Hello community,
here is the log from the commit of package openssh for openSUSE:Factory
checked in at Fri Mar 26 16:29:10 CET 2010.
--------
--- openssh/openssh-askpass-gnome.changes 2009-03-03 22:42:45.000000000 +0100
+++ openssh/openssh-askpass-gnome.changes 2010-03-26 11:15:59.000000000 +0100
@@ -1,0 +2,6 @@
+Fri Mar 26 11:04:59 CET 2010 - anicka@suse.cz
+
+- update to 5.4p1
+- remove -pam-fix4.diff (in upstream now)
+
+-------------------------------------------------------------------
--- openssh/openssh.changes 2010-03-02 10:09:55.000000000 +0100
+++ openssh/openssh.changes 2010-03-23 18:59:32.000000000 +0100
@@ -1,0 +2,61 @@
+Tue Mar 23 18:57:07 CET 2010 - anicka@suse.cz
+
+- update to 5.4p1
+ * After a transition period of about 10 years, this release disables
+ SSH protocol 1 by default. Clients and servers that need to use the
+ legacy protocol must explicitly enable it in ssh_config / sshd_config
+ or on the command-line.
+ * Remove the libsectok/OpenSC-based smartcard code and add support for
+ PKCS#11 tokens. This support is automatically enabled on all
+ platforms that support dlopen(3) and was inspired by patches written
+ by Alon Bar-Lev. Details in the ssh(1) and ssh-add(1) manpages.
+ * Add support for certificate authentication of users and hosts using a
+ new, minimal OpenSSH certificate format (not X.509). Certificates
+ contain a public key, identity information and some validity
+ constraints and are signed with a standard SSH public key using
+ ssh-keygen(1). CA keys may be marked as trusted in authorized_keys
+ or via a TrustedUserCAKeys option in sshd_config(5) (for user
+ authentication), or in known_hosts (for host authentication).
+ Documentation for certificate support may be found in ssh-keygen(1),
+ sshd(8) and ssh(1) and a description of the protocol extensions in
+ PROTOCOL.certkeys.
+ * Added a 'netcat mode' to ssh(1): "ssh -W host:port ..." This connects
+ stdio on the client to a single port forward on the server. This
+ allows, for example, using ssh as a ProxyCommand to route connections
+ via intermediate servers. bz#1618
+ * Add the ability to revoke keys in sshd(8) and ssh(1). User keys may
+ be revoked using a new sshd_config(5) option "RevokedKeys". Host keys
+ are revoked through known_hosts (details in the sshd(8) man page).
+ Revoked keys cannot be used for user or host authentication and will
+ trigger a warning if used.
+ * Rewrite the ssh(1) multiplexing support to support non-blocking
+ operation of the mux master, improve the resilience of the master to
+ malformed messages sent to it by the slave and add support for
+ requesting port- forwardings via the multiplex protocol. The new
+ stdio-to-local forward mode ("ssh -W host:port ...") is also
+ supported. The revised multiplexing protocol is documented in the
+ file PROTOCOL.mux in the source distribution.
+ * Add a 'read-only' mode to sftp-server(8) that disables open in write
+ mode and all other fs-modifying protocol methods. bz#430
+ * Allow setting an explicit umask on the sftp-server(8) commandline to
+ override whatever default the user has. bz#1229
+ * Many improvements to the sftp(1) client, many of which were
+ implemented by Carlos Silva through the Google Summer of Code
+ program:
+ - Support the "-h" (human-readable units) flag for ls
+ - Implement tab-completion of commands, local and remote filenames
+ - Support most of scp(1)'s commandline arguments in sftp(1), as a
+ first step towards making sftp(1) a drop-in replacement for scp(1).
+ Note that the rarely-used "-P sftp_server_path" option has been
+ moved to "-D sftp_server_path" to make way for "-P port" to match
+ scp(1).
+ - Add recursive transfer support for get/put and on the commandline
+ * New RSA keys will be generated with a public exponent of RSA_F4 ==
+ (2**16)+1 == 65537 instead of the previous value 35.
+ * Passphrase-protected SSH protocol 2 private keys are now protected
+ with AES-128 instead of 3DES. This applied to newly-generated keys
+ as well as keys that are reencrypted (e.g. by changing their
+ passphrase).
+- cleanup in patches
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
openssh-5.2p1-askpass-fix.diff
openssh-5.2p1-audit.patch
openssh-5.2p1-blocksigalrm.diff
openssh-5.2p1-default-protocol.diff
openssh-5.2p1-eal3.diff
openssh-5.2p1-engines.diff
openssh-5.2p1-forwards.diff
openssh-5.2p1-gcc-fix.patch
openssh-5.2p1-gssapimitm.patch
openssh-5.2p1-homechroot.patch
openssh-5.2p1-pam-fix2.diff
openssh-5.2p1-pam-fix3.diff
openssh-5.2p1-pam-fix4.diff
openssh-5.2p1-pts.diff
openssh-5.2p1-saveargv-fix.diff
openssh-5.2p1-send_locale.diff
openssh-5.2p1-tmpdir.diff
openssh-5.2p1-xauth.diff
openssh-5.2p1-xauthlocalhostname.diff
openssh-5.2p1.dif
openssh-5.2p1.tar.bz2
New:
----
openssh-5.4p1-askpass-fix.diff
openssh-5.4p1-audit.patch
openssh-5.4p1-blocksigalrm.diff
openssh-5.4p1-default-protocol.diff
openssh-5.4p1-eal3.diff
openssh-5.4p1-engines.diff
openssh-5.4p1-forwards.diff
openssh-5.4p1-gssapimitm.patch
openssh-5.4p1-homechroot.patch
openssh-5.4p1-pam-fix2.diff
openssh-5.4p1-pam-fix3.diff
openssh-5.4p1-pts.diff
openssh-5.4p1-saveargv-fix.diff
openssh-5.4p1-send_locale.diff
openssh-5.4p1-tmpdir.diff
openssh-5.4p1-xauth.diff
openssh-5.4p1-xauthlocalhostname.diff
openssh-5.4p1.dif
openssh-5.4p1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssh-askpass-gnome.spec ++++++
--- /var/tmp/diff_new_pack.jmPw4M/_old 2010-03-26 16:26:39.000000000 +0100
+++ /var/tmp/diff_new_pack.jmPw4M/_new 2010-03-26 16:26:39.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package openssh-askpass-gnome (Version 5.2p1)
+# spec file for package openssh-askpass-gnome (Version 5.4p1)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -22,8 +22,8 @@
BuildRequires: gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
License: BSD3c(or similar)
Group: Productivity/Networking/SSH
-Version: 5.2p1
-Release: 12
+Version: 5.4p1
+Release: 1
Requires: openssh = %{version} openssh-askpass = %{version}
AutoReqProv: on
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
@@ -31,14 +31,13 @@
%define _name openssh
Source: %{_name}-%{version}.tar.bz2
Patch: %{_name}-%{version}.dif
-Patch15: %{_name}-%{version}-pam-fix2.diff
-Patch18: %{_name}-%{version}-saveargv-fix.diff
-Patch19: %{_name}-%{version}-pam-fix3.diff
-Patch21: %{_name}-%{version}-gssapimitm.patch
-Patch26: %{_name}-%{version}-eal3.diff
-Patch27: %{_name}-%{version}-engines.diff
-Patch28: %{_name}-%{version}-blocksigalrm.diff
-Patch29: %{_name}-%{version}-pam-fix4.diff
+Patch1: %{_name}-%{version}-pam-fix2.diff
+Patch2: %{_name}-%{version}-saveargv-fix.diff
+Patch3: %{_name}-%{version}-pam-fix3.diff
+Patch4: %{_name}-%{version}-gssapimitm.patch
+Patch5: %{_name}-%{version}-eal3.diff
+Patch6: %{_name}-%{version}-engines.diff
+Patch7: %{_name}-%{version}-blocksigalrm.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@@ -74,14 +73,13 @@
%prep
%setup -q -n %{_name}-%{version}
%patch
-%patch15
-%patch18
-%patch19
-%patch21
-%patch26 -p1
-%patch27 -p1
-%patch28
-%patch29 -p1
+%patch1
+%patch2
+%patch3
+%patch4
+%patch5 -p1
+%patch6 -p1
+%patch7
%build
%{?suse_update_config:%{suse_update_config}}
++++++ openssh.spec ++++++
--- /var/tmp/diff_new_pack.jmPw4M/_old 2010-03-26 16:26:39.000000000 +0100
+++ /var/tmp/diff_new_pack.jmPw4M/_new 2010-03-26 16:26:39.000000000 +0100
@@ -1,5 +1,5 @@
#
-# spec file for package openssh (Version 5.2p1)
+# spec file for package openssh (Version 5.4p1)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -35,8 +35,8 @@
PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils permissions
Conflicts: nonfreessh
AutoReqProv: on
-Version: 5.2p1
-Release: 12
+Version: 5.4p1
+Release: 1
%define xversion 1.2.4.1
Summary: Secure Shell Client and Server (Remote Login Program)
Url: http://www.openssh.com/
@@ -51,25 +51,23 @@
Source8: ssh-askpass
Source9: sshd.fw
Patch: %{name}-%{version}.dif
-Patch12: %{name}-%{version}-askpass-fix.diff
-Patch15: %{name}-%{version}-pam-fix2.diff
-Patch18: %{name}-%{version}-saveargv-fix.diff
-Patch19: %{name}-%{version}-pam-fix3.diff
-Patch21: %{name}-%{version}-gssapimitm.patch
-Patch26: %{name}-%{version}-eal3.diff
-Patch27: %{name}-%{version}-engines.diff
-Patch28: %{name}-%{version}-blocksigalrm.diff
-Patch35: %{name}-%{version}-send_locale.diff
-Patch36: %{name}-%{version}-xauthlocalhostname.diff
-Patch37: %{name}-%{version}-tmpdir.diff
-Patch40: %{name}-%{version}-xauth.diff
-Patch41: %{name}-%{version}-gcc-fix.patch
-Patch43: %{name}-%{version}-default-protocol.diff
-Patch44: %{name}-%{version}-audit.patch
-Patch45: %{name}-%{version}-pts.diff
-Patch46: %{name}-%{version}-pam-fix4.diff
-Patch48: %{name}-%{version}-forwards.diff
-Patch49: %{name}-%{version}-homechroot.patch
+Patch1: %{name}-%{version}-askpass-fix.diff
+Patch2: %{name}-%{version}-pam-fix2.diff
+Patch3: %{name}-%{version}-saveargv-fix.diff
+Patch4: %{name}-%{version}-pam-fix3.diff
+Patch5: %{name}-%{version}-gssapimitm.patch
+Patch6: %{name}-%{version}-eal3.diff
+Patch7: %{name}-%{version}-engines.diff
+Patch8: %{name}-%{version}-blocksigalrm.diff
+Patch9: %{name}-%{version}-send_locale.diff
+Patch10: %{name}-%{version}-xauthlocalhostname.diff
+Patch11: %{name}-%{version}-tmpdir.diff
+Patch12: %{name}-%{version}-xauth.diff
+Patch14: %{name}-%{version}-default-protocol.diff
+Patch15: %{name}-%{version}-audit.patch
+Patch16: %{name}-%{version}-pts.diff
+Patch17: %{name}-%{version}-forwards.diff
+Patch18: %{name}-%{version}-homechroot.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%package askpass
@@ -98,28 +96,26 @@
%prep
%setup -q -b 3 -a 1 -a 5
%patch
-%patch15
+%patch2
+%patch3
+%patch4
+%patch5
+%patch6 -p1
+%patch7 -p1
+%patch8
+%patch9
+%patch10
+%patch11
+%patch12
+%patch14
+%patch15 -p1
+%patch16
+%patch17
%patch18
-%patch19
-%patch21
-%patch26 -p1
-%patch27 -p1
-%patch28
-%patch35
-%patch36
-%patch37
-%patch40
-%patch41
-%patch43
-%patch44 -p1
-%patch45
-%patch46 -p1
-%patch48
-%patch49
cp -v %{SOURCE4} .
cp -v %{SOURCE6} .
cd ../x11-ssh-askpass-%{xversion}
-%patch12
+%patch1
%build
# This package failed when testing with -Wl,-as-needed being default.
@@ -248,6 +244,7 @@
%attr(0755,root,root) %dir /usr/%_lib/ssh
%attr(0755,root,root) /usr/%_lib/ssh/sftp-server
%attr(0755,root,root) /usr/%_lib/ssh/ssh-keysign
+%attr(0755,root,root) /usr/%_lib/ssh/ssh-pkcs11-helper
%dir /etc/slp.reg.d
%config /etc/slp.reg.d/ssh.reg
/var/adm/fillup-templates/sysconfig.ssh
++++++ openssh-5.2p1-askpass-fix.diff -> openssh-5.4p1-askpass-fix.diff ++++++
++++++ openssh-5.2p1-audit.patch -> openssh-5.4p1-audit.patch ++++++
--- openssh/openssh-5.2p1-audit.patch 2010-02-23 15:45:57.000000000 +0100
+++ openssh/openssh-5.4p1-audit.patch 2010-03-23 18:59:22.000000000 +0100
@@ -1,8 +1,10 @@
# add support for Linux audit (FATE #120269)
================================================================================
---- openssh-5.2p1/Makefile.in
-+++ openssh-5.2p1/Makefile.in
-@@ -44,6 +44,7 @@
+Index: openssh-5.4p1/Makefile.in
+===================================================================
+--- openssh-5.4p1.orig/Makefile.in
++++ openssh-5.4p1/Makefile.in
+@@ -46,6 +46,7 @@ LD=@LD@
CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
@@ -10,7 +12,7 @@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
AR=@AR@
-@@ -137,7 +138,7 @@
+@@ -142,7 +143,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS
$(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
@@ -19,9 +21,11 @@
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
---- openssh-5.2p1/auth.c
-+++ openssh-5.2p1/auth.c
-@@ -287,6 +287,12 @@
+Index: openssh-5.4p1/auth.c
+===================================================================
+--- openssh-5.4p1.orig/auth.c
++++ openssh-5.4p1/auth.c
+@@ -293,6 +293,12 @@ auth_log(Authctxt *authctxt, int authent
get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
# endif
#endif
@@ -34,7 +38,7 @@
#ifdef SSH_AUDIT_EVENTS
if (authenticated == 0 && !authctxt->postponed)
audit_event(audit_classify_auth(method));
-@@ -533,6 +539,10 @@
+@@ -564,6 +570,10 @@ getpwnamallow(const char *user)
record_failed_login(user,
get_canonical_hostname(options.use_dns), "ssh");
#endif
@@ -45,9 +49,11 @@
#ifdef SSH_AUDIT_EVENTS
audit_event(SSH_INVALID_USER);
#endif /* SSH_AUDIT_EVENTS */
---- openssh-5.2p1/config.h.in
-+++ openssh-5.2p1/config.h.in
-@@ -1397,6 +1397,9 @@
+Index: openssh-5.4p1/config.h.in
+===================================================================
+--- openssh-5.4p1.orig/config.h.in
++++ openssh-5.4p1/config.h.in
+@@ -1415,6 +1415,9 @@
/* Define if you want SELinux support. */
#undef WITH_SELINUX
@@ -57,9 +63,11 @@
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
---- openssh-5.2p1/configure.ac
-+++ openssh-5.2p1/configure.ac
-@@ -3340,6 +3340,20 @@
+Index: openssh-5.4p1/configure.ac
+===================================================================
+--- openssh-5.4p1.orig/configure.ac
++++ openssh-5.4p1/configure.ac
+@@ -3363,6 +3363,20 @@ AC_ARG_WITH(selinux,
fi ]
)
@@ -80,7 +88,7 @@
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
-@@ -4160,6 +4174,7 @@
+@@ -4182,6 +4196,7 @@ echo " PAM support
echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG"
@@ -88,8 +96,10 @@
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
---- openssh-5.2p1/loginrec.c
-+++ openssh-5.2p1/loginrec.c
+Index: openssh-5.4p1/loginrec.c
+===================================================================
+--- openssh-5.4p1.orig/loginrec.c
++++ openssh-5.4p1/loginrec.c
@@ -176,6 +176,10 @@
#include "auth.h"
#include "buffer.h"
@@ -210,9 +220,11 @@
/**
** Low-level libutil login() functions
**/
---- openssh-5.2p1/loginrec.h
-+++ openssh-5.2p1/loginrec.h
-@@ -127,5 +127,9 @@
+Index: openssh-5.4p1/loginrec.h
+===================================================================
+--- openssh-5.4p1.orig/loginrec.h
++++ openssh-5.4p1/loginrec.h
+@@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch
char *line_abbrevname(char *dst, const char *src, int dstsize);
void record_failed_login(const char *, const char *, const char *);
++++++ openssh-5.2p1-blocksigalrm.diff -> openssh-5.4p1-blocksigalrm.diff ++++++
++++++ openssh-5.2p1-default-protocol.diff -> openssh-5.4p1-default-protocol.diff ++++++
--- openssh/openssh-5.2p1-default-protocol.diff 2009-03-03 22:42:44.000000000 +0100
+++ openssh/openssh-5.4p1-default-protocol.diff 2010-03-23 18:59:23.000000000 +0100
@@ -1,6 +1,8 @@
---- ssh_config
+Index: ssh_config
+===================================================================
+--- ssh_config.orig
+++ ssh_config
-@@ -46,7 +46,7 @@
+@@ -46,7 +46,7 @@ ForwardX11Trusted yes
# IdentityFile ~/.ssh/id_rsa
# IdentityFile ~/.ssh/id_dsa
# Port 22
++++++ openssh-5.2p1-eal3.diff -> openssh-5.4p1-eal3.diff ++++++
--- openssh/openssh-5.2p1-eal3.diff 2009-03-03 22:42:44.000000000 +0100
+++ openssh/openssh-5.4p1-eal3.diff 2010-03-23 18:59:23.000000000 +0100
@@ -1,6 +1,8 @@
---- openssh-5.2p1/sshd.8
-+++ openssh-5.2p1/sshd.8
-@@ -783,7 +783,7 @@
+Index: openssh-5.4p1/sshd.8
+===================================================================
+--- openssh-5.4p1.orig/sshd.8
++++ openssh-5.4p1/sshd.8
+@@ -840,7 +840,7 @@ Contains Diffie-Hellman groups used for
The file format is described in
.Xr moduli 5 .
.Pp
@@ -9,7 +11,7 @@
See
.Xr motd 5 .
.Pp
-@@ -796,7 +796,7 @@
+@@ -853,7 +853,7 @@ are displayed to anyone trying to log in
refused.
The file should be world-readable.
.Pp
@@ -18,7 +20,7 @@
This file is used in exactly the same way as
.Pa hosts.equiv ,
but allows host-based authentication without permitting login with
-@@ -873,8 +873,7 @@
+@@ -930,8 +930,7 @@ The content of this file is not sensitiv
.Xr ssh-keyscan 1 ,
.Xr chroot 2 ,
.Xr hosts_access 5 ,
@@ -28,19 +30,11 @@
.Xr sshd_config 5 ,
.Xr inetd 8 ,
.Xr sftp-server 8
---- openssh-5.2p1/sshd_config.5
-+++ openssh-5.2p1/sshd_config.5
-@@ -177,9 +177,6 @@
- By default, no banner is displayed.
- .It Cm ChallengeResponseAuthentication
- Specifies whether challenge-response authentication is allowed.
--All authentication styles from
--.Xr login.conf 5
--are supported.
- The default is
- .Dq yes .
- .It Cm ChrootDirectory
-@@ -438,7 +435,7 @@
+Index: openssh-5.4p1/sshd_config.5
+===================================================================
+--- openssh-5.4p1.orig/sshd_config.5
++++ openssh-5.4p1/sshd_config.5
+@@ -451,7 +451,7 @@ or
.Pp
.Pa /etc/hosts.equiv
and
++++++ openssh-5.2p1-engines.diff -> openssh-5.4p1-engines.diff ++++++
--- openssh/openssh-5.2p1-engines.diff 2009-03-03 22:42:44.000000000 +0100
+++ openssh/openssh-5.4p1-engines.diff 2010-03-23 18:59:24.000000000 +0100
@@ -1,5 +1,7 @@
---- openssh-5.2p1/ssh-add.c
-+++ openssh-5.2p1/ssh-add.c
+Index: openssh-5.4p1/ssh-add.c
+===================================================================
+--- openssh-5.4p1.orig/ssh-add.c
++++ openssh-5.4p1/ssh-add.c
@@ -43,6 +43,7 @@
#include
@@ -8,7 +10,7 @@
#include
#include
-@@ -344,6 +345,10 @@
+@@ -366,6 +367,10 @@ main(int argc, char **argv)
SSLeay_add_all_algorithms();
@@ -19,8 +21,10 @@
/* At first, get a connection to the authentication agent. */
ac = ssh_get_authentication_connection();
if (ac == NULL) {
---- openssh-5.2p1/ssh-agent.c
-+++ openssh-5.2p1/ssh-agent.c
+Index: openssh-5.4p1/ssh-agent.c
+===================================================================
+--- openssh-5.4p1.orig/ssh-agent.c
++++ openssh-5.4p1/ssh-agent.c
@@ -52,6 +52,7 @@
#include
#include
@@ -29,7 +33,7 @@
#include
#include
-@@ -1076,6 +1077,10 @@
+@@ -1091,6 +1092,10 @@ main(int ac, char **av)
SSLeay_add_all_algorithms();
@@ -40,8 +44,10 @@
__progname = ssh_get_progname(av[0]);
init_rng();
seed_rng();
---- openssh-5.2p1/ssh-keygen.c
-+++ openssh-5.2p1/ssh-keygen.c
+Index: openssh-5.4p1/ssh-keygen.c
+===================================================================
+--- openssh-5.4p1.orig/ssh-keygen.c
++++ openssh-5.4p1/ssh-keygen.c
@@ -22,6 +22,7 @@
#include
#include
@@ -50,7 +56,7 @@
#include
#include
-@@ -1099,6 +1100,11 @@
+@@ -1523,6 +1524,11 @@ main(int argc, char **argv)
__progname = ssh_get_progname(argv[0]);
SSLeay_add_all_algorithms();
@@ -62,8 +68,10 @@
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
init_rng();
---- openssh-5.2p1/ssh-keysign.c
-+++ openssh-5.2p1/ssh-keysign.c
+Index: openssh-5.4p1/ssh-keysign.c
+===================================================================
+--- openssh-5.4p1.orig/ssh-keysign.c
++++ openssh-5.4p1/ssh-keysign.c
@@ -38,6 +38,7 @@
#include
#include
@@ -72,7 +80,7 @@
#include "xmalloc.h"
#include "log.h"
-@@ -195,6 +196,11 @@
+@@ -195,6 +196,11 @@ main(int argc, char **argv)
fatal("could not open any host key");
SSLeay_add_all_algorithms();
@@ -84,9 +92,11 @@
for (i = 0; i < 256; i++)
rnd[i] = arc4random();
RAND_seed(rnd, sizeof(rnd));
---- openssh-5.2p1/ssh.c
-+++ openssh-5.2p1/ssh.c
-@@ -73,6 +73,7 @@
+Index: openssh-5.4p1/ssh.c
+===================================================================
+--- openssh-5.4p1.orig/ssh.c
++++ openssh-5.4p1/ssh.c
+@@ -74,6 +74,7 @@
#include
#include "openbsd-compat/openssl-compat.h"
#include "openbsd-compat/sys-queue.h"
@@ -94,7 +104,7 @@
#include "xmalloc.h"
#include "ssh.h"
-@@ -550,6 +551,10 @@
+@@ -584,6 +585,10 @@ main(int ac, char **av)
SSLeay_add_all_algorithms();
ERR_load_crypto_strings();
@@ -105,8 +115,10 @@
/* Initialize the command to execute on remote host. */
buffer_init(&command);
---- openssh-5.2p1/sshd.c
-+++ openssh-5.2p1/sshd.c
+Index: openssh-5.4p1/sshd.c
+===================================================================
+--- openssh-5.4p1.orig/sshd.c
++++ openssh-5.4p1/sshd.c
@@ -77,6 +77,7 @@
#include
#include
@@ -115,7 +127,7 @@
#ifdef HAVE_SECUREWARE
#include
-@@ -1415,6 +1416,10 @@
+@@ -1462,6 +1463,10 @@ main(int ac, char **av)
SSLeay_add_all_algorithms();
++++++ openssh-5.2p1-forwards.diff -> openssh-5.4p1-forwards.diff ++++++
--- openssh/openssh-5.2p1-forwards.diff 2009-03-03 22:42:44.000000000 +0100
+++ openssh/openssh-5.4p1-forwards.diff 2010-03-23 18:59:24.000000000 +0100
@@ -1,6 +1,8 @@
---- channels.c
+Index: channels.c
+===================================================================
+--- channels.c.orig
+++ channels.c
-@@ -2471,6 +2471,9 @@
+@@ -2625,6 +2625,9 @@ channel_setup_fwd_listener(int type, con
char ntop[NI_MAXHOST], strport[NI_MAXSERV];
in_port_t *lport_p;
++++++ openssh-5.2p1-gssapimitm.patch -> openssh-5.4p1-gssapimitm.patch ++++++
--- openssh/openssh-5.2p1-gssapimitm.patch 2009-03-03 22:42:44.000000000 +0100
+++ openssh/openssh-5.4p1-gssapimitm.patch 2010-03-23 18:59:25.000000000 +0100
@@ -14,10 +14,10 @@
are encouraged to upgrade as soon as possible.
Index: auth2-gss.c
-================================================================================
---- auth2-gss.c
+===================================================================
+--- auth2-gss.c.orig
+++ auth2-gss.c
-@@ -177,6 +177,15 @@
+@@ -177,6 +177,15 @@ input_gssapi_token(int type, u_int32_t p
dispatch_set(
SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE,
&input_gssapi_exchange_complete);
@@ -33,7 +33,7 @@
}
}
-@@ -298,4 +307,10 @@
+@@ -298,4 +307,10 @@ Authmethod method_gssapi = {
&options.gss_authentication
};
@@ -44,9 +44,11 @@
+};
+
#endif /* GSSAPI */
---- auth2.c
+Index: auth2.c
+===================================================================
+--- auth2.c.orig
+++ auth2.c
-@@ -70,6 +70,7 @@
+@@ -70,6 +70,7 @@ extern Authmethod method_kbdint;
extern Authmethod method_hostbased;
#ifdef GSSAPI
extern Authmethod method_gssapi;
@@ -54,7 +56,7 @@
#endif
#ifdef JPAKE
extern Authmethod method_jpake;
-@@ -80,6 +81,7 @@
+@@ -80,6 +81,7 @@ Authmethod *authmethods[] = {
&method_pubkey,
#ifdef GSSAPI
&method_gssapi,
@@ -62,10 +64,12 @@
#endif
#ifdef JPAKE
&method_jpake,
---- readconf.c
+Index: readconf.c
+===================================================================
+--- readconf.c.orig
+++ readconf.c
-@@ -126,7 +126,7 @@
- oHostKeyAlgorithms, oBindAddress, oSmartcardDevice,
+@@ -126,7 +126,7 @@ typedef enum {
+ oHostKeyAlgorithms, oBindAddress, oPKCS11Provider,
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
- oAddressFamily, oGssAuthentication, oGssDelegateCreds,
@@ -73,7 +77,7 @@
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
-@@ -165,9 +165,11 @@
+@@ -165,9 +165,11 @@ static struct {
#if defined(GSSAPI)
{ "gssapiauthentication", oGssAuthentication },
{ "gssapidelegatecredentials", oGssDelegateCreds },
@@ -85,7 +89,7 @@
#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
-@@ -456,6 +458,10 @@
+@@ -459,6 +461,10 @@ parse_flag:
case oGssDelegateCreds:
intptr = &options->gss_deleg_creds;
goto parse_flag;
@@ -96,7 +100,7 @@
case oBatchMode:
intptr = &options->batch_mode;
-@@ -1009,6 +1015,7 @@
+@@ -1016,6 +1022,7 @@ initialize_options(Options * options)
options->challenge_response_authentication = -1;
options->gss_authentication = -1;
options->gss_deleg_creds = -1;
@@ -104,7 +108,7 @@
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
-@@ -1101,6 +1108,8 @@
+@@ -1109,6 +1116,8 @@ fill_default_options(Options * options)
options->gss_authentication = 0;
if (options->gss_deleg_creds == -1)
options->gss_deleg_creds = 0;
@@ -113,9 +117,11 @@
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
---- readconf.h
+Index: readconf.h
+===================================================================
+--- readconf.h.orig
+++ readconf.h
-@@ -45,6 +45,7 @@
+@@ -45,6 +45,7 @@ typedef struct {
/* Try S/Key or TIS, authentication. */
int gss_authentication; /* Try GSS authentication */
int gss_deleg_creds; /* Delegate GSS credentials */
@@ -123,9 +129,11 @@
int password_authentication; /* Try password
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
---- servconf.c
+Index: servconf.c
+===================================================================
+--- servconf.c.orig
+++ servconf.c
-@@ -93,6 +93,7 @@
+@@ -94,6 +94,7 @@ initialize_server_options(ServerOptions
options->kerberos_get_afs_token = -1;
options->gss_authentication=-1;
options->gss_cleanup_creds = -1;
@@ -133,7 +141,7 @@
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
-@@ -212,6 +213,8 @@
+@@ -216,6 +217,8 @@ fill_default_server_options(ServerOption
options->gss_authentication = 0;
if (options->gss_cleanup_creds == -1)
options->gss_cleanup_creds = 1;
@@ -142,7 +150,7 @@
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
-@@ -302,7 +305,7 @@
+@@ -306,7 +309,7 @@ typedef enum {
sBanner, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
@@ -150,8 +158,8 @@
+ sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM,
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
- sZeroKnowledgePasswordAuthentication,
-@@ -364,9 +367,11 @@
+ sZeroKnowledgePasswordAuthentication, sHostCertificate,
+@@ -369,9 +372,11 @@ static struct {
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -163,7 +171,7 @@
#endif
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
-@@ -894,6 +899,10 @@
+@@ -928,6 +933,10 @@ process_server_config_line(ServerOptions
case sGssCleanupCreds:
intptr = &options->gss_cleanup_creds;
goto parse_flag;
@@ -174,9 +182,11 @@
case sPasswordAuthentication:
intptr = &options->password_authentication;
---- servconf.h
+Index: servconf.h
+===================================================================
+--- servconf.h.orig
+++ servconf.h
-@@ -92,6 +92,7 @@
+@@ -95,6 +95,7 @@ typedef struct {
* authenticated with Kerberos. */
int gss_authentication; /* If true, permit GSSAPI authentication */
int gss_cleanup_creds; /* If true, destroy cred cache on logout */
@@ -184,9 +194,11 @@
int password_authentication; /* If true, permit password
* authentication. */
int kbd_interactive_authentication; /* If true, permit */
---- ssh_config
+Index: ssh_config
+===================================================================
+--- ssh_config.orig
+++ ssh_config
-@@ -54,4 +54,14 @@
+@@ -54,5 +54,15 @@ ForwardX11Trusted yes
# Tunnel no
# TunnelDevice any:any
# PermitLocalCommand no
@@ -201,9 +213,12 @@
+
+>>>>>>>
# VisualHostKey no
---- sshconnect2.c
+ # ProxyCommand ssh -q -W %h:%p gateway.example.com
+Index: sshconnect2.c
+===================================================================
+--- sshconnect2.c.orig
+++ sshconnect2.c
-@@ -255,6 +255,10 @@
+@@ -263,6 +263,10 @@ Authmethod authmethods[] = {
NULL,
&options.gss_authentication,
NULL},
@@ -214,7 +229,7 @@
#endif
{"hostbased",
userauth_hostbased,
-@@ -617,7 +621,9 @@
+@@ -640,7 +644,9 @@ process_gssapi_token(void *ctxt, gss_buf
if (status == GSS_S_COMPLETE) {
/* send either complete or MIC, depending on mechanism */
@@ -225,9 +240,11 @@
packet_start(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE);
packet_send();
} else {
---- sshd_config
+Index: sshd_config
+===================================================================
+--- sshd_config.orig
+++ sshd_config
-@@ -74,6 +74,13 @@
+@@ -72,6 +72,13 @@ PasswordAuthentication no
#GSSAPIAuthentication no
#GSSAPICleanupCredentials yes
++++++ openssh-5.2p1-homechroot.patch -> openssh-5.4p1-homechroot.patch ++++++
--- openssh/openssh-5.2p1-homechroot.patch 2009-09-21 15:43:24.000000000 +0200
+++ openssh/openssh-5.4p1-homechroot.patch 2010-03-23 18:59:25.000000000 +0100
@@ -1,4 +1,6 @@
---- chrootenv.h
+Index: chrootenv.h
+===================================================================
+--- /dev/null
+++ chrootenv.h
@@ -0,0 +1,32 @@
+/* $OpenBSD: session.h,v 1.30 2008/05/08 12:21:16 djm Exp $ */
@@ -33,7 +35,9 @@
+
+#endif
+
---- session.c
+Index: session.c
+===================================================================
+--- session.c.orig
+++ session.c
@@ -119,6 +119,8 @@ void do_child(Session *, const char *);
void do_motd(void);
@@ -44,7 +48,7 @@
static void do_authenticated1(Authctxt *);
static void do_authenticated2(Authctxt *);
-@@ -802,6 +804,11 @@ do_exec(Session *s, const char *command)
+@@ -805,6 +807,11 @@ do_exec(Session *s, const char *command)
debug("Forced command (key option) '%.900s'", command);
}
@@ -56,7 +60,7 @@
#ifdef SSH_AUDIT_EVENTS
if (command != NULL)
PRIVSEP(audit_run_command(command));
-@@ -1399,6 +1406,63 @@ do_nologin(struct passwd *pw)
+@@ -1418,6 +1425,63 @@ do_nologin(struct passwd *pw)
}
/*
@@ -120,7 +124,7 @@
* Chroot into a directory after checking it for safety: all path components
* must be root-owned directories with strict permissions.
*/
-@@ -1408,6 +1472,7 @@ safely_chroot(const char *path, uid_t ui
+@@ -1427,6 +1491,7 @@ safely_chroot(const char *path, uid_t ui
const char *cp;
char component[MAXPATHLEN];
struct stat st;
@@ -128,7 +132,7 @@
if (*path != '/')
fatal("chroot path does not begin at root");
-@@ -1419,7 +1484,7 @@ safely_chroot(const char *path, uid_t ui
+@@ -1438,7 +1503,7 @@ safely_chroot(const char *path, uid_t ui
* root-owned directory with strict permissions.
*/
for (cp = path; cp != NULL;) {
@@ -137,7 +141,7 @@
strlcpy(component, path, sizeof(component));
else {
cp++;
-@@ -1432,14 +1497,20 @@ safely_chroot(const char *path, uid_t ui
+@@ -1451,14 +1516,20 @@ safely_chroot(const char *path, uid_t ui
if (stat(component, &st) != 0)
fatal("%s: stat(\"%s\"): %s", __func__,
component, strerror(errno));
@@ -159,7 +163,7 @@
}
if (chdir(path) == -1)
-@@ -1451,6 +1522,10 @@ safely_chroot(const char *path, uid_t ui
+@@ -1469,6 +1540,10 @@ safely_chroot(const char *path, uid_t ui
if (chdir("/") == -1)
fatal("%s: chdir(/) after chroot: %s",
__func__, strerror(errno));
@@ -170,9 +174,11 @@
verbose("Changed root directory to \"%s\"", path);
}
---- sftp.c
+Index: sftp.c
+===================================================================
+--- sftp.c.orig
+++ sftp.c
-@@ -94,6 +94,8 @@ int remote_glob(struct sftp_conn *, cons
+@@ -106,6 +106,8 @@ int remote_glob(struct sftp_conn *, cons
extern char *__progname;
@@ -181,9 +187,11 @@
/* Separators for interactive commands */
#define WHITESPACE " \t\r\n"
---- sftp-common.c
+Index: sftp-common.c
+===================================================================
+--- sftp-common.c.orig
+++ sftp-common.c
-@@ -40,6 +40,7 @@
+@@ -43,6 +43,7 @@
#include "xmalloc.h"
#include "buffer.h"
#include "log.h"
@@ -191,23 +199,25 @@
#include "sftp.h"
#include "sftp-common.h"
-@@ -194,13 +195,13 @@ ls_file(const char *name, const struct s
- char buf[1024], mode[11+1], tbuf[12+1], ubuf[11+1], gbuf[11+1];
+@@ -196,13 +197,13 @@ ls_file(const char *name, const struct s
+ char sbuf[FMT_SCALED_STRSIZE];
strmode(st->st_mode, mode);
-- if (!remote && (pw = getpwuid(st->st_uid)) != NULL) {
-+ if (!remote && !chroot_no_tree && (pw = getpwuid(st->st_uid)) != NULL) {
- user = pw->pw_name;
+- if (!remote) {
++ if (!remote && !chroot_no_tree) {
+ user = user_from_uid(st->st_uid, 0);
} else {
snprintf(ubuf, sizeof ubuf, "%u", (u_int)st->st_uid);
user = ubuf;
}
-- if (!remote && (gr = getgrgid(st->st_gid)) != NULL) {
-+ if (!remote && !chroot_no_tree && (gr = getgrgid(st->st_gid)) != NULL) {
- group = gr->gr_name;
+- if (!remote) {
++ if (!remote && !chroot_no_tree) {
+ group = group_from_gid(st->st_gid, 0);
} else {
snprintf(gbuf, sizeof gbuf, "%u", (u_int)st->st_gid);
---- sftp-server-main.c
+Index: sftp-server-main.c
+===================================================================
+--- sftp-server-main.c.orig
+++ sftp-server-main.c
@@ -22,11 +22,14 @@
#include
@@ -224,11 +234,13 @@
void
cleanup_exit(int i)
{
---- sshd_config.0
+Index: sshd_config.0
+===================================================================
+--- sshd_config.0.orig
+++ sshd_config.0
-@@ -112,6 +112,14 @@ DESCRIPTION
- essary if the in-process sftp server is used (see Subsystem for
- details).
+@@ -115,6 +115,14 @@ DESCRIPTION
+ which use logging do require /dev/log inside the chroot directory
+ (see sftp-server(8) for details).
+ In the special case when only sftp is used, not ssh nor scp, it
+ is possible to use ChrootDirectory %h or ChrootDirectory
@@ -241,10 +253,12 @@
The default is not to chroot(2).
Ciphers
---- sshd_config.5
+Index: sshd_config.5
+===================================================================
+--- sshd_config.5.orig
+++ sshd_config.5
-@@ -219,6 +219,17 @@ in-process sftp server is used (see
- .Cm Subsystem
+@@ -224,6 +224,17 @@ inside the chroot directory (see
+ .Xr sftp-server 8
for details).
.Pp
+In the special case when only sftp is used, not ssh nor scp,
++++++ openssh-5.2p1-pam-fix2.diff -> openssh-5.4p1-pam-fix2.diff ++++++
--- openssh/openssh-5.2p1-pam-fix2.diff 2009-03-03 22:42:44.000000000 +0100
+++ openssh/openssh-5.4p1-pam-fix2.diff 2010-03-23 18:59:26.000000000 +0100
@@ -1,6 +1,8 @@
---- sshd_config
+Index: sshd_config
+===================================================================
+--- sshd_config.orig
+++ sshd_config
-@@ -58,7 +58,7 @@
+@@ -56,7 +56,7 @@
#IgnoreRhosts yes
# To disable tunneled clear text passwords, change to no here!
@@ -9,7 +11,7 @@
#PermitEmptyPasswords no
# Change to no to disable s/key passwords
-@@ -83,7 +83,7 @@
+@@ -81,7 +81,7 @@
# If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
++++++ openssh-5.2p1-pam-fix2.diff -> openssh-5.4p1-pam-fix3.diff ++++++
--- openssh/openssh-5.2p1-pam-fix2.diff 2009-03-03 22:42:44.000000000 +0100
+++ openssh/openssh-5.4p1-pam-fix3.diff 2010-03-23 18:59:26.000000000 +0100
@@ -1,20 +1,13 @@
---- sshd_config
-+++ sshd_config
-@@ -58,7 +58,7 @@
- #IgnoreRhosts yes
-
- # To disable tunneled clear text passwords, change to no here!
--#PasswordAuthentication yes
-+PasswordAuthentication no
- #PermitEmptyPasswords no
-
- # Change to no to disable s/key passwords
-@@ -83,7 +83,7 @@
- # If you just want the PAM account and session checks to run without
- # PAM authentication, then enable this but set PasswordAuthentication
- # and ChallengeResponseAuthentication to 'no'.
--#UsePAM no
-+UsePAM yes
-
- #AllowAgentForwarding yes
- #AllowTcpForwarding yes
+--- auth-pam.c
++++ auth-pam.c
+@@ -786,7 +786,9 @@
+ fatal("Internal error: PAM auth "
+ "succeeded when it should have "
+ "failed");
+- import_environments(&buffer);
++#ifndef USE_POSIX_THREADS
++ import_environments(&buffer);
++#endif
+ *num = 0;
+ **echo_on = 0;
+ ctxt->pam_done = 1;
++++++ openssh-5.2p1-pts.diff -> openssh-5.4p1-pts.diff ++++++
++++++ openssh-5.2p1-saveargv-fix.diff -> openssh-5.4p1-saveargv-fix.diff ++++++
--- openssh/openssh-5.2p1-saveargv-fix.diff 2009-03-03 22:42:45.000000000 +0100
+++ openssh/openssh-5.4p1-saveargv-fix.diff 2010-03-23 18:59:27.000000000 +0100
@@ -1,6 +1,8 @@
---- sshd.c
+Index: sshd.c
+===================================================================
+--- sshd.c.orig
+++ sshd.c
-@@ -304,6 +304,7 @@
+@@ -306,6 +306,7 @@ sighup_handler(int sig)
static void
sighup_restart(void)
{
@@ -8,7 +10,7 @@
logit("Received SIGHUP; restarting.");
close_listen_socks();
close_startup_pipes();
-@@ -1269,7 +1270,11 @@
+@@ -1307,7 +1308,11 @@ main(int ac, char **av)
#ifndef HAVE_SETPROCTITLE
/* Prepare for later setproctitle emulation */
compat_init_setproctitle(ac, av);
++++++ openssh-5.2p1-send_locale.diff -> openssh-5.4p1-send_locale.diff ++++++
--- openssh/openssh-5.2p1-send_locale.diff 2009-03-03 22:42:45.000000000 +0100
+++ openssh/openssh-5.4p1-send_locale.diff 2010-03-23 18:59:27.000000000 +0100
@@ -1,6 +1,8 @@
---- ssh_config
+Index: ssh_config
+===================================================================
+--- ssh_config.orig
+++ ssh_config
-@@ -63,5 +63,8 @@
+@@ -63,6 +63,9 @@ ForwardX11Trusted yes
# potential man-in-the-middle attacks, which 'gssapi-with-mic' is not susceptible to.
# GSSAPIEnableMITMAttack no
@@ -10,9 +12,12 @@
+SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+SendEnv LC_IDENTIFICATION LC_ALL
# VisualHostKey no
---- sshd_config
+ # ProxyCommand ssh -q -W %h:%p gateway.example.com
+Index: sshd_config
+===================================================================
+--- sshd_config.orig
+++ sshd_config
-@@ -119,6 +119,11 @@
+@@ -117,6 +117,11 @@ X11Forwarding yes
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
++++++ openssh-5.2p1-tmpdir.diff -> openssh-5.4p1-tmpdir.diff ++++++
--- openssh/openssh-5.2p1-tmpdir.diff 2009-03-03 22:42:45.000000000 +0100
+++ openssh/openssh-5.4p1-tmpdir.diff 2010-03-23 18:59:27.000000000 +0100
@@ -1,6 +1,8 @@
---- ssh-agent.c
+Index: ssh-agent.c
+===================================================================
+--- ssh-agent.c.orig
+++ ssh-agent.c
-@@ -1159,8 +1159,18 @@
+@@ -1174,8 +1174,18 @@ main(int ac, char **av)
parent_pid = getpid();
if (agentsocket == NULL) {
++++++ openssh-5.2p1-xauth.diff -> openssh-5.4p1-xauth.diff ++++++
--- openssh/openssh-5.2p1-xauth.diff 2009-03-03 22:42:45.000000000 +0100
+++ openssh/openssh-5.4p1-xauth.diff 2010-03-23 18:59:28.000000000 +0100
@@ -1,6 +1,8 @@
---- session.c
+Index: session.c
+===================================================================
+--- session.c.orig
+++ session.c
-@@ -2493,8 +2493,41 @@
+@@ -2521,8 +2521,41 @@ void
session_close(Session *s)
{
u_int i;
++++++ openssh-5.2p1-xauthlocalhostname.diff -> openssh-5.4p1-xauthlocalhostname.diff ++++++
--- openssh/openssh-5.2p1-xauthlocalhostname.diff 2009-03-03 22:42:45.000000000 +0100
+++ openssh/openssh-5.4p1-xauthlocalhostname.diff 2010-03-23 18:59:28.000000000 +0100
@@ -1,6 +1,8 @@
---- session.c
+Index: session.c
+===================================================================
+--- session.c.orig
+++ session.c
-@@ -1110,7 +1110,7 @@
+@@ -1113,7 +1113,7 @@ copy_environment(char **source, char ***
}
static char **
@@ -9,7 +11,7 @@
{
char buf[256];
u_int i, envsize;
-@@ -1297,6 +1297,8 @@
+@@ -1300,6 +1300,8 @@ do_setup_env(Session *s, const char *she
for (i = 0; env[i]; i++)
fprintf(stderr, " %.200s\n", env[i]);
}
@@ -18,7 +20,7 @@
return env;
}
-@@ -1305,7 +1307,7 @@
+@@ -1308,7 +1310,7 @@ do_setup_env(Session *s, const char *she
* first in this order).
*/
static void
@@ -27,7 +29,7 @@
{
FILE *f = NULL;
char cmd[1024];
-@@ -1359,12 +1361,20 @@
+@@ -1362,12 +1364,20 @@ do_rc_files(Session *s, const char *shel
options.xauth_location);
f = popen(cmd, "w");
if (f) {
@@ -48,7 +50,7 @@
} else {
fprintf(stderr, "Could not run %s\n",
cmd);
-@@ -1650,6 +1660,7 @@
+@@ -1669,6 +1679,7 @@ do_child(Session *s, const char *command
{
extern char **environ;
char **env;
@@ -56,7 +58,7 @@
char *argv[ARGV_MAX];
const char *shell, *shell0, *hostname = NULL;
struct passwd *pw = s->pw;
-@@ -1716,7 +1727,7 @@
+@@ -1735,7 +1746,7 @@ do_child(Session *s, const char *command
* Make sure $SHELL points to the shell from the password file,
* even if shell is overridden from login.conf
*/
@@ -65,7 +67,7 @@
#ifdef HAVE_LOGIN_CAP
shell = login_getcapstr(lc, "shell", (char *)shell, (char *)shell);
-@@ -1784,7 +1795,7 @@
+@@ -1803,7 +1814,7 @@ do_child(Session *s, const char *command
closefrom(STDERR_FILENO + 1);
if (!options.use_login)
++++++ openssh-5.2p1.dif -> openssh-5.4p1.dif ++++++
--- openssh/openssh-5.2p1.dif 2009-03-03 22:42:45.000000000 +0100
+++ openssh/openssh-5.4p1.dif 2010-03-23 18:59:29.000000000 +0100
@@ -1,4 +1,6 @@
---- ssh_config
+Index: ssh_config
+===================================================================
+--- ssh_config.orig
+++ ssh_config
@@ -17,9 +17,20 @@
# list of available options, their meanings and defaults, please see the
@@ -22,9 +24,11 @@
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
---- sshd_config
+Index: sshd_config
+===================================================================
+--- sshd_config.orig
+++ sshd_config
-@@ -88,7 +88,7 @@
+@@ -86,7 +86,7 @@
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
@@ -33,9 +37,11 @@
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
---- sshlogin.c
+Index: sshlogin.c
+===================================================================
+--- sshlogin.c.orig
+++ sshlogin.c
-@@ -125,6 +125,7 @@
+@@ -133,6 +133,7 @@ record_login(pid_t pid, const char *tty,
li = login_alloc_entry(pid, user, host, tty);
login_set_addr(li, addr, addrlen);
++++++ openssh-5.2p1.tar.bz2 -> openssh-5.4p1.tar.bz2 ++++++
++++ 30354 lines of diff (skipped)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org