forked from rpms/openssh
- Rebased to openssh5.6p1
- Added -z relro -z now to LDFLAGS
This commit is contained in:
parent
d675c0b550
commit
c6801b909e
@ -1,6 +1,6 @@
|
||||
diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c
|
||||
--- openssh-5.6p1/auth2-pubkey.c.akc 2010-08-23 12:15:42.000000000 +0200
|
||||
+++ openssh-5.6p1/auth2-pubkey.c 2010-08-23 12:15:42.000000000 +0200
|
||||
--- openssh-5.6p1/auth2-pubkey.c.akc 2010-09-03 15:24:51.000000000 +0200
|
||||
+++ openssh-5.6p1/auth2-pubkey.c 2010-09-03 15:24:51.000000000 +0200
|
||||
@@ -27,6 +27,7 @@
|
||||
|
||||
#include <sys/types.h>
|
||||
@ -241,8 +241,8 @@ diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c
|
||||
return 0;
|
||||
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
|
||||
diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac
|
||||
--- openssh-5.6p1/configure.ac.akc 2010-08-23 12:15:42.000000000 +0200
|
||||
+++ openssh-5.6p1/configure.ac 2010-08-23 12:15:42.000000000 +0200
|
||||
--- openssh-5.6p1/configure.ac.akc 2010-09-03 15:24:51.000000000 +0200
|
||||
+++ openssh-5.6p1/configure.ac 2010-09-03 15:24:51.000000000 +0200
|
||||
@@ -1346,6 +1346,18 @@ AC_ARG_WITH(audit,
|
||||
esac ]
|
||||
)
|
||||
@ -271,8 +271,8 @@ diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac
|
||||
echo " libedit support: $LIBEDIT_MSG"
|
||||
echo " Solaris process contract support: $SPC_MSG"
|
||||
diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c
|
||||
--- openssh-5.6p1/servconf.c.akc 2010-08-23 12:15:41.000000000 +0200
|
||||
+++ openssh-5.6p1/servconf.c 2010-08-23 12:22:22.000000000 +0200
|
||||
--- openssh-5.6p1/servconf.c.akc 2010-09-03 15:24:50.000000000 +0200
|
||||
+++ openssh-5.6p1/servconf.c 2010-09-03 15:24:51.000000000 +0200
|
||||
@@ -129,6 +129,8 @@ initialize_server_options(ServerOptions
|
||||
options->num_permitted_opens = -1;
|
||||
options->adm_forced_command = NULL;
|
||||
@ -344,8 +344,8 @@ diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c
|
||||
/* string arguments requiring a lookup */
|
||||
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
|
||||
diff -up openssh-5.6p1/servconf.h.akc openssh-5.6p1/servconf.h
|
||||
--- openssh-5.6p1/servconf.h.akc 2010-08-23 12:15:41.000000000 +0200
|
||||
+++ openssh-5.6p1/servconf.h 2010-08-23 12:17:58.000000000 +0200
|
||||
--- openssh-5.6p1/servconf.h.akc 2010-09-03 15:24:50.000000000 +0200
|
||||
+++ openssh-5.6p1/servconf.h 2010-09-03 15:24:51.000000000 +0200
|
||||
@@ -158,6 +158,8 @@ typedef struct {
|
||||
char *revoked_keys_file;
|
||||
char *trusted_user_ca_keys;
|
||||
@ -356,9 +356,33 @@ diff -up openssh-5.6p1/servconf.h.akc openssh-5.6p1/servconf.h
|
||||
|
||||
void initialize_server_options(ServerOptions *);
|
||||
diff -up openssh-5.6p1/sshd_config.0.akc openssh-5.6p1/sshd_config.0
|
||||
--- openssh-5.6p1/sshd_config.0.akc 2010-08-23 12:15:41.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config.0 2010-08-23 12:25:18.000000000 +0200
|
||||
@@ -374,7 +374,8 @@ DESCRIPTION
|
||||
--- openssh-5.6p1/sshd_config.0.akc 2010-09-03 15:24:50.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config.0 2010-09-03 15:27:26.000000000 +0200
|
||||
@@ -71,6 +71,23 @@ DESCRIPTION
|
||||
|
||||
See PATTERNS in ssh_config(5) for more information on patterns.
|
||||
|
||||
+ AuthorizedKeysCommand
|
||||
+
|
||||
+ Specifies a program to be used for lookup of the user's
|
||||
+ public keys. The program will be invoked with its first
|
||||
+ argument the name of the user being authorized, and should produce
|
||||
+ on standard output AuthorizedKeys lines (see AUTHORIZED_KEYS
|
||||
+ in sshd(8)). By default (or when set to the empty string) there is no
|
||||
+ AuthorizedKeysCommand run. If the AuthorizedKeysCommand does not successfully
|
||||
+ authorize the user, authorization falls through to the
|
||||
+ AuthorizedKeysFile. Note that this option has an effect
|
||||
+ only with PubkeyAuthentication turned on.
|
||||
+
|
||||
+ AuthorizedKeysCommandRunAs
|
||||
+ Specifies the user under whose account the AuthorizedKeysCommand is run.
|
||||
+ Empty string (the default value) means the user being authorized
|
||||
+ is used.
|
||||
+
|
||||
AuthorizedKeysFile
|
||||
Specifies the file that contains the public keys that can be used
|
||||
for user authentication. The format is described in the
|
||||
@@ -375,7 +392,8 @@ DESCRIPTION
|
||||
|
||||
Only a subset of keywords may be used on the lines following a
|
||||
Match keyword. Available keywords are AllowAgentForwarding,
|
||||
@ -368,33 +392,9 @@ diff -up openssh-5.6p1/sshd_config.0.akc openssh-5.6p1/sshd_config.0
|
||||
Banner, ChrootDirectory, ForceCommand, GatewayPorts,
|
||||
GSSAPIAuthentication, HostbasedAuthentication,
|
||||
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
|
||||
@@ -496,6 +497,23 @@ DESCRIPTION
|
||||
this file is not readable, then public key authentication will be
|
||||
refused for all users.
|
||||
|
||||
+ AuthorizedKeysCommand
|
||||
+
|
||||
+ Specifies a program to be used for lookup of the user's
|
||||
+ public keys. The program will be invoked with its first
|
||||
+ argument the name of the user being authorized, and should produce
|
||||
+ on standard output AuthorizedKeys lines (see AUTHORIZED_KEYS
|
||||
+ in sshd(8)). By default (or when set to the empty string) there is no
|
||||
+ AuthorizedKeysCommand run. If the AuthorizedKeysCommand does not successfully
|
||||
+ authorize the user, authorization falls through to the
|
||||
+ AuthorizedKeysFile. Note that this option has an effect
|
||||
+ only with PubkeyAuthentication turned on.
|
||||
+
|
||||
+ AuthorizedKeysCommandRunAs
|
||||
+ Specifies the user under whose account the AuthorizedKeysCommand is run.
|
||||
+ Empty string (the default value) means the user being authorized
|
||||
+ is used.
|
||||
+
|
||||
RhostsRSAAuthentication
|
||||
Specifies whether rhosts or /etc/hosts.equiv authentication to-
|
||||
gether with successful RSA host authentication is allowed. The
|
||||
diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5
|
||||
--- openssh-5.6p1/sshd_config.5.akc 2010-08-23 12:15:41.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config.5 2010-08-23 12:25:46.000000000 +0200
|
||||
--- openssh-5.6p1/sshd_config.5.akc 2010-09-03 15:24:50.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config.5 2010-09-03 15:24:51.000000000 +0200
|
||||
@@ -654,6 +654,8 @@ Available keywords are
|
||||
.Cm AllowAgentForwarding ,
|
||||
.Cm AllowTcpForwarding ,
|
||||
@ -434,8 +434,8 @@ diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5
|
||||
Specifies whether rhosts or /etc/hosts.equiv authentication together
|
||||
with successful RSA host authentication is allowed.
|
||||
diff -up openssh-5.6p1/sshd_config.akc openssh-5.6p1/sshd_config
|
||||
--- openssh-5.6p1/sshd_config.akc 2010-08-23 12:15:41.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config 2010-08-23 12:15:42.000000000 +0200
|
||||
--- openssh-5.6p1/sshd_config.akc 2010-09-03 15:24:50.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config 2010-09-03 15:24:51.000000000 +0200
|
||||
@@ -45,6 +45,8 @@ SyslogFacility AUTHPRIV
|
||||
#RSAAuthentication yes
|
||||
#PubkeyAuthentication yes
|
||||
|
@ -1,6 +1,6 @@
|
||||
diff -up openssh-5.4p1/ssh_config.redhat openssh-5.4p1/ssh_config
|
||||
--- openssh-5.4p1/ssh_config.redhat 2010-01-12 09:40:27.000000000 +0100
|
||||
+++ openssh-5.4p1/ssh_config 2010-03-01 15:15:51.000000000 +0100
|
||||
diff -up openssh-5.6p1/ssh_config.redhat openssh-5.6p1/ssh_config
|
||||
--- openssh-5.6p1/ssh_config.redhat 2010-01-12 09:40:27.000000000 +0100
|
||||
+++ openssh-5.6p1/ssh_config 2010-09-03 15:21:17.000000000 +0200
|
||||
@@ -45,3 +45,14 @@
|
||||
# PermitLocalCommand no
|
||||
# VisualHostKey no
|
||||
@ -16,26 +16,26 @@ diff -up openssh-5.4p1/ssh_config.redhat openssh-5.4p1/ssh_config
|
||||
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
|
||||
+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
|
||||
+ SendEnv XMODIFIERS
|
||||
diff -up openssh-5.4p1/sshd_config.0.redhat openssh-5.4p1/sshd_config.0
|
||||
--- openssh-5.4p1/sshd_config.0.redhat 2010-03-01 14:30:04.000000000 +0100
|
||||
+++ openssh-5.4p1/sshd_config.0 2010-03-01 15:14:13.000000000 +0100
|
||||
@@ -501,9 +501,9 @@ DESCRIPTION
|
||||
diff -up openssh-5.6p1/sshd_config.0.redhat openssh-5.6p1/sshd_config.0
|
||||
--- openssh-5.6p1/sshd_config.0.redhat 2010-08-23 05:24:16.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config.0 2010-09-03 15:23:20.000000000 +0200
|
||||
@@ -537,9 +537,9 @@ DESCRIPTION
|
||||
|
||||
SyslogFacility
|
||||
Gives the facility code that is used when logging messages from
|
||||
- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,
|
||||
- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de-
|
||||
- fault is AUTH.
|
||||
- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
|
||||
- default is AUTH.
|
||||
+ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
|
||||
+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
|
||||
+ The default is AUTH.
|
||||
|
||||
TCPKeepAlive
|
||||
Specifies whether the system should send TCP keepalive messages
|
||||
diff -up openssh-5.4p1/sshd_config.5.redhat openssh-5.4p1/sshd_config.5
|
||||
--- openssh-5.4p1/sshd_config.5.redhat 2010-02-26 21:55:06.000000000 +0100
|
||||
+++ openssh-5.4p1/sshd_config.5 2010-03-01 15:14:14.000000000 +0100
|
||||
@@ -865,7 +865,7 @@ Note that this option applies to protoco
|
||||
diff -up openssh-5.6p1/sshd_config.5.redhat openssh-5.6p1/sshd_config.5
|
||||
--- openssh-5.6p1/sshd_config.5.redhat 2010-07-02 05:37:17.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config.5 2010-09-03 15:21:17.000000000 +0200
|
||||
@@ -919,7 +919,7 @@ Note that this option applies to protoco
|
||||
.It Cm SyslogFacility
|
||||
Gives the facility code that is used when logging messages from
|
||||
.Xr sshd 8 .
|
||||
@ -44,9 +44,9 @@ diff -up openssh-5.4p1/sshd_config.5.redhat openssh-5.4p1/sshd_config.5
|
||||
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
|
||||
The default is AUTH.
|
||||
.It Cm TCPKeepAlive
|
||||
diff -up openssh-5.4p1/sshd_config.redhat openssh-5.4p1/sshd_config
|
||||
--- openssh-5.4p1/sshd_config.redhat 2009-10-11 12:51:09.000000000 +0200
|
||||
+++ openssh-5.4p1/sshd_config 2010-03-01 15:14:14.000000000 +0100
|
||||
diff -up openssh-5.6p1/sshd_config.redhat openssh-5.6p1/sshd_config
|
||||
--- openssh-5.6p1/sshd_config.redhat 2009-10-11 12:51:09.000000000 +0200
|
||||
+++ openssh-5.6p1/sshd_config 2010-09-03 15:21:17.000000000 +0200
|
||||
@@ -31,6 +31,7 @@
|
||||
# Logging
|
||||
# obsoletes QuietMode and FascistLogging
|
10
openssh.spec
10
openssh.spec
@ -71,7 +71,7 @@
|
||||
|
||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||
%define openssh_ver 5.6p1
|
||||
%define openssh_rel 1
|
||||
%define openssh_rel 2
|
||||
%define pam_ssh_agent_ver 0.9.2
|
||||
%define pam_ssh_agent_rel 27
|
||||
|
||||
@ -93,7 +93,7 @@ Source3: sshd.init
|
||||
Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
|
||||
Source5: pam_ssh_agent-rmheaders
|
||||
|
||||
Patch0: openssh-5.4p1-redhat.patch
|
||||
Patch0: openssh-5.6p1-redhat.patch
|
||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640
|
||||
Patch4: openssh-5.2p1-vendor.patch
|
||||
Patch10: pam_ssh_agent_auth-0.9-build.patch
|
||||
@ -317,7 +317,7 @@ CFLAGS="$CFLAGS -fpic"
|
||||
%endif
|
||||
export CFLAGS
|
||||
SAVE_LDFLAGS="$LDFLAGS"
|
||||
LDFLAGS="$LDFLAGS -pie"; export LDFLAGS
|
||||
LDFLAGS="$LDFLAGS -pie -z relro -z now"; export LDFLAGS
|
||||
%endif
|
||||
%if %{kerberos5}
|
||||
if test -r /etc/profile.d/krb5-devel.sh ; then
|
||||
@ -579,6 +579,10 @@ fi
|
||||
%endif
|
||||
|
||||
%changelog
|
||||
* Fri Sep 3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-1 + 0.9.2-27
|
||||
- Rebased to openssh5.6p1
|
||||
- Added -z relro -z now to LDFLAGS
|
||||
|
||||
* Wed Jul 7 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-18 + 0.9.2-26
|
||||
- merged with newer bugzilla's version of authorized keys command patch
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user