8.3p1-1 + 0.10.3-10

This commit is contained in:
Jakub Jelen 2020-05-27 09:57:29 +02:00
parent efd1b7e5c8
commit 5cd9552fc4
9 changed files with 27 additions and 18 deletions

2
.gitignore vendored
View File

@ -40,3 +40,5 @@ pam_ssh_agent_auth-0.9.2.tar.bz2
/openssh-8.1p1.tar.gz.asc
/openssh-8.2p1.tar.gz
/openssh-8.2p1.tar.gz.asc
/openssh-8.3p1.tar.gz
/openssh-8.3p1.tar.gz.asc

View File

@ -883,8 +883,8 @@ diff -up openssh/cipher.c.audit openssh/cipher.c
- if (cc == NULL)
+ if (cc == NULL || cc->cipher == NULL)
return;
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0)
explicit_bzero(&cc->cp_ctx, sizeof(cc->cp_ctx));
if ((cc->cipher->flags & CFLAG_CHACHAPOLY) != 0) {
chachapoly_free(cc->cp_ctx);
diff -up openssh/cipher.h.audit openssh/cipher.h
--- openssh/cipher.h.audit 2019-03-27 23:26:14.000000000 +0100
+++ openssh/cipher.h 2019-04-03 17:02:20.714886050 +0200

View File

@ -453,5 +453,5 @@ diff -up openssh-8.0p1/ssh-keygen.c.fips openssh-8.0p1/ssh-keygen.c
fflush(stdout);
- type = sshkey_type_from_name(key_types[i].key_type);
if ((fd = mkstemp(prv_tmp)) == -1) {
error("Could not save your public key in %s: %s",
error("Could not save your private key in %s: %s",
prv_tmp, strerror(errno));

View File

@ -480,7 +480,7 @@ index 6cae720e..16e55cbc 100644
+ return 0;
}
/* This allows GSSAPI methods to do things to the childs environment based
/* This allows GSSAPI methods to do things to the child's environment based
@@ -498,9 +500,7 @@ ssh_gssapi_rekey_creds() {
char *envstr;
#endif
@ -574,7 +574,7 @@ index 85df6a27..480a5ead 100644
+++ b/session.c
@@ -1033,7 +1033,8 @@ do_setup_env(struct ssh *ssh, Session *s, const char *shell)
/* Allow any GSSAPI methods that we've used to alter
* the childs environment as they see fit
* the child's environment as they see fit
*/
- ssh_gssapi_do_child(&env, &envsize);
+ if (s->authctxt->krb5_set_env)

View File

@ -964,7 +964,7 @@ index ab3a15f0..6ce56e92 100644
--- a/gss-serv.c
+++ b/gss-serv.c
@@ -1,7 +1,7 @@
/* $OpenBSD: gss-serv.c,v 1.31 2018/07/09 21:37:55 markus Exp $ */
/* $OpenBSD: gss-serv.c,v 1.32 2020/03/13 03:17:07 djm Exp $ */
/*
- * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved.

View File

@ -48,7 +48,7 @@ index e7549470..4511f82a 100644
msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \
- ssh-pkcs11.o smult_curve25519_ref.o \
+ ssh-pkcs11.o ssh-pkcs11-uri.o smult_curve25519_ref.o \
poly1305.o chacha.o cipher-chachapoly.o \
poly1305.o chacha.o cipher-chachapoly.o cipher-chachapoly-libcrypto.o \
ssh-ed25519.o digest-openssl.o digest-libc.o \
hmac.o sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o \
@@ -289,6 +289,8 @@ clean: regressclean
@ -2502,7 +2502,7 @@ index a302c79c..879fe917 100644
int ret = -1;
struct pkcs11_provider *p = NULL;
void *handle = NULL;
@@ -1484,165 +1670,301 @@ pkcs11_register_provider(char *provider_id, char *pin,
@@ -1484,167 +1670,303 @@ pkcs11_register_provider(char *provider_id, char *pin,
CK_FUNCTION_LIST *f = NULL;
CK_TOKEN_INFO *token;
CK_ULONG i;
@ -2830,6 +2830,8 @@ index a302c79c..879fe917 100644
}
- if (handle)
- dlclose(handle);
if (ret > 0)
ret = -1;
return (ret);
}
@ -3109,9 +3111,9 @@ index 15aee569..976844cb 100644
+ }
+#endif /* ENABLE_PKCS11 */
+ cp = tilde_expand_filename(name, getuid());
filename = percent_expand(cp, "d", pw->pw_dir,
"u", pw->pw_name, "l", thishost, "h", host,
"r", options.user, (char *)NULL);
filename = default_client_percent_expand(cp,
pw->pw_dir, host, options.user, pw->pw_name);
free(cp);
diff --git a/ssh_config.5 b/ssh_config.5
index 06a32d31..4b2763bd 100644
--- a/ssh_config.5

View File

@ -26,7 +26,7 @@ index dca158de..afdcb1d2 100644
-int
+int __attribute__((visibility("default")))
sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,
sk_sign(uint32_t alg, const uint8_t *data, size_t datalen,
const char *application, const uint8_t *key_handle, size_t key_handle_len,
uint8_t flags, const char *pin, struct sk_option **options,
@@ -518,7 +518,7 @@ sk_sign(uint32_t alg, const uint8_t *message, size_t message_len,

View File

@ -65,10 +65,10 @@
%endif
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%global openssh_ver 8.2p1
%global openssh_rel 3
%global openssh_ver 8.3p1
%global openssh_rel 1
%global pam_ssh_agent_ver 0.10.3
%global pam_ssh_agent_rel 9
%global pam_ssh_agent_rel 10
Summary: An open source implementation of SSH protocol version 2
Name: openssh
@ -716,6 +716,11 @@ getent passwd sshd >/dev/null || \
%endif
%changelog
* Wed May 27 2020 Jakub Jelen <jjelen@redhat.com> - 8.3p1-1 + 0.10.3-10
- New upstream release (#1840503)
- Unbreak corner cases of sshd_config include
- Fix order of gssapi key exchange algorithms
* Wed Apr 08 2020 Jakub Jelen <jjelen@redhat.com> - 8.2p1-3 + 0.10.3-9
- Simplify reference to crypto policies in configuration files
- Unbreak gssapi authentication with GSSAPITrustDNS over jump hosts

View File

@ -1,4 +1,4 @@
SHA512 (openssh-8.2p1.tar.gz) = c4db64e52a3a4c410de9de49f9cb104dd493b10250af3599b92457dd986277b3fd99a6f51cec94892fd1be5bd0369c5757262ea7805f0de464b245c3d34c120a
SHA512 (openssh-8.2p1.tar.gz.asc) = e6d091289d62d3a01d5978e3c26f72d8ea6979c345fbebc215515185ea567c959f5b17e32052d752829ab4c6bc537fd977f7aa02cf0a23280da63fd9d880f303
SHA512 (openssh-8.3p1.tar.gz) = b5232f7c85bf59ae2ff9d17b030117012e257e3b8c0d5ac60bb139a85b1fbf298b40f2e04203a2e13ca7273053ed668b9dedd54d3a67a7cb8e8e58c0228c5f40
SHA512 (openssh-8.3p1.tar.gz.asc) = 569fa12b3671af15bd7cd54fc7b13d1d64f3e96eb28f6dc430082f7bec4595689c633d3d56c23faad45b73e4da666c3ec090de26bf54f49410ba9bb8b5363e75
SHA512 (DJM-GPG-KEY.gpg) = db1191ed9b6495999e05eed2ef863fb5179bdb63e94850f192dad68eed8579836f88fbcfffd9f28524fe1457aff8cd248ee3e0afc112c8f609b99a34b80ecc0d
SHA512 (pam_ssh_agent_auth-0.10.3.tar.bz2) = d75062c4e46b0b011f46aed9704a99049995fea8b5115ff7ee26dad7e93cbcf54a8af7efc6b521109d77dc03c6f5284574d2e1b84c6829cec25610f24fb4bd66