- upgrade to new upstream release

- fixed a problem with public key authentication and explicitely specified
    SELinux role

.cvsignore

@@ -1 +1 @@
-openssh-5.0p1-noacss.tar.bz2
+openssh-5.1p1-noacss.tar.bz2

openssh-4.5p1-controlcleanup.patch

@@ -1,15 +0,0 @@
---- openssh-4.5p1/ssh.c~	2007-03-24 16:25:18.000000000 +0000
-+++ openssh-4.5p1/ssh.c	2007-03-24 16:31:06.000000000 +0000
-@@ -1347,7 +1347,11 @@
- 		}
- 		if (errno == ENOENT)
- 			debug("Control socket \"%.100s\" does not exist", path);
--		else {
-+		else if (errno == ECONNREFUSED) {
-+			debug("Control socket connect(%.100s): %s", path,
-+			    strerror(errno));
-+			unlink(path);
-+		} else {
- 			error("Control socket connect(%.100s): %s", path,
- 			    strerror(errno));
- 		}

openssh-4.7p1-master-race.patch

@@ -1,85 +0,0 @@
---- openssh-4.7p1/ssh.c.masterrace	2008-03-06 13:55:11.000000000 +0000
-+++ openssh-4.7p1/ssh.c	2008-03-06 13:55:19.000000000 +0000
-@@ -1065,7 +1065,7 @@ client_global_request_reply_fwd(int type
- 	}
- }
- 
--static void
-+static int
- ssh_control_listener(void)
- {
- 	struct sockaddr_un addr;
-@@ -1073,10 +1073,11 @@ ssh_control_listener(void)
- 	int addr_len;
- 
- 	if (options.control_path == NULL ||
--	    options.control_master == SSHCTL_MASTER_NO)
--		return;
-+	    options.control_master == SSHCTL_MASTER_NO ||
-+	    control_fd != -1)
-+		return 1;
- 
--	debug("setting up multiplex master socket");
-+	debug("trying to set up multiplex master socket");
- 
- 	memset(&addr, '\0', sizeof(addr));
- 	addr.sun_family = AF_UNIX;
-@@ -1093,11 +1094,9 @@ ssh_control_listener(void)
- 	old_umask = umask(0177);
- 	if (bind(control_fd, (struct sockaddr *)&addr, addr_len) == -1) {
- 		control_fd = -1;
--		if (errno == EINVAL || errno == EADDRINUSE)
--			fatal("ControlSocket %s already exists",
--			    options.control_path);
--		else
-+		if (errno != EINVAL && errno != EADDRINUSE)
- 			fatal("%s bind(): %s", __func__, strerror(errno));
-+		return 0;
- 	}
- 	umask(old_umask);
- 
-@@ -1105,6 +1104,9 @@ ssh_control_listener(void)
- 		fatal("%s listen(): %s", __func__, strerror(errno));
- 
- 	set_nonblock(control_fd);
-+
-+	debug("control master listening on %s", options.control_path);
-+	return 1;
- }
- 
- /* request pty/x11/agent/tcpfwd/shell for channel */
-@@ -1196,7 +1198,9 @@ ssh_session2(void)
- 	ssh_init_forwarding();
- 
- 	/* Start listening for multiplex clients */
--	ssh_control_listener();
-+	if (!ssh_control_listener())
-+		fatal("control master socket %s already exists",
-+		      options.control_path);
- 
-  	/*
-  	 * If we are the control master, and if control_persist is set,
-@@ -1375,7 +1379,13 @@ control_client(const char *path)
- 	switch (options.control_master) {
- 	case SSHCTL_MASTER_AUTO:
- 	case SSHCTL_MASTER_AUTO_ASK:
--		debug("auto-mux: Trying existing master");
-+		/* see if we can create a control master socket
-+		   to avoid a race between two auto clients */
-+		if (mux_command == SSHMUX_COMMAND_OPEN &&
-+		    ssh_control_listener())
-+			return;
-+		debug("trying to connect to control master socket %s",
-+		    options.control_path);
- 		/* FALLTHROUGH */
- 	case SSHCTL_MASTER_NO:
- 		break;
-@@ -1522,6 +1532,8 @@ control_client(const char *path)
- 	signal(SIGTERM, control_client_sighandler);
- 	signal(SIGWINCH, control_client_sigrelay);
- 
-+	debug("connected to control master; waiting for exit");
-+
- 	if (tty_flag)
- 		enter_raw_mode();
- 

openssh-5.0p1-unbreakalive.patch

@@ -1,20 +0,0 @@
-Index: packet.c
-===================================================================
-RCS file: /cvs/src/usr.bin/ssh/packet.c,v
-retrieving revision 1.152
-diff -u -p packet.c
---- packet.c	8 May 2008 06:59:01 -0000
-+++ packet.c	19 May 2008 04:00:34 -0000
-@@ -1185,9 +1185,10 @@ packet_read_poll_seqnr(u_int32_t *seqnr_
- 	for (;;) {
- 		if (compat20) {
- 			type = packet_read_poll2(seqnr_p);
--			keep_alive_timeouts = 0;
--			if (type)
-+			if (type) {
-+				keep_alive_timeouts = 0;
- 				DBG(debug("received packet type %d", type));
-+			}
- 			switch (type) {
- 			case SSH2_MSG_IGNORE:
- 				debug3("Received SSH2_MSG_IGNORE");

openssh-5.1p1-cloexec.patch

@@ -1,15 +1,15 @@
-diff -up openssh-4.7p1/sshconnect2.c.cloexec openssh-4.7p1/sshconnect2.c
+diff -up openssh-5.1p1/sshconnect2.c.cloexec openssh-5.1p1/sshconnect2.c
---- openssh-4.7p1/sshconnect2.c.cloexec	2008-03-06 15:58:03.000000000 +0100
+--- openssh-5.1p1/sshconnect2.c.cloexec	2008-07-23 15:21:23.000000000 +0200
-+++ openssh-4.7p1/sshconnect2.c	2008-05-21 09:27:06.000000000 +0200
++++ openssh-5.1p1/sshconnect2.c	2008-07-23 15:23:19.000000000 +0200
 @@ -38,6 +38,7 @@
  #include <stdio.h>
  #include <string.h>
  #include <unistd.h>
 +#include <fcntl.h>
- 
+ #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
- #include "openbsd-compat/sys-queue.h"
+ #include <vis.h>
- 
+ #endif
-@@ -1257,6 +1258,7 @@ ssh_keysign(Key *key, u_char **sigp, u_i
+@@ -1267,6 +1268,7 @@ ssh_keysign(Key *key, u_char **sigp, u_i
  		return -1;
  	}
  	if (pid == 0) {
@@ -17,9 +17,9 @@ diff -up openssh-4.7p1/sshconnect2.c.cloexec openssh-4.7p1/sshconnect2.c
  		permanently_drop_suid(getuid());
  		close(from[0]);
  		if (dup2(from[1], STDOUT_FILENO) < 0)
-diff -up openssh-4.7p1/sshconnect.c.cloexec openssh-4.7p1/sshconnect.c
+diff -up openssh-5.1p1/sshconnect.c.cloexec openssh-5.1p1/sshconnect.c
---- openssh-4.7p1/sshconnect.c.cloexec	2006-10-23 19:02:24.000000000 +0200
+--- openssh-5.1p1/sshconnect.c.cloexec	2008-07-02 14:34:30.000000000 +0200
-+++ openssh-4.7p1/sshconnect.c	2008-03-06 15:58:03.000000000 +0100
++++ openssh-5.1p1/sshconnect.c	2008-07-23 15:21:23.000000000 +0200
 @@ -38,6 +38,7 @@
  #include <stdlib.h>
  #include <string.h>
@@ -28,7 +28,7 @@ diff -up openssh-4.7p1/sshconnect.c.cloexec openssh-4.7p1/sshconnect.c
  
  #include "xmalloc.h"
  #include "key.h"
-@@ -189,8 +190,11 @@ ssh_create_socket(int privileged, struct
+@@ -194,8 +195,11 @@ ssh_create_socket(int privileged, struct
  		return sock;
  	}
  	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);

openssh-5.1p1-log-in-chroot.patch

@@ -1,7 +1,7 @@
-diff -up openssh-4.7p1/sshd.c.log-chroot openssh-4.7p1/sshd.c
+diff -up openssh-5.1p1/sshd.c.log-chroot openssh-5.1p1/sshd.c
---- openssh-4.7p1/sshd.c.log-chroot	2007-09-06 17:24:13.000000000 +0200
+--- openssh-5.1p1/sshd.c.log-chroot	2008-07-23 15:18:52.000000000 +0200
-+++ openssh-4.7p1/sshd.c	2007-09-06 17:24:13.000000000 +0200
++++ openssh-5.1p1/sshd.c	2008-07-23 15:18:52.000000000 +0200
-@@ -596,6 +596,10 @@ privsep_preauth_child(void)
+@@ -591,6 +591,10 @@ privsep_preauth_child(void)
  	/* Demote the private keys to public keys. */
  	demote_sensitive_data();
  
@@ -12,9 +12,9 @@ diff -up openssh-4.7p1/sshd.c.log-chroot openssh-4.7p1/sshd.c
  	/* Change our root directory */
  	if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
  		fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
-diff -up openssh-4.7p1/log.c.log-chroot openssh-4.7p1/log.c
+diff -up openssh-5.1p1/log.c.log-chroot openssh-5.1p1/log.c
---- openssh-4.7p1/log.c.log-chroot	2007-05-20 07:08:16.000000000 +0200
+--- openssh-5.1p1/log.c.log-chroot	2008-06-10 15:01:51.000000000 +0200
-+++ openssh-4.7p1/log.c	2007-09-06 17:29:34.000000000 +0200
++++ openssh-5.1p1/log.c	2008-07-23 15:18:52.000000000 +0200
 @@ -56,6 +56,7 @@ static LogLevel log_level = SYSLOG_LEVEL
  static int log_on_stderr = 1;
  static int log_facility = LOG_AUTH;
@@ -23,7 +23,7 @@ diff -up openssh-4.7p1/log.c.log-chroot openssh-4.7p1/log.c
  
  extern char *__progname;
  
-@@ -370,10 +371,21 @@ do_log(LogLevel level, const char *fmt, 
+@@ -392,10 +393,21 @@ do_log(LogLevel level, const char *fmt, 
  		syslog_r(pri, &sdata, "%.500s", fmtbuf);
  		closelog_r(&sdata);
  #else
@@ -45,13 +45,13 @@ diff -up openssh-4.7p1/log.c.log-chroot openssh-4.7p1/log.c
 +	openlog(argv0 ? argv0 : __progname, LOG_PID|LOG_NDELAY, log_facility);
 +	log_fd_keep = 1;
 +}
-diff -up openssh-4.7p1/log.h.log-chroot openssh-4.7p1/log.h
+diff -up openssh-5.1p1/log.h.log-chroot openssh-5.1p1/log.h
---- openssh-4.7p1/log.h.log-chroot	2006-08-18 16:32:21.000000000 +0200
+--- openssh-5.1p1/log.h.log-chroot	2008-06-13 02:22:54.000000000 +0200
-+++ openssh-4.7p1/log.h	2007-09-06 17:24:13.000000000 +0200
++++ openssh-5.1p1/log.h	2008-07-23 15:20:11.000000000 +0200
-@@ -62,4 +62,6 @@ void     debug3(const char *, ...) __att
+@@ -66,4 +66,6 @@ void     debug3(const char *, ...) __att
  
  void	 do_log(LogLevel, const char *, va_list);
- void	 cleanup_exit(int) __dead;
+ void	 cleanup_exit(int) __attribute__((noreturn));
 +
 +void     open_log(void);
  #endif

openssh-5.1p1-redhat.patch

@@ -1,6 +1,6 @@
-diff -up openssh-4.7p1/sshd_config.redhat openssh-4.7p1/sshd_config
+diff -up openssh-5.1p1/sshd_config.redhat openssh-5.1p1/sshd_config
---- openssh-4.7p1/sshd_config.redhat	2007-03-21 10:42:25.000000000 +0100
+--- openssh-5.1p1/sshd_config.redhat	2008-07-02 14:35:43.000000000 +0200
-+++ openssh-4.7p1/sshd_config	2007-09-06 16:23:58.000000000 +0200
++++ openssh-5.1p1/sshd_config	2008-07-23 14:11:12.000000000 +0200
 @@ -33,6 +33,7 @@ Protocol 2
  # Logging
  # obsoletes QuietMode and FascistLogging
@@ -9,7 +9,7 @@ diff -up openssh-4.7p1/sshd_config.redhat openssh-4.7p1/sshd_config
  #LogLevel INFO
  
  # Authentication:
-@@ -59,9 +60,11 @@ Protocol 2
+@@ -60,9 +61,11 @@ Protocol 2
  # To disable tunneled clear text passwords, change to no here!
  #PasswordAuthentication yes
  #PermitEmptyPasswords no
@@ -21,7 +21,7 @@ diff -up openssh-4.7p1/sshd_config.redhat openssh-4.7p1/sshd_config
  
  # Kerberos options
  #KerberosAuthentication no
-@@ -71,7 +74,9 @@ Protocol 2
+@@ -72,7 +75,9 @@ Protocol 2
  
  # GSSAPI options
  #GSSAPIAuthentication no
@@ -31,16 +31,18 @@ diff -up openssh-4.7p1/sshd_config.redhat openssh-4.7p1/sshd_config
  
  # Set this to 'yes' to enable PAM authentication, account processing, 
  # and session processing. If this is enabled, PAM authentication will 
-@@ -83,10 +88,16 @@ Protocol 2
+@@ -84,11 +89,18 @@ Protocol 2
  # PAM authentication, then enable this but set PasswordAuthentication
  # and ChallengeResponseAuthentication to 'no'.
  #UsePAM no
 +UsePAM yes
++
++# Accept locale-related environment variables 
++AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES  
++AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT  
++AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE 
  
-+# Accept locale-related environment variables
+ #AllowAgentForwarding yes
-+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
-+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
-+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
  #AllowTcpForwarding yes
  #GatewayPorts no
  #X11Forwarding no
@@ -48,9 +50,9 @@ diff -up openssh-4.7p1/sshd_config.redhat openssh-4.7p1/sshd_config
  #X11DisplayOffset 10
  #X11UseLocalhost yes
  #PrintMotd yes
-diff -up openssh-4.7p1/ssh_config.redhat openssh-4.7p1/ssh_config
+diff -up openssh-5.1p1/ssh_config.redhat openssh-5.1p1/ssh_config
---- openssh-4.7p1/ssh_config.redhat	2007-06-11 06:04:42.000000000 +0200
+--- openssh-5.1p1/ssh_config.redhat	2007-06-11 06:04:42.000000000 +0200
-+++ openssh-4.7p1/ssh_config	2007-09-06 16:21:49.000000000 +0200
++++ openssh-5.1p1/ssh_config	2008-07-23 14:07:29.000000000 +0200
 @@ -43,3 +43,13 @@
  #   Tunnel no
  #   TunnelDevice any:any
@@ -65,10 +67,10 @@ diff -up openssh-4.7p1/ssh_config.redhat openssh-4.7p1/ssh_config
 +	SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
 +	SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
 +	SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
-diff -up openssh-4.7p1/sshd_config.0.redhat openssh-4.7p1/sshd_config.0
+diff -up openssh-5.1p1/sshd_config.0.redhat openssh-5.1p1/sshd_config.0
---- openssh-4.7p1/sshd_config.0.redhat	2007-09-04 08:50:11.000000000 +0200
+--- openssh-5.1p1/sshd_config.0.redhat	2008-07-21 10:30:51.000000000 +0200
-+++ openssh-4.7p1/sshd_config.0	2007-09-06 16:21:49.000000000 +0200
++++ openssh-5.1p1/sshd_config.0	2008-07-23 14:07:29.000000000 +0200
-@@ -435,9 +435,9 @@ DESCRIPTION
+@@ -490,9 +490,9 @@ DESCRIPTION
  
       SyslogFacility
               Gives the facility code that is used when logging messages from
@@ -81,10 +83,10 @@ diff -up openssh-4.7p1/sshd_config.0.redhat openssh-4.7p1/sshd_config.0
  
       TCPKeepAlive
               Specifies whether the system should send TCP keepalive messages
-diff -up openssh-4.7p1/sshd_config.5.redhat openssh-4.7p1/sshd_config.5
+diff -up openssh-5.1p1/sshd_config.5.redhat openssh-5.1p1/sshd_config.5
---- openssh-4.7p1/sshd_config.5.redhat	2007-06-11 06:07:13.000000000 +0200
+--- openssh-5.1p1/sshd_config.5.redhat	2008-07-02 14:35:43.000000000 +0200
-+++ openssh-4.7p1/sshd_config.5	2007-09-06 16:21:49.000000000 +0200
++++ openssh-5.1p1/sshd_config.5	2008-07-23 14:07:29.000000000 +0200
-@@ -748,7 +748,7 @@ Note that this option applies to protoco
+@@ -846,7 +846,7 @@ Note that this option applies to protoco
  .It Cm SyslogFacility
  Gives the facility code that is used when logging messages from
  .Xr sshd 8 .

openssh-5.1p1-selinux.patch

@@ -1,7 +1,7 @@
-diff -up openssh-4.7p1/configure.ac.selinux openssh-4.7p1/configure.ac
+diff -up openssh-5.1p1/configure.ac.selinux openssh-5.1p1/configure.ac
---- openssh-4.7p1/configure.ac.selinux	2007-09-06 19:46:32.000000000 +0200
+--- openssh-5.1p1/configure.ac.selinux	2008-07-23 16:32:13.000000000 +0200
-+++ openssh-4.7p1/configure.ac	2007-09-06 19:52:23.000000000 +0200
++++ openssh-5.1p1/configure.ac	2008-07-23 16:32:13.000000000 +0200
-@@ -3211,6 +3211,7 @@ AC_ARG_WITH(selinux,
+@@ -3309,6 +3309,7 @@ AC_ARG_WITH(selinux,
  		AC_CHECK_LIB(selinux, setexeccon, [ LIBSELINUX="-lselinux" ],
  		    AC_MSG_ERROR(SELinux support requires libselinux library))
  		SSHDLIBS="$SSHDLIBS $LIBSELINUX"
@@ -9,10 +9,10 @@ diff -up openssh-4.7p1/configure.ac.selinux openssh-4.7p1/configure.ac
  		AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
  		LIBS="$save_LIBS"
  	fi ]
-diff -up openssh-4.7p1/auth1.c.selinux openssh-4.7p1/auth1.c
+diff -up openssh-5.1p1/auth1.c.selinux openssh-5.1p1/auth1.c
---- openssh-4.7p1/auth1.c.selinux	2007-09-06 19:46:32.000000000 +0200
+--- openssh-5.1p1/auth1.c.selinux	2008-07-23 16:32:13.000000000 +0200
-+++ openssh-4.7p1/auth1.c	2007-09-06 19:46:32.000000000 +0200
++++ openssh-5.1p1/auth1.c	2008-07-23 16:32:13.000000000 +0200
-@@ -388,7 +388,7 @@ void
+@@ -391,7 +391,7 @@ void
  do_authentication(Authctxt *authctxt)
  {
  	u_int ulen;
@@ -21,7 +21,7 @@ diff -up openssh-4.7p1/auth1.c.selinux openssh-4.7p1/auth1.c
  
  	/* Get the name of the user that we wish to log in as. */
  	packet_read_expect(SSH_CMSG_USER);
-@@ -397,11 +397,19 @@ do_authentication(Authctxt *authctxt)
+@@ -400,11 +400,19 @@ do_authentication(Authctxt *authctxt)
  	user = packet_get_string(&ulen);
  	packet_check_eom();
  
@@ -41,9 +41,28 @@ diff -up openssh-4.7p1/auth1.c.selinux openssh-4.7p1/auth1.c
  
  	/* Verify that the user is a valid user. */
  	if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL)
-diff -up openssh-4.7p1/monitor_wrap.h.selinux openssh-4.7p1/monitor_wrap.h
+diff -up openssh-5.1p1/auth2-pubkey.c.selinux openssh-5.1p1/auth2-pubkey.c
---- openssh-4.7p1/monitor_wrap.h.selinux	2006-08-05 04:39:40.000000000 +0200
+--- openssh-5.1p1/auth2-pubkey.c.selinux	2008-07-04 04:54:25.000000000 +0200
-+++ openssh-4.7p1/monitor_wrap.h	2007-09-06 19:46:32.000000000 +0200
++++ openssh-5.1p1/auth2-pubkey.c	2008-07-23 16:32:13.000000000 +0200
+@@ -117,7 +117,14 @@ userauth_pubkey(Authctxt *authctxt)
+ 		}
+ 		/* reconstruct packet */
+ 		buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+-		buffer_put_cstring(&b, authctxt->user);
++		if (authctxt->role) {
++			buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1);
++			buffer_append(&b, authctxt->user, strlen(authctxt->user));
++			buffer_put_char(&b, '/');
++			buffer_append(&b, authctxt->role, strlen(authctxt->role));
++		} else {
++			buffer_put_cstring(&b, authctxt->user);
++		}
+ 		buffer_put_cstring(&b,
+ 		    datafellows & SSH_BUG_PKSERVICE ?
+ 		    "ssh-userauth" :
+diff -up openssh-5.1p1/monitor_wrap.h.selinux openssh-5.1p1/monitor_wrap.h
+--- openssh-5.1p1/monitor_wrap.h.selinux	2006-08-05 04:39:40.000000000 +0200
++++ openssh-5.1p1/monitor_wrap.h	2008-07-23 16:32:13.000000000 +0200
 @@ -41,6 +41,7 @@ int mm_is_monitor(void);
  DH *mm_choose_dh(int, int, int);
  int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int);
@@ -52,9 +71,9 @@ diff -up openssh-4.7p1/monitor_wrap.h.selinux openssh-4.7p1/monitor_wrap.h
  struct passwd *mm_getpwnamallow(const char *);
  char *mm_auth2_read_banner(void);
  int mm_auth_password(struct Authctxt *, char *);
-diff -up openssh-4.7p1/monitor.h.selinux openssh-4.7p1/monitor.h
+diff -up openssh-5.1p1/monitor.h.selinux openssh-5.1p1/monitor.h
---- openssh-4.7p1/monitor.h.selinux	2006-03-26 05:30:02.000000000 +0200
+--- openssh-5.1p1/monitor.h.selinux	2006-03-26 05:30:02.000000000 +0200
-+++ openssh-4.7p1/monitor.h	2007-09-06 19:46:32.000000000 +0200
++++ openssh-5.1p1/monitor.h	2008-07-23 16:32:13.000000000 +0200
 @@ -30,7 +30,7 @@
  
  enum monitor_reqtype {
@@ -64,10 +83,29 @@ diff -up openssh-4.7p1/monitor.h.selinux openssh-4.7p1/monitor.h
  	MONITOR_REQ_SIGN, MONITOR_ANS_SIGN,
  	MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM,
  	MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER,
-diff -up openssh-4.7p1/monitor_wrap.c.selinux openssh-4.7p1/monitor_wrap.c
+diff -up openssh-5.1p1/auth2-hostbased.c.selinux openssh-5.1p1/auth2-hostbased.c
---- openssh-4.7p1/monitor_wrap.c.selinux	2007-06-11 06:01:42.000000000 +0200
+--- openssh-5.1p1/auth2-hostbased.c.selinux	2008-07-17 10:57:19.000000000 +0200
-+++ openssh-4.7p1/monitor_wrap.c	2007-09-06 19:46:32.000000000 +0200
++++ openssh-5.1p1/auth2-hostbased.c	2008-07-23 16:32:13.000000000 +0200
-@@ -294,6 +294,23 @@ mm_inform_authserv(char *service, char *
+@@ -106,7 +106,14 @@ userauth_hostbased(Authctxt *authctxt)
+ 	buffer_put_string(&b, session_id2, session_id2_len);
+ 	/* reconstruct packet */
+ 	buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST);
+-	buffer_put_cstring(&b, authctxt->user);
++	if (authctxt->role) {
++		buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1);
++		buffer_append(&b, authctxt->user, strlen(authctxt->user));
++		buffer_put_char(&b, '/');
++		buffer_append(&b, authctxt->role, strlen(authctxt->role));
++	} else {
++		buffer_put_cstring(&b, authctxt->user);
++	}
+ 	buffer_put_cstring(&b, service);
+ 	buffer_put_cstring(&b, "hostbased");
+ 	buffer_put_string(&b, pkalg, alen);
+diff -up openssh-5.1p1/monitor_wrap.c.selinux openssh-5.1p1/monitor_wrap.c
+--- openssh-5.1p1/monitor_wrap.c.selinux	2008-07-11 09:36:48.000000000 +0200
++++ openssh-5.1p1/monitor_wrap.c	2008-07-23 16:32:13.000000000 +0200
+@@ -296,6 +296,23 @@ mm_inform_authserv(char *service, char *
  	buffer_free(&m);
  }
  
@@ -91,9 +129,9 @@ diff -up openssh-4.7p1/monitor_wrap.c.selinux openssh-4.7p1/monitor_wrap.c
  /* Do the password authentication */
  int
  mm_auth_password(Authctxt *authctxt, char *password)
-diff -up openssh-4.7p1/openbsd-compat/port-linux.c.selinux openssh-4.7p1/openbsd-compat/port-linux.c
+diff -up openssh-5.1p1/openbsd-compat/port-linux.c.selinux openssh-5.1p1/openbsd-compat/port-linux.c
---- openssh-4.7p1/openbsd-compat/port-linux.c.selinux	2007-06-28 00:48:03.000000000 +0200
+--- openssh-5.1p1/openbsd-compat/port-linux.c.selinux	2008-03-26 21:27:21.000000000 +0100
-+++ openssh-4.7p1/openbsd-compat/port-linux.c	2007-09-06 19:46:32.000000000 +0200
++++ openssh-5.1p1/openbsd-compat/port-linux.c	2008-07-23 16:32:13.000000000 +0200
 @@ -30,11 +30,16 @@
  #ifdef WITH_SELINUX
  #include "log.h"
@@ -109,7 +147,7 @@ diff -up openssh-4.7p1/openbsd-compat/port-linux.c.selinux openssh-4.7p1/openbsd
 +extern Authctxt *the_authctxt;
 +
  /* Wrapper around is_selinux_enabled() to log its return value once only */
- static int
+ int
  ssh_selinux_enabled(void)
 @@ -53,23 +58,36 @@ ssh_selinux_enabled(void)
  static security_context_t
@@ -155,9 +193,9 @@ diff -up openssh-4.7p1/openbsd-compat/port-linux.c.selinux openssh-4.7p1/openbsd
  
  	if (r != 0) {
  		switch (security_getenforce()) {
-diff -up openssh-4.7p1/auth.h.selinux openssh-4.7p1/auth.h
+diff -up openssh-5.1p1/auth.h.selinux openssh-5.1p1/auth.h
---- openssh-4.7p1/auth.h.selinux	2006-08-18 16:32:46.000000000 +0200
+--- openssh-5.1p1/auth.h.selinux	2008-07-02 14:37:30.000000000 +0200
-+++ openssh-4.7p1/auth.h	2007-09-06 19:46:32.000000000 +0200
++++ openssh-5.1p1/auth.h	2008-07-23 16:32:13.000000000 +0200
 @@ -58,6 +58,7 @@ struct Authctxt {
  	char		*service;
  	struct passwd	*pw;		/* set if 'valid' */
@@ -166,10 +204,10 @@ diff -up openssh-4.7p1/auth.h.selinux openssh-4.7p1/auth.h
  	void		*kbdintctxt;
  #ifdef BSD_AUTH
  	auth_session_t	*as;
-diff -up openssh-4.7p1/auth2.c.selinux openssh-4.7p1/auth2.c
+diff -up openssh-5.1p1/auth2.c.selinux openssh-5.1p1/auth2.c
---- openssh-4.7p1/auth2.c.selinux	2007-05-20 06:58:41.000000000 +0200
+--- openssh-5.1p1/auth2.c.selinux	2008-07-05 01:44:53.000000000 +0200
-+++ openssh-4.7p1/auth2.c	2007-09-06 19:46:32.000000000 +0200
++++ openssh-5.1p1/auth2.c	2008-07-23 16:32:13.000000000 +0200
-@@ -141,7 +141,7 @@ input_userauth_request(int type, u_int32
+@@ -209,7 +209,7 @@ input_userauth_request(int type, u_int32
  {
  	Authctxt *authctxt = ctxt;
  	Authmethod *m = NULL;
@@ -178,7 +216,7 @@ diff -up openssh-4.7p1/auth2.c.selinux openssh-4.7p1/auth2.c
  	int authenticated = 0;
  
  	if (authctxt == NULL)
-@@ -153,6 +153,9 @@ input_userauth_request(int type, u_int32
+@@ -221,6 +221,9 @@ input_userauth_request(int type, u_int32
  	debug("userauth-request for user %s service %s method %s", user, service, method);
  	debug("attempt %d failures %d", authctxt->attempt, authctxt->failures);
  
@@ -188,7 +226,7 @@ diff -up openssh-4.7p1/auth2.c.selinux openssh-4.7p1/auth2.c
  	if ((style = strchr(user, ':')) != NULL)
  		*style++ = 0;
  
-@@ -178,8 +181,11 @@ input_userauth_request(int type, u_int32
+@@ -246,8 +249,11 @@ input_userauth_request(int type, u_int32
  		    use_privsep ? " [net]" : "");
  		authctxt->service = xstrdup(service);
  		authctxt->style = style ? xstrdup(style) : NULL;
@@ -198,13 +236,13 @@ diff -up openssh-4.7p1/auth2.c.selinux openssh-4.7p1/auth2.c
  			mm_inform_authserv(service, style);
 +			mm_inform_authrole(role);
 +		}
+ 		userauth_banner();
  	} else if (strcmp(user, authctxt->user) != 0 ||
  	    strcmp(service, authctxt->service) != 0) {
- 		packet_disconnect("Change of username or service not allowed: "
+diff -up openssh-5.1p1/monitor.c.selinux openssh-5.1p1/monitor.c
-diff -up openssh-4.7p1/monitor.c.selinux openssh-4.7p1/monitor.c
+--- openssh-5.1p1/monitor.c.selinux	2008-07-11 09:36:48.000000000 +0200
---- openssh-4.7p1/monitor.c.selinux	2007-05-20 07:10:16.000000000 +0200
++++ openssh-5.1p1/monitor.c	2008-07-23 16:36:10.000000000 +0200
-+++ openssh-4.7p1/monitor.c	2007-09-06 19:46:32.000000000 +0200
+@@ -134,6 +134,7 @@ int mm_answer_sign(int, Buffer *);
-@@ -133,6 +133,7 @@ int mm_answer_sign(int, Buffer *);
  int mm_answer_pwnamallow(int, Buffer *);
  int mm_answer_auth2_read_banner(int, Buffer *);
  int mm_answer_authserv(int, Buffer *);
@@ -212,7 +250,7 @@ diff -up openssh-4.7p1/monitor.c.selinux openssh-4.7p1/monitor.c
  int mm_answer_authpassword(int, Buffer *);
  int mm_answer_bsdauthquery(int, Buffer *);
  int mm_answer_bsdauthrespond(int, Buffer *);
-@@ -204,6 +205,7 @@ struct mon_table mon_dispatch_proto20[] 
+@@ -205,6 +206,7 @@ struct mon_table mon_dispatch_proto20[] 
      {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign},
      {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow},
      {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv},
@@ -220,7 +258,7 @@ diff -up openssh-4.7p1/monitor.c.selinux openssh-4.7p1/monitor.c
      {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
      {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
  #ifdef USE_PAM
-@@ -657,6 +659,7 @@ mm_answer_pwnamallow(int sock, Buffer *m
+@@ -658,6 +660,7 @@ mm_answer_pwnamallow(int sock, Buffer *m
  	else {
  		/* Allow service/style information on the auth context */
  		monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -228,7 +266,7 @@ diff -up openssh-4.7p1/monitor.c.selinux openssh-4.7p1/monitor.c
  		monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
  	}
  
-@@ -702,6 +705,23 @@ mm_answer_authserv(int sock, Buffer *m)
+@@ -703,6 +706,23 @@ mm_answer_authserv(int sock, Buffer *m)
  }
  
  int
@@ -252,3 +290,39 @@ diff -up openssh-4.7p1/monitor.c.selinux openssh-4.7p1/monitor.c
  mm_answer_authpassword(int sock, Buffer *m)
  {
  	static int call_count;
+@@ -1080,7 +1100,7 @@ static int
+ monitor_valid_userblob(u_char *data, u_int datalen)
+ {
+ 	Buffer b;
+-	char *p;
++	char *p, *r;
+ 	u_int len;
+ 	int fail = 0;
+ 
+@@ -1106,6 +1126,8 @@ monitor_valid_userblob(u_char *data, u_i
+ 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
+ 		fail++;
+ 	p = buffer_get_string(&b, NULL);
++	if ((r = strchr(p, '/')) != NULL)
++		*r = '\0';
+ 	if (strcmp(authctxt->user, p) != 0) {
+ 		logit("wrong user name passed to monitor: expected %s != %.100s",
+ 		    authctxt->user, p);
+@@ -1137,7 +1159,7 @@ monitor_valid_hostbasedblob(u_char *data
+     char *chost)
+ {
+ 	Buffer b;
+-	char *p;
++	char *p, *r;
+ 	u_int len;
+ 	int fail = 0;
+ 
+@@ -1154,6 +1176,8 @@ monitor_valid_hostbasedblob(u_char *data
+ 	if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST)
+ 		fail++;
+ 	p = buffer_get_string(&b, NULL);
++	if ((r = strchr(p, '/')) != NULL)
++		*r = '\0';
+ 	if (strcmp(authctxt->user, p) != 0) {
+ 		logit("wrong user name passed to monitor: expected %s != %.100s",
+ 		    authctxt->user, p);

openssh-5.1p1-vendor.patch

@@ -1,7 +1,7 @@
-diff -up openssh-4.7p1/configure.ac.vendor openssh-4.7p1/configure.ac
+diff -up openssh-5.1p1/configure.ac.vendor openssh-5.1p1/configure.ac
---- openssh-4.7p1/configure.ac.vendor	2007-09-06 16:27:47.000000000 +0200
+--- openssh-5.1p1/configure.ac.vendor	2008-07-23 14:13:22.000000000 +0200
-+++ openssh-4.7p1/configure.ac	2007-09-06 16:27:47.000000000 +0200
++++ openssh-5.1p1/configure.ac	2008-07-23 14:13:22.000000000 +0200
-@@ -3792,6 +3792,12 @@ AC_ARG_WITH(lastlog,
+@@ -3890,6 +3890,12 @@ AC_ARG_WITH(lastlog,
  		fi
  	]
  )
@@ -14,7 +14,7 @@ diff -up openssh-4.7p1/configure.ac.vendor openssh-4.7p1/configure.ac
  
  dnl lastlog, [uw]tmpx? detection
  dnl  NOTE: set the paths in the platform section to avoid the
-@@ -4041,6 +4047,7 @@ echo "       IP address in \$DISPLAY hac
+@@ -4146,6 +4152,7 @@ echo "       IP address in \$DISPLAY hac
  echo "           Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
  echo "                  BSD Auth support: $BSD_AUTH_MSG"
  echo "              Random number source: $RAND_MSG"
@@ -22,47 +22,47 @@ diff -up openssh-4.7p1/configure.ac.vendor openssh-4.7p1/configure.ac
  if test ! -z "$USE_RAND_HELPER" ; then
  echo "     ssh-rand-helper collects from: $RAND_HELPER_MSG"
  fi
-diff -up openssh-4.7p1/sshd_config.5.vendor openssh-4.7p1/sshd_config.5
+diff -up openssh-5.1p1/sshd_config.5.vendor openssh-5.1p1/sshd_config.5
---- openssh-4.7p1/sshd_config.5.vendor	2007-09-06 16:27:47.000000000 +0200
+--- openssh-5.1p1/sshd_config.5.vendor	2008-07-23 14:13:22.000000000 +0200
-+++ openssh-4.7p1/sshd_config.5	2007-09-06 16:27:47.000000000 +0200
++++ openssh-5.1p1/sshd_config.5	2008-07-23 14:19:23.000000000 +0200
-@@ -725,6 +725,14 @@ This option applies to protocol version 
+@@ -812,6 +812,14 @@ This option applies to protocol version 
  .It Cm ServerKeyBits
  Defines the number of bits in the ephemeral protocol version 1 server key.
- The minimum value is 512, and the default is 768.
+ The minimum value is 512, and the default is 1024.
-+.It Cm ShowPatchLevel
++.It Cm ShowPatchLevel 
-+Specifies whether
++Specifies whether 
-+.Nm sshd
++.Nm sshd 
-+will display the patch level of the binary in the identification string.
++will display the patch level of the binary in the identification string. 
-+The patch level is set at compile-time.
++The patch level is set at compile-time. 
-+The default is
++The default is 
-+.Dq no .
++.Dq no . 
-+This option applies to protocol version 1 only.
++This option applies to protocol version 1 only. 
  .It Cm StrictModes
  Specifies whether
  .Xr sshd 8
-diff -up openssh-4.7p1/servconf.h.vendor openssh-4.7p1/servconf.h
+diff -up openssh-5.1p1/servconf.h.vendor openssh-5.1p1/servconf.h
---- openssh-4.7p1/servconf.h.vendor	2007-02-19 12:25:38.000000000 +0100
+--- openssh-5.1p1/servconf.h.vendor	2008-06-10 15:01:51.000000000 +0200
-+++ openssh-4.7p1/servconf.h	2007-09-06 16:27:47.000000000 +0200
++++ openssh-5.1p1/servconf.h	2008-07-23 14:13:22.000000000 +0200
-@@ -120,6 +120,7 @@ typedef struct {
+@@ -126,6 +126,7 @@ typedef struct {
- 	int	max_startups;
  	int	max_authtries;
+ 	int	max_sessions;
  	char   *banner;			/* SSH-2 banner message */
 +	int	show_patchlevel;	/* Show vendor patch level to clients */
  	int	use_dns;
  	int	client_alive_interval;	/*
  					 * poke the client this often to
-diff -up openssh-4.7p1/servconf.c.vendor openssh-4.7p1/servconf.c
+diff -up openssh-5.1p1/servconf.c.vendor openssh-5.1p1/servconf.c
---- openssh-4.7p1/servconf.c.vendor	2007-05-20 07:03:16.000000000 +0200
+--- openssh-5.1p1/servconf.c.vendor	2008-07-04 05:51:12.000000000 +0200
-+++ openssh-4.7p1/servconf.c	2007-09-06 16:29:11.000000000 +0200
++++ openssh-5.1p1/servconf.c	2008-07-23 14:32:27.000000000 +0200
-@@ -113,6 +113,7 @@ initialize_server_options(ServerOptions 
+@@ -117,6 +117,7 @@ initialize_server_options(ServerOptions 
- 	options->max_startups = -1;
  	options->max_authtries = -1;
+ 	options->max_sessions = -1;
  	options->banner = NULL;
 +	options->show_patchlevel = -1;
  	options->use_dns = -1;
  	options->client_alive_interval = -1;
  	options->client_alive_count_max = -1;
-@@ -250,6 +251,9 @@ fill_default_server_options(ServerOption
+@@ -259,6 +260,9 @@ fill_default_server_options(ServerOption
  	if (options->permit_tun == -1)
  		options->permit_tun = SSH_TUNMODE_NO;
  
@@ -72,23 +72,24 @@ diff -up openssh-4.7p1/servconf.c.vendor openssh-4.7p1/servconf.c
  	/* Turn privilege separation on by default */
  	if (use_privsep == -1)
  		use_privsep = 1;
-@@ -293,6 +297,7 @@ typedef enum {
+@@ -296,7 +300,7 @@ typedef enum {
+ 	sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
+ 	sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem,
+ 	sMaxStartups, sMaxAuthTries, sMaxSessions,
+-	sBanner, sUseDNS, sHostbasedAuthentication,
++	sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,
+ 	sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
+ 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
  	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
- 	sMatch, sPermitOpen, sForceCommand,
+@@ -401,6 +405,7 @@ static struct {
- 	sUsePrivilegeSeparation,
+ 	{ "maxauthtries", sMaxAuthTries, SSHCFG_ALL },
-+	sShowPatchLevel,
+ 	{ "maxsessions", sMaxSessions, SSHCFG_ALL },
- 	sDeprecated, sUnsupported
- } ServerOpCodes;
- 
-@@ -390,6 +395,7 @@ static struct {
- 	{ "maxstartups", sMaxStartups, SSHCFG_GLOBAL },
- 	{ "maxauthtries", sMaxAuthTries, SSHCFG_GLOBAL },
  	{ "banner", sBanner, SSHCFG_ALL },
 +	{ "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL },
  	{ "usedns", sUseDNS, SSHCFG_GLOBAL },
  	{ "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL },
  	{ "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL },
-@@ -1005,6 +1011,10 @@ parse_flag:
+@@ -1020,6 +1025,10 @@ process_server_config_line(ServerOptions
  		intptr = &use_privsep;
  		goto parse_flag;
  
@@ -99,12 +100,20 @@ diff -up openssh-4.7p1/servconf.c.vendor openssh-4.7p1/servconf.c
  	case sAllowUsers:
  		while ((arg = strdelim(&cp)) && *arg != '\0') {
  			if (options->num_allow_users >= MAX_ALLOW_USERS)
-diff -up openssh-4.7p1/sshd_config.0.vendor openssh-4.7p1/sshd_config.0
+@@ -1584,6 +1593,7 @@ dump_config(ServerOptions *o)
---- openssh-4.7p1/sshd_config.0.vendor	2007-09-06 16:27:47.000000000 +0200
+ 	dump_cfg_fmtint(sUseLogin, o->use_login);
-+++ openssh-4.7p1/sshd_config.0	2007-09-06 16:27:47.000000000 +0200
+ 	dump_cfg_fmtint(sCompression, o->compression);
-@@ -418,6 +418,11 @@ DESCRIPTION
+ 	dump_cfg_fmtint(sGatewayPorts, o->gateway_ports);
++	dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
+ 	dump_cfg_fmtint(sUseDNS, o->use_dns);
+ 	dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
+ 	dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
+diff -up openssh-5.1p1/sshd_config.0.vendor openssh-5.1p1/sshd_config.0
+--- openssh-5.1p1/sshd_config.0.vendor	2008-07-23 14:13:22.000000000 +0200
++++ openssh-5.1p1/sshd_config.0	2008-07-23 14:13:22.000000000 +0200
+@@ -466,6 +466,11 @@ DESCRIPTION
               Defines the number of bits in the ephemeral protocol version 1
-              server key.  The minimum value is 512, and the default is 768.
+              server key.  The minimum value is 512, and the default is 1024.
  
 +     ShowPatchLevel
 +	     Specifies whether sshd will display the specific patch level of
@@ -114,10 +123,10 @@ diff -up openssh-4.7p1/sshd_config.0.vendor openssh-4.7p1/sshd_config.0
       StrictModes
               Specifies whether sshd(8) should check file modes and ownership
               of the user's files and home directory before accepting login.
-diff -up openssh-4.7p1/sshd_config.vendor openssh-4.7p1/sshd_config
+diff -up openssh-5.1p1/sshd_config.vendor openssh-5.1p1/sshd_config
---- openssh-4.7p1/sshd_config.vendor	2007-09-06 16:27:47.000000000 +0200
+--- openssh-5.1p1/sshd_config.vendor	2008-07-23 14:13:22.000000000 +0200
-+++ openssh-4.7p1/sshd_config	2007-09-06 16:27:47.000000000 +0200
++++ openssh-5.1p1/sshd_config	2008-07-23 14:13:22.000000000 +0200
-@@ -109,6 +109,7 @@ X11Forwarding yes
+@@ -112,6 +112,7 @@ X11Forwarding yes
  #Compression delayed
  #ClientAliveInterval 0
  #ClientAliveCountMax 3
@@ -125,20 +134,19 @@ diff -up openssh-4.7p1/sshd_config.vendor openssh-4.7p1/sshd_config
  #UseDNS yes
  #PidFile /var/run/sshd.pid
  #MaxStartups 10
-diff -up openssh-4.7p1/sshd.c.vendor openssh-4.7p1/sshd.c
+diff -up openssh-5.1p1/sshd.c.vendor openssh-5.1p1/sshd.c
---- openssh-4.7p1/sshd.c.vendor	2007-06-05 10:22:32.000000000 +0200
+--- openssh-5.1p1/sshd.c.vendor	2008-07-11 09:36:49.000000000 +0200
-+++ openssh-4.7p1/sshd.c	2007-09-06 16:27:47.000000000 +0200
++++ openssh-5.1p1/sshd.c	2008-07-23 14:35:43.000000000 +0200
-@@ -419,7 +419,8 @@ sshd_exchange_identification(int sock_in
+@@ -416,7 +416,7 @@ sshd_exchange_identification(int sock_in
- 		major = PROTOCOL_MAJOR_1;
  		minor = PROTOCOL_MINOR_1;
  	}
--	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
+ 	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
-+	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor,
+-	    SSH_VERSION, newline);
-+		 (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION);
++	   (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION, newline);
  	server_version_string = xstrdup(buf);
  
  	/* Send our protocol version identification. */
-@@ -1434,7 +1435,8 @@ main(int ac, char **av)
+@@ -1484,7 +1484,8 @@ main(int ac, char **av)
  		exit(1);
  	}
  

openssh.spec

@@ -62,8 +62,8 @@
 
 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
 Name: openssh
-Version: 5.0p1
+Version: 5.1p1
-Release: 3%{?dist}%{?rescue_rel}
+Release: 1%{?dist}%{?rescue_rel}
 URL: http://www.openssh.com/portable.html
 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
 #Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -74,17 +74,17 @@ Source0: openssh-%{version}-noacss.tar.bz2
 Source1: openssh-nukeacss.sh
 Source2: sshd.pam
 Source3: sshd.init
-Patch0: openssh-4.7p1-redhat.patch
+Patch0: openssh-5.1p1-redhat.patch
 Patch2: openssh-3.8.1p1-skip-initial.patch
 Patch3: openssh-3.8.1p1-krb5-config.patch
-Patch4: openssh-4.7p1-vendor.patch
+Patch4: openssh-5.1p1-vendor.patch
-Patch12: openssh-4.7p1-selinux.patch
+Patch12: openssh-5.1p1-selinux.patch
 Patch13: openssh-4.7p1-mls.patch
 Patch16: openssh-4.7p1-audit.patch
 Patch17: openssh-4.3p2-cve-2007-3102.patch
 Patch22: openssh-3.9p1-askpass-keep-above.patch
 Patch24: openssh-4.3p1-fromto-remote.patch
-Patch27: openssh-4.7p1-log-in-chroot.patch
+Patch27: openssh-5.1p1-log-in-chroot.patch
 Patch30: openssh-4.0p1-exit-deadlock.patch
 Patch35: openssh-4.2p1-askpass-progress.patch
 Patch38: openssh-4.3p2-askpass-grab-info.patch
@@ -93,11 +93,8 @@ Patch44: openssh-4.3p2-allow-ip-opts.patch
 Patch49: openssh-4.3p2-gssapi-canohost.patch
 Patch51: openssh-4.7p1-nss-keys.patch
 Patch54: openssh-4.7p1-gssapi-role.patch
-Patch55: openssh-4.7p1-cloexec.patch
+Patch55: openssh-5.1p1-cloexec.patch
-Patch58: openssh-4.5p1-controlcleanup.patch
-Patch59: openssh-4.7p1-master-race.patch
 Patch60: openssh-5.0p1-pam_selinux.patch
-Patch61: openssh-5.0p1-unbreakalive.patch
 Patch62: openssh-3.9p1-scp-manpage.patch
 
 License: BSD
@@ -229,10 +226,7 @@ an X11 passphrase dialog for OpenSSH.
 %patch51 -p1 -b .nss-keys
 %patch54 -p0 -b .gssapi-role
 %patch55 -p1 -b .cloexec
-%patch58 -p1 -b .controlcleanup
-%patch59 -p1 -b .master-race
 %patch60 -p1 -b .pam_selinux
-%patch61 -p0 -b .unbreakalive
 %patch62 -p0 -b .manpage
 
 autoreconf
@@ -423,7 +417,7 @@ fi
 
 %files
 %defattr(-,root,root)
-%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW README* RFC* TODO WARNING*
+%doc CREDITS ChangeLog INSTALL LICENCE OVERVIEW PROTOCOL* README* TODO WARNING*
 %attr(0755,root,root) %dir %{_sysconfdir}/ssh
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli
 %if ! %{rescue}
@@ -468,6 +462,7 @@ fi
 %attr(0755,root,root) %{_sbindir}/sshd
 %attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
 %attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
+%attr(0644,root,root) %{_mandir}/man5/moduli.5*
 %attr(0644,root,root) %{_mandir}/man8/sshd.8*
 %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
 %attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config
@@ -484,6 +479,11 @@ fi
 %endif
 
 %changelog
+* Wed Jul 23 2008 Tomas Mraz <tmraz@redhat.com> - 5.1p1-1
+- upgrade to new upstream release
+- fixed a problem with public key authentication and explicitely
+  specified SELinux role
+
 * Wed May 21 2008 Tomas Mraz <tmraz@redhat.com> - 5.0p1-3
 - pass the connection socket to ssh-keysign (#447680)
 

sources

@@ -1 +1 @@
-e39c15a5fb9036bd64256c78a6fbf394  openssh-5.0p1-noacss.tar.bz2
+5273579190b10f53baaf87f3c6eb0d73  openssh-5.1p1-noacss.tar.bz2