diff --git a/openssh-5.8p1-entropy.patch b/openssh-5.8p1-entropy.patch index 977c8b9..c3acc7c 100644 --- a/openssh-5.8p1-entropy.patch +++ b/openssh-5.8p1-entropy.patch @@ -89,7 +89,7 @@ diff -up openssh-5.8p2/openbsd-compat/port-linux-prng.c.entropy openssh-5.8p2/op diff -up openssh-5.8p2/ssh.1.entropy openssh-5.8p2/ssh.1 --- openssh-5.8p2/ssh.1.entropy 2010-11-20 05:21:03.000000000 +0100 +++ openssh-5.8p2/ssh.1 2011-05-28 21:15:27.375920967 +0200 -@@ -1250,6 +1250,17 @@ For more information, see the +@@ -1250,6 +1250,20 @@ For more information, see the .Cm PermitUserEnvironment option in .Xr sshd_config 5 . @@ -98,19 +98,22 @@ diff -up openssh-5.8p2/ssh.1.entropy openssh-5.8p2/ssh.1 +.Cm /dev/urandom . +If the +.Cm SSH_USE_STRONG_RNG -+is set to nonzero value ++environment variable is set to value other than ++.Cm 0 +the OpenSSL random generator is reseeded from +.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes. ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 6 bytes. +This setting is not recommended on the computers without the hardware -+random generator. Insuifficient entropy causes the blocking conection. ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. .Sh FILES .Bl -tag -width Ds -compact .It Pa ~/.rhosts diff -up openssh-5.8p2/ssh-add.1.entropy openssh-5.8p2/ssh-add.1 --- openssh-5.8p2/ssh-add.1.entropy 2010-11-05 00:20:14.000000000 +0100 +++ openssh-5.8p2/ssh-add.1 2011-05-28 21:16:43.891859186 +0200 -@@ -158,6 +158,17 @@ Identifies the path of a +@@ -158,6 +158,20 @@ Identifies the path of a .Ux Ns -domain socket used to communicate with the agent. .El @@ -119,19 +122,22 @@ diff -up openssh-5.8p2/ssh-add.1.entropy openssh-5.8p2/ssh-add.1 +.Cm /dev/urandom . +If the +.Cm SSH_USE_STRONG_RNG -+is set to nonzero value ++environment variable is set to value other than ++.Cm 0 +the OpenSSL random generator is reseeded from +.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes. ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 6 bytes. +This setting is not recommended on the computers without the hardware -+random generator. Insuifficient entropy causes the blocking conection. ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. .Sh FILES .Bl -tag -width Ds .It Pa ~/.ssh/identity diff -up openssh-5.8p2/ssh-agent.1.entropy openssh-5.8p2/ssh-agent.1 --- openssh-5.8p2/ssh-agent.1.entropy 2010-12-01 01:50:35.000000000 +0100 +++ openssh-5.8p2/ssh-agent.1 2011-05-28 21:13:10.086864993 +0200 -@@ -198,6 +198,20 @@ sockets used to contain the connection t +@@ -198,6 +198,23 @@ sockets used to contain the connection t These sockets should only be readable by the owner. The sockets should get automatically removed when the agent exits. .El @@ -143,19 +149,22 @@ diff -up openssh-5.8p2/ssh-agent.1.entropy openssh-5.8p2/ssh-agent.1 +.Cm /dev/urandom . +If the +.Cm SSH_USE_STRONG_RNG -+is set to nonzero value ++environment variable is set to value other than ++.Cm 0 +the OpenSSL random generator is reseeded from +.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes. ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 6 bytes. +This setting is not recommended on the computers without the hardware -+random generator. Insuifficient entropy causes the blocking conection. ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. .Sh SEE ALSO .Xr ssh 1 , .Xr ssh-add 1 , diff -up openssh-5.8p2/sshd.8.entropy openssh-5.8p2/sshd.8 --- openssh-5.8p2/sshd.8.entropy 2010-11-05 00:20:14.000000000 +0100 +++ openssh-5.8p2/sshd.8 2011-05-28 21:13:10.241861760 +0200 -@@ -937,6 +937,20 @@ concurrently for different ports, this c +@@ -937,6 +937,23 @@ concurrently for different ports, this c started last). The content of this file is not sensitive; it can be world-readable. .El @@ -167,19 +176,22 @@ diff -up openssh-5.8p2/sshd.8.entropy openssh-5.8p2/sshd.8 +.Cm /dev/urandom . +If the +.Cm SSH_USE_STRONG_RNG -+is set to nonzero value ++environment variable is set to value other than ++.Cm 0 +the OpenSSL random generator is reseeded from +.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes. ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 6 bytes. +This setting is not recommended on the computers without the hardware -+random generator. Insuifficient entropy causes the blocking conection. ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. .Sh SEE ALSO .Xr scp 1 , .Xr sftp 1 , diff -up openssh-5.8p2/ssh-keygen.1.entropy openssh-5.8p2/ssh-keygen.1 --- openssh-5.8p2/ssh-keygen.1.entropy 2010-11-05 00:20:14.000000000 +0100 +++ openssh-5.8p2/ssh-keygen.1 2011-05-28 21:13:10.389856432 +0200 -@@ -655,6 +655,20 @@ Contains Diffie-Hellman groups used for +@@ -655,6 +655,23 @@ Contains Diffie-Hellman groups used for The file format is described in .Xr moduli 5 . .El @@ -191,19 +203,22 @@ diff -up openssh-5.8p2/ssh-keygen.1.entropy openssh-5.8p2/ssh-keygen.1 +.Cm /dev/urandom . +If the +.Cm SSH_USE_STRONG_RNG -+is set to nonzero value ++environment variable is set to value other than ++.Cm 0 +the OpenSSL random generator is reseeded from +.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes. ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 6 bytes. +This setting is not recommended on the computers without the hardware -+random generator. Insuifficient entropy causes the blocking conection. ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. .Sh SEE ALSO .Xr ssh 1 , .Xr ssh-add 1 , diff -up openssh-5.8p2/ssh-keysign.8.entropy openssh-5.8p2/ssh-keysign.8 --- openssh-5.8p2/ssh-keysign.8.entropy 2010-08-31 14:41:14.000000000 +0200 +++ openssh-5.8p2/ssh-keysign.8 2011-05-28 21:17:32.399856797 +0200 -@@ -78,6 +78,20 @@ must be set-uid root if host-based authe +@@ -78,6 +78,23 @@ must be set-uid root if host-based authe If these files exist they are assumed to contain public certificate information corresponding with the private keys above. .El @@ -215,12 +230,15 @@ diff -up openssh-5.8p2/ssh-keysign.8.entropy openssh-5.8p2/ssh-keysign.8 +.Cm /dev/urandom . +If the +.Cm SSH_USE_STRONG_RNG -+is set to nonzero value ++environment variable is set to value other than ++.Cm 0 +the OpenSSL random generator is reseeded from +.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes. ++The number of bytes read is defined by the SSH_USE_STRONG_RNG value. ++Minimum is 6 bytes. +This setting is not recommended on the computers without the hardware -+random generator. Insuifficient entropy causes the blocking conection. ++random generator because insufficient entropy causes the connection to ++be blocked until enough entropy is available. .Sh SEE ALSO .Xr ssh 1 , .Xr ssh-keygen 1 , diff --git a/openssh.spec b/openssh.spec index ce1882d..05dd087 100644 --- a/openssh.spec +++ b/openssh.spec @@ -74,7 +74,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.8p2 -%define openssh_rel 4 +%define openssh_rel 5 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 31 @@ -739,6 +739,9 @@ exit 0 %endif %changelog +* Tue May 31 2011 Jan F. Chadima - 5.8p2-5 + 0.9.2-31 +- improove entropy manuals + * Fri May 27 2011 Jan F. Chadima - 5.8p2-4 + 0.9.2-31 - improove entropy handling - concat ldap patches