- do not copy /etc/localtime into the chroot as it is not necessary anymore
(#193184) - call setkeycreatecon when selinux context is established - test for NULL privk when freeing key (#391871) - patch by Pierre Ossman
This commit is contained in:
parent
5d613bead0
commit
8b8c4dc83c
@ -9,7 +9,7 @@
|
|||||||
do_rsa1_keygen() {
|
do_rsa1_keygen() {
|
||||||
if [ ! -s $RSA1_KEY ]; then
|
if [ ! -s $RSA1_KEY ]; then
|
||||||
echo -n $"Generating SSH1 RSA host key: "
|
echo -n $"Generating SSH1 RSA host key: "
|
||||||
@@ -99,12 +101,16 @@
|
@@ -99,12 +101,14 @@
|
||||||
start()
|
start()
|
||||||
{
|
{
|
||||||
# Create keys if necessary
|
# Create keys if necessary
|
||||||
@ -21,8 +21,6 @@
|
|||||||
+ do_rsa_keygen
|
+ do_rsa_keygen
|
||||||
+ do_dsa_keygen
|
+ do_dsa_keygen
|
||||||
+ fi
|
+ fi
|
||||||
+
|
|
||||||
+ cp -af /etc/localtime /var/empty/sshd/etc
|
|
||||||
|
|
||||||
- echo -n $"Starting $prog:"
|
- echo -n $"Starting $prog:"
|
||||||
- initlog -c "$SSHD $OPTIONS" && success || failure
|
- initlog -c "$SSHD $OPTIONS" && success || failure
|
||||||
@ -31,7 +29,7 @@
|
|||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
|
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
|
||||||
echo
|
echo
|
||||||
@@ -112,17 +118,30 @@
|
@@ -112,17 +116,30 @@
|
||||||
|
|
||||||
stop()
|
stop()
|
||||||
{
|
{
|
||||||
|
@ -359,7 +359,7 @@ diff -up openssh-4.7p1/openbsd-compat/port-linux.c.mls openssh-4.7p1/openbsd-com
|
|||||||
security_context_t user_ctx = NULL;
|
security_context_t user_ctx = NULL;
|
||||||
|
|
||||||
if (!ssh_selinux_enabled())
|
if (!ssh_selinux_enabled())
|
||||||
@@ -126,22 +324,39 @@ ssh_selinux_setup_exec_context(char *pwn
|
@@ -126,22 +324,45 @@ ssh_selinux_setup_exec_context(char *pwn
|
||||||
|
|
||||||
debug3("%s: setting execution context", __func__);
|
debug3("%s: setting execution context", __func__);
|
||||||
|
|
||||||
@ -371,7 +371,13 @@ diff -up openssh-4.7p1/openbsd-compat/port-linux.c.mls openssh-4.7p1/openbsd-com
|
|||||||
+ if (r < 0) {
|
+ if (r < 0) {
|
||||||
+ error("%s: Failed to set SELinux execution context %s for %s",
|
+ error("%s: Failed to set SELinux execution context %s for %s",
|
||||||
+ __func__, user_ctx, pwname);
|
+ __func__, user_ctx, pwname);
|
||||||
|
+ }
|
||||||
|
+#ifdef HAVE_SETKEYCREATECON
|
||||||
|
+ else if (setkeycreatecon(user_ctx) < 0) {
|
||||||
|
+ error("%s: Failed to set SELinux keyring creation context %s for %s",
|
||||||
|
+ __func__, user_ctx, pwname);
|
||||||
+ }
|
+ }
|
||||||
|
+#endif
|
||||||
+ }
|
+ }
|
||||||
+ if (user_ctx == NULL) {
|
+ if (user_ctx == NULL) {
|
||||||
+ user_ctx = default_ctx;
|
+ user_ctx = default_ctx;
|
||||||
@ -406,7 +412,7 @@ diff -up openssh-4.7p1/openbsd-compat/port-linux.c.mls openssh-4.7p1/openbsd-com
|
|||||||
|
|
||||||
debug3("%s: done", __func__);
|
debug3("%s: done", __func__);
|
||||||
}
|
}
|
||||||
@@ -159,7 +374,10 @@ ssh_selinux_setup_pty(char *pwname, cons
|
@@ -159,7 +380,10 @@ ssh_selinux_setup_pty(char *pwname, cons
|
||||||
|
|
||||||
debug3("%s: setting TTY context on %s", __func__, tty);
|
debug3("%s: setting TTY context on %s", __func__, tty);
|
||||||
|
|
||||||
@ -418,6 +424,17 @@ diff -up openssh-4.7p1/openbsd-compat/port-linux.c.mls openssh-4.7p1/openbsd-com
|
|||||||
|
|
||||||
/* XXX: should these calls fatal() upon failure in enforcing mode? */
|
/* XXX: should these calls fatal() upon failure in enforcing mode? */
|
||||||
|
|
||||||
|
diff -up openssh-4.7p1/configure.ac.mls openssh-4.7p1/configure.ac
|
||||||
|
--- openssh-4.7p1/configure.ac.mls 2007-10-17 19:05:10.000000000 +0200
|
||||||
|
+++ openssh-4.7p1/configure.ac 2007-10-17 19:05:38.000000000 +0200
|
||||||
|
@@ -3213,6 +3213,7 @@ AC_ARG_WITH(selinux,
|
||||||
|
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
|
||||||
|
LIBS="$LIBS $LIBSELINUX"
|
||||||
|
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
|
||||||
|
+ AC_CHECK_FUNCS(setkeycreatecon)
|
||||||
|
LIBS="$save_LIBS"
|
||||||
|
fi ]
|
||||||
|
)
|
||||||
diff -up openssh-4.7p1/sshd.c.mls openssh-4.7p1/sshd.c
|
diff -up openssh-4.7p1/sshd.c.mls openssh-4.7p1/sshd.c
|
||||||
--- openssh-4.7p1/sshd.c.mls 2007-09-06 17:39:28.000000000 +0200
|
--- openssh-4.7p1/sshd.c.mls 2007-09-06 17:39:28.000000000 +0200
|
||||||
+++ openssh-4.7p1/sshd.c 2007-09-06 17:39:28.000000000 +0200
|
+++ openssh-4.7p1/sshd.c 2007-09-06 17:39:28.000000000 +0200
|
||||||
|
@ -1,6 +1,6 @@
|
|||||||
diff -up openssh-4.7p1/key.c.nss-keys openssh-4.7p1/key.c
|
diff -up openssh-4.7p1/key.c.nss-keys openssh-4.7p1/key.c
|
||||||
--- openssh-4.7p1/key.c.nss-keys 2007-08-08 06:28:26.000000000 +0200
|
--- openssh-4.7p1/key.c.nss-keys 2007-08-08 06:28:26.000000000 +0200
|
||||||
+++ openssh-4.7p1/key.c 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/key.c 2007-11-20 14:40:17.000000000 +0100
|
||||||
@@ -93,6 +93,54 @@ key_new(int type)
|
@@ -93,6 +93,54 @@ key_new(int type)
|
||||||
return k;
|
return k;
|
||||||
}
|
}
|
||||||
@ -62,7 +62,7 @@ diff -up openssh-4.7p1/key.c.nss-keys openssh-4.7p1/key.c
|
|||||||
}
|
}
|
||||||
+#ifdef HAVE_LIBNSS
|
+#ifdef HAVE_LIBNSS
|
||||||
+ if (k->flags & KEY_FLAG_NSS) {
|
+ if (k->flags & KEY_FLAG_NSS) {
|
||||||
+ if (k->nss->privk->wincx != NULL) {
|
+ if (k->nss->privk != NULL && k->nss->privk->wincx != NULL) {
|
||||||
+ memset(k->nss->privk->wincx, 0,
|
+ memset(k->nss->privk->wincx, 0,
|
||||||
+ strlen(k->nss->privk->wincx));
|
+ strlen(k->nss->privk->wincx));
|
||||||
+ xfree(k->nss->privk->wincx);
|
+ xfree(k->nss->privk->wincx);
|
||||||
@ -78,7 +78,7 @@ diff -up openssh-4.7p1/key.c.nss-keys openssh-4.7p1/key.c
|
|||||||
|
|
||||||
diff -up openssh-4.7p1/ssh-dss.c.nss-keys openssh-4.7p1/ssh-dss.c
|
diff -up openssh-4.7p1/ssh-dss.c.nss-keys openssh-4.7p1/ssh-dss.c
|
||||||
--- openssh-4.7p1/ssh-dss.c.nss-keys 2006-11-07 13:14:42.000000000 +0100
|
--- openssh-4.7p1/ssh-dss.c.nss-keys 2006-11-07 13:14:42.000000000 +0100
|
||||||
+++ openssh-4.7p1/ssh-dss.c 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/ssh-dss.c 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -39,6 +39,10 @@
|
@@ -39,6 +39,10 @@
|
||||||
#include "log.h"
|
#include "log.h"
|
||||||
#include "key.h"
|
#include "key.h"
|
||||||
@ -138,7 +138,7 @@ diff -up openssh-4.7p1/ssh-dss.c.nss-keys openssh-4.7p1/ssh-dss.c
|
|||||||
*lenp = SIGBLOB_LEN;
|
*lenp = SIGBLOB_LEN;
|
||||||
diff -up openssh-4.7p1/ssh-agent.c.nss-keys openssh-4.7p1/ssh-agent.c
|
diff -up openssh-4.7p1/ssh-agent.c.nss-keys openssh-4.7p1/ssh-agent.c
|
||||||
--- openssh-4.7p1/ssh-agent.c.nss-keys 2007-03-21 10:45:07.000000000 +0100
|
--- openssh-4.7p1/ssh-agent.c.nss-keys 2007-03-21 10:45:07.000000000 +0100
|
||||||
+++ openssh-4.7p1/ssh-agent.c 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/ssh-agent.c 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -79,6 +79,10 @@
|
@@ -79,6 +79,10 @@
|
||||||
#include "scard.h"
|
#include "scard.h"
|
||||||
#endif
|
#endif
|
||||||
@ -283,7 +283,7 @@ diff -up openssh-4.7p1/ssh-agent.c.nss-keys openssh-4.7p1/ssh-agent.c
|
|||||||
error("Unknown message %d", type);
|
error("Unknown message %d", type);
|
||||||
diff -up openssh-4.7p1/authfd.h.nss-keys openssh-4.7p1/authfd.h
|
diff -up openssh-4.7p1/authfd.h.nss-keys openssh-4.7p1/authfd.h
|
||||||
--- openssh-4.7p1/authfd.h.nss-keys 2006-08-05 04:39:39.000000000 +0200
|
--- openssh-4.7p1/authfd.h.nss-keys 2006-08-05 04:39:39.000000000 +0200
|
||||||
+++ openssh-4.7p1/authfd.h 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/authfd.h 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -49,6 +49,12 @@
|
@@ -49,6 +49,12 @@
|
||||||
#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
|
#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
|
||||||
#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
|
#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
|
||||||
@ -307,9 +307,9 @@ diff -up openssh-4.7p1/authfd.h.nss-keys openssh-4.7p1/authfd.h
|
|||||||
int
|
int
|
||||||
ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
|
ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
|
||||||
diff -up openssh-4.7p1/configure.ac.nss-keys openssh-4.7p1/configure.ac
|
diff -up openssh-4.7p1/configure.ac.nss-keys openssh-4.7p1/configure.ac
|
||||||
--- openssh-4.7p1/configure.ac.nss-keys 2007-09-06 17:43:59.000000000 +0200
|
--- openssh-4.7p1/configure.ac.nss-keys 2007-11-20 14:26:43.000000000 +0100
|
||||||
+++ openssh-4.7p1/configure.ac 2007-09-06 17:51:48.000000000 +0200
|
+++ openssh-4.7p1/configure.ac 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -3228,6 +3228,20 @@ AC_ARG_WITH(linux-audit,
|
@@ -3230,6 +3230,20 @@ AC_ARG_WITH(linux-audit,
|
||||||
fi ]
|
fi ]
|
||||||
)
|
)
|
||||||
|
|
||||||
@ -330,7 +330,7 @@ diff -up openssh-4.7p1/configure.ac.nss-keys openssh-4.7p1/configure.ac
|
|||||||
# Check whether user wants Kerberos 5 support
|
# Check whether user wants Kerberos 5 support
|
||||||
KRB5_MSG="no"
|
KRB5_MSG="no"
|
||||||
AC_ARG_WITH(kerberos5,
|
AC_ARG_WITH(kerberos5,
|
||||||
@@ -4050,6 +4064,7 @@ echo " OSF SIA support
|
@@ -4052,6 +4066,7 @@ echo " OSF SIA support
|
||||||
echo " KerberosV support: $KRB5_MSG"
|
echo " KerberosV support: $KRB5_MSG"
|
||||||
echo " SELinux support: $SELINUX_MSG"
|
echo " SELinux support: $SELINUX_MSG"
|
||||||
echo " Linux audit support: $LINUX_AUDIT_MSG"
|
echo " Linux audit support: $LINUX_AUDIT_MSG"
|
||||||
@ -339,8 +339,8 @@ diff -up openssh-4.7p1/configure.ac.nss-keys openssh-4.7p1/configure.ac
|
|||||||
echo " S/KEY support: $SKEY_MSG"
|
echo " S/KEY support: $SKEY_MSG"
|
||||||
echo " TCP Wrappers support: $TCPW_MSG"
|
echo " TCP Wrappers support: $TCPW_MSG"
|
||||||
diff -up /dev/null openssh-4.7p1/README.nss
|
diff -up /dev/null openssh-4.7p1/README.nss
|
||||||
--- /dev/null 2007-09-04 17:17:14.474470098 +0200
|
--- /dev/null 2007-11-05 08:22:09.502001637 +0100
|
||||||
+++ openssh-4.7p1/README.nss 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/README.nss 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -0,0 +1,36 @@
|
@@ -0,0 +1,36 @@
|
||||||
+How to use NSS tokens with OpenSSH?
|
+How to use NSS tokens with OpenSSH?
|
||||||
+
|
+
|
||||||
@ -380,7 +380,7 @@ diff -up /dev/null openssh-4.7p1/README.nss
|
|||||||
+ $ ssh-keygen -n -D 'My PKCS11 Token' 'My Key ID'
|
+ $ ssh-keygen -n -D 'My PKCS11 Token' 'My Key ID'
|
||||||
diff -up openssh-4.7p1/authfd.c.nss-keys openssh-4.7p1/authfd.c
|
diff -up openssh-4.7p1/authfd.c.nss-keys openssh-4.7p1/authfd.c
|
||||||
--- openssh-4.7p1/authfd.c.nss-keys 2006-09-01 07:38:36.000000000 +0200
|
--- openssh-4.7p1/authfd.c.nss-keys 2006-09-01 07:38:36.000000000 +0200
|
||||||
+++ openssh-4.7p1/authfd.c 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/authfd.c 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -626,6 +626,45 @@ ssh_update_card(AuthenticationConnection
|
@@ -626,6 +626,45 @@ ssh_update_card(AuthenticationConnection
|
||||||
return decode_reply(type);
|
return decode_reply(type);
|
||||||
}
|
}
|
||||||
@ -429,7 +429,7 @@ diff -up openssh-4.7p1/authfd.c.nss-keys openssh-4.7p1/authfd.c
|
|||||||
* by normal applications.
|
* by normal applications.
|
||||||
diff -up openssh-4.7p1/readconf.h.nss-keys openssh-4.7p1/readconf.h
|
diff -up openssh-4.7p1/readconf.h.nss-keys openssh-4.7p1/readconf.h
|
||||||
--- openssh-4.7p1/readconf.h.nss-keys 2006-08-05 04:39:40.000000000 +0200
|
--- openssh-4.7p1/readconf.h.nss-keys 2006-08-05 04:39:40.000000000 +0200
|
||||||
+++ openssh-4.7p1/readconf.h 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/readconf.h 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -84,6 +84,8 @@ typedef struct {
|
@@ -84,6 +84,8 @@ typedef struct {
|
||||||
char *preferred_authentications;
|
char *preferred_authentications;
|
||||||
char *bind_address; /* local socket address for connection to sshd */
|
char *bind_address; /* local socket address for connection to sshd */
|
||||||
@ -440,8 +440,8 @@ diff -up openssh-4.7p1/readconf.h.nss-keys openssh-4.7p1/readconf.h
|
|||||||
|
|
||||||
int num_identity_files; /* Number of files for RSA/DSA identities. */
|
int num_identity_files; /* Number of files for RSA/DSA identities. */
|
||||||
diff -up /dev/null openssh-4.7p1/nsskeys.c
|
diff -up /dev/null openssh-4.7p1/nsskeys.c
|
||||||
--- /dev/null 2007-09-04 17:17:14.474470098 +0200
|
--- /dev/null 2007-11-05 08:22:09.502001637 +0100
|
||||||
+++ openssh-4.7p1/nsskeys.c 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/nsskeys.c 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -0,0 +1,327 @@
|
@@ -0,0 +1,327 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
|
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||||
@ -772,7 +772,7 @@ diff -up /dev/null openssh-4.7p1/nsskeys.c
|
|||||||
+#endif /* HAVE_LIBNSS */
|
+#endif /* HAVE_LIBNSS */
|
||||||
diff -up openssh-4.7p1/ssh.c.nss-keys openssh-4.7p1/ssh.c
|
diff -up openssh-4.7p1/ssh.c.nss-keys openssh-4.7p1/ssh.c
|
||||||
--- openssh-4.7p1/ssh.c.nss-keys 2007-08-08 06:32:41.000000000 +0200
|
--- openssh-4.7p1/ssh.c.nss-keys 2007-08-08 06:32:41.000000000 +0200
|
||||||
+++ openssh-4.7p1/ssh.c 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/ssh.c 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -104,6 +104,9 @@
|
@@ -104,6 +104,9 @@
|
||||||
#ifdef SMARTCARD
|
#ifdef SMARTCARD
|
||||||
#include "scard.h"
|
#include "scard.h"
|
||||||
@ -825,8 +825,8 @@ diff -up openssh-4.7p1/ssh.c.nss-keys openssh-4.7p1/ssh.c
|
|||||||
fatal("load_public_identity_files: getpwuid failed");
|
fatal("load_public_identity_files: getpwuid failed");
|
||||||
if (gethostname(thishost, sizeof(thishost)) == -1)
|
if (gethostname(thishost, sizeof(thishost)) == -1)
|
||||||
diff -up /dev/null openssh-4.7p1/nsskeys.h
|
diff -up /dev/null openssh-4.7p1/nsskeys.h
|
||||||
--- /dev/null 2007-09-04 17:17:14.474470098 +0200
|
--- /dev/null 2007-11-05 08:22:09.502001637 +0100
|
||||||
+++ openssh-4.7p1/nsskeys.h 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/nsskeys.h 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -0,0 +1,39 @@
|
@@ -0,0 +1,39 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
|
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
|
||||||
@ -869,7 +869,7 @@ diff -up /dev/null openssh-4.7p1/nsskeys.h
|
|||||||
+#endif
|
+#endif
|
||||||
diff -up openssh-4.7p1/Makefile.in.nss-keys openssh-4.7p1/Makefile.in
|
diff -up openssh-4.7p1/Makefile.in.nss-keys openssh-4.7p1/Makefile.in
|
||||||
--- openssh-4.7p1/Makefile.in.nss-keys 2007-06-11 06:01:42.000000000 +0200
|
--- openssh-4.7p1/Makefile.in.nss-keys 2007-06-11 06:01:42.000000000 +0200
|
||||||
+++ openssh-4.7p1/Makefile.in 2007-09-06 17:53:14.000000000 +0200
|
+++ openssh-4.7p1/Makefile.in 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
|
||||||
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
|
||||||
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
|
||||||
@ -881,7 +881,7 @@ diff -up openssh-4.7p1/Makefile.in.nss-keys openssh-4.7p1/Makefile.in
|
|||||||
sshconnect.o sshconnect1.o sshconnect2.o
|
sshconnect.o sshconnect1.o sshconnect2.o
|
||||||
diff -up openssh-4.7p1/key.h.nss-keys openssh-4.7p1/key.h
|
diff -up openssh-4.7p1/key.h.nss-keys openssh-4.7p1/key.h
|
||||||
--- openssh-4.7p1/key.h.nss-keys 2006-08-05 04:39:40.000000000 +0200
|
--- openssh-4.7p1/key.h.nss-keys 2006-08-05 04:39:40.000000000 +0200
|
||||||
+++ openssh-4.7p1/key.h 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/key.h 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -29,11 +29,17 @@
|
@@ -29,11 +29,17 @@
|
||||||
#include <openssl/rsa.h>
|
#include <openssl/rsa.h>
|
||||||
#include <openssl/dsa.h>
|
#include <openssl/dsa.h>
|
||||||
@ -933,7 +933,7 @@ diff -up openssh-4.7p1/key.h.nss-keys openssh-4.7p1/key.h
|
|||||||
int key_equal(const Key *, const Key *);
|
int key_equal(const Key *, const Key *);
|
||||||
diff -up openssh-4.7p1/ssh-add.c.nss-keys openssh-4.7p1/ssh-add.c
|
diff -up openssh-4.7p1/ssh-add.c.nss-keys openssh-4.7p1/ssh-add.c
|
||||||
--- openssh-4.7p1/ssh-add.c.nss-keys 2006-09-01 07:38:37.000000000 +0200
|
--- openssh-4.7p1/ssh-add.c.nss-keys 2006-09-01 07:38:37.000000000 +0200
|
||||||
+++ openssh-4.7p1/ssh-add.c 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/ssh-add.c 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -43,6 +43,14 @@
|
@@ -43,6 +43,14 @@
|
||||||
|
|
||||||
#include <openssl/evp.h>
|
#include <openssl/evp.h>
|
||||||
@ -1162,7 +1162,7 @@ diff -up openssh-4.7p1/ssh-add.c.nss-keys openssh-4.7p1/ssh-add.c
|
|||||||
struct passwd *pw;
|
struct passwd *pw;
|
||||||
diff -up openssh-4.7p1/ssh-rsa.c.nss-keys openssh-4.7p1/ssh-rsa.c
|
diff -up openssh-4.7p1/ssh-rsa.c.nss-keys openssh-4.7p1/ssh-rsa.c
|
||||||
--- openssh-4.7p1/ssh-rsa.c.nss-keys 2006-09-01 07:38:37.000000000 +0200
|
--- openssh-4.7p1/ssh-rsa.c.nss-keys 2006-09-01 07:38:37.000000000 +0200
|
||||||
+++ openssh-4.7p1/ssh-rsa.c 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/ssh-rsa.c 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -32,6 +32,10 @@
|
@@ -32,6 +32,10 @@
|
||||||
#include "compat.h"
|
#include "compat.h"
|
||||||
#include "ssh.h"
|
#include "ssh.h"
|
||||||
@ -1235,7 +1235,7 @@ diff -up openssh-4.7p1/ssh-rsa.c.nss-keys openssh-4.7p1/ssh-rsa.c
|
|||||||
buffer_put_cstring(&b, "ssh-rsa");
|
buffer_put_cstring(&b, "ssh-rsa");
|
||||||
diff -up openssh-4.7p1/ssh-keygen.c.nss-keys openssh-4.7p1/ssh-keygen.c
|
diff -up openssh-4.7p1/ssh-keygen.c.nss-keys openssh-4.7p1/ssh-keygen.c
|
||||||
--- openssh-4.7p1/ssh-keygen.c.nss-keys 2007-02-19 12:10:25.000000000 +0100
|
--- openssh-4.7p1/ssh-keygen.c.nss-keys 2007-02-19 12:10:25.000000000 +0100
|
||||||
+++ openssh-4.7p1/ssh-keygen.c 2007-09-06 17:48:08.000000000 +0200
|
+++ openssh-4.7p1/ssh-keygen.c 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -52,6 +52,11 @@
|
@@ -52,6 +52,11 @@
|
||||||
#include "scard.h"
|
#include "scard.h"
|
||||||
#endif
|
#endif
|
||||||
@ -1339,7 +1339,7 @@ diff -up openssh-4.7p1/ssh-keygen.c.nss-keys openssh-4.7p1/ssh-keygen.c
|
|||||||
if (download)
|
if (download)
|
||||||
diff -up openssh-4.7p1/readconf.c.nss-keys openssh-4.7p1/readconf.c
|
diff -up openssh-4.7p1/readconf.c.nss-keys openssh-4.7p1/readconf.c
|
||||||
--- openssh-4.7p1/readconf.c.nss-keys 2007-03-21 10:46:03.000000000 +0100
|
--- openssh-4.7p1/readconf.c.nss-keys 2007-03-21 10:46:03.000000000 +0100
|
||||||
+++ openssh-4.7p1/readconf.c 2007-09-06 17:43:59.000000000 +0200
|
+++ openssh-4.7p1/readconf.c 2007-11-20 14:26:43.000000000 +0100
|
||||||
@@ -124,6 +124,7 @@ typedef enum {
|
@@ -124,6 +124,7 @@ typedef enum {
|
||||||
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
|
||||||
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
|
||||||
|
11
openssh.spec
11
openssh.spec
@ -63,7 +63,7 @@
|
|||||||
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
|
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
Version: 4.7p1
|
Version: 4.7p1
|
||||||
Release: 2%{?dist}%{?rescue_rel}
|
Release: 3%{?dist}%{?rescue_rel}
|
||||||
URL: http://www.openssh.com/portable.html
|
URL: http://www.openssh.com/portable.html
|
||||||
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
|
||||||
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
|
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
|
||||||
@ -461,8 +461,6 @@ fi
|
|||||||
%files server
|
%files server
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
%dir %attr(0711,root,root) %{_var}/empty/sshd
|
%dir %attr(0711,root,root) %{_var}/empty/sshd
|
||||||
%dir %attr(0755,root,root) %{_var}/empty/sshd/etc
|
|
||||||
%ghost %verify(not md5 size mtime) %{_var}/empty/sshd/etc/localtime
|
|
||||||
%attr(0755,root,root) %{_sbindir}/sshd
|
%attr(0755,root,root) %{_sbindir}/sshd
|
||||||
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
|
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
|
||||||
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
|
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
|
||||||
@ -482,6 +480,13 @@ fi
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Nov 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-3
|
||||||
|
- do not copy /etc/localtime into the chroot as it is not
|
||||||
|
necessary anymore (#193184)
|
||||||
|
- call setkeycreatecon when selinux context is established
|
||||||
|
- test for NULL privk when freeing key (#391871) - patch by
|
||||||
|
Pierre Ossman
|
||||||
|
|
||||||
* Mon Sep 17 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-2
|
* Mon Sep 17 2007 Tomas Mraz <tmraz@redhat.com> - 4.7p1-2
|
||||||
- revert default window size adjustments (#286181)
|
- revert default window size adjustments (#286181)
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user