[openssh] Coverity second pass Reenable akc patch
Jan F. Chadima
jfch2222 at fedoraproject.org
Fri Sep 9 19:19:03 UTC 2011
commit ea97ffa1edb96ab32e0eb833dd025e248af4d718
Author: Jan F. Chadima <jfch at fukusima15.jagda.eu>
Date: Fri Sep 9 21:18:35 2011 +0200
Coverity second pass
Reenable akc patch
openssh-5.9p1-akc.patch | 50 +++++-----
openssh-5.9p1-coverity.patch | 97 +++++++++++++++++---
...sh-5.2p1-edns.patch => openssh-5.9p1-edns.patch | 24 +++---
openssh.spec | 8 +-
4 files changed, 127 insertions(+), 52 deletions(-)
---
diff --git a/openssh-5.9p1-akc.patch b/openssh-5.9p1-akc.patch
index 0abc256..3737981 100644
--- a/openssh-5.9p1-akc.patch
+++ b/openssh-5.9p1-akc.patch
@@ -1,6 +1,6 @@
diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
---- openssh-5.9p1/auth2-pubkey.c.akc 2011-09-09 17:26:31.000000000 +0200
-+++ openssh-5.9p1/auth2-pubkey.c 2011-09-09 17:28:15.000000000 +0200
+--- openssh-5.9p1/auth2-pubkey.c.akc 2011-09-09 19:27:15.369501615 +0200
++++ openssh-5.9p1/auth2-pubkey.c 2011-09-09 19:30:32.958509941 +0200
@@ -27,6 +27,7 @@
#include <sys/types.h>
@@ -47,7 +47,7 @@ diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
key_free(found);
if (!found_key)
debug2("key not found");
-@@ -452,13 +439,191 @@ user_cert_trusted_ca(struct passwd *pw,
+@@ -452,13 +439,191 @@ user_cert_trusted_ca(struct passwd *pw,
return ret;
}
@@ -242,7 +242,7 @@ diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c
if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
--- openssh-5.9p1/configure.ac.akc 2011-08-18 06:48:24.000000000 +0200
-+++ openssh-5.9p1/configure.ac 2011-09-09 17:26:31.000000000 +0200
++++ openssh-5.9p1/configure.ac 2011-09-09 19:27:17.548440048 +0200
@@ -1421,6 +1421,18 @@ AC_ARG_WITH([audit],
esac ]
)
@@ -271,9 +271,9 @@ diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
---- openssh-5.9p1/servconf.c.akc 2011-09-09 17:26:30.000000000 +0200
-+++ openssh-5.9p1/servconf.c 2011-09-09 17:26:31.000000000 +0200
-@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions
+--- openssh-5.9p1/servconf.c.akc 2011-09-09 19:27:03.490455245 +0200
++++ openssh-5.9p1/servconf.c 2011-09-09 19:27:17.666565662 +0200
+@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
@@ -344,8 +344,8 @@ diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
---- openssh-5.9p1/servconf.h.akc 2011-09-09 17:26:30.000000000 +0200
-+++ openssh-5.9p1/servconf.h 2011-09-09 17:26:31.000000000 +0200
+--- openssh-5.9p1/servconf.h.akc 2011-09-09 19:27:03.614494286 +0200
++++ openssh-5.9p1/servconf.h 2011-09-09 19:27:18.043502934 +0200
@@ -174,6 +174,8 @@ typedef struct {
char *revoked_keys_file;
char *trusted_user_ca_keys;
@@ -355,22 +355,9 @@ diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h
} ServerOptions;
/*
-diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config
---- openssh-5.9p1/sshd_config.akc 2011-09-09 17:26:30.000000000 +0200
-+++ openssh-5.9p1/sshd_config 2011-09-09 17:26:31.000000000 +0200
-@@ -49,6 +49,9 @@
- # but this is overridden so installations will only check .ssh/authorized_keys
- AuthorizedKeysFile .ssh/authorized_keys
-
-+#AuthorizedKeysCommand none
-+#AuthorizedKeysCommandRunAs nobody
-+
- # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
- #RhostsRSAAuthentication no
- # similar for protocol version 2
diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
--- openssh-5.9p1/sshd_config.0.akc 2011-09-07 01:16:30.000000000 +0200
-+++ openssh-5.9p1/sshd_config.0 2011-09-09 17:26:31.000000000 +0200
++++ openssh-5.9p1/sshd_config.0 2011-09-09 19:27:18.168626976 +0200
@@ -71,6 +71,23 @@ DESCRIPTION
See PATTERNS in ssh_config(5) for more information on patterns.
@@ -406,8 +393,8 @@ diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0
GSSAPIAuthentication, HostbasedAuthentication,
HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication,
diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
---- openssh-5.9p1/sshd_config.5.akc 2011-09-09 17:26:30.000000000 +0200
-+++ openssh-5.9p1/sshd_config.5 2011-09-09 17:26:31.000000000 +0200
+--- openssh-5.9p1/sshd_config.5.akc 2011-09-09 19:27:03.912515059 +0200
++++ openssh-5.9p1/sshd_config.5 2011-09-09 19:27:18.292494317 +0200
@@ -706,6 +706,8 @@ Available keywords are
.Cm AllowAgentForwarding ,
.Cm AllowTcpForwarding ,
@@ -446,3 +433,16 @@ diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5
.It Cm RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed.
+diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config
+--- openssh-5.9p1/sshd_config.akc 2011-09-09 19:27:03.754502770 +0200
++++ openssh-5.9p1/sshd_config 2011-09-09 19:27:18.446471121 +0200
+@@ -49,6 +49,9 @@
+ # but this is overridden so installations will only check .ssh/authorized_keys
+ AuthorizedKeysFile .ssh/authorized_keys
+
++#AuthorizedKeysCommand none
++#AuthorizedKeysCommandRunAs nobody
++
+ # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+ #RhostsRSAAuthentication no
+ # similar for protocol version 2
diff --git a/openssh-5.9p1-coverity.patch b/openssh-5.9p1-coverity.patch
index 5b1a4d3..5b9c2d7 100644
--- a/openssh-5.9p1-coverity.patch
+++ b/openssh-5.9p1-coverity.patch
@@ -1,6 +1,6 @@
diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
--- openssh-5.9p1/auth-pam.c.coverity 2009-07-12 14:07:21.000000000 +0200
-+++ openssh-5.9p1/auth-pam.c 2011-09-08 14:13:59.596485750 +0200
++++ openssh-5.9p1/auth-pam.c 2011-09-09 15:13:32.820565436 +0200
@@ -216,7 +216,7 @@ pthread_join(sp_pthread_t thread, void *
if (sshpam_thread_status != -1)
return (sshpam_thread_status);
@@ -12,7 +12,7 @@ diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
#endif
diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
--- openssh-5.9p1/channels.c.coverity 2011-06-23 00:31:57.000000000 +0200
-+++ openssh-5.9p1/channels.c 2011-09-08 14:13:59.724564062 +0200
++++ openssh-5.9p1/channels.c 2011-09-09 15:13:32.911439569 +0200
@@ -229,11 +229,11 @@ channel_register_fds(Channel *c, int rfd
channel_max_fd = MAX(channel_max_fd, wfd);
channel_max_fd = MAX(channel_max_fd, efd);
@@ -45,7 +45,7 @@ diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
}
diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
--- openssh-5.9p1/clientloop.c.coverity 2011-06-23 00:31:58.000000000 +0200
-+++ openssh-5.9p1/clientloop.c 2011-09-08 14:13:59.829450205 +0200
++++ openssh-5.9p1/clientloop.c 2011-09-09 15:13:33.017564323 +0200
@@ -1970,6 +1970,7 @@ client_input_global_request(int type, u_
char *rtype;
int want_reply;
@@ -56,7 +56,7 @@ diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
want_reply = packet_get_char();
diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
--- openssh-5.9p1/key.c.coverity 2011-05-20 11:03:08.000000000 +0200
-+++ openssh-5.9p1/key.c 2011-09-08 14:13:59.959563856 +0200
++++ openssh-5.9p1/key.c 2011-09-09 15:13:33.145442605 +0200
@@ -803,8 +803,10 @@ key_read(Key *ret, char **cpp)
success = 1;
/*XXXX*/
@@ -68,9 +68,45 @@ diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
/* advance cp: skip whitespace and data */
while (*cp == ' ' || *cp == '\t')
cp++;
+diff -up openssh-5.9p1/monitor.c.coverity openssh-5.9p1/monitor.c
+--- openssh-5.9p1/monitor.c.coverity 2011-09-09 17:13:15.937439833 +0200
++++ openssh-5.9p1/monitor.c 2011-09-09 17:15:18.625466696 +0200
+@@ -1161,6 +1161,10 @@ mm_answer_keyallowed(int sock, Buffer *m
+ break;
+ }
+ }
++
++ debug3("%s: key %p is %s",
++ __func__, key, allowed ? "allowed" : "not allowed");
++
+ if (key != NULL)
+ key_free(key);
+
+@@ -1182,9 +1186,6 @@ mm_answer_keyallowed(int sock, Buffer *m
+ xfree(chost);
+ }
+
+- debug3("%s: key %p is %s",
+- __func__, key, allowed ? "allowed" : "not allowed");
+-
+ buffer_clear(m);
+ buffer_put_int(m, allowed);
+ buffer_put_int(m, forced_command != NULL);
+diff -up openssh-5.9p1/openbsd-compat/bindresvport.c.coverity openssh-5.9p1/openbsd-compat/bindresvport.c
+--- openssh-5.9p1/openbsd-compat/bindresvport.c.coverity 2011-09-09 17:29:14.709442881 +0200
++++ openssh-5.9p1/openbsd-compat/bindresvport.c 2011-09-09 17:32:48.770563974 +0200
+@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr
+ struct sockaddr_in6 *in6;
+ u_int16_t *portp;
+ u_int16_t port;
+- socklen_t salen;
++ socklen_t salen = sizeof(struct sockaddr_storage);
+ int i;
+
+ if (sa == NULL) {
diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
--- openssh-5.9p1/packet.c.coverity 2011-05-15 00:58:15.000000000 +0200
-+++ openssh-5.9p1/packet.c 2011-09-08 14:14:00.075501777 +0200
++++ openssh-5.9p1/packet.c 2011-09-09 15:13:33.263447887 +0200
@@ -1177,6 +1177,7 @@ packet_read_poll1(void)
case DEATTACK_DETECTED:
packet_disconnect("crc32 compensation attack: "
@@ -90,7 +126,7 @@ diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
--- openssh-5.9p1/progressmeter.c.coverity 2006-08-05 04:39:40.000000000 +0200
-+++ openssh-5.9p1/progressmeter.c 2011-09-08 14:14:00.186620217 +0200
++++ openssh-5.9p1/progressmeter.c 2011-09-09 15:13:33.382566039 +0200
@@ -65,7 +65,7 @@ static void update_progress_meter(int);
static time_t start; /* start progress */
@@ -111,7 +147,7 @@ diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
file = f;
diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
--- openssh-5.9p1/progressmeter.h.coverity 2006-03-26 05:30:02.000000000 +0200
-+++ openssh-5.9p1/progressmeter.h 2011-09-08 14:14:00.299626834 +0200
++++ openssh-5.9p1/progressmeter.h 2011-09-09 15:13:33.501438992 +0200
@@ -23,5 +23,5 @@
* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/
@@ -121,7 +157,7 @@ diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
void stop_progress_meter(void);
diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
--- openssh-5.9p1/scp.c.coverity 2011-01-06 12:41:21.000000000 +0100
-+++ openssh-5.9p1/scp.c 2011-09-08 14:14:00.404502349 +0200
++++ openssh-5.9p1/scp.c 2011-09-09 15:13:33.607564009 +0200
@@ -155,7 +155,7 @@ killchild(int signo)
{
if (do_cmd_pid > 1) {
@@ -131,9 +167,21 @@ diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
}
if (signo)
+diff -up openssh-5.9p1/servconf.c.coverity openssh-5.9p1/servconf.c
+--- openssh-5.9p1/servconf.c.coverity 2011-09-09 17:24:09.333561142 +0200
++++ openssh-5.9p1/servconf.c 2011-09-09 17:26:41.488502345 +0200
+@@ -1171,7 +1171,7 @@ process_server_config_line(ServerOptions
+ fatal("%s line %d: Missing subsystem name.",
+ filename, linenum);
+ if (!*activep) {
+- arg = strdelim(&cp);
++ /*arg =*/ (void) strdelim(&cp);
+ break;
+ }
+ for (i = 0; i < options->num_subsystems; i++)
diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
--- openssh-5.9p1/serverloop.c.coverity 2011-05-20 11:02:50.000000000 +0200
-+++ openssh-5.9p1/serverloop.c 2011-09-08 14:14:00.516501505 +0200
++++ openssh-5.9p1/serverloop.c 2011-09-09 15:13:33.723564433 +0200
@@ -147,13 +147,13 @@ notify_setup(void)
static void
notify_parent(void)
@@ -245,7 +293,7 @@ diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
tun = forced_tun_device;
diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
--- openssh-5.9p1/sftp-client.c.coverity 2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp-client.c 2011-09-08 14:14:00.640502358 +0200
++++ openssh-5.9p1/sftp-client.c 2011-09-09 15:13:33.845564522 +0200
@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
}
@@ -470,7 +518,7 @@ diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
size_t len = strlen(p1) + strlen(p2) + 2;
diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
--- openssh-5.9p1/sftp-client.h.coverity 2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp-client.h 2011-09-08 14:14:00.750502818 +0200
++++ openssh-5.9p1/sftp-client.h 2011-09-09 15:13:33.954567073 +0200
@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
u_int sftp_proto_version(struct sftp_conn *);
@@ -570,7 +618,16 @@ diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
#endif
diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
--- openssh-5.9p1/sftp.c.coverity 2010-12-04 23:02:48.000000000 +0100
-+++ openssh-5.9p1/sftp.c 2011-09-08 14:25:08.647440423 +0200
++++ openssh-5.9p1/sftp.c 2011-09-09 15:13:34.086441893 +0200
+@@ -206,7 +206,7 @@ killchild(int signo)
+ {
+ if (sshpid > 1) {
+ kill(sshpid, SIGTERM);
+- waitpid(sshpid, NULL, 0);
++ (void) waitpid(sshpid, NULL, 0);
+ }
+
+ _exit(1);
@@ -316,7 +316,7 @@ local_do_ls(const char *args)
/* Strip one path (usually the pwd) from the start of another */
@@ -674,9 +731,23 @@ diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
{
struct sftp_statvfs st;
char s_used[FMT_SCALED_STRSIZE];
+diff -up openssh-5.9p1/ssh-agent.c.coverity openssh-5.9p1/ssh-agent.c
+--- openssh-5.9p1/ssh-agent.c.coverity 2011-06-03 06:14:16.000000000 +0200
++++ openssh-5.9p1/ssh-agent.c 2011-09-09 15:13:34.203567987 +0200
+@@ -1147,8 +1147,8 @@ main(int ac, char **av)
+ sanitise_stdfd();
+
+ /* drop */
+- setegid(getgid());
+- setgid(getgid());
++ (void) setegid(getgid());
++ (void) setgid(getgid());
+
+ #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
+ /* Disable ptrace on Linux without sgid bit */
diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
--- openssh-5.9p1/sshd.c.coverity 2011-06-23 11:45:51.000000000 +0200
-+++ openssh-5.9p1/sshd.c 2011-09-08 14:14:01.018565321 +0200
++++ openssh-5.9p1/sshd.c 2011-09-09 15:13:34.317564195 +0200
@@ -1302,6 +1302,9 @@ server_accept_loop(int *sock_in, int *so
if (num_listen_socks < 0)
break;
diff --git a/openssh-5.2p1-edns.patch b/openssh-5.9p1-edns.patch
similarity index 62%
rename from openssh-5.2p1-edns.patch
rename to openssh-5.9p1-edns.patch
index f3e431e..34f3851 100644
--- a/openssh-5.2p1-edns.patch
+++ b/openssh-5.9p1-edns.patch
@@ -1,7 +1,7 @@
-diff -up openssh-5.2p1/dns.c.rh205842 openssh-5.2p1/dns.c
---- openssh-5.2p1/dns.c.rh205842 2009-07-27 16:25:28.000000000 +0200
-+++ openssh-5.2p1/dns.c 2009-07-27 16:40:59.000000000 +0200
-@@ -176,6 +176,7 @@ verify_host_key_dns(const char *hostname
+diff -up openssh-5.9p1/dns.c.edns openssh-5.9p1/dns.c
+--- openssh-5.9p1/dns.c.edns 2010-08-31 14:41:14.000000000 +0200
++++ openssh-5.9p1/dns.c 2011-09-09 08:05:27.782440497 +0200
+@@ -177,6 +177,7 @@ verify_host_key_dns(const char *hostname
{
u_int counter;
int result;
@@ -9,7 +9,7 @@ diff -up openssh-5.2p1/dns.c.rh205842 openssh-5.2p1/dns.c
struct rrsetinfo *fingerprints = NULL;
u_int8_t hostkey_algorithm;
-@@ -199,8 +200,19 @@ verify_host_key_dns(const char *hostname
+@@ -200,8 +201,19 @@ verify_host_key_dns(const char *hostname
return -1;
}
@@ -30,9 +30,9 @@ diff -up openssh-5.2p1/dns.c.rh205842 openssh-5.2p1/dns.c
if (result) {
verbose("DNS lookup error: %s", dns_result_totext(result));
return -1;
-diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 openssh-5.2p1/openbsd-compat/getrrsetbyname.c
---- openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 2009-07-27 16:22:23.000000000 +0200
-+++ openssh-5.2p1/openbsd-compat/getrrsetbyname.c 2009-07-27 16:41:55.000000000 +0200
+diff -up openssh-5.9p1/openbsd-compat/getrrsetbyname.c.edns openssh-5.9p1/openbsd-compat/getrrsetbyname.c
+--- openssh-5.9p1/openbsd-compat/getrrsetbyname.c.edns 2009-07-13 03:38:23.000000000 +0200
++++ openssh-5.9p1/openbsd-compat/getrrsetbyname.c 2011-09-09 15:03:39.930500801 +0200
@@ -209,8 +209,8 @@ getrrsetbyname(const char *hostname, uns
goto fail;
}
@@ -40,7 +40,7 @@ diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 openssh-5.2p1/op
- /* don't allow flags yet, unimplemented */
- if (flags) {
+ /* Allow RRSET_FORCE_EDNS0 flag only. */
-+ if ((flags & !RRSET_FORCE_EDNS0) != 0) {
++ if ((flags & ~RRSET_FORCE_EDNS0) != 0) {
result = ERRSET_INVAL;
goto fail;
}
@@ -57,9 +57,9 @@ diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 openssh-5.2p1/op
#endif /* RES_USE_DNSEC */
/* make query */
-diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.h.rh205842 openssh-5.2p1/openbsd-compat/getrrsetbyname.h
---- openssh-5.2p1/openbsd-compat/getrrsetbyname.h.rh205842 2009-07-27 16:35:02.000000000 +0200
-+++ openssh-5.2p1/openbsd-compat/getrrsetbyname.h 2009-07-27 16:36:09.000000000 +0200
+diff -up openssh-5.9p1/openbsd-compat/getrrsetbyname.h.edns openssh-5.9p1/openbsd-compat/getrrsetbyname.h
+--- openssh-5.9p1/openbsd-compat/getrrsetbyname.h.edns 2007-10-26 08:26:50.000000000 +0200
++++ openssh-5.9p1/openbsd-compat/getrrsetbyname.h 2011-09-09 08:05:27.965438689 +0200
@@ -72,6 +72,9 @@
#ifndef RRSET_VALIDATED
# define RRSET_VALIDATED 1
diff --git a/openssh.spec b/openssh.spec
index 98d9e82..e24eb9f 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -79,7 +79,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_ver 5.9p1
-%define openssh_rel 2
+%define openssh_rel 3
%define pam_ssh_agent_ver 0.9.2
%define pam_ssh_agent_rel 32
@@ -183,7 +183,7 @@ Patch702: openssh-5.1p1-askpass-progress.patch
#?
Patch703: openssh-4.3p2-askpass-grab-info.patch
#?
-Patch704: openssh-5.2p1-edns.patch
+Patch704: openssh-5.9p1-edns.patch
#?
Patch705: openssh-5.1p1-scp-manpage.patch
#?
@@ -785,6 +785,10 @@ fi
%endif
%changelog
+* Fri Sep 9 2011 Jan F. Chadima <jchadima at redhat.com> - 5.9p1-3 + 0.9.2-32
+- Coverity second pass
+- Reenable akc patch
+
* Thu Sep 8 2011 Jan F. Chadima <jchadima at redhat.com> - 5.9p1-2 + 0.9.2-32
- Coverity first pass
More information about the scm-commits
mailing list