- fix sftp client problems on write error (#247802)

- allow disabling autocreation of server keys (#235466)

openssh-4.3p2-initscript.patch

@@ -1,5 +1,5 @@
---- openssh-4.3p2/contrib/redhat/sshd.init	2002-05-10 04:19:23.000000000 +0200
+--- openssh-4.5p1/contrib/redhat/sshd.init.initscript	2006-04-22 13:26:08.000000000 +0200
-+++ sshd	2006-11-02 14:23:27.000000000 +0100
++++ openssh-4.5p1/contrib/redhat/sshd.init	2007-07-25 18:26:50.000000000 +0200
 @@ -29,6 +29,8 @@
  DSA_KEY=/etc/ssh/ssh_host_dsa_key
  PID_FILE=/var/run/sshd.pid
@@ -9,10 +9,18 @@
  do_rsa1_keygen() {
  	if [ ! -s $RSA1_KEY ]; then
  		echo -n $"Generating SSH1 RSA host key: "
-@@ -93,9 +95,11 @@
+@@ -99,12 +101,16 @@
- 	do_rsa1_keygen
+ start()
- 	do_rsa_keygen
+ {
- 	do_dsa_keygen
+ 	# Create keys if necessary
+-	do_rsa1_keygen
+-	do_rsa_keygen
+-	do_dsa_keygen
++	if [ "x${AUTOCREATE_SERVER_KEYS}" != xNO ]; then
++		do_rsa1_keygen
++		do_rsa_keygen
++		do_dsa_keygen
++	fi
 +	
 +	cp -af /etc/localtime /var/empty/sshd/etc
  
@@ -23,7 +31,7 @@
  	RETVAL=$?
  	[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
  	echo
-@@ -103,17 +107,30 @@
+@@ -112,17 +118,30 @@
  
  stop()
  {

openssh-4.5p1-nss-keys.patch

@@ -711,6 +711,8 @@ diff -urpN openssh-4.5p1/README.nss openssh-4.5p1.nss/README.nss
 +PKCS#11 tokens which are installed in your NSS database.
 +
 +As the code is experimental and preliminary only SSH protocol 2 is supported.
++The NSS certificate and token databases are looked for in the ~/.ssh
++directory or in a directory specified by environment variable NSS_DB_PATH.
 +
 +Common operations:
 +

openssh-4.5p1-sftp-drain-acks.patch

@@ -0,0 +1,70 @@
+diff -up openssh-4.5p1/sftp-client.c.drain-acks openssh-4.5p1/sftp-client.c
+--- openssh-4.5p1/sftp-client.c.drain-acks	2006-10-23 19:03:02.000000000 +0200
++++ openssh-4.5p1/sftp-client.c	2007-08-07 17:46:16.000000000 +0200
+@@ -992,7 +992,8 @@ int
+ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
+     int pflag)
+ {
+-	int local_fd, status;
++	int local_fd;
++	int status = SSH2_FX_OK;
+ 	u_int handle_len, id, type;
+ 	u_int64_t offset;
+ 	char *handle, *data;
+@@ -1074,7 +1075,7 @@ do_upload(struct sftp_conn *conn, char *
+ 		 * Simulate an EOF on interrupt, allowing ACKs from the
+ 		 * server to drain.
+ 		 */
+-		if (interrupted)
++		if (interrupted || status != SSH2_FX_OK)
+ 			len = 0;
+ 		else do
+ 			len = read(local_fd, data, conn->transfer_buflen);
+@@ -1131,17 +1132,6 @@ do_upload(struct sftp_conn *conn, char *
+ 				fatal("Can't find request for ID %u", r_id);
+ 			TAILQ_REMOVE(&acks, ack, tq);
+ 
+-			if (status != SSH2_FX_OK) {
+-				error("Couldn't write to remote file \"%s\": %s",
+-				    remote_path, fx2txt(status));
+-				if (showprogress)
+-					stop_progress_meter();
+-				do_close(conn, handle, handle_len);
+-				close(local_fd);
+-				xfree(data);
+-				xfree(ack);
+-				goto done;
+-			}
+ 			debug3("In write loop, ack for %u %u bytes at %llu",
+ 			    ack->id, ack->len, (unsigned long long)ack->offset);
+ 			++ackid;
+@@ -1153,21 +1143,25 @@ do_upload(struct sftp_conn *conn, char *
+ 		stop_progress_meter();
+ 	xfree(data);
+ 
++	if (status != SSH2_FX_OK) {
++		error("Couldn't write to remote file \"%s\": %s",
++		    remote_path, fx2txt(status));
++		status = -1;
++	}
++
+ 	if (close(local_fd) == -1) {
+ 		error("Couldn't close local file \"%s\": %s", local_path,
+ 		    strerror(errno));
+-		do_close(conn, handle, handle_len);
+ 		status = -1;
+-		goto done;
+ 	}
+ 
+ 	/* Override umask and utimes if asked */
+ 	if (pflag)
+ 		do_fsetstat(conn, handle, handle_len, &a);
+ 
+-	status = do_close(conn, handle, handle_len);
++	if (do_close(conn, handle, handle_len) != SSH2_FX_OK)
++		status = -1;
+ 
+-done:
+ 	xfree(handle);
+ 	buffer_free(&msg);
+ 	return(status);

openssh.spec

@@ -64,7 +64,7 @@
 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
 Name: openssh
 Version: 4.5p1
-Release: 7%{?dist}%{?rescue_rel}
+Release: 8%{?dist}%{?rescue_rel}
 URL: http://www.openssh.com/portable.html
 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
@@ -94,6 +94,7 @@ Patch48: openssh-4.3p2-pam-session.patch
 Patch49: openssh-4.3p2-gssapi-canohost.patch
 Patch50: openssh-4.5p1-mls.patch
 Patch51: openssh-4.5p1-nss-keys.patch
+Patch52: openssh-4.5p1-sftp-drain-acks.patch
 License: BSD
 Group: Applications/Internet
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -226,6 +227,7 @@ an X11 passphrase dialog for OpenSSH.
 %patch49 -p1 -b .canohost
 %patch50 -p1 -b .mls
 %patch51 -p1 -b .nss-keys
+%patch52 -p1 -b .drain-acks
 
 autoreconf
 
@@ -476,6 +478,10 @@ fi
 %endif
 
 %changelog
+* Thu Aug  9 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-8
+- fix sftp client problems on write error (#247802)
+- allow disabling autocreation of server keys (#235466)
+
 * Wed Jun 20 2007 Tomas Mraz <tmraz@redhat.com> - 4.5p1-7
 - experimental NSS keys support
 - correctly setup context when empty level requested (#234951)