rpms
/
openssh
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

- Rebased to openssh5.6p1 

- Added -z relro -z now to LDFLAGS
This commit is contained in:
Jan F. Chadima 2010-08-12 07:41:58 +02:00
parent d675c0b550
commit c6801b909e
3 changed files with 62 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

58
openssh-5.6p1-authorized-keys-command.patch
View File

@ -1,6 +1,6 @@
diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c
--- openssh-5.6p1/auth2-pubkey.c.akc 2010-08-23 12:15:42.000000000 +0200
+++ openssh-5.6p1/auth2-pubkey.c 2010-08-23 12:15:42.000000000 +0200
--- openssh-5.6p1/auth2-pubkey.c.akc 2010-09-03 15:24:51.000000000 +0200
+++ openssh-5.6p1/auth2-pubkey.c 2010-09-03 15:24:51.000000000 +0200
@@ -27,6 +27,7 @@
#include <sys/types.h>
@ -241,8 +241,8 @@ diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c
return 0;
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac
--- openssh-5.6p1/configure.ac.akc 2010-08-23 12:15:42.000000000 +0200
+++ openssh-5.6p1/configure.ac 2010-08-23 12:15:42.000000000 +0200
--- openssh-5.6p1/configure.ac.akc 2010-09-03 15:24:51.000000000 +0200
+++ openssh-5.6p1/configure.ac 2010-09-03 15:24:51.000000000 +0200
@@ -1346,6 +1346,18 @@ AC_ARG_WITH(audit,
esac ]
)
@ -271,8 +271,8 @@ diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c
--- openssh-5.6p1/servconf.c.akc 2010-08-23 12:15:41.000000000 +0200
+++ openssh-5.6p1/servconf.c 2010-08-23 12:22:22.000000000 +0200
--- openssh-5.6p1/servconf.c.akc 2010-09-03 15:24:50.000000000 +0200
+++ openssh-5.6p1/servconf.c 2010-09-03 15:24:51.000000000 +0200
@@ -129,6 +129,8 @@ initialize_server_options(ServerOptions
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
@ -344,8 +344,8 @@ diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff -up openssh-5.6p1/servconf.h.akc openssh-5.6p1/servconf.h
--- openssh-5.6p1/servconf.h.akc 2010-08-23 12:15:41.000000000 +0200
+++ openssh-5.6p1/servconf.h 2010-08-23 12:17:58.000000000 +0200
--- openssh-5.6p1/servconf.h.akc 2010-09-03 15:24:50.000000000 +0200
+++ openssh-5.6p1/servconf.h 2010-09-03 15:24:51.000000000 +0200
@@ -158,6 +158,8 @@ typedef struct {
char *revoked_keys_file;
char *trusted_user_ca_keys;
@ -356,21 +356,11 @@ diff -up openssh-5.6p1/servconf.h.akc openssh-5.6p1/servconf.h
void initialize_server_options(ServerOptions *);
diff -up openssh-5.6p1/sshd_config.0.akc openssh-5.6p1/sshd_config.0
--- openssh-5.6p1/sshd_config.0.akc 2010-08-23 12:15:41.000000000 +0200
+++ openssh-5.6p1/sshd_config.0 2010-08-23 12:25:18.000000000 +0200
@@ -374,7 +374,8 @@ DESCRIPTION
--- openssh-5.6p1/sshd_config.0.akc 2010-09-03 15:24:50.000000000 +0200
+++ openssh-5.6p1/sshd_config.0 2010-09-03 15:27:26.000000000 +0200
@@ -71,6 +71,23 @@ DESCRIPTION
Only a subset of keywords may be used on the lines following a
Match keyword. Available keywords are AllowAgentForwarding,
- AllowTcpForwarding, AuthorizedKeysFile, AuthorizedPrincipalsFile,
+ AllowTcpForwarding, AuthorizedKeysFile, AuthorizedKeysCommand,
+ AuthorizedKeysCommandRunAs, AuthorizedPrincipalsFile,
Banner, ChrootDirectory, ForceCommand, GatewayPorts,
GSSAPIAuthentication, HostbasedAuthentication,
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
@@ -496,6 +497,23 @@ DESCRIPTION
this file is not readable, then public key authentication will be
refused for all users.
See PATTERNS in ssh_config(5) for more information on patterns.
+ AuthorizedKeysCommand
+
@ -389,12 +379,22 @@ diff -up openssh-5.6p1/sshd_config.0.akc openssh-5.6p1/sshd_config.0
+ Empty string (the default value) means the user being authorized
+ is used.
+
RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication to-
gether with successful RSA host authentication is allowed. The
AuthorizedKeysFile
Specifies the file that contains the public keys that can be used
for user authentication. The format is described in the
@@ -375,7 +392,8 @@ DESCRIPTION
Only a subset of keywords may be used on the lines following a
Match keyword. Available keywords are AllowAgentForwarding,
- AllowTcpForwarding, AuthorizedKeysFile, AuthorizedPrincipalsFile,
+ AllowTcpForwarding, AuthorizedKeysFile, AuthorizedKeysCommand,
+ AuthorizedKeysCommandRunAs, AuthorizedPrincipalsFile,
Banner, ChrootDirectory, ForceCommand, GatewayPorts,
GSSAPIAuthentication, HostbasedAuthentication,
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5
--- openssh-5.6p1/sshd_config.5.akc 2010-08-23 12:15:41.000000000 +0200
+++ openssh-5.6p1/sshd_config.5 2010-08-23 12:25:46.000000000 +0200
--- openssh-5.6p1/sshd_config.5.akc 2010-09-03 15:24:50.000000000 +0200
+++ openssh-5.6p1/sshd_config.5 2010-09-03 15:24:51.000000000 +0200
@@ -654,6 +654,8 @@ Available keywords are
.Cm AllowAgentForwarding ,
.Cm AllowTcpForwarding ,
@ -434,8 +434,8 @@ diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed.
diff -up openssh-5.6p1/sshd_config.akc openssh-5.6p1/sshd_config
--- openssh-5.6p1/sshd_config.akc 2010-08-23 12:15:41.000000000 +0200
+++ openssh-5.6p1/sshd_config 2010-08-23 12:15:42.000000000 +0200
--- openssh-5.6p1/sshd_config.akc 2010-09-03 15:24:50.000000000 +0200
+++ openssh-5.6p1/sshd_config 2010-09-03 15:24:51.000000000 +0200
@@ -45,6 +45,8 @@ SyslogFacility AUTHPRIV
#RSAAuthentication yes
#PubkeyAuthentication yes

32
openssh-5.4p1-redhat.patch → openssh-5.6p1-redhat.patch
View File

@ -1,6 +1,6 @@
diff -up openssh-5.4p1/ssh_config.redhat openssh-5.4p1/ssh_config
--- openssh-5.4p1/ssh_config.redhat 2010-01-12 09:40:27.000000000 +0100
+++ openssh-5.4p1/ssh_config 2010-03-01 15:15:51.000000000 +0100
diff -up openssh-5.6p1/ssh_config.redhat openssh-5.6p1/ssh_config
--- openssh-5.6p1/ssh_config.redhat 2010-01-12 09:40:27.000000000 +0100
+++ openssh-5.6p1/ssh_config 2010-09-03 15:21:17.000000000 +0200
@@ -45,3 +45,14 @@
# PermitLocalCommand no
# VisualHostKey no
@ -16,26 +16,26 @@ diff -up openssh-5.4p1/ssh_config.redhat openssh-5.4p1/ssh_config
+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
+ SendEnv XMODIFIERS
diff -up openssh-5.4p1/sshd_config.0.redhat openssh-5.4p1/sshd_config.0
--- openssh-5.4p1/sshd_config.0.redhat 2010-03-01 14:30:04.000000000 +0100
+++ openssh-5.4p1/sshd_config.0 2010-03-01 15:14:13.000000000 +0100
@@ -501,9 +501,9 @@ DESCRIPTION
diff -up openssh-5.6p1/sshd_config.0.redhat openssh-5.6p1/sshd_config.0
--- openssh-5.6p1/sshd_config.0.redhat 2010-08-23 05:24:16.000000000 +0200
+++ openssh-5.6p1/sshd_config.0 2010-09-03 15:23:20.000000000 +0200
@@ -537,9 +537,9 @@ DESCRIPTION
SyslogFacility
Gives the facility code that is used when logging messages from
- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0,
- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The de-
- fault is AUTH.
- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The
- default is AUTH.
+ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
TCPKeepAlive
Specifies whether the system should send TCP keepalive messages
diff -up openssh-5.4p1/sshd_config.5.redhat openssh-5.4p1/sshd_config.5
--- openssh-5.4p1/sshd_config.5.redhat 2010-02-26 21:55:06.000000000 +0100
+++ openssh-5.4p1/sshd_config.5 2010-03-01 15:14:14.000000000 +0100
@@ -865,7 +865,7 @@ Note that this option applies to protoco
diff -up openssh-5.6p1/sshd_config.5.redhat openssh-5.6p1/sshd_config.5
--- openssh-5.6p1/sshd_config.5.redhat 2010-07-02 05:37:17.000000000 +0200
+++ openssh-5.6p1/sshd_config.5 2010-09-03 15:21:17.000000000 +0200
@@ -919,7 +919,7 @@ Note that this option applies to protoco
.It Cm SyslogFacility
Gives the facility code that is used when logging messages from
.Xr sshd 8 .
@ -44,9 +44,9 @@ diff -up openssh-5.4p1/sshd_config.5.redhat openssh-5.4p1/sshd_config.5
LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
The default is AUTH.
.It Cm TCPKeepAlive
diff -up openssh-5.4p1/sshd_config.redhat openssh-5.4p1/sshd_config
--- openssh-5.4p1/sshd_config.redhat 2009-10-11 12:51:09.000000000 +0200
+++ openssh-5.4p1/sshd_config 2010-03-01 15:14:14.000000000 +0100
diff -up openssh-5.6p1/sshd_config.redhat openssh-5.6p1/sshd_config
--- openssh-5.6p1/sshd_config.redhat 2009-10-11 12:51:09.000000000 +0200
+++ openssh-5.6p1/sshd_config 2010-09-03 15:21:17.000000000 +0200
@@ -31,6 +31,7 @@
# Logging
# obsoletes QuietMode and FascistLogging

10
openssh.spec
View File

@ -71,7 +71,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_ver 5.6p1
%define openssh_rel 1
%define openssh_rel 2
%define pam_ssh_agent_ver 0.9.2
%define pam_ssh_agent_rel 27
@ -93,7 +93,7 @@ Source3: sshd.init
Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/pam_ssh_agent_auth-%{pam_ssh_agent_ver}.tar.bz2
Source5: pam_ssh_agent-rmheaders
Patch0: openssh-5.4p1-redhat.patch
Patch0: openssh-5.6p1-redhat.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640
Patch4: openssh-5.2p1-vendor.patch
Patch10: pam_ssh_agent_auth-0.9-build.patch
@ -317,7 +317,7 @@ CFLAGS="$CFLAGS -fpic"
%endif
export CFLAGS
SAVE_LDFLAGS="$LDFLAGS"
LDFLAGS="$LDFLAGS -pie"; export LDFLAGS
LDFLAGS="$LDFLAGS -pie -z relro -z now"; export LDFLAGS
%endif
%if %{kerberos5}
if test -r /etc/profile.d/krb5-devel.sh ; then
@ -579,6 +579,10 @@ fi
%endif
%changelog
* Fri Sep 3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.6p1-1 + 0.9.2-27
- Rebased to openssh5.6p1
- Added -z relro -z now to LDFLAGS
* Wed Jul 7 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-18 + 0.9.2-26
- merged with newer bugzilla's version of authorized keys command patch