diff --git a/openssh-5.8p1-entropy.patch b/openssh-5.8p1-entropy.patch index 4d83b3b..e636f68 100644 --- a/openssh-5.8p1-entropy.patch +++ b/openssh-5.8p1-entropy.patch @@ -1,7 +1,15 @@ diff -up openssh-5.8p1/entropy.c.entropy openssh-5.8p1/entropy.c --- openssh-5.8p1/entropy.c.entropy 2011-01-13 11:05:29.000000000 +0100 -+++ openssh-5.8p1/entropy.c 2011-03-28 16:22:37.422648742 +0200 -@@ -144,6 +144,9 @@ seed_rng(void) ++++ openssh-5.8p1/entropy.c 2011-04-01 10:23:58.318648953 +0200 +@@ -50,6 +50,7 @@ + #include "pathnames.h" + #include "log.h" + #include "buffer.h" ++#include "openbsd-compat/port-linux.h" + + /* + * Portable OpenSSH PRNG seeding: +@@ -144,6 +145,9 @@ seed_rng(void) memset(buf, '\0', sizeof(buf)); #endif /* OPENSSL_PRNG_ONLY */ @@ -13,7 +21,7 @@ diff -up openssh-5.8p1/entropy.c.entropy openssh-5.8p1/entropy.c } diff -up openssh-5.8p1/openbsd-compat/Makefile.in.entropy openssh-5.8p1/openbsd-compat/Makefile.in --- openssh-5.8p1/openbsd-compat/Makefile.in.entropy 2010-10-07 13:19:24.000000000 +0200 -+++ openssh-5.8p1/openbsd-compat/Makefile.in 2011-03-28 16:22:37.484648793 +0200 ++++ openssh-5.8p1/openbsd-compat/Makefile.in 2011-04-01 10:21:38.251648364 +0200 @@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o @@ -23,10 +31,22 @@ diff -up openssh-5.8p1/openbsd-compat/Makefile.in.entropy openssh-5.8p1/openbsd- .c.o: $(CC) $(CFLAGS) $(CPPFLAGS) -c $< +diff -up openssh-5.8p1/openbsd-compat/port-linux.h.entropy openssh-5.8p1/openbsd-compat/port-linux.h +--- openssh-5.8p1/openbsd-compat/port-linux.h.entropy 2011-04-01 10:22:10.165648950 +0200 ++++ openssh-5.8p1/openbsd-compat/port-linux.h 2011-04-01 10:22:36.965648719 +0200 +@@ -19,6 +19,8 @@ + #ifndef _PORT_LINUX_H + #define _PORT_LINUX_H + ++void linux_seed(void); ++ + #ifdef WITH_SELINUX + int ssh_selinux_enabled(void); + void ssh_selinux_setup_pty(char *, const char *); diff -up openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy openssh-5.8p1/openbsd-compat/port-linux-prng.c ---- openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy 2011-03-28 16:22:37.508648739 +0200 -+++ openssh-5.8p1/openbsd-compat/port-linux-prng.c 2011-03-28 16:22:37.520650578 +0200 -@@ -0,0 +1,55 @@ +--- openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy 2011-04-01 10:21:38.302648133 +0200 ++++ openssh-5.8p1/openbsd-compat/port-linux-prng.c 2011-04-01 10:21:38.311648282 +0200 +@@ -0,0 +1,56 @@ +/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */ + +/* @@ -55,6 +75,7 @@ diff -up openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy openssh-5.8p1/op +#include +#include +#include ++#include + +#include "log.h" +#include "xmalloc.h" @@ -84,7 +105,7 @@ diff -up openssh-5.8p1/openbsd-compat/port-linux-prng.c.entropy openssh-5.8p1/op +} diff -up openssh-5.8p1/ssh.1.entropy openssh-5.8p1/ssh.1 --- openssh-5.8p1/ssh.1.entropy 2010-11-20 05:21:03.000000000 +0100 -+++ openssh-5.8p1/ssh.1 2011-03-28 16:22:37.621648461 +0200 ++++ openssh-5.8p1/ssh.1 2011-04-01 10:21:38.352648197 +0200 @@ -1250,6 +1250,15 @@ For more information, see the .Cm PermitUserEnvironment option in @@ -103,7 +124,7 @@ diff -up openssh-5.8p1/ssh.1.entropy openssh-5.8p1/ssh.1 .It Pa ~/.rhosts diff -up openssh-5.8p1/ssh-add.1.entropy openssh-5.8p1/ssh-add.1 --- openssh-5.8p1/ssh-add.1.entropy 2010-11-05 00:20:14.000000000 +0100 -+++ openssh-5.8p1/ssh-add.1 2011-03-28 16:22:37.674648474 +0200 ++++ openssh-5.8p1/ssh-add.1 2011-04-01 10:21:38.416648713 +0200 @@ -157,6 +157,15 @@ to make this work.) Identifies the path of a .Ux Ns -domain @@ -122,7 +143,7 @@ diff -up openssh-5.8p1/ssh-add.1.entropy openssh-5.8p1/ssh-add.1 .Bl -tag -width Ds diff -up openssh-5.8p1/ssh-agent.1.entropy openssh-5.8p1/ssh-agent.1 --- openssh-5.8p1/ssh-agent.1.entropy 2010-12-01 01:50:35.000000000 +0100 -+++ openssh-5.8p1/ssh-agent.1 2011-03-28 16:22:37.729648529 +0200 ++++ openssh-5.8p1/ssh-agent.1 2011-04-01 10:21:38.459648714 +0200 @@ -198,6 +198,18 @@ sockets used to contain the connection t These sockets should only be readable by the owner. The sockets should get automatically removed when the agent exits. @@ -144,7 +165,7 @@ diff -up openssh-5.8p1/ssh-agent.1.entropy openssh-5.8p1/ssh-agent.1 .Xr ssh-add 1 , diff -up openssh-5.8p1/sshd.8.entropy openssh-5.8p1/sshd.8 --- openssh-5.8p1/sshd.8.entropy 2010-11-05 00:20:14.000000000 +0100 -+++ openssh-5.8p1/sshd.8 2011-03-28 16:22:37.789648521 +0200 ++++ openssh-5.8p1/sshd.8 2011-04-01 10:21:38.505648778 +0200 @@ -937,6 +937,18 @@ concurrently for different ports, this c started last). The content of this file is not sensitive; it can be world-readable. @@ -166,7 +187,7 @@ diff -up openssh-5.8p1/sshd.8.entropy openssh-5.8p1/sshd.8 .Xr sftp 1 , diff -up openssh-5.8p1/ssh-keygen.1.entropy openssh-5.8p1/ssh-keygen.1 --- openssh-5.8p1/ssh-keygen.1.entropy 2010-11-05 00:20:14.000000000 +0100 -+++ openssh-5.8p1/ssh-keygen.1 2011-03-28 16:22:37.845648487 +0200 ++++ openssh-5.8p1/ssh-keygen.1 2011-04-01 10:21:38.554648691 +0200 @@ -655,6 +655,18 @@ Contains Diffie-Hellman groups used for The file format is described in .Xr moduli 5 . @@ -188,7 +209,7 @@ diff -up openssh-5.8p1/ssh-keygen.1.entropy openssh-5.8p1/ssh-keygen.1 .Xr ssh-add 1 , diff -up openssh-5.8p1/ssh-keysign.8.entropy openssh-5.8p1/ssh-keysign.8 --- openssh-5.8p1/ssh-keysign.8.entropy 2010-08-31 14:41:14.000000000 +0200 -+++ openssh-5.8p1/ssh-keysign.8 2011-03-28 16:22:37.900648475 +0200 ++++ openssh-5.8p1/ssh-keysign.8 2011-04-01 10:21:38.606648660 +0200 @@ -78,6 +78,18 @@ must be set-uid root if host-based authe If these files exist they are assumed to contain public certificate information corresponding with the private keys above. diff --git a/openssh-5.8p1-fips.patch b/openssh-5.8p1-fips.patch index 044376e..3d1a681 100644 --- a/openssh-5.8p1-fips.patch +++ b/openssh-5.8p1-fips.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c --- openssh-5.8p1/authfile.c.fips 2010-12-01 02:03:39.000000000 +0100 -+++ openssh-5.8p1/authfile.c 2011-02-25 09:23:19.000000000 +0100 ++++ openssh-5.8p1/authfile.c 2011-04-01 09:34:12.136698711 +0200 @@ -145,8 +145,14 @@ key_private_rsa1_to_blob(Key *key, Buffe /* Allocate space for the private part of the key in the buffer. */ cp = buffer_append_space(&encrypted, buffer_len(&buffer)); @@ -35,8 +35,8 @@ diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c buffer_ptr(blob), buffer_len(blob)); cipher_cleanup(&ciphercontext); diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c ---- openssh-5.8p1/cipher.c.fips 2011-02-25 09:23:18.000000000 +0100 -+++ openssh-5.8p1/cipher.c 2011-02-25 09:23:19.000000000 +0100 +--- openssh-5.8p1/cipher.c.fips 2011-04-01 09:34:05.444648701 +0200 ++++ openssh-5.8p1/cipher.c 2011-04-01 09:34:12.184648648 +0200 @@ -40,6 +40,7 @@ #include @@ -123,7 +123,7 @@ diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c /* diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c --- openssh-5.8p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200 -+++ openssh-5.8p1/cipher-ctr.c 2011-02-25 09:23:19.000000000 +0100 ++++ openssh-5.8p1/cipher-ctr.c 2011-04-01 09:34:12.228648747 +0200 @@ -140,7 +140,8 @@ evp_aes_128_ctr(void) aes_ctr.do_cipher = ssh_aes_ctr; #ifndef SSH_OLD_EVP @@ -135,8 +135,8 @@ diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c return (&aes_ctr); } diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h ---- openssh-5.8p1/cipher.h.fips 2011-02-25 09:23:18.000000000 +0100 -+++ openssh-5.8p1/cipher.h 2011-02-25 09:23:19.000000000 +0100 +--- openssh-5.8p1/cipher.h.fips 2011-04-01 09:34:05.488648661 +0200 ++++ openssh-5.8p1/cipher.h 2011-04-01 09:34:12.270648743 +0200 @@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe const u_char *, u_int, int); void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int); @@ -147,8 +147,8 @@ diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h u_int cipher_keylen(const Cipher *); u_int cipher_is_cbc(const Cipher *); diff -up openssh-5.8p1/key.c.fips openssh-5.8p1/key.c ---- openssh-5.8p1/key.c.fips 2011-02-25 09:23:19.000000000 +0100 -+++ openssh-5.8p1/key.c 2011-02-25 09:24:35.000000000 +0100 +--- openssh-5.8p1/key.c.fips 2011-04-01 09:34:07.105648513 +0200 ++++ openssh-5.8p1/key.c 2011-04-01 09:34:12.329648473 +0200 @@ -40,6 +40,7 @@ #include @@ -175,8 +175,8 @@ diff -up openssh-5.8p1/key.c.fips openssh-5.8p1/key.c } return rv; diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c ---- openssh-5.8p1/mac.c.fips 2011-02-25 09:23:18.000000000 +0100 -+++ openssh-5.8p1/mac.c 2011-02-25 09:23:19.000000000 +0100 +--- openssh-5.8p1/mac.c.fips 2011-04-01 09:34:06.204648928 +0200 ++++ openssh-5.8p1/mac.c 2011-04-01 09:34:12.379648663 +0200 @@ -28,6 +28,7 @@ #include @@ -227,9 +227,9 @@ diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c for (i = 0; macs[i].name; i++) { if (strcmp(name, macs[i].name) == 0) { diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in ---- openssh-5.8p1/Makefile.in.fips 2011-02-25 09:23:19.000000000 +0100 -+++ openssh-5.8p1/Makefile.in 2011-02-25 09:23:19.000000000 +0100 -@@ -145,25 +145,25 @@ libssh.a: $(LIBSSH_OBJS) +--- openssh-5.8p1/Makefile.in.fips 2011-04-01 09:34:09.725648593 +0200 ++++ openssh-5.8p1/Makefile.in 2011-04-01 09:34:12.422658984 +0200 +@@ -146,25 +146,25 @@ libssh.a: $(LIBSSH_OBJS) $(RANLIB) $@ ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) @@ -261,7 +261,7 @@ diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) -@@ -172,7 +172,7 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l +@@ -173,7 +173,7 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o @@ -272,7 +272,7 @@ diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h --- openssh-5.8p1/myproposal.h.fips 2011-01-13 12:00:22.000000000 +0100 -+++ openssh-5.8p1/myproposal.h 2011-02-25 09:23:19.000000000 +0100 ++++ openssh-5.8p1/myproposal.h 2011-04-01 09:34:12.583648839 +0200 @@ -81,7 +81,12 @@ "hmac-sha1-96,hmac-md5-96" #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" @@ -289,51 +289,65 @@ diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h KEX_DEFAULT_KEX, diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbsd-compat/bsd-arc4random.c --- openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100 -+++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-02-25 09:23:19.000000000 +0100 -@@ -39,6 +39,7 @@ - static int rc4_ready = 0; - static RC4_KEY rc4; ++++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-04-01 09:36:17.282648749 +0200 +@@ -37,25 +37,18 @@ + #define REKEY_BYTES (1 << 24) + + static int rc4_ready = 0; +-static RC4_KEY rc4; -+#if 0 unsigned int arc4random(void) { -@@ -82,6 +83,32 @@ arc4random_stir(void) - - rc4_ready = REKEY_BYTES; - } -+#else -+unsigned int -+arc4random(void) -+{ -+ unsigned int r = 0; + unsigned int r = 0; +- static int first_time = 1; + void *rp = &r; -+ + +- if (rc4_ready <= 0) { +- if (first_time) +- seed_rng(); +- first_time = 0; + if (!rc4_ready) { -+ arc4random_stir(); -+ } + arc4random_stir(); + } + RAND_bytes(rp, sizeof(r)); -+ -+ return(r); -+} -+ -+void -+arc4random_stir(void) -+{ -+ unsigned char rand_buf[SEED_SIZE]; -+ -+ if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0) -+ fatal("Couldn't obtain random bytes (error %ld)", -+ ERR_get_error()); + +- RC4(&rc4, sizeof(r), (unsigned char *)&r, (unsigned char *)&r); +- +- rc4_ready -= sizeof(r); +- + return(r); + } + +@@ -63,24 +56,11 @@ void + arc4random_stir(void) + { + unsigned char rand_buf[SEED_SIZE]; +- int i; + +- memset(&rc4, 0, sizeof(rc4)); + if (RAND_bytes(rand_buf, sizeof(rand_buf)) <= 0) + fatal("Couldn't obtain random bytes (error %ld)", + ERR_get_error()); +- RC4_set_key(&rc4, sizeof(rand_buf), rand_buf); +- +- /* +- * Discard early keystream, as per recommendations in: +- * http://www.wisdom.weizmann.ac.il/~itsik/RC4/Papers/Rc4_ksa.ps +- */ +- for(i = 0; i <= 256; i += sizeof(rand_buf)) +- RC4(&rc4, sizeof(rand_buf), rand_buf, rand_buf); +- +- memset(rand_buf, 0, sizeof(rand_buf)); +- +- rc4_ready = REKEY_BYTES; + rc4_ready = 1; -+} -+#endif + } #endif /* !HAVE_ARC4RANDOM */ - #ifndef HAVE_ARC4RANDOM_BUF diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c --- openssh-5.8p1/ssh.c.fips 2011-02-04 01:42:15.000000000 +0100 -+++ openssh-5.8p1/ssh.c 2011-02-25 09:23:19.000000000 +0100 ++++ openssh-5.8p1/ssh.c 2011-04-01 09:34:12.689648154 +0200 @@ -73,6 +73,8 @@ #include @@ -397,8 +411,8 @@ diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c if (ssh_connect(host, &hostaddr, options.port, options.address_family, options.connection_attempts, &timeout_ms, diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c ---- openssh-5.8p1/sshconnect2.c.fips 2011-02-25 09:23:18.000000000 +0100 -+++ openssh-5.8p1/sshconnect2.c 2011-02-25 09:23:19.000000000 +0100 +--- openssh-5.8p1/sshconnect2.c.fips 2011-04-01 09:34:03.780648205 +0200 ++++ openssh-5.8p1/sshconnect2.c 2011-04-01 09:34:12.739648223 +0200 @@ -44,6 +44,8 @@ #include #endif @@ -432,8 +446,8 @@ diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = options.hostkeyalgorithms; diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.fips 2011-02-25 09:23:19.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-25 09:23:19.000000000 +0100 +--- openssh-5.8p1/sshd.c.fips 2011-04-01 09:34:11.218648712 +0200 ++++ openssh-5.8p1/sshd.c 2011-04-01 09:34:12.835695243 +0200 @@ -76,6 +76,8 @@ #include #include @@ -443,7 +457,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c #include "openbsd-compat/openssl-compat.h" #ifdef HAVE_SECUREWARE -@@ -1364,6 +1366,12 @@ main(int ac, char **av) +@@ -1368,6 +1370,12 @@ main(int ac, char **av) (void)set_auth_parameters(ac, av); #endif __progname = ssh_get_progname(av[0]); @@ -456,7 +470,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c init_rng(); /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ -@@ -1525,8 +1533,6 @@ main(int ac, char **av) +@@ -1529,8 +1537,6 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); @@ -465,7 +479,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c /* * Force logging to stderr until we have loaded the private host * key (unless started from inetd) -@@ -1645,6 +1651,10 @@ main(int ac, char **av) +@@ -1649,6 +1655,10 @@ main(int ac, char **av) debug("private host key: #%d type %d %s", i, key->type, key_type(key)); } @@ -476,7 +490,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { logit("Disabling protocol version 1. Could not load host key"); options.protocol &= ~SSH_PROTO_1; -@@ -1809,6 +1819,10 @@ main(int ac, char **av) +@@ -1813,6 +1823,10 @@ main(int ac, char **av) /* Initialize the random number generator. */ arc4random_stir(); @@ -487,7 +501,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c /* Chdir to the root directory so that the current disk can be unmounted if desired. */ chdir("/"); -@@ -2350,6 +2364,9 @@ do_ssh2_kex(void) +@@ -2355,6 +2369,9 @@ do_ssh2_kex(void) if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; @@ -497,7 +511,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c } myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); -@@ -2359,6 +2376,9 @@ do_ssh2_kex(void) +@@ -2364,6 +2381,9 @@ do_ssh2_kex(void) if (options.macs != NULL) { myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; diff --git a/openssh-5.8p1-pwchange.patch b/openssh-5.8p1-pwchange.patch index 07971c2..b35cb64 100644 --- a/openssh-5.8p1-pwchange.patch +++ b/openssh-5.8p1-pwchange.patch @@ -6,7 +6,7 @@ diff -up openssh-5.8p1/session.c.pwchange openssh-5.8p1/session.c fprintf(stderr, "You must change your password now and login again!\n"); +#ifdef __linux__ -+ execl("/bin/sh", "sh", "-c", "passwd", s->pw->pw_name, ++ execl("/bin/sh", "sh", "-c", _PATH_PASSWD_PROG, s->pw->pw_name, + (char *)NULL); +#else #ifdef PASSWD_NEEDS_USERNAME diff --git a/openssh-nukeacss.sh b/openssh-nukeacss.sh index ccc1354..df7f22b 100755 --- a/openssh-nukeacss.sh +++ b/openssh-nukeacss.sh @@ -7,11 +7,12 @@ patch -sp0 << EOF --- cipher.c.orig 2005-07-17 09:02:10.000000000 +0200 +++ cipher.c 2005-09-06 14:52:06.000000000 +0200 -@@ -45,6 +45,8 @@ +@@ -45,6 +45,9 @@ /* compatibility with old or broken OpenSSL versions */ #include "openbsd-compat/openssl-compat.h" +#undef USE_CIPHER_ACSS ++#undef EVP_acss +#define EVP_acss NULL extern const EVP_CIPHER *evp_ssh1_bf(void);