ---- openssh-5.4p1-askpass-fix.diff openssh-5.4p1-audit.patch openssh-5.4p1-blocksigalrm.diff openssh-5.4p1-default-protocol.diff openssh-5.4p1-eal3.diff openssh-5.4p1-engines.diff openssh-5.4p1-forwards.diff openssh-5.4p1-gssapimitm.patch openssh-5.4p1-homechroot.patch openssh-5.4p1-pam-fix2.diff openssh-5.4p1-pam-fix3.diff openssh-5.4p1-pts.diff openssh-5.4p1-saveargv-fix.diff openssh-5.4p1-send_locale.diff openssh-5.4p1-tmpdir.diff openssh-5.4p1-xauth.diff openssh-5.4p1-xauthlocalhostname.diff openssh-5.4p1.dif openssh-5.4p1.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh-askpass-gnome.spec ++++++ --- /var/tmp/diff_new_pack.jmPw4M/_old 2010-03-26 16:26:39.000000000 +0100 +++ /var/tmp/diff_new_pack.jmPw4M/_new 2010-03-26 16:26:39.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package openssh-askpass-gnome (Version 5.2p1) +# spec file for package openssh-askpass-gnome (Version 5.4p1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -22,8 +22,8 @@ BuildRequires: gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files License: BSD3c(or similar) Group: Productivity/Networking/SSH -Version: 5.2p1 -Release: 12 +Version: 5.4p1 +Release: 1 Requires: openssh = %{version} openssh-askpass = %{version} AutoReqProv: on Summary: A GNOME-Based Passphrase Dialog for OpenSSH @@ -31,14 +31,13 @@ %define _name openssh Source: %{_name}-%{version}.tar.bz2 Patch: %{_name}-%{version}.dif -Patch15: %{_name}-%{version}-pam-fix2.diff -Patch18: %{_name}-%{version}-saveargv-fix.diff -Patch19: %{_name}-%{version}-pam-fix3.diff -Patch21: %{_name}-%{version}-gssapimitm.patch -Patch26: %{_name}-%{version}-eal3.diff -Patch27: %{_name}-%{version}-engines.diff -Patch28: %{_name}-%{version}-blocksigalrm.diff -Patch29: %{_name}-%{version}-pam-fix4.diff +Patch1: %{_name}-%{version}-pam-fix2.diff +Patch2: %{_name}-%{version}-saveargv-fix.diff +Patch3: %{_name}-%{version}-pam-fix3.diff +Patch4: %{_name}-%{version}-gssapimitm.patch +Patch5: %{_name}-%{version}-eal3.diff +Patch6: %{_name}-%{version}-engines.diff +Patch7: %{_name}-%{version}-blocksigalrm.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -74,14 +73,13 @@ %prep %setup -q -n %{_name}-%{version} %patch -%patch15 -%patch18 -%patch19 -%patch21 -%patch26 -p1 -%patch27 -p1 -%patch28 -%patch29 -p1 +%patch1 +%patch2 +%patch3 +%patch4 +%patch5 -p1 +%patch6 -p1 +%patch7 %build %{?suse_update_config:%{suse_update_config}} ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.jmPw4M/_old 2010-03-26 16:26:39.000000000 +0100 +++ /var/tmp/diff_new_pack.jmPw4M/_new 2010-03-26 16:26:39.000000000 +0100 @@ -1,5 +1,5 @@ # -# spec file for package openssh (Version 5.2p1) +# spec file for package openssh (Version 5.4p1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -35,8 +35,8 @@ PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils permissions Conflicts: nonfreessh AutoReqProv: on -Version: 5.2p1 -Release: 12 +Version: 5.4p1 +Release: 1 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program) Url: http://www.openssh.com/ @@ -51,25 +51,23 @@ Source8: ssh-askpass Source9: sshd.fw Patch: %{name}-%{version}.dif -Patch12: %{name}-%{version}-askpass-fix.diff -Patch15: %{name}-%{version}-pam-fix2.diff -Patch18: %{name}-%{version}-saveargv-fix.diff -Patch19: %{name}-%{version}-pam-fix3.diff -Patch21: %{name}-%{version}-gssapimitm.patch -Patch26: %{name}-%{version}-eal3.diff -Patch27: %{name}-%{version}-engines.diff -Patch28: %{name}-%{version}-blocksigalrm.diff -Patch35: %{name}-%{version}-send_locale.diff -Patch36: %{name}-%{version}-xauthlocalhostname.diff -Patch37: %{name}-%{version}-tmpdir.diff -Patch40: %{name}-%{version}-xauth.diff -Patch41: %{name}-%{version}-gcc-fix.patch -Patch43: %{name}-%{version}-default-protocol.diff -Patch44: %{name}-%{version}-audit.patch -Patch45: %{name}-%{version}-pts.diff -Patch46: %{name}-%{version}-pam-fix4.diff -Patch48: %{name}-%{version}-forwards.diff -Patch49: %{name}-%{version}-homechroot.patch +Patch1: %{name}-%{version}-askpass-fix.diff +Patch2: %{name}-%{version}-pam-fix2.diff +Patch3: %{name}-%{version}-saveargv-fix.diff +Patch4: %{name}-%{version}-pam-fix3.diff +Patch5: %{name}-%{version}-gssapimitm.patch +Patch6: %{name}-%{version}-eal3.diff +Patch7: %{name}-%{version}-engines.diff +Patch8: %{name}-%{version}-blocksigalrm.diff +Patch9: %{name}-%{version}-send_locale.diff +Patch10: %{name}-%{version}-xauthlocalhostname.diff +Patch11: %{name}-%{version}-tmpdir.diff +Patch12: %{name}-%{version}-xauth.diff +Patch14: %{name}-%{version}-default-protocol.diff +Patch15: %{name}-%{version}-audit.patch +Patch16: %{name}-%{version}-pts.diff +Patch17: %{name}-%{version}-forwards.diff +Patch18: %{name}-%{version}-homechroot.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %package askpass @@ -98,28 +96,26 @@ %prep %setup -q -b 3 -a 1 -a 5 %patch -%patch15 +%patch2 +%patch3 +%patch4 +%patch5 +%patch6 -p1 +%patch7 -p1 +%patch8 +%patch9 +%patch10 +%patch11 +%patch12 +%patch14 +%patch15 -p1 +%patch16 +%patch17 %patch18 -%patch19 -%patch21 -%patch26 -p1 -%patch27 -p1 -%patch28 -%patch35 -%patch36 -%patch37 -%patch40 -%patch41 -%patch43 -%patch44 -p1 -%patch45 -%patch46 -p1 -%patch48 -%patch49 cp -v %{SOURCE4} . cp -v %{SOURCE6} . cd ../x11-ssh-askpass-%{xversion} -%patch12 +%patch1 %build # This package failed when testing with -Wl,-as-needed being default. @@ -248,6 +244,7 @@ %attr(0755,root,root) %dir /usr/%_lib/ssh %attr(0755,root,root) /usr/%_lib/ssh/sftp-server %attr(0755,root,root) /usr/%_lib/ssh/ssh-keysign +%attr(0755,root,root) /usr/%_lib/ssh/ssh-pkcs11-helper %dir /etc/slp.reg.d %config /etc/slp.reg.d/ssh.reg /var/adm/fillup-templates/sysconfig.ssh ++++++ openssh-5.2p1-askpass-fix.diff -> openssh-5.4p1-askpass-fix.diff ++++++ ++++++ openssh-5.2p1-audit.patch -> openssh-5.4p1-audit.patch ++++++ --- openssh/openssh-5.2p1-audit.patch 2010-02-23 15:45:57.000000000 +0100 +++ openssh/openssh-5.4p1-audit.patch 2010-03-23 18:59:22.000000000 +0100 @@ -1,8 +1,10 @@ # add support for Linux audit (FATE #120269) ================================================================================ ---- openssh-5.2p1/Makefile.in -+++ openssh-5.2p1/Makefile.in -@@ -44,6 +44,7 @@ +Index: openssh-5.4p1/Makefile.in +=================================================================== +--- openssh-5.4p1.orig/Makefile.in ++++ openssh-5.4p1/Makefile.in +@@ -46,6 +46,7 @@ LD=@LD@ CFLAGS=@CFLAGS@ CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ LIBS=@LIBS@ @@ -10,7 +12,7 @@ SSHDLIBS=@SSHDLIBS@ LIBEDIT=@LIBEDIT@ AR=@AR@ -@@ -137,7 +138,7 @@ +@@ -142,7 +143,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) @@ -19,9 +21,11 @@ scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o $(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) ---- openssh-5.2p1/auth.c -+++ openssh-5.2p1/auth.c -@@ -287,6 +287,12 @@ +Index: openssh-5.4p1/auth.c +=================================================================== +--- openssh-5.4p1.orig/auth.c ++++ openssh-5.4p1/auth.c +@@ -293,6 +293,12 @@ auth_log(Authctxt *authctxt, int authent get_canonical_hostname(options.use_dns), "ssh", &loginmsg); # endif #endif @@ -34,7 +38,7 @@ #ifdef SSH_AUDIT_EVENTS if (authenticated == 0 && !authctxt->postponed) audit_event(audit_classify_auth(method)); -@@ -533,6 +539,10 @@ +@@ -564,6 +570,10 @@ getpwnamallow(const char *user) record_failed_login(user, get_canonical_hostname(options.use_dns), "ssh"); #endif @@ -45,9 +49,11 @@ #ifdef SSH_AUDIT_EVENTS audit_event(SSH_INVALID_USER); #endif /* SSH_AUDIT_EVENTS */ ---- openssh-5.2p1/config.h.in -+++ openssh-5.2p1/config.h.in -@@ -1397,6 +1397,9 @@ +Index: openssh-5.4p1/config.h.in +=================================================================== +--- openssh-5.4p1.orig/config.h.in ++++ openssh-5.4p1/config.h.in +@@ -1415,6 +1415,9 @@ /* Define if you want SELinux support. */ #undef WITH_SELINUX @@ -57,9 +63,11 @@ /* Define to 1 if your processor stores words with the most significant byte first (like Motorola and SPARC, unlike Intel and VAX). */ #undef WORDS_BIGENDIAN ---- openssh-5.2p1/configure.ac -+++ openssh-5.2p1/configure.ac -@@ -3340,6 +3340,20 @@ +Index: openssh-5.4p1/configure.ac +=================================================================== +--- openssh-5.4p1.orig/configure.ac ++++ openssh-5.4p1/configure.ac +@@ -3363,6 +3363,20 @@ AC_ARG_WITH(selinux, fi ] ) @@ -80,7 +88,7 @@ # Check whether user wants Kerberos 5 support KRB5_MSG="no" AC_ARG_WITH(kerberos5, -@@ -4160,6 +4174,7 @@ +@@ -4182,6 +4196,7 @@ echo " PAM support echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" @@ -88,8 +96,10 @@ echo " Smartcard support: $SCARD_MSG" echo " S/KEY support: $SKEY_MSG" echo " TCP Wrappers support: $TCPW_MSG" ---- openssh-5.2p1/loginrec.c -+++ openssh-5.2p1/loginrec.c +Index: openssh-5.4p1/loginrec.c +=================================================================== +--- openssh-5.4p1.orig/loginrec.c ++++ openssh-5.4p1/loginrec.c @@ -176,6 +176,10 @@ #include "auth.h" #include "buffer.h" @@ -210,9 +220,11 @@ /** ** Low-level libutil login() functions **/ ---- openssh-5.2p1/loginrec.h -+++ openssh-5.2p1/loginrec.h -@@ -127,5 +127,9 @@ +Index: openssh-5.4p1/loginrec.h +=================================================================== +--- openssh-5.4p1.orig/loginrec.h ++++ openssh-5.4p1/loginrec.h +@@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch char *line_abbrevname(char *dst, const char *src, int dstsize); void record_failed_login(const char *, const char *, const char *); ++++++ openssh-5.2p1-blocksigalrm.diff -> openssh-5.4p1-blocksigalrm.diff ++++++ ++++++ openssh-5.2p1-default-protocol.diff -> openssh-5.4p1-default-protocol.diff ++++++ --- openssh/openssh-5.2p1-default-protocol.diff 2009-03-03 22:42:44.000000000 +0100 +++ openssh/openssh-5.4p1-default-protocol.diff 2010-03-23 18:59:23.000000000 +0100 @@ -1,6 +1,8 @@ ---- ssh_config +Index: ssh_config +=================================================================== +--- ssh_config.orig +++ ssh_config -@@ -46,7 +46,7 @@ +@@ -46,7 +46,7 @@ ForwardX11Trusted yes # IdentityFile ~/.ssh/id_rsa # IdentityFile ~/.ssh/id_dsa # Port 22 ++++++ openssh-5.2p1-eal3.diff -> openssh-5.4p1-eal3.diff ++++++ --- openssh/openssh-5.2p1-eal3.diff 2009-03-03 22:42:44.000000000 +0100 +++ openssh/openssh-5.4p1-eal3.diff 2010-03-23 18:59:23.000000000 +0100 @@ -1,6 +1,8 @@ ---- openssh-5.2p1/sshd.8 -+++ openssh-5.2p1/sshd.8 -@@ -783,7 +783,7 @@ +Index: openssh-5.4p1/sshd.8 +=================================================================== +--- openssh-5.4p1.orig/sshd.8 ++++ openssh-5.4p1/sshd.8 +@@ -840,7 +840,7 @@ Contains Diffie-Hellman groups used for The file format is described in .Xr moduli 5 . .Pp @@ -9,7 +11,7 @@ See .Xr motd 5 . .Pp -@@ -796,7 +796,7 @@ +@@ -853,7 +853,7 @@ are displayed to anyone trying to log in refused. The file should be world-readable. .Pp @@ -18,7 +20,7 @@ This file is used in exactly the same way as .Pa hosts.equiv , but allows host-based authentication without permitting login with -@@ -873,8 +873,7 @@ +@@ -930,8 +930,7 @@ The content of this file is not sensitiv .Xr ssh-keyscan 1 , .Xr chroot 2 , .Xr hosts_access 5 , @@ -28,19 +30,11 @@ .Xr sshd_config 5 , .Xr inetd 8 , .Xr sftp-server 8 ---- openssh-5.2p1/sshd_config.5 -+++ openssh-5.2p1/sshd_config.5 -@@ -177,9 +177,6 @@ - By default, no banner is displayed. - .It Cm ChallengeResponseAuthentication - Specifies whether challenge-response authentication is allowed. --All authentication styles from --.Xr login.conf 5 --are supported. - The default is - .Dq yes . - .It Cm ChrootDirectory -@@ -438,7 +435,7 @@ +Index: openssh-5.4p1/sshd_config.5 +=================================================================== +--- openssh-5.4p1.orig/sshd_config.5 ++++ openssh-5.4p1/sshd_config.5 +@@ -451,7 +451,7 @@ or .Pp .Pa /etc/hosts.equiv and ++++++ openssh-5.2p1-engines.diff -> openssh-5.4p1-engines.diff ++++++ --- openssh/openssh-5.2p1-engines.diff 2009-03-03 22:42:44.000000000 +0100 +++ openssh/openssh-5.4p1-engines.diff 2010-03-23 18:59:24.000000000 +0100 @@ -1,5 +1,7 @@ ---- openssh-5.2p1/ssh-add.c -+++ openssh-5.2p1/ssh-add.c +Index: openssh-5.4p1/ssh-add.c +=================================================================== +--- openssh-5.4p1.orig/ssh-add.c ++++ openssh-5.4p1/ssh-add.c @@ -43,6 +43,7 @@ #include <openssl/evp.h> @@ -8,7 +10,7 @@ #include <fcntl.h> #include <pwd.h> -@@ -344,6 +345,10 @@ +@@ -366,6 +367,10 @@ main(int argc, char **argv) SSLeay_add_all_algorithms(); @@ -19,8 +21,10 @@ /* At first, get a connection to the authentication agent. */ ac = ssh_get_authentication_connection(); if (ac == NULL) { ---- openssh-5.2p1/ssh-agent.c -+++ openssh-5.2p1/ssh-agent.c +Index: openssh-5.4p1/ssh-agent.c +=================================================================== +--- openssh-5.4p1.orig/ssh-agent.c ++++ openssh-5.4p1/ssh-agent.c @@ -52,6 +52,7 @@ #include <openssl/evp.h> #include <openssl/md5.h> @@ -29,7 +33,7 @@ #include <errno.h> #include <fcntl.h> -@@ -1076,6 +1077,10 @@ +@@ -1091,6 +1092,10 @@ main(int ac, char **av) SSLeay_add_all_algorithms(); @@ -40,8 +44,10 @@ __progname = ssh_get_progname(av[0]); init_rng(); seed_rng(); ---- openssh-5.2p1/ssh-keygen.c -+++ openssh-5.2p1/ssh-keygen.c +Index: openssh-5.4p1/ssh-keygen.c +=================================================================== +--- openssh-5.4p1.orig/ssh-keygen.c ++++ openssh-5.4p1/ssh-keygen.c @@ -22,6 +22,7 @@ #include <openssl/evp.h> #include <openssl/pem.h> @@ -50,7 +56,7 @@ #include <errno.h> #include <fcntl.h> -@@ -1099,6 +1100,11 @@ +@@ -1523,6 +1524,11 @@ main(int argc, char **argv) __progname = ssh_get_progname(argv[0]); SSLeay_add_all_algorithms(); @@ -62,8 +68,10 @@ log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); init_rng(); ---- openssh-5.2p1/ssh-keysign.c -+++ openssh-5.2p1/ssh-keysign.c +Index: openssh-5.4p1/ssh-keysign.c +=================================================================== +--- openssh-5.4p1.orig/ssh-keysign.c ++++ openssh-5.4p1/ssh-keysign.c @@ -38,6 +38,7 @@ #include <openssl/evp.h> #include <openssl/rand.h> @@ -72,7 +80,7 @@ #include "xmalloc.h" #include "log.h" -@@ -195,6 +196,11 @@ +@@ -195,6 +196,11 @@ main(int argc, char **argv) fatal("could not open any host key"); SSLeay_add_all_algorithms(); @@ -84,9 +92,11 @@ for (i = 0; i < 256; i++) rnd[i] = arc4random(); RAND_seed(rnd, sizeof(rnd)); ---- openssh-5.2p1/ssh.c -+++ openssh-5.2p1/ssh.c -@@ -73,6 +73,7 @@ +Index: openssh-5.4p1/ssh.c +=================================================================== +--- openssh-5.4p1.orig/ssh.c ++++ openssh-5.4p1/ssh.c +@@ -74,6 +74,7 @@ #include <openssl/err.h> #include "openbsd-compat/openssl-compat.h" #include "openbsd-compat/sys-queue.h" @@ -94,7 +104,7 @@ #include "xmalloc.h" #include "ssh.h" -@@ -550,6 +551,10 @@ +@@ -584,6 +585,10 @@ main(int ac, char **av) SSLeay_add_all_algorithms(); ERR_load_crypto_strings(); @@ -105,8 +115,10 @@ /* Initialize the command to execute on remote host. */ buffer_init(&command); ---- openssh-5.2p1/sshd.c -+++ openssh-5.2p1/sshd.c +Index: openssh-5.4p1/sshd.c +=================================================================== +--- openssh-5.4p1.orig/sshd.c ++++ openssh-5.4p1/sshd.c @@ -77,6 +77,7 @@ #include <openssl/md5.h> #include <openssl/rand.h> @@ -115,7 +127,7 @@ #ifdef HAVE_SECUREWARE #include <sys/security.h> -@@ -1415,6 +1416,10 @@ +@@ -1462,6 +1463,10 @@ main(int ac, char **av) SSLeay_add_all_algorithms(); ++++++ openssh-5.2p1-forwards.diff -> openssh-5.4p1-forwards.diff ++++++ --- openssh/openssh-5.2p1-forwards.diff 2009-03-03 22:42:44.000000000 +0100 +++ openssh/openssh-5.4p1-forwards.diff 2010-03-23 18:59:24.000000000 +0100 @@ -1,6 +1,8 @@ ---- channels.c +Index: channels.c +=================================================================== +--- channels.c.orig +++ channels.c -@@ -2471,6 +2471,9 @@ +@@ -2625,6 +2625,9 @@ channel_setup_fwd_listener(int type, con char ntop[NI_MAXHOST], strport[NI_MAXSERV]; in_port_t *lport_p; ++++++ openssh-5.2p1-gssapimitm.patch -> openssh-5.4p1-gssapimitm.patch ++++++ --- openssh/openssh-5.2p1-gssapimitm.patch 2009-03-03 22:42:44.000000000 +0100 +++ openssh/openssh-5.4p1-gssapimitm.patch 2010-03-23 18:59:25.000000000 +0100 @@ -14,10 +14,10 @@ are encouraged to upgrade as soon as possible. Index: auth2-gss.c -================================================================================ ---- auth2-gss.c +=================================================================== +--- auth2-gss.c.orig +++ auth2-gss.c -@@ -177,6 +177,15 @@ +@@ -177,6 +177,15 @@ input_gssapi_token(int type, u_int32_t p dispatch_set( SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, &input_gssapi_exchange_complete); @@ -33,7 +33,7 @@ } } -@@ -298,4 +307,10 @@ +@@ -298,4 +307,10 @@ Authmethod method_gssapi = { &options.gss_authentication }; @@ -44,9 +44,11 @@ +}; + #endif /* GSSAPI */ ---- auth2.c +Index: auth2.c +=================================================================== +--- auth2.c.orig +++ auth2.c -@@ -70,6 +70,7 @@ +@@ -70,6 +70,7 @@ extern Authmethod method_kbdint; extern Authmethod method_hostbased; #ifdef GSSAPI extern Authmethod method_gssapi; @@ -54,7 +56,7 @@ #endif #ifdef JPAKE extern Authmethod method_jpake; -@@ -80,6 +81,7 @@ +@@ -80,6 +81,7 @@ Authmethod *authmethods[] = { &method_pubkey, #ifdef GSSAPI &method_gssapi, @@ -62,10 +64,12 @@ #endif #ifdef JPAKE &method_jpake, ---- readconf.c +Index: readconf.c +=================================================================== +--- readconf.c.orig +++ readconf.c -@@ -126,7 +126,7 @@ - oHostKeyAlgorithms, oBindAddress, oSmartcardDevice, +@@ -126,7 +126,7 @@ typedef enum { + oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, - oAddressFamily, oGssAuthentication, oGssDelegateCreds, @@ -73,7 +77,7 @@ oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, oSendEnv, oControlPath, oControlMaster, oHashKnownHosts, oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, -@@ -165,9 +165,11 @@ +@@ -165,9 +165,11 @@ static struct { #if defined(GSSAPI) { "gssapiauthentication", oGssAuthentication }, { "gssapidelegatecredentials", oGssDelegateCreds }, @@ -85,7 +89,7 @@ #endif { "fallbacktorsh", oDeprecated }, { "usersh", oDeprecated }, -@@ -456,6 +458,10 @@ +@@ -459,6 +461,10 @@ parse_flag: case oGssDelegateCreds: intptr = &options->gss_deleg_creds; goto parse_flag; @@ -96,7 +100,7 @@ case oBatchMode: intptr = &options->batch_mode; -@@ -1009,6 +1015,7 @@ +@@ -1016,6 +1022,7 @@ initialize_options(Options * options) options->challenge_response_authentication = -1; options->gss_authentication = -1; options->gss_deleg_creds = -1; @@ -104,7 +108,7 @@ options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->kbd_interactive_devices = NULL; -@@ -1101,6 +1108,8 @@ +@@ -1109,6 +1116,8 @@ fill_default_options(Options * options) options->gss_authentication = 0; if (options->gss_deleg_creds == -1) options->gss_deleg_creds = 0; @@ -113,9 +117,11 @@ if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) ---- readconf.h +Index: readconf.h +=================================================================== +--- readconf.h.orig +++ readconf.h -@@ -45,6 +45,7 @@ +@@ -45,6 +45,7 @@ typedef struct { /* Try S/Key or TIS, authentication. */ int gss_authentication; /* Try GSS authentication */ int gss_deleg_creds; /* Delegate GSS credentials */ @@ -123,9 +129,11 @@ int password_authentication; /* Try password * authentication. */ int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ ---- servconf.c +Index: servconf.c +=================================================================== +--- servconf.c.orig +++ servconf.c -@@ -93,6 +93,7 @@ +@@ -94,6 +94,7 @@ initialize_server_options(ServerOptions options->kerberos_get_afs_token = -1; options->gss_authentication=-1; options->gss_cleanup_creds = -1; @@ -133,7 +141,7 @@ options->password_authentication = -1; options->kbd_interactive_authentication = -1; options->challenge_response_authentication = -1; -@@ -212,6 +213,8 @@ +@@ -216,6 +217,8 @@ fill_default_server_options(ServerOption options->gss_authentication = 0; if (options->gss_cleanup_creds == -1) options->gss_cleanup_creds = 1; @@ -142,7 +150,7 @@ if (options->password_authentication == -1) options->password_authentication = 1; if (options->kbd_interactive_authentication == -1) -@@ -302,7 +305,7 @@ +@@ -306,7 +309,7 @@ typedef enum { sBanner, sUseDNS, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, @@ -150,8 +158,8 @@ + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, sUsePrivilegeSeparation, sAllowAgentForwarding, - sZeroKnowledgePasswordAuthentication, -@@ -364,9 +367,11 @@ + sZeroKnowledgePasswordAuthentication, sHostCertificate, +@@ -369,9 +372,11 @@ static struct { #ifdef GSSAPI { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, @@ -163,7 +171,7 @@ #endif { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, -@@ -894,6 +899,10 @@ +@@ -928,6 +933,10 @@ process_server_config_line(ServerOptions case sGssCleanupCreds: intptr = &options->gss_cleanup_creds; goto parse_flag; @@ -174,9 +182,11 @@ case sPasswordAuthentication: intptr = &options->password_authentication; ---- servconf.h +Index: servconf.h +=================================================================== +--- servconf.h.orig +++ servconf.h -@@ -92,6 +92,7 @@ +@@ -95,6 +95,7 @@ typedef struct { * authenticated with Kerberos. */ int gss_authentication; /* If true, permit GSSAPI authentication */ int gss_cleanup_creds; /* If true, destroy cred cache on logout */ @@ -184,9 +194,11 @@ int password_authentication; /* If true, permit password * authentication. */ int kbd_interactive_authentication; /* If true, permit */ ---- ssh_config +Index: ssh_config +=================================================================== +--- ssh_config.orig +++ ssh_config -@@ -54,4 +54,14 @@ +@@ -54,5 +54,15 @@ ForwardX11Trusted yes # Tunnel no # TunnelDevice any:any # PermitLocalCommand no @@ -201,9 +213,12 @@ + +>>>>>>> # VisualHostKey no ---- sshconnect2.c + # ProxyCommand ssh -q -W %h:%p gateway.example.com +Index: sshconnect2.c +=================================================================== +--- sshconnect2.c.orig +++ sshconnect2.c -@@ -255,6 +255,10 @@ +@@ -263,6 +263,10 @@ Authmethod authmethods[] = { NULL, &options.gss_authentication, NULL}, @@ -214,7 +229,7 @@ #endif {"hostbased", userauth_hostbased, -@@ -617,7 +621,9 @@ +@@ -640,7 +644,9 @@ process_gssapi_token(void *ctxt, gss_buf if (status == GSS_S_COMPLETE) { /* send either complete or MIC, depending on mechanism */ @@ -225,9 +240,11 @@ packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE); packet_send(); } else { ---- sshd_config +Index: sshd_config +=================================================================== +--- sshd_config.orig +++ sshd_config -@@ -74,6 +74,13 @@ +@@ -72,6 +72,13 @@ PasswordAuthentication no #GSSAPIAuthentication no #GSSAPICleanupCredentials yes ++++++ openssh-5.2p1-homechroot.patch -> openssh-5.4p1-homechroot.patch ++++++ --- openssh/openssh-5.2p1-homechroot.patch 2009-09-21 15:43:24.000000000 +0200 +++ openssh/openssh-5.4p1-homechroot.patch 2010-03-23 18:59:25.000000000 +0100 @@ -1,4 +1,6 @@ ---- chrootenv.h +Index: chrootenv.h +=================================================================== +--- /dev/null +++ chrootenv.h @@ -0,0 +1,32 @@ +/* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */ @@ -33,7 +35,9 @@ + +#endif + ---- session.c +Index: session.c +=================================================================== +--- session.c.orig +++ session.c @@ -119,6 +119,8 @@ void do_child(Session *, const char *); void do_motd(void); @@ -44,7 +48,7 @@ static void do_authenticated1(Authctxt *); static void do_authenticated2(Authctxt *); -@@ -802,6 +804,11 @@ do_exec(Session *s, const char *command) +@@ -805,6 +807,11 @@ do_exec(Session *s, const char *command) debug("Forced command (key option) '%.900s'", command); } @@ -56,7 +60,7 @@ #ifdef SSH_AUDIT_EVENTS if (command != NULL) PRIVSEP(audit_run_command(command)); -@@ -1399,6 +1406,63 @@ do_nologin(struct passwd *pw) +@@ -1418,6 +1425,63 @@ do_nologin(struct passwd *pw) } /* @@ -120,7 +124,7 @@ * Chroot into a directory after checking it for safety: all path components * must be root-owned directories with strict permissions. */ -@@ -1408,6 +1472,7 @@ safely_chroot(const char *path, uid_t ui +@@ -1427,6 +1491,7 @@ safely_chroot(const char *path, uid_t ui const char *cp; char component[MAXPATHLEN]; struct stat st; @@ -128,7 +132,7 @@ if (*path != '/') fatal("chroot path does not begin at root"); -@@ -1419,7 +1484,7 @@ safely_chroot(const char *path, uid_t ui +@@ -1438,7 +1503,7 @@ safely_chroot(const char *path, uid_t ui * root-owned directory with strict permissions. */ for (cp = path; cp != NULL;) { @@ -137,7 +141,7 @@ strlcpy(component, path, sizeof(component)); else { cp++; -@@ -1432,14 +1497,20 @@ safely_chroot(const char *path, uid_t ui +@@ -1451,14 +1516,20 @@ safely_chroot(const char *path, uid_t ui if (stat(component, &st) != 0) fatal("%s: stat(\"%s\"): %s", __func__, component, strerror(errno)); @@ -159,7 +163,7 @@ } if (chdir(path) == -1) -@@ -1451,6 +1522,10 @@ safely_chroot(const char *path, uid_t ui +@@ -1469,6 +1540,10 @@ safely_chroot(const char *path, uid_t ui if (chdir("/") == -1) fatal("%s: chdir(/) after chroot: %s", __func__, strerror(errno)); @@ -170,9 +174,11 @@ verbose("Changed root directory to \"%s\"", path); } ---- sftp.c +Index: sftp.c +=================================================================== +--- sftp.c.orig +++ sftp.c -@@ -94,6 +94,8 @@ int remote_glob(struct sftp_conn *, cons +@@ -106,6 +106,8 @@ int remote_glob(struct sftp_conn *, cons extern char *__progname; @@ -181,9 +187,11 @@ /* Separators for interactive commands */ #define WHITESPACE " \t\r\n" ---- sftp-common.c +Index: sftp-common.c +=================================================================== +--- sftp-common.c.orig +++ sftp-common.c -@@ -40,6 +40,7 @@ +@@ -43,6 +43,7 @@ #include "xmalloc.h" #include "buffer.h" #include "log.h" @@ -191,23 +199,25 @@ #include "sftp.h" #include "sftp-common.h" -@@ -194,13 +195,13 @@ ls_file(const char *name, const struct s - char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1]; +@@ -196,13 +197,13 @@ ls_file(const char *name, const struct s + char sbuf[FMT_SCALED_STRSIZE]; strmode(st->st_mode, mode); -- if (!remote && (pw = getpwuid(st->st_uid)) != NULL) { -+ if (!remote && !chroot_no_tree && (pw = getpwuid(st->st_uid)) != NULL) { - user = pw->pw_name; +- if (!remote) { ++ if (!remote && !chroot_no_tree) { + user = user_from_uid(st->st_uid, 0); } else { snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid); user = ubuf; } -- if (!remote && (gr = getgrgid(st->st_gid)) != NULL) { -+ if (!remote && !chroot_no_tree && (gr = getgrgid(st->st_gid)) != NULL) { - group = gr->gr_name; +- if (!remote) { ++ if (!remote && !chroot_no_tree) { + group = group_from_gid(st->st_gid, 0); } else { snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid); ---- sftp-server-main.c +Index: sftp-server-main.c +=================================================================== +--- sftp-server-main.c.orig +++ sftp-server-main.c @@ -22,11 +22,14 @@ #include <stdarg.h> @@ -224,11 +234,13 @@ void cleanup_exit(int i) { ---- sshd_config.0 +Index: sshd_config.0 +=================================================================== +--- sshd_config.0.orig +++ sshd_config.0 -@@ -112,6 +112,14 @@ DESCRIPTION - essary if the in-process sftp server is used (see Subsystem for - details). +@@ -115,6 +115,14 @@ DESCRIPTION + which use logging do require /dev/log inside the chroot directory + (see sftp-server(8) for details). + In the special case when only sftp is used, not ssh nor scp, it + is possible to use ChrootDirectory %h or ChrootDirectory @@ -241,10 +253,12 @@ The default is not to chroot(2). Ciphers ---- sshd_config.5 +Index: sshd_config.5 +=================================================================== +--- sshd_config.5.orig +++ sshd_config.5 -@@ -219,6 +219,17 @@ in-process sftp server is used (see - .Cm Subsystem +@@ -224,6 +224,17 @@ inside the chroot directory (see + .Xr sftp-server 8 for details). .Pp +In the special case when only sftp is used, not ssh nor scp, ++++++ openssh-5.2p1-pam-fix2.diff -> openssh-5.4p1-pam-fix2.diff ++++++ --- openssh/openssh-5.2p1-pam-fix2.diff 2009-03-03 22:42:44.000000000 +0100 +++ openssh/openssh-5.4p1-pam-fix2.diff 2010-03-23 18:59:26.000000000 +0100 @@ -1,6 +1,8 @@ ---- sshd_config +Index: sshd_config +=================================================================== +--- sshd_config.orig +++ sshd_config -@@ -58,7 +58,7 @@ +@@ -56,7 +56,7 @@ #IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! @@ -9,7 +11,7 @@ #PermitEmptyPasswords no # Change to no to disable s/key passwords -@@ -83,7 +83,7 @@ +@@ -81,7 +81,7 @@ # If you just want the PAM account and session checks to run without # PAM authentication, then enable this but set PasswordAuthentication # and ChallengeResponseAuthentication to 'no'. ++++++ openssh-5.2p1-pam-fix2.diff -> openssh-5.4p1-pam-fix3.diff ++++++ --- openssh/openssh-5.2p1-pam-fix2.diff 2009-03-03 22:42:44.000000000 +0100 +++ openssh/openssh-5.4p1-pam-fix3.diff 2010-03-23 18:59:26.000000000 +0100 @@ -1,20 +1,13 @@ ---- sshd_config -+++ sshd_config -@@ -58,7 +58,7 @@ - #IgnoreRhosts yes - - # To disable tunneled clear text passwords, change to no here! --#PasswordAuthentication yes -+PasswordAuthentication no - #PermitEmptyPasswords no - - # Change to no to disable s/key passwords -@@ -83,7 +83,7 @@ - # If you just want the PAM account and session checks to run without - # PAM authentication, then enable this but set PasswordAuthentication - # and ChallengeResponseAuthentication to 'no'. --#UsePAM no -+UsePAM yes - - #AllowAgentForwarding yes - #AllowTcpForwarding yes +--- auth-pam.c ++++ auth-pam.c +@@ -786,7 +786,9 @@ + fatal("Internal error: PAM auth " + "succeeded when it should have " + "failed"); +- import_environments(&buffer); ++#ifndef USE_POSIX_THREADS ++ import_environments(&buffer); ++#endif + *num = 0; + **echo_on = 0; + ctxt->pam_done = 1; ++++++ openssh-5.2p1-pts.diff -> openssh-5.4p1-pts.diff ++++++ ++++++ openssh-5.2p1-saveargv-fix.diff -> openssh-5.4p1-saveargv-fix.diff ++++++ --- openssh/openssh-5.2p1-saveargv-fix.diff 2009-03-03 22:42:45.000000000 +0100 +++ openssh/openssh-5.4p1-saveargv-fix.diff 2010-03-23 18:59:27.000000000 +0100 @@ -1,6 +1,8 @@ ---- sshd.c +Index: sshd.c +=================================================================== +--- sshd.c.orig +++ sshd.c -@@ -304,6 +304,7 @@ +@@ -306,6 +306,7 @@ sighup_handler(int sig) static void sighup_restart(void) { @@ -8,7 +10,7 @@ logit("Received SIGHUP; restarting."); close_listen_socks(); close_startup_pipes(); -@@ -1269,7 +1270,11 @@ +@@ -1307,7 +1308,11 @@ main(int ac, char **av) #ifndef HAVE_SETPROCTITLE /* Prepare for later setproctitle emulation */ compat_init_setproctitle(ac, av); ++++++ openssh-5.2p1-send_locale.diff -> openssh-5.4p1-send_locale.diff ++++++ --- openssh/openssh-5.2p1-send_locale.diff 2009-03-03 22:42:45.000000000 +0100 +++ openssh/openssh-5.4p1-send_locale.diff 2010-03-23 18:59:27.000000000 +0100 @@ -1,6 +1,8 @@ ---- ssh_config +Index: ssh_config +=================================================================== +--- ssh_config.orig +++ ssh_config -@@ -63,5 +63,8 @@ +@@ -63,6 +63,9 @@ ForwardX11Trusted yes # potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to. # GSSAPIEnableMITMAttack no @@ -10,9 +12,12 @@ +SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT +SendEnv LC_IDENTIFICATION LC_ALL # VisualHostKey no ---- sshd_config + # ProxyCommand ssh -q -W %h:%p gateway.example.com +Index: sshd_config +=================================================================== +--- sshd_config.orig +++ sshd_config -@@ -119,6 +119,11 @@ +@@ -117,6 +117,11 @@ X11Forwarding yes # override default of no subsystems Subsystem sftp /usr/libexec/sftp-server ++++++ openssh-5.2p1-tmpdir.diff -> openssh-5.4p1-tmpdir.diff ++++++ --- openssh/openssh-5.2p1-tmpdir.diff 2009-03-03 22:42:45.000000000 +0100 +++ openssh/openssh-5.4p1-tmpdir.diff 2010-03-23 18:59:27.000000000 +0100 @@ -1,6 +1,8 @@ ---- ssh-agent.c +Index: ssh-agent.c +=================================================================== +--- ssh-agent.c.orig +++ ssh-agent.c -@@ -1159,8 +1159,18 @@ +@@ -1174,8 +1174,18 @@ main(int ac, char **av) parent_pid = getpid(); if (agentsocket == NULL) { ++++++ openssh-5.2p1-xauth.diff -> openssh-5.4p1-xauth.diff ++++++ --- openssh/openssh-5.2p1-xauth.diff 2009-03-03 22:42:45.000000000 +0100 +++ openssh/openssh-5.4p1-xauth.diff 2010-03-23 18:59:28.000000000 +0100 @@ -1,6 +1,8 @@ ---- session.c +Index: session.c +=================================================================== +--- session.c.orig +++ session.c -@@ -2493,8 +2493,41 @@ +@@ -2521,8 +2521,41 @@ void session_close(Session *s) { u_int i; ++++++ openssh-5.2p1-xauthlocalhostname.diff -> openssh-5.4p1-xauthlocalhostname.diff ++++++ --- openssh/openssh-5.2p1-xauthlocalhostname.diff 2009-03-03 22:42:45.000000000 +0100 +++ openssh/openssh-5.4p1-xauthlocalhostname.diff 2010-03-23 18:59:28.000000000 +0100 @@ -1,6 +1,8 @@ ---- session.c +Index: session.c +=================================================================== +--- session.c.orig +++ session.c -@@ -1110,7 +1110,7 @@ +@@ -1113,7 +1113,7 @@ copy_environment(char **source, char *** } static char ** @@ -9,7 +11,7 @@ { char buf[256]; u_int i, envsize; -@@ -1297,6 +1297,8 @@ +@@ -1300,6 +1300,8 @@ do_setup_env(Session *s, const char *she for (i = 0; env[i]; i++) fprintf(stderr, " %.200s\n", env[i]); } @@ -18,7 +20,7 @@ return env; } -@@ -1305,7 +1307,7 @@ +@@ -1308,7 +1310,7 @@ do_setup_env(Session *s, const char *she * first in this order). */ static void @@ -27,7 +29,7 @@ { FILE *f = NULL; char cmd[1024]; -@@ -1359,12 +1361,20 @@ +@@ -1362,12 +1364,20 @@ do_rc_files(Session *s, const char *shel options.xauth_location); f = popen(cmd, "w"); if (f) { @@ -48,7 +50,7 @@ } else { fprintf(stderr, "Could not run %s\n", cmd); -@@ -1650,6 +1660,7 @@ +@@ -1669,6 +1679,7 @@ do_child(Session *s, const char *command { extern char **environ; char **env; @@ -56,7 +58,7 @@ char *argv[ARGV_MAX]; const char *shell, *shell0, *hostname = NULL; struct passwd *pw = s->pw; -@@ -1716,7 +1727,7 @@ +@@ -1735,7 +1746,7 @@ do_child(Session *s, const char *command * Make sure $SHELL points to the shell from the password file, * even if shell is overridden from login.conf */ @@ -65,7 +67,7 @@ #ifdef HAVE_LOGIN_CAP shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell); -@@ -1784,7 +1795,7 @@ +@@ -1803,7 +1814,7 @@ do_child(Session *s, const char *command closefrom(STDERR_FILENO + 1); if (!options.use_login) ++++++ openssh-5.2p1.dif -> openssh-5.4p1.dif ++++++ --- openssh/openssh-5.2p1.dif 2009-03-03 22:42:45.000000000 +0100 +++ openssh/openssh-5.4p1.dif 2010-03-23 18:59:29.000000000 +0100 @@ -1,4 +1,6 @@ ---- ssh_config +Index: ssh_config +=================================================================== +--- ssh_config.orig +++ ssh_config @@ -17,9 +17,20 @@ # list of available options, their meanings and defaults, please see the @@ -22,9 +24,11 @@ # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes ---- sshd_config +Index: sshd_config +=================================================================== +--- sshd_config.orig +++ sshd_config -@@ -88,7 +88,7 @@ +@@ -86,7 +86,7 @@ #AllowAgentForwarding yes #AllowTcpForwarding yes #GatewayPorts no @@ -33,9 +37,11 @@ #X11DisplayOffset 10 #X11UseLocalhost yes #PrintMotd yes ---- sshlogin.c +Index: sshlogin.c +=================================================================== +--- sshlogin.c.orig +++ sshlogin.c -@@ -125,6 +125,7 @@ +@@ -133,6 +133,7 @@ record_login(pid_t pid, const char *tty, li = login_alloc_entry(pid, user, host, tty); login_set_addr(li, addr, addrlen); ++++++ openssh-5.2p1.tar.bz2 -> openssh-5.4p1.tar.bz2 ++++++ ++++ 30354 lines of diff (skipped) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org