forked from rpms/openssh
8.3p1-1 + 0.10.3-10
This commit is contained in:
parent
efd1b7e5c8
commit
5cd9552fc4
2
.gitignore
vendored
2
.gitignore
vendored
@ -40,3 +40,5 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
|
|||||||
/openssh-8.1p1.tar.gz.asc
|
/openssh-8.1p1.tar.gz.asc
|
||||||
/openssh-8.2p1.tar.gz
|
/openssh-8.2p1.tar.gz
|
||||||
/openssh-8.2p1.tar.gz.asc
|
/openssh-8.2p1.tar.gz.asc
|
||||||
|
/openssh-8.3p1.tar.gz
|
||||||
|
/openssh-8.3p1.tar.gz.asc
|
||||||
|
@ -883,8 +883,8 @@ diff -up openssh/cipher.c.audit openssh/cipher.c
|
|||||||
- if (cc == NULL)
|
- if (cc == NULL)
|
||||||
+ if (cc == NULL || cc->cipher == NULL)
|
+ if (cc == NULL || cc->cipher == NULL)
|
||||||
return;
|
return;
|
||||||
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
|
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
|
||||||
explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
|
chachapoly_free(cc->cp_ctx);
|
||||||
diff -up openssh/cipher.h.audit openssh/cipher.h
|
diff -up openssh/cipher.h.audit openssh/cipher.h
|
||||||
--- openssh/cipher.h.audit 2019-03-27 23:26:14.000000000 +0100
|
--- openssh/cipher.h.audit 2019-03-27 23:26:14.000000000 +0100
|
||||||
+++ openssh/cipher.h 2019-04-03 17:02:20.714886050 +0200
|
+++ openssh/cipher.h 2019-04-03 17:02:20.714886050 +0200
|
||||||
|
@ -453,5 +453,5 @@ diff -up openssh-8.0p1/ssh-keygen.c.fips openssh-8.0p1/ssh-keygen.c
|
|||||||
fflush(stdout);
|
fflush(stdout);
|
||||||
- type = sshkey_type_from_name(key_types[i].key_type);
|
- type = sshkey_type_from_name(key_types[i].key_type);
|
||||||
if ((fd = mkstemp(prv_tmp)) == -1) {
|
if ((fd = mkstemp(prv_tmp)) == -1) {
|
||||||
error("Could not save your public key in %s: %s",
|
error("Could not save your private key in %s: %s",
|
||||||
prv_tmp, strerror(errno));
|
prv_tmp, strerror(errno));
|
||||||
|
@ -480,7 +480,7 @@ index 6cae720e..16e55cbc 100644
|
|||||||
+ return 0;
|
+ return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* This allows GSSAPI methods to do things to the childs environment based
|
/* This allows GSSAPI methods to do things to the child's environment based
|
||||||
@@ -498,9 +500,7 @@ ssh_gssapi_rekey_creds() {
|
@@ -498,9 +500,7 @@ ssh_gssapi_rekey_creds() {
|
||||||
char *envstr;
|
char *envstr;
|
||||||
#endif
|
#endif
|
||||||
@ -574,7 +574,7 @@ index 85df6a27..480a5ead 100644
|
|||||||
+++ b/session.c
|
+++ b/session.c
|
||||||
@@ -1033,7 +1033,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
|
@@ -1033,7 +1033,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
|
||||||
/* Allow any GSSAPI methods that we've used to alter
|
/* Allow any GSSAPI methods that we've used to alter
|
||||||
* the childs environment as they see fit
|
* the child's environment as they see fit
|
||||||
*/
|
*/
|
||||||
- ssh_gssapi_do_child(&env, &envsize);
|
- ssh_gssapi_do_child(&env, &envsize);
|
||||||
+ if (s->authctxt->krb5_set_env)
|
+ if (s->authctxt->krb5_set_env)
|
||||||
|
@ -964,7 +964,7 @@ index ab3a15f0..6ce56e92 100644
|
|||||||
--- a/gss-serv.c
|
--- a/gss-serv.c
|
||||||
+++ b/gss-serv.c
|
+++ b/gss-serv.c
|
||||||
@@ -1,7 +1,7 @@
|
@@ -1,7 +1,7 @@
|
||||||
/* $OpenBSD: gss-serv.c,v 1.31 2018/07/09 21:37:55 markus Exp $ */
|
/* $OpenBSD: gss-serv.c,v 1.32 2020/03/13 03:17:07 djm Exp $ */
|
||||||
|
|
||||||
/*
|
/*
|
||||||
- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||||
|
@ -48,7 +48,7 @@ index e7549470..4511f82a 100644
|
|||||||
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
|
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
|
||||||
- ssh-pkcs11.o smult_curve25519_ref.o \
|
- ssh-pkcs11.o smult_curve25519_ref.o \
|
||||||
+ ssh-pkcs11.o ssh-pkcs11-uri.o smult_curve25519_ref.o \
|
+ ssh-pkcs11.o ssh-pkcs11-uri.o smult_curve25519_ref.o \
|
||||||
poly1305.o chacha.o cipher-chachapoly.o \
|
poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o \
|
||||||
ssh-ed25519.o digest-openssl.o digest-libc.o \
|
ssh-ed25519.o digest-openssl.o digest-libc.o \
|
||||||
hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
|
hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
|
||||||
@@ -289,6 +289,8 @@ clean: regressclean
|
@@ -289,6 +289,8 @@ clean: regressclean
|
||||||
@ -2502,7 +2502,7 @@ index a302c79c..879fe917 100644
|
|||||||
int ret = -1;
|
int ret = -1;
|
||||||
struct pkcs11_provider *p = NULL;
|
struct pkcs11_provider *p = NULL;
|
||||||
void *handle = NULL;
|
void *handle = NULL;
|
||||||
@@ -1484,165 +1670,301 @@ pkcs11_register_provider(char *provider_id, char *pin,
|
@@ -1484,167 +1670,303 @@ pkcs11_register_provider(char *provider_id, char *pin,
|
||||||
CK_FUNCTION_LIST *f = NULL;
|
CK_FUNCTION_LIST *f = NULL;
|
||||||
CK_TOKEN_INFO *token;
|
CK_TOKEN_INFO *token;
|
||||||
CK_ULONG i;
|
CK_ULONG i;
|
||||||
@ -2830,6 +2830,8 @@ index a302c79c..879fe917 100644
|
|||||||
}
|
}
|
||||||
- if (handle)
|
- if (handle)
|
||||||
- dlclose(handle);
|
- dlclose(handle);
|
||||||
|
if (ret > 0)
|
||||||
|
ret = -1;
|
||||||
return (ret);
|
return (ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -3109,9 +3111,9 @@ index 15aee569..976844cb 100644
|
|||||||
+ }
|
+ }
|
||||||
+#endif /* ENABLE_PKCS11 */
|
+#endif /* ENABLE_PKCS11 */
|
||||||
+ cp = tilde_expand_filename(name, getuid());
|
+ cp = tilde_expand_filename(name, getuid());
|
||||||
filename = percent_expand(cp, "d", pw->pw_dir,
|
filename = default_client_percent_expand(cp,
|
||||||
"u", pw->pw_name, "l", thishost, "h", host,
|
pw->pw_dir, host, options.user, pw->pw_name);
|
||||||
"r", options.user, (char *)NULL);
|
free(cp);
|
||||||
diff --git a/ssh_config.5 b/ssh_config.5
|
diff --git a/ssh_config.5 b/ssh_config.5
|
||||||
index 06a32d31..4b2763bd 100644
|
index 06a32d31..4b2763bd 100644
|
||||||
--- a/ssh_config.5
|
--- a/ssh_config.5
|
||||||
|
@ -26,7 +26,7 @@ index dca158de..afdcb1d2 100644
|
|||||||
|
|
||||||
-int
|
-int
|
||||||
+int __attribute__((visibility("default")))
|
+int __attribute__((visibility("default")))
|
||||||
sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
|
sk_sign(uint32_t alg, const uint8_t *data, size_t datalen,
|
||||||
const char *application, const uint8_t *key_handle, size_t key_handle_len,
|
const char *application, const uint8_t *key_handle, size_t key_handle_len,
|
||||||
uint8_t flags, const char *pin, struct sk_option **options,
|
uint8_t flags, const char *pin, struct sk_option **options,
|
||||||
@@ -518,7 +518,7 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
|
@@ -518,7 +518,7 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
|
||||||
|
11
openssh.spec
11
openssh.spec
@ -65,10 +65,10 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%global openssh_ver 8.2p1
|
%global openssh_ver 8.3p1
|
||||||
%global openssh_rel 3
|
%global openssh_rel 1
|
||||||
%global pam_ssh_agent_ver 0.10.3
|
%global pam_ssh_agent_ver 0.10.3
|
||||||
%global pam_ssh_agent_rel 9
|
%global pam_ssh_agent_rel 10
|
||||||
|
|
||||||
Summary: An open source implementation of SSH protocol version 2
|
Summary: An open source implementation of SSH protocol version 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
@ -716,6 +716,11 @@ getent passwd sshd >/dev/null || \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed May 27 2020 Jakub Jelen <jjelen@redhat.com> - 8.3p1-1 + 0.10.3-10
|
||||||
|
- New upstream release (#1840503)
|
||||||
|
- Unbreak corner cases of sshd_config include
|
||||||
|
- Fix order of gssapi key exchange algorithms
|
||||||
|
|
||||||
* Wed Apr 08 2020 Jakub Jelen <jjelen@redhat.com> - 8.2p1-3 + 0.10.3-9
|
* Wed Apr 08 2020 Jakub Jelen <jjelen@redhat.com> - 8.2p1-3 + 0.10.3-9
|
||||||
- Simplify reference to crypto policies in configuration files
|
- Simplify reference to crypto policies in configuration files
|
||||||
- Unbreak gssapi authentication with GSSAPITrustDNS over jump hosts
|
- Unbreak gssapi authentication with GSSAPITrustDNS over jump hosts
|
||||||
|
4
sources
4
sources
@ -1,4 +1,4 @@
|
|||||||
SHA512 (openssh-8.2p1.tar.gz) = c4db64e52a3a4c410de9de49f9cb104dd493b10250af3599b92457dd986277b3fd99a6f51cec94892fd1be5bd0369c5757262ea7805f0de464b245c3d34c120a
|
SHA512 (openssh-8.3p1.tar.gz) = b5232f7c85bf59ae2ff9d17b030117012e257e3b8c0d5ac60bb139a85b1fbf298b40f2e04203a2e13ca7273053ed668b9dedd54d3a67a7cb8e8e58c0228c5f40
|
||||||
SHA512 (openssh-8.2p1.tar.gz.asc) = e6d091289d62d3a01d5978e3c26f72d8ea6979c345fbebc215515185ea567c959f5b17e32052d752829ab4c6bc537fd977f7aa02cf0a23280da63fd9d880f303
|
SHA512 (openssh-8.3p1.tar.gz.asc) = 569fa12b3671af15bd7cd54fc7b13d1d64f3e96eb28f6dc430082f7bec4595689c633d3d56c23faad45b73e4da666c3ec090de26bf54f49410ba9bb8b5363e75
|
||||||
SHA512 (DJM-GPG-KEY.gpg) = db1191ed9b6495999e05eed2ef863fb5179bdb63e94850f192dad68eed8579836f88fbcfffd9f28524fe1457aff8cd248ee3e0afc112c8f609b99a34b80ecc0d
|
SHA512 (DJM-GPG-KEY.gpg) = db1191ed9b6495999e05eed2ef863fb5179bdb63e94850f192dad68eed8579836f88fbcfffd9f28524fe1457aff8cd248ee3e0afc112c8f609b99a34b80ecc0d
|
||||||
SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66
|
SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66
|
||||||
|
Loading…
Reference in New Issue
Block a user