Fix compiling on ARM due to lack of relro and now support in gcc 4.5 for ARM

- enabling authorized keys command patch

openssh-5.3p1-selabel.patch

@@ -33,7 +33,7 @@ diff -up openssh-5.3p1/ssh.c.selabel openssh-5.3p1/ssh.c
  #include "openbsd-compat/openssl-compat.h"
  #include "openbsd-compat/sys-queue.h"
  
-@@ -792,10 +793,15 @@ main(int ac, char **av)
+@@ -792,10 +793,17 @@ main(int ac, char **av)
  	 */
  	r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
  	    strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
@@ -41,8 +41,10 @@ diff -up openssh-5.3p1/ssh.c.selabel openssh-5.3p1/ssh.c
 +	if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
 +		char *scon;
 +
-+		matchpathcon(buf, 0700, &scon);
++		if (matchpathcon(buf, 0700, &scon) != -1) {
-+		setfscreatecon(scon);
++			setfscreatecon(scon);
++			matchpathcon_fini();
++		}
  		if (mkdir(buf, 0700) < 0)
  			error("Could not create directory '%.200s'.", buf);
 -

openssh-5.5p1-clientloop.patch

@@ -0,0 +1,12 @@
+diff -up openssh-5.6p1/clientloop.c.clientloop openssh-5.6p1/clientloop.c
+--- openssh-5.6p1/clientloop.c.clientloop	2010-11-24 08:18:10.000000000 +0100
++++ openssh-5.6p1/clientloop.c	2010-11-24 08:18:11.000000000 +0100
+@@ -1944,7 +1944,7 @@ client_input_channel_req(int type, u_int
+ 		}
+ 		packet_check_eom();
+ 	}
+-	if (reply) {
++	if (reply && c != NULL) {
+ 		packet_start(success ?
+ 		    SSH2_MSG_CHANNEL_SUCCESS : SSH2_MSG_CHANNEL_FAILURE);
+ 		packet_put_int(c->remote_id);

openssh-5.5p1-gsskex.patch

@@ -1,6 +1,6 @@
 diff -up openssh-5.5p1/auth2.c.gsskex openssh-5.5p1/auth2.c
---- openssh-5.5p1/auth2.c.gsskex	2010-05-13 15:59:50.000000000 +0200
+--- openssh-5.5p1/auth2.c.gsskex	2010-10-22 15:58:56.000000000 +0200
-+++ openssh-5.5p1/auth2.c	2010-05-13 15:59:58.000000000 +0200
++++ openssh-5.5p1/auth2.c	2010-10-22 15:58:58.000000000 +0200
 @@ -69,6 +69,7 @@ extern Authmethod method_passwd;
  extern Authmethod method_kbdint;
  extern Authmethod method_hostbased;
@@ -36,8 +36,8 @@ diff -up openssh-5.5p1/auth2.c.gsskex openssh-5.5p1/auth2.c
  		if (authctxt->failures >= options.max_authtries) {
  #ifdef SSH_AUDIT_EVENTS
 diff -up openssh-5.5p1/auth2-gss.c.gsskex openssh-5.5p1/auth2-gss.c
---- openssh-5.5p1/auth2-gss.c.gsskex	2010-05-13 15:59:50.000000000 +0200
+--- openssh-5.5p1/auth2-gss.c.gsskex	2010-10-22 15:58:56.000000000 +0200
-+++ openssh-5.5p1/auth2-gss.c	2010-05-13 15:59:58.000000000 +0200
++++ openssh-5.5p1/auth2-gss.c	2010-10-22 15:58:58.000000000 +0200
 @@ -1,7 +1,7 @@
  /* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */
  
@@ -138,8 +138,8 @@ diff -up openssh-5.5p1/auth2-gss.c.gsskex openssh-5.5p1/auth2-gss.c
  	"gssapi-with-mic",
  	userauth_gssapi,
 diff -up openssh-5.5p1/auth.h.gsskex openssh-5.5p1/auth.h
---- openssh-5.5p1/auth.h.gsskex	2010-05-13 15:59:50.000000000 +0200
+--- openssh-5.5p1/auth.h.gsskex	2010-10-22 15:58:56.000000000 +0200
-+++ openssh-5.5p1/auth.h	2010-05-13 15:59:58.000000000 +0200
++++ openssh-5.5p1/auth.h	2010-10-22 15:58:58.000000000 +0200
 @@ -53,6 +53,7 @@ struct Authctxt {
  	int		 valid;		/* user exists and is allowed to login */
  	int		 attempt;
@@ -150,7 +150,7 @@ diff -up openssh-5.5p1/auth.h.gsskex openssh-5.5p1/auth.h
  	char		*service;
 diff -up openssh-5.5p1/auth-krb5.c.gsskex openssh-5.5p1/auth-krb5.c
 --- openssh-5.5p1/auth-krb5.c.gsskex	2009-12-21 00:49:22.000000000 +0100
-+++ openssh-5.5p1/auth-krb5.c	2010-05-13 15:59:58.000000000 +0200
++++ openssh-5.5p1/auth-krb5.c	2010-10-22 15:58:58.000000000 +0200
 @@ -170,8 +170,13 @@ auth_krb5_password(Authctxt *authctxt, c
  
  	len = strlen(authctxt->krb5_ticket_file) + 6;
@@ -199,8 +199,8 @@ diff -up openssh-5.5p1/auth-krb5.c.gsskex openssh-5.5p1/auth-krb5.c
  	return (krb5_cc_resolve(ctx, ccname, ccache));
  }
 diff -up openssh-5.5p1/ChangeLog.gssapi.gsskex openssh-5.5p1/ChangeLog.gssapi
---- openssh-5.5p1/ChangeLog.gssapi.gsskex	2010-05-13 15:59:58.000000000 +0200
+--- openssh-5.5p1/ChangeLog.gssapi.gsskex	2010-10-22 15:58:58.000000000 +0200
-+++ openssh-5.5p1/ChangeLog.gssapi	2010-05-13 15:59:58.000000000 +0200
++++ openssh-5.5p1/ChangeLog.gssapi	2010-10-22 15:58:58.000000000 +0200
 @@ -0,0 +1,95 @@
 +20090615
 +  - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c
@@ -299,7 +299,7 @@ diff -up openssh-5.5p1/ChangeLog.gssapi.gsskex openssh-5.5p1/ChangeLog.gssapi
 +    <gssapi-with-mic support is Bugzilla #1008>
 diff -up openssh-5.5p1/clientloop.c.gsskex openssh-5.5p1/clientloop.c
 --- openssh-5.5p1/clientloop.c.gsskex	2010-03-21 19:54:02.000000000 +0100
-+++ openssh-5.5p1/clientloop.c	2010-05-13 15:59:58.000000000 +0200
++++ openssh-5.5p1/clientloop.c	2010-10-22 15:58:58.000000000 +0200
 @@ -111,6 +111,10 @@
  #include "msg.h"
  #include "roaming.h"
@@ -326,8 +326,8 @@ diff -up openssh-5.5p1/clientloop.c.gsskex openssh-5.5p1/clientloop.c
  				debug("need rekeying");
  				xxx_kex->done = 0;
 diff -up openssh-5.5p1/configure.ac.gsskex openssh-5.5p1/configure.ac
---- openssh-5.5p1/configure.ac.gsskex	2010-05-13 15:59:52.000000000 +0200
+--- openssh-5.5p1/configure.ac.gsskex	2010-10-22 15:58:57.000000000 +0200
-+++ openssh-5.5p1/configure.ac	2010-05-13 15:59:58.000000000 +0200
++++ openssh-5.5p1/configure.ac	2010-10-22 15:58:59.000000000 +0200
 @@ -477,6 +477,30 @@ main() { if (NSVersionOfRunTimeLibrary("
  	    [Use tunnel device compatibility to OpenBSD])
  	AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
@@ -361,7 +361,7 @@ diff -up openssh-5.5p1/configure.ac.gsskex openssh-5.5p1/configure.ac
  	    AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
 diff -up openssh-5.5p1/gss-genr.c.gsskex openssh-5.5p1/gss-genr.c
 --- openssh-5.5p1/gss-genr.c.gsskex	2009-06-22 08:11:07.000000000 +0200
-+++ openssh-5.5p1/gss-genr.c	2010-05-13 15:59:58.000000000 +0200
++++ openssh-5.5p1/gss-genr.c	2010-10-22 15:58:59.000000000 +0200
 @@ -39,12 +39,167 @@
  #include "buffer.h"
  #include "log.h"
@@ -702,7 +702,7 @@ diff -up openssh-5.5p1/gss-genr.c.gsskex openssh-5.5p1/gss-genr.c
  #endif /* GSSAPI */
 diff -up openssh-5.5p1/gss-serv.c.gsskex openssh-5.5p1/gss-serv.c
 --- openssh-5.5p1/gss-serv.c.gsskex	2008-05-19 07:05:07.000000000 +0200
-+++ openssh-5.5p1/gss-serv.c	2010-05-13 15:59:58.000000000 +0200
++++ openssh-5.5p1/gss-serv.c	2010-10-22 15:58:59.000000000 +0200
 @@ -1,7 +1,7 @@
  /* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */
  
@@ -1018,7 +1018,7 @@ diff -up openssh-5.5p1/gss-serv.c.gsskex openssh-5.5p1/gss-serv.c
  #endif
 diff -up openssh-5.5p1/gss-serv-krb5.c.gsskex openssh-5.5p1/gss-serv-krb5.c
 --- openssh-5.5p1/gss-serv-krb5.c.gsskex	2006-09-01 07:38:36.000000000 +0200
-+++ openssh-5.5p1/gss-serv-krb5.c	2010-05-13 15:59:59.000000000 +0200
++++ openssh-5.5p1/gss-serv-krb5.c	2010-10-22 15:58:59.000000000 +0200
 @@ -1,7 +1,7 @@
  /* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
  
@@ -1141,7 +1141,7 @@ diff -up openssh-5.5p1/gss-serv-krb5.c.gsskex openssh-5.5p1/gss-serv-krb5.c
  #endif /* KRB5 */
 diff -up openssh-5.5p1/kex.c.gsskex openssh-5.5p1/kex.c
 --- openssh-5.5p1/kex.c.gsskex	2010-01-08 06:50:41.000000000 +0100
-+++ openssh-5.5p1/kex.c	2010-05-13 15:59:59.000000000 +0200
++++ openssh-5.5p1/kex.c	2010-10-22 15:58:59.000000000 +0200
 @@ -50,6 +50,10 @@
  #include "monitor.h"
  #include "roaming.h"
@@ -1175,8 +1175,8 @@ diff -up openssh-5.5p1/kex.c.gsskex openssh-5.5p1/kex.c
  		fatal("bad kex alg %s", k->name);
  }
 diff -up openssh-5.5p1/kexgssc.c.gsskex openssh-5.5p1/kexgssc.c
---- openssh-5.5p1/kexgssc.c.gsskex	2010-05-13 15:59:59.000000000 +0200
+--- openssh-5.5p1/kexgssc.c.gsskex	2010-10-22 15:58:59.000000000 +0200
-+++ openssh-5.5p1/kexgssc.c	2010-05-13 15:59:59.000000000 +0200
++++ openssh-5.5p1/kexgssc.c	2010-10-22 15:58:59.000000000 +0200
 @@ -0,0 +1,334 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@@ -1513,8 +1513,8 @@ diff -up openssh-5.5p1/kexgssc.c.gsskex openssh-5.5p1/kexgssc.c
 +
 +#endif /* GSSAPI */
 diff -up openssh-5.5p1/kexgsss.c.gsskex openssh-5.5p1/kexgsss.c
---- openssh-5.5p1/kexgsss.c.gsskex	2010-05-13 15:59:59.000000000 +0200
+--- openssh-5.5p1/kexgsss.c.gsskex	2010-10-22 15:58:59.000000000 +0200
-+++ openssh-5.5p1/kexgsss.c	2010-05-13 15:59:59.000000000 +0200
++++ openssh-5.5p1/kexgsss.c	2010-10-22 15:58:59.000000000 +0200
 @@ -0,0 +1,288 @@
 +/*
 + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@@ -1806,7 +1806,7 @@ diff -up openssh-5.5p1/kexgsss.c.gsskex openssh-5.5p1/kexgsss.c
 +#endif /* GSSAPI */
 diff -up openssh-5.5p1/kex.h.gsskex openssh-5.5p1/kex.h
 --- openssh-5.5p1/kex.h.gsskex	2010-02-26 21:55:05.000000000 +0100
-+++ openssh-5.5p1/kex.h	2010-05-13 15:59:59.000000000 +0200
++++ openssh-5.5p1/kex.h	2010-10-22 15:58:59.000000000 +0200
 @@ -67,6 +67,9 @@ enum kex_exchange {
  	KEX_DH_GRP14_SHA1,
  	KEX_DH_GEX_SHA1,
@@ -1844,7 +1844,7 @@ diff -up openssh-5.5p1/kex.h.gsskex openssh-5.5p1/kex.h
      BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
 diff -up openssh-5.5p1/key.c.gsskex openssh-5.5p1/key.c
 --- openssh-5.5p1/key.c.gsskex	2010-03-21 19:58:24.000000000 +0100
-+++ openssh-5.5p1/key.c	2010-05-13 15:59:59.000000000 +0200
++++ openssh-5.5p1/key.c	2010-10-22 15:58:59.000000000 +0200
 @@ -982,6 +982,8 @@ key_type_from_name(char *name)
  		return KEY_RSA_CERT;
  	} else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) {
@@ -1856,7 +1856,7 @@ diff -up openssh-5.5p1/key.c.gsskex openssh-5.5p1/key.c
  	return KEY_UNSPEC;
 diff -up openssh-5.5p1/key.h.gsskex openssh-5.5p1/key.h
 --- openssh-5.5p1/key.h.gsskex	2010-03-21 19:58:24.000000000 +0100
-+++ openssh-5.5p1/key.h	2010-05-13 15:59:59.000000000 +0200
++++ openssh-5.5p1/key.h	2010-10-22 15:58:59.000000000 +0200
 @@ -37,6 +37,7 @@ enum types {
  	KEY_DSA,
  	KEY_RSA_CERT,
@@ -1866,8 +1866,8 @@ diff -up openssh-5.5p1/key.h.gsskex openssh-5.5p1/key.h
  };
  enum fp_type {
 diff -up openssh-5.5p1/Makefile.in.gsskex openssh-5.5p1/Makefile.in
---- openssh-5.5p1/Makefile.in.gsskex	2010-05-13 15:59:57.000000000 +0200
+--- openssh-5.5p1/Makefile.in.gsskex	2010-10-22 15:58:58.000000000 +0200
-+++ openssh-5.5p1/Makefile.in	2010-05-13 16:01:34.000000000 +0200
++++ openssh-5.5p1/Makefile.in	2010-10-22 15:58:59.000000000 +0200
 @@ -76,11 +76,11 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
  	monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
  	kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \
@@ -1892,8 +1892,8 @@ diff -up openssh-5.5p1/Makefile.in.gsskex openssh-5.5p1/Makefile.in
  MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out
  MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5
 diff -up openssh-5.5p1/monitor.c.gsskex openssh-5.5p1/monitor.c
---- openssh-5.5p1/monitor.c.gsskex	2010-05-13 15:59:50.000000000 +0200
+--- openssh-5.5p1/monitor.c.gsskex	2010-10-22 15:58:57.000000000 +0200
-+++ openssh-5.5p1/monitor.c	2010-05-13 15:59:59.000000000 +0200
++++ openssh-5.5p1/monitor.c	2010-10-22 15:58:59.000000000 +0200
 @@ -175,6 +175,8 @@ int mm_answer_gss_setup_ctx(int, Buffer 
  int mm_answer_gss_accept_ctx(int, Buffer *);
  int mm_answer_gss_userok(int, Buffer *);
@@ -2087,8 +2087,8 @@ diff -up openssh-5.5p1/monitor.c.gsskex openssh-5.5p1/monitor.c
  
  #ifdef JPAKE
 diff -up openssh-5.5p1/monitor.h.gsskex openssh-5.5p1/monitor.h
---- openssh-5.5p1/monitor.h.gsskex	2010-05-13 15:59:50.000000000 +0200
+--- openssh-5.5p1/monitor.h.gsskex	2010-10-22 15:58:57.000000000 +0200
-+++ openssh-5.5p1/monitor.h	2010-05-13 15:59:59.000000000 +0200
++++ openssh-5.5p1/monitor.h	2010-10-22 15:58:59.000000000 +0200
 @@ -56,6 +56,8 @@ enum monitor_reqtype {
  	MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP,
  	MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK,
@@ -2099,8 +2099,8 @@ diff -up openssh-5.5p1/monitor.h.gsskex openssh-5.5p1/monitor.h
  	MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT,
  	MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX,
 diff -up openssh-5.5p1/monitor_wrap.c.gsskex openssh-5.5p1/monitor_wrap.c
---- openssh-5.5p1/monitor_wrap.c.gsskex	2010-05-13 15:59:51.000000000 +0200
+--- openssh-5.5p1/monitor_wrap.c.gsskex	2010-10-22 15:58:57.000000000 +0200
-+++ openssh-5.5p1/monitor_wrap.c	2010-05-13 15:59:59.000000000 +0200
++++ openssh-5.5p1/monitor_wrap.c	2010-10-22 15:58:59.000000000 +0200
 @@ -1250,7 +1250,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
  }
  
@@ -2163,8 +2163,8 @@ diff -up openssh-5.5p1/monitor_wrap.c.gsskex openssh-5.5p1/monitor_wrap.c
  
  #ifdef JPAKE
 diff -up openssh-5.5p1/monitor_wrap.h.gsskex openssh-5.5p1/monitor_wrap.h
---- openssh-5.5p1/monitor_wrap.h.gsskex	2010-05-13 15:59:51.000000000 +0200
+--- openssh-5.5p1/monitor_wrap.h.gsskex	2010-10-22 15:58:57.000000000 +0200
-+++ openssh-5.5p1/monitor_wrap.h	2010-05-13 15:59:59.000000000 +0200
++++ openssh-5.5p1/monitor_wrap.h	2010-10-22 15:58:59.000000000 +0200
 @@ -60,8 +60,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(K
  OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
  OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
@@ -2179,7 +2179,7 @@ diff -up openssh-5.5p1/monitor_wrap.h.gsskex openssh-5.5p1/monitor_wrap.h
  #ifdef USE_PAM
 diff -up openssh-5.5p1/readconf.c.gsskex openssh-5.5p1/readconf.c
 --- openssh-5.5p1/readconf.c.gsskex	2010-02-11 23:21:03.000000000 +0100
-+++ openssh-5.5p1/readconf.c	2010-05-13 15:59:59.000000000 +0200
++++ openssh-5.5p1/readconf.c	2010-10-22 15:58:59.000000000 +0200
 @@ -127,6 +127,7 @@ typedef enum {
  	oClearAllForwardings, oNoHostAuthenticationForLocalhost,
  	oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
@@ -2263,7 +2263,7 @@ diff -up openssh-5.5p1/readconf.c.gsskex openssh-5.5p1/readconf.c
  	if (options->kbd_interactive_authentication == -1)
 diff -up openssh-5.5p1/readconf.h.gsskex openssh-5.5p1/readconf.h
 --- openssh-5.5p1/readconf.h.gsskex	2010-02-11 23:21:03.000000000 +0100
-+++ openssh-5.5p1/readconf.h	2010-05-13 16:00:00.000000000 +0200
++++ openssh-5.5p1/readconf.h	2010-10-22 15:58:59.000000000 +0200
 @@ -44,7 +44,11 @@ typedef struct {
  	int     challenge_response_authentication;
  					/* Try S/Key or TIS, authentication. */
@@ -2277,8 +2277,8 @@ diff -up openssh-5.5p1/readconf.h.gsskex openssh-5.5p1/readconf.h
  						 * authentication. */
  	int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
 diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
---- openssh-5.5p1/servconf.c.gsskex	2010-05-13 15:59:54.000000000 +0200
+--- openssh-5.5p1/servconf.c.gsskex	2010-10-22 15:58:57.000000000 +0200
-+++ openssh-5.5p1/servconf.c	2010-05-13 16:00:00.000000000 +0200
++++ openssh-5.5p1/servconf.c	2010-10-22 15:58:59.000000000 +0200
 @@ -93,7 +93,10 @@ initialize_server_options(ServerOptions 
  	options->kerberos_ticket_cleanup = -1;
  	options->kerberos_get_afs_token = -1;
@@ -2356,8 +2356,8 @@ diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
  		intptr = &options->password_authentication;
  		goto parse_flag;
 diff -up openssh-5.5p1/servconf.h.gsskex openssh-5.5p1/servconf.h
---- openssh-5.5p1/servconf.h.gsskex	2010-05-13 15:59:54.000000000 +0200
+--- openssh-5.5p1/servconf.h.gsskex	2010-10-22 15:58:57.000000000 +0200
-+++ openssh-5.5p1/servconf.h	2010-05-13 16:00:00.000000000 +0200
++++ openssh-5.5p1/servconf.h	2010-10-22 15:58:59.000000000 +0200
 @@ -94,7 +94,10 @@ typedef struct {
  	int     kerberos_get_afs_token;		/* If true, try to get AFS token if
  						 * authenticated with Kerberos. */
@@ -2371,7 +2371,7 @@ diff -up openssh-5.5p1/servconf.h.gsskex openssh-5.5p1/servconf.h
  	int     kbd_interactive_authentication;	/* If true, permit */
 diff -up openssh-5.5p1/ssh_config.5.gsskex openssh-5.5p1/ssh_config.5
 --- openssh-5.5p1/ssh_config.5.gsskex	2010-03-26 02:09:13.000000000 +0100
-+++ openssh-5.5p1/ssh_config.5	2010-05-13 16:00:00.000000000 +0200
++++ openssh-5.5p1/ssh_config.5	2010-10-22 15:58:59.000000000 +0200
 @@ -478,11 +478,38 @@ Specifies whether user authentication ba
  The default is
  .Dq no .
@@ -2413,8 +2413,8 @@ diff -up openssh-5.5p1/ssh_config.5.gsskex openssh-5.5p1/ssh_config.5
  Indicates that
  .Xr ssh 1
 diff -up openssh-5.5p1/ssh_config.gsskex openssh-5.5p1/ssh_config
---- openssh-5.5p1/ssh_config.gsskex	2010-05-13 15:59:48.000000000 +0200
+--- openssh-5.5p1/ssh_config.gsskex	2010-10-22 15:58:56.000000000 +0200
-+++ openssh-5.5p1/ssh_config	2010-05-13 16:00:00.000000000 +0200
++++ openssh-5.5p1/ssh_config	2010-10-22 15:58:59.000000000 +0200
 @@ -26,6 +26,8 @@
  #   HostbasedAuthentication no
  #   GSSAPIAuthentication no
@@ -2425,8 +2425,8 @@ diff -up openssh-5.5p1/ssh_config.gsskex openssh-5.5p1/ssh_config
  #   CheckHostIP yes
  #   AddressFamily any
 diff -up openssh-5.5p1/sshconnect2.c.gsskex openssh-5.5p1/sshconnect2.c
---- openssh-5.5p1/sshconnect2.c.gsskex	2010-05-13 15:59:57.000000000 +0200
+--- openssh-5.5p1/sshconnect2.c.gsskex	2010-10-22 15:58:58.000000000 +0200
-+++ openssh-5.5p1/sshconnect2.c	2010-05-13 16:00:00.000000000 +0200
++++ openssh-5.5p1/sshconnect2.c	2010-10-22 16:01:19.000000000 +0200
 @@ -108,9 +108,34 @@ ssh_kex2(char *host, struct sockaddr *ho
  {
  	Kex *kex;
@@ -2515,18 +2515,19 @@ diff -up openssh-5.5p1/sshconnect2.c.gsskex openssh-5.5p1/sshconnect2.c
  #endif
  
  void	userauth(Authctxt *, char *);
-@@ -268,6 +321,10 @@ static char *authmethods_get(void);
+@@ -268,6 +321,11 @@ static char *authmethods_get(void);
  
  Authmethod authmethods[] = {
  #ifdef GSSAPI
 +	{"gssapi-keyex",
 +		userauth_gsskeyex,
++		NULL,
 +		&options.gss_authentication,
 +		NULL},
  	{"gssapi-with-mic",
  		userauth_gssapi,
  		NULL,
-@@ -576,23 +633,35 @@ userauth_gssapi(Authctxt *authctxt)
+@@ -576,23 +634,35 @@ userauth_gssapi(Authctxt *authctxt)
  	int ok = 0;
  	char* remotehost = NULL;
  	const char* canonicalhost = get_canonical_hostname(1);
@@ -2564,7 +2565,7 @@ diff -up openssh-5.5p1/sshconnect2.c.gsskex openssh-5.5p1/sshconnect2.c
  			ok = 1; /* Mechanism works */
  		} else {
  			mech++;
-@@ -689,8 +758,8 @@ input_gssapi_response(int type, u_int32_
+@@ -689,8 +759,8 @@ input_gssapi_response(int type, u_int32_
  {
  	Authctxt *authctxt = ctxt;
  	Gssctxt *gssctxt;
@@ -2575,7 +2576,7 @@ diff -up openssh-5.5p1/sshconnect2.c.gsskex openssh-5.5p1/sshconnect2.c
  
  	if (authctxt == NULL)
  		fatal("input_gssapi_response: no authentication context");
-@@ -800,6 +869,48 @@ input_gssapi_error(int type, u_int32_t p
+@@ -800,6 +870,48 @@ input_gssapi_error(int type, u_int32_t p
  	xfree(msg);
  	xfree(lang);
  }
@@ -2625,8 +2626,8 @@ diff -up openssh-5.5p1/sshconnect2.c.gsskex openssh-5.5p1/sshconnect2.c
  
  int
 diff -up openssh-5.5p1/sshd.c.gsskex openssh-5.5p1/sshd.c
---- openssh-5.5p1/sshd.c.gsskex	2010-05-13 15:59:57.000000000 +0200
+--- openssh-5.5p1/sshd.c.gsskex	2010-10-22 15:58:58.000000000 +0200
-+++ openssh-5.5p1/sshd.c	2010-05-13 16:00:00.000000000 +0200
++++ openssh-5.5p1/sshd.c	2010-10-22 15:58:59.000000000 +0200
 @@ -129,6 +129,10 @@ int allow_severity;
  int deny_severity;
  #endif /* LIBWRAP */
@@ -2776,8 +2777,8 @@ diff -up openssh-5.5p1/sshd.c.gsskex openssh-5.5p1/sshd.c
  	kex->client_version_string=client_version_string;
  	kex->server_version_string=server_version_string;
 diff -up openssh-5.5p1/sshd_config.5.gsskex openssh-5.5p1/sshd_config.5
---- openssh-5.5p1/sshd_config.5.gsskex	2010-05-13 15:59:54.000000000 +0200
+--- openssh-5.5p1/sshd_config.5.gsskex	2010-10-22 15:58:57.000000000 +0200
-+++ openssh-5.5p1/sshd_config.5	2010-05-13 16:00:00.000000000 +0200
++++ openssh-5.5p1/sshd_config.5	2010-10-22 15:58:59.000000000 +0200
 @@ -379,12 +379,40 @@ Specifies whether user authentication ba
  The default is
  .Dq no .
@@ -2820,8 +2821,8 @@ diff -up openssh-5.5p1/sshd_config.5.gsskex openssh-5.5p1/sshd_config.5
  Specifies whether rhosts or /etc/hosts.equiv authentication together
  with successful public key client host authentication is allowed
 diff -up openssh-5.5p1/sshd_config.gsskex openssh-5.5p1/sshd_config
---- openssh-5.5p1/sshd_config.gsskex	2010-05-13 15:59:54.000000000 +0200
+--- openssh-5.5p1/sshd_config.gsskex	2010-10-22 15:58:57.000000000 +0200
-+++ openssh-5.5p1/sshd_config	2010-05-13 16:00:00.000000000 +0200
++++ openssh-5.5p1/sshd_config	2010-10-22 15:58:59.000000000 +0200
 @@ -78,6 +78,8 @@ ChallengeResponseAuthentication no
  GSSAPIAuthentication yes
  #GSSAPICleanupCredentials yes
@@ -2833,7 +2834,7 @@ diff -up openssh-5.5p1/sshd_config.gsskex openssh-5.5p1/sshd_config
  # and session processing. If this is enabled, PAM authentication will 
 diff -up openssh-5.5p1/ssh-gss.h.gsskex openssh-5.5p1/ssh-gss.h
 --- openssh-5.5p1/ssh-gss.h.gsskex	2007-06-12 15:40:39.000000000 +0200
-+++ openssh-5.5p1/ssh-gss.h	2010-05-13 16:00:00.000000000 +0200
++++ openssh-5.5p1/ssh-gss.h	2010-10-22 15:58:59.000000000 +0200
 @@ -1,6 +1,6 @@
  /* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */
  /*

openssh-5.5p1-kuserok.patch

@@ -130,3 +130,39 @@ diff -up openssh-5.5p1/sshd_config.kuserok openssh-5.5p1/sshd_config
  
  # GSSAPI options
  #GSSAPIAuthentication no
+diff -up openssh-5.6p1/gss-serv-krb5.c.kuserok openssh-5.6p1/gss-serv-krb5.c
+--- openssh-5.6p1/gss-serv-krb5.c.kuserok	2010-09-15 15:39:48.000000000 +0200
++++ openssh-5.6p1/gss-serv-krb5.c	2010-09-15 15:49:43.000000000 +0200
+@@ -97,13 +97,25 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client
+ 		    krb5_get_err_text(krb_context, retval));
+ 		return 0;
+ 	}
+-	if (krb5_kuserok(krb_context, princ, name)) {
+-		retval = 1;
+-		logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
+-		    name, (char *)client->displayname.value);
+-	} else
+-		retval = 0;
+-
++	if (options.use_kuserok) {
++		if (krb5_kuserok(krb_context, princ, name)) {
++			retval = 1;
++			logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
++			    name, (char *)client->displayname.value);
++		} else
++			retval = 0;
++	} else {
++		char kuser[65];
++		if (krb5_aname_to_localname(krb_context, princ, sizeof(kuser), kuser))
++			retval = 0;
++		else if (strcmp(kuser, client))
++			retval = 0;
++		else {
++			retval = 1;
++			logit("Authorized to %s, krb5 principal %s (krb5)",
++			    name, (char *)client->displayname.value);
++		}
++	}
+ 	krb5_free_principal(krb_context, princ);
+ 	return retval;
+ }

openssh-5.5p1-x11.patch

@@ -1,7 +1,7 @@
-diff -up openssh-5.5p1/channels.c.x11 openssh-5.5p1/channels.c
+diff -up openssh-5.3p1/channels.c.bz595935 openssh-5.3p1/channels.c
---- openssh-5.5p1/channels.c.x11	2010-06-30 15:22:45.000000000 +0200
+--- openssh-5.3p1/channels.c.bz595935	2010-08-12 14:19:28.000000000 +0200
-+++ openssh-5.5p1/channels.c	2010-06-30 15:27:42.000000000 +0200
++++ openssh-5.3p1/channels.c	2010-08-12 14:33:51.000000000 +0200
-@@ -3332,7 +3332,7 @@ x11_create_display_inet(int x11_display_
+@@ -3185,7 +3185,7 @@ x11_create_display_inet(int x11_display_
  }
  
  static int
@@ -10,20 +10,25 @@ diff -up openssh-5.5p1/channels.c.x11 openssh-5.5p1/channels.c
  {
  	int sock;
  	struct sockaddr_un addr;
-@@ -3342,7 +3342,11 @@ connect_local_xsocket_path(const char *p
+@@ -3195,11 +3195,14 @@ connect_local_xsocket_path(const char *p
  		error("socket: %.100s", strerror(errno));
  	memset(&addr, 0, sizeof(addr));
  	addr.sun_family = AF_UNIX;
 -	strlcpy(addr.sun_path, pathname, sizeof addr.sun_path);
+-	if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0)
 +	if (len <= 0)
 +		return -1;
 +	if (len > sizeof addr.sun_path)
 +		len = sizeof addr.sun_path;
-+	memcpy(addr.sun_path, pathname , len);
++	memcpy(addr.sun_path, pathname, len);
- 	if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0)
++	if (connect(sock, (struct sockaddr *)&addr, sizeof addr - (sizeof addr.sun_path - len) ) == 0)
  		return sock;
  	close(sock);
-@@ -3354,8 +3358,18 @@ static int
+-	error("connect %.100s: %.100s", addr.sun_path, strerror(errno));
+ 	return -1;
+ }
+ 
+@@ -3207,8 +3210,21 @@ static int
  connect_local_xsocket(u_int dnr)
  {
  	char buf[1024];
@@ -40,7 +45,10 @@ diff -up openssh-5.5p1/channels.c.x11 openssh-5.5p1/channels.c
 +	if ((ret = connect_local_xsocket_path(buf, len + 1)) >= 0)
 +		return ret;
 +#endif
-+	return connect_local_xsocket_path(buf + 1, len);
++	if ((ret = connect_local_xsocket_path(buf + 1, len)) >= 0)
++		return ret;
++	error("connect %.100s: %.100s", buf + 1, strerror(errno));
++	return -1;
  }
  
  int

openssh.spec

@@ -70,7 +70,7 @@
 %endif
 
 # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
-%define openssh_rel 18
+%define openssh_rel 25
 %define openssh_ver 5.5p1
 %define pam_ssh_agent_rel 26
 %define pam_ssh_agent_ver 0.9.2
@@ -78,7 +78,7 @@
 Summary: An open source implementation of SSH protocol versions 1 and 2
 Name: openssh
 Version: %{openssh_ver}
-Release: %{openssh_rel}%{?dist}%{?rescue_rel}
+Release: %{openssh_rel}%{?dist}%{?rescue_rel}.2
 URL: http://www.openssh.com/portable.html
 #URL1: http://pamsshagentauth.sourceforge.net
 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@@ -131,8 +131,11 @@ Patch74: openssh-5.3p1-randclean.patch
 Patch76: openssh-5.5p1-staterr.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1750
 Patch77: openssh-5.5p1-stderr.patch
+#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
 Patch78: openssh-5.5p1-kuserok.patch
 Patch79: openssh-5.5p1-x11.patch
+#https://bugzilla.mindrot.org/show_bug.cgi?id=1842
+Patch81: openssh-5.5p1-clientloop.patch
 
 License: BSD
 Group: Applications/Internet
@@ -218,7 +221,7 @@ Provides: openssh-askpass-gnome
 Summary: PAM module for authentication with ssh-agent
 Group: System Environment/Base
 Version: %{pam_ssh_agent_ver}
-Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}
+Release: %{pam_ssh_agent_rel}.%{openssh_rel}%{?dist}%{?rescue_rel}.2
 License: BSD
 
 %description
@@ -307,6 +310,7 @@ popd
 %patch77 -p1 -b .stderr
 %patch78 -p1 -b .kuserok
 %patch79 -p1 -b .x11
+%patch81 -p1 -b .clientloop
 
 autoreconf
 pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}
@@ -326,7 +330,13 @@ CFLAGS="$CFLAGS -fpic"
 %endif
 export CFLAGS
 SAVE_LDFLAGS="$LDFLAGS"
-LDFLAGS="$LDFLAGS -pie"; export LDFLAGS
+%ifarch %{arm}
+# This is needed to compile ARM woth gcc 4.5 as ARM doesn't support relro and now.
+# Looks to be resolved in 4.6 thanks to Linaro work
+LDFLAGS="$LDFLAGS -pie -Wl,-z,relro"; export LDFLAGS
+%else
+LDFLAGS="$LDFLAGS -pie -z relro -z now"; export LDFLAGS
+%endif
 %endif
 %if %{kerberos5}
 if test -r /etc/profile.d/krb5-devel.sh ; then
@@ -356,7 +366,7 @@ fi
 	--disable-strip \
 	--without-zlib-version-check \
 	--with-ssl-engine \
-	--with-pka \
+	--with-authorized-keys-command \
 %if %{nss}
 	--with-nss \
 %endif
@@ -588,6 +598,31 @@ fi
 %endif
 
 %changelog
+* Thu Jun 16 2011 Peter Robinson <pbrobinson@gmail.com> - 5.5p1-25 + 0.9.2-26
+- Fix compiling on ARM due to lack of relro and now support in gcc 4.5 for ARM
+
+* Wed Nov 24 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-24 + 0.9.2-26
+- reapair clientloop crash (#627332)
+
+* Fri Nov  5 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-23 + 0.9.2-26
+- update x11 patch (#648896)
+
+* Fri Oct 20 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-22 + 0.9.2-26
+- update gsskex patch (#645389)
+
+* Tue Oct 05 2010 jkeating - 5.5p1-21.2
+- Rebuilt for gcc bug 634757
+
+* Wed Sep 15 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-21 + 0.9.2-26
+- Add the GSSAPI kuserok switch to the kuserok patch
+
+* Mon Sep 13 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-20 + 0.9.2-26
+- Tweaking selabel patch to work properly without selinux rules loaded. (#632914)
+- enabling authorized keys command patch
+
+* Fri Sep  3 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-19 + 0.9.2-26
+- Added -z relro -z now to LDFLAGS
+
 * Wed Jul  7 2010 Jan F. Chadima <jchadima@redhat.com> - 5.5p1-18 + 0.9.2-26
 - merged with newer bugzilla's version of authorized keys command patch