Coverity second pass

Reenable akc patch
2011-09-09 21:18:35 +02:00 · 2011-09-09 21:18:35 +02:00 · ea97ffa1ed
commit ea97ffa1ed
parent fc87f2dced
4 changed files with 127 additions and 52 deletions
--- a/openssh-5.9p1-akc.patch
+++ b/openssh-5.9p1-akc.patch
@ -1,6 +1,6 @@
 diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
--- openssh-5.9p1/auth2-pubkey.c.akc	2011-09-09 17:26:31.000000000 +0200
-+++ openssh-5.9p1/auth2-pubkey.c	2011-09-09 17:28:15.000000000 +0200
+--- openssh-5.9p1/auth2-pubkey.c.akc	2011-09-09 19:27:15.369501615 +0200
+++ openssh-5.9p1/auth2-pubkey.c	2011-09-09 19:30:32.958509941 +0200
@@ -27,6 +27,7 @@
 
 #include <sys/types.h>
@ -47,7 +47,7 @@ diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
 	key_free(found);
 	if (!found_key)
 		debug2("key not found");
-@@ -452,13 +439,191 @@ user_cert_trusted_ca(struct passwd *pw, 
+@@ -452,13 +439,191 @@ user_cert_trusted_ca(struct passwd *pw,
 	return ret;
 }
 
@ -242,7 +242,7 @@ diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
 	if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
 diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
 --- openssh-5.9p1/configure.ac.akc	2011-08-18 06:48:24.000000000 +0200
-+++ openssh-5.9p1/configure.ac	2011-09-09 17:26:31.000000000 +0200
+++ openssh-5.9p1/configure.ac	2011-09-09 19:27:17.548440048 +0200
@@ -1421,6 +1421,18 @@ AC_ARG_WITH([audit],
 	esac ]
 )
@ -271,9 +271,9 @@ diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
 echo "                   libedit support: $LIBEDIT_MSG"
 echo "  Solaris process contract support: $SPC_MSG"
 diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
--- openssh-5.9p1/servconf.c.akc	2011-09-09 17:26:30.000000000 +0200
-+++ openssh-5.9p1/servconf.c	2011-09-09 17:26:31.000000000 +0200
-@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions 
+--- openssh-5.9p1/servconf.c.akc	2011-09-09 19:27:03.490455245 +0200
+++ openssh-5.9p1/servconf.c	2011-09-09 19:27:17.666565662 +0200
+@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions
 	options->num_permitted_opens = -1;
 	options->adm_forced_command = NULL;
 	options->chroot_directory = NULL;
@ -344,8 +344,8 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
 	/* string arguments requiring a lookup */
 	dump_cfg_string(sLogLevel, log_level_name(o->log_level));
 diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
--- openssh-5.9p1/servconf.h.akc	2011-09-09 17:26:30.000000000 +0200
-+++ openssh-5.9p1/servconf.h	2011-09-09 17:26:31.000000000 +0200
+--- openssh-5.9p1/servconf.h.akc	2011-09-09 19:27:03.614494286 +0200
+++ openssh-5.9p1/servconf.h	2011-09-09 19:27:18.043502934 +0200
@@ -174,6 +174,8 @@ typedef struct {
 	char   *revoked_keys_file;
 	char   *trusted_user_ca_keys;
@ -355,22 +355,9 @@ diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
 }       ServerOptions;
 
 /*
-diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config
--- openssh-5.9p1/sshd_config.akc	2011-09-09 17:26:30.000000000 +0200
-+++ openssh-5.9p1/sshd_config	2011-09-09 17:26:31.000000000 +0200
-@@ -49,6 +49,9 @@
- # but this is overridden so installations will only check .ssh/authorized_keys
- AuthorizedKeysFile	.ssh/authorized_keys
- 
-+#AuthorizedKeysCommand none
-+#AuthorizedKeysCommandRunAs nobody
-+
- # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
- #RhostsRSAAuthentication no
- # similar for protocol version 2
 diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
 --- openssh-5.9p1/sshd_config.0.akc	2011-09-07 01:16:30.000000000 +0200
-+++ openssh-5.9p1/sshd_config.0	2011-09-09 17:26:31.000000000 +0200
+++ openssh-5.9p1/sshd_config.0	2011-09-09 19:27:18.168626976 +0200
@@ -71,6 +71,23 @@ DESCRIPTION
 
              See PATTERNS in ssh_config(5) for more information on patterns.
@ -406,8 +393,8 @@ diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
              GSSAPIAuthentication, HostbasedAuthentication,
              HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
 diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
--- openssh-5.9p1/sshd_config.5.akc	2011-09-09 17:26:30.000000000 +0200
-+++ openssh-5.9p1/sshd_config.5	2011-09-09 17:26:31.000000000 +0200
+--- openssh-5.9p1/sshd_config.5.akc	2011-09-09 19:27:03.912515059 +0200
+++ openssh-5.9p1/sshd_config.5	2011-09-09 19:27:18.292494317 +0200
@@ -706,6 +706,8 @@ Available keywords are
 .Cm AllowAgentForwarding ,
 .Cm AllowTcpForwarding ,
@ -446,3 +433,16 @@ diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
 .It Cm RhostsRSAAuthentication
 Specifies whether rhosts or /etc/hosts.equiv authentication together
 with successful RSA host authentication is allowed.
+diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config
+--- openssh-5.9p1/sshd_config.akc	2011-09-09 19:27:03.754502770 +0200
+++ openssh-5.9p1/sshd_config	2011-09-09 19:27:18.446471121 +0200
+@@ -49,6 +49,9 @@
+ # but this is overridden so installations will only check .ssh/authorized_keys
+ AuthorizedKeysFile	.ssh/authorized_keys
+ 
+#AuthorizedKeysCommand none
+#AuthorizedKeysCommandRunAs nobody
+
+ # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+ #RhostsRSAAuthentication no
+ # similar for protocol version 2
--- a/openssh-5.9p1-coverity.patch
+++ b/openssh-5.9p1-coverity.patch
@ -1,6 +1,6 @@
 diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
 --- openssh-5.9p1/auth-pam.c.coverity	2009-07-12 14:07:21.000000000 +0200
-+++ openssh-5.9p1/auth-pam.c	2011-09-08 14:13:59.596485750 +0200
+++ openssh-5.9p1/auth-pam.c	2011-09-09 15:13:32.820565436 +0200
@@ -216,7 +216,7 @@ pthread_join(sp_pthread_t thread, void *
 	if (sshpam_thread_status != -1)
 		return (sshpam_thread_status);
@ -12,7 +12,7 @@ diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
 #endif
 diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
 --- openssh-5.9p1/channels.c.coverity	2011-06-23 00:31:57.000000000 +0200
-+++ openssh-5.9p1/channels.c	2011-09-08 14:13:59.724564062 +0200
+++ openssh-5.9p1/channels.c	2011-09-09 15:13:32.911439569 +0200
@@ -229,11 +229,11 @@ channel_register_fds(Channel *c, int rfd
 	channel_max_fd = MAX(channel_max_fd, wfd);
 	channel_max_fd = MAX(channel_max_fd, efd);
@ -45,7 +45,7 @@ diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
 }
 diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
 --- openssh-5.9p1/clientloop.c.coverity	2011-06-23 00:31:58.000000000 +0200
-+++ openssh-5.9p1/clientloop.c	2011-09-08 14:13:59.829450205 +0200
+++ openssh-5.9p1/clientloop.c	2011-09-09 15:13:33.017564323 +0200
@@ -1970,6 +1970,7 @@ client_input_global_request(int type, u_
 	char *rtype;
 	int want_reply;
@ -56,7 +56,7 @@ diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
 	want_reply = packet_get_char();
 diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
 --- openssh-5.9p1/key.c.coverity	2011-05-20 11:03:08.000000000 +0200
-+++ openssh-5.9p1/key.c	2011-09-08 14:13:59.959563856 +0200
+++ openssh-5.9p1/key.c	2011-09-09 15:13:33.145442605 +0200
@@ -803,8 +803,10 @@ key_read(Key *ret, char **cpp)
 		success = 1;
 /*XXXX*/
@ -68,9 +68,45 @@ diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
 		/* advance cp: skip whitespace and data */
 		while (*cp == ' ' || *cp == '\t')
 			cp++;
+diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
+--- openssh-5.9p1/monitor.c.coverity	2011-09-09 17:13:15.937439833 +0200
+++ openssh-5.9p1/monitor.c	2011-09-09 17:15:18.625466696 +0200
+@@ -1161,6 +1161,10 @@ mm_answer_keyallowed(int sock, Buffer *m
+ 			break;
+ 		}
+ 	}
+
+	debug3("%s: key %p is %s",
+	    __func__, key, allowed ? "allowed" : "not allowed");
+
+ 	if (key != NULL)
+ 		key_free(key);
+ 
+@@ -1182,9 +1186,6 @@ mm_answer_keyallowed(int sock, Buffer *m
+ 		xfree(chost);
+ 	}
+ 
+-	debug3("%s: key %p is %s",
+-	    __func__, key, allowed ? "allowed" : "not allowed");
+-
+ 	buffer_clear(m);
+ 	buffer_put_int(m, allowed);
+ 	buffer_put_int(m, forced_command != NULL);
+diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/openbsd-compat/bindresvport.c
+--- openssh-5.9p1/openbsd-compat/bindresvport.c.coverity	2011-09-09 17:29:14.709442881 +0200
+++ openssh-5.9p1/openbsd-compat/bindresvport.c	2011-09-09 17:32:48.770563974 +0200
+@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
+ 	struct sockaddr_in6 *in6;
+ 	u_int16_t *portp;
+ 	u_int16_t port;
+-	socklen_t salen;
+	socklen_t salen = sizeof(struct sockaddr_storage);
+ 	int i;
+ 
+ 	if (sa == NULL) {
 diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
 --- openssh-5.9p1/packet.c.coverity	2011-05-15 00:58:15.000000000 +0200
-+++ openssh-5.9p1/packet.c	2011-09-08 14:14:00.075501777 +0200
+++ openssh-5.9p1/packet.c	2011-09-09 15:13:33.263447887 +0200
@@ -1177,6 +1177,7 @@ packet_read_poll1(void)
 		case DEATTACK_DETECTED:
 			packet_disconnect("crc32 compensation attack: "
@ -90,7 +126,7 @@ diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
 	setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
 diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
 --- openssh-5.9p1/progressmeter.c.coverity	2006-08-05 04:39:40.000000000 +0200
-+++ openssh-5.9p1/progressmeter.c	2011-09-08 14:14:00.186620217 +0200
+++ openssh-5.9p1/progressmeter.c	2011-09-09 15:13:33.382566039 +0200
@@ -65,7 +65,7 @@ static void update_progress_meter(int);
 
 static time_t start;		/* start progress */
@ -111,7 +147,7 @@ diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
 	file = f;
 diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
 --- openssh-5.9p1/progressmeter.h.coverity	2006-03-26 05:30:02.000000000 +0200
-+++ openssh-5.9p1/progressmeter.h	2011-09-08 14:14:00.299626834 +0200
+++ openssh-5.9p1/progressmeter.h	2011-09-09 15:13:33.501438992 +0200
@@ -23,5 +23,5 @@
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
@ -121,7 +157,7 @@ diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
 void	stop_progress_meter(void);
 diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
 --- openssh-5.9p1/scp.c.coverity	2011-01-06 12:41:21.000000000 +0100
-+++ openssh-5.9p1/scp.c	2011-09-08 14:14:00.404502349 +0200
+++ openssh-5.9p1/scp.c	2011-09-09 15:13:33.607564009 +0200
@@ -155,7 +155,7 @@ killchild(int signo)
 {
 	if (do_cmd_pid > 1) {
@ -131,9 +167,21 @@ diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
 	}
 
 	if (signo)
+diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
+--- openssh-5.9p1/servconf.c.coverity	2011-09-09 17:24:09.333561142 +0200
+++ openssh-5.9p1/servconf.c	2011-09-09 17:26:41.488502345 +0200
+@@ -1171,7 +1171,7 @@ process_server_config_line(ServerOptions
+ 			fatal("%s line %d: Missing subsystem name.",
+ 			    filename, linenum);
+ 		if (!*activep) {
+-			arg = strdelim(&cp);
+			/*arg =*/ (void) strdelim(&cp);
+ 			break;
+ 		}
+ 		for (i = 0; i < options->num_subsystems; i++)
 diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
 --- openssh-5.9p1/serverloop.c.coverity	2011-05-20 11:02:50.000000000 +0200
-+++ openssh-5.9p1/serverloop.c	2011-09-08 14:14:00.516501505 +0200
+++ openssh-5.9p1/serverloop.c	2011-09-09 15:13:33.723564433 +0200
@@ -147,13 +147,13 @@ notify_setup(void)
 static void
 notify_parent(void)
@ -245,7 +293,7 @@ diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
 		tun = forced_tun_device;
 diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
 --- openssh-5.9p1/sftp-client.c.coverity	2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp-client.c	2011-09-08 14:14:00.640502358 +0200
+++ openssh-5.9p1/sftp-client.c	2011-09-09 15:13:33.845564522 +0200
@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
 }
 
@ -470,7 +518,7 @@ diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
 	size_t len = strlen(p1) + strlen(p2) + 2;
 diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
 --- openssh-5.9p1/sftp-client.h.coverity	2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp-client.h	2011-09-08 14:14:00.750502818 +0200
+++ openssh-5.9p1/sftp-client.h	2011-09-09 15:13:33.954567073 +0200
@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
 u_int sftp_proto_version(struct sftp_conn *);
 
@ -570,7 +618,16 @@ diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
 #endif
 diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
 --- openssh-5.9p1/sftp.c.coverity	2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp.c	2011-09-08 14:25:08.647440423 +0200
+++ openssh-5.9p1/sftp.c	2011-09-09 15:13:34.086441893 +0200
+@@ -206,7 +206,7 @@ killchild(int signo)
+ {
+ 	if (sshpid > 1) {
+ 		kill(sshpid, SIGTERM);
+-		waitpid(sshpid, NULL, 0);
+		(void) waitpid(sshpid, NULL, 0);
+ 	}
+ 
+ 	_exit(1);
@@ -316,7 +316,7 @@ local_do_ls(const char *args)
 
 /* Strip one path (usually the pwd) from the start of another */
@ -674,9 +731,23 @@ diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
 {
 	struct sftp_statvfs st;
 	char s_used[FMT_SCALED_STRSIZE];
+diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
+--- openssh-5.9p1/ssh-agent.c.coverity	2011-06-03 06:14:16.000000000 +0200
+++ openssh-5.9p1/ssh-agent.c	2011-09-09 15:13:34.203567987 +0200
+@@ -1147,8 +1147,8 @@ main(int ac, char **av)
+ 	sanitise_stdfd();
+ 
+ 	/* drop */
+-	setegid(getgid());
+-	setgid(getgid());
+	(void) setegid(getgid());
+	(void) setgid(getgid());
+ 
+ #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+ 	/* Disable ptrace on Linux without sgid bit */
 diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
 --- openssh-5.9p1/sshd.c.coverity	2011-06-23 11:45:51.000000000 +0200
-+++ openssh-5.9p1/sshd.c	2011-09-08 14:14:01.018565321 +0200
+++ openssh-5.9p1/sshd.c	2011-09-09 15:13:34.317564195 +0200
@@ -1302,6 +1302,9 @@ server_accept_loop(int *sock_in, int *so
 		if (num_listen_socks < 0)
 			break;
--- a/openssh-5.9p1-edns.patch
+++ b/openssh-5.9p1-edns.patch
@ -1,7 +1,7 @@
-diff -up openssh-5.2p1/dns.c.rh205842 openssh-5.2p1/dns.c
--- openssh-5.2p1/dns.c.rh205842	2009-07-27 16:25:28.000000000 +0200
-+++ openssh-5.2p1/dns.c	2009-07-27 16:40:59.000000000 +0200
-@@ -176,6 +176,7 @@ verify_host_key_dns(const char *hostname
+diff -up openssh-5.9p1/dns.c.edns openssh-5.9p1/dns.c
+--- openssh-5.9p1/dns.c.edns	2010-08-31 14:41:14.000000000 +0200
+++ openssh-5.9p1/dns.c	2011-09-09 08:05:27.782440497 +0200
+@@ -177,6 +177,7 @@ verify_host_key_dns(const char *hostname
 {
 	u_int counter;
 	int result;
@ -9,7 +9,7 @@ diff -up openssh-5.2p1/dns.c.rh205842 openssh-5.2p1/dns.c
 	struct rrsetinfo *fingerprints = NULL;
 
 	u_int8_t hostkey_algorithm;
-@@ -199,8 +200,19 @@ verify_host_key_dns(const char *hostname
+@@ -200,8 +201,19 @@ verify_host_key_dns(const char *hostname
 		return -1;
 	}
 
@ -30,9 +30,9 @@ diff -up openssh-5.2p1/dns.c.rh205842 openssh-5.2p1/dns.c
 	if (result) {
 		verbose("DNS lookup error: %s", dns_result_totext(result));
 		return -1;
-diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 openssh-5.2p1/openbsd-compat/getrrsetbyname.c
--- openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842	2009-07-27 16:22:23.000000000 +0200
-+++ openssh-5.2p1/openbsd-compat/getrrsetbyname.c	2009-07-27 16:41:55.000000000 +0200
+diff -up openssh-5.9p1/openbsd-compat/getrrsetbyname.c.edns openssh-5.9p1/openbsd-compat/getrrsetbyname.c
+--- openssh-5.9p1/openbsd-compat/getrrsetbyname.c.edns	2009-07-13 03:38:23.000000000 +0200
+++ openssh-5.9p1/openbsd-compat/getrrsetbyname.c	2011-09-09 15:03:39.930500801 +0200
@@ -209,8 +209,8 @@ getrrsetbyname(const char *hostname, uns
 		goto fail;
 	}
@ -40,7 +40,7 @@ diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 openssh-5.2p1/op
 -	/* don't allow flags yet, unimplemented */
 -	if (flags) {
 +	/* Allow RRSET_FORCE_EDNS0 flag only. */
-+	if ((flags & !RRSET_FORCE_EDNS0) != 0) {
+	if ((flags & ~RRSET_FORCE_EDNS0) != 0) {
 		result = ERRSET_INVAL;
 		goto fail;
 	}
@ -57,9 +57,9 @@ diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 openssh-5.2p1/op
 #endif /* RES_USE_DNSEC */
 
 	/* make query */
-diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.h.rh205842 openssh-5.2p1/openbsd-compat/getrrsetbyname.h
--- openssh-5.2p1/openbsd-compat/getrrsetbyname.h.rh205842	2009-07-27 16:35:02.000000000 +0200
-+++ openssh-5.2p1/openbsd-compat/getrrsetbyname.h	2009-07-27 16:36:09.000000000 +0200
+diff -up openssh-5.9p1/openbsd-compat/getrrsetbyname.h.edns openssh-5.9p1/openbsd-compat/getrrsetbyname.h
+--- openssh-5.9p1/openbsd-compat/getrrsetbyname.h.edns	2007-10-26 08:26:50.000000000 +0200
+++ openssh-5.9p1/openbsd-compat/getrrsetbyname.h	2011-09-09 08:05:27.965438689 +0200
@@ -72,6 +72,9 @@
 #ifndef RRSET_VALIDATED
 # define RRSET_VALIDATED	1
--- a/openssh.spec
+++ b/openssh.spec
@ -79,7 +79,7 @@

 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
 %define openssh_ver 5.9p1
-%define openssh_rel 2
+%define openssh_rel 3
 %define pam_ssh_agent_ver 0.9.2
 %define pam_ssh_agent_rel 32

@ -183,7 +183,7 @@ Patch702: openssh-5.1p1-askpass-progress.patch
 #?
 Patch703: openssh-4.3p2-askpass-grab-info.patch
 #?
-Patch704: openssh-5.2p1-edns.patch
+Patch704: openssh-5.9p1-edns.patch
 #?
 Patch705: openssh-5.1p1-scp-manpage.patch
 #?
@ -785,6 +785,10 @@ fi
 %endif

 %changelog
+* Fri Sep  9 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-3 + 0.9.2-32
+- Coverity second pass
+- Reenable akc patch
+
 * Thu Sep  8 2011 Jan F. Chadima <jchadima@redhat.com> - 5.9p1-2 + 0.9.2-32
 - Coverity first pass