- rediff for zero fuzz tolerance
This commit is contained in:
Tomáš Mráz
parent
93a4744539
commit
09510adc7c
@ -2,10 +2,11 @@ Skip the initial empty-password check if permit_empty_passwd is disabled. This
|
||||
doesn't change the timing profiles of the host because the additional condition
|
||||
check which can short-circuit the call to pam_authenticate() has no dependency
|
||||
on the identity of the user who is being authenticated.
|
||||
--- openssh-3.8p1/auth1.c 2004-02-26 21:05:25.000000000 -0500
|
||||
+++ openssh-3.8p1/auth1.c 2004-02-26 21:05:20.000000000 -0500
|
||||
@@ -76,7 +76,7 @@
|
||||
authctxt->valid ? "" : "illegal user ", authctxt->user);
|
||||
diff -up openssh-5.1p1/auth1.c.skip-initial openssh-5.1p1/auth1.c
|
||||
--- openssh-5.1p1/auth1.c.skip-initial 2008-07-09 12:54:05.000000000 +0200
|
||||
+++ openssh-5.1p1/auth1.c 2008-07-23 18:26:01.000000000 +0200
|
||||
@@ -244,7 +244,7 @@ do_authloop(Authctxt *authctxt)
|
||||
authctxt->valid ? "" : "invalid user ", authctxt->user);
|
||||
|
||||
/* If the user has no password, accept authentication immediately. */
|
||||
- if (options.password_authentication &&
|
||||
@ -13,11 +14,12 @@ on the identity of the user who is being authenticated.
|
||||
#ifdef KRB5
|
||||
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
|
||||
#endif
|
||||
--- openssh-3.8p1/auth2-none.c 2004-02-26 21:07:34.000000000 -0500
|
||||
+++ openssh-3.8p1/auth2-none.c 2004-02-26 21:07:28.000000000 -0500
|
||||
@@ -100,7 +100,7 @@
|
||||
diff -up openssh-5.1p1/auth2-none.c.skip-initial openssh-5.1p1/auth2-none.c
|
||||
--- openssh-5.1p1/auth2-none.c.skip-initial 2008-07-02 14:56:09.000000000 +0200
|
||||
+++ openssh-5.1p1/auth2-none.c 2008-07-23 18:26:01.000000000 +0200
|
||||
@@ -65,7 +65,7 @@ userauth_none(Authctxt *authctxt)
|
||||
if (check_nt_auth(1, authctxt->pw) == 0)
|
||||
return(0);
|
||||
return (0);
|
||||
#endif
|
||||
- if (options.password_authentication)
|
||||
+ if (options.permit_empty_passwd && options.password_authentication)
|
||||
@ -75,13 +75,14 @@ Source1: openssh-nukeacss.sh
|
||||
Source2: sshd.pam
|
||||
Source3: sshd.init
|
||||
Patch0: openssh-5.1p1-redhat.patch
|
||||
Patch2: openssh-3.8.1p1-skip-initial.patch
|
||||
Patch2: openssh-5.1p1-skip-initial.patch
|
||||
Patch3: openssh-3.8.1p1-krb5-config.patch
|
||||
Patch4: openssh-5.1p1-vendor.patch
|
||||
Patch12: openssh-5.1p1-selinux.patch
|
||||
Patch13: openssh-4.7p1-mls.patch
|
||||
Patch16: openssh-4.7p1-audit.patch
|
||||
Patch17: openssh-4.3p2-cve-2007-3102.patch
|
||||
Patch18: openssh-5.0p1-pam_selinux.patch
|
||||
Patch22: openssh-3.9p1-askpass-keep-above.patch
|
||||
Patch24: openssh-4.3p1-fromto-remote.patch
|
||||
Patch27: openssh-5.1p1-log-in-chroot.patch
|
||||
@ -94,7 +95,6 @@ Patch49: openssh-4.3p2-gssapi-canohost.patch
|
||||
Patch51: openssh-4.7p1-nss-keys.patch
|
||||
Patch54: openssh-4.7p1-gssapi-role.patch
|
||||
Patch55: openssh-5.1p1-cloexec.patch
|
||||
Patch60: openssh-5.0p1-pam_selinux.patch
|
||||
Patch62: openssh-3.9p1-scp-manpage.patch
|
||||
|
||||
License: BSD
|
||||
@ -199,7 +199,6 @@ into and executing commands on a remote machine. This package contains
|
||||
an X11 passphrase dialog for OpenSSH.
|
||||
|
||||
%prep
|
||||
|
||||
%setup -q
|
||||
%patch0 -p1 -b .redhat
|
||||
%patch2 -p1 -b .skip-initial
|
||||
@ -212,6 +211,7 @@ an X11 passphrase dialog for OpenSSH.
|
||||
%patch13 -p1 -b .mls
|
||||
%patch16 -p1 -b .audit
|
||||
%patch17 -p1 -b .inject-fix
|
||||
%patch18 -p1 -b .pam_selinux
|
||||
%endif
|
||||
|
||||
%patch22 -p1 -b .keep-above
|
||||
@ -226,7 +226,6 @@ an X11 passphrase dialog for OpenSSH.
|
||||
%patch51 -p1 -b .nss-keys
|
||||
%patch54 -p0 -b .gssapi-role
|
||||
%patch55 -p1 -b .cloexec
|
||||
%patch60 -p1 -b .pam_selinux
|
||||
%patch62 -p0 -b .manpage
|
||||
|
||||
autoreconf
|
||||
|
||||
Loading…
Reference in New Issue
Block a user