Hello community,
here is the log from the commit of package openssh for openSUSE:Factory
checked in at Fri Jul 23 17:15:44 CEST 2010.
--------
--- openssh/openssh.changes 2010-06-30 16:02:12.000000000 +0200
+++ openssh/openssh.changes 2010-07-22 17:58:08.000000000 +0200
@@ -1,0 +2,12 @@
+Thu Jul 22 17:58:09 CEST 2010 - anicka@suse.cz
+
+- update to 5.5p1
+
+-------------------------------------------------------------------
+Tue Jul 20 17:19:24 CEST 2010 - anicka@suse.cz
+
+- update to 5.5p1
+ * Allow ChrootDirectory to work in SELinux platforms.
+ * bugfixes
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
openssh-5.4p1-askpass-fix.diff
openssh-5.4p1-audit.patch
openssh-5.4p1-blocksigalrm.diff
openssh-5.4p1-default-protocol.diff
openssh-5.4p1-eal3.diff
openssh-5.4p1-engines.diff
openssh-5.4p1-forwards.diff
openssh-5.4p1-gssapimitm.patch
openssh-5.4p1-homechroot.patch
openssh-5.4p1-pam-fix2.diff
openssh-5.4p1-pam-fix3.diff
openssh-5.4p1-pts.diff
openssh-5.4p1-saveargv-fix.diff
openssh-5.4p1-send_locale.diff
openssh-5.4p1-sftp-leak.diff
openssh-5.4p1-sshconfig-knownhostschanges.diff
openssh-5.4p1-tmpdir.diff
openssh-5.4p1-xauth.diff
openssh-5.4p1-xauthlocalhostname.diff
openssh-5.4p1.dif
openssh-5.4p1.tar.bz2
New:
----
openssh-5.5p1-askpass-fix.diff
openssh-5.5p1-audit.patch
openssh-5.5p1-blocksigalrm.diff
openssh-5.5p1-default-protocol.diff
openssh-5.5p1-eal3.diff
openssh-5.5p1-engines.diff
openssh-5.5p1-forwards.diff
openssh-5.5p1-gssapimitm.patch
openssh-5.5p1-homechroot.patch
openssh-5.5p1-pam-fix2.diff
openssh-5.5p1-pam-fix3.diff
openssh-5.5p1-pts.diff
openssh-5.5p1-saveargv-fix.diff
openssh-5.5p1-send_locale.diff
openssh-5.5p1-sftp-leak.diff
openssh-5.5p1-sshconfig-knownhostschanges.diff
openssh-5.5p1-tmpdir.diff
openssh-5.5p1-xauth.diff
openssh-5.5p1-xauthlocalhostname.diff
openssh-5.5p1.dif
openssh-5.5p1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssh-askpass-gnome.spec ++++++
--- /var/tmp/diff_new_pack.B4kGlr/_old 2010-07-23 17:14:02.000000000 +0200
+++ /var/tmp/diff_new_pack.B4kGlr/_new 2010-07-23 17:14:02.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package openssh-askpass-gnome (Version 5.4p1)
+# spec file for package openssh-askpass-gnome (Version 5.5p1)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -22,8 +22,8 @@
BuildRequires: gtk2-devel krb5-devel opensc-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
License: BSD3c(or similar)
Group: Productivity/Networking/SSH
-Version: 5.4p1
-Release: 6
+Version: 5.5p1
+Release: 1
Requires: openssh = %{version} openssh-askpass = %{version}
AutoReqProv: on
Summary: A GNOME-Based Passphrase Dialog for OpenSSH
++++++ openssh.spec ++++++
--- /var/tmp/diff_new_pack.B4kGlr/_old 2010-07-23 17:14:02.000000000 +0200
+++ /var/tmp/diff_new_pack.B4kGlr/_new 2010-07-23 17:14:02.000000000 +0200
@@ -1,5 +1,5 @@
#
-# spec file for package openssh (Version 5.4p1)
+# spec file for package openssh (Version 5.5p1)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@@ -35,8 +35,8 @@
PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils permissions
Conflicts: nonfreessh
AutoReqProv: on
-Version: 5.4p1
-Release: 6
+Version: 5.5p1
+Release: 1
%define xversion 1.2.4.1
Summary: Secure Shell Client and Server (Remote Login Program)
Url: http://www.openssh.com/
++++++ openssh-5.4p1-askpass-fix.diff -> openssh-5.5p1-askpass-fix.diff ++++++
++++++ openssh-5.4p1-audit.patch -> openssh-5.5p1-audit.patch ++++++
++++++ openssh-5.4p1-blocksigalrm.diff -> openssh-5.5p1-blocksigalrm.diff ++++++
++++++ openssh-5.4p1-default-protocol.diff -> openssh-5.5p1-default-protocol.diff ++++++
++++++ openssh-5.4p1-eal3.diff -> openssh-5.5p1-eal3.diff ++++++
++++++ openssh-5.4p1-engines.diff -> openssh-5.5p1-engines.diff ++++++
++++++ openssh-5.4p1-forwards.diff -> openssh-5.5p1-forwards.diff ++++++
++++++ openssh-5.4p1-gssapimitm.patch -> openssh-5.5p1-gssapimitm.patch ++++++
++++++ openssh-5.4p1-homechroot.patch -> openssh-5.5p1-homechroot.patch ++++++
++++++ openssh-5.4p1-pam-fix2.diff -> openssh-5.5p1-pam-fix2.diff ++++++
++++++ openssh-5.4p1-pam-fix2.diff -> openssh-5.5p1-pam-fix3.diff ++++++
--- openssh/openssh-5.4p1-pam-fix2.diff 2010-03-23 18:59:26.000000000 +0100
+++ openssh/openssh-5.5p1-pam-fix3.diff 2010-07-20 17:38:12.000000000 +0200
@@ -1,22 +1,13 @@
-Index: sshd_config
-===================================================================
---- sshd_config.orig
-+++ sshd_config
-@@ -56,7 +56,7 @@
- #IgnoreRhosts yes
-
- # To disable tunneled clear text passwords, change to no here!
--#PasswordAuthentication yes
-+PasswordAuthentication no
- #PermitEmptyPasswords no
-
- # Change to no to disable s/key passwords
-@@ -81,7 +81,7 @@
- # If you just want the PAM account and session checks to run without
- # PAM authentication, then enable this but set PasswordAuthentication
- # and ChallengeResponseAuthentication to 'no'.
--#UsePAM no
-+UsePAM yes
-
- #AllowAgentForwarding yes
- #AllowTcpForwarding yes
+--- auth-pam.c
++++ auth-pam.c
+@@ -786,7 +786,9 @@
+ fatal("Internal error: PAM auth "
+ "succeeded when it should have "
+ "failed");
+- import_environments(&buffer);
++#ifndef USE_POSIX_THREADS
++ import_environments(&buffer);
++#endif
+ *num = 0;
+ **echo_on = 0;
+ ctxt->pam_done = 1;
++++++ openssh-5.4p1-pts.diff -> openssh-5.5p1-pts.diff ++++++
++++++ openssh-5.4p1-saveargv-fix.diff -> openssh-5.5p1-saveargv-fix.diff ++++++
++++++ openssh-5.4p1-send_locale.diff -> openssh-5.5p1-send_locale.diff ++++++
++++++ openssh-5.4p1-sftp-leak.diff -> openssh-5.5p1-sftp-leak.diff ++++++
++++++ openssh-5.4p1-sshconfig-knownhostschanges.diff -> openssh-5.5p1-sshconfig-knownhostschanges.diff ++++++
++++++ openssh-5.4p1-tmpdir.diff -> openssh-5.5p1-tmpdir.diff ++++++
++++++ openssh-5.4p1-xauth.diff -> openssh-5.5p1-xauth.diff ++++++
++++++ openssh-5.4p1-xauthlocalhostname.diff -> openssh-5.5p1-xauthlocalhostname.diff ++++++
++++++ openssh-5.4p1.dif -> openssh-5.5p1.dif ++++++
++++++ openssh-5.4p1.tar.bz2 -> openssh-5.5p1.tar.bz2 ++++++
++++ 1710 lines of diff (skipped)
++++ retrying with extended exclude list
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ChangeLog new/openssh-5.5p1/ChangeLog
--- old/openssh-5.4p1/ChangeLog 2010-03-08 01:30:28.000000000 +0100
+++ new/openssh-5.5p1/ChangeLog 2010-04-10 14:58:01.000000000 +0200
@@ -1,4 +1,120 @@
-20100307
+20100410
+ - (dtucker) [configure.ac] Put the check for the existence of getaddrinfo
+ back so we disable the IPv6 tests if we don't have it.
+
+20100409
+ - (dtucker) [contrib/cygwin/Makefile] Don't overwrite files with the wrong
+ ones. Based on a patch from Roumen Petrov.
+ - (dtucker) [configure.ac] Bug #1744: use pkg-config for libedit flags if we
+ have it and the path is not provided to --with-libedit. Based on a patch
+ from Iain Morgan.
+ - (dtucker) [configure.ac defines.h loginrec.c logintest.c] Bug #1732: enable
+ utmpx support on FreeBSD where possible. Patch from Ed Schouten, ok djm@
+
+20100326
+ - (djm) [openbsd-compat/bsd-arc4random.c] Fix preprocessor detection
+ for arc4random_buf() and arc4random_uniform(); from Josh Gilkerson
+ - (dtucker) [configure.ac] Bug #1741: Add section for Haiku, patch originally
+ by Ingo Weinhold via Scott McCreary, ok djm@
+ - (djm) OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2010/03/25 23:38:28
+ [servconf.c]
+ from portable: getcwd(NULL, 0) doesn't work on all platforms, so
+ use a stack buffer; ok dtucker@
+ - djm@cvs.openbsd.org 2010/03/26 00:26:58
+ [ssh.1]
+ mention that -S none disables connection sharing; from Colin Watson
+ - (djm) [session.c] Allow ChrootDirectory to work on SELinux platforms -
+ set up SELinux execution context before chroot() call. From Russell
+ Coker via Colin watson; bz#1726 ok dtucker@
+ - (djm) [channels.c] Check for EPFNOSUPPORT as a socket() errno; bz#1721
+ ok dtucker@
+ - (dtucker) Bug #1725: explicitly link libX11 into gnome-ssh-askpass2 using
+ pkg-config, patch from Colin Watson. Needed for newer linkers (ie gold).
+ - (djm) [contrib/ssh-copy-id] Don't blow up when the agent has no keys;
+ bz#1723 patch from Adeodato Simóvia Colin Watson; ok dtucker@
+ - (dtucker) OpenBSD CVS Sync
+ - dtucker@cvs.openbsd.org 2010/03/26 01:06:13
+ [ssh_config.5]
+ Reformat default value of PreferredAuthentications entry (current
+ formatting implies ", " is acceptable as a separator, which it's not.
+ ok djm@
+
+20100324
+ - (dtucker) [contrib/cygwin/ssh-host-config] Mount the Windows directory
+ containing the services file explicitely case-insensitive. This allows to
+ tweak the Windows services file reliably. Patch from vinschen at redhat.
+
+20100321
+ - (djm) OpenBSD CVS Sync
+ - jmc@cvs.openbsd.org 2010/03/08 09:41:27
+ [ssh-keygen.1]
+ sort the list of constraints (to -O); ok djm
+ - jmc@cvs.openbsd.org 2010/03/10 07:40:35
+ [ssh-keygen.1]
+ typos; from Ross Richardson
+ closes prs 6334 and 6335
+ - djm@cvs.openbsd.org 2010/03/10 23:27:17
+ [auth2-pubkey.c]
+ correct certificate logging and make it more consistent between
+ authorized_keys and TrustedCAKeys; ok markus@
+ - djm@cvs.openbsd.org 2010/03/12 01:06:25
+ [servconf.c]
+ unbreak AuthorizedKeys option with a $HOME-relative path; reported by
+ vinschen AT redhat.com, ok dtucker@
+ - markus@cvs.openbsd.org 2010/03/12 11:37:40
+ [servconf.c]
+ do not prepend AuthorizedKeysFile with getcwd(), unbreaks relative paths
+ free() (not xfree()) the buffer returned by getcwd()
+ - djm@cvs.openbsd.org 2010/03/13 21:10:38
+ [clientloop.c]
+ protocol conformance fix: send language tag when disconnecting normally;
+ spotted by 1.41421 AT gmail.com, ok markus@ deraadt@
+ - djm@cvs.openbsd.org 2010/03/13 21:45:46
+ [ssh-keygen.1]
+ Certificates are named *-cert.pub, not *_cert.pub; committing a diff
+ from stevesk@ ok me
+ - jmc@cvs.openbsd.org 2010/03/13 23:38:13
+ [ssh-keygen.1]
+ fix a formatting error (args need quoted); noted by stevesk
+ - stevesk@cvs.openbsd.org 2010/03/15 19:40:02
+ [key.c key.h ssh-keygen.c]
+ also print certificate type (user or host) for ssh-keygen -L
+ ok djm kettenis
+ - stevesk@cvs.openbsd.org 2010/03/16 15:46:52
+ [auth-options.c]
+ spelling in error message. ok djm kettenis
+ - djm@cvs.openbsd.org 2010/03/16 16:36:49
+ [version.h]
+ crank version to openssh-5.5 since we have a few fixes since 5.4;
+ requested deraadt@ kettenis@
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] Crank version numbers
+
+20100314
+ - (djm) [ssh-pkcs11-helper.c] Move #ifdef to after #defines to fix
+ compilation failure when !HAVE_DLOPEN. Reported by felix-mindrot
+ AT fefe.de
+ - (djm) [Makefile.in] Respecify -lssh after -lopenbsd-compat for
+ ssh-pkcs11-helper to repair static builds (we do the same for
+ ssh-keyscan). Reported by felix-mindrot AT fefe.de
+
+20100312
+ - (tim) [Makefile.in] Now that scard is gone, no need to make $(datadir)
+ - (tim) [Makefile.in] Add missing $(EXEEXT) to install targets.
+ Patch from Corinna Vinschen.
+ - (tim) [contrib/cygwin/Makefile] Fix list of documentation files to install
+ on a Cygwin installation. Patch from Corinna Vinschen.
+
+20100311
+ - (tim) [contrib/suse/openssh.spec] crank version number here too.
+ report by imorgan AT nas.nasa.gov
+
+20100309
+ - (dtucker) [configure.ac] Use a proper AC_CHECK_DECL for BROKEN_GETADDRINFO
+ so setting it in CFLAGS correctly skips IPv6 tests.
+
+20100308
- (djm) OpenBSD CVS Sync
- djm@cvs.openbsd.org 2010/03/07 22:16:01
[ssh-keygen.c]
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/README new/openssh-5.5p1/README
--- old/openssh-5.4p1/README 2010-03-07 23:41:02.000000000 +0100
+++ new/openssh-5.5p1/README 2010-03-21 20:11:55.000000000 +0100
@@ -1,4 +1,4 @@
-See http://www.openssh.com/txt/release-5.4 for the release notes.
+See http://www.openssh.com/txt/release-5.5 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -62,4 +62,4 @@
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
-$Id: README,v 1.72 2010/03/07 22:41:02 djm Exp $
+$Id: README,v 1.73 2010/03/21 19:11:55 djm Exp $
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/auth-options.c new/openssh-5.5p1/auth-options.c
--- old/openssh-5.4p1/auth-options.c 2010-03-07 13:05:17.000000000 +0100
+++ new/openssh-5.5p1/auth-options.c 2010-03-21 19:59:02.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth-options.c,v 1.48 2010/03/07 11:57:13 dtucker Exp $ */
+/* $OpenBSD: auth-options.c,v 1.49 2010/03/16 15:46:52 stevesk Exp $ */
/*
* Author: Tatu Ylonen
* Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
@@ -434,7 +434,7 @@
goto out;
}
if (strlen(command) != clen) {
- error("force-command constrain contains \\0");
+ error("force-command constraint contains \\0");
goto out;
}
if (cert_forced_command != NULL) {
@@ -454,7 +454,7 @@
goto out;
}
if (strlen(allowed) != clen) {
- error("source-address constrain contains \\0");
+ error("source-address constraint contains \\0");
goto out;
}
if (cert_source_address_done++) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/auth2-pubkey.c new/openssh-5.5p1/auth2-pubkey.c
--- old/openssh-5.4p1/auth2-pubkey.c 2010-03-04 11:53:35.000000000 +0100
+++ new/openssh-5.5p1/auth2-pubkey.c 2010-03-21 19:51:21.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: auth2-pubkey.c,v 1.21 2010/03/04 10:36:03 djm Exp $ */
+/* $OpenBSD: auth2-pubkey.c,v 1.22 2010/03/10 23:27:17 djm Exp $ */
/*
* Copyright (c) 2000 Markus Friedl. All rights reserved.
*
@@ -240,22 +240,26 @@
continue;
if (!key_equal(found, key->cert->signature_key))
continue;
- debug("matching CA found: file %s, line %lu",
- file, linenum);
fp = key_fingerprint(found, SSH_FP_MD5,
SSH_FP_HEX);
- verbose("Found matching %s CA: %s",
- key_type(found), fp);
- xfree(fp);
+ debug("matching CA found: file %s, line %lu, %s %s",
+ file, linenum, key_type(found), fp);
if (key_cert_check_authority(key, 0, 0, pw->pw_name,
&reason) != 0) {
+ xfree(fp);
error("%s", reason);
auth_debug_add("%s", reason);
continue;
}
if (auth_cert_constraints(&key->cert->constraints,
- pw) != 0)
+ pw) != 0) {
+ xfree(fp);
continue;
+ }
+ verbose("Accepted certificate ID \"%s\" "
+ "signed by %s CA %s via %s", key->cert->key_id,
+ key_type(found), fp, file);
+ xfree(fp);
found_key = 1;
break;
} else if (!key_is_cert_authority && key_equal(found, key)) {
@@ -281,15 +285,15 @@
static int
user_cert_trusted_ca(struct passwd *pw, Key *key)
{
- char *key_fp, *ca_fp;
+ char *ca_fp;
const char *reason;
int ret = 0;
if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL)
return 0;
- key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
- ca_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ ca_fp = key_fingerprint(key->cert->signature_key,
+ SSH_FP_MD5, SSH_FP_HEX);
if (key_in_file(key->cert->signature_key,
options.trusted_user_ca_keys, 1) != 1) {
@@ -306,13 +310,12 @@
if (auth_cert_constraints(&key->cert->constraints, pw) != 0)
goto out;
- verbose("%s certificate %s allowed by trusted %s key %s",
- key_type(key), key_fp, key_type(key->cert->signature_key), ca_fp);
+ verbose("Accepted certificate ID \"%s\" signed by %s CA %s via %s",
+ key->cert->key_id, key_type(key->cert->signature_key), ca_fp,
+ options.trusted_user_ca_keys);
ret = 1;
out:
- if (key_fp != NULL)
- xfree(key_fp);
if (ca_fp != NULL)
xfree(ca_fp);
return ret;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/channels.c new/openssh-5.5p1/channels.c
--- old/openssh-5.4p1/channels.c 2010-02-02 07:02:07.000000000 +0100
+++ new/openssh-5.5p1/channels.c 2010-03-26 01:09:45.000000000 +0100
@@ -3252,7 +3252,11 @@
sock = socket(ai->ai_family, ai->ai_socktype,
ai->ai_protocol);
if (sock < 0) {
- if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) {
+ if ((errno != EINVAL) && (errno != EAFNOSUPPORT)
+#ifdef EPFNOSUPPORT
+ && (errno != EPFNOSUPPORT)
+#endif
+ ) {
error("socket: %.100s", strerror(errno));
freeaddrinfo(aitop);
return -1;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/clientloop.c new/openssh-5.5p1/clientloop.c
--- old/openssh-5.4p1/clientloop.c 2010-01-30 07:28:35.000000000 +0100
+++ new/openssh-5.5p1/clientloop.c 2010-03-21 19:54:02.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: clientloop.c,v 1.218 2010/01/28 00:21:18 djm Exp $ */
+/* $OpenBSD: clientloop.c,v 1.219 2010/03/13 21:10:38 djm Exp $ */
/*
* Author: Tatu Ylonen
* Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
@@ -1484,6 +1484,7 @@
packet_start(SSH2_MSG_DISCONNECT);
packet_put_int(SSH2_DISCONNECT_BY_APPLICATION);
packet_put_cstring("disconnected by user");
+ packet_put_cstring(""); /* language tag */
packet_send();
packet_write_wait();
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/config.h.in new/openssh-5.5p1/config.h.in
--- old/openssh-5.4p1/config.h.in 2010-03-08 01:30:57.000000000 +0100
+++ new/openssh-5.5p1/config.h.in 2010-04-16 02:17:09.000000000 +0200
@@ -80,9 +80,6 @@
/* Define if you want to specify the path to your lastlog file */
#undef CONF_LASTLOG_FILE
-/* Define if you want to specify the path to your utmpx file */
-#undef CONF_UTMPX_FILE
-
/* Define if you want to specify the path to your utmp file */
#undef CONF_UTMP_FILE
@@ -455,6 +452,9 @@
/* Define to 1 if you have the `getutxline' function. */
#undef HAVE_GETUTXLINE
+/* Define to 1 if you have the `getutxuser' function. */
+#undef HAVE_GETUTXUSER
+
/* Define to 1 if you have the `get_default_context_with_level' function. */
#undef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL
@@ -551,6 +551,9 @@
/* Define if system has libiaf that supports set_id */
#undef HAVE_LIBIAF
+/* Define to 1 if you have the `network' library (-lnetwork). */
+#undef HAVE_LIBNETWORK
+
/* Define to 1 if you have the `nsl' library (-lnsl). */
#undef HAVE_LIBNSL
@@ -804,6 +807,9 @@
/* Define to 1 if you have the `setutent' function. */
#undef HAVE_SETUTENT
+/* Define to 1 if you have the `setutxdb' function. */
+#undef HAVE_SETUTXDB
+
/* Define to 1 if you have the `setutxent' function. */
#undef HAVE_SETUTXENT
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/configure.ac new/openssh-5.5p1/configure.ac
--- old/openssh-5.4p1/configure.ac 2010-03-05 05:04:35.000000000 +0100
+++ new/openssh-5.5p1/configure.ac 2010-04-10 14:58:01.000000000 +0200
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.444 2010/03/05 04:04:35 djm Exp $
+# $Id: configure.ac,v 1.449 2010/04/10 12:58:01 dtucker Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.444 $)
+AC_REVISION($Revision: 1.449 $)
AC_CONFIG_SRCDIR([ssh.c])
AC_CONFIG_HEADER(config.h)
@@ -488,6 +488,12 @@
*-*-dragonfly*)
SSHDLIBS="$SSHDLIBS -lcrypt"
;;
+*-*-haiku*)
+ LIBS="$LIBS -lbsd "
+ AC_CHECK_LIB(network, socket)
+ AC_DEFINE(HAVE_U_INT64_T)
+ MANTYPE=man
+ ;;
*-*-hpux*)
# first we define all of the options common to all HP-UX releases
CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_XOPEN_SOURCE -D_XOPEN_SOURCE_EXTENDED=1"
@@ -1248,7 +1254,18 @@
AC_ARG_WITH(libedit,
[ --with-libedit[[=PATH]] Enable libedit support for sftp],
[ if test "x$withval" != "xno" ; then
- if test "x$withval" != "xyes"; then
+ if test "x$withval" = "xyes" ; then
+ AC_PATH_PROG(PKGCONFIG, pkg-config, no)
+ if test "x$PKGCONFIG" != "xno"; then
+ AC_MSG_CHECKING(if $PKGCONFIG knows about libedit)
+ if "$PKGCONFIG" libedit; then
+ AC_MSG_RESULT(yes)
+ use_pkgconfig_for_libedit=yes
+ else
+ AC_MSG_RESULT(no)
+ fi
+ fi
+ else
CPPFLAGS="$CPPFLAGS -I${withval}/include"
if test -n "${need_dash_r}"; then
LDFLAGS="-L${withval}/lib -R${withval}/lib ${LDFLAGS}"
@@ -1256,14 +1273,20 @@
LDFLAGS="-L${withval}/lib ${LDFLAGS}"
fi
fi
+ if test "x$use_pkgconfig_for_libedit" == "xyes"; then
+ LIBEDIT=`$PKGCONFIG --libs-only-l libedit`
+ CPPFLAGS="$CPPFLAGS `$PKGCONFIG --cflags libedit`"
+ else
+ LIBEDIT="-ledit -lcurses"
+ fi
+ OTHERLIBS=`echo $LIBEDIT | sed 's/-ledit//'`
AC_CHECK_LIB(edit, el_init,
[ AC_DEFINE(USE_LIBEDIT, 1, [Use libedit for sftp])
- LIBEDIT="-ledit -lcurses"
LIBEDIT_MSG="yes"
AC_SUBST(LIBEDIT)
],
[ AC_MSG_ERROR(libedit not found) ],
- [ -lcurses ]
+ [ $OTHERLIBS ]
)
AC_MSG_CHECKING(if libedit version is compatible)
AC_COMPILE_IFELSE(
@@ -1534,8 +1557,8 @@
AC_CHECK_FUNCS(endutent getutent getutid getutline pututline setutent)
AC_CHECK_FUNCS(utmpname)
dnl Checks for utmpx functions
-AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline pututxline )
-AC_CHECK_FUNCS(setutxent utmpxname)
+AC_CHECK_FUNCS(endutxent getutxent getutxid getutxline getutxuser pututxline)
+AC_CHECK_FUNCS(setutxdb setutxent utmpxname)
dnl Checks for lastlog functions
AC_CHECK_FUNCS(getlastlogxbyname)
@@ -4064,34 +4087,6 @@
fi
-dnl utmpx detection - I don't know any system so perverse as to require
-dnl utmpx, but not define UTMPX_FILE (ditto wtmpx.) No doubt it's out
-dnl there, though.
-AC_MSG_CHECKING([if your system defines UTMPX_FILE])
-AC_TRY_COMPILE([
-#include
-#include
-#ifdef HAVE_UTMPX_H
-#include
-#endif
-#ifdef HAVE_PATHS_H
-# include
-#endif
- ],
- [ char *utmpx = UTMPX_FILE; ],
- [ AC_MSG_RESULT(yes) ],
- [ AC_MSG_RESULT(no)
- system_utmpx_path=no ]
-)
-if test -z "$conf_utmpx_location"; then
- if test x"$system_utmpx_path" = x"no" ; then
- AC_DEFINE(DISABLE_UTMPX)
- fi
-else
- AC_DEFINE_UNQUOTED(CONF_UTMPX_FILE, "$conf_utmpx_location",
- [Define if you want to specify the path to your utmpx file])
-fi
-
dnl wtmpx detection
AC_MSG_CHECKING([if your system defines WTMPX_FILE])
AC_TRY_COMPILE([
@@ -4128,12 +4123,13 @@
dnl Add now.
CFLAGS="$CFLAGS $werror_flags"
-if grep "#define BROKEN_GETADDRINFO 1" confdefs.h >/dev/null || \
- test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
- AC_SUBST(TEST_SSH_IPV6, no)
+if test "x$ac_cv_func_getaddrinfo" != "xyes" ; then
+ TEST_SSH_IPV6=no
else
- AC_SUBST(TEST_SSH_IPV6, yes)
+ TEST_SSH_IPV6=yes
fi
+AC_CHECK_DECL(BROKEN_GETADDRINFO, TEST_SSH_IPV6=no)
+AC_SUBST(TEST_SSH_IPV6, $TEST_SSH_IPV6)
AC_EXEEXT
AC_CONFIG_FILES([Makefile buildpkg.sh opensshd.init openssh.xml \
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/contrib/Makefile new/openssh-5.5p1/contrib/Makefile
--- old/openssh-5.4p1/contrib/Makefile 2002-09-30 02:44:40.000000000 +0200
+++ new/openssh-5.5p1/contrib/Makefile 2010-03-26 01:16:39.000000000 +0100
@@ -9,7 +9,7 @@
gnome-ssh-askpass2: gnome-ssh-askpass2.c
$(CC) `pkg-config --cflags gtk+-2.0` \
gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
- `pkg-config --libs gtk+-2.0`
+ `pkg-config --libs gtk+-2.0 x11`
clean:
rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/contrib/caldera/openssh.spec new/openssh-5.5p1/contrib/caldera/openssh.spec
--- old/openssh-5.4p1/contrib/caldera/openssh.spec 2010-03-07 23:41:03.000000000 +0100
+++ new/openssh-5.5p1/contrib/caldera/openssh.spec 2010-03-21 20:11:58.000000000 +0100
@@ -17,11 +17,11 @@
#old cvs stuff. please update before use. may be deprecated.
%define use_stable 1
%if %{use_stable}
- %define version 5.4p1
+ %define version 5.5p1
%define cvs %{nil}
%define release 1
%else
- %define version 5.4p1
+ %define version 5.5p1
%define cvs cvs20050315
%define release 0r1
%endif
@@ -360,4 +360,4 @@
* Mon Jan 01 1998 ...
Template Version: 1.31
-$Id: openssh.spec,v 1.69 2010/03/07 22:41:03 djm Exp $
+$Id: openssh.spec,v 1.70 2010/03/21 19:11:58 djm Exp $
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/contrib/cygwin/Makefile new/openssh-5.5p1/contrib/cygwin/Makefile
--- old/openssh-5.4p1/contrib/cygwin/Makefile 2009-12-27 00:40:47.000000000 +0100
+++ new/openssh-5.5p1/contrib/cygwin/Makefile 2010-04-09 05:35:24.000000000 +0200
@@ -42,11 +42,13 @@
$(INSTALL) -m 644 $(srcdir)/OVERVIEW $(DESTDIR)$(sshdocdir)/OVERVIEW
$(INSTALL) -m 644 $(srcdir)/PROTOCOL $(DESTDIR)$(sshdocdir)/PROTOCOL
$(INSTALL) -m 644 $(srcdir)/PROTOCOL.agent $(DESTDIR)$(sshdocdir)/PROTOCOL.agent
+ $(INSTALL) -m 644 $(srcdir)/PROTOCOL.certkeys $(DESTDIR)$(sshdocdir)/PROTOCOL.certkeys
+ $(INSTALL) -m 644 $(srcdir)/PROTOCOL.mux $(DESTDIR)$(sshdocdir)/PROTOCOL.mux
$(INSTALL) -m 644 $(srcdir)/README $(DESTDIR)$(sshdocdir)/README
$(INSTALL) -m 644 $(srcdir)/README.dns $(DESTDIR)$(sshdocdir)/README.dns
$(INSTALL) -m 644 $(srcdir)/README.platform $(DESTDIR)$(sshdocdir)/README.platform
$(INSTALL) -m 644 $(srcdir)/README.privsep $(DESTDIR)$(sshdocdir)/README.privsep
- $(INSTALL) -m 644 $(srcdir)/README.smartcard $(DESTDIR)$(sshdocdir)/README.smartcard
+ $(INSTALL) -m 644 $(srcdir)/README.tun $(DESTDIR)$(sshdocdir)/README.tun
$(INSTALL) -m 644 $(srcdir)/TODO $(DESTDIR)$(sshdocdir)/TODO
$(INSTALL) -m 644 $(srcdir)/WARNING.RNG $(DESTDIR)$(sshdocdir)/WARNING.RNG
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/contrib/cygwin/ssh-host-config new/openssh-5.5p1/contrib/cygwin/ssh-host-config
--- old/openssh-5.4p1/contrib/cygwin/ssh-host-config 2009-07-12 13:58:42.000000000 +0200
+++ new/openssh-5.5p1/contrib/cygwin/ssh-host-config 2010-03-24 03:03:32.000000000 +0100
@@ -90,7 +90,7 @@
fi
_serv_tmp="${_my_etcdir}/srv.out.$$"
- mount -o text -f "${_win_etcdir}" "${_my_etcdir}"
+ mount -o text,posix=0,noacl -f "${_win_etcdir}" "${_my_etcdir}"
# Depends on the above mount
_wservices=`cygpath -w "${_services}"`
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/contrib/redhat/openssh.spec new/openssh-5.5p1/contrib/redhat/openssh.spec
--- old/openssh-5.4p1/contrib/redhat/openssh.spec 2010-03-07 23:41:04.000000000 +0100
+++ new/openssh-5.5p1/contrib/redhat/openssh.spec 2010-03-21 20:11:59.000000000 +0100
@@ -1,4 +1,4 @@
-%define ver 5.4p1
+%define ver 5.5p1
%define rel 1
# OpenSSH privilege separation requires a user & group ID
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/contrib/ssh-copy-id new/openssh-5.5p1/contrib/ssh-copy-id
--- old/openssh-5.4p1/contrib/ssh-copy-id 2009-01-21 10:29:21.000000000 +0100
+++ new/openssh-5.5p1/contrib/ssh-copy-id 2010-03-26 01:18:28.000000000 +0100
@@ -19,7 +19,7 @@
shift # and this should leave $1 as the target name
fi
else
- if [ x$SSH_AUTH_SOCK != x ] ; then
+ if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then
GET_ID="$GET_ID ssh-add -L"
fi
fi
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/contrib/suse/openssh.spec new/openssh-5.5p1/contrib/suse/openssh.spec
--- old/openssh-5.4p1/contrib/suse/openssh.spec 2010-02-24 08:21:46.000000000 +0100
+++ new/openssh-5.5p1/contrib/suse/openssh.spec 2010-03-21 20:12:00.000000000 +0100
@@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
-Version: 5.3p1
+Version: 5.5p1
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/defines.h new/openssh-5.5p1/defines.h
--- old/openssh-5.4p1/defines.h 2010-01-14 00:44:34.000000000 +0100
+++ new/openssh-5.5p1/defines.h 2010-04-09 10:13:27.000000000 +0200
@@ -25,7 +25,7 @@
#ifndef _DEFINES_H
#define _DEFINES_H
-/* $Id: defines.h,v 1.159 2010/01/13 23:44:34 tim Exp $ */
+/* $Id: defines.h,v 1.160 2010/04/09 08:13:27 dtucker Exp $ */
/* Constants */
@@ -674,7 +674,7 @@
#else
/* Simply select your favourite login types. */
/* Can't do if-else because some systems use several... <sigh> */
-# if defined(UTMPX_FILE) && !defined(DISABLE_UTMPX)
+# if !defined(DISABLE_UTMPX)
# define USE_UTMPX
# endif
# if defined(UTMP_FILE) && !defined(DISABLE_UTMP)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/key.c new/openssh-5.5p1/key.c
--- old/openssh-5.4p1/key.c 2010-03-04 11:52:18.000000000 +0100
+++ new/openssh-5.5p1/key.c 2010-03-21 19:58:24.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.85 2010/03/04 01:44:57 djm Exp $ */
+/* $OpenBSD: key.c,v 1.86 2010/03/15 19:40:02 stevesk Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
@@ -802,6 +802,19 @@
}
const char *
+key_cert_type(const Key *k)
+{
+ switch (k->cert->type) {
+ case SSH2_CERT_TYPE_USER:
+ return "user";
+ case SSH2_CERT_TYPE_HOST:
+ return "host";
+ default:
+ return "unknown";
+ }
+}
+
+const char *
key_ssh_name(const Key *k)
{
switch (k->type) {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/key.h new/openssh-5.5p1/key.h
--- old/openssh-5.4p1/key.h 2010-02-26 21:55:05.000000000 +0100
+++ new/openssh-5.5p1/key.h 2010-03-21 19:58:24.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.h,v 1.28 2010/02/26 20:29:54 djm Exp $ */
+/* $OpenBSD: key.h,v 1.29 2010/03/15 19:40:02 stevesk Exp $ */
/*
* Copyright (c) 2000, 2001 Markus Friedl. All rights reserved.
@@ -82,6 +82,7 @@
char *key_fingerprint(Key *, enum fp_type, enum fp_rep);
u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *);
const char *key_type(const Key *);
+const char *key_cert_type(const Key *);
int key_write(const Key *, FILE *);
int key_read(Key *, char **);
u_int key_size(const Key *);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/loginrec.c new/openssh-5.5p1/loginrec.c
--- old/openssh-5.4p1/loginrec.c 2010-01-09 08:18:04.000000000 +0100
+++ new/openssh-5.5p1/loginrec.c 2010-04-09 10:13:27.000000000 +0200
@@ -207,6 +207,7 @@
int getlast_entry(struct logininfo *li);
int lastlog_get_entry(struct logininfo *li);
+int utmpx_get_entry(struct logininfo *li);
int wtmp_get_entry(struct logininfo *li);
int wtmpx_get_entry(struct logininfo *li);
@@ -508,6 +509,10 @@
#ifdef USE_LASTLOG
return(lastlog_get_entry(li));
#else /* !USE_LASTLOG */
+#if defined(USE_UTMPX) && defined(HAVE_SETUTXDB) && \
+ defined(UTXDB_LASTLOGIN) && defined(HAVE_GETUTXUSER)
+ return (utmpx_get_entry(li));
+#endif
#if defined(DISABLE_LASTLOG)
/* On some systems we shouldn't even try to obtain last login
@@ -1608,6 +1613,32 @@
#endif /* HAVE_GETLASTLOGXBYNAME */
#endif /* USE_LASTLOG */
+#if defined(USE_UTMPX) && defined(HAVE_SETUTXDB) && \
+ defined(UTXDB_LASTLOGIN) && defined(HAVE_GETUTXUSER)
+int
+utmpx_get_entry(struct logininfo *li)
+{
+ struct utmpx *utx;
+
+ if (setutxdb(UTXDB_LASTLOGIN, NULL) != 0)
+ return (0);
+ utx = getutxuser(li->username);
+ if (utx == NULL) {
+ endutxent();
+ return (0);
+ }
+
+ line_fullname(li->line, utx->ut_line,
+ MIN_SIZEOF(li->line, utx->ut_line));
+ strlcpy(li->hostname, utx->ut_host,
+ MIN_SIZEOF(li->hostname, utx->ut_host));
+ li->tv_sec = utx->ut_tv.tv_sec;
+ li->tv_usec = utx->ut_tv.tv_usec;
+ endutxent();
+ return (1);
+}
+#endif /* USE_UTMPX && HAVE_SETUTXDB && UTXDB_LASTLOGIN && HAVE_GETUTXUSER */
+
#ifdef USE_BTMP
/*
* Logs failed login attempts in _PATH_BTMP if that exists.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/logintest.c new/openssh-5.5p1/logintest.c
--- old/openssh-5.4p1/logintest.c 2006-07-24 06:51:01.000000000 +0200
+++ new/openssh-5.5p1/logintest.c 2010-04-09 10:13:27.000000000 +0200
@@ -264,7 +264,7 @@
printf("\tUSE_UTMP (UTMP_FILE=%s)\n", UTMP_FILE);
#endif
#ifdef USE_UTMPX
- printf("\tUSE_UTMPX (UTMPX_FILE=%s)\n", UTMPX_FILE);
+ printf("\tUSE_UTMPX\n");
#endif
#ifdef USE_WTMP
printf("\tUSE_WTMP (WTMP_FILE=%s)\n", WTMP_FILE);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/moduli.0 new/openssh-5.5p1/moduli.0
--- old/openssh-5.4p1/moduli.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/moduli.0 2010-04-16 02:17:11.000000000 +0200
@@ -69,4 +69,4 @@
Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer
Protocol, RFC 4419, 2006.
-OpenBSD 4.6 June 26, 2008 2
+OpenBSD 4.7 June 26, 2008 2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/openbsd-compat/bsd-arc4random.c new/openssh-5.5p1/openbsd-compat/bsd-arc4random.c
--- old/openssh-5.4p1/openbsd-compat/bsd-arc4random.c 2008-06-04 02:54:00.000000000 +0200
+++ new/openssh-5.5p1/openbsd-compat/bsd-arc4random.c 2010-03-25 22:52:02.000000000 +0100
@@ -84,7 +84,7 @@
}
#endif /* !HAVE_ARC4RANDOM */
-#ifndef ARC4RANDOM_BUF
+#ifndef HAVE_ARC4RANDOM_BUF
void
arc4random_buf(void *_buf, size_t n)
{
@@ -102,7 +102,7 @@
}
#endif /* !HAVE_ARC4RANDOM_BUF */
-#ifndef ARC4RANDOM_UNIFORM
+#ifndef HAVE_ARC4RANDOM_UNIFORM
/*
* Calculate a uniformly distributed random number less than upper_bound
* avoiding "modulo bias".
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/scp.0 new/openssh-5.5p1/scp.0
--- old/openssh-5.4p1/scp.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/scp.0 2010-04-16 02:17:11.000000000 +0200
@@ -145,4 +145,4 @@
Timo Rinne
Tatu Ylonen
-OpenBSD 4.6 February 8, 2010 3
+OpenBSD 4.7 February 8, 2010 3
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/servconf.c new/openssh-5.5p1/servconf.c
--- old/openssh-5.4p1/servconf.c 2010-03-04 11:53:35.000000000 +0100
+++ new/openssh-5.5p1/servconf.c 2010-03-26 00:40:04.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: servconf.c,v 1.204 2010/03/04 10:36:03 djm Exp $ */
+/* $OpenBSD: servconf.c,v 1.207 2010/03/25 23:38:28 djm Exp $ */
/*
* Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
* All rights reserved
@@ -470,15 +470,14 @@
char *
derelativise_path(const char *path)
{
- char *expanded, *ret, *cwd;
+ char *expanded, *ret, cwd[MAXPATHLEN];
expanded = tilde_expand_filename(path, getuid());
if (*expanded == '/')
return expanded;
- if ((cwd = getcwd(NULL, 0)) == NULL)
+ if (getcwd(cwd, sizeof(cwd)) == NULL)
fatal("%s: getcwd: %s", __func__, strerror(errno));
xasprintf(&ret, "%s/%s", cwd, expanded);
- xfree(cwd);
xfree(expanded);
return ret;
}
@@ -1223,7 +1222,17 @@
charptr = (opcode == sAuthorizedKeysFile) ?
&options->authorized_keys_file :
&options->authorized_keys_file2;
- goto parse_filename;
+ arg = strdelim(&cp);
+ if (!arg || *arg == '\0')
+ fatal("%s line %d: missing file name.",
+ filename, linenum);
+ if (*activep && *charptr == NULL) {
+ *charptr = tilde_expand_filename(arg, getuid());
+ /* increase optional counter */
+ if (intptr != NULL)
+ *intptr = *intptr + 1;
+ }
+ break;
case sClientAliveInterval:
intptr = &options->client_alive_interval;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/session.c new/openssh-5.5p1/session.c
--- old/openssh-5.4p1/session.c 2010-03-07 13:05:17.000000000 +0100
+++ new/openssh-5.5p1/session.c 2010-03-26 01:04:09.000000000 +0100
@@ -1551,6 +1551,10 @@
}
#endif /* HAVE_SETPCRED */
+#ifdef WITH_SELINUX
+ ssh_selinux_setup_exec_context(pw->pw_name);
+#endif
+
if (options.chroot_directory != NULL &&
strcasecmp(options.chroot_directory, "none") != 0) {
tmp = tilde_expand_filename(options.chroot_directory,
@@ -1575,10 +1579,6 @@
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
-
-#ifdef WITH_SELINUX
- ssh_selinux_setup_exec_context(pw->pw_name);
-#endif
}
static void
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/sftp-server.0 new/openssh-5.5p1/sftp-server.0
--- old/openssh-5.4p1/sftp-server.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/sftp-server.0 2010-04-16 02:17:12.000000000 +0200
@@ -60,4 +60,4 @@
AUTHORS
Markus Friedl
-OpenBSD 4.6 January 9, 2010 1
+OpenBSD 4.7 January 9, 2010 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/sftp.0 new/openssh-5.5p1/sftp.0
--- old/openssh-5.4p1/sftp.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/sftp.0 2010-04-16 02:17:12.000000000 +0200
@@ -316,4 +316,4 @@
T. Ylonen and S. Lehtinen, SSH File Transfer Protocol, draft-ietf-secsh-
filexfer-00.txt, January 2001, work in progress material.
-OpenBSD 4.6 February 8, 2010 5
+OpenBSD 4.7 February 8, 2010 5
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh-add.0 new/openssh-5.5p1/ssh-add.0
--- old/openssh-5.4p1/ssh-add.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/ssh-add.0 2010-04-16 02:17:11.000000000 +0200
@@ -106,4 +106,4 @@
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.6 March 5, 2010 2
+OpenBSD 4.7 March 5, 2010 2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh-agent.0 new/openssh-5.5p1/ssh-agent.0
--- old/openssh-5.4p1/ssh-agent.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/ssh-agent.0 2010-04-16 02:17:11.000000000 +0200
@@ -115,4 +115,4 @@
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.6 January 17, 2010 2
+OpenBSD 4.7 January 17, 2010 2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh-keygen.0 new/openssh-5.5p1/ssh-keygen.0
--- old/openssh-5.4p1/ssh-keygen.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/ssh-keygen.0 2010-04-16 02:17:11.000000000 +0200
@@ -165,8 +165,14 @@
section for details. The constraints that are valid for user
certificates are:
- no-x11-forwarding
- Disable X11 forwarding (permitted by default).
+ clear Clear all enabled permissions. This is useful for clear-
+ ing the default set of permissions so permissions may be
+ added individually.
+
+ force-command=command
+ Forces the execution of command instead of any shell or
+ command specified by the user when the certificate is
+ used for authentication.
no-agent-forwarding
Disable ssh-agent(1) forwarding (permitted by default).
@@ -180,12 +186,8 @@
Disable execution of ~/.ssh/rc by sshd(8) (permitted by
default).
- clear Clear all enabled permissions. This is useful for clear-
- ing the default set of permissions so permissions may be
- added individually.
-
- permit-x11-forwarding
- Allows X11 forwarding.
+ no-x11-forwarding
+ Disable X11 forwarding (permitted by default).
permit-agent-forwarding
Allows ssh-agent(1) forwarding.
@@ -199,16 +201,14 @@
permit-user-rc
Allows execution of ~/.ssh/rc by sshd(8).
- force-command=command
- Forces the execution of command instead of any shell or
- command specified by the user when the certificate is
- used for authentication.
+ permit-x11-forwarding
+ Allows X11 forwarding.
source-address=address_list
Restrict the source addresses from which the certificate
- is considered valid from. The address_list is a comma-
- separated list of one or more address/netmask pairs in
- CIDR format.
+ is considered valid. The address_list is a comma-sepa-
+ rated list of one or more address/netmask pairs in CIDR
+ format.
At present, no constraints are valid for host keys.
@@ -257,9 +257,9 @@
in YYYYMMDD format, a time in YYYYMMDDHHMMSS format or a relative
time (to the current time) consisting of a minus sign followed by
a relative time in the format described in the TIME FORMATS sec-
- tion of ssh_config(5). The end time may be specified as a YYYYM-
- MDD date, a YYYYMMDDHHMMSS time or a relative time starting with
- a plus character.
+ tion of sshd_config(5). The end time may be specified as a
+ YYYYMMDD date, a YYYYMMDDHHMMSS time or a relative time starting
+ with a plus character.
For example: ``+52w1d'' (valid from now to 52 weeks and one day
from now), ``-4w:+4w'' (valid from four weeks ago to four weeks
@@ -329,12 +329,12 @@
$ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
- The resultant certificate will be placed in /path/to/user_key_cert.pub.
+ The resultant certificate will be placed in /path/to/user_key-cert.pub.
A host certificate requires the -h option:
$ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
- The host certificate will be output to /path/to/host_key_cert.pub. In
+ The host certificate will be output to /path/to/host_key-cert.pub. In
both cases, key_id is a "key identifier" that is logged by the server
when the certificate is used for authentication.
@@ -344,7 +344,7 @@
pals:
$ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
- $ ssh-keygen -s ca_key -I key_id -h -n host.domain $0
+ $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub
Additional limitations on the validity and use of user certificates may
be specified through certificate constraints. A constrained certificate
@@ -431,4 +431,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.6 March 8, 2010 7
+OpenBSD 4.7 March 13, 2010 7
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh-keygen.1 new/openssh-5.5p1/ssh-keygen.1
--- old/openssh-5.4p1/ssh-keygen.1 2010-03-08 01:30:28.000000000 +0100
+++ new/openssh-5.5p1/ssh-keygen.1 2010-03-21 19:57:49.000000000 +0100
@@ -1,4 +1,4 @@
-.\" $OpenBSD: ssh-keygen.1,v 1.88 2010/03/08 00:28:55 djm Exp $
+.\" $OpenBSD: ssh-keygen.1,v 1.92 2010/03/13 23:38:13 jmc Exp $
.\"
.\" -*- nroff -*-
.\"
@@ -37,7 +37,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.Dd $Mdocdate: March 8 2010 $
+.Dd $Mdocdate: March 13 2010 $
.Dt SSH-KEYGEN 1
.Os
.Sh NAME
@@ -307,8 +307,15 @@
section for details.
The constraints that are valid for user certificates are:
.Bl -tag -width Ds
-.It Ic no-x11-forwarding
-Disable X11 forwarding (permitted by default).
+.It Ic clear
+Clear all enabled permissions.
+This is useful for clearing the default set of permissions so permissions may
+be added individually.
+.It Ic force-command Ns = Ns Ar command
+Forces the execution of
+.Ar command
+instead of any shell or command specified by the user when
+the certificate is used for authentication.
.It Ic no-agent-forwarding
Disable
.Xr ssh-agent 1
@@ -323,12 +330,8 @@
by
.Xr sshd 8
(permitted by default).
-.It Ic clear
-Clear all enabled permissions.
-This is useful for clearing the default set of permissions so permissions may
-be added individually.
-.It Ic permit-x11-forwarding
-Allows X11 forwarding.
+.It Ic no-x11-forwarding
+Disable X11 forwarding (permitted by default).
.It Ic permit-agent-forwarding
Allows
.Xr ssh-agent 1
@@ -342,14 +345,10 @@
.Pa ~/.ssh/rc
by
.Xr sshd 8 .
-.It Ic force-command=command
-Forces the execution of
-.Ar command
-instead of any shell or command specified by the user when
-the certificate is used for authentication.
-.It Ic source-address=address_list
-Restrict the source addresses from which the certificate is considered valid
-from.
+.It Ic permit-x11-forwarding
+Allows X11 forwarding.
+.It Ic source-address Ns = Ns Ar address_list
+Restrict the source addresses from which the certificate is considered valid.
The
.Ar address_list
is a comma-separated list of one or more address/netmask pairs in CIDR
@@ -414,7 +413,7 @@
of a minus sign followed by a relative time in the format described in the
.Sx TIME FORMATS
section of
-.Xr ssh_config 5 .
+.Xr sshd_config 5 .
The end time may be specified as a YYYYMMDD date, a YYYYMMDDHHMMSS time or
a relative time starting with a plus character.
.Pp
@@ -519,7 +518,7 @@
.Dl $ ssh-keygen -s /path/to/ca_key -I key_id /path/to/user_key.pub
.Pp
The resultant certificate will be placed in
-.Pa /path/to/user_key_cert.pub .
+.Pa /path/to/user_key-cert.pub .
A host certificate requires the
.Fl h
option:
@@ -527,7 +526,7 @@
.Dl $ ssh-keygen -s /path/to/ca_key -I key_id -h /path/to/host_key.pub
.Pp
The host certificate will be output to
-.Pa /path/to/host_key_cert.pub .
+.Pa /path/to/host_key-cert.pub .
In both cases,
.Ar key_id
is a "key identifier" that is logged by the server when the certificate
@@ -539,7 +538,7 @@
To generate a certificate for a specified set of principals:
.Pp
.Dl $ ssh-keygen -s ca_key -I key_id -n user1,user2 user_key.pub
-.Dl $ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub
+.Dl "$ ssh-keygen -s ca_key -I key_id -h -n host.domain user_key.pub"
.Pp
Additional limitations on the validity and use of user certificates may
be specified through certificate constraints.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh-keygen.c new/openssh-5.5p1/ssh-keygen.c
--- old/openssh-5.4p1/ssh-keygen.c 2010-03-07 23:24:11.000000000 +0100
+++ new/openssh-5.5p1/ssh-keygen.c 2010-03-21 19:58:24.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.184 2010/03/07 22:16:01 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.185 2010/03/15 19:40:02 stevesk Exp $ */
/*
* Author: Tatu Ylonen
* Copyright (c) 1994 Tatu Ylonen , Espoo, Finland
@@ -1393,7 +1393,8 @@
SSH_FP_MD5, SSH_FP_HEX);
printf("%s:\n", identity_file);
- printf(" %s certificate %s\n", key_type(key), key_fp);
+ printf(" %s %s certificate %s\n", key_type(key),
+ key_cert_type(key), key_fp);
printf(" Signed by %s CA %s\n",
key_type(key->cert->signature_key), ca_fp);
printf(" Key ID \"%s\"\n", key->cert->key_id);
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh-keyscan.0 new/openssh-5.5p1/ssh-keyscan.0
--- old/openssh-5.4p1/ssh-keyscan.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/ssh-keyscan.0 2010-04-16 02:17:11.000000000 +0200
@@ -104,4 +104,4 @@
This is because it opens a connection to the ssh port, reads the public
key, and drops the connection as soon as it gets the key.
-OpenBSD 4.6 January 9, 2010 2
+OpenBSD 4.7 January 9, 2010 2
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh-keysign.0 new/openssh-5.5p1/ssh-keysign.0
--- old/openssh-5.4p1/ssh-keysign.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/ssh-keysign.0 2010-04-16 02:17:12.000000000 +0200
@@ -39,4 +39,4 @@
AUTHORS
Markus Friedl
-OpenBSD 4.6 May 31, 2007 1
+OpenBSD 4.7 May 31, 2007 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh-pkcs11-helper.0 new/openssh-5.5p1/ssh-pkcs11-helper.0
--- old/openssh-5.4p1/ssh-pkcs11-helper.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/ssh-pkcs11-helper.0 2010-04-16 02:17:12.000000000 +0200
@@ -22,4 +22,4 @@
AUTHORS
Markus Friedl
-OpenBSD 4.6 February 10, 2010 1
+OpenBSD 4.7 February 10, 2010 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh-pkcs11-helper.c new/openssh-5.5p1/ssh-pkcs11-helper.c
--- old/openssh-5.4p1/ssh-pkcs11-helper.c 2010-02-28 23:51:56.000000000 +0100
+++ new/openssh-5.5p1/ssh-pkcs11-helper.c 2010-03-13 22:37:49.000000000 +0100
@@ -17,8 +17,6 @@
#include "includes.h"
-#ifdef ENABLE_PKCS11
-
#include
#ifdef HAVE_SYS_TIME_H
# include
@@ -39,6 +37,8 @@
#include "authfd.h"
#include "ssh-pkcs11.h"
+#ifdef ENABLE_PKCS11
+
/* borrows code from sftp-server and ssh-agent */
struct pkcs11_keyinfo {
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh-rand-helper.0 new/openssh-5.5p1/ssh-rand-helper.0
--- old/openssh-5.4p1/ssh-rand-helper.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/ssh-rand-helper.0 2010-04-16 02:17:12.000000000 +0200
@@ -48,4 +48,4 @@
SEE ALSO
ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
-OpenBSD 4.6 April 14, 2002 1
+OpenBSD 4.7 April 14, 2002 1
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh.0 new/openssh-5.5p1/ssh.0
--- old/openssh-5.4p1/ssh.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/ssh.0 2010-04-16 02:17:11.000000000 +0200
@@ -308,9 +308,10 @@
allocated on the server and reported to the client at run time.
-S ctl_path
- Specifies the location of a control socket for connection shar-
- ing. Refer to the description of ControlPath and ControlMaster
- in ssh_config(5) for details.
+ Specifies the location of a control socket for connection sharing
+ or the string ``none'' to disable connection sharing. Refer to
+ the description of ControlPath and ControlMaster in ssh_config(5)
+ for details.
-s May be used to request invocation of a subsystem on the remote
system. Subsystems are a feature of the SSH2 protocol which fa-
@@ -876,4 +877,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.6 March 5, 2010 14
+OpenBSD 4.7 March 26, 2010 14
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh.1 new/openssh-5.5p1/ssh.1
--- old/openssh-5.4p1/ssh.1 2010-03-05 11:31:12.000000000 +0100
+++ new/openssh-5.5p1/ssh.1 2010-03-26 01:28:35.000000000 +0100
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh.1,v 1.302 2010/03/05 10:28:21 djm Exp $
-.Dd $Mdocdate: March 5 2010 $
+.\" $OpenBSD: ssh.1,v 1.303 2010/03/26 00:26:58 djm Exp $
+.Dd $Mdocdate: March 26 2010 $
.Dt SSH 1
.Os
.Sh NAME
@@ -558,7 +558,10 @@
the listen port will be dynamically allocated on the server and reported
to the client at run time.
.It Fl S Ar ctl_path
-Specifies the location of a control socket for connection sharing.
+Specifies the location of a control socket for connection sharing
+or the string
+.Dq none
+to disable connection sharing.
Refer to the description of
.Cm ControlPath
and
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh_config.0 new/openssh-5.5p1/ssh_config.0
--- old/openssh-5.4p1/ssh_config.0 2010-03-08 01:31:00.000000000 +0100
+++ new/openssh-5.5p1/ssh_config.0 2010-04-16 02:17:12.000000000 +0200
@@ -425,8 +425,8 @@
Specifies the order in which the client should try protocol 2 au-
thentication methods. This allows a client to prefer one method
(e.g. keyboard-interactive) over another method (e.g. password)
- The default for this option is: ``gssapi-with-mic,hostbased,
- publickey, keyboard-interactive, password''.
+ The default for this option is: ``gssapi-with-
+ mic,hostbased,publickey,keyboard-interactive,password''.
Protocol
Specifies the protocol versions ssh(1) should support in order of
@@ -673,4 +673,4 @@
ated OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.6 March 5, 2010 11
+OpenBSD 4.7 March 26, 2010 11
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/ssh_config.5 new/openssh-5.5p1/ssh_config.5
--- old/openssh-5.4p1/ssh_config.5 2010-03-05 11:31:12.000000000 +0100
+++ new/openssh-5.5p1/ssh_config.5 2010-03-26 02:09:13.000000000 +0100
@@ -34,8 +34,8 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: ssh_config.5,v 1.129 2010/03/05 10:28:21 djm Exp $
-.Dd $Mdocdate: March 5 2010 $
+.\" $OpenBSD: ssh_config.5,v 1.130 2010/03/26 01:06:13 dtucker Exp $
+.Dd $Mdocdate: March 26 2010 $
.Dt SSH_CONFIG 5
.Os
.Sh NAME
@@ -734,11 +734,7 @@
over another method (e.g.\&
.Cm password )
The default for this option is:
-.Do gssapi-with-mic ,
-hostbased,
-publickey,
-keyboard-interactive,
-password
+.Do gssapi-with-mic,hostbased,publickey,keyboard-interactive,password
.Dc .
.It Cm Protocol
Specifies the protocol versions
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/sshd.0 new/openssh-5.5p1/sshd.0
--- old/openssh-5.4p1/sshd.0 2010-03-08 01:30:59.000000000 +0100
+++ new/openssh-5.5p1/sshd.0 2010-04-16 02:17:11.000000000 +0200
@@ -614,4 +614,4 @@
System security is not improved unless rshd, rlogind, and rexecd are dis-
abled (thus completely disabling rlogin and rsh into the machine).
-OpenBSD 4.6 March 5, 2010 10
+OpenBSD 4.7 March 5, 2010 10
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/sshd_config.0 new/openssh-5.5p1/sshd_config.0
--- old/openssh-5.4p1/sshd_config.0 2010-03-08 01:31:00.000000000 +0100
+++ new/openssh-5.5p1/sshd_config.0 2010-04-16 02:17:12.000000000 +0200
@@ -656,4 +656,4 @@
versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
for privilege separation.
-OpenBSD 4.6 March 4, 2010 10
+OpenBSD 4.7 March 4, 2010 10
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' --exclude Makefile.in --exclude configure --exclude config.guess --exclude '*.pot' --exclude mkinstalldirs --exclude aclocal.m4 --exclude config.sub --exclude depcomp --exclude install-sh --exclude ltmain.sh old/openssh-5.4p1/version.h new/openssh-5.5p1/version.h
--- old/openssh-5.4p1/version.h 2010-03-07 23:03:34.000000000 +0100
+++ new/openssh-5.5p1/version.h 2010-03-21 19:59:22.000000000 +0100
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.57 2010/03/07 22:01:32 djm Exp $ */
+/* $OpenBSD: version.h,v 1.58 2010/03/16 16:36:49 djm Exp $ */
-#define SSH_VERSION "OpenSSH_5.4"
+#define SSH_VERSION "OpenSSH_5.5"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org