From ca47f639419eb6891d25aae2078bb9817aebb828 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Mr=C3=A1z?= <tmraz@fedoraproject.org>
Date: Mon, 7 Apr 2008 20:14:31 +0000
Subject: [PATCH] - upgrade to new upstream (#441066) - prevent initscript from
killing itself on halt with upstart (#438449) - initscript status should show
that the daemon is running only when the main daemon is still alive
(#430882)
---
.cvsignore | 2 +-
openssh-3.9p1-skip-used.patch | 12 --
openssh-4.2p1-pam-no-stack.patch | 16 ---
openssh-4.3p2-initscript.patch | 66 ----------
openssh-4.5p1-controlcleanup.patch | 15 +++
openssh-4.7p1-master-race.patch | 85 +++++++++++++
openssh-4.7p1-mls.patch | 6 -
openssh-4.7p1-packetdefsize.patch | 25 ----
openssh-4.7p1-pam-session.patch | 137 ---------------------
openssh-4.7p1-sftp-doclose.patch | 13 --
openssh-4.7p1-sftp-drain-acks.patch | 71 -----------
openssh-4.7p1-sshd-v6only.patch | 30 -----
openssh.spec | 41 +++----
sources | 2 +-
sshd.init | 182 ++++++++++++++++++++++++++++
sshd.pam | 8 ++
16 files changed, 312 insertions(+), 399 deletions(-)
delete mode 100644 openssh-3.9p1-skip-used.patch
delete mode 100644 openssh-4.2p1-pam-no-stack.patch
delete mode 100644 openssh-4.3p2-initscript.patch
create mode 100644 openssh-4.5p1-controlcleanup.patch
create mode 100644 openssh-4.7p1-master-race.patch
delete mode 100644 openssh-4.7p1-packetdefsize.patch
delete mode 100644 openssh-4.7p1-pam-session.patch
delete mode 100644 openssh-4.7p1-sftp-doclose.patch
delete mode 100644 openssh-4.7p1-sftp-drain-acks.patch
delete mode 100644 openssh-4.7p1-sshd-v6only.patch
create mode 100755 sshd.init
create mode 100644 sshd.pam
diff --git a/.cvsignore b/.cvsignore
index f41a76f..f169a74 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1 +1 @@
-openssh-4.7p1-noacss.tar.bz2
+openssh-5.0p1-noacss.tar.bz2
diff --git a/openssh-3.9p1-skip-used.patch b/openssh-3.9p1-skip-used.patch
deleted file mode 100644
index 95ba3d1..0000000
--- a/openssh-3.9p1-skip-used.patch
+++ /dev/null
@@ -1,12 +0,0 @@
---- openssh-3.9p1/channels.c.skip-used 2005-07-08 22:42:35.000000000 +0200
-+++ openssh-3.9p1/channels.c 2005-07-25 21:34:29.000000000 +0200
-@@ -2653,9 +2653,6 @@
- debug2("bind port %d: %.100s", port, strerror(errno));
- close(sock);
-
-- if (ai->ai_next)
-- continue;
--
- for (n = 0; n < num_socks; n++) {
- close(socks[n]);
- }
diff --git a/openssh-4.2p1-pam-no-stack.patch b/openssh-4.2p1-pam-no-stack.patch
deleted file mode 100644
index 7299ac3..0000000
--- a/openssh-4.2p1-pam-no-stack.patch
+++ /dev/null
@@ -1,16 +0,0 @@
---- openssh-4.2p1/contrib/redhat/sshd.pam.stack 2004-07-21 03:01:41.000000000 +0200
-+++ openssh-4.2p1/contrib/redhat/sshd.pam 2005-10-07 14:18:50.000000000 +0200
-@@ -1,6 +1,8 @@
- #%PAM-1.0
--auth required pam_stack.so service=system-auth
--auth required pam_nologin.so
--account required pam_stack.so service=system-auth
--password required pam_stack.so service=system-auth
--session required pam_stack.so service=system-auth
-+auth include system-auth
-+account required pam_nologin.so
-+account include system-auth
-+password include system-auth
-+session optional pam_keyinit.so force revoke
-+session include system-auth
-+session required pam_loginuid.so
diff --git a/openssh-4.3p2-initscript.patch b/openssh-4.3p2-initscript.patch
deleted file mode 100644
index a75106b..0000000
--- a/openssh-4.3p2-initscript.patch
+++ /dev/null
@@ -1,66 +0,0 @@
---- openssh-4.5p1/contrib/redhat/sshd.init.initscript 2006-04-22 13:26:08.000000000 +0200
-+++ openssh-4.5p1/contrib/redhat/sshd.init 2007-07-25 18:26:50.000000000 +0200
-@@ -29,6 +29,8 @@
- DSA_KEY=/etc/ssh/ssh_host_dsa_key
- PID_FILE=/var/run/sshd.pid
-
-+runlevel=$(set -- $(runlevel); eval "echo \$$#" )
-+
- do_rsa1_keygen() {
- if [ ! -s $RSA1_KEY ]; then
- echo -n $"Generating SSH1 RSA host key: "
-@@ -99,12 +101,14 @@
- start()
- {
- # Create keys if necessary
-- do_rsa1_keygen
-- do_rsa_keygen
-- do_dsa_keygen
-+ if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
-+ do_rsa1_keygen
-+ do_rsa_keygen
-+ do_dsa_keygen
-+ fi
-
-- echo -n $"Starting $prog:"
-- initlog -c "$SSHD $OPTIONS" && success || failure
-+ echo -n $"Starting $prog: "
-+ $SSHD $OPTIONS && success || failure
- RETVAL=$?
- [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
- echo
-@@ -112,17 +116,30 @@
-
- stop()
- {
-- echo -n $"Stopping $prog:"
-- killproc $SSHD -TERM
-+ echo -n $"Stopping $prog: "
-+ if [ -n "`pidfileofproc $SSHD`" ] ; then
-+ killproc $SSHD
-+ else
-+ failure $"Stopping $prog"
-+ fi
- RETVAL=$?
-+ # if we are in halt or reboot runlevel kill all running sessions
-+ # so the TCP connections are closed cleanly
-+ if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
-+ killall $prog 2>/dev/null
-+ fi
- [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
- echo
- }
-
- reload()
- {
-- echo -n $"Reloading $prog:"
-- killproc $SSHD -HUP
-+ echo -n $"Reloading $prog: "
-+ if [ -n "`pidfileofproc $SSHD`" ] ; then
-+ killproc $SSHD -HUP
-+ else
-+ failure $"Reloading $prog"
-+ fi
- RETVAL=$?
- echo
- }
diff --git a/openssh-4.5p1-controlcleanup.patch b/openssh-4.5p1-controlcleanup.patch
new file mode 100644
index 0000000..23822c5
--- /dev/null
+++ b/openssh-4.5p1-controlcleanup.patch
@@ -0,0 +1,15 @@
+--- openssh-4.5p1/ssh.c~ 2007-03-24 16:25:18.000000000 +0000
++++ openssh-4.5p1/ssh.c 2007-03-24 16:31:06.000000000 +0000
+@@ -1347,7 +1347,11 @@
+ }
+ if (errno == ENOENT)
+ debug("Control socket \"%.100s\" does not exist", path);
+- else {
++ else if (errno == ECONNREFUSED) {
++ debug("Control socket connect(%.100s): %s", path,
++ strerror(errno));
++ unlink(path);
++ } else {
+ error("Control socket connect(%.100s): %s", path,
+ strerror(errno));
+ }
diff --git a/openssh-4.7p1-master-race.patch b/openssh-4.7p1-master-race.patch
new file mode 100644
index 0000000..8662c43
--- /dev/null
+++ b/openssh-4.7p1-master-race.patch
@@ -0,0 +1,85 @@
+--- openssh-4.7p1/ssh.c.masterrace 2008-03-06 13:55:11.000000000 +0000
++++ openssh-4.7p1/ssh.c 2008-03-06 13:55:19.000000000 +0000
+@@ -1065,7 +1065,7 @@ client_global_request_reply_fwd(int type
+ }
+ }
+
+-static void
++static int
+ ssh_control_listener(void)
+ {
+ struct sockaddr_un addr;
+@@ -1073,10 +1073,11 @@ ssh_control_listener(void)
+ int addr_len;
+
+ if (options.control_path == NULL ||
+- options.control_master == SSHCTL_MASTER_NO)
+- return;
++ options.control_master == SSHCTL_MASTER_NO ||
++ control_fd != -1)
++ return 1;
+
+- debug("setting up multiplex master socket");
++ debug("trying to set up multiplex master socket");
+
+ memset(&addr, '\0', sizeof(addr));
+ addr.sun_family = AF_UNIX;
+@@ -1093,11 +1094,9 @@ ssh_control_listener(void)
+ old_umask = umask(0177);
+ if (bind(control_fd, (struct sockaddr *)&addr, addr_len) == -1) {
+ control_fd = -1;
+- if (errno == EINVAL || errno == EADDRINUSE)
+- fatal("ControlSocket %s already exists",
+- options.control_path);
+- else
++ if (errno != EINVAL && errno != EADDRINUSE)
+ fatal("%s bind(): %s", __func__, strerror(errno));
++ return 0;
+ }
+ umask(old_umask);
+
+@@ -1105,6 +1104,9 @@ ssh_control_listener(void)
+ fatal("%s listen(): %s", __func__, strerror(errno));
+
+ set_nonblock(control_fd);
++
++ debug("control master listening on %s", options.control_path);
++ return 1;
+ }
+
+ /* request pty/x11/agent/tcpfwd/shell for channel */
+@@ -1196,7 +1198,9 @@ ssh_session2(void)
+ ssh_init_forwarding();
+
+ /* Start listening for multiplex clients */
+- ssh_control_listener();
++ if (!ssh_control_listener())
++ fatal("control master socket %s already exists",
++ options.control_path);
+
+ /*
+ * If we are the control master, and if control_persist is set,
+@@ -1375,7 +1379,13 @@ control_client(const char *path)
+ switch (options.control_master) {
+ case SSHCTL_MASTER_AUTO:
+ case SSHCTL_MASTER_AUTO_ASK:
+- debug("auto-mux: Trying existing master");
++ /* see if we can create a control master socket
++ to avoid a race between two auto clients */
++ if (mux_command == SSHMUX_COMMAND_OPEN &&
++ ssh_control_listener())
++ return;
++ debug("trying to connect to control master socket %s",
++ options.control_path);
+ /* FALLTHROUGH */
+ case SSHCTL_MASTER_NO:
+ break;
+@@ -1522,6 +1532,8 @@ control_client(const char *path)
+ signal(SIGTERM, control_client_sighandler);
+ signal(SIGWINCH, control_client_sigrelay);
+
++ debug("connected to control master; waiting for exit");
++
+ if (tty_flag)
+ enter_raw_mode();
+
diff --git a/openssh-4.7p1-mls.patch b/openssh-4.7p1-mls.patch
index 04b83be..48eba4c 100644
--- a/openssh-4.7p1-mls.patch
+++ b/openssh-4.7p1-mls.patch
@@ -42,12 +42,6 @@ diff -up openssh-4.7p1/session.c.mls openssh-4.7p1/session.c
diff -up openssh-4.7p1/openbsd-compat/port-linux.c.mls openssh-4.7p1/openbsd-compat/port-linux.c
--- openssh-4.7p1/openbsd-compat/port-linux.c.mls 2007-09-06 17:39:28.000000000 +0200
+++ openssh-4.7p1/openbsd-compat/port-linux.c 2007-08-07 17:38:18.000000000 +0200
-@@ -1,4 +1,4 @@
--/* $Id: port-linux.c,v 1.4 2007/06/27 22:48:03 djm Exp $ */
-+/* $Id: port-linux.c,v 1.3 2006/09/01 05:38:41 djm Exp $ */
-
- /*
- * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -33,12 +33,23 @@
#include "key.h"
#include "hostfile.h"
diff --git a/openssh-4.7p1-packetdefsize.patch b/openssh-4.7p1-packetdefsize.patch
deleted file mode 100644
index 391cbe6..0000000
--- a/openssh-4.7p1-packetdefsize.patch
+++ /dev/null
@@ -1,25 +0,0 @@
-Index: clientloop.c
-===================================================================
-RCS file: /usr/local/src/security/openssh/cvs/openssh/clientloop.c,v
-retrieving revision 1.170
-diff -u -p -r1.170 clientloop.c
---- clientloop.c 28 Dec 2007 15:45:07 -0000 1.170
-+++ clientloop.c 28 Dec 2007 18:14:10 -0000
-@@ -1745,7 +1745,7 @@ client_request_forwarded_tcpip(const cha
- }
- c = channel_new("forwarded-tcpip",
- SSH_CHANNEL_CONNECTING, sock, sock, -1,
-- CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
-+ CHAN_TCP_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
- originator_address, 1);
- xfree(originator_address);
- xfree(listen_address);
-@@ -1803,7 +1803,7 @@ client_request_agent(const char *request
- return NULL;
- c = channel_new("authentication agent connection",
- SSH_CHANNEL_OPEN, sock, sock, -1,
-- CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_WINDOW_DEFAULT, 0,
-+ CHAN_X11_WINDOW_DEFAULT, CHAN_TCP_PACKET_DEFAULT, 0,
- "authentication agent connection", 1);
- c->force_drain = 1;
- return c;
diff --git a/openssh-4.7p1-pam-session.patch b/openssh-4.7p1-pam-session.patch
deleted file mode 100644
index 8c1c791..0000000
--- a/openssh-4.7p1-pam-session.patch
+++ /dev/null
@@ -1,137 +0,0 @@
-diff -up openssh-4.7p1/session.c.pam-session openssh-4.7p1/session.c
---- openssh-4.7p1/session.c.pam-session 2007-08-16 15:28:04.000000000 +0200
-+++ openssh-4.7p1/session.c 2007-09-06 17:37:46.000000000 +0200
-@@ -422,11 +422,6 @@ do_exec_no_pty(Session *s, const char *c
-
- session_proctitle(s);
-
--#if defined(USE_PAM)
-- if (options.use_pam && !use_privsep)
-- do_pam_setcred(1);
--#endif /* USE_PAM */
--
- /* Fork the child. */
- if ((pid = fork()) == 0) {
- is_child = 1;
-@@ -557,14 +552,6 @@ do_exec_pty(Session *s, const char *comm
- ptyfd = s->ptyfd;
- ttyfd = s->ttyfd;
-
--#if defined(USE_PAM)
-- if (options.use_pam) {
-- do_pam_set_tty(s->tty);
-- if (!use_privsep)
-- do_pam_setcred(1);
-- }
--#endif
--
- /* Fork the child. */
- if ((pid = fork()) == 0) {
- is_child = 1;
-@@ -1300,17 +1287,9 @@ do_setusercontext(struct passwd *pw)
- # ifdef __bsdi__
- setpgid(0, 0);
- # endif
--#ifdef GSSAPI
-- if (options.gss_authentication) {
-- temporarily_use_uid(pw);
-- ssh_gssapi_storecreds();
-- restore_uid();
-- }
--#endif
- # ifdef USE_PAM
- if (options.use_pam) {
-- do_pam_session();
-- do_pam_setcred(use_privsep);
-+ do_pam_setcred(0);
- }
- # endif /* USE_PAM */
- if (setusercontext(lc, pw, pw->pw_uid,
-@@ -1337,13 +1316,6 @@ do_setusercontext(struct passwd *pw)
- exit(1);
- }
- endgrent();
--#ifdef GSSAPI
-- if (options.gss_authentication) {
-- temporarily_use_uid(pw);
-- ssh_gssapi_storecreds();
-- restore_uid();
-- }
--#endif
- # ifdef USE_PAM
- /*
- * PAM credentials may take the form of supplementary groups.
-@@ -1351,8 +1323,7 @@ do_setusercontext(struct passwd *pw)
- * Reestablish them here.
- */
- if (options.use_pam) {
-- do_pam_session();
-- do_pam_setcred(use_privsep);
-+ do_pam_setcred(0);
- }
- # endif /* USE_PAM */
- # if defined(WITH_IRIX_PROJECT) || defined(WITH_IRIX_JOBS) || defined(WITH_IRIX_ARRAY)
-diff -up openssh-4.7p1/sshd.c.pam-session openssh-4.7p1/sshd.c
---- openssh-4.7p1/sshd.c.pam-session 2007-09-06 17:37:46.000000000 +0200
-+++ openssh-4.7p1/sshd.c 2007-09-06 17:37:46.000000000 +0200
-@@ -1831,7 +1831,21 @@ main(int ac, char **av)
- audit_event(SSH_AUTH_SUCCESS);
- #endif
-
-- /*
-+#ifdef GSSAPI
-+ if (options.gss_authentication) {
-+ temporarily_use_uid(authctxt->pw);
-+ ssh_gssapi_storecreds();
-+ restore_uid();
-+ }
-+#endif
-+#ifdef USE_PAM
-+ if (options.use_pam) {
-+ do_pam_setcred(1);
-+ do_pam_session();
-+ }
-+#endif
-+
-+ /*
- * In privilege separation, we fork another child and prepare
- * file descriptor passing.
- */
-diff -up openssh-4.7p1/monitor.c.pam-session openssh-4.7p1/monitor.c
---- openssh-4.7p1/monitor.c.pam-session 2007-09-06 17:37:46.000000000 +0200
-+++ openssh-4.7p1/monitor.c 2007-09-06 17:37:46.000000000 +0200
-@@ -1566,6 +1566,11 @@ mm_answer_term(int sock, Buffer *req)
- /* The child is terminating */
- session_destroy_all(&mm_session_close);
-
-+#ifdef USE_PAM
-+ if (options.use_pam)
-+ sshpam_cleanup();
-+#endif
-+
- while (waitpid(pmonitor->m_pid, &status, 0) == -1)
- if (errno != EINTR)
- exit(1);
-diff -up openssh-4.7p1/auth-pam.c.pam-session openssh-4.7p1/auth-pam.c
---- openssh-4.7p1/auth-pam.c.pam-session 2007-08-10 06:32:34.000000000 +0200
-+++ openssh-4.7p1/auth-pam.c 2007-09-06 17:37:46.000000000 +0200
-@@ -598,15 +598,17 @@ static struct pam_conv store_conv = { ss
- void
- sshpam_cleanup(void)
- {
-- debug("PAM: cleanup");
-- if (sshpam_handle == NULL)
-+ if (sshpam_handle == NULL || (use_privsep && !mm_is_monitor()))
- return;
-+ debug("PAM: cleanup");
- pam_set_item(sshpam_handle, PAM_CONV, (const void *)&null_conv);
- if (sshpam_cred_established) {
-+ debug("PAM: deleting credentials");
- pam_setcred(sshpam_handle, PAM_DELETE_CRED);
- sshpam_cred_established = 0;
- }
- if (sshpam_session_open) {
-+ debug("PAM: closing session");
- pam_close_session(sshpam_handle, PAM_SILENT);
- sshpam_session_open = 0;
- }
diff --git a/openssh-4.7p1-sftp-doclose.patch b/openssh-4.7p1-sftp-doclose.patch
deleted file mode 100644
index 821b241..0000000
--- a/openssh-4.7p1-sftp-doclose.patch
+++ /dev/null
@@ -1,13 +0,0 @@
-Without this do_close() I get "Couldn't get handle: Failure"
-on every operation after N times through this failure path
-where N = 100 on OpenBSD and N = 200 on GNU/Linux.
---- src/usr.bin/ssh/sftp-client.c.orig Sun Sep 16 00:55:52 2007
-+++ src/usr.bin/ssh/sftp-client.c Mon Oct 15 10:12:50 2007
-@@ -813,6 +813,7 @@ do_download(struct sftp_conn *conn, char
- if (local_fd == -1) {
- error("Couldn't open local file \"%s\" for writing: %s",
- local_path, strerror(errno));
-+ do_close(conn, handle, handle_len);
- buffer_free(&msg);
- xfree(handle);
- return(-1);
diff --git a/openssh-4.7p1-sftp-drain-acks.patch b/openssh-4.7p1-sftp-drain-acks.patch
deleted file mode 100644
index 0664aa9..0000000
--- a/openssh-4.7p1-sftp-drain-acks.patch
+++ /dev/null
@@ -1,71 +0,0 @@
-diff -up openssh-4.7p1/sftp-client.c.drain-acks openssh-4.7p1/sftp-client.c
---- openssh-4.7p1/sftp-client.c.drain-acks 2007-02-19 12:13:39.000000000 +0100
-+++ openssh-4.7p1/sftp-client.c 2007-09-06 17:54:41.000000000 +0200
-@@ -992,7 +992,8 @@ int
- do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
- int pflag)
- {
-- int local_fd, status;
-+ int local_fd;
-+ int status = SSH2_FX_OK;
- u_int handle_len, id, type;
- u_int64_t offset;
- char *handle, *data;
-@@ -1074,7 +1075,7 @@ do_upload(struct sftp_conn *conn, char *
- * Simulate an EOF on interrupt, allowing ACKs from the
- * server to drain.
- */
-- if (interrupted)
-+ if (interrupted || status != SSH2_FX_OK)
- len = 0;
- else do
- len = read(local_fd, data, conn->transfer_buflen);
-@@ -1131,18 +1132,6 @@ do_upload(struct sftp_conn *conn, char *
- fatal("Can't find request for ID %u", r_id);
- TAILQ_REMOVE(&acks, ack, tq);
-
-- if (status != SSH2_FX_OK) {
-- error("Couldn't write to remote file \"%s\": %s",
-- remote_path, fx2txt(status));
-- if (showprogress)
-- stop_progress_meter();
-- do_close(conn, handle, handle_len);
-- close(local_fd);
-- xfree(data);
-- xfree(ack);
-- status = -1;
-- goto done;
-- }
- debug3("In write loop, ack for %u %u bytes at %llu",
- ack->id, ack->len, (unsigned long long)ack->offset);
- ++ackid;
-@@ -1154,21 +1143,25 @@ do_upload(struct sftp_conn *conn, char *
- stop_progress_meter();
- xfree(data);
-
-+ if (status != SSH2_FX_OK) {
-+ error("Couldn't write to remote file \"%s\": %s",
-+ remote_path, fx2txt(status));
-+ status = -1;
-+ }
-+
- if (close(local_fd) == -1) {
- error("Couldn't close local file \"%s\": %s", local_path,
- strerror(errno));
-- do_close(conn, handle, handle_len);
- status = -1;
-- goto done;
- }
-
- /* Override umask and utimes if asked */
- if (pflag)
- do_fsetstat(conn, handle, handle_len, &a);
-
-- status = do_close(conn, handle, handle_len);
-+ if (do_close(conn, handle, handle_len) != SSH2_FX_OK)
-+ status = -1;
-
--done:
- xfree(handle);
- buffer_free(&msg);
- return(status);
diff --git a/openssh-4.7p1-sshd-v6only.patch b/openssh-4.7p1-sshd-v6only.patch
deleted file mode 100644
index 1f71cea..0000000
--- a/openssh-4.7p1-sshd-v6only.patch
+++ /dev/null
@@ -1,30 +0,0 @@
---- sshd.c 2007-06-05 01:22:32.000000000 -0700
-+++ sshd.c.new 2007-11-17 00:07:08.000000000 -0800
-@@ -971,12 +971,27 @@
- }
- /*
- * Set socket options.
-+ */
-+
-+ /*
- * Allow local port reuse in TIME_WAIT.
- */
- if (setsockopt(listen_sock, SOL_SOCKET, SO_REUSEADDR,
- &on, sizeof(on)) == -1)
- error("setsockopt SO_REUSEADDR: %s", strerror(errno));
-
-+#ifdef IPV6_V6ONLY
-+ if (ai->ai_family == AF_INET6) {
-+ /*
-+ * Only communicate in IPv6 over AF_INET6 sockets.
-+ */
-+ if (setsockopt(listen_sock, IPPROTO_IPV6, IPV6_V6ONLY,
-+ &on, sizeof(on)) == -1)
-+ error("setsockopt IPV6_V6ONLY: %s",
-+ strerror(errno));
-+ }
-+#endif
-+
- debug("Bind to port %s on %s.", strport, ntop);
-
- /* Bind the socket to the desired port. */
diff --git a/openssh.spec b/openssh.spec
index 644bd84..0051c84 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -62,8 +62,8 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
Name: openssh
-Version: 4.7p1
-Release: 9%{?dist}%{?rescue_rel}
+Version: 5.0p1
+Release: 1%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -72,34 +72,30 @@ URL: http://www.openssh.com/portable.html
# the unpacked source directory.
Source0: openssh-%{version}-noacss.tar.bz2
Source1: openssh-nukeacss.sh
+Source2: sshd.pam
+Source3: sshd.init
Patch0: openssh-4.7p1-redhat.patch
Patch2: openssh-3.8.1p1-skip-initial.patch
Patch3: openssh-3.8.1p1-krb5-config.patch
Patch4: openssh-4.7p1-vendor.patch
-Patch5: openssh-4.3p2-initscript.patch
-Patch10: openssh-4.7p1-pam-session.patch
Patch12: openssh-4.7p1-selinux.patch
Patch13: openssh-4.7p1-mls.patch
Patch16: openssh-4.7p1-audit.patch
Patch17: openssh-4.3p2-cve-2007-3102.patch
Patch22: openssh-3.9p1-askpass-keep-above.patch
Patch24: openssh-4.3p1-fromto-remote.patch
-Patch26: openssh-4.2p1-pam-no-stack.patch
Patch27: openssh-4.7p1-log-in-chroot.patch
Patch30: openssh-4.0p1-exit-deadlock.patch
-Patch31: openssh-3.9p1-skip-used.patch
Patch35: openssh-4.2p1-askpass-progress.patch
Patch38: openssh-4.3p2-askpass-grab-info.patch
Patch39: openssh-4.3p2-no-v6only.patch
Patch44: openssh-4.3p2-allow-ip-opts.patch
Patch49: openssh-4.3p2-gssapi-canohost.patch
Patch51: openssh-4.7p1-nss-keys.patch
-Patch52: openssh-4.7p1-sftp-drain-acks.patch
-Patch53: openssh-4.7p1-packetdefsize.patch
Patch54: openssh-4.7p1-gssapi-role.patch
Patch55: openssh-4.7p1-cloexec.patch
-Patch56: openssh-4.7p1-sshd-v6only.patch
-Patch57: openssh-4.7p1-sftp-doclose.patch
+Patch58: openssh-4.5p1-controlcleanup.patch
+Patch59: openssh-4.7p1-master-race.patch
License: BSD
Group: Applications/Internet
@@ -209,9 +205,6 @@ an X11 passphrase dialog for OpenSSH.
%patch2 -p1 -b .skip-initial
%patch3 -p1 -b .krb5-config
%patch4 -p1 -b .vendor
-%patch5 -p1 -b .initscript
-
-%patch10 -p1 -b .pam-session
%if %{WITH_SELINUX}
#SELinux
@@ -223,22 +216,18 @@ an X11 passphrase dialog for OpenSSH.
%patch22 -p1 -b .keep-above
%patch24 -p1 -b .fromto-remote
-%patch26 -p1 -b .stack
%patch27 -p1 -b .log-chroot
%patch30 -p1 -b .exit-deadlock
-%patch31 -p1 -b .skip-used
%patch35 -p1 -b .progress
%patch38 -p1 -b .grab-info
%patch39 -p1 -b .no-v6only
%patch44 -p1 -b .ip-opts
%patch49 -p1 -b .canohost
%patch51 -p1 -b .nss-keys
-%patch52 -p1 -b .drain-acks
-%patch53 -p0 -b .defsize
%patch54 -p0 -b .gssapi-role
%patch55 -p1 -b .cloexec
-%patch56 -p0 -b .sshd-v6only
-%patch57 -p3 -b .doclose
+%patch58 -p1 -b .controlcleanup
+%patch59 -p1 -b .master-race
autoreconf
@@ -343,8 +332,8 @@ make install DESTDIR=$RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT/etc/pam.d/
install -d $RPM_BUILD_ROOT/etc/rc.d/init.d
install -d $RPM_BUILD_ROOT%{_libexecdir}/openssh
-install -m644 contrib/redhat/sshd.pam $RPM_BUILD_ROOT/etc/pam.d/sshd
-install -m755 contrib/redhat/sshd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
+install -m644 %{SOURCE2} $RPM_BUILD_ROOT/etc/pam.d/sshd
+install -m755 %{SOURCE3} $RPM_BUILD_ROOT/etc/rc.d/init.d/sshd
install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/
install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/
@@ -489,6 +478,16 @@ fi
%endif
%changelog
+* Mon Apr 7 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-1
+- upgrade to new upstream (#441066)
+- prevent initscript from killing itself on halt with upstart (#438449)
+- initscript status should show that the daemon is running
+ only when the main daemon is still alive (#430882)
+
+* Thu Mar 6 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-10
+- fix race on control master and cleanup stale control socket (#436311)
+ patches by David Woodhouse
+
* Fri Feb 29 2008 Tomas Mraz <tmraz@redhat.com> - 4.7p1-9
- set FD_CLOEXEC on client socket
- apply real fix for window size problem (#286181) from upstream
diff --git a/sources b/sources
index 16f424a..dcc3173 100644
--- a/sources
+++ b/sources
@@ -1 +1 @@
-21634329a8f1cd0e7a7974ade7280bdc openssh-4.7p1-noacss.tar.bz2
+e39c15a5fb9036bd64256c78a6fbf394 openssh-5.0p1-noacss.tar.bz2
diff --git a/sshd.init b/sshd.init
new file mode 100755
index 0000000..981e693
--- /dev/null
+++ b/sshd.init
@@ -0,0 +1,182 @@
+#!/bin/bash
+#
+# Init file for OpenSSH server daemon
+#
+# chkconfig: 2345 55 25
+# description: OpenSSH server daemon
+#
+# processname: sshd
+# config: /etc/ssh/ssh_host_key
+# config: /etc/ssh/ssh_host_key.pub
+# config: /etc/ssh/ssh_random_seed
+# config: /etc/ssh/sshd_config
+# pidfile: /var/run/sshd.pid
+
+# source function library
+. /etc/rc.d/init.d/functions
+
+# pull in sysconfig settings
+[ -f /etc/sysconfig/sshd ] && . /etc/sysconfig/sshd
+
+RETVAL=0
+prog="sshd"
+
+# Some functions to make the below more readable
+KEYGEN=/usr/bin/ssh-keygen
+SSHD=/usr/sbin/sshd
+RSA1_KEY=/etc/ssh/ssh_host_key
+RSA_KEY=/etc/ssh/ssh_host_rsa_key
+DSA_KEY=/etc/ssh/ssh_host_dsa_key
+PID_FILE=/var/run/sshd.pid
+
+runlevel=$(set -- $(runlevel); eval "echo \$$#" )
+
+do_rsa1_keygen() {
+ if [ ! -s $RSA1_KEY ]; then
+ echo -n $"Generating SSH1 RSA host key: "
+ if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $RSA1_KEY
+ chmod 644 $RSA1_KEY.pub
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $RSA1_KEY.pub
+ fi
+ success $"RSA1 key generation"
+ echo
+ else
+ failure $"RSA1 key generation"
+ echo
+ exit 1
+ fi
+ fi
+}
+
+do_rsa_keygen() {
+ if [ ! -s $RSA_KEY ]; then
+ echo -n $"Generating SSH2 RSA host key: "
+ if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $RSA_KEY
+ chmod 644 $RSA_KEY.pub
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $RSA_KEY.pub
+ fi
+ success $"RSA key generation"
+ echo
+ else
+ failure $"RSA key generation"
+ echo
+ exit 1
+ fi
+ fi
+}
+
+do_dsa_keygen() {
+ if [ ! -s $DSA_KEY ]; then
+ echo -n $"Generating SSH2 DSA host key: "
+ if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
+ chmod 600 $DSA_KEY
+ chmod 644 $DSA_KEY.pub
+ if [ -x /sbin/restorecon ]; then
+ /sbin/restorecon $DSA_KEY.pub
+ fi
+ success $"DSA key generation"
+ echo
+ else
+ failure $"DSA key generation"
+ echo
+ exit 1
+ fi
+ fi
+}
+
+do_restart_sanity_check()
+{
+ $SSHD -t
+ RETVAL=$?
+ if [ ! "$RETVAL" = 0 ]; then
+ failure $"Configuration file or keys are invalid"
+ echo
+ fi
+}
+
+start()
+{
+ # Create keys if necessary
+ if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
+ do_rsa1_keygen
+ do_rsa_keygen
+ do_dsa_keygen
+ fi
+
+ echo -n $"Starting $prog: "
+ $SSHD $OPTIONS && success || failure
+ RETVAL=$?
+ [ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
+ echo
+}
+
+stop()
+{
+ echo -n $"Stopping $prog: "
+ if [ -n "`pidfileofproc $SSHD`" ] ; then
+ killproc $SSHD
+ else
+ failure $"Stopping $prog"
+ fi
+ RETVAL=$?
+ # if we are in halt or reboot runlevel kill all running sessions
+ # so the TCP connections are closed cleanly
+ if [ "x$runlevel" = x0 -o "x$runlevel" = x6 ] ; then
+ trap '' TERM
+ killall $prog 2>/dev/null
+ trap TERM
+ fi
+ [ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/sshd
+ echo
+}
+
+reload()
+{
+ echo -n $"Reloading $prog: "
+ if [ -n "`pidfileofproc $SSHD`" ] ; then
+ killproc $SSHD -HUP
+ else
+ failure $"Reloading $prog"
+ fi
+ RETVAL=$?
+ echo
+}
+
+case "$1" in
+ start)
+ start
+ ;;
+ stop)
+ stop
+ ;;
+ restart)
+ stop
+ start
+ ;;
+ reload)
+ reload
+ ;;
+ condrestart)
+ if [ -f /var/lock/subsys/sshd ] ; then
+ do_restart_sanity_check
+ if [ "$RETVAL" = 0 ] ; then
+ stop
+ # avoid race
+ sleep 3
+ start
+ fi
+ fi
+ ;;
+ status)
+ status -p $PID_FILE openssh-daemon
+ RETVAL=$?
+ ;;
+ *)
+ echo $"Usage: $0 {start|stop|restart|reload|condrestart|status}"
+ RETVAL=1
+esac
+exit $RETVAL
diff --git a/sshd.pam b/sshd.pam
new file mode 100644
index 0000000..e40d116
--- /dev/null
+++ b/sshd.pam
@@ -0,0 +1,8 @@
+#%PAM-1.0
+auth include system-auth
+account required pam_nologin.so
+account include system-auth
+password include system-auth
+session optional pam_keyinit.so force revoke
+session include system-auth
+session required pam_loginuid.so