From 186bf3858e983334d798efbb09933e3060916515 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Fri, 17 Jun 2016 13:31:03 +0200 Subject: [PATCH] UseLogin yes is not supported in Fedora --- ... openssh-7.2p2-UsePAM-UseLogin-warning.patch | 17 ++++++++++++++--- openssh.spec | 2 +- 2 files changed, 15 insertions(+), 4 deletions(-) rename openssh-6.6p1-log-usepam-no.patch => openssh-7.2p2-UsePAM-UseLogin-warning.patch (63%) diff --git a/openssh-6.6p1-log-usepam-no.patch b/openssh-7.2p2-UsePAM-UseLogin-warning.patch similarity index 63% rename from openssh-6.6p1-log-usepam-no.patch rename to openssh-7.2p2-UsePAM-UseLogin-warning.patch index bd3048c..bf1999b 100644 --- a/openssh-6.6p1-log-usepam-no.patch +++ b/openssh-7.2p2-UsePAM-UseLogin-warning.patch @@ -1,11 +1,14 @@ diff --git a/sshd.c b/sshd.c -index a7b8b6a..24ab272 100644 --- a/sshd.c +++ b/sshd.c -@@ -1620,6 +1620,10 @@ main(int ac, char **av) +@@ -1701,6 +1701,14 @@ main(int ac, char **av) parse_server_config(&options, rexeced_flag ? "rexec" : config_file_name, &cfg, NULL); ++ /* 'UseLogin yes' is not supported in Fedora */ ++ if (options.use_login) ++ logit("WARNING: 'UseLogin yes' is not supported in Fedora and may cause several problems."); ++ + /* 'UsePAM no' is not supported in Fedora */ + if (! options.use_pam) + logit("WARNING: 'UsePAM no' is not supported in Fedora and may cause several problems."); @@ -14,7 +17,6 @@ index a7b8b6a..24ab272 100644 /* Fill in default values for those options not explicitly set. */ diff --git a/sshd_config b/sshd_config -index 36cb27a..c1b7c03 100644 --- a/sshd_config +++ b/sshd_config @@ -101,6 +101,8 @@ GSSAPICleanupCredentials no @@ -26,3 +28,12 @@ index 36cb27a..c1b7c03 100644 UsePAM yes #AllowAgentForwarding yes +@@ -113,6 +115,8 @@ X11Forwarding yes + #PrintMotd yes + #PrintLastLog yes + #TCPKeepAlive yes ++# WARNING: 'UseLogin yes' is not supported in Fedora and may cause several ++# problems. + #UseLogin no + #UsePrivilegeSeparation sandbox + #PermitUserEnvironment no diff --git a/openssh.spec b/openssh.spec index 58de984..aa6db67 100644 --- a/openssh.spec +++ b/openssh.spec @@ -159,7 +159,7 @@ Patch708: openssh-6.6p1-entropy.patch #https://bugzilla.mindrot.org/show_bug.cgi?id=1640 (WONTFIX) Patch709: openssh-6.2p1-vendor.patch # warn users for unsupported UsePAM=no (#757545) -Patch711: openssh-6.6p1-log-usepam-no.patch +Patch711: openssh-7.2p2-UsePAM-UseLogin-warning.patch # make aes-ctr ciphers use EVP engines such as AES-NI from OpenSSL Patch712: openssh-6.3p1-ctr-evp-fast.patch # add cavs test binary for the aes-ctr