[openssh] Upgrade to openssh-5.6p1
Jan F. Chadima
jfch2222 at fedoraproject.org
Mon Aug 23 11:39:36 UTC 2010
commit 1b8a267cb916f20439043dacc4e2a90253bbb59f
Author: Jan F. Chadima <jfch at frigo.localdomain>
Date: Tue Aug 3 02:41:49 2010 +0200
Upgrade to openssh-5.6p1
openssh-4.0p1-exit-deadlock.patch | 13 -
openssh-5.3p1-skip-initial.patch | 24 --
openssh-5.5p1-staterr.patch | 30 ---
openssh-5.5p1-stderr.patch | 171 --------------
... => openssh-5.6p1-authorized-keys-command.patch | 131 ++++++-----
openssh-5.6p1-exit-deadlock.patch | 14 ++
...sh-5.5p1-fips.patch => openssh-5.6p1-fips.patch | 136 ++++++------
....5p1-gsskex.patch => openssh-5.6p1-gsskex.patch | 236 ++++++++++----------
....5p1-keygen.patch => openssh-5.6p1-keygen.patch | 40 ++--
...p1-kuserok.patch => openssh-5.6p1-kuserok.patch | 52 +++---
...sh-5.5p1-ldap.patch => openssh-5.6p1-ldap.patch | 131 +++++------
openssh-5.5p1-mls.patch => openssh-5.6p1-mls.patch | 42 ++--
...p1-selabel.patch => openssh-5.6p1-selabel.patch | 34 ++--
openssh.spec | 29 +--
14 files changed, 419 insertions(+), 664 deletions(-)
---
diff --git a/openssh-5.5p1-authorized-keys-command.patch b/openssh-5.6p1-authorized-keys-command.patch
similarity index 78%
rename from openssh-5.5p1-authorized-keys-command.patch
rename to openssh-5.6p1-authorized-keys-command.patch
index 8be37fd..4c9b5b1 100644
--- a/openssh-5.5p1-authorized-keys-command.patch
+++ b/openssh-5.6p1-authorized-keys-command.patch
@@ -1,6 +1,6 @@
-diff -ruN openssh-5.5p1.orig/auth2-pubkey.c openssh-5.5p1/auth2-pubkey.c
---- openssh-5.5p1.orig/auth2-pubkey.c 2010-03-21 14:51:21.000000000 -0400
-+++ openssh-5.5p1/auth2-pubkey.c 2010-07-03 20:23:43.000000000 -0400
+diff -up openssh-5.6p1/auth2-pubkey.c.akc openssh-5.6p1/auth2-pubkey.c
+--- openssh-5.6p1/auth2-pubkey.c.akc 2010-08-23 12:15:42.000000000 +0200
++++ openssh-5.6p1/auth2-pubkey.c 2010-08-23 12:15:42.000000000 +0200
@@ -27,6 +27,7 @@
#include <sys/types.h>
@@ -9,7 +9,7 @@ diff -ruN openssh-5.5p1.orig/auth2-pubkey.c openssh-5.5p1/auth2-pubkey.c
#include <fcntl.h>
#include <pwd.h>
-@@ -178,27 +178,15 @@
+@@ -264,27 +265,15 @@ match_principals_file(char *file, struct
/* return 1 if user allows given key */
static int
@@ -38,7 +38,7 @@ diff -ruN openssh-5.5p1.orig/auth2-pubkey.c openssh-5.5p1/auth2-pubkey.c
found_key = 0;
found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
-@@ -273,8 +261,6 @@
+@@ -377,8 +366,6 @@ user_key_allowed2(struct passwd *pw, Key
break;
}
}
@@ -47,7 +47,7 @@ diff -ruN openssh-5.5p1.orig/auth2-pubkey.c openssh-5.5p1/auth2-pubkey.c
key_free(found);
if (!found_key)
debug2("key not found");
-@@ -321,13 +307,191 @@
+@@ -440,13 +427,191 @@ user_cert_trusted_ca(struct passwd *pw,
return ret;
}
@@ -240,10 +240,10 @@ diff -ruN openssh-5.5p1.orig/auth2-pubkey.c openssh-5.5p1/auth2-pubkey.c
if (auth_key_is_revoked(key))
return 0;
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
-diff -ruN openssh-5.5p1.orig/configure.ac openssh-5.5p1/configure.ac
---- openssh-5.5p1.orig/configure.ac 2010-04-10 08:58:01.000000000 -0400
-+++ openssh-5.5p1/configure.ac 2010-07-03 19:57:42.000000000 -0400
-@@ -1346,6 +1346,18 @@
+diff -up openssh-5.6p1/configure.ac.akc openssh-5.6p1/configure.ac
+--- openssh-5.6p1/configure.ac.akc 2010-08-23 12:15:42.000000000 +0200
++++ openssh-5.6p1/configure.ac 2010-08-23 12:15:42.000000000 +0200
+@@ -1346,6 +1346,18 @@ AC_ARG_WITH(audit,
esac ]
)
@@ -262,7 +262,7 @@ diff -ruN openssh-5.5p1.orig/configure.ac openssh-5.5p1/configure.ac
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS( \
arc4random \
-@@ -4181,6 +4193,7 @@
+@@ -4209,6 +4221,7 @@ echo " Linux audit support
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
@@ -270,10 +270,10 @@ diff -ruN openssh-5.5p1.orig/configure.ac openssh-5.5p1/configure.ac
echo " MD5 password support: $MD5_MSG"
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
-diff -ruN openssh-5.5p1.orig/servconf.c openssh-5.5p1/servconf.c
---- openssh-5.5p1.orig/servconf.c 2010-03-25 19:40:04.000000000 -0400
-+++ openssh-5.5p1/servconf.c 2010-07-03 19:59:07.000000000 -0400
-@@ -128,6 +128,8 @@
+diff -up openssh-5.6p1/servconf.c.akc openssh-5.6p1/servconf.c
+--- openssh-5.6p1/servconf.c.akc 2010-08-23 12:15:41.000000000 +0200
++++ openssh-5.6p1/servconf.c 2010-08-23 12:22:22.000000000 +0200
+@@ -129,6 +129,8 @@ initialize_server_options(ServerOptions
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
@@ -282,18 +282,18 @@ diff -ruN openssh-5.5p1.orig/servconf.c openssh-5.5p1/servconf.c
options->zero_knowledge_password_authentication = -1;
options->revoked_keys_file = NULL;
options->trusted_user_ca_keys = NULL;
-@@ -311,6 +313,7 @@
+@@ -316,6 +318,7 @@ typedef enum {
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication, sHostCertificate,
- sRevokedKeys, sTrustedUserCAKeys,
+ sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile,
+ sAuthorizedKeysCommand, sAuthorizedKeysCommandRunAs,
sDeprecated, sUnsupported
} ServerOpCodes;
-@@ -432,6 +435,13 @@
- { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
+@@ -439,6 +442,13 @@ static struct {
{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
+ { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL },
+#ifdef WITH_AUTHORIZED_KEYS_COMMAND
+ { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL },
+ { "authorizedkeyscommandrunas", sAuthorizedKeysCommandRunAs, SSHCFG_ALL },
@@ -304,7 +304,7 @@ diff -ruN openssh-5.5p1.orig/servconf.c openssh-5.5p1/servconf.c
{ NULL, sBadOption, 0 }
};
-@@ -1345,6 +1355,20 @@
+@@ -1360,6 +1370,20 @@ process_server_config_line(ServerOptions
charptr = &options->revoked_keys_file;
goto parse_filename;
@@ -325,7 +325,7 @@ diff -ruN openssh-5.5p1.orig/servconf.c openssh-5.5p1/servconf.c
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
-@@ -1438,6 +1462,8 @@
+@@ -1453,6 +1477,8 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(gss_authentication);
M_CP_INTOPT(rsa_authentication);
M_CP_INTOPT(pubkey_authentication);
@@ -333,54 +333,42 @@ diff -ruN openssh-5.5p1.orig/servconf.c openssh-5.5p1/servconf.c
+ M_CP_STROPT(authorized_keys_command_runas);
M_CP_INTOPT(kerberos_authentication);
M_CP_INTOPT(hostbased_authentication);
- M_CP_INTOPT(kbd_interactive_authentication);
-@@ -1682,6 +1708,8 @@
- dump_cfg_string(sChrootDirectory, o->chroot_directory);
- dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys);
+ M_CP_INTOPT(hostbased_uses_name_from_packet_only);
+@@ -1705,6 +1731,8 @@ dump_config(ServerOptions *o)
dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
+ dump_cfg_string(sAuthorizedPrincipalsFile,
+ o->authorized_principals_file);
+ dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
+ dump_cfg_string(sAuthorizedKeysCommandRunAs, o->authorized_keys_command_runas);
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
-diff -ruN openssh-5.5p1.orig/servconf.h openssh-5.5p1/servconf.h
---- openssh-5.5p1.orig/servconf.h 2010-03-04 05:53:35.000000000 -0500
-+++ openssh-5.5p1/servconf.h 2010-07-03 19:57:42.000000000 -0400
-@@ -156,6 +156,8 @@
- char *chroot_directory;
+diff -up openssh-5.6p1/servconf.h.akc openssh-5.6p1/servconf.h
+--- openssh-5.6p1/servconf.h.akc 2010-08-23 12:15:41.000000000 +0200
++++ openssh-5.6p1/servconf.h 2010-08-23 12:17:58.000000000 +0200
+@@ -158,6 +158,8 @@ typedef struct {
char *revoked_keys_file;
char *trusted_user_ca_keys;
+ char *authorized_principals_file;
+ char *authorized_keys_command;
+ char *authorized_keys_command_runas;
} ServerOptions;
void initialize_server_options(ServerOptions *);
-diff -ruN openssh-5.5p1.orig/sshd_config openssh-5.5p1/sshd_config
---- openssh-5.5p1.orig/sshd_config 2009-10-11 06:51:09.000000000 -0400
-+++ openssh-5.5p1/sshd_config 2010-07-03 19:57:42.000000000 -0400
-@@ -44,6 +44,8 @@
- #RSAAuthentication yes
- #PubkeyAuthentication yes
- #AuthorizedKeysFile .ssh/authorized_keys
-+#AuthorizedKeysCommand none
-+#AuthorizedKeysCommandRunAs nobody
+diff -up openssh-5.6p1/sshd_config.0.akc openssh-5.6p1/sshd_config.0
+--- openssh-5.6p1/sshd_config.0.akc 2010-08-23 12:15:41.000000000 +0200
++++ openssh-5.6p1/sshd_config.0 2010-08-23 12:25:18.000000000 +0200
+@@ -374,7 +374,8 @@ DESCRIPTION
- # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
- #RhostsRSAAuthentication no
-diff -ruN openssh-5.5p1.orig/sshd_config.0 openssh-5.5p1/sshd_config.0
---- openssh-5.5p1.orig/sshd_config.0 2010-04-15 20:17:12.000000000 -0400
-+++ openssh-5.5p1/sshd_config.0 2010-07-03 19:57:42.000000000 -0400
-@@ -352,7 +352,8 @@
- KbdInteractiveAuthentication, KerberosAuthentication,
- MaxAuthTries, MaxSessions, PasswordAuthentication,
- PermitEmptyPasswords, PermitOpen, PermitRootLogin,
-- PubkeyAuthentication, RhostsRSAAuthentication, RSAAuthentication,
-+ PubkeyAuthentication, AuthorizedKeysCommand, AuthorizedKeysCommandRunAs,
-+ RhostsRSAAuthentication, RSAAuthentication,
- X11DisplayOffset, X11Forwarding and X11UseLocalHost.
-
- MaxAuthTries
-@@ -467,6 +468,23 @@
+ Only a subset of keywords may be used on the lines following a
+ Match keyword. Available keywords are AllowAgentForwarding,
+- AllowTcpForwarding, AuthorizedKeysFile, AuthorizedPrincipalsFile,
++ AllowTcpForwarding, AuthorizedKeysFile, AuthorizedKeysCommand,
++ AuthorizedKeysCommandRunAs, AuthorizedPrincipalsFile,
+ Banner, ChrootDirectory, ForceCommand, GatewayPorts,
+ GSSAPIAuthentication, HostbasedAuthentication,
+ HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
+@@ -496,6 +497,23 @@ DESCRIPTION
this file is not readable, then public key authentication will be
refused for all users.
@@ -404,20 +392,27 @@ diff -ruN openssh-5.5p1.orig/sshd_config.0 openssh-5.5p1/sshd_config.0
RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication to-
gether with successful RSA host authentication is allowed. The
-diff -ruN openssh-5.5p1.orig/sshd_config.5 openssh-5.5p1/sshd_config.5
---- openssh-5.5p1.orig/sshd_config.5 2010-03-04 18:41:45.000000000 -0500
-+++ openssh-5.5p1/sshd_config.5 2010-07-03 19:57:42.000000000 -0400
-@@ -618,6 +618,9 @@
+diff -up openssh-5.6p1/sshd_config.5.akc openssh-5.6p1/sshd_config.5
+--- openssh-5.6p1/sshd_config.5.akc 2010-08-23 12:15:41.000000000 +0200
++++ openssh-5.6p1/sshd_config.5 2010-08-23 12:25:46.000000000 +0200
+@@ -654,6 +654,8 @@ Available keywords are
+ .Cm AllowAgentForwarding ,
+ .Cm AllowTcpForwarding ,
+ .Cm AuthorizedKeysFile ,
++.Cm AuthorizedKeysCommand ,
++.Cm AuthorizedKeysCommandRunAs ,
+ .Cm AuthorizedPrincipalsFile ,
+ .Cm Banner ,
+ .Cm ChrootDirectory ,
+@@ -666,6 +668,7 @@ Available keywords are
.Cm KerberosAuthentication ,
.Cm MaxAuthTries ,
.Cm MaxSessions ,
+.Cm PubkeyAuthentication ,
-+.Cm AuthorizedKeysCommand ,
-+.Cm AuthorizedKeysCommandRunAs ,
.Cm PasswordAuthentication ,
.Cm PermitEmptyPasswords ,
.Cm PermitOpen ,
-@@ -819,6 +822,20 @@
+@@ -868,6 +871,20 @@ Specifies a list of revoked public keys.
Keys listed in this file will be refused for public key authentication.
Note that if this file is not readable, then public key authentication will
be refused for all users.
@@ -438,3 +433,15 @@ diff -ruN openssh-5.5p1.orig/sshd_config.5 openssh-5.5p1/sshd_config.5
.It Cm RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed.
+diff -up openssh-5.6p1/sshd_config.akc openssh-5.6p1/sshd_config
+--- openssh-5.6p1/sshd_config.akc 2010-08-23 12:15:41.000000000 +0200
++++ openssh-5.6p1/sshd_config 2010-08-23 12:15:42.000000000 +0200
+@@ -45,6 +45,8 @@ SyslogFacility AUTHPRIV
+ #RSAAuthentication yes
+ #PubkeyAuthentication yes
+ #AuthorizedKeysFile .ssh/authorized_keys
++#AuthorizedKeysCommand none
++#AuthorizedKeysCommandRunAs nobody
+
+ # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+ #RhostsRSAAuthentication no
diff --git a/openssh-5.6p1-exit-deadlock.patch b/openssh-5.6p1-exit-deadlock.patch
new file mode 100644
index 0000000..278dfa1
--- /dev/null
+++ b/openssh-5.6p1-exit-deadlock.patch
@@ -0,0 +1,14 @@
+diff -up openssh-5.6p1/channels.c.exit-deadlock openssh-5.6p1/channels.c
+--- openssh-5.6p1/channels.c.exit-deadlock 2010-08-05 15:09:48.000000000 +0200
++++ openssh-5.6p1/channels.c 2010-08-23 12:41:43.000000000 +0200
+@@ -1647,6 +1647,10 @@ channel_handle_wfd(Channel *c, fd_set *r
+ u_int dlen, olen = 0;
+ int len;
+
++ if(c->wfd != -1 && buffer_len(&c->output) > 0 && c->ostate == CHAN_OUTPUT_WAIT_DRAIN) {
++ debug("channel %d: forcing write", c->self);
++ FD_SET(c->wfd, writeset);
++ }
+ /* Send buffered output data to the socket. */
+ if (c->wfd != -1 &&
+ FD_ISSET(c->wfd, writeset) &&
diff --git a/openssh-5.5p1-fips.patch b/openssh-5.6p1-fips.patch
similarity index 83%
rename from openssh-5.5p1-fips.patch
rename to openssh-5.6p1-fips.patch
index 2f6db6f..7277c3b 100644
--- a/openssh-5.5p1-fips.patch
+++ b/openssh-5.6p1-fips.patch
@@ -1,7 +1,7 @@
-diff -up openssh-5.5p1/auth2-pubkey.c.fips openssh-5.5p1/auth2-pubkey.c
---- openssh-5.5p1/auth2-pubkey.c.fips 2010-04-16 08:46:47.000000000 +0200
-+++ openssh-5.5p1/auth2-pubkey.c 2010-04-16 08:46:48.000000000 +0200
-@@ -35,6 +35,7 @@
+diff -up openssh-5.6p1/auth2-pubkey.c.fips openssh-5.6p1/auth2-pubkey.c
+--- openssh-5.6p1/auth2-pubkey.c.fips 2010-08-23 12:43:40.000000000 +0200
++++ openssh-5.6p1/auth2-pubkey.c 2010-08-23 12:43:41.000000000 +0200
+@@ -36,6 +36,7 @@
#include <string.h>
#include <time.h>
#include <unistd.h>
@@ -9,7 +9,7 @@ diff -up openssh-5.5p1/auth2-pubkey.c.fips openssh-5.5p1/auth2-pubkey.c
#include "xmalloc.h"
#include "ssh.h"
-@@ -274,7 +275,7 @@ user_key_allowed2(struct passwd *pw, Key
+@@ -359,7 +360,7 @@ user_search_key_in_file(FILE *f, char *f
found_key = 1;
debug("matching key found: file %s, line %lu",
file, linenum);
@@ -18,9 +18,9 @@ diff -up openssh-5.5p1/auth2-pubkey.c.fips openssh-5.5p1/auth2-pubkey.c
verbose("Found matching %s key: %s",
key_type(found), fp);
xfree(fp);
-diff -up openssh-5.5p1/authfile.c.fips openssh-5.5p1/authfile.c
---- openssh-5.5p1/authfile.c.fips 2010-03-04 11:53:35.000000000 +0100
-+++ openssh-5.5p1/authfile.c 2010-04-16 08:46:49.000000000 +0200
+diff -up openssh-5.6p1/authfile.c.fips openssh-5.6p1/authfile.c
+--- openssh-5.6p1/authfile.c.fips 2010-08-05 05:05:16.000000000 +0200
++++ openssh-5.6p1/authfile.c 2010-08-23 12:43:41.000000000 +0200
@@ -146,8 +146,14 @@ key_save_private_rsa1(Key *key, const ch
/* Allocate space for the private part of the key in the buffer. */
cp = buffer_append_space(&encrypted, buffer_len(&buffer));
@@ -55,9 +55,9 @@ diff -up openssh-5.5p1/authfile.c.fips openssh-5.5p1/authfile.c
cipher_crypt(&ciphercontext, cp,
buffer_ptr(&buffer), buffer_len(&buffer));
cipher_cleanup(&ciphercontext);
-diff -up openssh-5.5p1/cipher.c.fips openssh-5.5p1/cipher.c
---- openssh-5.5p1/cipher.c.fips 2010-04-16 08:34:06.000000000 +0200
-+++ openssh-5.5p1/cipher.c 2010-04-16 08:46:49.000000000 +0200
+diff -up openssh-5.6p1/cipher.c.fips openssh-5.6p1/cipher.c
+--- openssh-5.6p1/cipher.c.fips 2010-08-23 09:49:50.000000000 +0200
++++ openssh-5.6p1/cipher.c 2010-08-23 12:43:41.000000000 +0200
@@ -40,6 +40,7 @@
#include <sys/types.h>
@@ -142,9 +142,9 @@ diff -up openssh-5.5p1/cipher.c.fips openssh-5.5p1/cipher.c
}
/*
-diff -up openssh-5.5p1/cipher-ctr.c.fips openssh-5.5p1/cipher-ctr.c
---- openssh-5.5p1/cipher-ctr.c.fips 2007-06-14 15:21:33.000000000 +0200
-+++ openssh-5.5p1/cipher-ctr.c 2010-04-16 08:46:49.000000000 +0200
+diff -up openssh-5.6p1/cipher-ctr.c.fips openssh-5.6p1/cipher-ctr.c
+--- openssh-5.6p1/cipher-ctr.c.fips 2007-06-14 15:21:33.000000000 +0200
++++ openssh-5.6p1/cipher-ctr.c 2010-08-23 12:43:41.000000000 +0200
@@ -140,7 +140,8 @@ evp_aes_128_ctr(void)
aes_ctr.do_cipher = ssh_aes_ctr;
#ifndef SSH_OLD_EVP
@@ -155,9 +155,9 @@ diff -up openssh-5.5p1/cipher-ctr.c.fips openssh-5.5p1/cipher-ctr.c
#endif
return (&aes_ctr);
}
-diff -up openssh-5.5p1/cipher.h.fips openssh-5.5p1/cipher.h
---- openssh-5.5p1/cipher.h.fips 2009-01-28 06:38:41.000000000 +0100
-+++ openssh-5.5p1/cipher.h 2010-04-16 08:46:49.000000000 +0200
+diff -up openssh-5.6p1/cipher.h.fips openssh-5.6p1/cipher.h
+--- openssh-5.6p1/cipher.h.fips 2009-01-28 06:38:41.000000000 +0100
++++ openssh-5.6p1/cipher.h 2010-08-23 12:43:41.000000000 +0200
@@ -78,7 +78,7 @@ void cipher_init(CipherContext *, Ciphe
const u_char *, u_int, int);
void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
@@ -167,9 +167,9 @@ diff -up openssh-5.5p1/cipher.h.fips openssh-5.5p1/cipher.h
u_int cipher_blocksize(const Cipher *);
u_int cipher_keylen(const Cipher *);
u_int cipher_is_cbc(const Cipher *);
-diff -up openssh-5.5p1/mac.c.fips openssh-5.5p1/mac.c
---- openssh-5.5p1/mac.c.fips 2008-06-13 02:58:50.000000000 +0200
-+++ openssh-5.5p1/mac.c 2010-04-16 08:46:49.000000000 +0200
+diff -up openssh-5.6p1/mac.c.fips openssh-5.6p1/mac.c
+--- openssh-5.6p1/mac.c.fips 2008-06-13 02:58:50.000000000 +0200
++++ openssh-5.6p1/mac.c 2010-08-23 12:43:41.000000000 +0200
@@ -28,6 +28,7 @@
#include <sys/types.h>
@@ -219,10 +219,10 @@ diff -up openssh-5.5p1/mac.c.fips openssh-5.5p1/mac.c
for (i = 0; macs[i].name; i++) {
if (strcmp(name, macs[i].name) == 0) {
-diff -up openssh-5.5p1/Makefile.in.fips openssh-5.5p1/Makefile.in
---- openssh-5.5p1/Makefile.in.fips 2010-03-13 22:41:34.000000000 +0100
-+++ openssh-5.5p1/Makefile.in 2010-04-16 09:48:16.000000000 +0200
-@@ -141,25 +141,25 @@
+diff -up openssh-5.6p1/Makefile.in.fips openssh-5.6p1/Makefile.in
+--- openssh-5.6p1/Makefile.in.fips 2010-08-23 12:43:40.000000000 +0200
++++ openssh-5.6p1/Makefile.in 2010-08-23 12:46:24.000000000 +0200
+@@ -141,25 +141,25 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
@@ -253,8 +253,8 @@ diff -up openssh-5.5p1/Makefile.in.fips openssh-5.5p1/Makefile.in
+ $(LD) -o $@ ssh-keysign.o readconf.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
- $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
-@@ -168,7 +168,7 @@
+ $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+@@ -168,7 +168,7 @@ ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) l
$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
@@ -263,10 +263,10 @@ diff -up openssh-5.5p1/Makefile.in.fips openssh-5.5p1/Makefile.in
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-diff -up openssh-5.5p1/myproposal.h.fips openssh-5.5p1/myproposal.h
---- openssh-5.5p1/myproposal.h.fips 2010-02-26 21:55:05.000000000 +0100
-+++ openssh-5.5p1/myproposal.h 2010-04-16 08:46:49.000000000 +0200
-@@ -55,7 +55,12 @@
+diff -up openssh-5.6p1/myproposal.h.fips openssh-5.6p1/myproposal.h
+--- openssh-5.6p1/myproposal.h.fips 2010-04-16 07:56:22.000000000 +0200
++++ openssh-5.6p1/myproposal.h 2010-08-23 12:43:41.000000000 +0200
+@@ -58,7 +58,12 @@
"hmac-sha1-96,hmac-md5-96"
#define KEX_DEFAULT_COMP "none,zlib at openssh.com,zlib"
#define KEX_DEFAULT_LANG ""
@@ -280,9 +280,9 @@ diff -up openssh-5.5p1/myproposal.h.fips openssh-5.5p1/myproposal.h
static char *myproposal[PROPOSAL_MAX] = {
KEX_DEFAULT_KEX,
-diff -up openssh-5.5p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.5p1/openbsd-compat/bsd-arc4random.c
---- openssh-5.5p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100
-+++ openssh-5.5p1/openbsd-compat/bsd-arc4random.c 2010-04-16 09:17:30.000000000 +0200
+diff -up openssh-5.6p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.6p1/openbsd-compat/bsd-arc4random.c
+--- openssh-5.6p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100
++++ openssh-5.6p1/openbsd-compat/bsd-arc4random.c 2010-08-23 12:43:41.000000000 +0200
@@ -39,6 +39,7 @@
static int rc4_ready = 0;
static RC4_KEY rc4;
@@ -324,9 +324,9 @@ diff -up openssh-5.5p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.5p1/openbs
#endif /* !HAVE_ARC4RANDOM */
#ifndef HAVE_ARC4RANDOM_BUF
-diff -up openssh-5.5p1/ssh-add.c.fips openssh-5.5p1/ssh-add.c
---- openssh-5.5p1/ssh-add.c.fips 2010-03-03 00:25:42.000000000 +0100
-+++ openssh-5.5p1/ssh-add.c 2010-04-16 08:46:49.000000000 +0200
+diff -up openssh-5.6p1/ssh-add.c.fips openssh-5.6p1/ssh-add.c
+--- openssh-5.6p1/ssh-add.c.fips 2010-05-21 06:56:47.000000000 +0200
++++ openssh-5.6p1/ssh-add.c 2010-08-23 12:43:41.000000000 +0200
@@ -42,6 +42,7 @@
#include <sys/param.h>
@@ -335,7 +335,7 @@ diff -up openssh-5.5p1/ssh-add.c.fips openssh-5.5p1/ssh-add.c
#include "openbsd-compat/openssl-compat.h"
#include <fcntl.h>
-@@ -269,7 +270,7 @@ list_identities(AuthenticationConnection
+@@ -277,7 +278,7 @@ list_identities(AuthenticationConnection
key = ssh_get_next_identity(ac, &comment, version)) {
had_identities = 1;
if (do_fp) {
@@ -344,9 +344,9 @@ diff -up openssh-5.5p1/ssh-add.c.fips openssh-5.5p1/ssh-add.c
SSH_FP_HEX);
printf("%d %s %s (%s)\n",
key_size(key), fp, comment, key_type(key));
-diff -up openssh-5.5p1/ssh-agent.c.fips openssh-5.5p1/ssh-agent.c
---- openssh-5.5p1/ssh-agent.c.fips 2010-02-26 21:55:06.000000000 +0100
-+++ openssh-5.5p1/ssh-agent.c 2010-04-16 08:46:49.000000000 +0200
+diff -up openssh-5.6p1/ssh-agent.c.fips openssh-5.6p1/ssh-agent.c
+--- openssh-5.6p1/ssh-agent.c.fips 2010-04-16 07:56:22.000000000 +0200
++++ openssh-5.6p1/ssh-agent.c 2010-08-23 12:43:41.000000000 +0200
@@ -51,6 +51,7 @@
#include <openssl/evp.h>
@@ -368,9 +368,9 @@ diff -up openssh-5.5p1/ssh-agent.c.fips openssh-5.5p1/ssh-agent.c
ret = 0;
xfree(p);
-diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
---- openssh-5.5p1/ssh.c.fips 2010-02-26 21:55:06.000000000 +0100
-+++ openssh-5.5p1/ssh.c 2010-04-16 08:46:49.000000000 +0200
+diff -up openssh-5.6p1/ssh.c.fips openssh-5.6p1/ssh.c
+--- openssh-5.6p1/ssh.c.fips 2010-08-16 17:59:31.000000000 +0200
++++ openssh-5.6p1/ssh.c 2010-08-23 12:43:41.000000000 +0200
@@ -72,6 +72,8 @@
#include <openssl/evp.h>
@@ -380,7 +380,7 @@ diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
#include "openbsd-compat/openssl-compat.h"
#include "openbsd-compat/sys-queue.h"
-@@ -225,6 +227,10 @@ main(int ac, char **av)
+@@ -235,6 +237,10 @@ main(int ac, char **av)
sanitise_stdfd();
__progname = ssh_get_progname(av[0]);
@@ -391,7 +391,7 @@ diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
init_rng();
/*
-@@ -285,6 +291,9 @@ main(int ac, char **av)
+@@ -301,6 +307,9 @@ main(int ac, char **av)
"ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
@@ -401,7 +401,7 @@ diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
options.protocol = SSH_PROTO_1;
break;
case '2':
-@@ -581,7 +590,6 @@ main(int ac, char **av)
+@@ -599,7 +608,6 @@ main(int ac, char **av)
if (!host)
usage();
@@ -409,7 +409,7 @@ diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
ERR_load_crypto_strings();
/* Initialize the command to execute on remote host. */
-@@ -667,6 +675,10 @@ main(int ac, char **av)
+@@ -685,6 +693,10 @@ main(int ac, char **av)
seed_rng();
@@ -420,7 +420,7 @@ diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
if (options.user == NULL)
options.user = xstrdup(pw->pw_name);
-@@ -733,6 +745,12 @@ main(int ac, char **av)
+@@ -752,6 +764,12 @@ main(int ac, char **av)
timeout_ms = options.connection_timeout * 1000;
@@ -433,9 +433,9 @@ diff -up openssh-5.5p1/ssh.c.fips openssh-5.5p1/ssh.c
/* Open a connection to the remote host. */
if (ssh_connect(host, &hostaddr, options.port,
options.address_family, options.connection_attempts, &timeout_ms,
-diff -up openssh-5.5p1/sshconnect2.c.fips openssh-5.5p1/sshconnect2.c
---- openssh-5.5p1/sshconnect2.c.fips 2010-04-16 08:46:48.000000000 +0200
-+++ openssh-5.5p1/sshconnect2.c 2010-04-16 08:46:49.000000000 +0200
+diff -up openssh-5.6p1/sshconnect2.c.fips openssh-5.6p1/sshconnect2.c
+--- openssh-5.6p1/sshconnect2.c.fips 2010-08-23 12:43:41.000000000 +0200
++++ openssh-5.6p1/sshconnect2.c 2010-08-23 12:43:41.000000000 +0200
@@ -44,6 +44,8 @@
#include <vis.h>
#endif
@@ -479,9 +479,9 @@ diff -up openssh-5.5p1/sshconnect2.c.fips openssh-5.5p1/sshconnect2.c
xfree(fp);
/*
-diff -up openssh-5.5p1/sshconnect.c.fips openssh-5.5p1/sshconnect.c
---- openssh-5.5p1/sshconnect.c.fips 2010-03-04 11:53:36.000000000 +0100
-+++ openssh-5.5p1/sshconnect.c 2010-04-16 08:46:49.000000000 +0200
+diff -up openssh-5.6p1/sshconnect.c.fips openssh-5.6p1/sshconnect.c
+--- openssh-5.6p1/sshconnect.c.fips 2010-04-18 00:08:21.000000000 +0200
++++ openssh-5.6p1/sshconnect.c 2010-08-23 12:43:41.000000000 +0200
@@ -40,6 +40,8 @@
#include <string.h>
#include <unistd.h>
@@ -568,9 +568,9 @@ diff -up openssh-5.5p1/sshconnect.c.fips openssh-5.5p1/sshconnect.c
error("Please contact your system administrator.");
xfree(fp);
-diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
---- openssh-5.5p1/sshd.c.fips 2010-04-16 08:46:48.000000000 +0200
-+++ openssh-5.5p1/sshd.c 2010-04-16 08:46:49.000000000 +0200
+diff -up openssh-5.6p1/sshd.c.fips openssh-5.6p1/sshd.c
+--- openssh-5.6p1/sshd.c.fips 2010-08-23 12:43:40.000000000 +0200
++++ openssh-5.6p1/sshd.c 2010-08-23 12:43:41.000000000 +0200
@@ -76,6 +76,8 @@
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -580,7 +580,7 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
#include "openbsd-compat/openssl-compat.h"
#ifdef HAVE_SECUREWARE
-@@ -1298,6 +1300,12 @@ main(int ac, char **av)
+@@ -1307,6 +1309,12 @@ main(int ac, char **av)
(void)set_auth_parameters(ac, av);
#endif
__progname = ssh_get_progname(av[0]);
@@ -593,7 +593,7 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
init_rng();
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
-@@ -1459,8 +1467,6 @@ main(int ac, char **av)
+@@ -1468,8 +1476,6 @@ main(int ac, char **av)
else
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
@@ -602,7 +602,7 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
/*
* Force logging to stderr until we have loaded the private host
* key (unless started from inetd)
-@@ -1578,6 +1584,10 @@ main(int ac, char **av)
+@@ -1587,6 +1593,10 @@ main(int ac, char **av)
debug("private host key: #%d type %d %s", i, key->type,
key_type(key));
}
@@ -613,7 +613,7 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
-@@ -1742,6 +1752,10 @@ main(int ac, char **av)
+@@ -1751,6 +1761,10 @@ main(int ac, char **av)
/* Initialize the random number generator. */
arc4random_stir();
@@ -624,7 +624,7 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
chdir("/");
-@@ -2275,6 +2289,9 @@ do_ssh2_kex(void)
+@@ -2284,6 +2298,9 @@ do_ssh2_kex(void)
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
@@ -634,7 +634,7 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
-@@ -2284,6 +2301,9 @@ do_ssh2_kex(void)
+@@ -2293,6 +2310,9 @@ do_ssh2_kex(void)
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
@@ -644,9 +644,9 @@ diff -up openssh-5.5p1/sshd.c.fips openssh-5.5p1/sshd.c
}
if (options.compression == COMP_NONE) {
myproposal[PROPOSAL_COMP_ALGS_CTOS] =
-diff -up openssh-5.5p1/ssh-keygen.c.fips openssh-5.5p1/ssh-keygen.c
---- openssh-5.5p1/ssh-keygen.c.fips 2010-03-21 19:58:24.000000000 +0100
-+++ openssh-5.5p1/ssh-keygen.c 2010-04-16 08:46:49.000000000 +0200
+diff -up openssh-5.6p1/ssh-keygen.c.fips openssh-5.6p1/ssh-keygen.c
+--- openssh-5.6p1/ssh-keygen.c.fips 2010-08-23 12:43:40.000000000 +0200
++++ openssh-5.6p1/ssh-keygen.c 2010-08-23 12:43:41.000000000 +0200
@@ -21,6 +21,7 @@
#include <openssl/evp.h>
@@ -655,7 +655,7 @@ diff -up openssh-5.5p1/ssh-keygen.c.fips openssh-5.5p1/ssh-keygen.c
#include "openbsd-compat/openssl-compat.h"
#include <errno.h>
-@@ -527,7 +528,7 @@ do_fingerprint(struct passwd *pw)
+@@ -692,7 +693,7 @@ do_fingerprint(struct passwd *pw)
enum fp_type fptype;
struct stat st;
@@ -664,7 +664,7 @@ diff -up openssh-5.5p1/ssh-keygen.c.fips openssh-5.5p1/ssh-keygen.c
rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX;
if (!have_identity)
-@@ -1916,14 +1917,15 @@ passphrase_again:
+@@ -2209,14 +2210,15 @@ passphrase_again:
fclose(f);
if (!quiet) {
diff --git a/openssh-5.5p1-gsskex.patch b/openssh-5.6p1-gsskex.patch
similarity index 92%
rename from openssh-5.5p1-gsskex.patch
rename to openssh-5.6p1-gsskex.patch
index 249faa4..95da913 100644
--- a/openssh-5.5p1-gsskex.patch
+++ b/openssh-5.6p1-gsskex.patch
@@ -1,6 +1,6 @@
-diff -up openssh-5.5p1/auth2.c.gsskex openssh-5.5p1/auth2.c
---- openssh-5.5p1/auth2.c.gsskex 2010-05-13 15:59:50.000000000 +0200
-+++ openssh-5.5p1/auth2.c 2010-05-13 15:59:58.000000000 +0200
+diff -up openssh-5.6p1/auth2.c.gsskex openssh-5.6p1/auth2.c
+--- openssh-5.6p1/auth2.c.gsskex 2010-08-23 12:51:56.000000000 +0200
++++ openssh-5.6p1/auth2.c 2010-08-23 12:51:58.000000000 +0200
@@ -69,6 +69,7 @@ extern Authmethod method_passwd;
extern Authmethod method_kbdint;
extern Authmethod method_hostbased;
@@ -35,9 +35,9 @@ diff -up openssh-5.5p1/auth2.c.gsskex openssh-5.5p1/auth2.c
authctxt->failures++;
if (authctxt->failures >= options.max_authtries) {
#ifdef SSH_AUDIT_EVENTS
-diff -up openssh-5.5p1/auth2-gss.c.gsskex openssh-5.5p1/auth2-gss.c
---- openssh-5.5p1/auth2-gss.c.gsskex 2010-05-13 15:59:50.000000000 +0200
-+++ openssh-5.5p1/auth2-gss.c 2010-05-13 15:59:58.000000000 +0200
+diff -up openssh-5.6p1/auth2-gss.c.gsskex openssh-5.6p1/auth2-gss.c
+--- openssh-5.6p1/auth2-gss.c.gsskex 2010-08-23 12:51:56.000000000 +0200
++++ openssh-5.6p1/auth2-gss.c 2010-08-23 12:51:58.000000000 +0200
@@ -1,7 +1,7 @@
/* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */
@@ -137,9 +137,9 @@ diff -up openssh-5.5p1/auth2-gss.c.gsskex openssh-5.5p1/auth2-gss.c
Authmethod method_gssapi = {
"gssapi-with-mic",
userauth_gssapi,
-diff -up openssh-5.5p1/auth.h.gsskex openssh-5.5p1/auth.h
---- openssh-5.5p1/auth.h.gsskex 2010-05-13 15:59:50.000000000 +0200
-+++ openssh-5.5p1/auth.h 2010-05-13 15:59:58.000000000 +0200
+diff -up openssh-5.6p1/auth.h.gsskex openssh-5.6p1/auth.h
+--- openssh-5.6p1/auth.h.gsskex 2010-08-23 12:51:56.000000000 +0200
++++ openssh-5.6p1/auth.h 2010-08-23 12:51:58.000000000 +0200
@@ -53,6 +53,7 @@ struct Authctxt {
int valid; /* user exists and is allowed to login */
int attempt;
@@ -148,9 +148,9 @@ diff -up openssh-5.5p1/auth.h.gsskex openssh-5.5p1/auth.h
int force_pwchange;
char *user; /* username sent by the client */
char *service;
-diff -up openssh-5.5p1/auth-krb5.c.gsskex openssh-5.5p1/auth-krb5.c
---- openssh-5.5p1/auth-krb5.c.gsskex 2009-12-21 00:49:22.000000000 +0100
-+++ openssh-5.5p1/auth-krb5.c 2010-05-13 15:59:58.000000000 +0200
+diff -up openssh-5.6p1/auth-krb5.c.gsskex openssh-5.6p1/auth-krb5.c
+--- openssh-5.6p1/auth-krb5.c.gsskex 2009-12-21 00:49:22.000000000 +0100
++++ openssh-5.6p1/auth-krb5.c 2010-08-23 12:51:58.000000000 +0200
@@ -170,8 +170,13 @@ auth_krb5_password(Authctxt *authctxt, c
len = strlen(authctxt->krb5_ticket_file) + 6;
@@ -198,9 +198,9 @@ diff -up openssh-5.5p1/auth-krb5.c.gsskex openssh-5.5p1/auth-krb5.c
return (krb5_cc_resolve(ctx, ccname, ccache));
}
-diff -up openssh-5.5p1/ChangeLog.gssapi.gsskex openssh-5.5p1/ChangeLog.gssapi
---- openssh-5.5p1/ChangeLog.gssapi.gsskex 2010-05-13 15:59:58.000000000 +0200
-+++ openssh-5.5p1/ChangeLog.gssapi 2010-05-13 15:59:58.000000000 +0200
+diff -up openssh-5.6p1/ChangeLog.gssapi.gsskex openssh-5.6p1/ChangeLog.gssapi
+--- openssh-5.6p1/ChangeLog.gssapi.gsskex 2010-08-23 12:51:58.000000000 +0200
++++ openssh-5.6p1/ChangeLog.gssapi 2010-08-23 12:51:58.000000000 +0200
@@ -0,0 +1,95 @@
+20090615
+ - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c
@@ -297,9 +297,9 @@ diff -up openssh-5.5p1/ChangeLog.gssapi.gsskex openssh-5.5p1/ChangeLog.gssapi
+ add support for GssapiTrustDns option for gssapi-with-mic
+ (from jbasney AT ncsa.uiuc.edu)
+ <gssapi-with-mic support is Bugzilla #1008>
-diff -up openssh-5.5p1/clientloop.c.gsskex openssh-5.5p1/clientloop.c
---- openssh-5.5p1/clientloop.c.gsskex 2010-03-21 19:54:02.000000000 +0100
-+++ openssh-5.5p1/clientloop.c 2010-05-13 15:59:58.000000000 +0200
+diff -up openssh-5.6p1/clientloop.c.gsskex openssh-5.6p1/clientloop.c
+--- openssh-5.6p1/clientloop.c.gsskex 2010-08-03 08:04:46.000000000 +0200
++++ openssh-5.6p1/clientloop.c 2010-08-23 12:51:58.000000000 +0200
@@ -111,6 +111,10 @@
#include "msg.h"
#include "roaming.h"
@@ -311,7 +311,7 @@ diff -up openssh-5.5p1/clientloop.c.gsskex openssh-5.5p1/clientloop.c
/* import options */
extern Options options;
-@@ -1431,6 +1435,13 @@ client_loop(int have_pty, int escape_cha
+@@ -1483,6 +1487,13 @@ client_loop(int have_pty, int escape_cha
/* Do channel operations unless rekeying in progress. */
if (!rekeying) {
channel_after_select(readset, writeset);
@@ -325,9 +325,9 @@ diff -up openssh-5.5p1/clientloop.c.gsskex openssh-5.5p1/clientloop.c
if (need_rekeying || packet_need_rekeying()) {
debug("need rekeying");
xxx_kex->done = 0;
-diff -up openssh-5.5p1/configure.ac.gsskex openssh-5.5p1/configure.ac
---- openssh-5.5p1/configure.ac.gsskex 2010-05-13 15:59:52.000000000 +0200
-+++ openssh-5.5p1/configure.ac 2010-05-13 15:59:58.000000000 +0200
+diff -up openssh-5.6p1/configure.ac.gsskex openssh-5.6p1/configure.ac
+--- openssh-5.6p1/configure.ac.gsskex 2010-08-23 12:51:57.000000000 +0200
++++ openssh-5.6p1/configure.ac 2010-08-23 12:51:58.000000000 +0200
@@ -477,6 +477,30 @@ main() { if (NSVersionOfRunTimeLibrary("
[Use tunnel device compatibility to OpenBSD])
AC_DEFINE(SSH_TUN_PREPEND_AF, 1,
@@ -359,9 +359,9 @@ diff -up openssh-5.5p1/configure.ac.gsskex openssh-5.5p1/configure.ac
m4_pattern_allow(AU_IPv)
AC_CHECK_DECL(AU_IPv4, [],
AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records])
-diff -up openssh-5.5p1/gss-genr.c.gsskex openssh-5.5p1/gss-genr.c
---- openssh-5.5p1/gss-genr.c.gsskex 2009-06-22 08:11:07.000000000 +0200
-+++ openssh-5.5p1/gss-genr.c 2010-05-13 15:59:58.000000000 +0200
+diff -up openssh-5.6p1/gss-genr.c.gsskex openssh-5.6p1/gss-genr.c
+--- openssh-5.6p1/gss-genr.c.gsskex 2009-06-22 08:11:07.000000000 +0200
++++ openssh-5.6p1/gss-genr.c 2010-08-23 12:51:58.000000000 +0200
@@ -39,12 +39,167 @@
#include "buffer.h"
#include "log.h"
@@ -700,9 +700,9 @@ diff -up openssh-5.5p1/gss-genr.c.gsskex openssh-5.5p1/gss-genr.c
+}
+
#endif /* GSSAPI */
-diff -up openssh-5.5p1/gss-serv.c.gsskex openssh-5.5p1/gss-serv.c
---- openssh-5.5p1/gss-serv.c.gsskex 2008-05-19 07:05:07.000000000 +0200
-+++ openssh-5.5p1/gss-serv.c 2010-05-13 15:59:58.000000000 +0200
+diff -up openssh-5.6p1/gss-serv.c.gsskex openssh-5.6p1/gss-serv.c
+--- openssh-5.6p1/gss-serv.c.gsskex 2008-05-19 07:05:07.000000000 +0200
++++ openssh-5.6p1/gss-serv.c 2010-08-23 12:51:58.000000000 +0200
@@ -1,7 +1,7 @@
/* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */
@@ -1016,9 +1016,9 @@ diff -up openssh-5.5p1/gss-serv.c.gsskex openssh-5.5p1/gss-serv.c
}
#endif
-diff -up openssh-5.5p1/gss-serv-krb5.c.gsskex openssh-5.5p1/gss-serv-krb5.c
---- openssh-5.5p1/gss-serv-krb5.c.gsskex 2006-09-01 07:38:36.000000000 +0200
-+++ openssh-5.5p1/gss-serv-krb5.c 2010-05-13 15:59:59.000000000 +0200
+diff -up openssh-5.6p1/gss-serv-krb5.c.gsskex openssh-5.6p1/gss-serv-krb5.c
+--- openssh-5.6p1/gss-serv-krb5.c.gsskex 2006-09-01 07:38:36.000000000 +0200
++++ openssh-5.6p1/gss-serv-krb5.c 2010-08-23 12:51:58.000000000 +0200
@@ -1,7 +1,7 @@
/* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */
@@ -1139,9 +1139,9 @@ diff -up openssh-5.5p1/gss-serv-krb5.c.gsskex openssh-5.5p1/gss-serv-krb5.c
};
#endif /* KRB5 */
-diff -up openssh-5.5p1/kex.c.gsskex openssh-5.5p1/kex.c
---- openssh-5.5p1/kex.c.gsskex 2010-01-08 06:50:41.000000000 +0100
-+++ openssh-5.5p1/kex.c 2010-05-13 15:59:59.000000000 +0200
+diff -up openssh-5.6p1/kex.c.gsskex openssh-5.6p1/kex.c
+--- openssh-5.6p1/kex.c.gsskex 2010-01-08 06:50:41.000000000 +0100
++++ openssh-5.6p1/kex.c 2010-08-23 12:51:58.000000000 +0200
@@ -50,6 +50,10 @@
#include "monitor.h"
#include "roaming.h"
@@ -1174,9 +1174,9 @@ diff -up openssh-5.5p1/kex.c.gsskex openssh-5.5p1/kex.c
} else
fatal("bad kex alg %s", k->name);
}
-diff -up openssh-5.5p1/kexgssc.c.gsskex openssh-5.5p1/kexgssc.c
---- openssh-5.5p1/kexgssc.c.gsskex 2010-05-13 15:59:59.000000000 +0200
-+++ openssh-5.5p1/kexgssc.c 2010-05-13 15:59:59.000000000 +0200
+diff -up openssh-5.6p1/kexgssc.c.gsskex openssh-5.6p1/kexgssc.c
+--- openssh-5.6p1/kexgssc.c.gsskex 2010-08-23 12:51:58.000000000 +0200
++++ openssh-5.6p1/kexgssc.c 2010-08-23 12:51:58.000000000 +0200
@@ -0,0 +1,334 @@
+/*
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@@ -1512,9 +1512,9 @@ diff -up openssh-5.5p1/kexgssc.c.gsskex openssh-5.5p1/kexgssc.c
+}
+
+#endif /* GSSAPI */
-diff -up openssh-5.5p1/kexgsss.c.gsskex openssh-5.5p1/kexgsss.c
---- openssh-5.5p1/kexgsss.c.gsskex 2010-05-13 15:59:59.000000000 +0200
-+++ openssh-5.5p1/kexgsss.c 2010-05-13 15:59:59.000000000 +0200
+diff -up openssh-5.6p1/kexgsss.c.gsskex openssh-5.6p1/kexgsss.c
+--- openssh-5.6p1/kexgsss.c.gsskex 2010-08-23 12:51:58.000000000 +0200
++++ openssh-5.6p1/kexgsss.c 2010-08-23 12:51:58.000000000 +0200
@@ -0,0 +1,288 @@
+/*
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
@@ -1804,9 +1804,9 @@ diff -up openssh-5.5p1/kexgsss.c.gsskex openssh-5.5p1/kexgsss.c
+ ssh_gssapi_rekey_creds();
+}
+#endif /* GSSAPI */
-diff -up openssh-5.5p1/kex.h.gsskex openssh-5.5p1/kex.h
---- openssh-5.5p1/kex.h.gsskex 2010-02-26 21:55:05.000000000 +0100
-+++ openssh-5.5p1/kex.h 2010-05-13 15:59:59.000000000 +0200
+diff -up openssh-5.6p1/kex.h.gsskex openssh-5.6p1/kex.h
+--- openssh-5.6p1/kex.h.gsskex 2010-02-26 21:55:05.000000000 +0100
++++ openssh-5.6p1/kex.h 2010-08-23 12:51:58.000000000 +0200
@@ -67,6 +67,9 @@ enum kex_exchange {
KEX_DH_GRP14_SHA1,
KEX_DH_GEX_SHA1,
@@ -1842,32 +1842,32 @@ diff -up openssh-5.5p1/kex.h.gsskex openssh-5.5p1/kex.h
void
kex_dh_hash(char *, char *, char *, int, char *, int, u_char *, int,
BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *);
-diff -up openssh-5.5p1/key.c.gsskex openssh-5.5p1/key.c
---- openssh-5.5p1/key.c.gsskex 2010-03-21 19:58:24.000000000 +0100
-+++ openssh-5.5p1/key.c 2010-05-13 15:59:59.000000000 +0200
-@@ -982,6 +982,8 @@ key_type_from_name(char *name)
+diff -up openssh-5.6p1/key.c.gsskex openssh-5.6p1/key.c
+--- openssh-5.6p1/key.c.gsskex 2010-07-16 05:58:37.000000000 +0200
++++ openssh-5.6p1/key.c 2010-08-23 12:56:03.000000000 +0200
+@@ -1020,6 +1020,8 @@ key_type_from_name(char *name)
return KEY_RSA_CERT;
- } else if (strcmp(name, "ssh-dss-cert-v00 at openssh.com") == 0) {
+ } else if (strcmp(name, "ssh-dss-cert-v01 at openssh.com") == 0) {
return KEY_DSA_CERT;
+ } else if (strcmp(name, "null") == 0) {
+ return KEY_NULL;
}
debug2("key_type_from_name: unknown key type '%s'", name);
return KEY_UNSPEC;
-diff -up openssh-5.5p1/key.h.gsskex openssh-5.5p1/key.h
---- openssh-5.5p1/key.h.gsskex 2010-03-21 19:58:24.000000000 +0100
-+++ openssh-5.5p1/key.h 2010-05-13 15:59:59.000000000 +0200
-@@ -37,6 +37,7 @@ enum types {
- KEY_DSA,
- KEY_RSA_CERT,
+diff -up openssh-5.6p1/key.h.gsskex openssh-5.6p1/key.h
+--- openssh-5.6p1/key.h.gsskex 2010-04-16 07:56:22.000000000 +0200
++++ openssh-5.6p1/key.h 2010-08-23 12:56:32.000000000 +0200
+@@ -39,6 +39,7 @@ enum types {
KEY_DSA_CERT,
+ KEY_RSA_CERT_V00,
+ KEY_DSA_CERT_V00,
+ KEY_NULL,
KEY_UNSPEC
};
enum fp_type {
-diff -up openssh-5.5p1/Makefile.in.gsskex openssh-5.5p1/Makefile.in
---- openssh-5.5p1/Makefile.in.gsskex 2010-05-13 15:59:57.000000000 +0200
-+++ openssh-5.5p1/Makefile.in 2010-05-13 16:01:34.000000000 +0200
+diff -up openssh-5.6p1/Makefile.in.gsskex openssh-5.6p1/Makefile.in
+--- openssh-5.6p1/Makefile.in.gsskex 2010-08-23 12:51:58.000000000 +0200
++++ openssh-5.6p1/Makefile.in 2010-08-23 12:51:58.000000000 +0200
@@ -76,11 +76,11 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \
@@ -1891,9 +1891,9 @@ diff -up openssh-5.5p1/Makefile.in.gsskex openssh-5.5p1/Makefile.in
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5
-diff -up openssh-5.5p1/monitor.c.gsskex openssh-5.5p1/monitor.c
---- openssh-5.5p1/monitor.c.gsskex 2010-05-13 15:59:50.000000000 +0200
-+++ openssh-5.5p1/monitor.c 2010-05-13 15:59:59.000000000 +0200
+diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c
+--- openssh-5.6p1/monitor.c.gsskex 2010-08-23 12:51:56.000000000 +0200
++++ openssh-5.6p1/monitor.c 2010-08-23 12:51:58.000000000 +0200
@@ -175,6 +175,8 @@ int mm_answer_gss_setup_ctx(int, Buffer
int mm_answer_gss_accept_ctx(int, Buffer *);
int mm_answer_gss_userok(int, Buffer *);
@@ -2086,9 +2086,9 @@ diff -up openssh-5.5p1/monitor.c.gsskex openssh-5.5p1/monitor.c
#endif /* GSSAPI */
#ifdef JPAKE
-diff -up openssh-5.5p1/monitor.h.gsskex openssh-5.5p1/monitor.h
---- openssh-5.5p1/monitor.h.gsskex 2010-05-13 15:59:50.000000000 +0200
-+++ openssh-5.5p1/monitor.h 2010-05-13 15:59:59.000000000 +0200
+diff -up openssh-5.6p1/monitor.h.gsskex openssh-5.6p1/monitor.h
+--- openssh-5.6p1/monitor.h.gsskex 2010-08-23 12:51:56.000000000 +0200
++++ openssh-5.6p1/monitor.h 2010-08-23 12:51:58.000000000 +0200
@@ -56,6 +56,8 @@ enum monitor_reqtype {
MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP,
MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK,
@@ -2098,9 +2098,9 @@ diff -up openssh-5.5p1/monitor.h.gsskex openssh-5.5p1/monitor.h
MONITOR_REQ_PAM_START,
MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT,
MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX,
-diff -up openssh-5.5p1/monitor_wrap.c.gsskex openssh-5.5p1/monitor_wrap.c
---- openssh-5.5p1/monitor_wrap.c.gsskex 2010-05-13 15:59:51.000000000 +0200
-+++ openssh-5.5p1/monitor_wrap.c 2010-05-13 15:59:59.000000000 +0200
+diff -up openssh-5.6p1/monitor_wrap.c.gsskex openssh-5.6p1/monitor_wrap.c
+--- openssh-5.6p1/monitor_wrap.c.gsskex 2010-08-23 12:51:56.000000000 +0200
++++ openssh-5.6p1/monitor_wrap.c 2010-08-23 12:51:58.000000000 +0200
@@ -1250,7 +1250,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss
}
@@ -2162,9 +2162,9 @@ diff -up openssh-5.5p1/monitor_wrap.c.gsskex openssh-5.5p1/monitor_wrap.c
#endif /* GSSAPI */
#ifdef JPAKE
-diff -up openssh-5.5p1/monitor_wrap.h.gsskex openssh-5.5p1/monitor_wrap.h
---- openssh-5.5p1/monitor_wrap.h.gsskex 2010-05-13 15:59:51.000000000 +0200
-+++ openssh-5.5p1/monitor_wrap.h 2010-05-13 15:59:59.000000000 +0200
+diff -up openssh-5.6p1/monitor_wrap.h.gsskex openssh-5.6p1/monitor_wrap.h
+--- openssh-5.6p1/monitor_wrap.h.gsskex 2010-08-23 12:51:56.000000000 +0200
++++ openssh-5.6p1/monitor_wrap.h 2010-08-23 12:51:58.000000000 +0200
@@ -60,8 +60,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(K
OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID);
OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *,
@@ -2177,18 +2177,18 @@ diff -up openssh-5.5p1/monitor_wrap.h.gsskex openssh-5.5p1/monitor_wrap.h
#endif
#ifdef USE_PAM
-diff -up openssh-5.5p1/readconf.c.gsskex openssh-5.5p1/readconf.c
---- openssh-5.5p1/readconf.c.gsskex 2010-02-11 23:21:03.000000000 +0100
-+++ openssh-5.5p1/readconf.c 2010-05-13 15:59:59.000000000 +0200
+diff -up openssh-5.6p1/readconf.c.gsskex openssh-5.6p1/readconf.c
+--- openssh-5.6p1/readconf.c.gsskex 2010-08-03 08:04:46.000000000 +0200
++++ openssh-5.6p1/readconf.c 2010-08-23 12:57:26.000000000 +0200
@@ -127,6 +127,7 @@ typedef enum {
oClearAllForwardings, oNoHostAuthenticationForLocalhost,
oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout,
oAddressFamily, oGssAuthentication, oGssDelegateCreds,
+ oGssTrustDns, oGssKeyEx, oGssClientIdentity, oGssRenewalRekey,
oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly,
- oSendEnv, oControlPath, oControlMaster, oHashKnownHosts,
- oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
-@@ -164,10 +165,18 @@ static struct {
+ oSendEnv, oControlPath, oControlMaster, oControlPersist,
+ oHashKnownHosts,
+@@ -166,10 +167,18 @@ static struct {
{ "afstokenpassing", oUnsupported },
#if defined(GSSAPI)
{ "gssapiauthentication", oGssAuthentication },
@@ -2207,7 +2207,7 @@ diff -up openssh-5.5p1/readconf.c.gsskex openssh-5.5p1/readconf.c
#endif
{ "fallbacktorsh", oDeprecated },
{ "usersh", oDeprecated },
-@@ -456,10 +465,26 @@ parse_flag:
+@@ -474,10 +483,26 @@ parse_flag:
intptr = &options->gss_authentication;
goto parse_flag;
@@ -2234,7 +2234,7 @@ diff -up openssh-5.5p1/readconf.c.gsskex openssh-5.5p1/readconf.c
case oBatchMode:
intptr = &options->batch_mode;
goto parse_flag;
-@@ -1015,7 +1040,11 @@ initialize_options(Options * options)
+@@ -1058,7 +1083,11 @@ initialize_options(Options * options)
options->pubkey_authentication = -1;
options->challenge_response_authentication = -1;
options->gss_authentication = -1;
@@ -2246,7 +2246,7 @@ diff -up openssh-5.5p1/readconf.c.gsskex openssh-5.5p1/readconf.c
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->kbd_interactive_devices = NULL;
-@@ -1107,8 +1136,14 @@ fill_default_options(Options * options)
+@@ -1156,8 +1185,14 @@ fill_default_options(Options * options)
options->challenge_response_authentication = 1;
if (options->gss_authentication == -1)
options->gss_authentication = 0;
@@ -2261,10 +2261,10 @@ diff -up openssh-5.5p1/readconf.c.gsskex openssh-5.5p1/readconf.c
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
-diff -up openssh-5.5p1/readconf.h.gsskex openssh-5.5p1/readconf.h
---- openssh-5.5p1/readconf.h.gsskex 2010-02-11 23:21:03.000000000 +0100
-+++ openssh-5.5p1/readconf.h 2010-05-13 16:00:00.000000000 +0200
-@@ -44,7 +44,11 @@ typedef struct {
+diff -up openssh-5.6p1/readconf.h.gsskex openssh-5.6p1/readconf.h
+--- openssh-5.6p1/readconf.h.gsskex 2010-08-03 08:04:46.000000000 +0200
++++ openssh-5.6p1/readconf.h 2010-08-23 12:51:59.000000000 +0200
+@@ -46,7 +46,11 @@ typedef struct {
int challenge_response_authentication;
/* Try S/Key or TIS, authentication. */
int gss_authentication; /* Try GSS authentication */
@@ -2276,9 +2276,9 @@ diff -up openssh-5.5p1/readconf.h.gsskex openssh-5.5p1/readconf.h
int password_authentication; /* Try password
* authentication. */
int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
-diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
---- openssh-5.5p1/servconf.c.gsskex 2010-05-13 15:59:54.000000000 +0200
-+++ openssh-5.5p1/servconf.c 2010-05-13 16:00:00.000000000 +0200
+diff -up openssh-5.6p1/servconf.c.gsskex openssh-5.6p1/servconf.c
+--- openssh-5.6p1/servconf.c.gsskex 2010-08-23 12:51:56.000000000 +0200
++++ openssh-5.6p1/servconf.c 2010-08-23 12:51:59.000000000 +0200
@@ -93,7 +93,10 @@ initialize_server_options(ServerOptions
options->kerberos_ticket_cleanup = -1;
options->kerberos_get_afs_token = -1;
@@ -2290,7 +2290,7 @@ diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
options->password_authentication = -1;
options->kbd_interactive_authentication = -1;
options->challenge_response_authentication = -1;
-@@ -217,8 +220,14 @@ fill_default_server_options(ServerOption
+@@ -218,8 +221,14 @@ fill_default_server_options(ServerOption
options->kerberos_get_afs_token = 0;
if (options->gss_authentication == -1)
options->gss_authentication = 0;
@@ -2305,7 +2305,7 @@ diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
if (options->password_authentication == -1)
options->password_authentication = 1;
if (options->kbd_interactive_authentication == -1)
-@@ -312,7 +321,9 @@ typedef enum {
+@@ -313,7 +322,9 @@ typedef enum {
sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication,
sHostbasedUsesNameFromPacketOnly, sClientAliveInterval,
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
@@ -2316,7 +2316,7 @@ diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication, sHostCertificate,
-@@ -376,9 +387,15 @@ static struct {
+@@ -377,9 +388,15 @@ static struct {
#ifdef GSSAPI
{ "gssapiauthentication", sGssAuthentication, SSHCFG_ALL },
{ "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL },
@@ -2332,7 +2332,7 @@ diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
#endif
{ "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL },
{ "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL },
-@@ -939,10 +956,22 @@ process_server_config_line(ServerOptions
+@@ -941,10 +958,22 @@ process_server_config_line(ServerOptions
intptr = &options->gss_authentication;
goto parse_flag;
@@ -2355,9 +2355,9 @@ diff -up openssh-5.5p1/servconf.c.gsskex openssh-5.5p1/servconf.c
case sPasswordAuthentication:
intptr = &options->password_authentication;
goto parse_flag;
-diff -up openssh-5.5p1/servconf.h.gsskex openssh-5.5p1/servconf.h
---- openssh-5.5p1/servconf.h.gsskex 2010-05-13 15:59:54.000000000 +0200
-+++ openssh-5.5p1/servconf.h 2010-05-13 16:00:00.000000000 +0200
+diff -up openssh-5.6p1/servconf.h.gsskex openssh-5.6p1/servconf.h
+--- openssh-5.6p1/servconf.h.gsskex 2010-08-23 12:51:56.000000000 +0200
++++ openssh-5.6p1/servconf.h 2010-08-23 12:51:59.000000000 +0200
@@ -94,7 +94,10 @@ typedef struct {
int kerberos_get_afs_token; /* If true, try to get AFS token if
* authenticated with Kerberos. */
@@ -2369,10 +2369,10 @@ diff -up openssh-5.5p1/servconf.h.gsskex openssh-5.5p1/servconf.h
int password_authentication; /* If true, permit password
* authentication. */
int kbd_interactive_authentication; /* If true, permit */
-diff -up openssh-5.5p1/ssh_config.5.gsskex openssh-5.5p1/ssh_config.5
---- openssh-5.5p1/ssh_config.5.gsskex 2010-03-26 02:09:13.000000000 +0100
-+++ openssh-5.5p1/ssh_config.5 2010-05-13 16:00:00.000000000 +0200
-@@ -478,11 +478,38 @@ Specifies whether user authentication ba
+diff -up openssh-5.6p1/ssh_config.5.gsskex openssh-5.6p1/ssh_config.5
+--- openssh-5.6p1/ssh_config.5.gsskex 2010-08-05 05:03:13.000000000 +0200
++++ openssh-5.6p1/ssh_config.5 2010-08-23 12:51:59.000000000 +0200
+@@ -509,11 +509,38 @@ Specifies whether user authentication ba
The default is
.Dq no .
Note that this option applies to protocol version 2 only.
@@ -2412,9 +2412,9 @@ diff -up openssh-5.5p1/ssh_config.5.gsskex openssh-5.5p1/ssh_config.5
.It Cm HashKnownHosts
Indicates that
.Xr ssh 1
-diff -up openssh-5.5p1/ssh_config.gsskex openssh-5.5p1/ssh_config
---- openssh-5.5p1/ssh_config.gsskex 2010-05-13 15:59:48.000000000 +0200
-+++ openssh-5.5p1/ssh_config 2010-05-13 16:00:00.000000000 +0200
+diff -up openssh-5.6p1/ssh_config.gsskex openssh-5.6p1/ssh_config
+--- openssh-5.6p1/ssh_config.gsskex 2010-08-23 12:51:55.000000000 +0200
++++ openssh-5.6p1/ssh_config 2010-08-23 12:51:59.000000000 +0200
@@ -26,6 +26,8 @@
# HostbasedAuthentication no
# GSSAPIAuthentication no
@@ -2424,9 +2424,9 @@ diff -up openssh-5.5p1/ssh_config.gsskex openssh-5.5p1/ssh_config
# BatchMode no
# CheckHostIP yes
# AddressFamily any
-diff -up openssh-5.5p1/sshconnect2.c.gsskex openssh-5.5p1/sshconnect2.c
---- openssh-5.5p1/sshconnect2.c.gsskex 2010-05-13 15:59:57.000000000 +0200
-+++ openssh-5.5p1/sshconnect2.c 2010-05-13 16:00:00.000000000 +0200
+diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c
+--- openssh-5.6p1/sshconnect2.c.gsskex 2010-08-23 12:51:58.000000000 +0200
++++ openssh-5.6p1/sshconnect2.c 2010-08-23 12:51:59.000000000 +0200
@@ -108,9 +108,34 @@ ssh_kex2(char *host, struct sockaddr *ho
{
Kex *kex;
@@ -2624,9 +2624,9 @@ diff -up openssh-5.5p1/sshconnect2.c.gsskex openssh-5.5p1/sshconnect2.c
#endif /* GSSAPI */
int
-diff -up openssh-5.5p1/sshd.c.gsskex openssh-5.5p1/sshd.c
---- openssh-5.5p1/sshd.c.gsskex 2010-05-13 15:59:57.000000000 +0200
-+++ openssh-5.5p1/sshd.c 2010-05-13 16:00:00.000000000 +0200
+diff -up openssh-5.6p1/sshd.c.gsskex openssh-5.6p1/sshd.c
+--- openssh-5.6p1/sshd.c.gsskex 2010-08-23 12:51:58.000000000 +0200
++++ openssh-5.6p1/sshd.c 2010-08-23 12:51:59.000000000 +0200
@@ -129,6 +129,10 @@ int allow_severity;
int deny_severity;
#endif /* LIBWRAP */
@@ -2638,7 +2638,7 @@ diff -up openssh-5.5p1/sshd.c.gsskex openssh-5.5p1/sshd.c
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif
-@@ -1592,10 +1596,13 @@ main(int ac, char **av)
+@@ -1601,10 +1605,13 @@ main(int ac, char **av)
logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
}
@@ -2652,7 +2652,7 @@ diff -up openssh-5.5p1/sshd.c.gsskex openssh-5.5p1/sshd.c
if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
logit("sshd: no hostkeys available -- exiting.");
exit(1);
-@@ -1928,6 +1935,60 @@ main(int ac, char **av)
+@@ -1937,6 +1944,60 @@ main(int ac, char **av)
/* Log the connection. */
verbose("Connection from %.500s port %d", remote_ip, remote_port);
@@ -2713,7 +2713,7 @@ diff -up openssh-5.5p1/sshd.c.gsskex openssh-5.5p1/sshd.c
/*
* We don't want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is
-@@ -2315,12 +2376,61 @@ do_ssh2_kex(void)
+@@ -2324,12 +2385,61 @@ do_ssh2_kex(void)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
@@ -2775,10 +2775,10 @@ diff -up openssh-5.5p1/sshd.c.gsskex openssh-5.5p1/sshd.c
kex->server = 1;
kex->client_version_string=client_version_string;
kex->server_version_string=server_version_string;
-diff -up openssh-5.5p1/sshd_config.5.gsskex openssh-5.5p1/sshd_config.5
---- openssh-5.5p1/sshd_config.5.gsskex 2010-05-13 15:59:54.000000000 +0200
-+++ openssh-5.5p1/sshd_config.5 2010-05-13 16:00:00.000000000 +0200
-@@ -379,12 +379,40 @@ Specifies whether user authentication ba
+diff -up openssh-5.6p1/sshd_config.5.gsskex openssh-5.6p1/sshd_config.5
+--- openssh-5.6p1/sshd_config.5.gsskex 2010-08-23 12:51:56.000000000 +0200
++++ openssh-5.6p1/sshd_config.5 2010-08-23 12:51:59.000000000 +0200
+@@ -424,12 +424,40 @@ Specifies whether user authentication ba
The default is
.Dq no .
Note that this option applies to protocol version 2 only.
@@ -2819,9 +2819,9 @@ diff -up openssh-5.5p1/sshd_config.5.gsskex openssh-5.5p1/sshd_config.5
.It Cm HostbasedAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful public key client host authentication is allowed
-diff -up openssh-5.5p1/sshd_config.gsskex openssh-5.5p1/sshd_config
---- openssh-5.5p1/sshd_config.gsskex 2010-05-13 15:59:54.000000000 +0200
-+++ openssh-5.5p1/sshd_config 2010-05-13 16:00:00.000000000 +0200
+diff -up openssh-5.6p1/sshd_config.gsskex openssh-5.6p1/sshd_config
+--- openssh-5.6p1/sshd_config.gsskex 2010-08-23 12:51:56.000000000 +0200
++++ openssh-5.6p1/sshd_config 2010-08-23 12:51:59.000000000 +0200
@@ -78,6 +78,8 @@ ChallengeResponseAuthentication no
GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
@@ -2831,9 +2831,9 @@ diff -up openssh-5.5p1/sshd_config.gsskex openssh-5.5p1/sshd_config
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
-diff -up openssh-5.5p1/ssh-gss.h.gsskex openssh-5.5p1/ssh-gss.h
---- openssh-5.5p1/ssh-gss.h.gsskex 2007-06-12 15:40:39.000000000 +0200
-+++ openssh-5.5p1/ssh-gss.h 2010-05-13 16:00:00.000000000 +0200
+diff -up openssh-5.6p1/ssh-gss.h.gsskex openssh-5.6p1/ssh-gss.h
+--- openssh-5.6p1/ssh-gss.h.gsskex 2007-06-12 15:40:39.000000000 +0200
++++ openssh-5.6p1/ssh-gss.h 2010-08-23 12:51:59.000000000 +0200
@@ -1,6 +1,6 @@
/* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */
/*
diff --git a/openssh-5.5p1-keygen.patch b/openssh-5.6p1-keygen.patch
similarity index 64%
rename from openssh-5.5p1-keygen.patch
rename to openssh-5.6p1-keygen.patch
index c7a8fb4..9d7fce2 100644
--- a/openssh-5.5p1-keygen.patch
+++ b/openssh-5.6p1-keygen.patch
@@ -1,6 +1,6 @@
-diff -up openssh-5.5p1/ssh-keygen.0.keygen openssh-5.5p1/ssh-keygen.0
---- openssh-5.5p1/ssh-keygen.0.keygen 2010-04-16 02:17:11.000000000 +0200
-+++ openssh-5.5p1/ssh-keygen.0 2010-05-04 08:19:22.000000000 +0200
+diff -up openssh-5.6p1/ssh-keygen.0.keygen openssh-5.6p1/ssh-keygen.0
+--- openssh-5.6p1/ssh-keygen.0.keygen 2010-08-22 16:30:03.000000000 +0200
++++ openssh-5.6p1/ssh-keygen.0 2010-08-23 12:37:19.000000000 +0200
@@ -4,7 +4,7 @@ NAME
ssh-keygen - authentication key generation, management and conversion
@@ -9,8 +9,8 @@ diff -up openssh-5.5p1/ssh-keygen.0.keygen openssh-5.5p1/ssh-keygen.0
+ ssh-keygen [-q] [-o] [-b bits] -t type [-N new_passphrase] [-C comment]
[-f output_keyfile]
ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
- ssh-keygen -i [-f input_keyfile]
-@@ -222,6 +222,8 @@ DESCRIPTION
+ ssh-keygen -i [-m key_format] [-f input_keyfile]
+@@ -232,6 +232,8 @@ DESCRIPTION
-q Silence ssh-keygen. Used by /etc/rc when creating a new key.
@@ -19,18 +19,18 @@ diff -up openssh-5.5p1/ssh-keygen.0.keygen openssh-5.5p1/ssh-keygen.0
-R hostname
Removes all keys belonging to hostname from a known_hosts file.
This option is useful to delete hashed hosts (see the -H option
-diff -up openssh-5.5p1/ssh-keygen.1.keygen openssh-5.5p1/ssh-keygen.1
---- openssh-5.5p1/ssh-keygen.1.keygen 2010-03-21 19:57:49.000000000 +0100
-+++ openssh-5.5p1/ssh-keygen.1 2010-05-04 08:19:22.000000000 +0200
+diff -up openssh-5.6p1/ssh-keygen.1.keygen openssh-5.6p1/ssh-keygen.1
+--- openssh-5.6p1/ssh-keygen.1.keygen 2010-08-05 05:05:32.000000000 +0200
++++ openssh-5.6p1/ssh-keygen.1 2010-08-23 12:36:25.000000000 +0200
@@ -47,6 +47,7 @@
- .Nm ssh-keygen
.Bk -words
+ .Nm ssh-keygen
.Op Fl q
+.Op Fl o
.Op Fl b Ar bits
.Fl t Ar type
.Op Fl N Ar new_passphrase
-@@ -370,6 +371,8 @@ Silence
+@@ -397,6 +398,8 @@ Silence
Used by
.Pa /etc/rc
when creating a new key.
@@ -39,9 +39,9 @@ diff -up openssh-5.5p1/ssh-keygen.1.keygen openssh-5.5p1/ssh-keygen.1
.It Fl R Ar hostname
Removes all keys belonging to
.Ar hostname
-diff -up openssh-5.5p1/ssh-keygen.c.keygen openssh-5.5p1/ssh-keygen.c
---- openssh-5.5p1/ssh-keygen.c.keygen 2010-03-21 19:58:24.000000000 +0100
-+++ openssh-5.5p1/ssh-keygen.c 2010-05-04 08:22:22.000000000 +0200
+diff -up openssh-5.6p1/ssh-keygen.c.keygen openssh-5.6p1/ssh-keygen.c
+--- openssh-5.6p1/ssh-keygen.c.keygen 2010-08-05 05:05:32.000000000 +0200
++++ openssh-5.6p1/ssh-keygen.c 2010-08-23 12:34:40.000000000 +0200
@@ -72,6 +72,7 @@ int change_passphrase = 0;
int change_comment = 0;
@@ -50,16 +50,16 @@ diff -up openssh-5.5p1/ssh-keygen.c.keygen openssh-5.5p1/ssh-keygen.c
int log_level = SYSLOG_LEVEL_INFO;
-@@ -1540,7 +1541,7 @@ main(int argc, char **argv)
+@@ -1798,7 +1799,7 @@ main(int argc, char **argv)
exit(1);
}
-- while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:N:n:"
-+ while ((opt = getopt(argc, argv, "degiqopclBHLhvxXyF:b:f:t:D:I:P:N:n:"
- "O:C:r:g:R:T:G:M:S:s:a:V:W:")) != -1) {
+- while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:"
++ while ((opt = getopt(argc, argv, "degiqopclBHLhvxXyF:b:f:t:D:I:P:m:N:n:"
+ "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) {
switch (opt) {
case 'b':
-@@ -1605,6 +1606,9 @@ main(int argc, char **argv)
+@@ -1878,6 +1879,9 @@ main(int argc, char **argv)
case 'q':
quiet = 1;
break;
@@ -69,8 +69,8 @@ diff -up openssh-5.5p1/ssh-keygen.c.keygen openssh-5.5p1/ssh-keygen.c
case 'e':
case 'x':
/* export key */
-@@ -1835,7 +1839,7 @@ main(int argc, char **argv)
- printf("Created directory '%s'.\n", dotsshdir);
+@@ -2124,7 +2128,7 @@ main(int argc, char **argv)
+ }
}
/* If the file already exists, ask the user to confirm. */
- if (stat(identity_file, &st) >= 0) {
diff --git a/openssh-5.5p1-kuserok.patch b/openssh-5.6p1-kuserok.patch
similarity index 68%
rename from openssh-5.5p1-kuserok.patch
rename to openssh-5.6p1-kuserok.patch
index 2390745..7754032 100644
--- a/openssh-5.5p1-kuserok.patch
+++ b/openssh-5.6p1-kuserok.patch
@@ -1,6 +1,6 @@
-diff -up openssh-5.5p1/auth-krb5.c.kuserok openssh-5.5p1/auth-krb5.c
---- openssh-5.5p1/auth-krb5.c.kuserok 2010-07-07 13:12:01.000000000 +0200
-+++ openssh-5.5p1/auth-krb5.c 2010-07-07 13:12:03.000000000 +0200
+diff -up openssh-5.6p1/auth-krb5.c.kuserok openssh-5.6p1/auth-krb5.c
+--- openssh-5.6p1/auth-krb5.c.kuserok 2010-08-23 13:01:19.000000000 +0200
++++ openssh-5.6p1/auth-krb5.c 2010-08-23 13:01:21.000000000 +0200
@@ -146,9 +146,11 @@ auth_krb5_password(Authctxt *authctxt, c
if (problem)
goto out;
@@ -16,18 +16,18 @@ diff -up openssh-5.5p1/auth-krb5.c.kuserok openssh-5.5p1/auth-krb5.c
}
problem = ssh_krb5_cc_gen(authctxt->krb5_ctx, &authctxt->krb5_fwd_ccache);
-diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
---- openssh-5.5p1/servconf.c.kuserok 2010-07-07 13:12:02.000000000 +0200
-+++ openssh-5.5p1/servconf.c 2010-07-07 13:12:04.000000000 +0200
-@@ -137,6 +137,7 @@ initialize_server_options(ServerOptions
- options->zero_knowledge_password_authentication = -1;
+diff -up openssh-5.6p1/servconf.c.kuserok openssh-5.6p1/servconf.c
+--- openssh-5.6p1/servconf.c.kuserok 2010-08-23 13:01:20.000000000 +0200
++++ openssh-5.6p1/servconf.c 2010-08-23 13:02:14.000000000 +0200
+@@ -138,6 +138,7 @@ initialize_server_options(ServerOptions
options->revoked_keys_file = NULL;
options->trusted_user_ca_keys = NULL;
+ options->authorized_principals_file = NULL;
+ options->use_kuserok = -1;
}
void
-@@ -285,6 +286,8 @@ fill_default_server_options(ServerOption
+@@ -286,6 +287,8 @@ fill_default_server_options(ServerOption
if (use_privsep == -1)
use_privsep = 1;
@@ -36,7 +36,7 @@ diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
#ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) {
error("This platform does not support both privilege "
-@@ -306,7 +309,7 @@ typedef enum {
+@@ -307,7 +310,7 @@ typedef enum {
sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsRSAAuthentication, sRSAAuthentication,
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
@@ -45,7 +45,7 @@ diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
sKerberosTgtPassing, sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication,
sListenAddress, sAddressFamily,
-@@ -376,11 +379,13 @@ static struct {
+@@ -377,11 +380,13 @@ static struct {
#else
{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
#endif
@@ -59,7 +59,7 @@ diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
#endif
{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
-@@ -1335,6 +1340,10 @@ process_server_config_line(ServerOptions
+@@ -1341,6 +1346,10 @@ process_server_config_line(ServerOptions
*activep = value;
break;
@@ -70,7 +70,7 @@ diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
case sPermitOpen:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
-@@ -1517,6 +1526,7 @@ copy_set_server_options(ServerOptions *d
+@@ -1525,6 +1534,7 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(x11_use_localhost);
M_CP_INTOPT(max_sessions);
M_CP_INTOPT(max_authtries);
@@ -78,7 +78,7 @@ diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
M_CP_STROPT(banner);
if (preauth)
-@@ -1734,6 +1744,7 @@ dump_config(ServerOptions *o)
+@@ -1745,6 +1755,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sUseDNS, o->use_dns);
dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
@@ -86,9 +86,9 @@ diff -up openssh-5.5p1/servconf.c.kuserok openssh-5.5p1/servconf.c
/* string arguments */
dump_cfg_string(sPidFile, o->pid_file);
-diff -up openssh-5.5p1/servconf.h.kuserok openssh-5.5p1/servconf.h
---- openssh-5.5p1/servconf.h.kuserok 2010-07-07 13:12:02.000000000 +0200
-+++ openssh-5.5p1/servconf.h 2010-07-07 13:12:04.000000000 +0200
+diff -up openssh-5.6p1/servconf.h.kuserok openssh-5.6p1/servconf.h
+--- openssh-5.6p1/servconf.h.kuserok 2010-08-23 13:01:20.000000000 +0200
++++ openssh-5.6p1/servconf.h 2010-08-23 13:01:21.000000000 +0200
@@ -157,6 +157,7 @@ typedef struct {
int num_permitted_opens;
@@ -97,10 +97,10 @@ diff -up openssh-5.5p1/servconf.h.kuserok openssh-5.5p1/servconf.h
char *chroot_directory;
char *revoked_keys_file;
char *trusted_user_ca_keys;
-diff -up openssh-5.5p1/sshd_config.5.kuserok openssh-5.5p1/sshd_config.5
---- openssh-5.5p1/sshd_config.5.kuserok 2010-07-07 13:12:03.000000000 +0200
-+++ openssh-5.5p1/sshd_config.5 2010-07-07 13:21:02.000000000 +0200
-@@ -519,6 +519,10 @@ Specifies whether to automatically destr
+diff -up openssh-5.6p1/sshd_config.5.kuserok openssh-5.6p1/sshd_config.5
+--- openssh-5.6p1/sshd_config.5.kuserok 2010-08-23 13:01:21.000000000 +0200
++++ openssh-5.6p1/sshd_config.5 2010-08-23 13:03:15.000000000 +0200
+@@ -564,6 +564,10 @@ Specifies whether to automatically destr
file on logout.
The default is
.Dq yes .
@@ -111,17 +111,17 @@ diff -up openssh-5.5p1/sshd_config.5.kuserok openssh-5.5p1/sshd_config.5
.It Cm KeyRegenerationInterval
In protocol version 1, the ephemeral server key is automatically regenerated
after this many seconds (if it has been used).
-@@ -644,6 +648,7 @@ Available keywords are
- .Cm HostbasedAuthentication ,
+@@ -694,6 +698,7 @@ Available keywords are
+ .Cm HostbasedUsesNameFromPacketOnly ,
.Cm KbdInteractiveAuthentication ,
.Cm KerberosAuthentication ,
+.Cm KerberosUseKuserok ,
.Cm MaxAuthTries ,
.Cm MaxSessions ,
.Cm PubkeyAuthentication ,
-diff -up openssh-5.5p1/sshd_config.kuserok openssh-5.5p1/sshd_config
---- openssh-5.5p1/sshd_config.kuserok 2010-07-07 13:12:03.000000000 +0200
-+++ openssh-5.5p1/sshd_config 2010-07-07 13:12:04.000000000 +0200
+diff -up openssh-5.6p1/sshd_config.kuserok openssh-5.6p1/sshd_config
+--- openssh-5.6p1/sshd_config.kuserok 2010-08-23 13:01:21.000000000 +0200
++++ openssh-5.6p1/sshd_config 2010-08-23 13:01:21.000000000 +0200
@@ -72,6 +72,7 @@ ChallengeResponseAuthentication no
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
diff --git a/openssh-5.5p1-ldap.patch b/openssh-5.6p1-ldap.patch
similarity index 95%
rename from openssh-5.5p1-ldap.patch
rename to openssh-5.6p1-ldap.patch
index 172477f..1010a8c 100644
--- a/openssh-5.5p1-ldap.patch
+++ b/openssh-5.6p1-ldap.patch
@@ -1,6 +1,6 @@
-diff -up openssh-5.5p1/configure.ac.ldap openssh-5.5p1/configure.ac
---- openssh-5.5p1/configure.ac.ldap 2010-07-07 14:36:34.000000000 +0200
-+++ openssh-5.5p1/configure.ac 2010-07-07 14:36:34.000000000 +0200
+diff -up openssh-5.6p1/configure.ac.ldap openssh-5.6p1/configure.ac
+--- openssh-5.6p1/configure.ac.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/configure.ac 2010-08-23 12:28:11.000000000 +0200
@@ -1358,6 +1358,106 @@ AC_ARG_WITH(authorized-keys-command,
]
)
@@ -108,9 +108,9 @@ diff -up openssh-5.5p1/configure.ac.ldap openssh-5.5p1/configure.ac
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS( \
arc4random \
-diff -up openssh-5.5p1/ldapbody.c.ldap openssh-5.5p1/ldapbody.c
---- openssh-5.5p1/ldapbody.c.ldap 2010-07-07 14:36:34.000000000 +0200
-+++ openssh-5.5p1/ldapbody.c 2010-07-07 14:36:34.000000000 +0200
+diff -up openssh-5.6p1/ldapbody.c.ldap openssh-5.6p1/ldapbody.c
+--- openssh-5.6p1/ldapbody.c.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/ldapbody.c 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,494 @@
+/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -606,9 +606,9 @@ diff -up openssh-5.5p1/ldapbody.c.ldap openssh-5.5p1/ldapbody.c
+ return;
+}
+
-diff -up openssh-5.5p1/ldapbody.h.ldap openssh-5.5p1/ldapbody.h
---- openssh-5.5p1/ldapbody.h.ldap 2010-07-07 14:36:34.000000000 +0200
-+++ openssh-5.5p1/ldapbody.h 2010-07-07 14:36:34.000000000 +0200
+diff -up openssh-5.6p1/ldapbody.h.ldap openssh-5.6p1/ldapbody.h
+--- openssh-5.6p1/ldapbody.h.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/ldapbody.h 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,37 @@
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -647,9 +647,9 @@ diff -up openssh-5.5p1/ldapbody.h.ldap openssh-5.5p1/ldapbody.h
+
+#endif /* LDAPBODY_H */
+
-diff -up openssh-5.5p1/ldapconf.c.ldap openssh-5.5p1/ldapconf.c
---- openssh-5.5p1/ldapconf.c.ldap 2010-07-07 14:36:34.000000000 +0200
-+++ openssh-5.5p1/ldapconf.c 2010-07-07 14:36:34.000000000 +0200
+diff -up openssh-5.6p1/ldapconf.c.ldap openssh-5.6p1/ldapconf.c
+--- openssh-5.6p1/ldapconf.c.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/ldapconf.c 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,682 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1333,9 +1333,9 @@ diff -up openssh-5.5p1/ldapconf.c.ldap openssh-5.5p1/ldapconf.c
+ dump_cfg_string(lSSH_Filter, options.ssh_filter);
+}
+
-diff -up openssh-5.5p1/ldapconf.h.ldap openssh-5.5p1/ldapconf.h
---- openssh-5.5p1/ldapconf.h.ldap 2010-07-07 14:36:34.000000000 +0200
-+++ openssh-5.5p1/ldapconf.h 2010-07-07 14:36:34.000000000 +0200
+diff -up openssh-5.6p1/ldapconf.h.ldap openssh-5.6p1/ldapconf.h
+--- openssh-5.6p1/ldapconf.h.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/ldapconf.h 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,71 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1408,9 +1408,9 @@ diff -up openssh-5.5p1/ldapconf.h.ldap openssh-5.5p1/ldapconf.h
+void dump_config(void);
+
+#endif /* LDAPCONF_H */
-diff -up openssh-5.5p1/ldap.conf.ldap openssh-5.5p1/ldap.conf
---- openssh-5.5p1/ldap.conf.ldap 2010-07-07 14:36:34.000000000 +0200
-+++ openssh-5.5p1/ldap.conf 2010-07-07 14:36:34.000000000 +0200
+diff -up openssh-5.6p1/ldap.conf.ldap openssh-5.6p1/ldap.conf
+--- openssh-5.6p1/ldap.conf.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/ldap.conf 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,88 @@
+# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $
+#
@@ -1500,9 +1500,9 @@ diff -up openssh-5.5p1/ldap.conf.ldap openssh-5.5p1/ldap.conf
+#tls_cert
+#tls_key
+
-diff -up openssh-5.5p1/ldap-helper.c.ldap openssh-5.5p1/ldap-helper.c
---- openssh-5.5p1/ldap-helper.c.ldap 2010-07-07 14:36:34.000000000 +0200
-+++ openssh-5.5p1/ldap-helper.c 2010-07-07 14:36:34.000000000 +0200
+diff -up openssh-5.6p1/ldap-helper.c.ldap openssh-5.6p1/ldap-helper.c
+--- openssh-5.6p1/ldap-helper.c.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/ldap-helper.c 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,154 @@
+/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1658,9 +1658,9 @@ diff -up openssh-5.5p1/ldap-helper.c.ldap openssh-5.5p1/ldap-helper.c
+void *buffer_get_string(Buffer *b, u_int *l) {}
+void buffer_put_string(Buffer *b, const void *f, u_int l) {}
+
-diff -up openssh-5.5p1/ldap-helper.h.ldap openssh-5.5p1/ldap-helper.h
---- openssh-5.5p1/ldap-helper.h.ldap 2010-07-07 14:36:34.000000000 +0200
-+++ openssh-5.5p1/ldap-helper.h 2010-07-07 14:36:34.000000000 +0200
+diff -up openssh-5.6p1/ldap-helper.h.ldap openssh-5.6p1/ldap-helper.h
+--- openssh-5.6p1/ldap-helper.h.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/ldap-helper.h 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,32 @@
+/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1694,9 +1694,9 @@ diff -up openssh-5.5p1/ldap-helper.h.ldap openssh-5.5p1/ldap-helper.h
+extern int config_warning_config_file;
+
+#endif /* LDAP_HELPER_H */
-diff -up openssh-5.5p1/ldapincludes.h.ldap openssh-5.5p1/ldapincludes.h
---- openssh-5.5p1/ldapincludes.h.ldap 2010-07-07 14:36:34.000000000 +0200
-+++ openssh-5.5p1/ldapincludes.h 2010-07-07 14:36:34.000000000 +0200
+diff -up openssh-5.6p1/ldapincludes.h.ldap openssh-5.6p1/ldapincludes.h
+--- openssh-5.6p1/ldapincludes.h.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/ldapincludes.h 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,41 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1739,9 +1739,9 @@ diff -up openssh-5.5p1/ldapincludes.h.ldap openssh-5.5p1/ldapincludes.h
+#endif
+
+#endif /* LDAPINCLUDES_H */
-diff -up openssh-5.5p1/ldapmisc.c.ldap openssh-5.5p1/ldapmisc.c
---- openssh-5.5p1/ldapmisc.c.ldap 2010-07-07 14:36:34.000000000 +0200
-+++ openssh-5.5p1/ldapmisc.c 2010-07-07 14:36:34.000000000 +0200
+diff -up openssh-5.6p1/ldapmisc.c.ldap openssh-5.6p1/ldapmisc.c
+--- openssh-5.6p1/ldapmisc.c.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/ldapmisc.c 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,79 @@
+
+#include "ldapincludes.h"
@@ -1822,9 +1822,9 @@ diff -up openssh-5.5p1/ldapmisc.c.ldap openssh-5.5p1/ldapmisc.c
+}
+#endif
+
-diff -up openssh-5.5p1/ldapmisc.h.ldap openssh-5.5p1/ldapmisc.h
---- openssh-5.5p1/ldapmisc.h.ldap 2010-07-07 14:36:35.000000000 +0200
-+++ openssh-5.5p1/ldapmisc.h 2010-07-07 14:36:35.000000000 +0200
+diff -up openssh-5.6p1/ldapmisc.h.ldap openssh-5.6p1/ldapmisc.h
+--- openssh-5.6p1/ldapmisc.h.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/ldapmisc.h 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,35 @@
+/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
@@ -1861,9 +1861,9 @@ diff -up openssh-5.5p1/ldapmisc.h.ldap openssh-5.5p1/ldapmisc.h
+
+#endif /* LDAPMISC_H */
+
-diff -up openssh-5.5p1/lpk-user-example.txt.ldap openssh-5.5p1/lpk-user-example.txt
---- openssh-5.5p1/lpk-user-example.txt.ldap 2010-07-07 14:36:35.000000000 +0200
-+++ openssh-5.5p1/lpk-user-example.txt 2010-07-07 14:36:35.000000000 +0200
+diff -up openssh-5.6p1/lpk-user-example.txt.ldap openssh-5.6p1/lpk-user-example.txt
+--- openssh-5.6p1/lpk-user-example.txt.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/lpk-user-example.txt 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,117 @@
+
+Post to ML -> User Made Quick Install Doc.
@@ -1982,9 +1982,9 @@ diff -up openssh-5.5p1/lpk-user-example.txt.ldap openssh-5.5p1/lpk-user-example.
+puTTY). Login should succeed.
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-diff -up openssh-5.5p1/Makefile.in.ldap openssh-5.5p1/Makefile.in
---- openssh-5.5p1/Makefile.in.ldap 2010-03-13 22:41:34.000000000 +0100
-+++ openssh-5.5p1/Makefile.in 2010-07-07 14:36:35.000000000 +0200
+diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in
+--- openssh-5.6p1/Makefile.in.ldap 2010-05-12 08:51:39.000000000 +0200
++++ openssh-5.6p1/Makefile.in 2010-08-23 12:29:24.000000000 +0200
@@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
@@ -2004,26 +2004,9 @@ diff -up openssh-5.5p1/Makefile.in.ldap openssh-5.5p1/Makefile.in
LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
-@@ -74,11 +76,11 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
- monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
- kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \
- entropy.o gss-genr.o umac.o jpake.o schnorr.o \
-- ssh-pkcs11.o
-+ ssh-pkcs11.o
-
- SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \
- sshconnect.o sshconnect1.o sshconnect2.o mux.o \
-- roaming_common.o roaming_client.o
-+ roaming_common.o roaming_client.o
-
- SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
- sshpty.o sshlogin.o servconf.o serverloop.o \
-@@ -91,10 +93,10 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
- auth2-gss.o gss-serv.o gss-serv-krb5.o \
- loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
+@@ -93,8 +95,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \
-- roaming_common.o roaming_serv.o
-+ roaming_common.o roaming_serv.o
+ roaming_common.o roaming_serv.o
-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@@ -2034,7 +2017,7 @@ diff -up openssh-5.5p1/Makefile.in.ldap openssh-5.5p1/Makefile.in
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
@@ -162,6 +164,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
- $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
+ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
@@ -2085,9 +2068,9 @@ diff -up openssh-5.5p1/Makefile.in.ldap openssh-5.5p1/Makefile.in
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
tests interop-tests: $(TARGETS)
-diff -up openssh-5.5p1/openssh-lpk-openldap.schema.ldap openssh-5.5p1/openssh-lpk-openldap.schema
---- openssh-5.5p1/openssh-lpk-openldap.schema.ldap 2010-07-07 14:36:35.000000000 +0200
-+++ openssh-5.5p1/openssh-lpk-openldap.schema 2010-07-07 14:36:35.000000000 +0200
+diff -up openssh-5.6p1/openssh-lpk-openldap.schema.ldap openssh-5.6p1/openssh-lpk-openldap.schema
+--- openssh-5.6p1/openssh-lpk-openldap.schema.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/openssh-lpk-openldap.schema 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,21 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -2110,9 +2093,9 @@ diff -up openssh-5.5p1/openssh-lpk-openldap.schema.ldap openssh-5.5p1/openssh-lp
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
+ MUST ( sshPublicKey $ uid )
+ )
-diff -up openssh-5.5p1/openssh-lpk-sun.schema.ldap openssh-5.5p1/openssh-lpk-sun.schema
---- openssh-5.5p1/openssh-lpk-sun.schema.ldap 2010-07-07 14:36:35.000000000 +0200
-+++ openssh-5.5p1/openssh-lpk-sun.schema 2010-07-07 14:36:35.000000000 +0200
+diff -up openssh-5.6p1/openssh-lpk-sun.schema.ldap openssh-5.6p1/openssh-lpk-sun.schema
+--- openssh-5.6p1/openssh-lpk-sun.schema.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/openssh-lpk-sun.schema 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,23 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -2137,9 +2120,9 @@ diff -up openssh-5.5p1/openssh-lpk-sun.schema.ldap openssh-5.5p1/openssh-lpk-sun
+ DESC 'MANDATORY: OpenSSH LPK objectclass'
+ MUST ( sshPublicKey $ uid )
+ )
-diff -up openssh-5.5p1/README.lpk.ldap openssh-5.5p1/README.lpk
---- openssh-5.5p1/README.lpk.ldap 2010-07-07 14:36:35.000000000 +0200
-+++ openssh-5.5p1/README.lpk 2010-07-07 14:36:35.000000000 +0200
+diff -up openssh-5.6p1/README.lpk.ldap openssh-5.6p1/README.lpk
+--- openssh-5.6p1/README.lpk.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/README.lpk 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,274 @@
+OpenSSH LDAP PUBLIC KEY PATCH
+Copyright (c) 2003 Eric AUGE (eau at phear.org)
@@ -2415,9 +2398,9 @@ diff -up openssh-5.5p1/README.lpk.ldap openssh-5.5p1/README.lpk
+- CONTACT :
+ Jan F. Chadima <jchadima at redhat.com>
+
-diff -up openssh-5.5p1/ssh-ldap.conf.5.ldap openssh-5.5p1/ssh-ldap.conf.5
---- openssh-5.5p1/ssh-ldap.conf.5.ldap 2010-07-07 14:36:35.000000000 +0200
-+++ openssh-5.5p1/ssh-ldap.conf.5 2010-07-07 14:36:35.000000000 +0200
+diff -up openssh-5.6p1/ssh-ldap.conf.5.ldap openssh-5.6p1/ssh-ldap.conf.5
+--- openssh-5.6p1/ssh-ldap.conf.5.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/ssh-ldap.conf.5 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,373 @@
+.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
+.\"
@@ -2792,9 +2775,9 @@ diff -up openssh-5.5p1/ssh-ldap.conf.5.ldap openssh-5.5p1/ssh-ldap.conf.5
+OpenSSH 5.5 + PKA-LDAP .
+.Sh AUTHORS
+.An Jan F. Chadima Aq jchadima at redhat.com
-diff -up openssh-5.5p1/ssh-ldap-helper.8.ldap openssh-5.5p1/ssh-ldap-helper.8
---- openssh-5.5p1/ssh-ldap-helper.8.ldap 2010-07-07 14:36:35.000000000 +0200
-+++ openssh-5.5p1/ssh-ldap-helper.8 2010-07-07 14:36:35.000000000 +0200
+diff -up openssh-5.6p1/ssh-ldap-helper.8.ldap openssh-5.6p1/ssh-ldap-helper.8
+--- openssh-5.6p1/ssh-ldap-helper.8.ldap 2010-08-23 12:28:11.000000000 +0200
++++ openssh-5.6p1/ssh-ldap-helper.8 2010-08-23 12:28:11.000000000 +0200
@@ -0,0 +1,78 @@
+.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
+.\"
diff --git a/openssh-5.5p1-mls.patch b/openssh-5.6p1-mls.patch
similarity index 91%
rename from openssh-5.5p1-mls.patch
rename to openssh-5.6p1-mls.patch
index 3c12716..ee8a8ef 100644
--- a/openssh-5.5p1-mls.patch
+++ b/openssh-5.6p1-mls.patch
@@ -1,7 +1,7 @@
-diff -up openssh-5.4p1/configure.ac.mls openssh-5.4p1/configure.ac
---- openssh-5.4p1/configure.ac.mls 2010-03-01 15:24:27.000000000 +0100
-+++ openssh-5.4p1/configure.ac 2010-03-01 15:24:28.000000000 +0100
-@@ -3360,6 +3360,7 @@ AC_ARG_WITH(selinux,
+diff -up openssh-5.6p1/configure.ac.mls openssh-5.6p1/configure.ac
+--- openssh-5.6p1/configure.ac.mls 2010-08-23 12:11:36.000000000 +0200
++++ openssh-5.6p1/configure.ac 2010-08-23 12:11:36.000000000 +0200
+@@ -3390,6 +3390,7 @@ AC_ARG_WITH(selinux,
SSHDLIBS="$SSHDLIBS $LIBSELINUX"
LIBS="$LIBS $LIBSELINUX"
AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
@@ -9,23 +9,21 @@ diff -up openssh-5.4p1/configure.ac.mls openssh-5.4p1/configure.ac
LIBS="$save_LIBS"
fi ]
)
-diff -up openssh-5.4p1/misc.c.mls openssh-5.4p1/misc.c
---- openssh-5.4p1/misc.c.mls 2010-01-10 00:31:12.000000000 +0100
-+++ openssh-5.4p1/misc.c 2010-03-01 15:24:28.000000000 +0100
-@@ -423,6 +423,7 @@ char *
+diff -up openssh-5.6p1/misc.c.mls openssh-5.6p1/misc.c
+--- openssh-5.6p1/misc.c.mls 2010-08-03 08:05:05.000000000 +0200
++++ openssh-5.6p1/misc.c 2010-08-23 12:14:16.000000000 +0200
+@@ -424,6 +424,7 @@ char *
colon(char *cp)
{
int flag = 0;
+ int start = 1;
if (*cp == ':') /* Leading colon is part of file name. */
- return (0);
-@@ -436,8 +437,13 @@ colon(char *cp)
- return (cp+1);
- if (*cp == ':' && !flag)
+ return NULL;
+@@ -439,6 +440,13 @@ colon(char *cp)
return (cp);
-- if (*cp == '/')
-- return (0);
+ if (*cp == '/')
+ return NULL;
+ if (start) {
+ /* Slash on beginning or after dots only denotes file name. */
+ if (*cp == '/')
@@ -34,11 +32,11 @@ diff -up openssh-5.4p1/misc.c.mls openssh-5.4p1/misc.c
+ start = 0;
+ }
}
- return (0);
+ return NULL;
}
-diff -up openssh-5.4p1/openbsd-compat/port-linux.c.mls openssh-5.4p1/openbsd-compat/port-linux.c
---- openssh-5.4p1/openbsd-compat/port-linux.c.mls 2010-03-01 15:24:27.000000000 +0100
-+++ openssh-5.4p1/openbsd-compat/port-linux.c 2010-03-01 15:25:50.000000000 +0100
+diff -up openssh-5.6p1/openbsd-compat/port-linux.c.mls openssh-5.6p1/openbsd-compat/port-linux.c
+--- openssh-5.6p1/openbsd-compat/port-linux.c.mls 2010-08-23 12:11:36.000000000 +0200
++++ openssh-5.6p1/openbsd-compat/port-linux.c 2010-08-23 12:11:37.000000000 +0200
@@ -35,13 +35,24 @@
#include "key.h"
#include "hostfile.h"
@@ -417,10 +415,10 @@ diff -up openssh-5.4p1/openbsd-compat/port-linux.c.mls openssh-5.4p1/openbsd-com
/* XXX: should these calls fatal() upon failure in enforcing mode? */
-diff -up openssh-5.4p1/sshd.c.mls openssh-5.4p1/sshd.c
---- openssh-5.4p1/sshd.c.mls 2010-03-01 15:24:27.000000000 +0100
-+++ openssh-5.4p1/sshd.c 2010-03-01 15:24:28.000000000 +0100
-@@ -1987,6 +1987,9 @@ main(int ac, char **av)
+diff -up openssh-5.6p1/sshd.c.mls openssh-5.6p1/sshd.c
+--- openssh-5.6p1/sshd.c.mls 2010-08-23 12:11:36.000000000 +0200
++++ openssh-5.6p1/sshd.c 2010-08-23 12:11:37.000000000 +0200
+@@ -1997,6 +1997,9 @@ main(int ac, char **av)
restore_uid();
}
#endif
diff --git a/openssh-5.3p1-selabel.patch b/openssh-5.6p1-selabel.patch
similarity index 50%
rename from openssh-5.3p1-selabel.patch
rename to openssh-5.6p1-selabel.patch
index 6e5d6bd..459164f 100644
--- a/openssh-5.3p1-selabel.patch
+++ b/openssh-5.6p1-selabel.patch
@@ -1,19 +1,19 @@
-diff -up openssh-5.3p1/contrib/ssh-copy-id.selabel openssh-5.3p1/contrib/ssh-copy-id
---- openssh-5.3p1/contrib/ssh-copy-id.selabel 2009-01-21 10:29:21.000000000 +0100
-+++ openssh-5.3p1/contrib/ssh-copy-id 2009-10-02 14:21:54.000000000 +0200
-@@ -38,7 +38,7 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] ||
- exit 1
- fi
+diff -up openssh-5.6p1/contrib/ssh-copy-id.selabel openssh-5.6p1/contrib/ssh-copy-id
+--- openssh-5.6p1/contrib/ssh-copy-id.selabel 2010-08-10 05:36:09.000000000 +0200
++++ openssh-5.6p1/contrib/ssh-copy-id 2010-08-23 12:50:20.000000000 +0200
+@@ -41,7 +41,7 @@ fi
+ # strip any trailing colon
+ host=`echo $1 | sed 's/:$//'`
--{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1
-+{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon .ssh .ssh/authorized_keys" || exit 1
+-{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1
++{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys; test -x /sbin/restorecon && /sbin/restorecon ~/.ssh ~/.ssh/authorized_keys" || exit 1
cat <<EOF
- Now try logging into the machine, with "ssh '$1'", and check in:
-diff -up openssh-5.3p1/Makefile.in.selabel openssh-5.3p1/Makefile.in
---- openssh-5.3p1/Makefile.in.selabel 2009-10-02 14:21:54.000000000 +0200
-+++ openssh-5.3p1/Makefile.in 2009-10-02 14:23:23.000000000 +0200
-@@ -136,7 +136,7 @@ libssh.a: $(LIBSSH_OBJS)
+ Now try logging into the machine, with "ssh '$host'", and check in:
+diff -up openssh-5.6p1/Makefile.in.selabel openssh-5.6p1/Makefile.in
+--- openssh-5.6p1/Makefile.in.selabel 2010-08-23 12:47:39.000000000 +0200
++++ openssh-5.6p1/Makefile.in 2010-08-23 12:47:39.000000000 +0200
+@@ -141,7 +141,7 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@
ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
@@ -22,9 +22,9 @@ diff -up openssh-5.3p1/Makefile.in.selabel openssh-5.3p1/Makefile.in
sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
$(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(SSHDLIBS) $(LIBS)
-diff -up openssh-5.3p1/ssh.c.selabel openssh-5.3p1/ssh.c
---- openssh-5.3p1/ssh.c.selabel 2009-10-02 14:21:54.000000000 +0200
-+++ openssh-5.3p1/ssh.c 2009-10-02 14:21:54.000000000 +0200
+diff -up openssh-5.6p1/ssh.c.selabel openssh-5.6p1/ssh.c
+--- openssh-5.6p1/ssh.c.selabel 2010-08-23 12:47:39.000000000 +0200
++++ openssh-5.6p1/ssh.c 2010-08-23 12:47:39.000000000 +0200
@@ -74,6 +74,7 @@
#include <openssl/err.h>
#include <openssl/fips.h>
@@ -33,7 +33,7 @@ diff -up openssh-5.3p1/ssh.c.selabel openssh-5.3p1/ssh.c
#include "openbsd-compat/openssl-compat.h"
#include "openbsd-compat/sys-queue.h"
-@@ -792,10 +793,15 @@ main(int ac, char **av)
+@@ -848,10 +849,15 @@ main(int ac, char **av)
*/
r = snprintf(buf, sizeof buf, "%s%s%s", pw->pw_dir,
strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
diff --git a/openssh.spec b/openssh.spec
index c54bd02..92d712b 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -73,7 +73,7 @@
%define openssh_ver 5.6p1
%define openssh_rel 1
%define pam_ssh_agent_ver 0.9.2
-%define pam_ssh_agent_rel 26
+%define pam_ssh_agent_rel 27
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
@@ -94,44 +94,38 @@ Source4: http://prdownloads.sourceforge.net/pamsshagentauth/pam_ssh_agent_auth/p
Source5: pam_ssh_agent-rmheaders
Patch0: openssh-5.4p1-redhat.patch
-#https://bugzilla.mindrot.org/show_bug.cgi?id=1638
-Patch2: openssh-5.3p1-skip-initial.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1640
Patch4: openssh-5.2p1-vendor.patch
Patch10: pam_ssh_agent_auth-0.9-build.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Patch12: openssh-5.4p1-selinux.patch
-Patch13: openssh-5.5p1-mls.patch
+Patch13: openssh-5.6p1-mls.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Patch16: openssh-5.3p1-audit.patch
Patch18: openssh-5.4p1-pam_selinux.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1663
-Patch20: openssh-5.5p1-authorized-keys-command.patch
-Patch21: openssh-5.5p1-ldap.patch
+Patch20: openssh-5.6p1-authorized-keys-command.patch
+Patch21: openssh-5.6p1-ldap.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1668
-Patch23: openssh-5.5p1-keygen.patch
+Patch23: openssh-5.6p1-keygen.patch
Patch24: openssh-4.3p1-fromto-remote.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1636
Patch27: openssh-5.1p1-log-in-chroot.patch
-Patch30: openssh-4.0p1-exit-deadlock.patch
+Patch30: openssh-5.6p1-exit-deadlock.patch
Patch35: openssh-5.1p1-askpass-progress.patch
Patch38: openssh-4.3p2-askpass-grab-info.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1644
Patch44: openssh-5.2p1-allow-ip-opts.patch
Patch49: openssh-4.3p2-gssapi-canohost.patch
Patch62: openssh-5.1p1-scp-manpage.patch
-Patch65: openssh-5.5p1-fips.patch
+Patch65: openssh-5.6p1-fips.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1614
-Patch69: openssh-5.3p1-selabel.patch
+Patch69: openssh-5.6p1-selabel.patch
Patch71: openssh-5.2p1-edns.patch
-Patch73: openssh-5.5p1-gsskex.patch
+Patch73: openssh-5.6p1-gsskex.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1701
Patch74: openssh-5.3p1-randclean.patch
-#https://bugzilla.mindrot.org/show_bug.cgi?id=1740
-Patch76: openssh-5.5p1-staterr.patch
-#https://bugzilla.mindrot.org/show_bug.cgi?id=1750
-Patch77: openssh-5.5p1-stderr.patch
-Patch78: openssh-5.5p1-kuserok.patch
+Patch78: openssh-5.6p1-kuserok.patch
Patch79: openssh-5.5p1-x11.patch
License: BSD
@@ -268,7 +262,6 @@ The module is most useful for su and sudo service stacks.
%prep
%setup -q -a 4
%patch0 -p1 -b .redhat
-%patch2 -p1 -b .skip-initial
%patch4 -p1 -b .vendor
%if %{pam_ssh_agent}
@@ -303,8 +296,6 @@ popd
%patch71 -p1 -b .edns
%patch73 -p1 -b .gsskex
%patch74 -p1 -b .randclean
-%patch76 -p1 -b .staterr
-%patch77 -p1 -b .stderr
%patch78 -p1 -b .kuserok
%patch79 -p1 -b .x11
More information about the scm-commits
mailing list