rpms/openssh
7
0
Fork 1
Code Issues Pull Requests Releases Activity

- switch to a modified tarball, as we did for OpenSSL, for removing ACSS

Browse Source 
support
This commit is contained in:
Nalin Dahyabhai 2004-09-13 19:39:41 +00:00
parent c82df74ea6
commit deb1e497fe
4 changed files with 37 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.cvsignore
View File

@ -1,2 +1,3 @@
openssh-3.9p1.tar.gz openssh-3.9p1.tar.gz
x11-ssh-askpass-1.2.4.1.tar.gz x11-ssh-askpass-1.2.4.1.tar.gz
openssh-3.9p1-noacss.tar.gz

28
openssh-nukeacss.sh Executable file
View File

@ -0,0 +1,28 @@
#!/bin/sh
#
# Remove the ACSS implementation from OpenSSH, and disable its use so that the
# rest of the package can still be built.
#
> acss.c
patch -sp1 << EOF
--- openssh/cipher.c
+++ openssh/cipher.c
@@ -53,6 +53,7 @@
extern void ssh_rijndael_iv(EVP_CIPHER_CTX *, int, u_char *, u_int);
#endif
+#if 0
#if !defined(EVP_CTRL_SET_ACSS_MODE)
# if (OPENSSL_VERSION_NUMBER >= 0x00907000L)
extern const EVP_CIPHER *evp_acss(void);
@@ -62,6 +63,9 @@
# define EVP_acss NULL /* Don't try to support ACSS on older OpenSSL */
# endif /* (OPENSSL_VERSION_NUMBER >= 0x00906000L) */
#endif /* !defined(EVP_CTRL_SET_ACSS_MODE) */
+#else
+#define EVP_acss NULL
+#endif /* 0 */
extern const EVP_CIPHER *evp_ssh1_bf(void);
extern const EVP_CIPHER *evp_ssh1_3des(void);
EOF

9
openssh.spec
View File

@ -86,8 +86,10 @@ Release: %{rel}rescue
Release: %{rel} Release: %{rel}
%endif %endif
URL: http://www.openssh.com/portable.html URL: http://www.openssh.com/portable.html
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
Source0: openssh-%{version}-noacss.tar.gz
Source1: openssh-nukeacss.sh
Source2: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz Source2: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
Patch0: openssh-3.9p1-redhat.patch Patch0: openssh-3.9p1-redhat.patch
Patch1: openssh-3.6.1p2-groups.patch Patch1: openssh-3.6.1p2-groups.patch
@ -491,6 +493,9 @@ fi
%endif %endif
%changelog %changelog
* Mon Sep 13 2004 Nalin Dahyabhai <nalin@redhat.com>
- disable ACSS support
* Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-5 * Thu Sep 2 2004 Daniel Walsh <dwalsh@redhat.com> 3.9p1-5
- Change selinux patch to use get_default_context_with_role in libselinux. - Change selinux patch to use get_default_context_with_role in libselinux.

2
sources
View File

@ -1,2 +1,2 @@
8e1774d0b52aff08f817f3987442a16e openssh-3.9p1.tar.gz
8f2e41f3f7eaa8543a2440454637f3c3 x11-ssh-askpass-1.2.4.1.tar.gz 8f2e41f3f7eaa8543a2440454637f3c3 x11-ssh-askpass-1.2.4.1.tar.gz
9b010148cd1afbee4ab35ce42d0cf340 openssh-3.9p1-noacss.tar.gz