forked from rpms/openssh
cleanup working directory, spec file and unused patches after rebase
This commit is contained in:
parent
08cb909f5d
commit
77f453b74d
@ -1,18 +0,0 @@
|
||||
diff -up openssh-5.1p1/scp.1.manpage openssh-5.1p1/scp.1
|
||||
--- openssh-5.1p1/scp.1.manpage 2008-07-12 09:12:49.000000000 +0200
|
||||
+++ openssh-5.1p1/scp.1 2008-07-23 19:18:15.000000000 +0200
|
||||
@@ -66,6 +66,14 @@ treating file names containing
|
||||
as host specifiers.
|
||||
Copies between two remote hosts are also permitted.
|
||||
.Pp
|
||||
+When copying a source file to a target file which already exists,
|
||||
+.Nm
|
||||
+will replace the contents of the target file (keeping the inode).
|
||||
+.Pp
|
||||
+If the target file does not yet exist, an empty file with the target
|
||||
+file name is created, then filled with the source file contents.
|
||||
+No attempt is made at "near-atomic" transfer using temporary files.
|
||||
+.Pp
|
||||
The options are as follows:
|
||||
.Bl -tag -width Ds
|
||||
.It Fl 1
|
@ -1,177 +0,0 @@
|
||||
From 5618210618256bbf5f4f71b2887ff186fd451736 Mon Sep 17 00:00:00 2001
|
||||
From: Damien Miller <djm@mindrot.org>
|
||||
Date: Sun, 20 Apr 2014 13:44:47 +1000
|
||||
Subject: [PATCH] - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c
|
||||
version.h] OpenSSH 6.5 and 6.6 sometimes encode a value used in the
|
||||
curve25519 key exchange incorrectly, causing connection failures about
|
||||
0.2% of the time when this method is used against a peer that implements
|
||||
the method properly.
|
||||
|
||||
Fix the problem and disable the curve25519 KEX when speaking to
|
||||
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
|
||||
to enable the compatability code.
|
||||
---
|
||||
ChangeLog | 11 +++++++++++
|
||||
bufaux.c | 5 ++++-
|
||||
compat.c | 17 ++++++++++++++++-
|
||||
compat.h | 2 ++
|
||||
sshconnect2.c | 2 ++
|
||||
sshd.c | 3 +++
|
||||
version.h | 2 +-
|
||||
7 files changed, 39 insertions(+), 3 deletions(-)
|
||||
|
||||
diff --git a/ChangeLog b/ChangeLog
|
||||
index 1603a07..928999d 100644
|
||||
--- a/ChangeLog
|
||||
+++ b/ChangeLog
|
||||
@@ -1,13 +1,23 @@
|
||||
20140420
|
||||
- - djm@cvs.openbsd.org 2014/04/01 03:34:10
|
||||
- [sshconnect.c]
|
||||
- When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
|
||||
- certificate keys to plain keys and attempt SSHFP resolution.
|
||||
-
|
||||
- Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
||||
- dialog by offering only certificate keys.
|
||||
-
|
||||
- Reported by mcv21 AT cam.ac.uk
|
||||
+ - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c version.h]
|
||||
+ OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
|
||||
+ key exchange incorrectly, causing connection failures about 0.2% of
|
||||
+ the time when this method is used against a peer that implements
|
||||
+ the method properly.
|
||||
+
|
||||
+ Fix the problem and disable the curve25519 KEX when speaking to
|
||||
+ OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
|
||||
+ to enable the compatability code.
|
||||
+
|
||||
+ - djm@cvs.openbsd.org 2014/04/01 03:34:10
|
||||
+ [sshconnect.c]
|
||||
+ When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
|
||||
+ certificate keys to plain keys and attempt SSHFP resolution.
|
||||
+
|
||||
+ Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
||||
+ dialog by offering only certificate keys.
|
||||
+
|
||||
+ Reported by mcv21 AT cam.ac.uk
|
||||
|
||||
20140313
|
||||
- (djm) Release OpenSSH 6.6
|
||||
diff --git a/bufaux.c b/bufaux.c
|
||||
index e24b5fc..f6a6f2a 100644
|
||||
--- a/bufaux.c
|
||||
+++ b/bufaux.c
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
|
||||
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
|
||||
|
||||
if (l > 8 * 1024)
|
||||
fatal("%s: length %u too long", __func__, l);
|
||||
+ /* Skip leading zero bytes */
|
||||
+ for (; l > 0 && *s == 0; l--, s++)
|
||||
+ ;
|
||||
p = buf = xmalloc(l + 1);
|
||||
/*
|
||||
* If most significant bit is set then prepend a zero byte to
|
||||
diff --git a/compat.c b/compat.c
|
||||
index 9d9fabe..2709dc5 100644
|
||||
--- a/compat.c
|
||||
+++ b/compat.c
|
||||
@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
|
||||
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
|
||||
{ "OpenSSH_4*", 0 },
|
||||
{ "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
|
||||
+ { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH},
|
||||
+ { "OpenSSH_6.5*,"
|
||||
+ "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
|
||||
{ "OpenSSH*", SSH_NEW_OPENSSH },
|
||||
{ "*MindTerm*", 0 },
|
||||
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
||||
@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop)
|
||||
return cipher_prop;
|
||||
}
|
||||
|
||||
-
|
||||
char *
|
||||
compat_pkalg_proposal(char *pkalg_prop)
|
||||
{
|
||||
@@ -265,3 +267,16 @@ compat_pkalg_proposal(char *pkalg_prop)
|
||||
return pkalg_prop;
|
||||
}
|
||||
|
||||
+char *
|
||||
+compat_kex_proposal(char *kex_prop)
|
||||
+{
|
||||
+ if (!(datafellows & SSH_BUG_CURVE25519PAD))
|
||||
+ return kex_prop;
|
||||
+ debug2("%s: original KEX proposal: %s", __func__, kex_prop);
|
||||
+ kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org");
|
||||
+ debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
|
||||
+ if (*kex_prop == '\0')
|
||||
+ fatal("No supported key exchange algorithms found");
|
||||
+ return kex_prop;
|
||||
+}
|
||||
+
|
||||
diff --git a/compat.h b/compat.h
|
||||
index b174fa1..a6c3f3d 100644
|
||||
--- a/compat.h
|
||||
+++ b/compat.h
|
||||
@@ -59,6 +59,7 @@
|
||||
#define SSH_BUG_RFWD_ADDR 0x02000000
|
||||
#define SSH_NEW_OPENSSH 0x04000000
|
||||
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
|
||||
+#define SSH_BUG_CURVE25519PAD 0x10000000
|
||||
|
||||
void enable_compat13(void);
|
||||
void enable_compat20(void);
|
||||
@@ -66,6 +67,7 @@ void compat_datafellows(const char *);
|
||||
int proto_spec(const char *);
|
||||
char *compat_cipher_proposal(char *);
|
||||
char *compat_pkalg_proposal(char *);
|
||||
+char *compat_kex_proposal(char *);
|
||||
|
||||
extern int compat13;
|
||||
extern int compat20;
|
||||
diff --git a/sshconnect2.c b/sshconnect2.c
|
||||
index bb9292f..b00658b 100644
|
||||
--- a/sshconnect2.c
|
||||
+++ b/sshconnect2.c
|
||||
@@ -220,6 +220,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
|
||||
}
|
||||
if (options.kex_algorithms != NULL)
|
||||
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
|
||||
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
|
||||
+ myproposal[PROPOSAL_KEX_ALGS]);
|
||||
|
||||
#ifdef GSSAPI
|
||||
/* If we've got GSSAPI algorithms, then we also support the
|
||||
diff --git a/sshd.c b/sshd.c
|
||||
index e4e406e..512c7ed 100644
|
||||
--- a/sshd.c
|
||||
+++ b/sshd.c
|
||||
@@ -2488,6 +2488,9 @@ do_ssh2_kex(void)
|
||||
if (options.kex_algorithms != NULL)
|
||||
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
|
||||
|
||||
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
|
||||
+ myproposal[PROPOSAL_KEX_ALGS]);
|
||||
+
|
||||
if (options.rekey_limit || options.rekey_interval)
|
||||
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
|
||||
(time_t)options.rekey_interval);
|
||||
diff --git a/version.h b/version.h
|
||||
index a1579ac..a33e77c 100644
|
||||
--- a/version.h
|
||||
+++ b/version.h
|
||||
@@ -1,6 +1,6 @@
|
||||
/* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
|
||||
|
||||
-#define SSH_VERSION "OpenSSH_6.6"
|
||||
+#define SSH_VERSION "OpenSSH_6.6.1"
|
||||
|
||||
#define SSH_PORTABLE "p1"
|
||||
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
@ -1,29 +0,0 @@
|
||||
--- a/misc.c
|
||||
+++ b/misc.c
|
||||
@@ -865,17 +865,24 @@ ms_to_timeval(struct timeval *tv, int ms
|
||||
time_t
|
||||
monotime(void)
|
||||
{
|
||||
-#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC)
|
||||
+#if defined(HAVE_CLOCK_GETTIME) && \
|
||||
+ (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME))
|
||||
struct timespec ts;
|
||||
static int gettime_failed = 0;
|
||||
|
||||
if (!gettime_failed) {
|
||||
+#if defined(CLOCK_BOOTTIME)
|
||||
+ if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0)
|
||||
+ return (ts.tv_sec);
|
||||
+#endif
|
||||
+#if defined(CLOCK_MONOTONIC)
|
||||
if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0)
|
||||
return (ts.tv_sec);
|
||||
+#endif
|
||||
debug3("clock_gettime: %s", strerror(errno));
|
||||
gettime_failed = 1;
|
||||
}
|
||||
-#endif
|
||||
+#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */
|
||||
|
||||
return time(NULL);
|
||||
}
|
@ -1,76 +0,0 @@
|
||||
diff --git a/ChangeLog b/ChangeLog
|
||||
index 928999d..3887495 100644
|
||||
--- a/ChangeLog
|
||||
+++ b/ChangeLog
|
||||
@@ -1,3 +1,10 @@
|
||||
+20140703
|
||||
+ - OpenBSD CVS Sync
|
||||
+ - djm@cvs.openbsd.org 2014/07/03 03:34:09
|
||||
+ [gss-serv.c session.c ssh-keygen.c]
|
||||
+ standardise on NI_MAXHOST for gethostname() string lengths; about
|
||||
+ 1/2 the cases were using it already. Fixes bz#2239 en passant
|
||||
+
|
||||
20140420
|
||||
- (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c version.h]
|
||||
OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
|
||||
diff --git a/gss-serv.c b/gss-serv.c
|
||||
index 14f540e..29916d3 100644
|
||||
--- a/gss-serv.c
|
||||
+++ b/gss-serv.c
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $OpenBSD: gss-serv.c,v 1.26 2014/02/26 20:28:44 djm Exp $ */
|
||||
+/* $OpenBSD: gss-serv.c,v 1.27 2014/07/03 03:34:09 djm Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
||||
@@ -102,14 +102,14 @@ static OM_uint32
|
||||
ssh_gssapi_acquire_cred(Gssctxt *ctx)
|
||||
{
|
||||
OM_uint32 status;
|
||||
- char lname[MAXHOSTNAMELEN];
|
||||
+ char lname[NI_MAXHOST];
|
||||
gss_OID_set oidset;
|
||||
|
||||
if (options.gss_strict_acceptor) {
|
||||
gss_create_empty_oid_set(&status, &oidset);
|
||||
gss_add_oid_set_member(&status, ctx->oid, &oidset);
|
||||
|
||||
- if (gethostname(lname, MAXHOSTNAMELEN)) {
|
||||
+ if (gethostname(lname, sizeof(lname))) {
|
||||
gss_release_oid_set(&status, &oidset);
|
||||
return (-1);
|
||||
}
|
||||
diff --git a/session.c b/session.c
|
||||
index ba4589b..e4add93 100644
|
||||
--- a/session.c
|
||||
+++ b/session.c
|
||||
@@ -49,6 +49,7 @@
|
||||
#include <errno.h>
|
||||
#include <fcntl.h>
|
||||
#include <grp.h>
|
||||
+#include <netdb.h>
|
||||
#ifdef HAVE_PATHS_H
|
||||
#include <paths.h>
|
||||
#endif
|
||||
@@ -2669,7 +2670,7 @@ session_setup_x11fwd(Session *s)
|
||||
{
|
||||
struct stat st;
|
||||
char display[512], auth_display[512];
|
||||
- char hostname[MAXHOSTNAMELEN];
|
||||
+ char hostname[NI_MAXHOST];
|
||||
u_int i;
|
||||
|
||||
if (no_x11_forwarding_flag) {
|
||||
diff --git a/ssh-keygen.c b/ssh-keygen.c
|
||||
index 482dc1c..66198e6 100644
|
||||
--- a/ssh-keygen.c
|
||||
+++ b/ssh-keygen.c
|
||||
@@ -165,7 +165,7 @@ int rounds = 0;
|
||||
/* argv0 */
|
||||
extern char *__progname;
|
||||
|
||||
-char hostname[MAXHOSTNAMELEN];
|
||||
+char hostname[NI_MAXHOST];
|
||||
|
||||
/* moduli.c */
|
||||
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
|
@ -1,28 +0,0 @@
|
||||
diff --git a/ChangeLog b/ChangeLog
|
||||
index 3887495..a4dc72f 100644
|
||||
--- a/ChangeLog
|
||||
+++ b/ChangeLog
|
||||
@@ -1,3 +1,9 @@
|
||||
+20140823
|
||||
+ - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on
|
||||
+ lastlog writing on platforms with high UIDs; bz#2263
|
||||
+ - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
|
||||
+ monitor, not preauth; bz#2263
|
||||
+
|
||||
20140703
|
||||
- OpenBSD CVS Sync
|
||||
- djm@cvs.openbsd.org 2014/07/03 03:34:09
|
||||
diff --git a/monitor.c b/monitor.c
|
||||
index bdabe21..5a65114 100644
|
||||
--- a/monitor.c
|
||||
+++ b/monitor.c
|
||||
@@ -501,6 +501,9 @@ monitor_child_postauth(struct monitor *pmonitor)
|
||||
signal(SIGHUP, &monitor_child_handler);
|
||||
signal(SIGTERM, &monitor_child_handler);
|
||||
signal(SIGINT, &monitor_child_handler);
|
||||
+#ifdef SIGXFSZ
|
||||
+ signal(SIGXFSZ, SIG_IGN);
|
||||
+#endif
|
||||
|
||||
if (compat20) {
|
||||
mon_dispatch = mon_dispatch_postauth20;
|
@ -1,80 +0,0 @@
|
||||
diff --git a/ChangeLog b/ChangeLog
|
||||
index 38de846..1603a07 100644
|
||||
--- a/ChangeLog
|
||||
+++ b/ChangeLog
|
||||
@@ -1,3 +1,14 @@
|
||||
+20140420
|
||||
+ - djm@cvs.openbsd.org 2014/04/01 03:34:10
|
||||
+ [sshconnect.c]
|
||||
+ When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
|
||||
+ certificate keys to plain keys and attempt SSHFP resolution.
|
||||
+
|
||||
+ Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
||||
+ dialog by offering only certificate keys.
|
||||
+
|
||||
+ Reported by mcv21 AT cam.ac.uk
|
||||
+
|
||||
20140313
|
||||
- (djm) Release OpenSSH 6.6
|
||||
|
||||
diff --git a/sshconnect.c b/sshconnect.c
|
||||
index 394cca8..e636f33 100644
|
||||
--- a/sshconnect.c
|
||||
+++ b/sshconnect.c
|
||||
@@ -1219,30 +1219,40 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
|
||||
{
|
||||
int flags = 0;
|
||||
char *fp;
|
||||
+ Key *plain = NULL;
|
||||
|
||||
fp = key_selected_fingerprint(host_key, SSH_FP_HEX);
|
||||
debug("Server host key: %s %s%s", key_type(host_key),
|
||||
key_fingerprint_prefix(), fp);
|
||||
free(fp);
|
||||
|
||||
- /* XXX certs are not yet supported for DNS */
|
||||
- if (!key_is_cert(host_key) && options.verify_host_key_dns &&
|
||||
- verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
|
||||
- if (flags & DNS_VERIFY_FOUND) {
|
||||
-
|
||||
- if (options.verify_host_key_dns == 1 &&
|
||||
- flags & DNS_VERIFY_MATCH &&
|
||||
- flags & DNS_VERIFY_SECURE)
|
||||
- return 0;
|
||||
-
|
||||
- if (flags & DNS_VERIFY_MATCH) {
|
||||
- matching_host_key_dns = 1;
|
||||
- } else {
|
||||
- warn_changed_key(host_key);
|
||||
- error("Update the SSHFP RR in DNS with the new "
|
||||
- "host key to get rid of this message.");
|
||||
+ if (options.verify_host_key_dns) {
|
||||
+ /*
|
||||
+ * XXX certs are not yet supported for DNS, so downgrade
|
||||
+ * them and try the plain key.
|
||||
+ */
|
||||
+ plain = key_from_private(host_key);
|
||||
+ if (key_is_cert(plain))
|
||||
+ key_drop_cert(plain);
|
||||
+ if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
|
||||
+ if (flags & DNS_VERIFY_FOUND) {
|
||||
+ if (options.verify_host_key_dns == 1 &&
|
||||
+ flags & DNS_VERIFY_MATCH &&
|
||||
+ flags & DNS_VERIFY_SECURE) {
|
||||
+ key_free(plain);
|
||||
+ return 0;
|
||||
+ }
|
||||
+ if (flags & DNS_VERIFY_MATCH) {
|
||||
+ matching_host_key_dns = 1;
|
||||
+ } else {
|
||||
+ warn_changed_key(plain);
|
||||
+ error("Update the SSHFP RR in DNS "
|
||||
+ "with the new host key to get rid "
|
||||
+ "of this message.");
|
||||
+ }
|
||||
}
|
||||
}
|
||||
+ key_free(plain);
|
||||
}
|
||||
|
||||
return check_host_key(host, hostaddr, options.port, host_key, RDRW,
|
17
openssh.spec
17
openssh.spec
@ -151,8 +151,6 @@ Patch702: openssh-5.1p1-askpass-progress.patch
|
||||
#?
|
||||
Patch703: openssh-4.3p2-askpass-grab-info.patch
|
||||
#?
|
||||
Patch705: openssh-5.1p1-scp-manpage.patch
|
||||
#?
|
||||
Patch706: openssh-6.6.1p1-localdomain.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
|
||||
Patch707: openssh-6.6p1-redhat.patch
|
||||
@ -187,16 +185,6 @@ Patch902: openssh-6.3p1-krb5-use-default_ccache_name.patch
|
||||
Patch905: openssh-6.4p1-legacy-ssh-copy-id.patch
|
||||
# Use tty allocation for a remote scp (#985650)
|
||||
Patch906: openssh-6.4p1-fromto-remote.patch
|
||||
# Try CLOCK_BOOTTIME with fallback (#1091992)
|
||||
Patch907: openssh-6.4p1-CLOCK_BOOTTIME.patch
|
||||
# Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
||||
# dialog by offering only certificate keys. (#1081338)
|
||||
Patch908: openssh-6.6p1-CVE-2014-2653.patch
|
||||
# OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519 key exchange incorrectly
|
||||
# Disable the curve25519 KEX when speaking to OpenSSH 6.5 or 6.6
|
||||
Patch909: openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch
|
||||
# standardise on NI_MAXHOST for gethostname() string lengths (#1051490)
|
||||
Patch910: openssh-6.6.1p1-NI_MAXHOST.patch
|
||||
# set a client's address right after a connection is set
|
||||
# http://bugzilla.mindrot.org/show_bug.cgi?id=2257
|
||||
Patch911: openssh-6.6p1-set_remote_ipaddr.patch
|
||||
@ -210,9 +198,6 @@ Patch913: openssh-6.6.1p1-partial-success.patch
|
||||
# fix parsing of empty options in sshd_conf
|
||||
# https://bugzilla.mindrot.org/show_bug.cgi?id=2281
|
||||
Patch914: openssh-6.6.1p1-servconf-parser.patch
|
||||
# Ignore SIGXFSZ in postauth monitor
|
||||
# https://bugzilla.mindrot.org/show_bug.cgi?id=2263
|
||||
Patch915: openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch
|
||||
# privsep_preauth: use SELinux context from selinux-policy (#1008580)
|
||||
Patch916: openssh-6.6.1p1-selinux-contexts.patch
|
||||
# use different values for DH for Cisco servers (#1026430)
|
||||
@ -486,7 +471,7 @@ export LDFLAGS
|
||||
%endif
|
||||
%if %{kerberos5}
|
||||
if test -r /etc/profile.d/krb5-devel.sh ; then
|
||||
source /etc/profile.d/krb5-devel.sh
|
||||
source /etc/profile.d/krb5-devel.sh
|
||||
fi
|
||||
krb5_prefix=`krb5-config --prefix`
|
||||
if test "$krb5_prefix" != "%{_prefix}" ; then
|
||||
|
Loading…
Reference in New Issue
Block a user