forked from rpms/openssh
Upgrade to new wersion 5.3p1
This commit is contained in:
parent
35695c001b
commit
c54a8b0af7
@ -1 +1 @@
|
|||||||
openssh-5.3p1.tar.gz
|
openssh-5.3p1-noacss.tar.bz2
|
||||||
|
@ -1,16 +0,0 @@
|
|||||||
Search the path for krb5-config if the prefix wasn't specified.
|
|
||||||
--- openssh-3.8p1/configure.ac 2004-02-26 21:17:12.000000000 -0500
|
|
||||||
+++ openssh-3.8p1/configure.ac 2004-02-26 21:17:06.000000000 -0500
|
|
||||||
@@ -2077,8 +2077,10 @@
|
|
||||||
KRB5_MSG="yes"
|
|
||||||
|
|
||||||
AC_MSG_CHECKING(for krb5-config)
|
|
||||||
- if test -x $KRB5ROOT/bin/krb5-config ; then
|
|
||||||
- KRB5CONF=$KRB5ROOT/bin/krb5-config
|
|
||||||
+ AC_PATH_PROG([KRB5CONF],[krb5-config],
|
|
||||||
+ [$KRB5ROOT/bin/krb5-config],
|
|
||||||
+ [$KRB5ROOT/bin:$PATH])
|
|
||||||
+ if test -x $KRB5CONF ; then
|
|
||||||
AC_MSG_RESULT($KRB5CONF)
|
|
||||||
|
|
||||||
AC_MSG_CHECKING(for gssapi support)
|
|
@ -1,267 +0,0 @@
|
|||||||
diff -up openssh-5.2p1/auth.c.audit openssh-5.2p1/auth.c
|
|
||||||
--- openssh-5.2p1/auth.c.audit 2008-11-05 06:12:54.000000000 +0100
|
|
||||||
+++ openssh-5.2p1/auth.c 2009-08-09 09:22:23.634850536 +0200
|
|
||||||
@@ -287,6 +287,12 @@ auth_log(Authctxt *authctxt, int authent
|
|
||||||
get_canonical_hostname(options.use_dns), "ssh", &loginmsg);
|
|
||||||
# endif
|
|
||||||
#endif
|
|
||||||
+#if HAVE_LINUX_AUDIT
|
|
||||||
+ if (authenticated == 0 && !authctxt->postponed) {
|
|
||||||
+ linux_audit_record_event(-1, authctxt->user, NULL,
|
|
||||||
+ get_remote_ipaddr(), "sshd", 0);
|
|
||||||
+ }
|
|
||||||
+#endif
|
|
||||||
#ifdef SSH_AUDIT_EVENTS
|
|
||||||
if (authenticated == 0 && !authctxt->postponed)
|
|
||||||
audit_event(audit_classify_auth(method));
|
|
||||||
@@ -533,6 +539,10 @@ getpwnamallow(const char *user)
|
|
||||||
record_failed_login(user,
|
|
||||||
get_canonical_hostname(options.use_dns), "ssh");
|
|
||||||
#endif
|
|
||||||
+#ifdef HAVE_LINUX_AUDIT
|
|
||||||
+ linux_audit_record_event(-1, user, NULL, get_remote_ipaddr(),
|
|
||||||
+ "sshd", 0);
|
|
||||||
+#endif
|
|
||||||
#ifdef SSH_AUDIT_EVENTS
|
|
||||||
audit_event(SSH_INVALID_USER);
|
|
||||||
#endif /* SSH_AUDIT_EVENTS */
|
|
||||||
diff -up openssh-5.2p1/config.h.in.audit openssh-5.2p1/config.h.in
|
|
||||||
--- openssh-5.2p1/config.h.in.audit 2009-02-23 01:18:12.000000000 +0100
|
|
||||||
+++ openssh-5.2p1/config.h.in 2009-08-09 09:22:28.825939998 +0200
|
|
||||||
@@ -1,5 +1,8 @@
|
|
||||||
/* config.h.in. Generated from configure.ac by autoheader. */
|
|
||||||
|
|
||||||
+/* Define if building universal (internal helper macro) */
|
|
||||||
+#undef AC_APPLE_UNIVERSAL_BUILD
|
|
||||||
+
|
|
||||||
/* Define if you have a getaddrinfo that fails for the all-zeros IPv6 address
|
|
||||||
*/
|
|
||||||
#undef AIX_GETNAMEINFO_HACK
|
|
||||||
@@ -521,6 +524,9 @@
|
|
||||||
/* Define to 1 if you have the <lastlog.h> header file. */
|
|
||||||
#undef HAVE_LASTLOG_H
|
|
||||||
|
|
||||||
+/* Define to 1 if you have the <libaudit.h> header file. */
|
|
||||||
+#undef HAVE_LIBAUDIT_H
|
|
||||||
+
|
|
||||||
/* Define to 1 if you have the `bsm' library (-lbsm). */
|
|
||||||
#undef HAVE_LIBBSM
|
|
||||||
|
|
||||||
@@ -560,6 +566,9 @@
|
|
||||||
/* Define to 1 if you have the <limits.h> header file. */
|
|
||||||
#undef HAVE_LIMITS_H
|
|
||||||
|
|
||||||
+/* Define if you want Linux audit support. */
|
|
||||||
+#undef HAVE_LINUX_AUDIT
|
|
||||||
+
|
|
||||||
/* Define to 1 if you have the <linux/if_tun.h> header file. */
|
|
||||||
#undef HAVE_LINUX_IF_TUN_H
|
|
||||||
|
|
||||||
@@ -756,6 +765,9 @@
|
|
||||||
/* Define to 1 if you have the `setgroups' function. */
|
|
||||||
#undef HAVE_SETGROUPS
|
|
||||||
|
|
||||||
+/* Define to 1 if you have the `setkeycreatecon' function. */
|
|
||||||
+#undef HAVE_SETKEYCREATECON
|
|
||||||
+
|
|
||||||
/* Define to 1 if you have the `setlogin' function. */
|
|
||||||
#undef HAVE_SETLOGIN
|
|
||||||
|
|
||||||
@@ -1330,6 +1342,10 @@
|
|
||||||
/* Prepend the address family to IP tunnel traffic */
|
|
||||||
#undef SSH_TUN_PREPEND_AF
|
|
||||||
|
|
||||||
+/* Define to your vendor patch level, if it has been modified from the
|
|
||||||
+ upstream source release. */
|
|
||||||
+#undef SSH_VENDOR_PATCHLEVEL
|
|
||||||
+
|
|
||||||
/* Define to 1 if you have the ANSI C header files. */
|
|
||||||
#undef STDC_HEADERS
|
|
||||||
|
|
||||||
@@ -1397,9 +1413,17 @@
|
|
||||||
/* Define if you want SELinux support. */
|
|
||||||
#undef WITH_SELINUX
|
|
||||||
|
|
||||||
-/* Define to 1 if your processor stores words with the most significant byte
|
|
||||||
- first (like Motorola and SPARC, unlike Intel and VAX). */
|
|
||||||
-#undef WORDS_BIGENDIAN
|
|
||||||
+/* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most
|
|
||||||
+ significant byte first (like Motorola and SPARC, unlike Intel). */
|
|
||||||
+#if defined AC_APPLE_UNIVERSAL_BUILD
|
|
||||||
+# if defined __BIG_ENDIAN__
|
|
||||||
+# define WORDS_BIGENDIAN 1
|
|
||||||
+# endif
|
|
||||||
+#else
|
|
||||||
+# ifndef WORDS_BIGENDIAN
|
|
||||||
+# undef WORDS_BIGENDIAN
|
|
||||||
+# endif
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
/* Define if xauth is found in your path */
|
|
||||||
#undef XAUTH_PATH
|
|
||||||
diff -up openssh-5.2p1/configure.ac.audit openssh-5.2p1/configure.ac
|
|
||||||
--- openssh-5.2p1/configure.ac.audit 2009-08-09 09:22:23.608877833 +0200
|
|
||||||
+++ openssh-5.2p1/configure.ac 2009-08-09 09:22:23.646244409 +0200
|
|
||||||
@@ -3342,6 +3342,18 @@ AC_ARG_WITH(selinux,
|
|
||||||
fi ]
|
|
||||||
)
|
|
||||||
|
|
||||||
+# Check whether user wants Linux audit support
|
|
||||||
+LINUX_AUDIT_MSG="no"
|
|
||||||
+AC_ARG_WITH(linux-audit,
|
|
||||||
+ [ --with-linux-audit Enable Linux audit support],
|
|
||||||
+ [ if test "x$withval" != "xno" ; then
|
|
||||||
+ AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.])
|
|
||||||
+ LINUX_AUDIT_MSG="yes"
|
|
||||||
+ AC_CHECK_HEADERS(libaudit.h)
|
|
||||||
+ SSHDLIBS="$SSHDLIBS -laudit"
|
|
||||||
+ fi ]
|
|
||||||
+)
|
|
||||||
+
|
|
||||||
# Check whether user wants Kerberos 5 support
|
|
||||||
KRB5_MSG="no"
|
|
||||||
AC_ARG_WITH(kerberos5,
|
|
||||||
@@ -4170,6 +4182,7 @@ echo " PAM support
|
|
||||||
echo " OSF SIA support: $SIA_MSG"
|
|
||||||
echo " KerberosV support: $KRB5_MSG"
|
|
||||||
echo " SELinux support: $SELINUX_MSG"
|
|
||||||
+echo " Linux audit support: $LINUX_AUDIT_MSG"
|
|
||||||
echo " Smartcard support: $SCARD_MSG"
|
|
||||||
echo " S/KEY support: $SKEY_MSG"
|
|
||||||
echo " TCP Wrappers support: $TCPW_MSG"
|
|
||||||
diff -up openssh-5.2p1/loginrec.c.audit openssh-5.2p1/loginrec.c
|
|
||||||
--- openssh-5.2p1/loginrec.c.audit 2009-02-12 03:12:22.000000000 +0100
|
|
||||||
+++ openssh-5.2p1/loginrec.c 2009-08-09 09:22:23.667199702 +0200
|
|
||||||
@@ -176,6 +176,10 @@
|
|
||||||
#include "auth.h"
|
|
||||||
#include "buffer.h"
|
|
||||||
|
|
||||||
+#ifdef HAVE_LINUX_AUDIT
|
|
||||||
+# include <libaudit.h>
|
|
||||||
+#endif
|
|
||||||
+
|
|
||||||
#ifdef HAVE_UTIL_H
|
|
||||||
# include <util.h>
|
|
||||||
#endif
|
|
||||||
@@ -202,6 +206,9 @@ int utmp_write_entry(struct logininfo *l
|
|
||||||
int utmpx_write_entry(struct logininfo *li);
|
|
||||||
int wtmp_write_entry(struct logininfo *li);
|
|
||||||
int wtmpx_write_entry(struct logininfo *li);
|
|
||||||
+#ifdef HAVE_LINUX_AUDIT
|
|
||||||
+int linux_audit_write_entry(struct logininfo *li);
|
|
||||||
+#endif
|
|
||||||
int lastlog_write_entry(struct logininfo *li);
|
|
||||||
int syslogin_write_entry(struct logininfo *li);
|
|
||||||
|
|
||||||
@@ -440,6 +447,10 @@ login_write(struct logininfo *li)
|
|
||||||
|
|
||||||
/* set the timestamp */
|
|
||||||
login_set_current_time(li);
|
|
||||||
+#ifdef HAVE_LINUX_AUDIT
|
|
||||||
+ if (linux_audit_write_entry(li) == 0)
|
|
||||||
+ fatal("linux_audit_write_entry failed: %s", strerror(errno));
|
|
||||||
+#endif
|
|
||||||
#ifdef USE_LOGIN
|
|
||||||
syslogin_write_entry(li);
|
|
||||||
#endif
|
|
||||||
@@ -1394,6 +1405,87 @@ wtmpx_get_entry(struct logininfo *li)
|
|
||||||
}
|
|
||||||
#endif /* USE_WTMPX */
|
|
||||||
|
|
||||||
+#ifdef HAVE_LINUX_AUDIT
|
|
||||||
+static void
|
|
||||||
+_audit_hexscape(const char *what, char *where, unsigned int size)
|
|
||||||
+{
|
|
||||||
+ const char *ptr = what;
|
|
||||||
+ const char *hex = "0123456789ABCDEF";
|
|
||||||
+
|
|
||||||
+ while (*ptr) {
|
|
||||||
+ if (*ptr == '"' || *ptr < 0x21 || *ptr > 0x7E) {
|
|
||||||
+ unsigned int i;
|
|
||||||
+ ptr = what;
|
|
||||||
+ for (i = 0; *ptr && i+2 < size; i += 2) {
|
|
||||||
+ where[i] = hex[((unsigned)*ptr & 0xF0)>>4]; /* Upper nibble */
|
|
||||||
+ where[i+1] = hex[(unsigned)*ptr & 0x0F]; /* Lower nibble */
|
|
||||||
+ ptr++;
|
|
||||||
+ }
|
|
||||||
+ where[i] = '\0';
|
|
||||||
+ return;
|
|
||||||
+ }
|
|
||||||
+ ptr++;
|
|
||||||
+ }
|
|
||||||
+ where[0] = '"';
|
|
||||||
+ if ((unsigned)(ptr - what) < size - 3)
|
|
||||||
+ {
|
|
||||||
+ size = ptr - what + 3;
|
|
||||||
+ }
|
|
||||||
+ strncpy(where + 1, what, size - 3);
|
|
||||||
+ where[size-2] = '"';
|
|
||||||
+ where[size-1] = '\0';
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+#define AUDIT_LOG_SIZE 128
|
|
||||||
+#define AUDIT_ACCT_SIZE (AUDIT_LOG_SIZE - 8)
|
|
||||||
+
|
|
||||||
+int
|
|
||||||
+linux_audit_record_event(int uid, const char *username,
|
|
||||||
+ const char *hostname, const char *ip, const char *ttyn, int success)
|
|
||||||
+{
|
|
||||||
+ char buf[AUDIT_LOG_SIZE];
|
|
||||||
+ int audit_fd, rc;
|
|
||||||
+
|
|
||||||
+ audit_fd = audit_open();
|
|
||||||
+ if (audit_fd < 0) {
|
|
||||||
+ if (errno == EINVAL || errno == EPROTONOSUPPORT ||
|
|
||||||
+ errno == EAFNOSUPPORT)
|
|
||||||
+ return 1; /* No audit support in kernel */
|
|
||||||
+ else
|
|
||||||
+ return 0; /* Must prevent login */
|
|
||||||
+ }
|
|
||||||
+ if (username == NULL)
|
|
||||||
+ snprintf(buf, sizeof(buf), "uid=%d", uid);
|
|
||||||
+ else {
|
|
||||||
+ char encoded[AUDIT_ACCT_SIZE];
|
|
||||||
+ _audit_hexscape(username, encoded, sizeof(encoded));
|
|
||||||
+ snprintf(buf, sizeof(buf), "acct=%s", encoded);
|
|
||||||
+ }
|
|
||||||
+ rc = audit_log_user_message(audit_fd, AUDIT_USER_LOGIN,
|
|
||||||
+ buf, hostname, ip, ttyn, success);
|
|
||||||
+ close(audit_fd);
|
|
||||||
+ if (rc >= 0)
|
|
||||||
+ return 1;
|
|
||||||
+ else
|
|
||||||
+ return 0;
|
|
||||||
+}
|
|
||||||
+
|
|
||||||
+int
|
|
||||||
+linux_audit_write_entry(struct logininfo *li)
|
|
||||||
+{
|
|
||||||
+ switch(li->type) {
|
|
||||||
+ case LTYPE_LOGIN:
|
|
||||||
+ return (linux_audit_record_event(li->uid, NULL, li->hostname,
|
|
||||||
+ NULL, li->line, 1));
|
|
||||||
+ case LTYPE_LOGOUT:
|
|
||||||
+ return (1); /* We only care about logins */
|
|
||||||
+ default:
|
|
||||||
+ logit("%s: invalid type field", __func__);
|
|
||||||
+ return (0);
|
|
||||||
+ }
|
|
||||||
+}
|
|
||||||
+#endif /* HAVE_LINUX_AUDIT */
|
|
||||||
+
|
|
||||||
/**
|
|
||||||
** Low-level libutil login() functions
|
|
||||||
**/
|
|
||||||
diff -up openssh-5.2p1/loginrec.h.audit openssh-5.2p1/loginrec.h
|
|
||||||
--- openssh-5.2p1/loginrec.h.audit 2006-08-05 04:39:40.000000000 +0200
|
|
||||||
+++ openssh-5.2p1/loginrec.h 2009-08-09 09:22:23.641175349 +0200
|
|
||||||
@@ -127,5 +127,9 @@ char *line_stripname(char *dst, const ch
|
|
||||||
char *line_abbrevname(char *dst, const char *src, int dstsize);
|
|
||||||
|
|
||||||
void record_failed_login(const char *, const char *, const char *);
|
|
||||||
+#ifdef HAVE_LINUX_AUDIT
|
|
||||||
+int linux_audit_record_event(int uid, const char *username,
|
|
||||||
+ const char *hostname, const char *ip, const char *ttyn, int success);
|
|
||||||
+#endif /* HAVE_LINUX_AUDIT */
|
|
||||||
|
|
||||||
#endif /* _HAVE_LOGINREC_H_ */
|
|
@ -1,28 +0,0 @@
|
|||||||
Skip the initial empty-password check if permit_empty_passwd is disabled. This
|
|
||||||
doesn't change the timing profiles of the host because the additional condition
|
|
||||||
check which can short-circuit the call to pam_authenticate() has no dependency
|
|
||||||
on the identity of the user who is being authenticated.
|
|
||||||
diff -up openssh-5.1p1/auth1.c.skip-initial openssh-5.1p1/auth1.c
|
|
||||||
--- openssh-5.1p1/auth1.c.skip-initial 2008-07-09 12:54:05.000000000 +0200
|
|
||||||
+++ openssh-5.1p1/auth1.c 2008-07-23 18:26:01.000000000 +0200
|
|
||||||
@@ -244,7 +244,7 @@ do_authloop(Authctxt *authctxt)
|
|
||||||
authctxt->valid ? "" : "invalid user ", authctxt->user);
|
|
||||||
|
|
||||||
/* If the user has no password, accept authentication immediately. */
|
|
||||||
- if (options.password_authentication &&
|
|
||||||
+ if (options.permit_empty_passwd && options.password_authentication &&
|
|
||||||
#ifdef KRB5
|
|
||||||
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
|
|
||||||
#endif
|
|
||||||
diff -up openssh-5.1p1/auth2-none.c.skip-initial openssh-5.1p1/auth2-none.c
|
|
||||||
--- openssh-5.1p1/auth2-none.c.skip-initial 2008-07-02 14:56:09.000000000 +0200
|
|
||||||
+++ openssh-5.1p1/auth2-none.c 2008-07-23 18:26:01.000000000 +0200
|
|
||||||
@@ -65,7 +65,7 @@ userauth_none(Authctxt *authctxt)
|
|
||||||
if (check_nt_auth(1, authctxt->pw) == 0)
|
|
||||||
return (0);
|
|
||||||
#endif
|
|
||||||
- if (options.password_authentication)
|
|
||||||
+ if (options.permit_empty_passwd && options.password_authentication)
|
|
||||||
return (PRIVSEP(auth_password(authctxt, "")));
|
|
||||||
return (0);
|
|
||||||
}
|
|
@ -1,47 +0,0 @@
|
|||||||
diff -up openssh-5.2p1/ssh.c.pathmax openssh-5.2p1/ssh.c
|
|
||||||
--- openssh-5.2p1/ssh.c.pathmax 2009-07-08 14:23:19.000000000 +0200
|
|
||||||
+++ openssh-5.2p1/ssh.c 2009-07-08 14:26:26.000000000 +0200
|
|
||||||
@@ -49,6 +49,7 @@
|
|
||||||
#include <sys/resource.h>
|
|
||||||
#include <sys/ioctl.h>
|
|
||||||
#include <sys/socket.h>
|
|
||||||
+#include <sys/param.h>
|
|
||||||
|
|
||||||
#include <ctype.h>
|
|
||||||
#include <errno.h>
|
|
||||||
@@ -208,8 +209,8 @@ void muxserver_listen(void);
|
|
||||||
int
|
|
||||||
main(int ac, char **av)
|
|
||||||
{
|
|
||||||
- int i, opt, exit_status, use_syslog;
|
|
||||||
- char *p, *cp, *line, buf[256];
|
|
||||||
+ int i, r, opt, exit_status, use_syslog;
|
|
||||||
+ char *p, *cp, *line, buf[MAXPATHLEN];
|
|
||||||
struct stat st;
|
|
||||||
struct passwd *pw;
|
|
||||||
int dummy, timeout_ms;
|
|
||||||
@@ -624,9 +625,10 @@ main(int ac, char **av)
|
|
||||||
fatal("Can't open user config file %.100s: "
|
|
||||||
"%.100s", config, strerror(errno));
|
|
||||||
} else {
|
|
||||||
- snprintf(buf, sizeof buf, "%.100s/%.100s", pw->pw_dir,
|
|
||||||
+ r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
|
|
||||||
_PATH_SSH_USER_CONFFILE);
|
|
||||||
- (void)read_config_file(buf, host, &options, 1);
|
|
||||||
+ if (r > 0 && (size_t)r < sizeof(buf))
|
|
||||||
+ (void)read_config_file(buf, host, &options, 1);
|
|
||||||
|
|
||||||
/* Read systemwide configuration file after use config. */
|
|
||||||
(void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
|
|
||||||
@@ -787,9 +789,9 @@ main(int ac, char **av)
|
|
||||||
* Now that we are back to our own permissions, create ~/.ssh
|
|
||||||
* directory if it doesn't already exist.
|
|
||||||
*/
|
|
||||||
- snprintf(buf, sizeof buf, "%.100s%s%.100s", pw->pw_dir,
|
|
||||||
+ r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
|
|
||||||
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
|
|
||||||
- if (stat(buf, &st) < 0)
|
|
||||||
+ if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0)
|
|
||||||
if (mkdir(buf, 0700) < 0)
|
|
||||||
error("Could not create directory '%.200s'.", buf);
|
|
||||||
|
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.2p1/auth2-pubkey.c.fips openssh-5.2p1/auth2-pubkey.c
|
diff -up openssh-5.3p1/auth2-pubkey.c.fips openssh-5.3p1/auth2-pubkey.c
|
||||||
--- openssh-5.2p1/auth2-pubkey.c.fips 2009-05-15 15:51:01.000000000 +0200
|
--- openssh-5.3p1/auth2-pubkey.c.fips 2009-10-02 14:12:00.000000000 +0200
|
||||||
+++ openssh-5.2p1/auth2-pubkey.c 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/auth2-pubkey.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -33,6 +33,7 @@
|
@@ -33,6 +33,7 @@
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <stdarg.h>
|
#include <stdarg.h>
|
||||||
@ -9,7 +9,7 @@ diff -up openssh-5.2p1/auth2-pubkey.c.fips openssh-5.2p1/auth2-pubkey.c
|
|||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
@@ -243,7 +244,7 @@ user_key_allowed2(struct passwd *pw, Key
|
@@ -240,7 +241,7 @@ user_key_allowed2(struct passwd *pw, Key
|
||||||
found_key = 1;
|
found_key = 1;
|
||||||
debug("matching key found: file %s, line %lu",
|
debug("matching key found: file %s, line %lu",
|
||||||
file, linenum);
|
file, linenum);
|
||||||
@ -18,9 +18,9 @@ diff -up openssh-5.2p1/auth2-pubkey.c.fips openssh-5.2p1/auth2-pubkey.c
|
|||||||
verbose("Found matching %s key: %s",
|
verbose("Found matching %s key: %s",
|
||||||
key_type(found), fp);
|
key_type(found), fp);
|
||||||
xfree(fp);
|
xfree(fp);
|
||||||
diff -up openssh-5.2p1/authfile.c.fips openssh-5.2p1/authfile.c
|
diff -up openssh-5.3p1/authfile.c.fips openssh-5.3p1/authfile.c
|
||||||
--- openssh-5.2p1/authfile.c.fips 2006-09-01 07:38:36.000000000 +0200
|
--- openssh-5.3p1/authfile.c.fips 2006-09-01 07:38:36.000000000 +0200
|
||||||
+++ openssh-5.2p1/authfile.c 2009-05-15 16:08:34.000000000 +0200
|
+++ openssh-5.3p1/authfile.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -143,8 +143,14 @@ key_save_private_rsa1(Key *key, const ch
|
@@ -143,8 +143,14 @@ key_save_private_rsa1(Key *key, const ch
|
||||||
/* Allocate space for the private part of the key in the buffer. */
|
/* Allocate space for the private part of the key in the buffer. */
|
||||||
cp = buffer_append_space(&encrypted, buffer_len(&buffer));
|
cp = buffer_append_space(&encrypted, buffer_len(&buffer));
|
||||||
@ -55,9 +55,9 @@ diff -up openssh-5.2p1/authfile.c.fips openssh-5.2p1/authfile.c
|
|||||||
cipher_crypt(&ciphercontext, cp,
|
cipher_crypt(&ciphercontext, cp,
|
||||||
buffer_ptr(&buffer), buffer_len(&buffer));
|
buffer_ptr(&buffer), buffer_len(&buffer));
|
||||||
cipher_cleanup(&ciphercontext);
|
cipher_cleanup(&ciphercontext);
|
||||||
diff -up openssh-5.2p1/cipher.c.fips openssh-5.2p1/cipher.c
|
diff -up openssh-5.3p1/cipher.c.fips openssh-5.3p1/cipher.c
|
||||||
--- openssh-5.2p1/cipher.c.fips 2009-03-06 18:23:21.000000000 +0100
|
--- openssh-5.3p1/cipher.c.fips 2009-10-02 13:44:03.000000000 +0200
|
||||||
+++ openssh-5.2p1/cipher.c 2009-05-15 16:14:16.000000000 +0200
|
+++ openssh-5.3p1/cipher.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -40,6 +40,7 @@
|
@@ -40,6 +40,7 @@
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
|
||||||
@ -142,9 +142,9 @@ diff -up openssh-5.2p1/cipher.c.fips openssh-5.2p1/cipher.c
|
|||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
diff -up openssh-5.2p1/cipher-ctr.c.fips openssh-5.2p1/cipher-ctr.c
|
diff -up openssh-5.3p1/cipher-ctr.c.fips openssh-5.3p1/cipher-ctr.c
|
||||||
--- openssh-5.2p1/cipher-ctr.c.fips 2007-06-14 15:21:33.000000000 +0200
|
--- openssh-5.3p1/cipher-ctr.c.fips 2007-06-14 15:21:33.000000000 +0200
|
||||||
+++ openssh-5.2p1/cipher-ctr.c 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/cipher-ctr.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -140,7 +140,8 @@ evp_aes_128_ctr(void)
|
@@ -140,7 +140,8 @@ evp_aes_128_ctr(void)
|
||||||
aes_ctr.do_cipher = ssh_aes_ctr;
|
aes_ctr.do_cipher = ssh_aes_ctr;
|
||||||
#ifndef SSH_OLD_EVP
|
#ifndef SSH_OLD_EVP
|
||||||
@ -155,9 +155,9 @@ diff -up openssh-5.2p1/cipher-ctr.c.fips openssh-5.2p1/cipher-ctr.c
|
|||||||
#endif
|
#endif
|
||||||
return (&aes_ctr);
|
return (&aes_ctr);
|
||||||
}
|
}
|
||||||
diff -up openssh-5.2p1/cipher.h.fips openssh-5.2p1/cipher.h
|
diff -up openssh-5.3p1/cipher.h.fips openssh-5.3p1/cipher.h
|
||||||
--- openssh-5.2p1/cipher.h.fips 2009-01-28 06:38:41.000000000 +0100
|
--- openssh-5.3p1/cipher.h.fips 2009-01-28 06:38:41.000000000 +0100
|
||||||
+++ openssh-5.2p1/cipher.h 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/cipher.h 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -78,7 +78,7 @@ void cipher_init(CipherContext *, Ciphe
|
@@ -78,7 +78,7 @@ void cipher_init(CipherContext *, Ciphe
|
||||||
const u_char *, u_int, int);
|
const u_char *, u_int, int);
|
||||||
void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
|
void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
|
||||||
@ -167,9 +167,9 @@ diff -up openssh-5.2p1/cipher.h.fips openssh-5.2p1/cipher.h
|
|||||||
u_int cipher_blocksize(const Cipher *);
|
u_int cipher_blocksize(const Cipher *);
|
||||||
u_int cipher_keylen(const Cipher *);
|
u_int cipher_keylen(const Cipher *);
|
||||||
u_int cipher_is_cbc(const Cipher *);
|
u_int cipher_is_cbc(const Cipher *);
|
||||||
diff -up openssh-5.2p1/mac.c.fips openssh-5.2p1/mac.c
|
diff -up openssh-5.3p1/mac.c.fips openssh-5.3p1/mac.c
|
||||||
--- openssh-5.2p1/mac.c.fips 2008-06-13 02:58:50.000000000 +0200
|
--- openssh-5.3p1/mac.c.fips 2008-06-13 02:58:50.000000000 +0200
|
||||||
+++ openssh-5.2p1/mac.c 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/mac.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -28,6 +28,7 @@
|
@@ -28,6 +28,7 @@
|
||||||
#include <sys/types.h>
|
#include <sys/types.h>
|
||||||
|
|
||||||
@ -219,10 +219,10 @@ diff -up openssh-5.2p1/mac.c.fips openssh-5.2p1/mac.c
|
|||||||
|
|
||||||
for (i = 0; macs[i].name; i++) {
|
for (i = 0; macs[i].name; i++) {
|
||||||
if (strcmp(name, macs[i].name) == 0) {
|
if (strcmp(name, macs[i].name) == 0) {
|
||||||
diff -up openssh-5.2p1/Makefile.in.fips openssh-5.2p1/Makefile.in
|
diff -up openssh-5.3p1/Makefile.in.fips openssh-5.3p1/Makefile.in
|
||||||
--- openssh-5.2p1/Makefile.in.fips 2009-05-15 15:51:01.000000000 +0200
|
--- openssh-5.3p1/Makefile.in.fips 2009-10-02 14:12:00.000000000 +0200
|
||||||
+++ openssh-5.2p1/Makefile.in 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/Makefile.in 2009-10-02 14:20:18.000000000 +0200
|
||||||
@@ -134,28 +134,28 @@ libssh.a: $(LIBSSH_OBJS)
|
@@ -136,28 +136,28 @@ libssh.a: $(LIBSSH_OBJS)
|
||||||
$(RANLIB) $@
|
$(RANLIB) $@
|
||||||
|
|
||||||
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
||||||
@ -231,7 +231,7 @@ diff -up openssh-5.2p1/Makefile.in.fips openssh-5.2p1/Makefile.in
|
|||||||
|
|
||||||
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
||||||
- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
|
- $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
|
||||||
+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) -lfipscheck $(LIBS)
|
+ $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)
|
||||||
|
|
||||||
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
|
scp$(EXEEXT): $(LIBCOMPAT) libssh.a scp.o progressmeter.o
|
||||||
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
$(LD) -o $@ scp.o progressmeter.o bufaux.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||||
@ -248,19 +248,19 @@ diff -up openssh-5.2p1/Makefile.in.fips openssh-5.2p1/Makefile.in
|
|||||||
- $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
- $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||||
+ $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
|
+ $(LD) -o $@ ssh-keygen.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
|
||||||
|
|
||||||
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o
|
ssh-keysign$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keysign.o roaming_dummy.o
|
||||||
- $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
- $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||||
+ $(LD) -o $@ ssh-keysign.o readconf.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
|
+ $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
|
||||||
|
|
||||||
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
|
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
|
||||||
- $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
- $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
|
||||||
+ $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
|
+ $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lfipscheck $(LIBS)
|
||||||
|
|
||||||
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
|
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
|
||||||
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
|
||||||
diff -up openssh-5.2p1/myproposal.h.fips openssh-5.2p1/myproposal.h
|
diff -up openssh-5.3p1/myproposal.h.fips openssh-5.3p1/myproposal.h
|
||||||
--- openssh-5.2p1/myproposal.h.fips 2009-01-28 06:33:31.000000000 +0100
|
--- openssh-5.3p1/myproposal.h.fips 2009-01-28 06:33:31.000000000 +0100
|
||||||
+++ openssh-5.2p1/myproposal.h 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/myproposal.h 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -53,7 +53,12 @@
|
@@ -53,7 +53,12 @@
|
||||||
"hmac-sha1-96,hmac-md5-96"
|
"hmac-sha1-96,hmac-md5-96"
|
||||||
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
|
#define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib"
|
||||||
@ -275,9 +275,9 @@ diff -up openssh-5.2p1/myproposal.h.fips openssh-5.2p1/myproposal.h
|
|||||||
|
|
||||||
static char *myproposal[PROPOSAL_MAX] = {
|
static char *myproposal[PROPOSAL_MAX] = {
|
||||||
KEX_DEFAULT_KEX,
|
KEX_DEFAULT_KEX,
|
||||||
diff -up openssh-5.2p1/nsskeys.c.fips openssh-5.2p1/nsskeys.c
|
diff -up openssh-5.3p1/nsskeys.c.fips openssh-5.3p1/nsskeys.c
|
||||||
--- openssh-5.2p1/nsskeys.c.fips 2009-05-15 15:51:01.000000000 +0200
|
--- openssh-5.3p1/nsskeys.c.fips 2009-10-02 14:12:00.000000000 +0200
|
||||||
+++ openssh-5.2p1/nsskeys.c 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/nsskeys.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -183,8 +183,8 @@ nss_convert_pubkey(Key *k)
|
@@ -183,8 +183,8 @@ nss_convert_pubkey(Key *k)
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
@ -289,9 +289,9 @@ diff -up openssh-5.2p1/nsskeys.c.fips openssh-5.2p1/nsskeys.c
|
|||||||
xfree(p);
|
xfree(p);
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
diff -up openssh-5.2p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.2p1/openbsd-compat/bsd-arc4random.c
|
diff -up openssh-5.3p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.3p1/openbsd-compat/bsd-arc4random.c
|
||||||
--- openssh-5.2p1/openbsd-compat/bsd-arc4random.c.fips 2008-06-04 02:54:00.000000000 +0200
|
--- openssh-5.3p1/openbsd-compat/bsd-arc4random.c.fips 2008-06-04 02:54:00.000000000 +0200
|
||||||
+++ openssh-5.2p1/openbsd-compat/bsd-arc4random.c 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/openbsd-compat/bsd-arc4random.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -39,6 +39,7 @@
|
@@ -39,6 +39,7 @@
|
||||||
static int rc4_ready = 0;
|
static int rc4_ready = 0;
|
||||||
static RC4_KEY rc4;
|
static RC4_KEY rc4;
|
||||||
@ -333,9 +333,9 @@ diff -up openssh-5.2p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.2p1/openbs
|
|||||||
#endif /* !HAVE_ARC4RANDOM */
|
#endif /* !HAVE_ARC4RANDOM */
|
||||||
|
|
||||||
#ifndef ARC4RANDOM_BUF
|
#ifndef ARC4RANDOM_BUF
|
||||||
diff -up openssh-5.2p1/ssh-add.c.fips openssh-5.2p1/ssh-add.c
|
diff -up openssh-5.3p1/ssh-add.c.fips openssh-5.3p1/ssh-add.c
|
||||||
--- openssh-5.2p1/ssh-add.c.fips 2009-05-15 15:51:01.000000000 +0200
|
--- openssh-5.3p1/ssh-add.c.fips 2009-10-02 14:12:00.000000000 +0200
|
||||||
+++ openssh-5.2p1/ssh-add.c 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/ssh-add.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -42,6 +42,7 @@
|
@@ -42,6 +42,7 @@
|
||||||
#include <sys/param.h>
|
#include <sys/param.h>
|
||||||
|
|
||||||
@ -353,9 +353,9 @@ diff -up openssh-5.2p1/ssh-add.c.fips openssh-5.2p1/ssh-add.c
|
|||||||
SSH_FP_HEX);
|
SSH_FP_HEX);
|
||||||
printf("%d %s %s (%s)\n",
|
printf("%d %s %s (%s)\n",
|
||||||
key_size(key), fp, comment, key_type(key));
|
key_size(key), fp, comment, key_type(key));
|
||||||
diff -up openssh-5.2p1/ssh-agent.c.fips openssh-5.2p1/ssh-agent.c
|
diff -up openssh-5.3p1/ssh-agent.c.fips openssh-5.3p1/ssh-agent.c
|
||||||
--- openssh-5.2p1/ssh-agent.c.fips 2009-05-15 15:51:01.000000000 +0200
|
--- openssh-5.3p1/ssh-agent.c.fips 2009-10-02 14:12:00.000000000 +0200
|
||||||
+++ openssh-5.2p1/ssh-agent.c 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/ssh-agent.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -51,6 +51,7 @@
|
@@ -51,6 +51,7 @@
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
@ -377,10 +377,10 @@ diff -up openssh-5.2p1/ssh-agent.c.fips openssh-5.2p1/ssh-agent.c
|
|||||||
ret = 0;
|
ret = 0;
|
||||||
xfree(p);
|
xfree(p);
|
||||||
|
|
||||||
diff -up openssh-5.2p1/ssh.c.fips openssh-5.2p1/ssh.c
|
diff -up openssh-5.3p1/ssh.c.fips openssh-5.3p1/ssh.c
|
||||||
--- openssh-5.2p1/ssh.c.fips 2009-05-15 15:51:01.000000000 +0200
|
--- openssh-5.3p1/ssh.c.fips 2009-10-02 14:12:00.000000000 +0200
|
||||||
+++ openssh-5.2p1/ssh.c 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/ssh.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -71,6 +71,8 @@
|
@@ -72,6 +72,8 @@
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
@ -389,7 +389,7 @@ diff -up openssh-5.2p1/ssh.c.fips openssh-5.2p1/ssh.c
|
|||||||
#include "openbsd-compat/openssl-compat.h"
|
#include "openbsd-compat/openssl-compat.h"
|
||||||
#include "openbsd-compat/sys-queue.h"
|
#include "openbsd-compat/sys-queue.h"
|
||||||
|
|
||||||
@@ -220,6 +222,10 @@ main(int ac, char **av)
|
@@ -221,6 +223,10 @@ main(int ac, char **av)
|
||||||
sanitise_stdfd();
|
sanitise_stdfd();
|
||||||
|
|
||||||
__progname = ssh_get_progname(av[0]);
|
__progname = ssh_get_progname(av[0]);
|
||||||
@ -400,7 +400,7 @@ diff -up openssh-5.2p1/ssh.c.fips openssh-5.2p1/ssh.c
|
|||||||
init_rng();
|
init_rng();
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -279,6 +285,9 @@ main(int ac, char **av)
|
@@ -281,6 +287,9 @@ main(int ac, char **av)
|
||||||
"ACD:F:I:KL:MNO:PR:S:TVw:XYy")) != -1) {
|
"ACD:F:I:KL:MNO:PR:S:TVw:XYy")) != -1) {
|
||||||
switch (opt) {
|
switch (opt) {
|
||||||
case '1':
|
case '1':
|
||||||
@ -410,7 +410,7 @@ diff -up openssh-5.2p1/ssh.c.fips openssh-5.2p1/ssh.c
|
|||||||
options.protocol = SSH_PROTO_1;
|
options.protocol = SSH_PROTO_1;
|
||||||
break;
|
break;
|
||||||
case '2':
|
case '2':
|
||||||
@@ -550,7 +559,6 @@ main(int ac, char **av)
|
@@ -552,7 +561,6 @@ main(int ac, char **av)
|
||||||
if (!host)
|
if (!host)
|
||||||
usage();
|
usage();
|
||||||
|
|
||||||
@ -418,7 +418,7 @@ diff -up openssh-5.2p1/ssh.c.fips openssh-5.2p1/ssh.c
|
|||||||
ERR_load_crypto_strings();
|
ERR_load_crypto_strings();
|
||||||
|
|
||||||
/* Initialize the command to execute on remote host. */
|
/* Initialize the command to execute on remote host. */
|
||||||
@@ -635,6 +643,10 @@ main(int ac, char **av)
|
@@ -638,6 +646,10 @@ main(int ac, char **av)
|
||||||
|
|
||||||
seed_rng();
|
seed_rng();
|
||||||
|
|
||||||
@ -429,7 +429,7 @@ diff -up openssh-5.2p1/ssh.c.fips openssh-5.2p1/ssh.c
|
|||||||
if (options.user == NULL)
|
if (options.user == NULL)
|
||||||
options.user = xstrdup(pw->pw_name);
|
options.user = xstrdup(pw->pw_name);
|
||||||
|
|
||||||
@@ -701,6 +713,12 @@ main(int ac, char **av)
|
@@ -704,6 +716,12 @@ main(int ac, char **av)
|
||||||
|
|
||||||
timeout_ms = options.connection_timeout * 1000;
|
timeout_ms = options.connection_timeout * 1000;
|
||||||
|
|
||||||
@ -442,9 +442,9 @@ diff -up openssh-5.2p1/ssh.c.fips openssh-5.2p1/ssh.c
|
|||||||
/* Open a connection to the remote host. */
|
/* Open a connection to the remote host. */
|
||||||
if (ssh_connect(host, &hostaddr, options.port,
|
if (ssh_connect(host, &hostaddr, options.port,
|
||||||
options.address_family, options.connection_attempts, &timeout_ms,
|
options.address_family, options.connection_attempts, &timeout_ms,
|
||||||
diff -up openssh-5.2p1/sshconnect2.c.fips openssh-5.2p1/sshconnect2.c
|
diff -up openssh-5.3p1/sshconnect2.c.fips openssh-5.3p1/sshconnect2.c
|
||||||
--- openssh-5.2p1/sshconnect2.c.fips 2009-05-15 15:51:01.000000000 +0200
|
--- openssh-5.3p1/sshconnect2.c.fips 2009-10-02 14:12:00.000000000 +0200
|
||||||
+++ openssh-5.2p1/sshconnect2.c 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/sshconnect2.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -44,6 +44,8 @@
|
@@ -44,6 +44,8 @@
|
||||||
#include <vis.h>
|
#include <vis.h>
|
||||||
#endif
|
#endif
|
||||||
@ -454,7 +454,7 @@ diff -up openssh-5.2p1/sshconnect2.c.fips openssh-5.2p1/sshconnect2.c
|
|||||||
#include "openbsd-compat/sys-queue.h"
|
#include "openbsd-compat/sys-queue.h"
|
||||||
|
|
||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
@@ -115,6 +117,10 @@ ssh_kex2(char *host, struct sockaddr *ho
|
@@ -116,6 +118,10 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||||
if (options.ciphers != NULL) {
|
if (options.ciphers != NULL) {
|
||||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
|
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
|
||||||
@ -465,7 +465,7 @@ diff -up openssh-5.2p1/sshconnect2.c.fips openssh-5.2p1/sshconnect2.c
|
|||||||
}
|
}
|
||||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||||
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
|
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
|
||||||
@@ -130,7 +136,11 @@ ssh_kex2(char *host, struct sockaddr *ho
|
@@ -131,7 +137,11 @@ ssh_kex2(char *host, struct sockaddr *ho
|
||||||
if (options.macs != NULL) {
|
if (options.macs != NULL) {
|
||||||
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
||||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||||
@ -477,7 +477,7 @@ diff -up openssh-5.2p1/sshconnect2.c.fips openssh-5.2p1/sshconnect2.c
|
|||||||
if (options.hostkeyalgorithms != NULL)
|
if (options.hostkeyalgorithms != NULL)
|
||||||
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
|
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
|
||||||
options.hostkeyalgorithms;
|
options.hostkeyalgorithms;
|
||||||
@@ -507,8 +517,8 @@ input_userauth_pk_ok(int type, u_int32_t
|
@@ -508,8 +518,8 @@ input_userauth_pk_ok(int type, u_int32_t
|
||||||
key->type, pktype);
|
key->type, pktype);
|
||||||
goto done;
|
goto done;
|
||||||
}
|
}
|
||||||
@ -488,9 +488,9 @@ diff -up openssh-5.2p1/sshconnect2.c.fips openssh-5.2p1/sshconnect2.c
|
|||||||
xfree(fp);
|
xfree(fp);
|
||||||
|
|
||||||
/*
|
/*
|
||||||
diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c
|
diff -up openssh-5.3p1/sshconnect.c.fips openssh-5.3p1/sshconnect.c
|
||||||
--- openssh-5.2p1/sshconnect.c.fips 2009-05-15 15:51:01.000000000 +0200
|
--- openssh-5.3p1/sshconnect.c.fips 2009-10-02 14:12:00.000000000 +0200
|
||||||
+++ openssh-5.2p1/sshconnect.c 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/sshconnect.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -40,6 +40,8 @@
|
@@ -40,6 +40,8 @@
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
@ -500,7 +500,7 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c
|
|||||||
#include "xmalloc.h"
|
#include "xmalloc.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "hostfile.h"
|
#include "hostfile.h"
|
||||||
@@ -761,6 +763,7 @@ check_host_key(char *hostname, struct so
|
@@ -763,6 +765,7 @@ check_host_key(char *hostname, struct so
|
||||||
goto fail;
|
goto fail;
|
||||||
} else if (options.strict_host_key_checking == 2) {
|
} else if (options.strict_host_key_checking == 2) {
|
||||||
char msg1[1024], msg2[1024];
|
char msg1[1024], msg2[1024];
|
||||||
@ -508,7 +508,7 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c
|
|||||||
|
|
||||||
if (show_other_keys(host, host_key))
|
if (show_other_keys(host, host_key))
|
||||||
snprintf(msg1, sizeof(msg1),
|
snprintf(msg1, sizeof(msg1),
|
||||||
@@ -769,8 +772,8 @@ check_host_key(char *hostname, struct so
|
@@ -771,8 +774,8 @@ check_host_key(char *hostname, struct so
|
||||||
else
|
else
|
||||||
snprintf(msg1, sizeof(msg1), ".");
|
snprintf(msg1, sizeof(msg1), ".");
|
||||||
/* The default */
|
/* The default */
|
||||||
@ -519,7 +519,7 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c
|
|||||||
SSH_FP_RANDOMART);
|
SSH_FP_RANDOMART);
|
||||||
msg2[0] = '\0';
|
msg2[0] = '\0';
|
||||||
if (options.verify_host_key_dns) {
|
if (options.verify_host_key_dns) {
|
||||||
@@ -786,10 +789,10 @@ check_host_key(char *hostname, struct so
|
@@ -788,10 +791,10 @@ check_host_key(char *hostname, struct so
|
||||||
snprintf(msg, sizeof(msg),
|
snprintf(msg, sizeof(msg),
|
||||||
"The authenticity of host '%.200s (%s)' can't be "
|
"The authenticity of host '%.200s (%s)' can't be "
|
||||||
"established%s\n"
|
"established%s\n"
|
||||||
@ -532,7 +532,7 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c
|
|||||||
options.visual_host_key ? "\n" : "",
|
options.visual_host_key ? "\n" : "",
|
||||||
options.visual_host_key ? ra : "",
|
options.visual_host_key ? ra : "",
|
||||||
msg2);
|
msg2);
|
||||||
@@ -1077,17 +1080,18 @@ show_key_from_file(const char *file, con
|
@@ -1079,17 +1082,18 @@ show_key_from_file(const char *file, con
|
||||||
Key *found;
|
Key *found;
|
||||||
char *fp, *ra;
|
char *fp, *ra;
|
||||||
int line, ret;
|
int line, ret;
|
||||||
@ -555,7 +555,7 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c
|
|||||||
xfree(ra);
|
xfree(ra);
|
||||||
xfree(fp);
|
xfree(fp);
|
||||||
}
|
}
|
||||||
@@ -1133,8 +1137,9 @@ warn_changed_key(Key *host_key)
|
@@ -1135,8 +1139,9 @@ warn_changed_key(Key *host_key)
|
||||||
{
|
{
|
||||||
char *fp;
|
char *fp;
|
||||||
const char *type = key_type(host_key);
|
const char *type = key_type(host_key);
|
||||||
@ -566,7 +566,7 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c
|
|||||||
|
|
||||||
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
|
error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
|
||||||
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
|
error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @");
|
||||||
@@ -1142,8 +1147,8 @@ warn_changed_key(Key *host_key)
|
@@ -1144,8 +1149,8 @@ warn_changed_key(Key *host_key)
|
||||||
error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
|
error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!");
|
||||||
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
|
error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!");
|
||||||
error("It is also possible that the %s host key has just been changed.", type);
|
error("It is also possible that the %s host key has just been changed.", type);
|
||||||
@ -577,9 +577,9 @@ diff -up openssh-5.2p1/sshconnect.c.fips openssh-5.2p1/sshconnect.c
|
|||||||
error("Please contact your system administrator.");
|
error("Please contact your system administrator.");
|
||||||
|
|
||||||
xfree(fp);
|
xfree(fp);
|
||||||
diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c
|
diff -up openssh-5.3p1/sshd.c.fips openssh-5.3p1/sshd.c
|
||||||
--- openssh-5.2p1/sshd.c.fips 2009-05-15 15:51:01.000000000 +0200
|
--- openssh-5.3p1/sshd.c.fips 2009-10-02 14:12:00.000000000 +0200
|
||||||
+++ openssh-5.2p1/sshd.c 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/sshd.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -76,6 +76,8 @@
|
@@ -76,6 +76,8 @@
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/md5.h>
|
#include <openssl/md5.h>
|
||||||
@ -589,7 +589,7 @@ diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c
|
|||||||
#include "openbsd-compat/openssl-compat.h"
|
#include "openbsd-compat/openssl-compat.h"
|
||||||
|
|
||||||
#ifdef HAVE_SECUREWARE
|
#ifdef HAVE_SECUREWARE
|
||||||
@@ -1260,6 +1262,12 @@ main(int ac, char **av)
|
@@ -1261,6 +1263,12 @@ main(int ac, char **av)
|
||||||
(void)set_auth_parameters(ac, av);
|
(void)set_auth_parameters(ac, av);
|
||||||
#endif
|
#endif
|
||||||
__progname = ssh_get_progname(av[0]);
|
__progname = ssh_get_progname(av[0]);
|
||||||
@ -602,7 +602,7 @@ diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c
|
|||||||
init_rng();
|
init_rng();
|
||||||
|
|
||||||
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
|
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
|
||||||
@@ -1412,8 +1420,6 @@ main(int ac, char **av)
|
@@ -1413,8 +1421,6 @@ main(int ac, char **av)
|
||||||
else
|
else
|
||||||
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
|
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
|
||||||
|
|
||||||
@ -611,7 +611,7 @@ diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c
|
|||||||
/*
|
/*
|
||||||
* Force logging to stderr until we have loaded the private host
|
* Force logging to stderr until we have loaded the private host
|
||||||
* key (unless started from inetd)
|
* key (unless started from inetd)
|
||||||
@@ -1531,6 +1537,10 @@ main(int ac, char **av)
|
@@ -1532,6 +1538,10 @@ main(int ac, char **av)
|
||||||
debug("private host key: #%d type %d %s", i, key->type,
|
debug("private host key: #%d type %d %s", i, key->type,
|
||||||
key_type(key));
|
key_type(key));
|
||||||
}
|
}
|
||||||
@ -622,7 +622,7 @@ diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c
|
|||||||
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
|
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
|
||||||
logit("Disabling protocol version 1. Could not load host key");
|
logit("Disabling protocol version 1. Could not load host key");
|
||||||
options.protocol &= ~SSH_PROTO_1;
|
options.protocol &= ~SSH_PROTO_1;
|
||||||
@@ -1655,6 +1665,10 @@ main(int ac, char **av)
|
@@ -1656,6 +1666,10 @@ main(int ac, char **av)
|
||||||
/* Initialize the random number generator. */
|
/* Initialize the random number generator. */
|
||||||
arc4random_stir();
|
arc4random_stir();
|
||||||
|
|
||||||
@ -633,7 +633,7 @@ diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c
|
|||||||
/* Chdir to the root directory so that the current disk can be
|
/* Chdir to the root directory so that the current disk can be
|
||||||
unmounted if desired. */
|
unmounted if desired. */
|
||||||
chdir("/");
|
chdir("/");
|
||||||
@@ -2182,6 +2196,9 @@ do_ssh2_kex(void)
|
@@ -2183,6 +2197,9 @@ do_ssh2_kex(void)
|
||||||
if (options.ciphers != NULL) {
|
if (options.ciphers != NULL) {
|
||||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||||
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
|
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
|
||||||
@ -643,7 +643,7 @@ diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c
|
|||||||
}
|
}
|
||||||
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
|
||||||
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
|
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
|
||||||
@@ -2191,6 +2208,9 @@ do_ssh2_kex(void)
|
@@ -2192,6 +2209,9 @@ do_ssh2_kex(void)
|
||||||
if (options.macs != NULL) {
|
if (options.macs != NULL) {
|
||||||
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
|
||||||
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
|
||||||
@ -653,9 +653,9 @@ diff -up openssh-5.2p1/sshd.c.fips openssh-5.2p1/sshd.c
|
|||||||
}
|
}
|
||||||
if (options.compression == COMP_NONE) {
|
if (options.compression == COMP_NONE) {
|
||||||
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
|
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
|
||||||
diff -up openssh-5.2p1/ssh-keygen.c.fips openssh-5.2p1/ssh-keygen.c
|
diff -up openssh-5.3p1/ssh-keygen.c.fips openssh-5.3p1/ssh-keygen.c
|
||||||
--- openssh-5.2p1/ssh-keygen.c.fips 2009-05-15 15:51:01.000000000 +0200
|
--- openssh-5.3p1/ssh-keygen.c.fips 2009-10-02 14:12:00.000000000 +0200
|
||||||
+++ openssh-5.2p1/ssh-keygen.c 2009-05-15 15:51:01.000000000 +0200
|
+++ openssh-5.3p1/ssh-keygen.c 2009-10-02 14:12:00.000000000 +0200
|
||||||
@@ -21,6 +21,7 @@
|
@@ -21,6 +21,7 @@
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
@ -1,7 +1,18 @@
|
|||||||
diff -up openssh-5.1p1/misc.c.mls openssh-5.1p1/misc.c
|
diff -up openssh-5.3p1/configure.ac.mls openssh-5.3p1/configure.ac
|
||||||
--- openssh-5.1p1/misc.c.mls 2008-06-13 06:48:59.000000000 +0200
|
--- openssh-5.3p1/configure.ac.mls 2009-10-02 14:04:31.000000000 +0200
|
||||||
+++ openssh-5.1p1/misc.c 2008-07-23 18:53:37.000000000 +0200
|
+++ openssh-5.3p1/configure.ac 2009-10-02 14:04:31.000000000 +0200
|
||||||
@@ -427,6 +427,7 @@ char *
|
@@ -3404,6 +3404,7 @@ AC_ARG_WITH(selinux,
|
||||||
|
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
|
||||||
|
LIBS="$LIBS $LIBSELINUX"
|
||||||
|
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
|
||||||
|
+ AC_CHECK_FUNCS(setkeycreatecon)
|
||||||
|
LIBS="$save_LIBS"
|
||||||
|
fi ]
|
||||||
|
)
|
||||||
|
diff -up openssh-5.3p1/misc.c.mls openssh-5.3p1/misc.c
|
||||||
|
--- openssh-5.3p1/misc.c.mls 2009-02-21 22:47:02.000000000 +0100
|
||||||
|
+++ openssh-5.3p1/misc.c 2009-10-02 14:04:31.000000000 +0200
|
||||||
|
@@ -423,6 +423,7 @@ char *
|
||||||
colon(char *cp)
|
colon(char *cp)
|
||||||
{
|
{
|
||||||
int flag = 0;
|
int flag = 0;
|
||||||
@ -9,7 +20,7 @@ diff -up openssh-5.1p1/misc.c.mls openssh-5.1p1/misc.c
|
|||||||
|
|
||||||
if (*cp == ':') /* Leading colon is part of file name. */
|
if (*cp == ':') /* Leading colon is part of file name. */
|
||||||
return (0);
|
return (0);
|
||||||
@@ -440,8 +441,13 @@ colon(char *cp)
|
@@ -436,8 +437,13 @@ colon(char *cp)
|
||||||
return (cp+1);
|
return (cp+1);
|
||||||
if (*cp == ':' && !flag)
|
if (*cp == ':' && !flag)
|
||||||
return (cp);
|
return (cp);
|
||||||
@ -25,23 +36,9 @@ diff -up openssh-5.1p1/misc.c.mls openssh-5.1p1/misc.c
|
|||||||
}
|
}
|
||||||
return (0);
|
return (0);
|
||||||
}
|
}
|
||||||
diff -up openssh-5.1p1/session.c.mls openssh-5.1p1/session.c
|
diff -up openssh-5.3p1/openbsd-compat/port-linux.c.mls openssh-5.3p1/openbsd-compat/port-linux.c
|
||||||
--- openssh-5.1p1/session.c.mls 2008-06-16 15:29:18.000000000 +0200
|
--- openssh-5.3p1/openbsd-compat/port-linux.c.mls 2009-10-02 14:04:31.000000000 +0200
|
||||||
+++ openssh-5.1p1/session.c 2008-07-23 18:53:37.000000000 +0200
|
+++ openssh-5.3p1/openbsd-compat/port-linux.c 2009-10-02 14:04:31.000000000 +0200
|
||||||
@@ -1550,10 +1550,6 @@ do_setusercontext(struct passwd *pw)
|
|
||||||
#endif
|
|
||||||
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
|
|
||||||
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
|
|
||||||
-
|
|
||||||
-#ifdef WITH_SELINUX
|
|
||||||
- ssh_selinux_setup_exec_context(pw->pw_name);
|
|
||||||
-#endif
|
|
||||||
}
|
|
||||||
|
|
||||||
static void
|
|
||||||
diff -up openssh-5.1p1/openbsd-compat/port-linux.c.mls openssh-5.1p1/openbsd-compat/port-linux.c
|
|
||||||
--- openssh-5.1p1/openbsd-compat/port-linux.c.mls 2008-07-23 18:53:37.000000000 +0200
|
|
||||||
+++ openssh-5.1p1/openbsd-compat/port-linux.c 2008-07-23 18:53:37.000000000 +0200
|
|
||||||
@@ -33,12 +33,23 @@
|
@@ -33,12 +33,23 @@
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
#include "hostfile.h"
|
#include "hostfile.h"
|
||||||
@ -419,20 +416,23 @@ diff -up openssh-5.1p1/openbsd-compat/port-linux.c.mls openssh-5.1p1/openbsd-com
|
|||||||
|
|
||||||
/* XXX: should these calls fatal() upon failure in enforcing mode? */
|
/* XXX: should these calls fatal() upon failure in enforcing mode? */
|
||||||
|
|
||||||
diff -up openssh-5.1p1/configure.ac.mls openssh-5.1p1/configure.ac
|
diff -up openssh-5.3p1/session.c.mls openssh-5.3p1/session.c
|
||||||
--- openssh-5.1p1/configure.ac.mls 2008-07-23 18:53:37.000000000 +0200
|
--- openssh-5.3p1/session.c.mls 2009-08-20 08:20:50.000000000 +0200
|
||||||
+++ openssh-5.1p1/configure.ac 2008-07-23 18:53:37.000000000 +0200
|
+++ openssh-5.3p1/session.c 2009-10-02 14:06:12.000000000 +0200
|
||||||
@@ -3311,6 +3311,7 @@ AC_ARG_WITH(selinux,
|
@@ -1550,10 +1550,6 @@ do_setusercontext(struct passwd *pw)
|
||||||
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
|
|
||||||
LIBS="$LIBS $LIBSELINUX"
|
if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid)
|
||||||
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
|
fatal("Failed to set uids to %u.", (u_int) pw->pw_uid);
|
||||||
+ AC_CHECK_FUNCS(setkeycreatecon)
|
-
|
||||||
LIBS="$save_LIBS"
|
-#ifdef WITH_SELINUX
|
||||||
fi ]
|
- ssh_selinux_setup_exec_context(pw->pw_name);
|
||||||
)
|
-#endif
|
||||||
diff -up openssh-5.1p1/sshd.c.mls openssh-5.1p1/sshd.c
|
}
|
||||||
--- openssh-5.1p1/sshd.c.mls 2008-07-23 18:53:37.000000000 +0200
|
|
||||||
+++ openssh-5.1p1/sshd.c 2008-07-23 18:53:37.000000000 +0200
|
static void
|
||||||
|
diff -up openssh-5.3p1/sshd.c.mls openssh-5.3p1/sshd.c
|
||||||
|
--- openssh-5.3p1/sshd.c.mls 2009-10-02 14:04:31.000000000 +0200
|
||||||
|
+++ openssh-5.3p1/sshd.c 2009-10-02 14:04:31.000000000 +0200
|
||||||
@@ -1896,6 +1896,9 @@ main(int ac, char **av)
|
@@ -1896,6 +1896,9 @@ main(int ac, char **av)
|
||||||
restore_uid();
|
restore_uid();
|
||||||
}
|
}
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.2p1/authfd.c.nss-keys openssh-5.2p1/authfd.c
|
diff -up openssh-5.3p1/authfd.c.nss-keys openssh-5.3p1/authfd.c
|
||||||
--- openssh-5.2p1/authfd.c.nss-keys 2006-09-01 07:38:36.000000000 +0200
|
--- openssh-5.3p1/authfd.c.nss-keys 2006-09-01 07:38:36.000000000 +0200
|
||||||
+++ openssh-5.2p1/authfd.c 2009-08-15 11:39:07.376618281 +0200
|
+++ openssh-5.3p1/authfd.c 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -626,6 +626,45 @@ ssh_update_card(AuthenticationConnection
|
@@ -626,6 +626,45 @@ ssh_update_card(AuthenticationConnection
|
||||||
return decode_reply(type);
|
return decode_reply(type);
|
||||||
}
|
}
|
||||||
@ -47,9 +47,9 @@ diff -up openssh-5.2p1/authfd.c.nss-keys openssh-5.2p1/authfd.c
|
|||||||
/*
|
/*
|
||||||
* Removes all identities from the agent. This call is not meant to be used
|
* Removes all identities from the agent. This call is not meant to be used
|
||||||
* by normal applications.
|
* by normal applications.
|
||||||
diff -up openssh-5.2p1/authfd.h.nss-keys openssh-5.2p1/authfd.h
|
diff -up openssh-5.3p1/authfd.h.nss-keys openssh-5.3p1/authfd.h
|
||||||
--- openssh-5.2p1/authfd.h.nss-keys 2006-08-05 04:39:39.000000000 +0200
|
--- openssh-5.3p1/authfd.h.nss-keys 2006-08-05 04:39:39.000000000 +0200
|
||||||
+++ openssh-5.2p1/authfd.h 2009-08-15 11:39:07.369353952 +0200
|
+++ openssh-5.3p1/authfd.h 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -49,6 +49,12 @@
|
@@ -49,6 +49,12 @@
|
||||||
#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
|
#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
|
||||||
#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
|
#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
|
||||||
@ -72,10 +72,10 @@ diff -up openssh-5.2p1/authfd.h.nss-keys openssh-5.2p1/authfd.h
|
|||||||
|
|
||||||
int
|
int
|
||||||
ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
|
ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
|
||||||
diff -up openssh-5.2p1/configure.ac.nss-keys openssh-5.2p1/configure.ac
|
diff -up openssh-5.3p1/configure.ac.nss-keys openssh-5.3p1/configure.ac
|
||||||
--- openssh-5.2p1/configure.ac.nss-keys 2009-08-15 11:39:07.161229467 +0200
|
--- openssh-5.3p1/configure.ac.nss-keys 2009-10-02 14:09:01.000000000 +0200
|
||||||
+++ openssh-5.2p1/configure.ac 2009-08-15 11:39:07.373539105 +0200
|
+++ openssh-5.3p1/configure.ac 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -3462,6 +3462,20 @@ AC_ARG_WITH(kerberos5,
|
@@ -3514,6 +3514,20 @@ AC_ARG_WITH(kerberos5,
|
||||||
]
|
]
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -96,7 +96,7 @@ diff -up openssh-5.2p1/configure.ac.nss-keys openssh-5.2p1/configure.ac
|
|||||||
# Looking for programs, paths and files
|
# Looking for programs, paths and files
|
||||||
|
|
||||||
PRIVSEP_PATH=/var/empty
|
PRIVSEP_PATH=/var/empty
|
||||||
@@ -4189,6 +4203,7 @@ echo " TCP Wrappers support
|
@@ -4240,6 +4254,7 @@ echo " TCP Wrappers support
|
||||||
echo " MD5 password support: $MD5_MSG"
|
echo " MD5 password support: $MD5_MSG"
|
||||||
echo " libedit support: $LIBEDIT_MSG"
|
echo " libedit support: $LIBEDIT_MSG"
|
||||||
echo " Solaris process contract support: $SPC_MSG"
|
echo " Solaris process contract support: $SPC_MSG"
|
||||||
@ -104,9 +104,9 @@ diff -up openssh-5.2p1/configure.ac.nss-keys openssh-5.2p1/configure.ac
|
|||||||
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
|
echo " IP address in \$DISPLAY hack: $DISPLAY_HACK_MSG"
|
||||||
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
|
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
|
||||||
echo " BSD Auth support: $BSD_AUTH_MSG"
|
echo " BSD Auth support: $BSD_AUTH_MSG"
|
||||||
diff -up openssh-5.2p1/key.c.nss-keys openssh-5.2p1/key.c
|
diff -up openssh-5.3p1/key.c.nss-keys openssh-5.3p1/key.c
|
||||||
--- openssh-5.2p1/key.c.nss-keys 2008-11-03 09:24:17.000000000 +0100
|
--- openssh-5.3p1/key.c.nss-keys 2008-11-03 09:24:17.000000000 +0100
|
||||||
+++ openssh-5.2p1/key.c 2009-08-15 11:39:07.363301772 +0200
|
+++ openssh-5.3p1/key.c 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -96,6 +96,54 @@ key_new(int type)
|
@@ -96,6 +96,54 @@ key_new(int type)
|
||||||
return k;
|
return k;
|
||||||
}
|
}
|
||||||
@ -182,9 +182,9 @@ diff -up openssh-5.2p1/key.c.nss-keys openssh-5.2p1/key.c
|
|||||||
xfree(k);
|
xfree(k);
|
||||||
}
|
}
|
||||||
|
|
||||||
diff -up openssh-5.2p1/key.h.nss-keys openssh-5.2p1/key.h
|
diff -up openssh-5.3p1/key.h.nss-keys openssh-5.3p1/key.h
|
||||||
--- openssh-5.2p1/key.h.nss-keys 2008-06-12 20:40:35.000000000 +0200
|
--- openssh-5.3p1/key.h.nss-keys 2008-06-12 20:40:35.000000000 +0200
|
||||||
+++ openssh-5.2p1/key.h 2009-08-15 11:39:07.388333558 +0200
|
+++ openssh-5.3p1/key.h 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -29,11 +29,17 @@
|
@@ -29,11 +29,17 @@
|
||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
#include <openssl/dsa.h>
|
#include <openssl/dsa.h>
|
||||||
@ -234,9 +234,9 @@ diff -up openssh-5.2p1/key.h.nss-keys openssh-5.2p1/key.h
|
|||||||
void key_free(Key *);
|
void key_free(Key *);
|
||||||
Key *key_demote(const Key *);
|
Key *key_demote(const Key *);
|
||||||
int key_equal(const Key *, const Key *);
|
int key_equal(const Key *, const Key *);
|
||||||
diff -up openssh-5.2p1/Makefile.in.nss-keys openssh-5.2p1/Makefile.in
|
diff -up openssh-5.3p1/Makefile.in.nss-keys openssh-5.3p1/Makefile.in
|
||||||
--- openssh-5.2p1/Makefile.in.nss-keys 2008-11-05 06:20:46.000000000 +0100
|
--- openssh-5.3p1/Makefile.in.nss-keys 2009-08-28 02:47:38.000000000 +0200
|
||||||
+++ openssh-5.2p1/Makefile.in 2009-08-15 11:39:07.387287237 +0200
|
+++ openssh-5.3p1/Makefile.in 2009-10-02 14:09:53.000000000 +0200
|
||||||
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
||||||
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
||||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
||||||
@ -245,10 +245,10 @@ diff -up openssh-5.2p1/Makefile.in.nss-keys openssh-5.2p1/Makefile.in
|
|||||||
+ entropy.o scard-opensc.o gss-genr.o umac.o jpake.o schnorr.o nsskeys.o
|
+ entropy.o scard-opensc.o gss-genr.o umac.o jpake.o schnorr.o nsskeys.o
|
||||||
|
|
||||||
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
|
||||||
sshconnect.o sshconnect1.o sshconnect2.o mux.o
|
sshconnect.o sshconnect1.o sshconnect2.o mux.o \
|
||||||
diff -up /dev/null openssh-5.2p1/nsskeys.c
|
diff -up /dev/null openssh-5.3p1/nsskeys.c
|
||||||
--- /dev/null 2009-08-11 04:59:51.783705773 +0200
|
--- /dev/null 2009-09-11 09:35:58.778798825 +0200
|
||||||
+++ openssh-5.2p1/nsskeys.c 2009-08-15 11:39:07.381280271 +0200
|
+++ openssh-5.3p1/nsskeys.c 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -0,0 +1,327 @@
|
@@ -0,0 +1,327 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
|
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||||
@ -577,9 +577,9 @@ diff -up /dev/null openssh-5.2p1/nsskeys.c
|
|||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+#endif /* HAVE_LIBNSS */
|
+#endif /* HAVE_LIBNSS */
|
||||||
diff -up /dev/null openssh-5.2p1/nsskeys.h
|
diff -up /dev/null openssh-5.3p1/nsskeys.h
|
||||||
--- /dev/null 2009-08-11 04:59:51.783705773 +0200
|
--- /dev/null 2009-09-11 09:35:58.778798825 +0200
|
||||||
+++ openssh-5.2p1/nsskeys.h 2009-08-15 11:39:07.385223433 +0200
|
+++ openssh-5.3p1/nsskeys.h 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -0,0 +1,39 @@
|
@@ -0,0 +1,39 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
|
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||||
@ -620,9 +620,9 @@ diff -up /dev/null openssh-5.2p1/nsskeys.h
|
|||||||
+
|
+
|
||||||
+#endif
|
+#endif
|
||||||
+#endif
|
+#endif
|
||||||
diff -up openssh-5.2p1/readconf.c.nss-keys openssh-5.2p1/readconf.c
|
diff -up openssh-5.3p1/readconf.c.nss-keys openssh-5.3p1/readconf.c
|
||||||
--- openssh-5.2p1/readconf.c.nss-keys 2009-02-14 06:28:21.000000000 +0100
|
--- openssh-5.3p1/readconf.c.nss-keys 2009-07-05 23:12:27.000000000 +0200
|
||||||
+++ openssh-5.2p1/readconf.c 2009-08-15 11:39:07.397161060 +0200
|
+++ openssh-5.3p1/readconf.c 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -124,6 +124,7 @@ typedef enum {
|
@@ -124,6 +124,7 @@ typedef enum {
|
||||||
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
||||||
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
||||||
@ -645,7 +645,7 @@ diff -up openssh-5.2p1/readconf.c.nss-keys openssh-5.2p1/readconf.c
|
|||||||
{ "clearallforwardings", oClearAllForwardings },
|
{ "clearallforwardings", oClearAllForwardings },
|
||||||
{ "enablesshkeysign", oEnableSSHKeysign },
|
{ "enablesshkeysign", oEnableSSHKeysign },
|
||||||
{ "verifyhostkeydns", oVerifyHostKeyDNS },
|
{ "verifyhostkeydns", oVerifyHostKeyDNS },
|
||||||
@@ -612,6 +620,14 @@ parse_string:
|
@@ -613,6 +621,14 @@ parse_string:
|
||||||
charptr = &options->smartcard_device;
|
charptr = &options->smartcard_device;
|
||||||
goto parse_string;
|
goto parse_string;
|
||||||
|
|
||||||
@ -660,7 +660,7 @@ diff -up openssh-5.2p1/readconf.c.nss-keys openssh-5.2p1/readconf.c
|
|||||||
case oProxyCommand:
|
case oProxyCommand:
|
||||||
charptr = &options->proxy_command;
|
charptr = &options->proxy_command;
|
||||||
parse_command:
|
parse_command:
|
||||||
@@ -1047,6 +1063,8 @@ initialize_options(Options * options)
|
@@ -1052,6 +1068,8 @@ initialize_options(Options * options)
|
||||||
options->preferred_authentications = NULL;
|
options->preferred_authentications = NULL;
|
||||||
options->bind_address = NULL;
|
options->bind_address = NULL;
|
||||||
options->smartcard_device = NULL;
|
options->smartcard_device = NULL;
|
||||||
@ -669,7 +669,7 @@ diff -up openssh-5.2p1/readconf.c.nss-keys openssh-5.2p1/readconf.c
|
|||||||
options->enable_ssh_keysign = - 1;
|
options->enable_ssh_keysign = - 1;
|
||||||
options->no_host_authentication_for_localhost = - 1;
|
options->no_host_authentication_for_localhost = - 1;
|
||||||
options->identities_only = - 1;
|
options->identities_only = - 1;
|
||||||
@@ -1177,6 +1195,8 @@ fill_default_options(Options * options)
|
@@ -1183,6 +1201,8 @@ fill_default_options(Options * options)
|
||||||
options->no_host_authentication_for_localhost = 0;
|
options->no_host_authentication_for_localhost = 0;
|
||||||
if (options->identities_only == -1)
|
if (options->identities_only == -1)
|
||||||
options->identities_only = 0;
|
options->identities_only = 0;
|
||||||
@ -678,9 +678,9 @@ diff -up openssh-5.2p1/readconf.c.nss-keys openssh-5.2p1/readconf.c
|
|||||||
if (options->enable_ssh_keysign == -1)
|
if (options->enable_ssh_keysign == -1)
|
||||||
options->enable_ssh_keysign = 0;
|
options->enable_ssh_keysign = 0;
|
||||||
if (options->rekey_limit == -1)
|
if (options->rekey_limit == -1)
|
||||||
diff -up openssh-5.2p1/readconf.h.nss-keys openssh-5.2p1/readconf.h
|
diff -up openssh-5.3p1/readconf.h.nss-keys openssh-5.3p1/readconf.h
|
||||||
--- openssh-5.2p1/readconf.h.nss-keys 2009-02-14 06:28:21.000000000 +0100
|
--- openssh-5.3p1/readconf.h.nss-keys 2009-07-05 23:12:27.000000000 +0200
|
||||||
+++ openssh-5.2p1/readconf.h 2009-08-15 11:39:07.377835083 +0200
|
+++ openssh-5.3p1/readconf.h 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -85,6 +85,8 @@ typedef struct {
|
@@ -85,6 +85,8 @@ typedef struct {
|
||||||
char *preferred_authentications;
|
char *preferred_authentications;
|
||||||
char *bind_address; /* local socket address for connection to sshd */
|
char *bind_address; /* local socket address for connection to sshd */
|
||||||
@ -690,9 +690,9 @@ diff -up openssh-5.2p1/readconf.h.nss-keys openssh-5.2p1/readconf.h
|
|||||||
int verify_host_key_dns; /* Verify host key using DNS */
|
int verify_host_key_dns; /* Verify host key using DNS */
|
||||||
|
|
||||||
int num_identity_files; /* Number of files for RSA/DSA identities. */
|
int num_identity_files; /* Number of files for RSA/DSA identities. */
|
||||||
diff -up openssh-5.2p1/ssh-add.c.nss-keys openssh-5.2p1/ssh-add.c
|
diff -up openssh-5.3p1/ssh-add.c.nss-keys openssh-5.3p1/ssh-add.c
|
||||||
--- openssh-5.2p1/ssh-add.c.nss-keys 2008-02-28 09:13:52.000000000 +0100
|
--- openssh-5.3p1/ssh-add.c.nss-keys 2008-02-28 09:13:52.000000000 +0100
|
||||||
+++ openssh-5.2p1/ssh-add.c 2009-08-15 11:39:07.414164844 +0200
|
+++ openssh-5.3p1/ssh-add.c 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -44,6 +44,14 @@
|
@@ -44,6 +44,14 @@
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
#include "openbsd-compat/openssl-compat.h"
|
#include "openbsd-compat/openssl-compat.h"
|
||||||
@ -930,9 +930,9 @@ diff -up openssh-5.2p1/ssh-add.c.nss-keys openssh-5.2p1/ssh-add.c
|
|||||||
if (argc == 0) {
|
if (argc == 0) {
|
||||||
char buf[MAXPATHLEN];
|
char buf[MAXPATHLEN];
|
||||||
struct passwd *pw;
|
struct passwd *pw;
|
||||||
diff -up openssh-5.2p1/ssh-agent.c.nss-keys openssh-5.2p1/ssh-agent.c
|
diff -up openssh-5.3p1/ssh-agent.c.nss-keys openssh-5.3p1/ssh-agent.c
|
||||||
--- openssh-5.2p1/ssh-agent.c.nss-keys 2008-07-04 15:10:49.000000000 +0200
|
--- openssh-5.3p1/ssh-agent.c.nss-keys 2009-06-21 09:50:15.000000000 +0200
|
||||||
+++ openssh-5.2p1/ssh-agent.c 2009-08-15 11:39:07.368143486 +0200
|
+++ openssh-5.3p1/ssh-agent.c 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -80,6 +80,10 @@
|
@@ -80,6 +80,10 @@
|
||||||
#include "scard.h"
|
#include "scard.h"
|
||||||
#endif
|
#endif
|
||||||
@ -1075,10 +1075,10 @@ diff -up openssh-5.2p1/ssh-agent.c.nss-keys openssh-5.2p1/ssh-agent.c
|
|||||||
default:
|
default:
|
||||||
/* Unknown message. Respond with failure. */
|
/* Unknown message. Respond with failure. */
|
||||||
error("Unknown message %d", type);
|
error("Unknown message %d", type);
|
||||||
diff -up openssh-5.2p1/ssh.c.nss-keys openssh-5.2p1/ssh.c
|
diff -up openssh-5.3p1/ssh.c.nss-keys openssh-5.3p1/ssh.c
|
||||||
--- openssh-5.2p1/ssh.c.nss-keys 2009-02-14 06:28:21.000000000 +0100
|
--- openssh-5.3p1/ssh.c.nss-keys 2009-07-05 23:16:56.000000000 +0200
|
||||||
+++ openssh-5.2p1/ssh.c 2009-08-15 11:39:07.383383769 +0200
|
+++ openssh-5.3p1/ssh.c 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -104,6 +104,9 @@
|
@@ -105,6 +105,9 @@
|
||||||
#ifdef SMARTCARD
|
#ifdef SMARTCARD
|
||||||
#include "scard.h"
|
#include "scard.h"
|
||||||
#endif
|
#endif
|
||||||
@ -1088,7 +1088,7 @@ diff -up openssh-5.2p1/ssh.c.nss-keys openssh-5.2p1/ssh.c
|
|||||||
|
|
||||||
extern char *__progname;
|
extern char *__progname;
|
||||||
|
|
||||||
@@ -1231,9 +1234,11 @@ load_public_identity_files(void)
|
@@ -1234,9 +1237,11 @@ load_public_identity_files(void)
|
||||||
int i = 0;
|
int i = 0;
|
||||||
Key *public;
|
Key *public;
|
||||||
struct passwd *pw;
|
struct passwd *pw;
|
||||||
@ -1101,7 +1101,7 @@ diff -up openssh-5.2p1/ssh.c.nss-keys openssh-5.2p1/ssh.c
|
|||||||
if (options.smartcard_device != NULL &&
|
if (options.smartcard_device != NULL &&
|
||||||
options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
|
options.num_identity_files < SSH_MAX_IDENTITY_FILES &&
|
||||||
(keys = sc_get_keys(options.smartcard_device, NULL)) != NULL) {
|
(keys = sc_get_keys(options.smartcard_device, NULL)) != NULL) {
|
||||||
@@ -1256,6 +1261,27 @@ load_public_identity_files(void)
|
@@ -1259,6 +1264,27 @@ load_public_identity_files(void)
|
||||||
xfree(keys);
|
xfree(keys);
|
||||||
}
|
}
|
||||||
#endif /* SMARTCARD */
|
#endif /* SMARTCARD */
|
||||||
@ -1129,9 +1129,9 @@ diff -up openssh-5.2p1/ssh.c.nss-keys openssh-5.2p1/ssh.c
|
|||||||
if ((pw = getpwuid(original_real_uid)) == NULL)
|
if ((pw = getpwuid(original_real_uid)) == NULL)
|
||||||
fatal("load_public_identity_files: getpwuid failed");
|
fatal("load_public_identity_files: getpwuid failed");
|
||||||
pwname = xstrdup(pw->pw_name);
|
pwname = xstrdup(pw->pw_name);
|
||||||
diff -up openssh-5.2p1/ssh-dss.c.nss-keys openssh-5.2p1/ssh-dss.c
|
diff -up openssh-5.3p1/ssh-dss.c.nss-keys openssh-5.3p1/ssh-dss.c
|
||||||
--- openssh-5.2p1/ssh-dss.c.nss-keys 2006-11-07 13:14:42.000000000 +0100
|
--- openssh-5.3p1/ssh-dss.c.nss-keys 2006-11-07 13:14:42.000000000 +0100
|
||||||
+++ openssh-5.2p1/ssh-dss.c 2009-08-15 11:39:07.365182193 +0200
|
+++ openssh-5.3p1/ssh-dss.c 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -39,6 +39,10 @@
|
@@ -39,6 +39,10 @@
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
@ -1189,9 +1189,9 @@ diff -up openssh-5.2p1/ssh-dss.c.nss-keys openssh-5.2p1/ssh-dss.c
|
|||||||
if (datafellows & SSH_BUG_SIGBLOB) {
|
if (datafellows & SSH_BUG_SIGBLOB) {
|
||||||
if (lenp != NULL)
|
if (lenp != NULL)
|
||||||
*lenp = SIGBLOB_LEN;
|
*lenp = SIGBLOB_LEN;
|
||||||
diff -up openssh-5.2p1/ssh-keygen.c.nss-keys openssh-5.2p1/ssh-keygen.c
|
diff -up openssh-5.3p1/ssh-keygen.c.nss-keys openssh-5.3p1/ssh-keygen.c
|
||||||
--- openssh-5.2p1/ssh-keygen.c.nss-keys 2009-02-21 22:47:02.000000000 +0100
|
--- openssh-5.3p1/ssh-keygen.c.nss-keys 2009-06-22 08:11:07.000000000 +0200
|
||||||
+++ openssh-5.2p1/ssh-keygen.c 2009-08-15 11:39:07.395366022 +0200
|
+++ openssh-5.3p1/ssh-keygen.c 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -53,6 +53,11 @@
|
@@ -53,6 +53,11 @@
|
||||||
#include "scard.h"
|
#include "scard.h"
|
||||||
#endif
|
#endif
|
||||||
@ -1293,9 +1293,9 @@ diff -up openssh-5.2p1/ssh-keygen.c.nss-keys openssh-5.2p1/ssh-keygen.c
|
|||||||
if (reader_id != NULL) {
|
if (reader_id != NULL) {
|
||||||
#ifdef SMARTCARD
|
#ifdef SMARTCARD
|
||||||
if (download)
|
if (download)
|
||||||
diff -up openssh-5.2p1/ssh-rsa.c.nss-keys openssh-5.2p1/ssh-rsa.c
|
diff -up openssh-5.3p1/ssh-rsa.c.nss-keys openssh-5.3p1/ssh-rsa.c
|
||||||
--- openssh-5.2p1/ssh-rsa.c.nss-keys 2006-09-01 07:38:37.000000000 +0200
|
--- openssh-5.3p1/ssh-rsa.c.nss-keys 2006-09-01 07:38:37.000000000 +0200
|
||||||
+++ openssh-5.2p1/ssh-rsa.c 2009-08-15 11:39:07.393249953 +0200
|
+++ openssh-5.3p1/ssh-rsa.c 2009-10-02 14:09:01.000000000 +0200
|
||||||
@@ -32,6 +32,10 @@
|
@@ -32,6 +32,10 @@
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-5.2p1/contrib/ssh-copy-id.selabel openssh-5.2p1/contrib/ssh-copy-id
|
diff -up openssh-5.3p1/contrib/ssh-copy-id.selabel openssh-5.3p1/contrib/ssh-copy-id
|
||||||
--- openssh-5.2p1/contrib/ssh-copy-id.selabel 2009-01-21 10:29:21.000000000 +0100
|
--- openssh-5.3p1/contrib/ssh-copy-id.selabel 2009-01-21 10:29:21.000000000 +0100
|
||||||
+++ openssh-5.2p1/contrib/ssh-copy-id 2009-07-08 14:28:27.000000000 +0200
|
+++ openssh-5.3p1/contrib/ssh-copy-id 2009-10-02 14:21:54.000000000 +0200
|
||||||
@@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] ||
|
@@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] ||
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
@ -10,10 +10,10 @@ diff -up openssh-5.2p1/contrib/ssh-copy-id.selabel openssh-5.2p1/contrib/ssh-cop
|
|||||||
|
|
||||||
cat <<EOF
|
cat <<EOF
|
||||||
Now try logging into the machine, with "ssh '$1'", and check in:
|
Now try logging into the machine, with "ssh '$1'", and check in:
|
||||||
diff -up openssh-5.2p1/Makefile.in.selabel openssh-5.2p1/Makefile.in
|
diff -up openssh-5.3p1/Makefile.in.selabel openssh-5.3p1/Makefile.in
|
||||||
--- openssh-5.2p1/Makefile.in.selabel 2009-07-08 14:28:25.000000000 +0200
|
--- openssh-5.3p1/Makefile.in.selabel 2009-10-02 14:21:54.000000000 +0200
|
||||||
+++ openssh-5.2p1/Makefile.in 2009-07-08 14:28:27.000000000 +0200
|
+++ openssh-5.3p1/Makefile.in 2009-10-02 14:23:23.000000000 +0200
|
||||||
@@ -134,7 +134,7 @@ libssh.a: $(LIBSSH_OBJS)
|
@@ -136,7 +136,7 @@ libssh.a: $(LIBSSH_OBJS)
|
||||||
$(RANLIB) $@
|
$(RANLIB) $@
|
||||||
|
|
||||||
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
|
||||||
@ -21,10 +21,10 @@ diff -up openssh-5.2p1/Makefile.in.selabel openssh-5.2p1/Makefile.in
|
|||||||
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck -lselinux $(LIBS)
|
+ $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck -lselinux $(LIBS)
|
||||||
|
|
||||||
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
|
||||||
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) -lfipscheck $(LIBS)
|
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)
|
||||||
diff -up openssh-5.2p1/ssh.c.selabel openssh-5.2p1/ssh.c
|
diff -up openssh-5.3p1/ssh.c.selabel openssh-5.3p1/ssh.c
|
||||||
--- openssh-5.2p1/ssh.c.selabel 2009-07-08 14:28:27.000000000 +0200
|
--- openssh-5.3p1/ssh.c.selabel 2009-10-02 14:21:54.000000000 +0200
|
||||||
+++ openssh-5.2p1/ssh.c 2009-07-08 14:34:00.000000000 +0200
|
+++ openssh-5.3p1/ssh.c 2009-10-02 14:21:54.000000000 +0200
|
||||||
@@ -74,6 +74,7 @@
|
@@ -74,6 +74,7 @@
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
#include <openssl/fips.h>
|
#include <openssl/fips.h>
|
||||||
@ -33,7 +33,7 @@ diff -up openssh-5.2p1/ssh.c.selabel openssh-5.2p1/ssh.c
|
|||||||
#include "openbsd-compat/openssl-compat.h"
|
#include "openbsd-compat/openssl-compat.h"
|
||||||
#include "openbsd-compat/sys-queue.h"
|
#include "openbsd-compat/sys-queue.h"
|
||||||
|
|
||||||
@@ -791,10 +792,15 @@ main(int ac, char **av)
|
@@ -792,10 +793,15 @@ main(int ac, char **av)
|
||||||
*/
|
*/
|
||||||
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
|
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
|
||||||
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
|
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
|
24
openssh-5.3p1-skip-initial.patch
Normal file
24
openssh-5.3p1-skip-initial.patch
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
diff -up openssh-5.3p1/auth1.c.skip-initial openssh-5.3p1/auth1.c
|
||||||
|
--- openssh-5.3p1/auth1.c.skip-initial 2009-03-08 01:40:28.000000000 +0100
|
||||||
|
+++ openssh-5.3p1/auth1.c 2009-10-02 13:55:00.000000000 +0200
|
||||||
|
@@ -244,7 +244,7 @@ do_authloop(Authctxt *authctxt)
|
||||||
|
authctxt->valid ? "" : "invalid user ", authctxt->user);
|
||||||
|
|
||||||
|
/* If the user has no password, accept authentication immediately. */
|
||||||
|
- if (options.password_authentication &&
|
||||||
|
+ if (options.permit_empty_passwd && options.password_authentication &&
|
||||||
|
#ifdef KRB5
|
||||||
|
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
|
||||||
|
#endif
|
||||||
|
diff -up openssh-5.3p1/auth2-none.c.skip-initial openssh-5.3p1/auth2-none.c
|
||||||
|
--- openssh-5.3p1/auth2-none.c.skip-initial 2009-03-08 01:40:28.000000000 +0100
|
||||||
|
+++ openssh-5.3p1/auth2-none.c 2009-10-02 13:56:21.000000000 +0200
|
||||||
|
@@ -61,7 +61,7 @@ userauth_none(Authctxt *authctxt)
|
||||||
|
{
|
||||||
|
none_enabled = 0;
|
||||||
|
packet_check_eom();
|
||||||
|
- if (options.password_authentication)
|
||||||
|
+ if (options.permit_empty_passwd && options.password_authentication)
|
||||||
|
return (PRIVSEP(auth_password(authctxt, "")));
|
||||||
|
return (0);
|
||||||
|
}
|
@ -63,7 +63,7 @@
|
|||||||
Summary: An open source implementation of SSH protocol versions 1 and 2
|
Summary: An open source implementation of SSH protocol versions 1 and 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
Version: 5.3p1
|
Version: 5.3p1
|
||||||
Release: 1%{?dist}%{?rescue_rel}
|
Release: 2%{?dist}%{?rescue_rel}
|
||||||
URL: http://www.openssh.com/portable.html
|
URL: http://www.openssh.com/portable.html
|
||||||
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||||
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
|
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
|
||||||
@ -460,7 +460,7 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
* Fri Oct 2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-1
|
* Fri Oct 2 2009 Jan F. Chadima <jchadima@redhat.com> - 5.3p1-2
|
||||||
- Upgrade to new wersion 5.3p1
|
- Upgrade to new wersion 5.3p1
|
||||||
|
|
||||||
* Tue Sep 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-29
|
* Tue Sep 29 2009 Jan F. Chadima <jchadima@redhat.com> - 5.2p1-29
|
||||||
|
Loading…
Reference in New Issue
Block a user