Hello community,
here is the log from the commit of package openssh for openSUSE:Factory
checked in at Mon Feb 7 22:10:28 CET 2011.
--------
--- openssh/openssh-askpass-gnome.changes 2011-01-25 12:04:54.000000000 +0100
+++ /mounts/work_src_done/STABLE/openssh/openssh-askpass-gnome.changes 2011-02-04 13:08:13.000000000 +0100
@@ -1,0 +2,5 @@
+Fri Feb 4 11:19:14 UTC 2011 - lchiquitto@novell.com
+
+- Update to 5.8p1
+
+-------------------------------------------------------------------
--- openssh/openssh.changes 2011-01-25 11:29:04.000000000 +0100
+++ /mounts/work_src_done/STABLE/openssh/openssh.changes 2011-02-04 13:08:17.000000000 +0100
@@ -1,0 +2,17 @@
+Fri Feb 4 11:19:25 UTC 2011 - lchiquitto@novell.com
+
+- Update to 5.8p1
+ * Fix vulnerability in legacy certificate signing introduced in
+ OpenSSH-5.6 and found by Mateusz Kocielski.
+ * Fix compilation failure when enableing SELinux support.
+ * Do not attempt to call SELinux functions when SELinux is
+ disabled.
+- Remove patch that is now upstream:
+ * openssh-5.7p1-selinux.diff
+
+-------------------------------------------------------------------
+Thu Feb 3 16:42:01 UTC 2011 - pcerny@novell.com
+
+- specfile/patches cleanup
+
+-------------------------------------------------------------------
calling whatdependson for head-i586
Old:
----
openssh-5.7p1-askpass-fix.diff
openssh-5.7p1-audit.patch
openssh-5.7p1-blocksigalrm.diff
openssh-5.7p1-default-protocol.diff
openssh-5.7p1-eal3.diff
openssh-5.7p1-engines.diff
openssh-5.7p1-gssapimitm.patch
openssh-5.7p1-homechroot.patch
openssh-5.7p1-host_ident.diff
openssh-5.7p1-pam-fix2.diff
openssh-5.7p1-pam-fix3.diff
openssh-5.7p1-pts.diff
openssh-5.7p1-saveargv-fix.diff
openssh-5.7p1-selinux.diff
openssh-5.7p1-send_locale.diff
openssh-5.7p1-sshconfig-knownhostschanges.diff
openssh-5.7p1-xauth.diff
openssh-5.7p1-xauthlocalhostname.diff
openssh-5.7p1.dif
openssh-5.7p1.tar.bz2
New:
----
openssh-5.8p1-askpass-fix.diff
openssh-5.8p1-audit.patch
openssh-5.8p1-blocksigalrm.diff
openssh-5.8p1-default-protocol.diff
openssh-5.8p1-eal3.diff
openssh-5.8p1-engines.diff
openssh-5.8p1-gssapimitm.patch
openssh-5.8p1-homechroot.patch
openssh-5.8p1-host_ident.diff
openssh-5.8p1-pam-fix2.diff
openssh-5.8p1-pam-fix3.diff
openssh-5.8p1-pts.diff
openssh-5.8p1-saveargv-fix.diff
openssh-5.8p1-send_locale.diff
openssh-5.8p1-sshconfig-knownhostschanges.diff
openssh-5.8p1-sshd_config.diff
openssh-5.8p1-syntax-error.diff
openssh-5.8p1-xauth.diff
openssh-5.8p1-xauthlocalhostname.diff
openssh-5.8p1.tar.bz2
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ openssh-askpass-gnome.spec ++++++
--- /var/tmp/diff_new_pack.c22bfx/_old 2011-02-07 22:09:41.000000000 +0100
+++ /var/tmp/diff_new_pack.c22bfx/_new 2011-02-07 22:09:41.000000000 +0100
@@ -22,7 +22,7 @@
BuildRequires: gtk2-devel krb5-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files
License: BSD3c(or similar)
Group: Productivity/Networking/SSH
-Version: 5.7p1
+Version: 5.8p1
Release: 1
Requires: openssh = %{version} openssh-askpass = %{version}
AutoReqProv: on
@@ -30,7 +30,7 @@
Url: http://www.openssh.com/
%define _name openssh
Source: %{_name}-%{version}.tar.bz2
-Patch: %{_name}-%{version}.dif
+Patch: %{_name}-%{version}-sshd_config.diff
Patch1: %{_name}-%{version}-pam-fix2.diff
Patch2: %{_name}-%{version}-saveargv-fix.diff
Patch3: %{_name}-%{version}-pam-fix3.diff
++++++ openssh.spec ++++++
--- /var/tmp/diff_new_pack.c22bfx/_old 2011-02-07 22:09:41.000000000 +0100
+++ /var/tmp/diff_new_pack.c22bfx/_new 2011-02-07 22:09:41.000000000 +0100
@@ -29,7 +29,7 @@
PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils
Conflicts: nonfreessh
AutoReqProv: on
-Version: 5.7p1
+Version: 5.8p1
Release: 1
%define xversion 1.2.4.1
Summary: Secure Shell Client and Server (Remote Login Program)
@@ -44,7 +44,7 @@
Source7: ssh.reg
Source8: ssh-askpass
Source9: sshd.fw
-Patch: %{name}-%{version}.dif
+Patch: %{name}-%{version}-sshd_config.diff
Patch1: %{name}-%{version}-askpass-fix.diff
Patch2: %{name}-%{version}-pam-fix2.diff
Patch3: %{name}-%{version}-saveargv-fix.diff
@@ -62,7 +62,7 @@
Patch17: %{name}-%{version}-homechroot.patch
Patch18: %{name}-%{version}-sshconfig-knownhostschanges.diff
Patch19: %{name}-%{version}-host_ident.diff
-Patch20: %{name}-%{version}-selinux.diff
+Patch20: %{name}-%{version}-syntax-error.diff
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%package askpass
++++++ openssh-5.7p1-askpass-fix.diff -> openssh-5.8p1-askpass-fix.diff ++++++
++++++ openssh-5.7p1-audit.patch -> openssh-5.8p1-audit.patch ++++++
--- openssh/openssh-5.7p1-audit.patch 2011-01-24 12:48:01.000000000 +0100
+++ /mounts/work_src_done/STABLE/openssh/openssh-5.8p1-audit.patch 2011-02-04 13:07:40.000000000 +0100
@@ -1,19 +1,19 @@
# add support for Linux audit (FATE #120269)
================================================================================
-Index: openssh-5.7p1/Makefile.in
+Index: openssh-5.8p1/Makefile.in
===================================================================
---- openssh-5.7p1.orig/Makefile.in
-+++ openssh-5.7p1/Makefile.in
-@@ -46,6 +46,7 @@ LD=@LD@
- CFLAGS=@CFLAGS@
+--- openssh-5.8p1.orig/Makefile.in
++++ openssh-5.8p1/Makefile.in
+@@ -47,6 +47,7 @@ CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
+ SSHLIBS=@SSHLIBS@
+LIBAUDIT=@LIBAUDIT@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
AR=@AR@
-@@ -145,7 +146,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS
- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+@@ -146,7 +147,7 @@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SS
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
@@ -21,10 +21,10 @@
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-Index: openssh-5.7p1/auth.c
+Index: openssh-5.8p1/auth.c
===================================================================
---- openssh-5.7p1.orig/auth.c
-+++ openssh-5.7p1/auth.c
+--- openssh-5.8p1.orig/auth.c
++++ openssh-5.8p1/auth.c
@@ -293,6 +293,12 @@ auth_log(Authctxt *authctxt, int authent
get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
# endif
@@ -49,10 +49,10 @@
#ifdef SSH_AUDIT_EVENTS
audit_event(SSH_INVALID_USER);
#endif /* SSH_AUDIT_EVENTS */
-Index: openssh-5.7p1/config.h.in
+Index: openssh-5.8p1/config.h.in
===================================================================
---- openssh-5.7p1.orig/config.h.in
-+++ openssh-5.7p1/config.h.in
+--- openssh-5.8p1.orig/config.h.in
++++ openssh-5.8p1/config.h.in
@@ -1460,6 +1460,9 @@
/* Define if you want SELinux support. */
#undef WITH_SELINUX
@@ -63,13 +63,13 @@
/* Define to 1 if your processor stores words with the most significant byte
first (like Motorola and SPARC, unlike Intel and VAX). */
#undef WORDS_BIGENDIAN
-Index: openssh-5.7p1/configure.ac
+Index: openssh-5.8p1/configure.ac
===================================================================
---- openssh-5.7p1.orig/configure.ac
-+++ openssh-5.7p1/configure.ac
-@@ -3521,6 +3521,20 @@ AC_ARG_WITH(selinux,
- fi ]
- )
+--- openssh-5.8p1.orig/configure.ac
++++ openssh-5.8p1/configure.ac
+@@ -3522,6 +3522,20 @@ AC_ARG_WITH(selinux,
+ AC_SUBST(SSHLIBS)
+ AC_SUBST(SSHDLIBS)
+# Check whether user wants Linux audit support
+LINUX_AUDIT_MSG="no"
@@ -88,7 +88,7 @@
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
-@@ -4315,6 +4329,7 @@ echo " PAM support
+@@ -4316,6 +4330,7 @@ echo " PAM support
echo " OSF SIA support: $SIA_MSG"
echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG"
@@ -96,10 +96,10 @@
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
-Index: openssh-5.7p1/loginrec.c
+Index: openssh-5.8p1/loginrec.c
===================================================================
---- openssh-5.7p1.orig/loginrec.c
-+++ openssh-5.7p1/loginrec.c
+--- openssh-5.8p1.orig/loginrec.c
++++ openssh-5.8p1/loginrec.c
@@ -176,6 +176,10 @@
#include "auth.h"
#include "buffer.h"
@@ -220,10 +220,10 @@
/**
** Low-level libutil login() functions
**/
-Index: openssh-5.7p1/loginrec.h
+Index: openssh-5.8p1/loginrec.h
===================================================================
---- openssh-5.7p1.orig/loginrec.h
-+++ openssh-5.7p1/loginrec.h
+--- openssh-5.8p1.orig/loginrec.h
++++ openssh-5.8p1/loginrec.h
@@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch
char *line_abbrevname(char *dst, const char *src, int dstsize);
++++++ openssh-5.7p1-blocksigalrm.diff -> openssh-5.8p1-blocksigalrm.diff ++++++
++++++ openssh-5.7p1-default-protocol.diff -> openssh-5.8p1-default-protocol.diff ++++++
++++++ openssh-5.7p1-eal3.diff -> openssh-5.8p1-eal3.diff ++++++
--- openssh/openssh-5.7p1-eal3.diff 2011-01-24 12:48:04.000000000 +0100
+++ /mounts/work_src_done/STABLE/openssh/openssh-5.8p1-eal3.diff 2011-02-04 13:07:43.000000000 +0100
@@ -1,7 +1,7 @@
-Index: openssh-5.7p1/sshd.8
+Index: openssh-5.8p1/sshd.8
===================================================================
---- openssh-5.7p1.orig/sshd.8
-+++ openssh-5.7p1/sshd.8
+--- openssh-5.8p1.orig/sshd.8
++++ openssh-5.8p1/sshd.8
@@ -855,7 +855,7 @@ Contains Diffie-Hellman groups used for
The file format is described in
.Xr moduli 5 .
@@ -30,10 +30,10 @@
.Xr sshd_config 5 ,
.Xr inetd 8 ,
.Xr sftp-server 8
-Index: openssh-5.7p1/sshd_config.5
+Index: openssh-5.8p1/sshd_config.5
===================================================================
---- openssh-5.7p1.orig/sshd_config.5
-+++ openssh-5.7p1/sshd_config.5
+--- openssh-5.8p1.orig/sshd_config.5
++++ openssh-5.8p1/sshd_config.5
@@ -497,7 +497,7 @@ or
.Pp
.Pa /etc/hosts.equiv
++++++ openssh-5.7p1-engines.diff -> openssh-5.8p1-engines.diff ++++++
--- openssh/openssh-5.7p1-engines.diff 2011-01-24 12:48:05.000000000 +0100
+++ /mounts/work_src_done/STABLE/openssh/openssh-5.8p1-engines.diff 2011-02-04 13:07:44.000000000 +0100
@@ -1,7 +1,7 @@
-Index: openssh-5.7p1/ssh-add.c
+Index: openssh-5.8p1/ssh-add.c
===================================================================
---- openssh-5.7p1.orig/ssh-add.c
-+++ openssh-5.7p1/ssh-add.c
+--- openssh-5.8p1.orig/ssh-add.c
++++ openssh-5.8p1/ssh-add.c
@@ -43,6 +43,7 @@
#include
@@ -21,10 +21,10 @@
/* At first, get a connection to the authentication agent. */
ac = ssh_get_authentication_connection();
if (ac == NULL) {
-Index: openssh-5.7p1/ssh-agent.c
+Index: openssh-5.8p1/ssh-agent.c
===================================================================
---- openssh-5.7p1.orig/ssh-agent.c
-+++ openssh-5.7p1/ssh-agent.c
+--- openssh-5.8p1.orig/ssh-agent.c
++++ openssh-5.8p1/ssh-agent.c
@@ -52,6 +52,7 @@
#include
#include
@@ -44,10 +44,10 @@
__progname = ssh_get_progname(av[0]);
init_rng();
seed_rng();
-Index: openssh-5.7p1/ssh-keygen.c
+Index: openssh-5.8p1/ssh-keygen.c
===================================================================
---- openssh-5.7p1.orig/ssh-keygen.c
-+++ openssh-5.7p1/ssh-keygen.c
+--- openssh-5.8p1.orig/ssh-keygen.c
++++ openssh-5.8p1/ssh-keygen.c
@@ -22,6 +22,7 @@
#include
#include
@@ -68,10 +68,10 @@
log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1);
init_rng();
-Index: openssh-5.7p1/ssh-keysign.c
+Index: openssh-5.8p1/ssh-keysign.c
===================================================================
---- openssh-5.7p1.orig/ssh-keysign.c
-+++ openssh-5.7p1/ssh-keysign.c
+--- openssh-5.8p1.orig/ssh-keysign.c
++++ openssh-5.8p1/ssh-keysign.c
@@ -38,6 +38,7 @@
#include
#include
@@ -92,10 +92,10 @@
for (i = 0; i < 256; i++)
rnd[i] = arc4random();
RAND_seed(rnd, sizeof(rnd));
-Index: openssh-5.7p1/ssh.c
+Index: openssh-5.8p1/ssh.c
===================================================================
---- openssh-5.7p1.orig/ssh.c
-+++ openssh-5.7p1/ssh.c
+--- openssh-5.8p1.orig/ssh.c
++++ openssh-5.8p1/ssh.c
@@ -75,6 +75,7 @@
#include
#include "openbsd-compat/openssl-compat.h"
@@ -115,10 +115,10 @@
/* Initialize the command to execute on remote host. */
buffer_init(&command);
-Index: openssh-5.7p1/sshd.c
+Index: openssh-5.8p1/sshd.c
===================================================================
---- openssh-5.7p1.orig/sshd.c
-+++ openssh-5.7p1/sshd.c
+--- openssh-5.8p1.orig/sshd.c
++++ openssh-5.8p1/sshd.c
@@ -77,6 +77,7 @@
#include
#include
++++++ openssh-5.7p1-gssapimitm.patch -> openssh-5.8p1-gssapimitm.patch ++++++
++++++ openssh-5.7p1-homechroot.patch -> openssh-5.8p1-homechroot.patch ++++++
++++++ openssh-5.7p1-host_ident.diff -> openssh-5.8p1-host_ident.diff ++++++
++++++ openssh-5.7p1-pam-fix2.diff -> openssh-5.8p1-pam-fix2.diff ++++++
++++++ openssh-5.7p1-pam-fix2.diff -> openssh-5.8p1-pam-fix3.diff ++++++
--- openssh/openssh-5.7p1-pam-fix2.diff 2011-01-24 12:48:11.000000000 +0100
+++ /mounts/work_src_done/STABLE/openssh/openssh-5.8p1-pam-fix3.diff 2011-02-04 13:07:50.000000000 +0100
@@ -1,22 +1,15 @@
-Index: sshd_config
+Index: auth-pam.c
===================================================================
---- sshd_config.orig
-+++ sshd_config
-@@ -57,7 +57,7 @@
- #IgnoreRhosts yes
-
- # To disable tunneled clear text passwords, change to no here!
--#PasswordAuthentication yes
-+PasswordAuthentication no
- #PermitEmptyPasswords no
-
- # Change to no to disable s/key passwords
-@@ -82,7 +82,7 @@
- # If you just want the PAM account and session checks to run without
- # PAM authentication, then enable this but set PasswordAuthentication
- # and ChallengeResponseAuthentication to 'no'.
--#UsePAM no
-+UsePAM yes
-
- #AllowAgentForwarding yes
- #AllowTcpForwarding yes
+--- auth-pam.c.orig
++++ auth-pam.c
+@@ -786,7 +786,9 @@ sshpam_query(void *ctx, char **name, cha
+ fatal("Internal error: PAM auth "
+ "succeeded when it should have "
+ "failed");
+- import_environments(&buffer);
++#ifndef USE_POSIX_THREADS
++ import_environments(&buffer);
++#endif
+ *num = 0;
+ **echo_on = 0;
+ ctxt->pam_done = 1;
++++++ openssh-5.7p1-pts.diff -> openssh-5.8p1-pts.diff ++++++
++++++ openssh-5.7p1-saveargv-fix.diff -> openssh-5.8p1-saveargv-fix.diff ++++++
++++++ openssh-5.7p1-send_locale.diff -> openssh-5.8p1-send_locale.diff ++++++
++++++ openssh-5.7p1-sshconfig-knownhostschanges.diff -> openssh-5.8p1-sshconfig-knownhostschanges.diff ++++++
++++++ openssh-5.8p1-sshd_config.diff ++++++
Index: ssh_config
===================================================================
--- ssh_config.orig
+++ ssh_config
@@ -17,9 +17,20 @@
# list of available options, their meanings and defaults, please see the
# ssh_config(5) man page.
-# Host *
+Host *
# ForwardAgent no
# ForwardX11 no
+
+# If you do not trust your remote host (or its administrator), you
+# should not forward X11 connections to your local X11-display for
+# security reasons: Someone stealing the authentification data on the
+# remote side (the "spoofed" X-server by the remote sshd) can read your
+# keystrokes as you type, just like any other X11 client could do.
+# Set this to "no" here for global effect or in your own ~/.ssh/config
+# file if you want to have the remote X11 authentification data to
+# expire after two minutes after remote login.
+ForwardX11Trusted yes
+
# RhostsRSAAuthentication no
# RSAAuthentication yes
# PasswordAuthentication yes
Index: sshd_config
===================================================================
--- sshd_config.orig
+++ sshd_config
@@ -87,7 +87,7 @@
#AllowAgentForwarding yes
#AllowTcpForwarding yes
#GatewayPorts no
-#X11Forwarding no
+X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
Index: sshlogin.c
===================================================================
--- sshlogin.c.orig
+++ sshlogin.c
@@ -133,6 +133,7 @@ record_login(pid_t pid, const char *tty,
li = login_alloc_entry(pid, user, host, tty);
login_set_addr(li, addr, addrlen);
+ li->uid=uid;
login_login(li);
login_free_entry(li);
}
++++++ openssh-5.8p1-syntax-error.diff ++++++
Index: openssh-5.8p1/openbsd-compat/port-linux.c
===================================================================
--- openssh-5.8p1.orig/openbsd-compat/port-linux.c
+++ openssh-5.8p1/openbsd-compat/port-linux.c
@@ -213,7 +213,7 @@ ssh_selinux_setfscreatecon(const char *p
if (!ssh_selinux_enabled())
return;
- if (path == NULL)
+ if (path == NULL) {
setfscreatecon(NULL);
return;
}
++++++ openssh-5.7p1-xauth.diff -> openssh-5.8p1-xauth.diff ++++++
--- openssh/openssh-5.7p1-xauth.diff 2011-01-24 12:48:17.000000000 +0100
+++ /mounts/work_src_done/STABLE/openssh/openssh-5.8p1-xauth.diff 2011-02-04 13:07:57.000000000 +0100
@@ -2,7 +2,7 @@
===================================================================
--- session.c.orig
+++ session.c
-@@ -2463,8 +2463,41 @@ void
+@@ -2463,8 +2463,40 @@ void
session_close(Session *s)
{
u_int i;
@@ -23,7 +23,7 @@
+ /* Remove authority data from .Xauthority if appropriate. */
+ debug("Running %.500s remove %.100s\n",
+ options.xauth_location, s->auth_display);
-+
++
+ snprintf(cmd, sizeof cmd, "unset XAUTHORITY && HOME=\"%.200s\" %s -q -",
+ s->pw->pw_dir, options.xauth_location);
+ f = popen(cmd, "w");
@@ -40,7 +40,6 @@
+ }
+ }
+
-+
if (s->ttyfd != -1)
session_pty_cleanup(s);
if (s->term)
++++++ openssh-5.7p1-xauthlocalhostname.diff -> openssh-5.8p1-xauthlocalhostname.diff ++++++
++++++ openssh-5.7p1.tar.bz2 -> openssh-5.8p1.tar.bz2 ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/ChangeLog new/openssh-5.8p1/ChangeLog
--- old/openssh-5.7p1/ChangeLog 2011-01-22 10:25:11.000000000 +0100
+++ new/openssh-5.8p1/ChangeLog 2011-02-04 01:57:48.000000000 +0100
@@ -1,3 +1,31 @@
+20110204
+ - OpenBSD CVS Sync
+ - djm@cvs.openbsd.org 2011/01/31 21:42:15
+ [PROTOCOL.mux]
+ cut'n'pasto; from bert.wesarg AT googlemail.com
+ - djm@cvs.openbsd.org 2011/02/04 00:44:21
+ [key.c]
+ fix uninitialised nonce variable; reported by Mateusz Kocielski
+ - djm@cvs.openbsd.org 2011/02/04 00:44:43
+ [version.h]
+ openssh-5.8
+ - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
+ [contrib/suse/openssh.spec] update versions in docs and spec files.
+ - Release OpenSSH 5.8p1
+
+20110128
+ - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
+ before attempting setfscreatecon(). Check whether matchpathcon()
+ succeeded before using its result. Patch from cjwatson AT debian.org;
+ bz#1851
+
+20110125
+ - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
+ openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
+ port-linux.c to avoid compilation errors. Add -lselinux to ssh when
+ building with SELinux support to avoid linking failure; report from
+ amk AT spamfence.net; ok dtucker
+
20110122
- (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
RSA_get_default_method() for the benefit of openssl versions that don't
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/Makefile.in new/openssh-5.8p1/Makefile.in
--- old/openssh-5.7p1/Makefile.in 2011-01-17 11:15:29.000000000 +0100
+++ new/openssh-5.8p1/Makefile.in 2011-02-04 01:42:13.000000000 +0100
@@ -1,4 +1,4 @@
-# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $
+# $Id: Makefile.in,v 1.320.4.1 2011/02/04 00:42:13 djm Exp $
# uncomment if you run a non bourne compatable shell. Ie. csh
#SHELL = @SH@
@@ -46,6 +46,7 @@
CFLAGS=@CFLAGS@
CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
LIBS=@LIBS@
+SSHLIBS=@SSHLIBS@
SSHDLIBS=@SSHDLIBS@
LIBEDIT=@LIBEDIT@
AR=@AR@
@@ -142,7 +143,7 @@
$(RANLIB) $@
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
- $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/PROTOCOL.mux new/openssh-5.8p1/PROTOCOL.mux
--- old/openssh-5.7p1/PROTOCOL.mux 2011-01-14 02:01:51.000000000 +0100
+++ new/openssh-5.8p1/PROTOCOL.mux 2011-02-04 01:48:14.000000000 +0100
@@ -122,7 +122,7 @@
Note: currently unimplemented (server will always reply with MUX_S_FAILURE).
-A client may request the master to establish a port forward:
+A client may request the master to close a port forward:
uint32 MUX_C_CLOSE_FWD
uint32 request id
@@ -200,4 +200,4 @@
XXX port0 rfwd (need custom response message)
XXX send signals via mux
-$OpenBSD: PROTOCOL.mux,v 1.3 2011/01/13 21:55:25 djm Exp $
+$OpenBSD: PROTOCOL.mux,v 1.4 2011/01/31 21:42:15 djm Exp $
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/README new/openssh-5.8p1/README
--- old/openssh-5.7p1/README 2011-01-22 10:23:12.000000000 +0100
+++ new/openssh-5.8p1/README 2011-02-04 01:57:50.000000000 +0100
@@ -1,4 +1,4 @@
-See http://www.openssh.com/txt/release-5.7 for the release notes.
+See http://www.openssh.com/txt/release-5.8 for the release notes.
- A Japanese translation of this document and of the OpenSSH FAQ is
- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -62,4 +62,4 @@
[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
[7] http://www.openssh.com/faq.html
-$Id: README,v 1.75 2011/01/22 09:23:12 djm Exp $
+$Id: README,v 1.75.4.1 2011/02/04 00:57:50 djm Exp $
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/configure new/openssh-5.8p1/configure
--- old/openssh-5.7p1/configure 2011-01-22 10:29:11.000000000 +0100
+++ new/openssh-5.8p1/configure 2011-02-04 02:00:01.000000000 +0100
@@ -1,5 +1,5 @@
#! /bin/sh
-# From configure.ac Revision: 1.469 .
+# From configure.ac Revision: 1.469.4.1 .
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.61 for OpenSSH Portable.
#
@@ -696,7 +696,6 @@
LOGIN_PROGRAM_FALLBACK
PATH_PASSWD_PROG
LD
-SSHDLIBS
PKGCONFIG
LIBEDIT
TEST_SSH_SHA256
@@ -721,6 +720,8 @@
PROG_IPCS
PROG_TAIL
INSTALL_SSH_PRNG_CMDS
+SSHLIBS
+SSHDLIBS
KRB5CONF
PRIVSEP_PATH
xauth_path
@@ -9047,7 +9048,6 @@
_ACEOF
SSHDLIBS="$SSHDLIBS -lcontract"
-
SPC_MSG="yes"
fi
@@ -9126,7 +9126,6 @@
_ACEOF
SSHDLIBS="$SSHDLIBS -lproject"
-
SP_MSG="yes"
fi
@@ -27806,6 +27805,7 @@
{ (exit 1); exit 1; }; }
fi
+ SSHLIBS="$SSHLIBS $LIBSELINUX"
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
@@ -27908,6 +27908,8 @@
fi
+
+
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
@@ -31416,7 +31418,6 @@
LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim
PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim
LD!$LD$ac_delim
-SSHDLIBS!$SSHDLIBS$ac_delim
PKGCONFIG!$PKGCONFIG$ac_delim
LIBEDIT!$LIBEDIT$ac_delim
TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim
@@ -31433,6 +31434,7 @@
PROG_SAR!$PROG_SAR$ac_delim
PROG_W!$PROG_W$ac_delim
PROG_WHO!$PROG_WHO$ac_delim
+PROG_LAST!$PROG_LAST$ac_delim
_ACEOF
if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@@ -31474,7 +31476,6 @@
ac_delim='%!_!# '
for ac_last_try in false false false false false :; do
cat >conf$$subs.sed <<_ACEOF
-PROG_LAST!$PROG_LAST$ac_delim
PROG_LASTLOG!$PROG_LASTLOG$ac_delim
PROG_DF!$PROG_DF$ac_delim
PROG_VMSTAT!$PROG_VMSTAT$ac_delim
@@ -31482,6 +31483,8 @@
PROG_IPCS!$PROG_IPCS$ac_delim
PROG_TAIL!$PROG_TAIL$ac_delim
INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim
+SSHLIBS!$SSHLIBS$ac_delim
+SSHDLIBS!$SSHDLIBS$ac_delim
KRB5CONF!$KRB5CONF$ac_delim
PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim
xauth_path!$xauth_path$ac_delim
@@ -31496,7 +31499,7 @@
LTLIBOBJS!$LTLIBOBJS$ac_delim
_ACEOF
- if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 20; then
+ if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 21; then
break
elif $ac_last_try; then
{ { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
@@ -31993,6 +31996,9 @@
if test ! -z "${SSHDLIBS}"; then
echo " +for sshd: ${SSHDLIBS}"
fi
+if test ! -z "${SSHLIBS}"; then
+echo " +for ssh: ${SSHLIBS}"
+fi
echo ""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/configure.ac new/openssh-5.8p1/configure.ac
--- old/openssh-5.7p1/configure.ac 2011-01-21 23:37:05.000000000 +0100
+++ new/openssh-5.8p1/configure.ac 2011-02-04 01:42:14.000000000 +0100
@@ -1,4 +1,4 @@
-# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $
+# $Id: configure.ac,v 1.469.4.1 2011/02/04 00:42:14 djm Exp $
#
# Copyright (c) 1999-2004 Damien Miller
#
@@ -15,7 +15,7 @@
# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
-AC_REVISION($Revision: 1.469 $)
+AC_REVISION($Revision: 1.469.4.1 $)
AC_CONFIG_SRCDIR([ssh.c])
# local macros
@@ -737,7 +737,6 @@
[ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
[Define if you have Solaris process contracts])
SSHDLIBS="$SSHDLIBS -lcontract"
- AC_SUBST(SSHDLIBS)
SPC_MSG="yes" ], )
],
)
@@ -748,7 +747,6 @@
[ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
[Define if you have Solaris projects])
SSHDLIBS="$SSHDLIBS -lproject"
- AC_SUBST(SSHDLIBS)
SP_MSG="yes" ], )
],
)
@@ -3515,11 +3513,14 @@
LIBS="$LIBS -lselinux"
],
AC_MSG_ERROR(SELinux support requires libselinux library))
+ SSHLIBS="$SSHLIBS $LIBSELINUX"
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
LIBS="$save_LIBS"
fi ]
)
+AC_SUBST(SSHLIBS)
+AC_SUBST(SSHDLIBS)
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
@@ -4341,6 +4342,9 @@
if test ! -z "${SSHDLIBS}"; then
echo " +for sshd: ${SSHDLIBS}"
fi
+if test ! -z "${SSHLIBS}"; then
+echo " +for ssh: ${SSHLIBS}"
+fi
echo ""
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/contrib/caldera/openssh.spec new/openssh-5.8p1/contrib/caldera/openssh.spec
--- old/openssh-5.7p1/contrib/caldera/openssh.spec 2011-01-22 10:23:33.000000000 +0100
+++ new/openssh-5.8p1/contrib/caldera/openssh.spec 2011-02-04 01:57:54.000000000 +0100
@@ -16,7 +16,7 @@
#old cvs stuff. please update before use. may be deprecated.
%define use_stable 1
-%define version 5.7p1
+%define version 5.8p1
%if %{use_stable}
%define cvs %{nil}
%define release 1
@@ -363,4 +363,4 @@
* Mon Jan 01 1998 ...
Template Version: 1.31
-$Id: openssh.spec,v 1.73 2011/01/22 09:23:33 djm Exp $
+$Id: openssh.spec,v 1.73.4.1 2011/02/04 00:57:54 djm Exp $
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/contrib/redhat/openssh.spec new/openssh-5.8p1/contrib/redhat/openssh.spec
--- old/openssh-5.7p1/contrib/redhat/openssh.spec 2011-01-22 10:23:35.000000000 +0100
+++ new/openssh-5.8p1/contrib/redhat/openssh.spec 2011-02-04 01:57:56.000000000 +0100
@@ -1,4 +1,4 @@
-%define ver 5.7p1
+%define ver 5.8p1
%define rel 1
# OpenSSH privilege separation requires a user & group ID
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/contrib/suse/openssh.spec new/openssh-5.8p1/contrib/suse/openssh.spec
--- old/openssh-5.7p1/contrib/suse/openssh.spec 2011-01-22 10:23:36.000000000 +0100
+++ new/openssh-5.8p1/contrib/suse/openssh.spec 2011-02-04 01:57:57.000000000 +0100
@@ -13,7 +13,7 @@
Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
Name: openssh
-Version: 5.7p1
+Version: 5.8p1
URL: http://www.openssh.com/
Release: 1
Source0: openssh-%{version}.tar.gz
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/key.c new/openssh-5.8p1/key.c
--- old/openssh-5.7p1/key.c 2010-11-20 05:15:49.000000000 +0100
+++ new/openssh-5.8p1/key.c 2011-02-04 01:48:34.000000000 +0100
@@ -1,4 +1,4 @@
-/* $OpenBSD: key.c,v 1.95 2010/11/10 01:33:07 djm Exp $ */
+/* $OpenBSD: key.c,v 1.96 2011/02/04 00:44:21 djm Exp $ */
/*
* read_bignum():
* Copyright (c) 1995 Tatu Ylonen , Espoo, Finland
@@ -1886,10 +1886,9 @@
buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
/* -v01 certs put nonce first */
- if (!key_cert_is_legacy(k)) {
- arc4random_buf(&nonce, sizeof(nonce));
+ arc4random_buf(&nonce, sizeof(nonce));
+ if (!key_cert_is_legacy(k))
buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
- }
switch (k->type) {
case KEY_DSA_CERT_V00:
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/moduli.0 new/openssh-5.8p1/moduli.0
--- old/openssh-5.7p1/moduli.0 2011-01-22 10:29:11.000000000 +0100
+++ new/openssh-5.8p1/moduli.0 2011-02-04 02:00:02.000000000 +0100
@@ -69,4 +69,4 @@
Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer
Protocol, RFC 4419, 2006.
-OpenBSD 4.8 June 26, 2008 OpenBSD 4.8
+OpenBSD 4.9 June 26, 2008 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/openbsd-compat/port-linux.c new/openssh-5.8p1/openbsd-compat/port-linux.c
--- old/openssh-5.7p1/openbsd-compat/port-linux.c 2011-01-17 08:50:24.000000000 +0100
+++ new/openssh-5.8p1/openbsd-compat/port-linux.c 2011-02-04 01:43:08.000000000 +0100
@@ -1,4 +1,4 @@
-/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */
+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
/*
* Copyright (c) 2005 Daniel Walsh
@@ -205,6 +205,22 @@
xfree(oldctx);
xfree(newctx);
}
+
+void
+ssh_selinux_setfscreatecon(const char *path)
+{
+ security_context_t context;
+
+ if (!ssh_selinux_enabled())
+ return;
+ if (path == NULL)
+ setfscreatecon(NULL);
+ return;
+ }
+ if (matchpathcon(path, 0700, &context) == 0)
+ setfscreatecon(context);
+}
+
#endif /* WITH_SELINUX */
#ifdef LINUX_OOM_ADJUST
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/openbsd-compat/port-linux.h new/openssh-5.8p1/openbsd-compat/port-linux.h
--- old/openssh-5.7p1/openbsd-compat/port-linux.h 2009-12-08 03:39:48.000000000 +0100
+++ new/openssh-5.8p1/openbsd-compat/port-linux.h 2011-02-04 01:42:21.000000000 +0100
@@ -1,4 +1,4 @@
-/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */
+/* $Id: port-linux.h,v 1.4.10.1 2011/02/04 00:42:21 djm Exp $ */
/*
* Copyright (c) 2006 Damien Miller
@@ -24,6 +24,7 @@
void ssh_selinux_setup_pty(char *, const char *);
void ssh_selinux_setup_exec_context(char *);
void ssh_selinux_change_context(const char *);
+void ssh_selinux_setfscreatecon(const char *);
#endif
#ifdef LINUX_OOM_ADJUST
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/scp.0 new/openssh-5.8p1/scp.0
--- old/openssh-5.7p1/scp.0 2011-01-22 10:29:11.000000000 +0100
+++ new/openssh-5.8p1/scp.0 2011-02-04 02:00:02.000000000 +0100
@@ -153,4 +153,4 @@
Timo Rinne
Tatu Ylonen
-OpenBSD 4.8 December 9, 2010 OpenBSD 4.8
+OpenBSD 4.9 December 9, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/sftp-server.0 new/openssh-5.8p1/sftp-server.0
--- old/openssh-5.7p1/sftp-server.0 2011-01-22 10:29:12.000000000 +0100
+++ new/openssh-5.8p1/sftp-server.0 2011-02-04 02:00:02.000000000 +0100
@@ -61,4 +61,4 @@
AUTHORS
Markus Friedl
-OpenBSD 4.8 January 9, 2010 OpenBSD 4.8
+OpenBSD 4.9 January 9, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/sftp.0 new/openssh-5.8p1/sftp.0
--- old/openssh-5.7p1/sftp.0 2011-01-22 10:29:12.000000000 +0100
+++ new/openssh-5.8p1/sftp.0 2011-02-04 02:00:02.000000000 +0100
@@ -328,4 +328,4 @@
draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress
material.
-OpenBSD 4.8 December 4, 2010 OpenBSD 4.8
+OpenBSD 4.9 December 4, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/ssh-add.0 new/openssh-5.8p1/ssh-add.0
--- old/openssh-5.7p1/ssh-add.0 2011-01-22 10:29:11.000000000 +0100
+++ new/openssh-5.8p1/ssh-add.0 2011-02-04 02:00:02.000000000 +0100
@@ -112,4 +112,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.8 October 28, 2010 OpenBSD 4.8
+OpenBSD 4.9 October 28, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/ssh-agent.0 new/openssh-5.8p1/ssh-agent.0
--- old/openssh-5.7p1/ssh-agent.0 2011-01-22 10:29:11.000000000 +0100
+++ new/openssh-5.8p1/ssh-agent.0 2011-02-04 02:00:02.000000000 +0100
@@ -120,4 +120,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.8 November 21, 2010 OpenBSD 4.8
+OpenBSD 4.9 November 21, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/ssh-keygen.0 new/openssh-5.8p1/ssh-keygen.0
--- old/openssh-5.7p1/ssh-keygen.0 2011-01-22 10:29:11.000000000 +0100
+++ new/openssh-5.8p1/ssh-keygen.0 2011-02-04 02:00:02.000000000 +0100
@@ -440,4 +440,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.8 October 28, 2010 OpenBSD 4.8
+OpenBSD 4.9 October 28, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/ssh-keyscan.0 new/openssh-5.8p1/ssh-keyscan.0
--- old/openssh-5.7p1/ssh-keyscan.0 2011-01-22 10:29:11.000000000 +0100
+++ new/openssh-5.8p1/ssh-keyscan.0 2011-02-04 02:00:02.000000000 +0100
@@ -106,4 +106,4 @@
This is because it opens a connection to the ssh port, reads the public
key, and drops the connection as soon as it gets the key.
-OpenBSD 4.8 August 31, 2010 OpenBSD 4.8
+OpenBSD 4.9 August 31, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/ssh-keysign.0 new/openssh-5.8p1/ssh-keysign.0
--- old/openssh-5.7p1/ssh-keysign.0 2011-01-22 10:29:12.000000000 +0100
+++ new/openssh-5.8p1/ssh-keysign.0 2011-02-04 02:00:02.000000000 +0100
@@ -48,4 +48,4 @@
AUTHORS
Markus Friedl
-OpenBSD 4.8 August 31, 2010 OpenBSD 4.8
+OpenBSD 4.9 August 31, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/ssh-pkcs11-helper.0 new/openssh-5.8p1/ssh-pkcs11-helper.0
--- old/openssh-5.7p1/ssh-pkcs11-helper.0 2011-01-22 10:29:12.000000000 +0100
+++ new/openssh-5.8p1/ssh-pkcs11-helper.0 2011-02-04 02:00:02.000000000 +0100
@@ -22,4 +22,4 @@
AUTHORS
Markus Friedl
-OpenBSD 4.8 February 10, 2010 OpenBSD 4.8
+OpenBSD 4.9 February 10, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/ssh-rand-helper.0 new/openssh-5.8p1/ssh-rand-helper.0
--- old/openssh-5.7p1/ssh-rand-helper.0 2011-01-22 10:29:12.000000000 +0100
+++ new/openssh-5.8p1/ssh-rand-helper.0 2011-02-04 02:00:02.000000000 +0100
@@ -48,4 +48,4 @@
SEE ALSO
ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
-OpenBSD 4.8 April 14, 2002 OpenBSD 4.8
+OpenBSD 4.9 April 14, 2002 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/ssh.0 new/openssh-5.8p1/ssh.0
--- old/openssh-5.7p1/ssh.0 2011-01-22 10:29:11.000000000 +0100
+++ new/openssh-5.8p1/ssh.0 2011-02-04 02:00:02.000000000 +0100
@@ -895,4 +895,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.8 November 18, 2010 OpenBSD 4.8
+OpenBSD 4.9 November 18, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/ssh.c new/openssh-5.8p1/ssh.c
--- old/openssh-5.7p1/ssh.c 2011-01-06 23:51:18.000000000 +0100
+++ new/openssh-5.8p1/ssh.c 2011-02-04 01:42:15.000000000 +0100
@@ -852,15 +852,12 @@
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
#ifdef WITH_SELINUX
- char *scon;
-
- matchpathcon(buf, 0700, &scon);
- setfscreatecon(scon);
+ ssh_selinux_setfscreatecon(buf);
#endif
if (mkdir(buf, 0700) < 0)
error("Could not create directory '%.200s'.", buf);
#ifdef WITH_SELINUX
- setfscreatecon(NULL);
+ ssh_selinux_setfscreatecon(NULL);
#endif
}
/* load options.identity_files */
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/ssh_config.0 new/openssh-5.8p1/ssh_config.0
--- old/openssh-5.7p1/ssh_config.0 2011-01-22 10:29:12.000000000 +0100
+++ new/openssh-5.8p1/ssh_config.0 2011-02-04 02:00:03.000000000 +0100
@@ -741,4 +741,4 @@
created OpenSSH. Markus Friedl contributed the support for SSH protocol
versions 1.5 and 2.0.
-OpenBSD 4.8 December 8, 2010 OpenBSD 4.8
+OpenBSD 4.9 December 8, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/sshd.0 new/openssh-5.8p1/sshd.0
--- old/openssh-5.7p1/sshd.0 2011-01-22 10:29:11.000000000 +0100
+++ new/openssh-5.8p1/sshd.0 2011-02-04 02:00:02.000000000 +0100
@@ -631,4 +631,4 @@
System security is not improved unless rshd, rlogind, and rexecd are
disabled (thus completely disabling rlogin and rsh into the machine).
-OpenBSD 4.8 October 28, 2010 OpenBSD 4.8
+OpenBSD 4.9 October 28, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/sshd_config.0 new/openssh-5.8p1/sshd_config.0
--- old/openssh-5.7p1/sshd_config.0 2011-01-22 10:29:12.000000000 +0100
+++ new/openssh-5.8p1/sshd_config.0 2011-02-04 02:00:02.000000000 +0100
@@ -710,4 +710,4 @@
versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
for privilege separation.
-OpenBSD 4.8 December 8, 2010 OpenBSD 4.8
+OpenBSD 4.9 December 8, 2010 OpenBSD 4.9
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/openssh-5.7p1/version.h new/openssh-5.8p1/version.h
--- old/openssh-5.7p1/version.h 2011-01-22 10:21:36.000000000 +0100
+++ new/openssh-5.8p1/version.h 2011-02-04 01:48:57.000000000 +0100
@@ -1,6 +1,6 @@
-/* $OpenBSD: version.h,v 1.60 2011/01/22 09:18:53 djm Exp $ */
+/* $OpenBSD: version.h,v 1.61 2011/02/04 00:44:43 djm Exp $ */
-#define SSH_VERSION "OpenSSH_5.7"
+#define SSH_VERSION "OpenSSH_5.8"
#define SSH_PORTABLE "p1"
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Remember to have fun...
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org