- Rebased to openssh5.6p1

- Added -z relro -z now to LDFLAGS
2010-08-12 07:41:58 +02:00 · 2010-08-12 07:41:58 +02:00 · c6801b909e
commit c6801b909e
parent d675c0b550
3 changed files with 62 additions and 58 deletions
--- a/openssh-5.6p1-authorized-keys-command.patch
+++ b/openssh-5.6p1-authorized-keys-command.patch
@ -1,6 +1,6 @@
 diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c
--- openssh-5.6p1/auth2-pubkey.c.akc	2010-08-23 12:15:42.000000000 +0200
-+++ openssh-5.6p1/auth2-pubkey.c	2010-08-23 12:15:42.000000000 +0200
+--- openssh-5.6p1/auth2-pubkey.c.akc	2010-09-03 15:24:51.000000000 +0200
+++ openssh-5.6p1/auth2-pubkey.c	2010-09-03 15:24:51.000000000 +0200
@@ -27,6 +27,7 @@
 
 #include <sys/types.h>
@ -241,8 +241,8 @@ diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c
 		return 0;
 	if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
 diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac
--- openssh-5.6p1/configure.ac.akc	2010-08-23 12:15:42.000000000 +0200
-+++ openssh-5.6p1/configure.ac	2010-08-23 12:15:42.000000000 +0200
+--- openssh-5.6p1/configure.ac.akc	2010-09-03 15:24:51.000000000 +0200
+++ openssh-5.6p1/configure.ac	2010-09-03 15:24:51.000000000 +0200
@@ -1346,6 +1346,18 @@ AC_ARG_WITH(audit,
 	esac ]
 )
@ -271,8 +271,8 @@ diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac
 echo "                   libedit support: $LIBEDIT_MSG"
 echo "  Solaris process contract support: $SPC_MSG"
 diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c
--- openssh-5.6p1/servconf.c.akc	2010-08-23 12:15:41.000000000 +0200
-+++ openssh-5.6p1/servconf.c	2010-08-23 12:22:22.000000000 +0200
+--- openssh-5.6p1/servconf.c.akc	2010-09-03 15:24:50.000000000 +0200
+++ openssh-5.6p1/servconf.c	2010-09-03 15:24:51.000000000 +0200
@@ -129,6 +129,8 @@ initialize_server_options(ServerOptions 
 	options->num_permitted_opens = -1;
 	options->adm_forced_command = NULL;
@ -344,8 +344,8 @@ diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c
 	/* string arguments requiring a lookup */
 	dump_cfg_string(sLogLevel, log_level_name(o->log_level));
 diff -up openssh-5.6p1/servconf.h.akc openssh-5.6p1/servconf.h
--- openssh-5.6p1/servconf.h.akc	2010-08-23 12:15:41.000000000 +0200
-+++ openssh-5.6p1/servconf.h	2010-08-23 12:17:58.000000000 +0200
+--- openssh-5.6p1/servconf.h.akc	2010-09-03 15:24:50.000000000 +0200
+++ openssh-5.6p1/servconf.h	2010-09-03 15:24:51.000000000 +0200
@@ -158,6 +158,8 @@ typedef struct {
 	char   *revoked_keys_file;
 	char   *trusted_user_ca_keys;
@ -356,9 +356,33 @@ diff -up openssh-5.6p1/servconf.h.akc openssh-5.6p1/servconf.h
 
 void	 initialize_server_options(ServerOptions *);
 diff -up openssh-5.6p1/sshd_config.0.akc openssh-5.6p1/sshd_config.0
--- openssh-5.6p1/sshd_config.0.akc	2010-08-23 12:15:41.000000000 +0200
-+++ openssh-5.6p1/sshd_config.0	2010-08-23 12:25:18.000000000 +0200
-@@ -374,7 +374,8 @@ DESCRIPTION
+--- openssh-5.6p1/sshd_config.0.akc	2010-09-03 15:24:50.000000000 +0200
+++ openssh-5.6p1/sshd_config.0	2010-09-03 15:27:26.000000000 +0200
+@@ -71,6 +71,23 @@ DESCRIPTION
+ 
+              See PATTERNS in ssh_config(5) for more information on patterns.
+ 
+     AuthorizedKeysCommand
+
+             Specifies a program to be used for lookup of the user's
+	     public keys.  The program will be invoked with its first
+	     argument the name of the user being authorized, and should produce 
+	     on standard output AuthorizedKeys lines (see AUTHORIZED_KEYS 
+	     in sshd(8)).  By default (or when set to the empty string) there is no
+	     AuthorizedKeysCommand run.  If the AuthorizedKeysCommand does not successfully
+	     authorize the user, authorization falls through to the
+	     AuthorizedKeysFile.  Note that this option has an effect
+	     only with PubkeyAuthentication turned on.
+
+     AuthorizedKeysCommandRunAs
+             Specifies the user under whose account the AuthorizedKeysCommand is run.
+             Empty string (the default value) means the user being authorized
+             is used.
+
+      AuthorizedKeysFile
+              Specifies the file that contains the public keys that can be used
+              for user authentication.  The format is described in the
+@@ -375,7 +392,8 @@ DESCRIPTION
 
              Only a subset of keywords may be used on the lines following a
              Match keyword.  Available keywords are AllowAgentForwarding,
@ -368,33 +392,9 @@ diff -up openssh-5.6p1/sshd_config.0.akc openssh-5.6p1/sshd_config.0
              Banner, ChrootDirectory, ForceCommand, GatewayPorts,
              GSSAPIAuthentication, HostbasedAuthentication,
              HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
-@@ -496,6 +497,23 @@ DESCRIPTION
-              this file is not readable, then public key authentication will be
-              refused for all users.
- 
-+     AuthorizedKeysCommand
-+
-+             Specifies a program to be used for lookup of the user's
-+	      public keys.  The program will be invoked with its first
-+	      argument the name of the user being authorized, and should produce 
-+	      on standard output AuthorizedKeys lines (see AUTHORIZED_KEYS 
-+	      in sshd(8)).  By default (or when set to the empty string) there is no
-+	      AuthorizedKeysCommand run.  If the AuthorizedKeysCommand does not successfully
-+	      authorize the user, authorization falls through to the
-+	      AuthorizedKeysFile.  Note that this option has an effect
-+	      only with PubkeyAuthentication turned on.
-+
-+     AuthorizedKeysCommandRunAs
-+             Specifies the user under whose account the AuthorizedKeysCommand is run.
-+             Empty string (the default value) means the user being authorized
-+             is used.
-+
-      RhostsRSAAuthentication
-              Specifies whether rhosts or /etc/hosts.equiv authentication to-
-              gether with successful RSA host authentication is allowed.  The
 diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5
--- openssh-5.6p1/sshd_config.5.akc	2010-08-23 12:15:41.000000000 +0200
-+++ openssh-5.6p1/sshd_config.5	2010-08-23 12:25:46.000000000 +0200
+--- openssh-5.6p1/sshd_config.5.akc	2010-09-03 15:24:50.000000000 +0200
+++ openssh-5.6p1/sshd_config.5	2010-09-03 15:24:51.000000000 +0200
@@ -654,6 +654,8 @@ Available keywords are
 .Cm AllowAgentForwarding ,
 .Cm AllowTcpForwarding ,
@ -434,8 +434,8 @@ diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful RSA host authentication is allowed.
 diff -up openssh-5.6p1/sshd_config.akc openssh-5.6p1/sshd_config
--- openssh-5.6p1/sshd_config.akc	2010-08-23 12:15:41.000000000 +0200
-+++ openssh-5.6p1/sshd_config	2010-08-23 12:15:42.000000000 +0200
+--- openssh-5.6p1/sshd_config.akc	2010-09-03 15:24:50.000000000 +0200
+++ openssh-5.6p1/sshd_config	2010-09-03 15:24:51.000000000 +0200
@@ -45,6 +45,8 @@ SyslogFacility AUTHPRIV
 #RSAAuthentication yes
 #PubkeyAuthentication yes
--- a/openssh-5.6p1-redhat.patch
+++ b/openssh-5.6p1-redhat.patch
@ -1,6 +1,6 @@
-diff -up openssh-5.4p1/ssh_config.redhat openssh-5.4p1/ssh_config
--- openssh-5.4p1/ssh_config.redhat	2010-01-12 09:40:27.000000000 +0100
-+++ openssh-5.4p1/ssh_config	2010-03-01 15:15:51.000000000 +0100
+diff -up openssh-5.6p1/ssh_config.redhat openssh-5.6p1/ssh_config
+--- openssh-5.6p1/ssh_config.redhat	2010-01-12 09:40:27.000000000 +0100
+++ openssh-5.6p1/ssh_config	2010-09-03 15:21:17.000000000 +0200
@@ -45,3 +45,14 @@
 #   PermitLocalCommand no
 #   VisualHostKey no
@ -16,26 +16,26 @@ diff -up openssh-5.4p1/ssh_config.redhat openssh-5.4p1/ssh_config
 +	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
 +	SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
 +	SendEnv XMODIFIERS
-diff -up openssh-5.4p1/sshd_config.0.redhat openssh-5.4p1/sshd_config.0
--- openssh-5.4p1/sshd_config.0.redhat	2010-03-01 14:30:04.000000000 +0100
-+++ openssh-5.4p1/sshd_config.0	2010-03-01 15:14:13.000000000 +0100
-@@ -501,9 +501,9 @@ DESCRIPTION
+diff -up openssh-5.6p1/sshd_config.0.redhat openssh-5.6p1/sshd_config.0
+--- openssh-5.6p1/sshd_config.0.redhat	2010-08-23 05:24:16.000000000 +0200
+++ openssh-5.6p1/sshd_config.0	2010-09-03 15:23:20.000000000 +0200
+@@ -537,9 +537,9 @@ DESCRIPTION
 
      SyslogFacility
              Gives the facility code that is used when logging messages from
 -             sshd(8).  The possible values are: DAEMON, USER, AUTH, LOCAL0,
-             LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The de-
-             fault is AUTH.
+-             LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The
+-             default is AUTH.
 +             sshd(8).  The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
 +             LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
 +             The default is AUTH.
 
      TCPKeepAlive
              Specifies whether the system should send TCP keepalive messages
-diff -up openssh-5.4p1/sshd_config.5.redhat openssh-5.4p1/sshd_config.5
--- openssh-5.4p1/sshd_config.5.redhat	2010-02-26 21:55:06.000000000 +0100
-+++ openssh-5.4p1/sshd_config.5	2010-03-01 15:14:14.000000000 +0100
-@@ -865,7 +865,7 @@ Note that this option applies to protoco
+diff -up openssh-5.6p1/sshd_config.5.redhat openssh-5.6p1/sshd_config.5
+--- openssh-5.6p1/sshd_config.5.redhat	2010-07-02 05:37:17.000000000 +0200
+++ openssh-5.6p1/sshd_config.5	2010-09-03 15:21:17.000000000 +0200
+@@ -919,7 +919,7 @@ Note that this option applies to protoco
 .It Cm SyslogFacility
 Gives the facility code that is used when logging messages from
 .Xr sshd 8 .
@ -44,9 +44,9 @@ diff -up openssh-5.4p1/sshd_config.5.redhat openssh-5.4p1/sshd_config.5
 LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
 The default is AUTH.
 .It Cm TCPKeepAlive
-diff -up openssh-5.4p1/sshd_config.redhat openssh-5.4p1/sshd_config
--- openssh-5.4p1/sshd_config.redhat	2009-10-11 12:51:09.000000000 +0200
-+++ openssh-5.4p1/sshd_config	2010-03-01 15:14:14.000000000 +0100
+diff -up openssh-5.6p1/sshd_config.redhat openssh-5.6p1/sshd_config
+--- openssh-5.6p1/sshd_config.redhat	2009-10-11 12:51:09.000000000 +0200
+++ openssh-5.6p1/sshd_config	2010-09-03 15:21:17.000000000 +0200
@@ -31,6 +31,7 @@
 # Logging
 # obsoletes QuietMode and FascistLogging
--- a/openssh.spec
+++ b/openssh.spec
@ -71,7 +71,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.6p1
-%define openssh_rel 1
+%define openssh_rel 2
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 27

@ -93,7 +93,7 @@ Source3: sshd.init
 Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
 Source5: pam_ssh_agent-rmheaders

-Patch0: openssh-5.4p1-redhat.patch
+Patch0: openssh-5.6p1-redhat.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1640
 Patch4: openssh-5.2p1-vendor.patch
 Patch10: pam_ssh_agent_auth-0.9-build.patch
@ -317,7 +317,7 @@ CFLAGS="$CFLAGS -fpic"
 %endif
 export CFLAGS
 SAVE_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS -pie"; export LDFLAGS
+LDFLAGS="$LDFLAGS -pie -z relro -z now"; export LDFLAGS
 %endif
 %if %{kerberos5}
 if test -r /etc/profile.d/krb5-devel.sh ; then
@ -579,6 +579,10 @@ fi
 %endif

 %changelog
+* Fri Sep  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-1 + 0.9.2-27
+- Rebased to openssh5.6p1
+- Added -z relro -z now to LDFLAGS
+
 * Wed Jul  7 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-18 + 0.9.2-26
 - merged with newer bugzilla's version of authorized keys command patch