forked from rpms/openssh
- set FD_CLOEXEC on channel sockets (#475866)
- adjust summary - adjust nss-keys patch so it is applicable without selinux patches (#470859)
This commit is contained in:
parent
b9a07ad737
commit
9e5c6ecd02
@ -1,6 +1,36 @@
|
||||
diff -up openssh-5.1p1/channels.c.cloexec openssh-5.1p1/channels.c
|
||||
--- openssh-5.1p1/channels.c.cloexec 2008-12-11 22:24:49.000000000 +0100
|
||||
+++ openssh-5.1p1/channels.c 2008-12-11 22:29:52.000000000 +0100
|
||||
@@ -60,6 +60,7 @@
|
||||
#include <termios.h>
|
||||
#include <unistd.h>
|
||||
#include <stdarg.h>
|
||||
+#include <fcntl.h>
|
||||
|
||||
#include "openbsd-compat/sys-queue.h"
|
||||
#include "xmalloc.h"
|
||||
@@ -230,6 +231,18 @@ channel_register_fds(Channel *c, int rfd
|
||||
|
||||
/* XXX set close-on-exec -markus */
|
||||
|
||||
+ if (rfd != -1) {
|
||||
+ fcntl(rfd, F_SETFD, FD_CLOEXEC);
|
||||
+ }
|
||||
+
|
||||
+ if (wfd != -1 && wfd != rfd) {
|
||||
+ fcntl(wfd, F_SETFD, FD_CLOEXEC);
|
||||
+ }
|
||||
+
|
||||
+ if (efd != -1 && efd != rfd && efd != wfd) {
|
||||
+ fcntl(efd, F_SETFD, FD_CLOEXEC);
|
||||
+ }
|
||||
+
|
||||
c->rfd = rfd;
|
||||
c->wfd = wfd;
|
||||
c->sock = (rfd == wfd) ? rfd : -1;
|
||||
diff -up openssh-5.1p1/sshconnect2.c.cloexec openssh-5.1p1/sshconnect2.c
|
||||
--- openssh-5.1p1/sshconnect2.c.cloexec 2008-07-23 15:21:23.000000000 +0200
|
||||
+++ openssh-5.1p1/sshconnect2.c 2008-07-23 15:23:19.000000000 +0200
|
||||
--- openssh-5.1p1/sshconnect2.c.cloexec 2008-12-11 22:24:49.000000000 +0100
|
||||
+++ openssh-5.1p1/sshconnect2.c 2008-12-11 22:24:49.000000000 +0100
|
||||
@@ -38,6 +38,7 @@
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
@ -19,7 +49,7 @@ diff -up openssh-5.1p1/sshconnect2.c.cloexec openssh-5.1p1/sshconnect2.c
|
||||
if (dup2(from[1], STDOUT_FILENO) < 0)
|
||||
diff -up openssh-5.1p1/sshconnect.c.cloexec openssh-5.1p1/sshconnect.c
|
||||
--- openssh-5.1p1/sshconnect.c.cloexec 2008-07-02 14:34:30.000000000 +0200
|
||||
+++ openssh-5.1p1/sshconnect.c 2008-07-23 15:21:23.000000000 +0200
|
||||
+++ openssh-5.1p1/sshconnect.c 2008-12-11 22:24:49.000000000 +0100
|
||||
@@ -38,6 +38,7 @@
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up openssh-5.1p1/key.c.nss-keys openssh-5.1p1/key.c
|
||||
--- openssh-5.1p1/key.c.nss-keys 2008-07-11 09:35:09.000000000 +0200
|
||||
+++ openssh-5.1p1/key.c 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/key.c 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -96,6 +96,54 @@ key_new(int type)
|
||||
return k;
|
||||
}
|
||||
@ -78,7 +78,7 @@ diff -up openssh-5.1p1/key.c.nss-keys openssh-5.1p1/key.c
|
||||
|
||||
diff -up openssh-5.1p1/ssh-dss.c.nss-keys openssh-5.1p1/ssh-dss.c
|
||||
--- openssh-5.1p1/ssh-dss.c.nss-keys 2006-11-07 13:14:42.000000000 +0100
|
||||
+++ openssh-5.1p1/ssh-dss.c 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/ssh-dss.c 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -39,6 +39,10 @@
|
||||
#include "log.h"
|
||||
#include "key.h"
|
||||
@ -138,7 +138,7 @@ diff -up openssh-5.1p1/ssh-dss.c.nss-keys openssh-5.1p1/ssh-dss.c
|
||||
*lenp = SIGBLOB_LEN;
|
||||
diff -up openssh-5.1p1/ssh-agent.c.nss-keys openssh-5.1p1/ssh-agent.c
|
||||
--- openssh-5.1p1/ssh-agent.c.nss-keys 2008-07-04 15:10:49.000000000 +0200
|
||||
+++ openssh-5.1p1/ssh-agent.c 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/ssh-agent.c 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -80,6 +80,10 @@
|
||||
#include "scard.h"
|
||||
#endif
|
||||
@ -283,7 +283,7 @@ diff -up openssh-5.1p1/ssh-agent.c.nss-keys openssh-5.1p1/ssh-agent.c
|
||||
error("Unknown message %d", type);
|
||||
diff -up openssh-5.1p1/authfd.h.nss-keys openssh-5.1p1/authfd.h
|
||||
--- openssh-5.1p1/authfd.h.nss-keys 2006-08-05 04:39:39.000000000 +0200
|
||||
+++ openssh-5.1p1/authfd.h 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/authfd.h 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -49,6 +49,12 @@
|
||||
#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
|
||||
#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
|
||||
@ -307,10 +307,10 @@ diff -up openssh-5.1p1/authfd.h.nss-keys openssh-5.1p1/authfd.h
|
||||
int
|
||||
ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
|
||||
diff -up openssh-5.1p1/configure.ac.nss-keys openssh-5.1p1/configure.ac
|
||||
--- openssh-5.1p1/configure.ac.nss-keys 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/configure.ac 2008-07-23 19:16:00.000000000 +0200
|
||||
@@ -3328,6 +3328,20 @@ AC_ARG_WITH(linux-audit,
|
||||
fi ]
|
||||
--- openssh-5.1p1/configure.ac.nss-keys 2008-11-18 19:11:41.000000000 +0100
|
||||
+++ openssh-5.1p1/configure.ac 2008-11-18 19:12:38.000000000 +0100
|
||||
@@ -3436,6 +3436,20 @@ AC_ARG_WITH(kerberos5,
|
||||
]
|
||||
)
|
||||
|
||||
+# Check whether user wants NSS support
|
||||
@ -327,20 +327,20 @@ diff -up openssh-5.1p1/configure.ac.nss-keys openssh-5.1p1/configure.ac
|
||||
+ ])
|
||||
+AC_SUBST(LIBNSS)
|
||||
+
|
||||
# Check whether user wants Kerberos 5 support
|
||||
KRB5_MSG="no"
|
||||
AC_ARG_WITH(kerberos5,
|
||||
@@ -4157,6 +4171,7 @@ echo " OSF SIA support
|
||||
echo " KerberosV support: $KRB5_MSG"
|
||||
echo " SELinux support: $SELINUX_MSG"
|
||||
echo " Linux audit support: $LINUX_AUDIT_MSG"
|
||||
# Looking for programs, paths and files
|
||||
|
||||
PRIVSEP_PATH=/var/empty
|
||||
@@ -4163,6 +4177,7 @@ echo " TCP Wrappers support
|
||||
echo " MD5 password support: $MD5_MSG"
|
||||
echo " libedit support: $LIBEDIT_MSG"
|
||||
echo " Solaris process contract support: $SPC_MSG"
|
||||
+echo " NSS support: $LIBNSS_MSG"
|
||||
echo " Smartcard support: $SCARD_MSG"
|
||||
echo " S/KEY support: $SKEY_MSG"
|
||||
echo " TCP Wrappers support: $TCPW_MSG"
|
||||
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
|
||||
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
|
||||
echo " BSD Auth support: $BSD_AUTH_MSG"
|
||||
diff -up /dev/null openssh-5.1p1/README.nss
|
||||
--- /dev/null 2008-07-15 11:15:04.125063641 +0200
|
||||
+++ openssh-5.1p1/README.nss 2008-07-23 19:16:00.000000000 +0200
|
||||
--- /dev/null 2008-11-17 17:51:52.160001870 +0100
|
||||
+++ openssh-5.1p1/README.nss 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -0,0 +1,36 @@
|
||||
+How to use NSS tokens with OpenSSH?
|
||||
+
|
||||
@ -380,7 +380,7 @@ diff -up /dev/null openssh-5.1p1/README.nss
|
||||
+ $ ssh-keygen -n -D 'My PKCS11 Token' 'My Key ID'
|
||||
diff -up openssh-5.1p1/authfd.c.nss-keys openssh-5.1p1/authfd.c
|
||||
--- openssh-5.1p1/authfd.c.nss-keys 2006-09-01 07:38:36.000000000 +0200
|
||||
+++ openssh-5.1p1/authfd.c 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/authfd.c 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -626,6 +626,45 @@ ssh_update_card(AuthenticationConnection
|
||||
return decode_reply(type);
|
||||
}
|
||||
@ -429,7 +429,7 @@ diff -up openssh-5.1p1/authfd.c.nss-keys openssh-5.1p1/authfd.c
|
||||
* by normal applications.
|
||||
diff -up openssh-5.1p1/readconf.h.nss-keys openssh-5.1p1/readconf.h
|
||||
--- openssh-5.1p1/readconf.h.nss-keys 2008-06-29 16:04:03.000000000 +0200
|
||||
+++ openssh-5.1p1/readconf.h 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/readconf.h 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -84,6 +84,8 @@ typedef struct {
|
||||
char *preferred_authentications;
|
||||
char *bind_address; /* local socket address for connection to sshd */
|
||||
@ -440,8 +440,8 @@ diff -up openssh-5.1p1/readconf.h.nss-keys openssh-5.1p1/readconf.h
|
||||
|
||||
int num_identity_files; /* Number of files for RSA/DSA identities. */
|
||||
diff -up /dev/null openssh-5.1p1/nsskeys.c
|
||||
--- /dev/null 2008-07-15 11:15:04.125063641 +0200
|
||||
+++ openssh-5.1p1/nsskeys.c 2008-07-23 19:16:00.000000000 +0200
|
||||
--- /dev/null 2008-11-17 17:51:52.160001870 +0100
|
||||
+++ openssh-5.1p1/nsskeys.c 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -0,0 +1,327 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
@ -772,7 +772,7 @@ diff -up /dev/null openssh-5.1p1/nsskeys.c
|
||||
+#endif /* HAVE_LIBNSS */
|
||||
diff -up openssh-5.1p1/ssh.c.nss-keys openssh-5.1p1/ssh.c
|
||||
--- openssh-5.1p1/ssh.c.nss-keys 2008-07-04 04:53:50.000000000 +0200
|
||||
+++ openssh-5.1p1/ssh.c 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/ssh.c 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -104,6 +104,9 @@
|
||||
#ifdef SMARTCARD
|
||||
#include "scard.h"
|
||||
@ -825,8 +825,8 @@ diff -up openssh-5.1p1/ssh.c.nss-keys openssh-5.1p1/ssh.c
|
||||
fatal("load_public_identity_files: getpwuid failed");
|
||||
pwname = xstrdup(pw->pw_name);
|
||||
diff -up /dev/null openssh-5.1p1/nsskeys.h
|
||||
--- /dev/null 2008-07-15 11:15:04.125063641 +0200
|
||||
+++ openssh-5.1p1/nsskeys.h 2008-07-23 19:16:00.000000000 +0200
|
||||
--- /dev/null 2008-11-17 17:51:52.160001870 +0100
|
||||
+++ openssh-5.1p1/nsskeys.h 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -0,0 +1,39 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||
@ -869,7 +869,7 @@ diff -up /dev/null openssh-5.1p1/nsskeys.h
|
||||
+#endif
|
||||
diff -up openssh-5.1p1/Makefile.in.nss-keys openssh-5.1p1/Makefile.in
|
||||
--- openssh-5.1p1/Makefile.in.nss-keys 2008-07-08 16:21:12.000000000 +0200
|
||||
+++ openssh-5.1p1/Makefile.in 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/Makefile.in 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
||||
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
||||
@ -881,7 +881,7 @@ diff -up openssh-5.1p1/Makefile.in.nss-keys openssh-5.1p1/Makefile.in
|
||||
sshconnect.o sshconnect1.o sshconnect2.o mux.o
|
||||
diff -up openssh-5.1p1/key.h.nss-keys openssh-5.1p1/key.h
|
||||
--- openssh-5.1p1/key.h.nss-keys 2008-06-12 20:40:35.000000000 +0200
|
||||
+++ openssh-5.1p1/key.h 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/key.h 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -29,11 +29,17 @@
|
||||
#include <openssl/rsa.h>
|
||||
#include <openssl/dsa.h>
|
||||
@ -933,7 +933,7 @@ diff -up openssh-5.1p1/key.h.nss-keys openssh-5.1p1/key.h
|
||||
int key_equal(const Key *, const Key *);
|
||||
diff -up openssh-5.1p1/ssh-add.c.nss-keys openssh-5.1p1/ssh-add.c
|
||||
--- openssh-5.1p1/ssh-add.c.nss-keys 2008-02-28 09:13:52.000000000 +0100
|
||||
+++ openssh-5.1p1/ssh-add.c 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/ssh-add.c 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -44,6 +44,14 @@
|
||||
#include <openssl/evp.h>
|
||||
#include "openbsd-compat/openssl-compat.h"
|
||||
@ -1162,7 +1162,7 @@ diff -up openssh-5.1p1/ssh-add.c.nss-keys openssh-5.1p1/ssh-add.c
|
||||
struct passwd *pw;
|
||||
diff -up openssh-5.1p1/ssh-rsa.c.nss-keys openssh-5.1p1/ssh-rsa.c
|
||||
--- openssh-5.1p1/ssh-rsa.c.nss-keys 2006-09-01 07:38:37.000000000 +0200
|
||||
+++ openssh-5.1p1/ssh-rsa.c 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/ssh-rsa.c 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -32,6 +32,10 @@
|
||||
#include "compat.h"
|
||||
#include "ssh.h"
|
||||
@ -1235,7 +1235,7 @@ diff -up openssh-5.1p1/ssh-rsa.c.nss-keys openssh-5.1p1/ssh-rsa.c
|
||||
buffer_put_cstring(&b, "ssh-rsa");
|
||||
diff -up openssh-5.1p1/ssh-keygen.c.nss-keys openssh-5.1p1/ssh-keygen.c
|
||||
--- openssh-5.1p1/ssh-keygen.c.nss-keys 2008-07-14 03:28:29.000000000 +0200
|
||||
+++ openssh-5.1p1/ssh-keygen.c 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/ssh-keygen.c 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -53,6 +53,11 @@
|
||||
#include "scard.h"
|
||||
#endif
|
||||
@ -1339,7 +1339,7 @@ diff -up openssh-5.1p1/ssh-keygen.c.nss-keys openssh-5.1p1/ssh-keygen.c
|
||||
if (download)
|
||||
diff -up openssh-5.1p1/readconf.c.nss-keys openssh-5.1p1/readconf.c
|
||||
--- openssh-5.1p1/readconf.c.nss-keys 2008-06-29 16:04:03.000000000 +0200
|
||||
+++ openssh-5.1p1/readconf.c 2008-07-23 19:16:00.000000000 +0200
|
||||
+++ openssh-5.1p1/readconf.c 2008-11-18 19:11:41.000000000 +0100
|
||||
@@ -124,6 +124,7 @@ typedef enum {
|
||||
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
||||
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
||||
|
20
openssh.spec
20
openssh.spec
@ -60,10 +60,10 @@
|
||||
%define libedit 0
|
||||
%endif
|
||||
|
||||
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
|
||||
Summary: An open source implementation of SSH protocol versions 1 and 2
|
||||
Name: openssh
|
||||
Version: 5.1p1
|
||||
Release: 3%{?dist}%{?rescue_rel}
|
||||
Release: 4%{?dist}%{?rescue_rel}
|
||||
URL: http://www.openssh.com/portable.html
|
||||
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
|
||||
@ -148,12 +148,12 @@ BuildRequires: audit-libs >= 1.0.8
|
||||
BuildRequires: xauth
|
||||
|
||||
%package clients
|
||||
Summary: The OpenSSH client applications
|
||||
Summary: An open source SSH client applications
|
||||
Requires: openssh = %{version}-%{release}
|
||||
Group: Applications/Internet
|
||||
|
||||
%package server
|
||||
Summary: The OpenSSH server daemon
|
||||
Summary: An open source SSH server daemon
|
||||
Group: System Environment/Daemons
|
||||
Requires: openssh = %{version}-%{release}
|
||||
Requires(post): chkconfig >= 0.9, /sbin/service
|
||||
@ -175,8 +175,7 @@ untrusted hosts over an insecure network. X11 connections and
|
||||
arbitrary TCP/IP ports can also be forwarded over the secure channel.
|
||||
|
||||
OpenSSH is OpenBSD's version of the last free version of SSH, bringing
|
||||
it up to date in terms of security and features, as well as removing
|
||||
all patented algorithms to separate libraries.
|
||||
it up to date in terms of security and features.
|
||||
|
||||
This package includes the core files necessary for both the OpenSSH
|
||||
client and server. To make this package useful, you should also
|
||||
@ -186,14 +185,12 @@ install openssh-clients, openssh-server, or both.
|
||||
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
into and executing commands on a remote machine. This package includes
|
||||
the clients necessary to make encrypted connections to SSH servers.
|
||||
You'll also need to install the openssh package on OpenSSH clients.
|
||||
|
||||
%description server
|
||||
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
into and executing commands on a remote machine. This package contains
|
||||
the secure shell daemon (sshd). The sshd daemon allows SSH clients to
|
||||
securely connect to your SSH server. You also need to have the openssh
|
||||
package installed.
|
||||
securely connect to your SSH server.
|
||||
|
||||
%description askpass
|
||||
OpenSSH is a free version of SSH (Secure SHell), a program for logging
|
||||
@ -482,6 +479,11 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Thu Dec 11 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-4
|
||||
- set FD_CLOEXEC on channel sockets (#475866)
|
||||
- adjust summary
|
||||
- adjust nss-keys patch so it is applicable without selinux patches (#470859)
|
||||
|
||||
* Fri Oct 17 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-3
|
||||
- fix compatibility with some servers (#466818)
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user