forked from rpms/openssh
cleanup working directory, spec file and unused patches after rebase
This commit is contained in:
parent
08cb909f5d
commit
77f453b74d
@ -1,18 +0,0 @@
|
|||||||
diff -up openssh-5.1p1/scp.1.manpage openssh-5.1p1/scp.1
|
|
||||||
--- openssh-5.1p1/scp.1.manpage 2008-07-12 09:12:49.000000000 +0200
|
|
||||||
+++ openssh-5.1p1/scp.1 2008-07-23 19:18:15.000000000 +0200
|
|
||||||
@@ -66,6 +66,14 @@ treating file names containing
|
|
||||||
as host specifiers.
|
|
||||||
Copies between two remote hosts are also permitted.
|
|
||||||
.Pp
|
|
||||||
+When copying a source file to a target file which already exists,
|
|
||||||
+.Nm
|
|
||||||
+will replace the contents of the target file (keeping the inode).
|
|
||||||
+.Pp
|
|
||||||
+If the target file does not yet exist, an empty file with the target
|
|
||||||
+file name is created, then filled with the source file contents.
|
|
||||||
+No attempt is made at "near-atomic" transfer using temporary files.
|
|
||||||
+.Pp
|
|
||||||
The options are as follows:
|
|
||||||
.Bl -tag -width Ds
|
|
||||||
.It Fl 1
|
|
@ -1,177 +0,0 @@
|
|||||||
From 5618210618256bbf5f4f71b2887ff186fd451736 Mon Sep 17 00:00:00 2001
|
|
||||||
From: Damien Miller <djm@mindrot.org>
|
|
||||||
Date: Sun, 20 Apr 2014 13:44:47 +1000
|
|
||||||
Subject: [PATCH] - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c
|
|
||||||
version.h] OpenSSH 6.5 and 6.6 sometimes encode a value used in the
|
|
||||||
curve25519 key exchange incorrectly, causing connection failures about
|
|
||||||
0.2% of the time when this method is used against a peer that implements
|
|
||||||
the method properly.
|
|
||||||
|
|
||||||
Fix the problem and disable the curve25519 KEX when speaking to
|
|
||||||
OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
|
|
||||||
to enable the compatability code.
|
|
||||||
---
|
|
||||||
ChangeLog | 11 +++++++++++
|
|
||||||
bufaux.c | 5 ++++-
|
|
||||||
compat.c | 17 ++++++++++++++++-
|
|
||||||
compat.h | 2 ++
|
|
||||||
sshconnect2.c | 2 ++
|
|
||||||
sshd.c | 3 +++
|
|
||||||
version.h | 2 +-
|
|
||||||
7 files changed, 39 insertions(+), 3 deletions(-)
|
|
||||||
|
|
||||||
diff --git a/ChangeLog b/ChangeLog
|
|
||||||
index 1603a07..928999d 100644
|
|
||||||
--- a/ChangeLog
|
|
||||||
+++ b/ChangeLog
|
|
||||||
@@ -1,13 +1,23 @@
|
|
||||||
20140420
|
|
||||||
- - djm@cvs.openbsd.org 2014/04/01 03:34:10
|
|
||||||
- [sshconnect.c]
|
|
||||||
- When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
|
|
||||||
- certificate keys to plain keys and attempt SSHFP resolution.
|
|
||||||
-
|
|
||||||
- Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
|
||||||
- dialog by offering only certificate keys.
|
|
||||||
-
|
|
||||||
- Reported by mcv21 AT cam.ac.uk
|
|
||||||
+ - (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c version.h]
|
|
||||||
+ OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
|
|
||||||
+ key exchange incorrectly, causing connection failures about 0.2% of
|
|
||||||
+ the time when this method is used against a peer that implements
|
|
||||||
+ the method properly.
|
|
||||||
+
|
|
||||||
+ Fix the problem and disable the curve25519 KEX when speaking to
|
|
||||||
+ OpenSSH 6.5 or 6.6. This version will identify itself as 6.6.1
|
|
||||||
+ to enable the compatability code.
|
|
||||||
+
|
|
||||||
+ - djm@cvs.openbsd.org 2014/04/01 03:34:10
|
|
||||||
+ [sshconnect.c]
|
|
||||||
+ When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
|
|
||||||
+ certificate keys to plain keys and attempt SSHFP resolution.
|
|
||||||
+
|
|
||||||
+ Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
|
||||||
+ dialog by offering only certificate keys.
|
|
||||||
+
|
|
||||||
+ Reported by mcv21 AT cam.ac.uk
|
|
||||||
|
|
||||||
20140313
|
|
||||||
- (djm) Release OpenSSH 6.6
|
|
||||||
diff --git a/bufaux.c b/bufaux.c
|
|
||||||
index e24b5fc..f6a6f2a 100644
|
|
||||||
--- a/bufaux.c
|
|
||||||
+++ b/bufaux.c
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-/* $OpenBSD: bufaux.c,v 1.56 2014/02/02 03:44:31 djm Exp $ */
|
|
||||||
+/* $OpenBSD: bufaux.c,v 1.57 2014/04/16 23:22:45 djm Exp $ */
|
|
||||||
/*
|
|
||||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
|
||||||
* Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
|
||||||
@@ -372,6 +372,9 @@ buffer_put_bignum2_from_string(Buffer *buffer, const u_char *s, u_int l)
|
|
||||||
|
|
||||||
if (l > 8 * 1024)
|
|
||||||
fatal("%s: length %u too long", __func__, l);
|
|
||||||
+ /* Skip leading zero bytes */
|
|
||||||
+ for (; l > 0 && *s == 0; l--, s++)
|
|
||||||
+ ;
|
|
||||||
p = buf = xmalloc(l + 1);
|
|
||||||
/*
|
|
||||||
* If most significant bit is set then prepend a zero byte to
|
|
||||||
diff --git a/compat.c b/compat.c
|
|
||||||
index 9d9fabe..2709dc5 100644
|
|
||||||
--- a/compat.c
|
|
||||||
+++ b/compat.c
|
|
||||||
@@ -95,6 +95,9 @@ compat_datafellows(const char *version)
|
|
||||||
{ "Sun_SSH_1.0*", SSH_BUG_NOREKEY|SSH_BUG_EXTEOF},
|
|
||||||
{ "OpenSSH_4*", 0 },
|
|
||||||
{ "OpenSSH_5*", SSH_NEW_OPENSSH|SSH_BUG_DYNAMIC_RPORT},
|
|
||||||
+ { "OpenSSH_6.6.1*", SSH_NEW_OPENSSH},
|
|
||||||
+ { "OpenSSH_6.5*,"
|
|
||||||
+ "OpenSSH_6.6*", SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD},
|
|
||||||
{ "OpenSSH*", SSH_NEW_OPENSSH },
|
|
||||||
{ "*MindTerm*", 0 },
|
|
||||||
{ "2.1.0*", SSH_BUG_SIGBLOB|SSH_BUG_HMAC|
|
|
||||||
@@ -251,7 +254,6 @@ compat_cipher_proposal(char *cipher_prop)
|
|
||||||
return cipher_prop;
|
|
||||||
}
|
|
||||||
|
|
||||||
-
|
|
||||||
char *
|
|
||||||
compat_pkalg_proposal(char *pkalg_prop)
|
|
||||||
{
|
|
||||||
@@ -265,3 +267,16 @@ compat_pkalg_proposal(char *pkalg_prop)
|
|
||||||
return pkalg_prop;
|
|
||||||
}
|
|
||||||
|
|
||||||
+char *
|
|
||||||
+compat_kex_proposal(char *kex_prop)
|
|
||||||
+{
|
|
||||||
+ if (!(datafellows & SSH_BUG_CURVE25519PAD))
|
|
||||||
+ return kex_prop;
|
|
||||||
+ debug2("%s: original KEX proposal: %s", __func__, kex_prop);
|
|
||||||
+ kex_prop = filter_proposal(kex_prop, "curve25519-sha256@libssh.org");
|
|
||||||
+ debug2("%s: compat KEX proposal: %s", __func__, kex_prop);
|
|
||||||
+ if (*kex_prop == '\0')
|
|
||||||
+ fatal("No supported key exchange algorithms found");
|
|
||||||
+ return kex_prop;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
diff --git a/compat.h b/compat.h
|
|
||||||
index b174fa1..a6c3f3d 100644
|
|
||||||
--- a/compat.h
|
|
||||||
+++ b/compat.h
|
|
||||||
@@ -59,6 +59,7 @@
|
|
||||||
#define SSH_BUG_RFWD_ADDR 0x02000000
|
|
||||||
#define SSH_NEW_OPENSSH 0x04000000
|
|
||||||
#define SSH_BUG_DYNAMIC_RPORT 0x08000000
|
|
||||||
+#define SSH_BUG_CURVE25519PAD 0x10000000
|
|
||||||
|
|
||||||
void enable_compat13(void);
|
|
||||||
void enable_compat20(void);
|
|
||||||
@@ -66,6 +67,7 @@ void compat_datafellows(const char *);
|
|
||||||
int proto_spec(const char *);
|
|
||||||
char *compat_cipher_proposal(char *);
|
|
||||||
char *compat_pkalg_proposal(char *);
|
|
||||||
+char *compat_kex_proposal(char *);
|
|
||||||
|
|
||||||
extern int compat13;
|
|
||||||
extern int compat20;
|
|
||||||
diff --git a/sshconnect2.c b/sshconnect2.c
|
|
||||||
index bb9292f..b00658b 100644
|
|
||||||
--- a/sshconnect2.c
|
|
||||||
+++ b/sshconnect2.c
|
|
||||||
@@ -220,6 +220,8 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port)
|
|
||||||
}
|
|
||||||
if (options.kex_algorithms != NULL)
|
|
||||||
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
|
|
||||||
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
|
|
||||||
+ myproposal[PROPOSAL_KEX_ALGS]);
|
|
||||||
|
|
||||||
#ifdef GSSAPI
|
|
||||||
/* If we've got GSSAPI algorithms, then we also support the
|
|
||||||
diff --git a/sshd.c b/sshd.c
|
|
||||||
index e4e406e..512c7ed 100644
|
|
||||||
--- a/sshd.c
|
|
||||||
+++ b/sshd.c
|
|
||||||
@@ -2488,6 +2488,9 @@ do_ssh2_kex(void)
|
|
||||||
if (options.kex_algorithms != NULL)
|
|
||||||
myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms;
|
|
||||||
|
|
||||||
+ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(
|
|
||||||
+ myproposal[PROPOSAL_KEX_ALGS]);
|
|
||||||
+
|
|
||||||
if (options.rekey_limit || options.rekey_interval)
|
|
||||||
packet_set_rekey_limits((u_int32_t)options.rekey_limit,
|
|
||||||
(time_t)options.rekey_interval);
|
|
||||||
diff --git a/version.h b/version.h
|
|
||||||
index a1579ac..a33e77c 100644
|
|
||||||
--- a/version.h
|
|
||||||
+++ b/version.h
|
|
||||||
@@ -1,6 +1,6 @@
|
|
||||||
/* $OpenBSD: version.h,v 1.70 2014/02/27 22:57:40 djm Exp $ */
|
|
||||||
|
|
||||||
-#define SSH_VERSION "OpenSSH_6.6"
|
|
||||||
+#define SSH_VERSION "OpenSSH_6.6.1"
|
|
||||||
|
|
||||||
#define SSH_PORTABLE "p1"
|
|
||||||
#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
|
|
@ -1,29 +0,0 @@
|
|||||||
--- a/misc.c
|
|
||||||
+++ b/misc.c
|
|
||||||
@@ -865,17 +865,24 @@ ms_to_timeval(struct timeval *tv, int ms
|
|
||||||
time_t
|
|
||||||
monotime(void)
|
|
||||||
{
|
|
||||||
-#if defined(HAVE_CLOCK_GETTIME) && defined(CLOCK_MONOTONIC)
|
|
||||||
+#if defined(HAVE_CLOCK_GETTIME) && \
|
|
||||||
+ (defined(CLOCK_MONOTONIC) || defined(CLOCK_BOOTTIME))
|
|
||||||
struct timespec ts;
|
|
||||||
static int gettime_failed = 0;
|
|
||||||
|
|
||||||
if (!gettime_failed) {
|
|
||||||
+#if defined(CLOCK_BOOTTIME)
|
|
||||||
+ if (clock_gettime(CLOCK_BOOTTIME, &ts) == 0)
|
|
||||||
+ return (ts.tv_sec);
|
|
||||||
+#endif
|
|
||||||
+#if defined(CLOCK_MONOTONIC)
|
|
||||||
if (clock_gettime(CLOCK_MONOTONIC, &ts) == 0)
|
|
||||||
return (ts.tv_sec);
|
|
||||||
+#endif
|
|
||||||
debug3("clock_gettime: %s", strerror(errno));
|
|
||||||
gettime_failed = 1;
|
|
||||||
}
|
|
||||||
-#endif
|
|
||||||
+#endif /* HAVE_CLOCK_GETTIME && (CLOCK_MONOTONIC || CLOCK_BOOTTIME */
|
|
||||||
|
|
||||||
return time(NULL);
|
|
||||||
}
|
|
@ -1,76 +0,0 @@
|
|||||||
diff --git a/ChangeLog b/ChangeLog
|
|
||||||
index 928999d..3887495 100644
|
|
||||||
--- a/ChangeLog
|
|
||||||
+++ b/ChangeLog
|
|
||||||
@@ -1,3 +1,10 @@
|
|
||||||
+20140703
|
|
||||||
+ - OpenBSD CVS Sync
|
|
||||||
+ - djm@cvs.openbsd.org 2014/07/03 03:34:09
|
|
||||||
+ [gss-serv.c session.c ssh-keygen.c]
|
|
||||||
+ standardise on NI_MAXHOST for gethostname() string lengths; about
|
|
||||||
+ 1/2 the cases were using it already. Fixes bz#2239 en passant
|
|
||||||
+
|
|
||||||
20140420
|
|
||||||
- (djm) [bufaux.c compat.c compat.h sshconnect2.c sshd.c version.h]
|
|
||||||
OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519
|
|
||||||
diff --git a/gss-serv.c b/gss-serv.c
|
|
||||||
index 14f540e..29916d3 100644
|
|
||||||
--- a/gss-serv.c
|
|
||||||
+++ b/gss-serv.c
|
|
||||||
@@ -1,4 +1,4 @@
|
|
||||||
-/* $OpenBSD: gss-serv.c,v 1.26 2014/02/26 20:28:44 djm Exp $ */
|
|
||||||
+/* $OpenBSD: gss-serv.c,v 1.27 2014/07/03 03:34:09 djm Exp $ */
|
|
||||||
|
|
||||||
/*
|
|
||||||
* Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.
|
|
||||||
@@ -102,14 +102,14 @@ static OM_uint32
|
|
||||||
ssh_gssapi_acquire_cred(Gssctxt *ctx)
|
|
||||||
{
|
|
||||||
OM_uint32 status;
|
|
||||||
- char lname[MAXHOSTNAMELEN];
|
|
||||||
+ char lname[NI_MAXHOST];
|
|
||||||
gss_OID_set oidset;
|
|
||||||
|
|
||||||
if (options.gss_strict_acceptor) {
|
|
||||||
gss_create_empty_oid_set(&status, &oidset);
|
|
||||||
gss_add_oid_set_member(&status, ctx->oid, &oidset);
|
|
||||||
|
|
||||||
- if (gethostname(lname, MAXHOSTNAMELEN)) {
|
|
||||||
+ if (gethostname(lname, sizeof(lname))) {
|
|
||||||
gss_release_oid_set(&status, &oidset);
|
|
||||||
return (-1);
|
|
||||||
}
|
|
||||||
diff --git a/session.c b/session.c
|
|
||||||
index ba4589b..e4add93 100644
|
|
||||||
--- a/session.c
|
|
||||||
+++ b/session.c
|
|
||||||
@@ -49,6 +49,7 @@
|
|
||||||
#include <errno.h>
|
|
||||||
#include <fcntl.h>
|
|
||||||
#include <grp.h>
|
|
||||||
+#include <netdb.h>
|
|
||||||
#ifdef HAVE_PATHS_H
|
|
||||||
#include <paths.h>
|
|
||||||
#endif
|
|
||||||
@@ -2669,7 +2670,7 @@ session_setup_x11fwd(Session *s)
|
|
||||||
{
|
|
||||||
struct stat st;
|
|
||||||
char display[512], auth_display[512];
|
|
||||||
- char hostname[MAXHOSTNAMELEN];
|
|
||||||
+ char hostname[NI_MAXHOST];
|
|
||||||
u_int i;
|
|
||||||
|
|
||||||
if (no_x11_forwarding_flag) {
|
|
||||||
diff --git a/ssh-keygen.c b/ssh-keygen.c
|
|
||||||
index 482dc1c..66198e6 100644
|
|
||||||
--- a/ssh-keygen.c
|
|
||||||
+++ b/ssh-keygen.c
|
|
||||||
@@ -165,7 +165,7 @@ int rounds = 0;
|
|
||||||
/* argv0 */
|
|
||||||
extern char *__progname;
|
|
||||||
|
|
||||||
-char hostname[MAXHOSTNAMELEN];
|
|
||||||
+char hostname[NI_MAXHOST];
|
|
||||||
|
|
||||||
/* moduli.c */
|
|
||||||
int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
|
|
@ -1,28 +0,0 @@
|
|||||||
diff --git a/ChangeLog b/ChangeLog
|
|
||||||
index 3887495..a4dc72f 100644
|
|
||||||
--- a/ChangeLog
|
|
||||||
+++ b/ChangeLog
|
|
||||||
@@ -1,3 +1,9 @@
|
|
||||||
+20140823
|
|
||||||
+ - (djm) [sshd.c] Ignore SIGXFSZ in preauth monitor child; can explode on
|
|
||||||
+ lastlog writing on platforms with high UIDs; bz#2263
|
|
||||||
+ - (djm) [monitor.c sshd.c] SIGXFSZ needs to be ignored in postauth
|
|
||||||
+ monitor, not preauth; bz#2263
|
|
||||||
+
|
|
||||||
20140703
|
|
||||||
- OpenBSD CVS Sync
|
|
||||||
- djm@cvs.openbsd.org 2014/07/03 03:34:09
|
|
||||||
diff --git a/monitor.c b/monitor.c
|
|
||||||
index bdabe21..5a65114 100644
|
|
||||||
--- a/monitor.c
|
|
||||||
+++ b/monitor.c
|
|
||||||
@@ -501,6 +501,9 @@ monitor_child_postauth(struct monitor *pmonitor)
|
|
||||||
signal(SIGHUP, &monitor_child_handler);
|
|
||||||
signal(SIGTERM, &monitor_child_handler);
|
|
||||||
signal(SIGINT, &monitor_child_handler);
|
|
||||||
+#ifdef SIGXFSZ
|
|
||||||
+ signal(SIGXFSZ, SIG_IGN);
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (compat20) {
|
|
||||||
mon_dispatch = mon_dispatch_postauth20;
|
|
@ -1,80 +0,0 @@
|
|||||||
diff --git a/ChangeLog b/ChangeLog
|
|
||||||
index 38de846..1603a07 100644
|
|
||||||
--- a/ChangeLog
|
|
||||||
+++ b/ChangeLog
|
|
||||||
@@ -1,3 +1,14 @@
|
|
||||||
+20140420
|
|
||||||
+ - djm@cvs.openbsd.org 2014/04/01 03:34:10
|
|
||||||
+ [sshconnect.c]
|
|
||||||
+ When using VerifyHostKeyDNS with a DNSSEC resolver, down-convert any
|
|
||||||
+ certificate keys to plain keys and attempt SSHFP resolution.
|
|
||||||
+
|
|
||||||
+ Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
|
||||||
+ dialog by offering only certificate keys.
|
|
||||||
+
|
|
||||||
+ Reported by mcv21 AT cam.ac.uk
|
|
||||||
+
|
|
||||||
20140313
|
|
||||||
- (djm) Release OpenSSH 6.6
|
|
||||||
|
|
||||||
diff --git a/sshconnect.c b/sshconnect.c
|
|
||||||
index 394cca8..e636f33 100644
|
|
||||||
--- a/sshconnect.c
|
|
||||||
+++ b/sshconnect.c
|
|
||||||
@@ -1219,30 +1219,40 @@ verify_host_key(char *host, struct sockaddr *hostaddr, Key *host_key)
|
|
||||||
{
|
|
||||||
int flags = 0;
|
|
||||||
char *fp;
|
|
||||||
+ Key *plain = NULL;
|
|
||||||
|
|
||||||
fp = key_selected_fingerprint(host_key, SSH_FP_HEX);
|
|
||||||
debug("Server host key: %s %s%s", key_type(host_key),
|
|
||||||
key_fingerprint_prefix(), fp);
|
|
||||||
free(fp);
|
|
||||||
|
|
||||||
- /* XXX certs are not yet supported for DNS */
|
|
||||||
- if (!key_is_cert(host_key) && options.verify_host_key_dns &&
|
|
||||||
- verify_host_key_dns(host, hostaddr, host_key, &flags) == 0) {
|
|
||||||
- if (flags & DNS_VERIFY_FOUND) {
|
|
||||||
-
|
|
||||||
- if (options.verify_host_key_dns == 1 &&
|
|
||||||
- flags & DNS_VERIFY_MATCH &&
|
|
||||||
- flags & DNS_VERIFY_SECURE)
|
|
||||||
- return 0;
|
|
||||||
-
|
|
||||||
- if (flags & DNS_VERIFY_MATCH) {
|
|
||||||
- matching_host_key_dns = 1;
|
|
||||||
- } else {
|
|
||||||
- warn_changed_key(host_key);
|
|
||||||
- error("Update the SSHFP RR in DNS with the new "
|
|
||||||
- "host key to get rid of this message.");
|
|
||||||
+ if (options.verify_host_key_dns) {
|
|
||||||
+ /*
|
|
||||||
+ * XXX certs are not yet supported for DNS, so downgrade
|
|
||||||
+ * them and try the plain key.
|
|
||||||
+ */
|
|
||||||
+ plain = key_from_private(host_key);
|
|
||||||
+ if (key_is_cert(plain))
|
|
||||||
+ key_drop_cert(plain);
|
|
||||||
+ if (verify_host_key_dns(host, hostaddr, plain, &flags) == 0) {
|
|
||||||
+ if (flags & DNS_VERIFY_FOUND) {
|
|
||||||
+ if (options.verify_host_key_dns == 1 &&
|
|
||||||
+ flags & DNS_VERIFY_MATCH &&
|
|
||||||
+ flags & DNS_VERIFY_SECURE) {
|
|
||||||
+ key_free(plain);
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
+ if (flags & DNS_VERIFY_MATCH) {
|
|
||||||
+ matching_host_key_dns = 1;
|
|
||||||
+ } else {
|
|
||||||
+ warn_changed_key(plain);
|
|
||||||
+ error("Update the SSHFP RR in DNS "
|
|
||||||
+ "with the new host key to get rid "
|
|
||||||
+ "of this message.");
|
|
||||||
+ }
|
|
||||||
}
|
|
||||||
}
|
|
||||||
+ key_free(plain);
|
|
||||||
}
|
|
||||||
|
|
||||||
return check_host_key(host, hostaddr, options.port, host_key, RDRW,
|
|
17
openssh.spec
17
openssh.spec
@ -151,8 +151,6 @@ Patch702: openssh-5.1p1-askpass-progress.patch
|
|||||||
#?
|
#?
|
||||||
Patch703: openssh-4.3p2-askpass-grab-info.patch
|
Patch703: openssh-4.3p2-askpass-grab-info.patch
|
||||||
#?
|
#?
|
||||||
Patch705: openssh-5.1p1-scp-manpage.patch
|
|
||||||
#?
|
|
||||||
Patch706: openssh-6.6.1p1-localdomain.patch
|
Patch706: openssh-6.6.1p1-localdomain.patch
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1635 (WONTFIX)
|
||||||
Patch707: openssh-6.6p1-redhat.patch
|
Patch707: openssh-6.6p1-redhat.patch
|
||||||
@ -187,16 +185,6 @@ Patch902: openssh-6.3p1-krb5-use-default_ccache_name.patch
|
|||||||
Patch905: openssh-6.4p1-legacy-ssh-copy-id.patch
|
Patch905: openssh-6.4p1-legacy-ssh-copy-id.patch
|
||||||
# Use tty allocation for a remote scp (#985650)
|
# Use tty allocation for a remote scp (#985650)
|
||||||
Patch906: openssh-6.4p1-fromto-remote.patch
|
Patch906: openssh-6.4p1-fromto-remote.patch
|
||||||
# Try CLOCK_BOOTTIME with fallback (#1091992)
|
|
||||||
Patch907: openssh-6.4p1-CLOCK_BOOTTIME.patch
|
|
||||||
# Prevents a server from skipping SSHFP lookup and forcing a new-hostkey
|
|
||||||
# dialog by offering only certificate keys. (#1081338)
|
|
||||||
Patch908: openssh-6.6p1-CVE-2014-2653.patch
|
|
||||||
# OpenSSH 6.5 and 6.6 sometimes encode a value used in the curve25519 key exchange incorrectly
|
|
||||||
# Disable the curve25519 KEX when speaking to OpenSSH 6.5 or 6.6
|
|
||||||
Patch909: openssh-5618210618256bbf5f4f71b2887ff186fd451736.patch
|
|
||||||
# standardise on NI_MAXHOST for gethostname() string lengths (#1051490)
|
|
||||||
Patch910: openssh-6.6.1p1-NI_MAXHOST.patch
|
|
||||||
# set a client's address right after a connection is set
|
# set a client's address right after a connection is set
|
||||||
# http://bugzilla.mindrot.org/show_bug.cgi?id=2257
|
# http://bugzilla.mindrot.org/show_bug.cgi?id=2257
|
||||||
Patch911: openssh-6.6p1-set_remote_ipaddr.patch
|
Patch911: openssh-6.6p1-set_remote_ipaddr.patch
|
||||||
@ -210,9 +198,6 @@ Patch913: openssh-6.6.1p1-partial-success.patch
|
|||||||
# fix parsing of empty options in sshd_conf
|
# fix parsing of empty options in sshd_conf
|
||||||
# https://bugzilla.mindrot.org/show_bug.cgi?id=2281
|
# https://bugzilla.mindrot.org/show_bug.cgi?id=2281
|
||||||
Patch914: openssh-6.6.1p1-servconf-parser.patch
|
Patch914: openssh-6.6.1p1-servconf-parser.patch
|
||||||
# Ignore SIGXFSZ in postauth monitor
|
|
||||||
# https://bugzilla.mindrot.org/show_bug.cgi?id=2263
|
|
||||||
Patch915: openssh-6.6.1p1-ignore-SIGXFSZ-in-postauth.patch
|
|
||||||
# privsep_preauth: use SELinux context from selinux-policy (#1008580)
|
# privsep_preauth: use SELinux context from selinux-policy (#1008580)
|
||||||
Patch916: openssh-6.6.1p1-selinux-contexts.patch
|
Patch916: openssh-6.6.1p1-selinux-contexts.patch
|
||||||
# use different values for DH for Cisco servers (#1026430)
|
# use different values for DH for Cisco servers (#1026430)
|
||||||
@ -486,7 +471,7 @@ export LDFLAGS
|
|||||||
%endif
|
%endif
|
||||||
%if %{kerberos5}
|
%if %{kerberos5}
|
||||||
if test -r /etc/profile.d/krb5-devel.sh ; then
|
if test -r /etc/profile.d/krb5-devel.sh ; then
|
||||||
source /etc/profile.d/krb5-devel.sh
|
source /etc/profile.d/krb5-devel.sh
|
||||||
fi
|
fi
|
||||||
krb5_prefix=`krb5-config --prefix`
|
krb5_prefix=`krb5-config --prefix`
|
||||||
if test "$krb5_prefix" != "%{_prefix}" ; then
|
if test "$krb5_prefix" != "%{_prefix}" ; then
|
||||||
|
Loading…
Reference in New Issue
Block a user