scm-commits March 2011

scm-commits@lists.fedoraproject.org

379 participants
14469 discussions

Start a nNew thread

[perl-Mixin-Linewise] Created tag perl-Mixin-Linewise-0.002-2.el4
by Paul Howarth 01 Mar '11

01 Mar '11

The lightweight tag 'perl-Mixin-Linewise-0.002-2.el4' was created pointing to: 3a1f064... dist-git conversion

1 0

[perl-Test-Output] Created tag perl-Test-Output-0.10-2.el4
by Paul Howarth 01 Mar '11

01 Mar '11

The lightweight tag 'perl-Test-Output-0.10-2.el4' was created pointing to: 8718676... Initialize EPEL-4 branch from EPEL-5 and fix trivial rpmlin

1 0

[simple-scan/f14/master: 7/7] Update to 2.32.0.1 http://bazaar.launchpad.net/~simple-scan-team/simple-scan/trunk/revision/470#NEWS
by Rahul Sundaram 01 Mar '11

01 Mar '11

commit fc99e1993499619a6c3766d2ccfe8e5d722d6b8c Merge: cb62d74 8c23d67 Author: Rahul <sundaram(a)fedoraproject.org> Date: Tue Mar 1 12:37:32 2011 +0530 Update to 2.32.0.1 http://bazaar.launchpad.net/~simple-scan-team/simple-scan/trunk/revision/47… .gitignore | 4 ++++ simple-scan.spec | 8 ++++++-- sources | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) --- diff --cc .gitignore index 3d671ff,9472864..ad0c293 --- a/.gitignore +++ b/.gitignore @@@ -2,4 -2,4 +2,8 @@@ simple-scan-2.31.5.tar.bz /simple-scan-2.31.90.1.tar.bz2 /simple-scan-2.31.90.2.tar.bz2 /simple-scan-2.31.91.tar.bz2 ++<<<<<<< HEAD +/simple-scan-2.32.0.tar.bz2 ++======= + /simple-scan-2.32.0.1.tar.gz ++>>>>>>> master diff --cc simple-scan.spec index 4a51c64,c2c5909..36d7297 --- a/simple-scan.spec +++ b/simple-scan.spec @@@ -1,6 -1,6 +1,6 @@@ Name: simple-scan - Version: 2.32.0 + Version: 2.32.0.1 -Release: 2%{?dist} +Release: 1%{?dist} Summary: Simple scanning utility Group: Applications/Multimedia @@@ -52,8 -52,11 +52,12 @@@ make install DESTDIR=$RPM_BUILD_ROO %{_datadir}/simple-scan/ %changelog -* Wed Feb 09 2011 Fedora Release Engineering <rel-eng(a)lists.fedoraproject.org> - 2.32.0.1-2 -- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild - -* Thu Nov 11 2010 Matthias Clasen <mclasen(a)redhat.com> - 2.32.0.1-1 ++* Tue Mar 01 2011 Rahul Sundaram <sundaram(a)fedoraproject.org> - 2.32.0.1-1 + - Update to 2.32.0.1 ++- http://bazaar.launchpad.net/~simple-scan-team/simple-scan/trunk/revision/47… ++ +* Wed Sep 29 2010 Matthias Clasen <mclasen(a)redhat.com> - 2.32.0-1 +- Update to 2.32.0 * Tue Aug 31 2010 Matthias Clasen <mclasen(a)redhat.com> - 2.31.91-1 - Update to 2.31.91

1 0

[simple-scan/f14/master] (7 commits) ...Update to 2.32.0.1 http://bazaar.launchpad.net/~simple-scan-team/simple-scan/trunk/revision/470#NEWS
by Rahul Sundaram 01 Mar '11

01 Mar '11

Summary of changes: 9540845... 2.31.90.1 (*) 4d029fc... 2.31.90.2 (*) fa16cf0... 2.31.91 (*) 9cfd61d... 2.32.0.1 (*) 3562eae... fix sources (*) 8c23d67... - Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass (*) fc99e19... Update to 2.32.0.1 http://bazaar.launchpad.net/~simple-scan (*) This commit already existed in another branch; no separate mail sent

1 0

[openssh] improove ssk-keycat
by Jan F. Chadima 01 Mar '11

01 Mar '11

commit 1499a28f3778df684688dc357e3dd993f1056452 Author: Jan F <jfch(a)kerberos.example.com> Date: Tue Mar 1 07:44:22 2011 +0100 improove ssk-keycat openssh-5.8p1-audit1.patch | 28 ++++---- openssh-5.8p1-audit1a.patch | 21 ------ openssh-5.8p1-audit4.patch | 69 ++++++++++--------- openssh-5.8p1-audit4a.patch | 13 ---- openssh-5.8p1-audit5.patch | 88 +++++++++++++++---------- openssh-5.8p1-audit5a.patch | 21 ------ openssh-5.8p1-keycat2.patch | 132 ++++++++++++++++++++++++++++++++++++ openssh-5.8p1-ldap.patch | 156 +++++++++++++++++++++++++------------------ openssh-5.8p1-ldap2.patch | 57 ---------------- openssh.spec | 7 ++- 10 files changed, 332 insertions(+), 260 deletions(-) --- diff --git a/openssh-5.8p1-audit1.patch b/openssh-5.8p1-audit1.patch index ea7def7..08674a9 100644 --- a/openssh-5.8p1-audit1.patch +++ b/openssh-5.8p1-audit1.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit1 openssh-5.8p1/audit-bsm.c --- openssh-5.8p1/audit-bsm.c.audit1 2011-01-17 11:15:29.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-24 13:49:49.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-28 22:39:02.000000000 +0100 @@ -305,6 +305,12 @@ audit_run_command(const char *command) } @@ -16,7 +16,7 @@ diff -up openssh-5.8p1/audit-bsm.c.audit1 openssh-5.8p1/audit-bsm.c /* not implemented */ diff -up openssh-5.8p1/audit.c.audit1 openssh-5.8p1/audit.c --- openssh-5.8p1/audit.c.audit1 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-24 13:49:49.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-28 22:39:02.000000000 +0100 @@ -182,5 +182,18 @@ audit_run_command(const char *command) debug("audit run command euid %d user %s command '%.200s'", geteuid(), audit_username(), command); @@ -38,7 +38,7 @@ diff -up openssh-5.8p1/audit.c.audit1 openssh-5.8p1/audit.c #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit1 openssh-5.8p1/audit.h --- openssh-5.8p1/audit.h.audit1 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-24 13:49:49.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-28 22:39:02.000000000 +0100 @@ -52,6 +52,7 @@ void audit_event(ssh_audit_event_t); void audit_session_open(struct logininfo *); void audit_session_close(struct logininfo *); @@ -49,7 +49,7 @@ diff -up openssh-5.8p1/audit.h.audit1 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c --- openssh-5.8p1/audit-linux.c.audit1 2011-01-17 11:15:30.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-24 13:49:49.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-28 22:39:02.000000000 +0100 @@ -35,13 +35,20 @@ #include "log.h" @@ -179,7 +179,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c +{ + linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), + NULL, "ssh", 1, AUDIT_USER_END); -+ if (!--user_login_count) ++ if (user_login_count && !--user_login_count) + linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), + NULL, "ssh", 1, AUDIT_USER_LOGOUT); } @@ -203,7 +203,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c - /* not implemented */ + linux_audit_user_logxxx(li->uid, NULL, li->hostname, + NULL, li->line, 1, AUDIT_USER_END); -+ if (!--user_login_count) ++ if (user_login_count && !--user_login_count) + linux_audit_user_logxxx(li->uid, NULL, li->hostname, + NULL, li->line, 1, AUDIT_USER_LOGOUT); } @@ -259,7 +259,7 @@ diff -up openssh-5.8p1/audit-linux.c.audit1 openssh-5.8p1/audit-linux.c default: diff -up openssh-5.8p1/monitor.c.audit1 openssh-5.8p1/monitor.c --- openssh-5.8p1/monitor.c.audit1 2010-09-10 03:23:34.000000000 +0200 -+++ openssh-5.8p1/monitor.c 2011-02-24 13:49:49.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-28 22:39:02.000000000 +0100 @@ -177,6 +177,7 @@ int mm_answer_gss_checkmic(int, Buffer * #ifdef SSH_AUDIT_EVENTS int mm_answer_audit_event(int, Buffer *); @@ -307,7 +307,7 @@ diff -up openssh-5.8p1/monitor.c.audit1 openssh-5.8p1/monitor.c void diff -up openssh-5.8p1/monitor.h.audit1 openssh-5.8p1/monitor.h --- openssh-5.8p1/monitor.h.audit1 2008-11-05 06:20:46.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-24 13:49:49.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-28 22:39:02.000000000 +0100 @@ -60,6 +60,7 @@ enum monitor_reqtype { MONITOR_REQ_PAM_RESPOND, MONITOR_ANS_PAM_RESPOND, MONITOR_REQ_PAM_FREE_CTX, MONITOR_ANS_PAM_FREE_CTX, @@ -318,7 +318,7 @@ diff -up openssh-5.8p1/monitor.h.audit1 openssh-5.8p1/monitor.h MONITOR_REQ_JPAKE_GET_PWDATA, MONITOR_ANS_JPAKE_GET_PWDATA, diff -up openssh-5.8p1/monitor_wrap.c.audit1 openssh-5.8p1/monitor_wrap.c --- openssh-5.8p1/monitor_wrap.c.audit1 2010-08-31 14:41:14.000000000 +0200 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-24 13:49:49.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-28 22:39:02.000000000 +0100 @@ -1163,6 +1163,20 @@ mm_audit_run_command(const char *command mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); buffer_free(&m); @@ -342,7 +342,7 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit1 openssh-5.8p1/monitor_wrap.c #ifdef GSSAPI diff -up openssh-5.8p1/monitor_wrap.h.audit1 openssh-5.8p1/monitor_wrap.h --- openssh-5.8p1/monitor_wrap.h.audit1 2009-03-05 14:58:22.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-24 13:49:49.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-28 22:39:02.000000000 +0100 @@ -74,6 +74,7 @@ void mm_sshpam_free_ctx(void *); #include "audit.h" void mm_audit_event(ssh_audit_event_t); @@ -353,7 +353,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit1 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/session.c.audit1 openssh-5.8p1/session.c --- openssh-5.8p1/session.c.audit1 2010-12-01 02:02:59.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-02-24 13:49:49.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-02-28 22:39:02.000000000 +0100 @@ -809,14 +809,16 @@ do_exec(Session *s, const char *command) } @@ -388,7 +388,7 @@ diff -up openssh-5.8p1/session.c.audit1 openssh-5.8p1/session.c if (s->display) diff -up openssh-5.8p1/session.h.audit1 openssh-5.8p1/session.h --- openssh-5.8p1/session.h.audit1 2008-05-19 07:34:50.000000000 +0200 -+++ openssh-5.8p1/session.h 2011-02-24 13:49:49.000000000 +0100 ++++ openssh-5.8p1/session.h 2011-02-28 22:39:02.000000000 +0100 @@ -60,6 +60,11 @@ struct Session { char *name; char *val; @@ -402,8 +402,8 @@ diff -up openssh-5.8p1/session.h.audit1 openssh-5.8p1/session.h void do_authenticated(Authctxt *); diff -up openssh-5.8p1/sshd.c.audit1 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit1 2011-02-24 13:50:29.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-24 13:50:47.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit1 2011-01-11 07:20:31.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-28 22:39:02.000000000 +0100 @@ -2342,7 +2342,8 @@ cleanup_exit(int i) do_cleanup(the_authctxt); #ifdef SSH_AUDIT_EVENTS diff --git a/openssh-5.8p1-audit1a.patch b/openssh-5.8p1-audit1a.patch index dce297a..e69de29 100644 --- a/openssh-5.8p1-audit1a.patch +++ b/openssh-5.8p1-audit1a.patch @@ -1,21 +0,0 @@ -diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit1a 2011-02-28 14:45:40.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-28 14:46:50.000000000 +0100 -@@ -155,7 +155,7 @@ audit_end_command(const char *command) - { - linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), - NULL, "ssh", 1, AUDIT_USER_END); -- if (!--user_login_count) -+ if (user_login_count && !--user_login_count) - linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), - NULL, "ssh", 1, AUDIT_USER_LOGOUT); - } -@@ -175,7 +175,7 @@ audit_session_close(struct logininfo *li - { - linux_audit_user_logxxx(li->uid, NULL, li->hostname, - NULL, li->line, 1, AUDIT_USER_END); -- if (!--user_login_count) -+ if (user_login_count && !--user_login_count) - linux_audit_user_logxxx(li->uid, NULL, li->hostname, - NULL, li->line, 1, AUDIT_USER_LOGOUT); - } diff --git a/openssh-5.8p1-audit4.patch b/openssh-5.8p1-audit4.patch index 94f129e..28fe5b8 100644 --- a/openssh-5.8p1-audit4.patch +++ b/openssh-5.8p1-audit4.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit4 2011-02-24 13:54:02.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-24 13:54:02.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit4 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-28 23:07:12.000000000 +0100 @@ -401,4 +401,10 @@ audit_kex_body(int ctos, char *enc, char { /* not implemented */ @@ -13,8 +13,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit4 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit4 2011-02-24 13:54:02.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-24 13:54:02.000000000 +0100 +--- openssh-5.8p1/audit.c.audit4 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-28 23:07:12.000000000 +0100 @@ -143,6 +143,12 @@ audit_kex(int ctos, char *enc, char *mac PRIVSEP(audit_kex_body(ctos, enc, mac, comp, getpid(), getuid())); } @@ -45,8 +45,8 @@ diff -up openssh-5.8p1/audit.c.audit4 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit4 2011-02-24 13:54:02.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-24 13:54:02.000000000 +0100 +--- openssh-5.8p1/audit.h.audit4 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-28 23:07:12.000000000 +0100 @@ -61,5 +61,7 @@ void audit_unsupported(int); void audit_kex(int, char *, char *, char *); void audit_unsupported_body(int); @@ -56,8 +56,8 @@ diff -up openssh-5.8p1/audit.h.audit4 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit4 2011-02-24 13:54:02.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-24 13:54:02.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit4 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-28 23:07:12.000000000 +0100 @@ -285,6 +285,8 @@ audit_unsupported_body(int what) #endif } @@ -107,8 +107,8 @@ diff -up openssh-5.8p1/audit-linux.c.audit4 openssh-5.8p1/audit-linux.c + #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c ---- openssh-5.8p1/auditstub.c.audit4 2011-02-24 13:54:02.000000000 +0100 -+++ openssh-5.8p1/auditstub.c 2011-02-24 13:54:02.000000000 +0100 +--- openssh-5.8p1/auditstub.c.audit4 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/auditstub.c 2011-02-28 23:07:12.000000000 +0100 @@ -27,6 +27,8 @@ * Red Hat author: Jan F. Chadima <jchadima(a)redhat.com> */ @@ -132,8 +132,8 @@ diff -up openssh-5.8p1/auditstub.c.audit4 openssh-5.8p1/auditstub.c +{ +} diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c ---- openssh-5.8p1/kex.c.audit4 2011-02-24 13:54:02.000000000 +0100 -+++ openssh-5.8p1/kex.c 2011-02-24 13:54:02.000000000 +0100 +--- openssh-5.8p1/kex.c.audit4 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/kex.c 2011-02-28 23:07:12.000000000 +0100 @@ -624,3 +624,34 @@ dump_digest(char *msg, u_char *digest, i fprintf(stderr, "\n"); } @@ -171,7 +171,7 @@ diff -up openssh-5.8p1/kex.c.audit4 openssh-5.8p1/kex.c + diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h --- openssh-5.8p1/kex.h.audit4 2010-09-24 14:11:14.000000000 +0200 -+++ openssh-5.8p1/kex.h 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/kex.h 2011-02-28 23:07:12.000000000 +0100 @@ -156,6 +156,8 @@ void kexgex_server(Kex *); void kexecdh_client(Kex *); void kexecdh_server(Kex *); @@ -183,7 +183,7 @@ diff -up openssh-5.8p1/kex.h.audit4 openssh-5.8p1/kex.h BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c --- openssh-5.8p1/mac.c.audit4 2008-06-13 02:58:50.000000000 +0200 -+++ openssh-5.8p1/mac.c 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/mac.c 2011-02-28 23:07:12.000000000 +0100 @@ -162,6 +162,20 @@ mac_clear(Mac *mac) mac->umac_ctx = NULL; } @@ -207,15 +207,15 @@ diff -up openssh-5.8p1/mac.c.audit4 openssh-5.8p1/mac.c int diff -up openssh-5.8p1/mac.h.audit4 openssh-5.8p1/mac.h --- openssh-5.8p1/mac.h.audit4 2007-06-11 06:01:42.000000000 +0200 -+++ openssh-5.8p1/mac.h 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/mac.h 2011-02-28 23:07:13.000000000 +0100 @@ -28,3 +28,4 @@ int mac_setup(Mac *, char *); int mac_init(Mac *); u_char *mac_compute(Mac *, u_int32_t, u_char *, int); void mac_clear(Mac *); +void mac_destroy(Mac *); diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit4 2011-02-24 13:54:02.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-24 13:54:02.000000000 +0100 +--- openssh-5.8p1/monitor.c.audit4 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-28 23:07:13.000000000 +0100 @@ -181,6 +181,7 @@ int mm_answer_audit_command(int, Buffer int mm_answer_audit_end_command(int, Buffer *); int mm_answer_audit_unsupported_body(int, Buffer *); @@ -311,8 +311,8 @@ diff -up openssh-5.8p1/monitor.c.audit4 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit4 2011-02-24 13:54:02.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-24 13:54:02.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit4 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-28 23:07:13.000000000 +0100 @@ -69,6 +69,7 @@ enum monitor_reqtype { MONITOR_REQ_JPAKE_CHECK_CONFIRM, MONITOR_ANS_JPAKE_CHECK_CONFIRM, MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, @@ -322,8 +322,8 @@ diff -up openssh-5.8p1/monitor.h.audit4 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-24 13:54:02.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-24 13:54:02.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.c.audit4 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-28 23:07:13.000000000 +0100 @@ -601,12 +601,14 @@ mm_send_keystate(struct monitor *monitor fatal("%s: conversion of newkeys failed", __func__); @@ -360,8 +360,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit4 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-24 13:54:02.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-24 13:54:02.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.h.audit4 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-28 23:07:13.000000000 +0100 @@ -77,6 +77,7 @@ void mm_audit_run_command(const char *); void mm_audit_end_command(const char *); void mm_audit_unsupported_body(int); @@ -372,7 +372,7 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit4 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c --- openssh-5.8p1/packet.c.audit4 2010-11-24 00:46:37.000000000 +0100 -+++ openssh-5.8p1/packet.c 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/packet.c 2011-02-28 23:07:13.000000000 +0100 @@ -60,6 +60,7 @@ #include <signal.h> @@ -532,7 +532,7 @@ diff -up openssh-5.8p1/packet.c.audit4 openssh-5.8p1/packet.c + diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h --- openssh-5.8p1/packet.h.audit4 2010-11-20 05:19:38.000000000 +0100 -+++ openssh-5.8p1/packet.h 2011-02-24 13:54:02.000000000 +0100 ++++ openssh-5.8p1/packet.h 2011-02-28 23:07:13.000000000 +0100 @@ -125,4 +125,5 @@ void packet_restore_state(void); void *packet_get_input(void); void *packet_get_output(void); @@ -540,8 +540,8 @@ diff -up openssh-5.8p1/packet.h.audit4 openssh-5.8p1/packet.h +void packet_destroy_all(int, int); #endif /* PACKET_H */ diff -up openssh-5.8p1/session.c.audit4 openssh-5.8p1/session.c ---- openssh-5.8p1/session.c.audit4 2011-02-24 13:54:01.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-02-24 13:54:02.000000000 +0100 +--- openssh-5.8p1/session.c.audit4 2011-02-28 23:07:11.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-02-28 23:07:13.000000000 +0100 @@ -1617,6 +1617,9 @@ do_child(Session *s, const char *command /* remove hostkey from the child's memory */ @@ -553,8 +553,8 @@ diff -up openssh-5.8p1/session.c.audit4 openssh-5.8p1/session.c /* Force a password change */ if (s->authctxt->force_pwchange) { diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit4 2011-02-24 13:54:02.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-24 13:55:09.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit4 2011-02-28 23:07:12.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-28 23:07:13.000000000 +0100 @@ -663,6 +663,8 @@ privsep_preauth(Authctxt *authctxt) return (0); } @@ -564,17 +564,18 @@ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c static void privsep_postauth(Authctxt *authctxt) { -@@ -688,6 +690,9 @@ privsep_postauth(Authctxt *authctxt) +@@ -688,6 +690,10 @@ privsep_postauth(Authctxt *authctxt) verbose("User child is on pid %ld", (long)pmonitor->m_pid); close(pmonitor->m_recvfd); buffer_clear(&loginmsg); + newkeys_destroy(current_keys[MODE_OUT]); + newkeys_destroy(current_keys[MODE_IN]); -+ packet_destroy_all(1, 0); ++ audit_session_key_free_body(2, getpid(), getuid()); ++ packet_destroy_all(0, 0); monitor_child_postauth(pmonitor); /* NEVERREACHED */ -@@ -1974,6 +1979,7 @@ main(int ac, char **av) +@@ -1974,6 +1980,7 @@ main(int ac, char **av) */ if (use_privsep) { mm_send_keystate(pmonitor); @@ -582,7 +583,7 @@ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c exit(0); } -@@ -2026,6 +2032,8 @@ main(int ac, char **av) +@@ -2026,6 +2033,8 @@ main(int ac, char **av) do_authenticated(authctxt); /* The connection has been terminated. */ @@ -591,7 +592,7 @@ diff -up openssh-5.8p1/sshd.c.audit4 openssh-5.8p1/sshd.c packet_get_state(MODE_IN, NULL, NULL, NULL, &ibytes); packet_get_state(MODE_OUT, NULL, NULL, NULL, &obytes); verbose("Transferred: sent %llu, received %llu bytes", -@@ -2345,6 +2353,7 @@ cleanup_exit(int i) +@@ -2345,6 +2354,7 @@ cleanup_exit(int i) { if (the_authctxt) do_cleanup(the_authctxt); diff --git a/openssh-5.8p1-audit4a.patch b/openssh-5.8p1-audit4a.patch index a4a3d66..e69de29 100644 --- a/openssh-5.8p1-audit4a.patch +++ b/openssh-5.8p1-audit4a.patch @@ -1,13 +0,0 @@ -diff -ur openssh/sshd.c openssh-5.8p1/sshd.c ---- openssh/sshd.c 2011-02-23 16:23:05.720096223 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-23 17:04:24.206612620 +0100 -@@ -748,7 +748,8 @@ - buffer_clear(&loginmsg); - newkeys_destroy(current_keys[MODE_OUT]); - newkeys_destroy(current_keys[MODE_IN]); -- packet_destroy_all(1, 0); -+ audit_session_key_free_body(2, getpid(), getuid()); -+ packet_destroy_all(0, 0); - monitor_child_postauth(pmonitor); - - /* NEVERREACHED */ diff --git a/openssh-5.8p1-audit5.patch b/openssh-5.8p1-audit5.patch index 9923f0b..e18f275 100644 --- a/openssh-5.8p1-audit5.patch +++ b/openssh-5.8p1-audit5.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c ---- openssh-5.8p1/audit-bsm.c.audit5 2011-02-24 13:39:32.000000000 +0100 -+++ openssh-5.8p1/audit-bsm.c 2011-02-24 13:39:32.000000000 +0100 +--- openssh-5.8p1/audit-bsm.c.audit5 2011-02-28 23:17:12.000000000 +0100 ++++ openssh-5.8p1/audit-bsm.c 2011-02-28 23:17:13.000000000 +0100 @@ -407,4 +407,22 @@ audit_session_key_free_body(int ctos, pi { /* not implemented */ @@ -25,8 +25,8 @@ diff -up openssh-5.8p1/audit-bsm.c.audit5 openssh-5.8p1/audit-bsm.c +} #endif /* BSM */ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c ---- openssh-5.8p1/audit.c.audit5 2011-02-24 13:39:32.000000000 +0100 -+++ openssh-5.8p1/audit.c 2011-02-24 13:39:32.000000000 +0100 +--- openssh-5.8p1/audit.c.audit5 2011-02-28 23:17:12.000000000 +0100 ++++ openssh-5.8p1/audit.c 2011-02-28 23:17:13.000000000 +0100 @@ -276,5 +276,24 @@ audit_session_key_free_body(int ctos, pi debug("audit session key discard euid %u direction %d from pid %ld uid %u", (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); @@ -53,8 +53,8 @@ diff -up openssh-5.8p1/audit.c.audit5 openssh-5.8p1/audit.c # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h ---- openssh-5.8p1/audit.h.audit5 2011-02-24 13:39:32.000000000 +0100 -+++ openssh-5.8p1/audit.h 2011-02-24 13:39:32.000000000 +0100 +--- openssh-5.8p1/audit.h.audit5 2011-02-28 23:17:12.000000000 +0100 ++++ openssh-5.8p1/audit.h 2011-02-28 23:17:13.000000000 +0100 @@ -48,6 +48,8 @@ enum ssh_audit_event_type { }; typedef enum ssh_audit_event_type ssh_audit_event_t; @@ -73,8 +73,8 @@ diff -up openssh-5.8p1/audit.h.audit5 openssh-5.8p1/audit.h #endif /* _SSH_AUDIT_H */ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit5 2011-02-24 13:39:32.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-24 13:39:32.000000000 +0100 +--- openssh-5.8p1/audit-linux.c.audit5 2011-02-28 23:17:12.000000000 +0100 ++++ openssh-5.8p1/audit-linux.c 2011-02-28 23:17:13.000000000 +0100 @@ -343,4 +343,50 @@ audit_session_key_free_body(int ctos, pi error("cannot write into audit"); } @@ -127,9 +127,9 @@ diff -up openssh-5.8p1/audit-linux.c.audit5 openssh-5.8p1/audit-linux.c +} #endif /* USE_LINUX_AUDIT */ diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c ---- openssh-5.8p1/key.c.audit5 2011-02-24 13:39:31.000000000 +0100 -+++ openssh-5.8p1/key.c 2011-02-24 13:39:32.000000000 +0100 -@@ -1795,6 +1795,30 @@ key_demote(const Key *k) +--- openssh-5.8p1/key.c.audit5 2011-02-28 23:17:10.000000000 +0100 ++++ openssh-5.8p1/key.c 2011-02-28 23:17:13.000000000 +0100 +@@ -1797,6 +1797,30 @@ key_demote(const Key *k) } int @@ -161,8 +161,8 @@ diff -up openssh-5.8p1/key.c.audit5 openssh-5.8p1/key.c { if (k == NULL) diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h ---- openssh-5.8p1/key.h.audit5 2011-02-24 13:39:31.000000000 +0100 -+++ openssh-5.8p1/key.h 2011-02-24 13:39:32.000000000 +0100 +--- openssh-5.8p1/key.h.audit5 2011-02-28 23:17:10.000000000 +0100 ++++ openssh-5.8p1/key.h 2011-02-28 23:17:13.000000000 +0100 @@ -109,6 +109,7 @@ Key *key_generate(int, u_int); Key *key_from_private(const Key *); int key_type_from_name(char *); @@ -172,9 +172,18 @@ diff -up openssh-5.8p1/key.h.audit5 openssh-5.8p1/key.h int key_to_certified(Key *, int); int key_drop_cert(Key *); diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c ---- openssh-5.8p1/monitor.c.audit5 2011-02-24 13:39:32.000000000 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-24 13:39:32.000000000 +0100 -@@ -182,6 +182,7 @@ int mm_answer_audit_end_command(int, Buf +--- openssh-5.8p1/monitor.c.audit5 2011-02-28 23:17:13.000000000 +0100 ++++ openssh-5.8p1/monitor.c 2011-02-28 23:17:14.000000000 +0100 +@@ -106,6 +106,8 @@ extern Buffer auth_debug; + extern int auth_debug_init; + extern Buffer loginmsg; + ++extern void destroy_sensitive_data(int); ++ + /* State exported from the child */ + + struct { +@@ -182,6 +184,7 @@ int mm_answer_audit_end_command(int, Buf int mm_answer_audit_unsupported_body(int, Buffer *); int mm_answer_audit_kex_body(int, Buffer *); int mm_answer_audit_session_key_free_body(int, Buffer *); @@ -182,7 +191,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif static Authctxt *authctxt; -@@ -233,6 +234,7 @@ struct mon_table mon_dispatch_proto20[] +@@ -233,6 +236,7 @@ struct mon_table mon_dispatch_proto20[] {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, @@ -190,7 +199,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif #ifdef BSD_AUTH {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, -@@ -273,6 +275,7 @@ struct mon_table mon_dispatch_postauth20 +@@ -273,6 +277,7 @@ struct mon_table mon_dispatch_postauth20 {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, @@ -198,7 +207,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -307,6 +310,7 @@ struct mon_table mon_dispatch_proto15[] +@@ -307,6 +312,7 @@ struct mon_table mon_dispatch_proto15[] {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, @@ -206,7 +215,7 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -322,6 +326,7 @@ struct mon_table mon_dispatch_postauth15 +@@ -322,6 +328,7 @@ struct mon_table mon_dispatch_postauth15 {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, @@ -214,7 +223,16 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c #endif {0, 0, NULL} }; -@@ -2309,4 +2314,24 @@ mm_answer_audit_session_key_free_body(in +@@ -1597,6 +1604,8 @@ mm_answer_term(int sock, Buffer *req) + sshpam_cleanup(); + #endif + ++ destroy_sensitive_data(0); ++ + while (waitpid(pmonitor->m_pid, &status, 0) == -1) + if (errno != EINTR) + exit(1); +@@ -2309,4 +2318,24 @@ mm_answer_audit_session_key_free_body(in mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); return 0; } @@ -240,8 +258,8 @@ diff -up openssh-5.8p1/monitor.c.audit5 openssh-5.8p1/monitor.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h ---- openssh-5.8p1/monitor.h.audit5 2011-02-24 13:39:32.000000000 +0100 -+++ openssh-5.8p1/monitor.h 2011-02-24 13:39:32.000000000 +0100 +--- openssh-5.8p1/monitor.h.audit5 2011-02-28 23:17:13.000000000 +0100 ++++ openssh-5.8p1/monitor.h 2011-02-28 23:17:14.000000000 +0100 @@ -70,6 +70,7 @@ enum monitor_reqtype { MONITOR_REQ_AUDIT_UNSUPPORTED, MONITOR_ANS_AUDIT_UNSUPPORTED, MONITOR_REQ_AUDIT_KEX, MONITOR_ANS_AUDIT_KEX, @@ -251,8 +269,8 @@ diff -up openssh-5.8p1/monitor.h.audit5 openssh-5.8p1/monitor.h struct mm_master; diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c ---- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-24 13:39:32.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.c 2011-02-24 13:39:32.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.c.audit5 2011-02-28 23:17:13.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.c 2011-02-28 23:17:14.000000000 +0100 @@ -1480,4 +1480,20 @@ mm_audit_session_key_free_body(int ctos, &m); buffer_free(&m); @@ -275,8 +293,8 @@ diff -up openssh-5.8p1/monitor_wrap.c.audit5 openssh-5.8p1/monitor_wrap.c +} #endif /* SSH_AUDIT_EVENTS */ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h ---- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-24 13:39:32.000000000 +0100 -+++ openssh-5.8p1/monitor_wrap.h 2011-02-24 13:39:32.000000000 +0100 +--- openssh-5.8p1/monitor_wrap.h.audit5 2011-02-28 23:17:13.000000000 +0100 ++++ openssh-5.8p1/monitor_wrap.h 2011-02-28 23:17:14.000000000 +0100 @@ -78,6 +78,7 @@ void mm_audit_end_command(const char *); void mm_audit_unsupported_body(int); void mm_audit_kex_body(int, char *, char *, char *, pid_t, uid_t); @@ -286,8 +304,8 @@ diff -up openssh-5.8p1/monitor_wrap.h.audit5 openssh-5.8p1/monitor_wrap.h struct Session; diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c ---- openssh-5.8p1/session.c.audit5 2011-02-24 13:39:32.000000000 +0100 -+++ openssh-5.8p1/session.c 2011-02-24 13:43:35.000000000 +0100 +--- openssh-5.8p1/session.c.audit5 2011-02-28 23:17:13.000000000 +0100 ++++ openssh-5.8p1/session.c 2011-02-28 23:17:14.000000000 +0100 @@ -132,7 +132,7 @@ extern int log_stderr; extern int debug_flag; extern u_int utmp_len; @@ -307,8 +325,8 @@ diff -up openssh-5.8p1/session.c.audit5 openssh-5.8p1/session.c monitor over a single socket, with no synchronization. */ packet_destroy_all(0, 1); diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.audit5 2011-02-24 13:39:32.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-24 13:43:08.000000000 +0100 +--- openssh-5.8p1/sshd.c.audit5 2011-02-28 23:17:13.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-28 23:17:14.000000000 +0100 @@ -253,7 +253,7 @@ Buffer loginmsg; struct passwd *privsep_pw = NULL; @@ -422,7 +440,7 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c } /* Certs do not need demotion */ } -@@ -1119,6 +1169,7 @@ server_accept_loop(int *sock_in, int *so +@@ -1120,6 +1170,7 @@ server_accept_loop(int *sock_in, int *so if (received_sigterm) { logit("Received signal %d; terminating.", (int) received_sigterm); @@ -430,7 +448,7 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c close_listen_socks(); unlink(options.pid_file); exit(255); -@@ -2022,7 +2073,7 @@ main(int ac, char **av) +@@ -2023,7 +2074,7 @@ main(int ac, char **av) privsep_postauth(authctxt); /* the monitor process [priv] will not return */ if (!compat20) @@ -439,7 +457,7 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c } packet_set_timeout(options.client_alive_interval, -@@ -2261,7 +2312,7 @@ do_ssh1_kex(void) +@@ -2262,7 +2313,7 @@ do_ssh1_kex(void) session_id[i] = session_key[i] ^ session_key[i + 16]; } /* Destroy the private and public keys. No longer. */ @@ -448,7 +466,7 @@ diff -up openssh-5.8p1/sshd.c.audit5 openssh-5.8p1/sshd.c if (use_privsep) mm_ssh1_session_id(session_id); -@@ -2351,8 +2402,22 @@ do_ssh2_kex(void) +@@ -2352,8 +2403,22 @@ do_ssh2_kex(void) void cleanup_exit(int i) { diff --git a/openssh-5.8p1-audit5a.patch b/openssh-5.8p1-audit5a.patch index e70cf9e..e69de29 100644 --- a/openssh-5.8p1-audit5a.patch +++ b/openssh-5.8p1-audit5a.patch @@ -1,21 +0,0 @@ -diff -ur openssh/monitor.c openssh-5.8p1/monitor.c ---- openssh/monitor.c 2011-02-23 14:22:42.007937852 +0100 -+++ openssh-5.8p1/monitor.c 2011-02-23 19:26:01.491710679 +0100 -@@ -106,6 +106,8 @@ - extern int auth_debug_init; - extern Buffer loginmsg; - -+extern void destroy_sensitive_data(int); -+ - /* State exported from the child */ - - struct { -@@ -1651,6 +1653,8 @@ - sshpam_cleanup(); - #endif - -+ destroy_sensitive_data(0); -+ - while (waitpid(pmonitor->m_pid, &status, 0) == -1) - if (errno != EINTR) - exit(1); diff --git a/openssh-5.8p1-keycat2.patch b/openssh-5.8p1-keycat2.patch new file mode 100644 index 0000000..9a88c9a --- /dev/null +++ b/openssh-5.8p1-keycat2.patch @@ -0,0 +1,132 @@ +diff -up openssh-5.8p1/auth2-pubkey.c.keycat2 openssh-5.8p1/auth2-pubkey.c +--- openssh-5.8p1/auth2-pubkey.c.keycat2 2011-03-01 06:57:03.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-03-01 07:25:04.000000000 +0100 +@@ -579,6 +579,14 @@ user_key_via_command_allowed2(struct pas + close(i); + } + ++#ifdef WITH_SELINUX ++ if (ssh_selinux_setup_env_variables() < 0) { ++ error ("failed to copy environment: %s", ++ strerror(errno)); ++ _exit(127); ++ } ++#endif ++ + execl(options.authorized_keys_command, options.authorized_keys_command, pw->pw_name, NULL); + + /* if we got here, it didn't work */ +diff -up openssh-5.8p1/openbsd-compat/port-linux.c.keycat2 openssh-5.8p1/openbsd-compat/port-linux.c +--- openssh-5.8p1/openbsd-compat/port-linux.c.keycat2 2011-03-01 07:00:32.000000000 +0100 ++++ openssh-5.8p1/openbsd-compat/port-linux.c 2011-03-01 07:23:13.000000000 +0100 +@@ -309,7 +309,7 @@ ssh_selinux_getctxbyname(char *pwname, + + /* Setup environment variables for pam_selinux */ + static int +-ssh_selinux_setup_pam_variables(void) ++ssh_selinux_setup_variables(int(*set_it)(const char *, const char *)) + { + const char *reqlvl; + char *role; +@@ -320,16 +320,16 @@ ssh_selinux_setup_pam_variables(void) + + ssh_selinux_get_role_level(&role, &reqlvl); + +- rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : ""); ++ rv = set_it("SELINUX_ROLE_REQUESTED", role ? role : ""); + + if (inetd_flag && !rexeced_flag) { + use_current = "1"; + } else { + use_current = ""; +- rv = rv || do_pam_putenv("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: ""); ++ rv = rv || set_it("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: ""); + } + +- rv = rv || do_pam_putenv("SELINUX_USE_CURRENT_RANGE", use_current); ++ rv = rv || set_it("SELINUX_USE_CURRENT_RANGE", use_current); + + if (role != NULL) + xfree(role); +@@ -337,6 +337,24 @@ ssh_selinux_setup_pam_variables(void) + return rv; + } + ++static int ++ssh_selinux_setup_pam_variables(void) ++{ ++ return ssh_selinux_setup_variables(do_pam_putenv); ++} ++ ++static int ++do_setenv(char *name, char *value) ++{ ++ return setenv(name, value, 1); ++} ++ ++int ++ssh_selinux_setup_env_variables(void) ++{ ++ return ssh_selinux_setup_variables(do_setenv); ++} ++ + /* Set the execution context to the default for the specified user */ + void + ssh_selinux_setup_exec_context(char *pwname) +diff -up openssh-5.8p1/ssh-keycat.c.keycat2 openssh-5.8p1/ssh-keycat.c +--- openssh-5.8p1/ssh-keycat.c.keycat2 2011-03-01 06:56:02.000000000 +0100 ++++ openssh-5.8p1/ssh-keycat.c 2011-03-01 06:56:02.000000000 +0100 +@@ -65,6 +65,7 @@ + #define ERR_FDOPEN 10 + #define ERR_STAT 11 + #define ERR_WRITE 12 ++#define ERR_PAM_PUTENV 13 + #define BUFLEN 4096 + + /* Just ignore the messages in the conversation function */ +@@ -166,6 +167,34 @@ fail: + return rv; + } + ++static const char *env_names[] = { "SELINUX_ROLE_REQUESTED", ++ "SELINUX_LEVEL_REQUESTED", ++ "SELINUX_USE_CURRENT_RANGE" ++}; ++ ++extern char **environ; ++ ++int ++set_pam_environment(pam_handle_t *pamh) ++{ ++ int i; ++ size_t j; ++ ++ for (j = 0; j < sizeof(env_names)/sizeof(env_names[0]); ++j) { ++ int len = strlen(env_names[j]); ++ ++ for (i = 0; environ[i] != NULL; ++i) { ++ if (strncmp(env_names[j], environ[i], len) == 0 && ++ environ[i][len] == '=') { ++ if (pam_putenv(pamh, environ[i]) != PAM_SUCCESS) ++ return ERR_PAM_PUTENV; ++ } ++ } ++ } ++ ++ return 0; ++} ++ + int + main(int argc, char *argv[]) + { +@@ -183,6 +212,10 @@ main(int argc, char *argv[]) + return ERR_PAM_START; + } + ++ ev = set_pam_environment(pamh); ++ if (ev != 0) ++ goto finish; ++ + retval = pam_open_session(pamh, PAM_SILENT); + if (retval != PAM_SUCCESS) { + ev = ERR_OPEN_SESSION; diff --git a/openssh-5.8p1-ldap.patch b/openssh-5.8p1-ldap.patch index ca7183b..0498021 100644 --- a/openssh-5.8p1-ldap.patch +++ b/openssh-5.8p1-ldap.patch @@ -1,7 +1,7 @@ -diff -up openssh-5.6p1/configure.ac.ldap openssh-5.6p1/configure.ac ---- openssh-5.6p1/configure.ac.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/configure.ac 2010-10-20 09:21:04.000000000 +0200 -@@ -1366,6 +1366,106 @@ AC_ARG_WITH(authorized-keys-command, +diff -up openssh-5.8p1/configure.ac.ldap openssh-5.8p1/configure.ac +--- openssh-5.8p1/configure.ac.ldap 2011-02-28 23:21:05.000000000 +0100 ++++ openssh-5.8p1/configure.ac 2011-02-28 23:21:06.000000000 +0100 +@@ -1434,6 +1434,106 @@ AC_ARG_WITH(authorized-keys-command, ] ) @@ -108,9 +108,27 @@ diff -up openssh-5.6p1/configure.ac.ldap openssh-5.6p1/configure.ac dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS( \ arc4random \ -diff -up openssh-5.6p1/ldapbody.c.ldap openssh-5.6p1/ldapbody.c ---- openssh-5.6p1/ldapbody.c.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/ldapbody.c 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/HOWTO.ldap-keys.ldap openssh-5.8p1/HOWTO.ldap-keys +--- openssh-5.8p1/HOWTO.ldap-keys.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/HOWTO.ldap-keys 2011-02-28 23:21:06.000000000 +0100 +@@ -0,0 +1,14 @@ ++ ++1) configure LDAP server ++2) add appropriate schema ++3) insert users into LDAP ++4) on the ssh side set in sshd_config ++AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper ++AuthorizedKeysCommandRunAs <appropriate user to run LDAP> ++5) do not forget to set ++PubkeyAuthentication yes ++ ++ ++To debug the ssh-ldap-helper is possible to set ++the necessary flags in the ssh-ldap-wrapper. ++ +diff -up openssh-5.8p1/ldapbody.c.ldap openssh-5.8p1/ldapbody.c +--- openssh-5.8p1/ldapbody.c.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/ldapbody.c 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,494 @@ +/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -606,9 +624,9 @@ diff -up openssh-5.6p1/ldapbody.c.ldap openssh-5.6p1/ldapbody.c + return; +} + -diff -up openssh-5.6p1/ldapbody.h.ldap openssh-5.6p1/ldapbody.h ---- openssh-5.6p1/ldapbody.h.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/ldapbody.h 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/ldapbody.h.ldap openssh-5.8p1/ldapbody.h +--- openssh-5.8p1/ldapbody.h.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/ldapbody.h 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,37 @@ +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -647,9 +665,9 @@ diff -up openssh-5.6p1/ldapbody.h.ldap openssh-5.6p1/ldapbody.h + +#endif /* LDAPBODY_H */ + -diff -up openssh-5.6p1/ldapconf.c.ldap openssh-5.6p1/ldapconf.c ---- openssh-5.6p1/ldapconf.c.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/ldapconf.c 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/ldapconf.c.ldap openssh-5.8p1/ldapconf.c +--- openssh-5.8p1/ldapconf.c.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/ldapconf.c 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,682 @@ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -1333,9 +1351,9 @@ diff -up openssh-5.6p1/ldapconf.c.ldap openssh-5.6p1/ldapconf.c + dump_cfg_string(lSSH_Filter, options.ssh_filter); +} + -diff -up openssh-5.6p1/ldapconf.h.ldap openssh-5.6p1/ldapconf.h ---- openssh-5.6p1/ldapconf.h.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/ldapconf.h 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/ldapconf.h.ldap openssh-5.8p1/ldapconf.h +--- openssh-5.8p1/ldapconf.h.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/ldapconf.h 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,71 @@ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -1408,9 +1426,9 @@ diff -up openssh-5.6p1/ldapconf.h.ldap openssh-5.6p1/ldapconf.h +void dump_config(void); + +#endif /* LDAPCONF_H */ -diff -up openssh-5.6p1/ldap.conf.ldap openssh-5.6p1/ldap.conf ---- openssh-5.6p1/ldap.conf.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/ldap.conf 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/ldap.conf.ldap openssh-5.8p1/ldap.conf +--- openssh-5.8p1/ldap.conf.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/ldap.conf 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,88 @@ +# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $ +# @@ -1500,9 +1518,9 @@ diff -up openssh-5.6p1/ldap.conf.ldap openssh-5.6p1/ldap.conf +#tls_cert +#tls_key + -diff -up openssh-5.6p1/ldap-helper.c.ldap openssh-5.6p1/ldap-helper.c ---- openssh-5.6p1/ldap-helper.c.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/ldap-helper.c 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/ldap-helper.c.ldap openssh-5.8p1/ldap-helper.c +--- openssh-5.8p1/ldap-helper.c.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/ldap-helper.c 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,154 @@ +/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -1557,7 +1575,7 @@ diff -up openssh-5.6p1/ldap-helper.c.ldap openssh-5.6p1/ldap-helper.c + fprintf(stderr, " -f file Use alternate config file (default is /etc/ssh/ldap.conf).\n"); + fprintf(stderr, " -s user Do not demonize, send the user's key to stdout.\n"); + fprintf(stderr, " -v Increase verbosity of the debug output (implies -d).\n"); -+ fprintf(stderr, " -w Warn on unknown commands int the config file.\n"); ++ fprintf(stderr, " -w Warn on unknown commands in the config file.\n"); + exit(1); +} + @@ -1658,9 +1676,9 @@ diff -up openssh-5.6p1/ldap-helper.c.ldap openssh-5.6p1/ldap-helper.c +void *buffer_get_string(Buffer *b, u_int *l) {} +void buffer_put_string(Buffer *b, const void *f, u_int l) {} + -diff -up openssh-5.6p1/ldap-helper.h.ldap openssh-5.6p1/ldap-helper.h ---- openssh-5.6p1/ldap-helper.h.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/ldap-helper.h 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/ldap-helper.h.ldap openssh-5.8p1/ldap-helper.h +--- openssh-5.8p1/ldap-helper.h.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/ldap-helper.h 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,32 @@ +/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -1694,9 +1712,9 @@ diff -up openssh-5.6p1/ldap-helper.h.ldap openssh-5.6p1/ldap-helper.h +extern int config_warning_config_file; + +#endif /* LDAP_HELPER_H */ -diff -up openssh-5.6p1/ldapincludes.h.ldap openssh-5.6p1/ldapincludes.h ---- openssh-5.6p1/ldapincludes.h.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/ldapincludes.h 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/ldapincludes.h.ldap openssh-5.8p1/ldapincludes.h +--- openssh-5.8p1/ldapincludes.h.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/ldapincludes.h 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,41 @@ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -1739,9 +1757,9 @@ diff -up openssh-5.6p1/ldapincludes.h.ldap openssh-5.6p1/ldapincludes.h +#endif + +#endif /* LDAPINCLUDES_H */ -diff -up openssh-5.6p1/ldapmisc.c.ldap openssh-5.6p1/ldapmisc.c ---- openssh-5.6p1/ldapmisc.c.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/ldapmisc.c 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/ldapmisc.c.ldap openssh-5.8p1/ldapmisc.c +--- openssh-5.8p1/ldapmisc.c.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/ldapmisc.c 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,79 @@ + +#include "ldapincludes.h" @@ -1822,9 +1840,9 @@ diff -up openssh-5.6p1/ldapmisc.c.ldap openssh-5.6p1/ldapmisc.c +} +#endif + -diff -up openssh-5.6p1/ldapmisc.h.ldap openssh-5.6p1/ldapmisc.h ---- openssh-5.6p1/ldapmisc.h.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/ldapmisc.h 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/ldapmisc.h.ldap openssh-5.8p1/ldapmisc.h +--- openssh-5.8p1/ldapmisc.h.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/ldapmisc.h 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,35 @@ +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -1861,9 +1879,9 @@ diff -up openssh-5.6p1/ldapmisc.h.ldap openssh-5.6p1/ldapmisc.h + +#endif /* LDAPMISC_H */ + -diff -up openssh-5.6p1/lpk-user-example.txt.ldap openssh-5.6p1/lpk-user-example.txt ---- openssh-5.6p1/lpk-user-example.txt.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/lpk-user-example.txt 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/lpk-user-example.txt.ldap openssh-5.8p1/lpk-user-example.txt +--- openssh-5.8p1/lpk-user-example.txt.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/lpk-user-example.txt 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,117 @@ + +Post to ML -> User Made Quick Install Doc. @@ -1982,18 +2000,19 @@ diff -up openssh-5.6p1/lpk-user-example.txt.ldap openssh-5.6p1/lpk-user-example. +puTTY). Login should succeed. + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ -diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in ---- openssh-5.6p1/Makefile.in.ldap 2010-10-20 09:21:03.000000000 +0200 -+++ openssh-5.6p1/Makefile.in 2010-10-20 10:36:39.000000000 +0200 -@@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas +diff -up openssh-5.8p1/Makefile.in.ldap openssh-5.8p1/Makefile.in +--- openssh-5.8p1/Makefile.in.ldap 2011-02-28 23:21:03.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-28 23:21:06.000000000 +0100 +@@ -26,6 +26,8 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper +SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper ++SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper RAND_HELPER=$(libexecdir)/ssh-rand-helper PRIVSEP_PATH=@PRIVSEP_PATH@ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ -@@ -61,8 +62,9 @@ EXEEXT=@EXEEXT@ +@@ -63,8 +65,9 @@ MANFMT=@MANFMT@ INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ @@ -2004,7 +2023,7 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ -@@ -94,8 +96,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw +@@ -96,8 +99,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw sftp-server.o sftp-common.o \ roaming_common.o roaming_serv.o @@ -2015,7 +2034,7 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in MANTYPE = @MANTYPE@ CONFIGFILES=sshd_config.out ssh_config.out moduli.out -@@ -163,6 +165,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss +@@ -166,6 +169,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) @@ -2025,17 +2044,18 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) -@@ -267,6 +272,9 @@ install-files: +@@ -270,6 +276,10 @@ install-files: fi $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) + if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \ + $(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \ ++ $(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \ + fi $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 -@@ -286,6 +294,10 @@ install-files: +@@ -289,6 +299,10 @@ install-files: $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 @@ -2046,7 +2066,7 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in -rm -f $(DESTDIR)$(bindir)/slogin ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 -@@ -322,6 +334,13 @@ install-sysconf: +@@ -325,6 +339,13 @@ install-sysconf: else \ echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \ fi @@ -2060,7 +2080,7 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in host-key: ssh-keygen$(EXEEXT) @if [ -z "$(DESTDIR)" ] ; then \ -@@ -385,6 +404,7 @@ uninstall: +@@ -396,6 +417,7 @@ uninstall: -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 @@ -2068,9 +2088,9 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 tests interop-tests: $(TARGETS) -diff -up openssh-5.6p1/openssh-lpk-openldap.schema.ldap openssh-5.6p1/openssh-lpk-openldap.schema ---- openssh-5.6p1/openssh-lpk-openldap.schema.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/openssh-lpk-openldap.schema 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/openssh-lpk-openldap.schema.ldap openssh-5.8p1/openssh-lpk-openldap.schema +--- openssh-5.8p1/openssh-lpk-openldap.schema.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/openssh-lpk-openldap.schema 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,21 @@ +# +# LDAP Public Key Patch schema for use with openssh-ldappubkey @@ -2093,9 +2113,9 @@ diff -up openssh-5.6p1/openssh-lpk-openldap.schema.ldap openssh-5.6p1/openssh-lp + DESC 'MANDATORY: OpenSSH LPK objectclass' + MUST ( sshPublicKey $ uid ) + ) -diff -up openssh-5.6p1/openssh-lpk-sun.schema.ldap openssh-5.6p1/openssh-lpk-sun.schema ---- openssh-5.6p1/openssh-lpk-sun.schema.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/openssh-lpk-sun.schema 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/openssh-lpk-sun.schema.ldap openssh-5.8p1/openssh-lpk-sun.schema +--- openssh-5.8p1/openssh-lpk-sun.schema.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/openssh-lpk-sun.schema 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,23 @@ +# +# LDAP Public Key Patch schema for use with openssh-ldappubkey @@ -2120,9 +2140,9 @@ diff -up openssh-5.6p1/openssh-lpk-sun.schema.ldap openssh-5.6p1/openssh-lpk-sun + DESC 'MANDATORY: OpenSSH LPK objectclass' + MUST ( sshPublicKey $ uid ) + ) -diff -up openssh-5.6p1/README.lpk.ldap openssh-5.6p1/README.lpk ---- openssh-5.6p1/README.lpk.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/README.lpk 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/README.lpk.ldap openssh-5.8p1/README.lpk +--- openssh-5.8p1/README.lpk.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/README.lpk 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,274 @@ +OpenSSH LDAP PUBLIC KEY PATCH +Copyright (c) 2003 Eric AUGE (eau(a)phear.org) @@ -2398,9 +2418,9 @@ diff -up openssh-5.6p1/README.lpk.ldap openssh-5.6p1/README.lpk +- CONTACT : + Jan F. Chadima <jchadima(a)redhat.com> + -diff -up openssh-5.6p1/ssh-ldap.conf.5.ldap openssh-5.6p1/ssh-ldap.conf.5 ---- openssh-5.6p1/ssh-ldap.conf.5.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/ssh-ldap.conf.5 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/ssh-ldap.conf.5.ldap openssh-5.8p1/ssh-ldap.conf.5 +--- openssh-5.8p1/ssh-ldap.conf.5.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/ssh-ldap.conf.5 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,373 @@ +.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $ +.\" @@ -2775,9 +2795,9 @@ diff -up openssh-5.6p1/ssh-ldap.conf.5.ldap openssh-5.6p1/ssh-ldap.conf.5 +OpenSSH 5.5 + PKA-LDAP . +.Sh AUTHORS +.An Jan F. Chadima Aq jchadima(a)redhat.com -diff -up openssh-5.6p1/ssh-ldap-helper.8.ldap openssh-5.6p1/ssh-ldap-helper.8 ---- openssh-5.6p1/ssh-ldap-helper.8.ldap 2010-10-20 09:21:04.000000000 +0200 -+++ openssh-5.6p1/ssh-ldap-helper.8 2010-10-20 09:21:04.000000000 +0200 +diff -up openssh-5.8p1/ssh-ldap-helper.8.ldap openssh-5.8p1/ssh-ldap-helper.8 +--- openssh-5.8p1/ssh-ldap-helper.8.ldap 2011-02-28 23:21:06.000000000 +0100 ++++ openssh-5.8p1/ssh-ldap-helper.8 2011-02-28 23:21:06.000000000 +0100 @@ -0,0 +1,78 @@ +.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $ +.\" @@ -2857,3 +2877,11 @@ diff -up openssh-5.6p1/ssh-ldap-helper.8.ldap openssh-5.6p1/ssh-ldap-helper.8 +OpenSSH 5.5 + PKA-LDAP . +.Sh AUTHORS +.An Jan F. Chadima Aq jchadima(a)redhat.com +diff -up openssh-5.8p1/ssh-ldap-wrapper.ldap openssh-5.8p1/ssh-ldap-wrapper +--- openssh-5.8p1/ssh-ldap-wrapper.ldap 2011-02-28 23:21:07.000000000 +0100 ++++ openssh-5.8p1/ssh-ldap-wrapper 2011-02-28 23:21:07.000000000 +0100 +@@ -0,0 +1,4 @@ ++#!/bin/sh ++ ++exec /usr/libexec/openssh/ssh-ldap-helper -s "$1" ++ diff --git a/openssh-5.8p1-ldap2.patch b/openssh-5.8p1-ldap2.patch index 416c93e..e69de29 100644 --- a/openssh-5.8p1-ldap2.patch +++ b/openssh-5.8p1-ldap2.patch @@ -1,57 +0,0 @@ -diff -up openssh-5.8p1/HOWTO.ldap-keys.ldap2 openssh-5.8p1/HOWTO.ldap-keys ---- openssh-5.8p1/HOWTO.ldap-keys.ldap2 2011-02-25 11:48:59.000000000 +0100 -+++ openssh-5.8p1/HOWTO.ldap-keys 2011-02-25 11:48:59.000000000 +0100 -@@ -0,0 +1,14 @@ -+ -+1) configure LDAP server -+2) add appropriate schema -+3) insert users into LDAP -+4) on the ssh side set in sshd_config -+AuthorizedKeysCommand /usr/libexec/openssh/ssh-ldap-wrapper -+AuthorizedKeysCommandRunAs <appropriate user to run LDAP> -+5) do not forget to set -+PubkeyAuthentication yes -+ -+ -+To debug the ssh-ldap-helper is possible to set -+the necessary flags in the ssh-ldap-wrapper. -+ -diff -up openssh-5.8p1/ldap-helper.c.ldap2 openssh-5.8p1/ldap-helper.c ---- openssh-5.8p1/ldap-helper.c.ldap2 2011-02-25 11:48:59.000000000 +0100 -+++ openssh-5.8p1/ldap-helper.c 2011-02-25 11:48:59.000000000 +0100 -@@ -51,7 +51,7 @@ usage(void) - fprintf(stderr, " -f file Use alternate config file (default is /etc/ssh/ldap.conf).\n"); - fprintf(stderr, " -s user Do not demonize, send the user's key to stdout.\n"); - fprintf(stderr, " -v Increase verbosity of the debug output (implies -d).\n"); -- fprintf(stderr, " -w Warn on unknown commands int the config file.\n"); -+ fprintf(stderr, " -w Warn on unknown commands in the config file.\n"); - exit(1); - } - -diff -up openssh-5.8p1/Makefile.in.ldap2 openssh-5.8p1/Makefile.in ---- openssh-5.8p1/Makefile.in.ldap2 2011-02-25 11:48:59.000000000 +0100 -+++ openssh-5.8p1/Makefile.in 2011-02-25 11:55:59.000000000 +0100 -@@ -27,6 +27,7 @@ SFTP_SERVER=$(libexecdir)/sftp-server - SSH_KEYSIGN=$(libexecdir)/ssh-keysign - SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper - SSH_LDAP_HELPER=$(libexecdir)/ssh-ldap-helper -+SSH_LDAP_WRAPPER=$(libexecdir)/ssh-ldap-wrapper - RAND_HELPER=$(libexecdir)/ssh-rand-helper - PRIVSEP_PATH=@PRIVSEP_PATH@ - SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ -@@ -277,6 +278,7 @@ install-files: - $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) - if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \ - $(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \ -+ $(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \ - fi - $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) - $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) -diff -up openssh-5.8p1/ssh-ldap-wrapper.ldap2 openssh-5.8p1/ssh-ldap-wrapper ---- openssh-5.8p1/ssh-ldap-wrapper.ldap2 2011-02-25 11:48:59.000000000 +0100 -+++ openssh-5.8p1/ssh-ldap-wrapper 2011-02-25 11:48:59.000000000 +0100 -@@ -0,0 +1,4 @@ -+#!/bin/sh -+ -+exec /usr/libexec/openssh/ssh-ldap-helper -s "$1" -+ diff --git a/openssh.spec b/openssh.spec index 03c5f8f..a328322 100644 --- a/openssh.spec +++ b/openssh.spec @@ -71,7 +71,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.8p1 -%define openssh_rel 11 +%define openssh_rel 12 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 30 @@ -152,6 +152,7 @@ Patch56: openssh-5.2p1-edns.patch Patch57: openssh-5.1p1-scp-manpage.patch #? Patch58: openssh-5.8p1-keycat.patch +Patch158: openssh-5.8p1-keycat2.patch #http://www.sxw.org.uk/computing/patches/openssh.html Patch60: openssh-5.8p1-gsskex.patch #? @@ -347,6 +348,7 @@ popd %patch56 -p1 -b .edns %patch57 -p1 -b .manpage %patch58 -p1 -b .keycat +%patch158 -p1 -b .keycat2 %patch60 -p1 -b .gsskex %patch61 -p1 -b .canohost @@ -641,6 +643,9 @@ fi %endif %changelog +* Tue Mar 1 2011 Jan F. Chadima <jchadima(a)redhat.com> - 5.8p1-12 + 0.9.2-30 +- improove ssk-keycat + * Mon Feb 28 2011 Jan F. Chadima <jchadima(a)redhat.com> - 5.8p1-11 + 0.9.2-30 - add ssk-keycat

1 0

File ncmpc-0.18.tar.bz2 uploaded to lookaside cache by awjb
by Andreas Bierfert 28 Feb '11

28 Feb '11

A file has been added to the lookaside cache for ncmpc: 9f07e8289b710c7c41b3c80ba73fed76 ncmpc-0.18.tar.bz2

1 0

[mutter/f15/master] Build against libcanberra
by Matthias Clasen 28 Feb '11

28 Feb '11

commit b9d915793eee735e8a9a3463d3cdec4aad79d0c7 Author: Matthias Clasen <mclasen(a)redhat.com> Date: Tue Mar 1 00:33:18 2011 -0500 Build against libcanberra mutter.spec | 6 +++++- 1 files changed, 5 insertions(+), 1 deletions(-) --- diff --git a/mutter.spec b/mutter.spec index 87c07cd..aa8b550 100644 --- a/mutter.spec +++ b/mutter.spec @@ -1,6 +1,6 @@ Name: mutter Version: 2.91.90 -Release: 1%{?dist} +Release: 2%{?dist} Summary: Window and compositing manager based on Clutter Group: User Interface/Desktops @@ -28,6 +28,7 @@ BuildRequires: gnome-doc-utils BuildRequires: desktop-file-utils # Bootstrap requirements BuildRequires: gtk-doc gnome-common intltool +BuildRequires: libcanberra-devel Requires: control-center-filesystem Requires: startup-notification @@ -142,6 +143,9 @@ gconftool-2 --makefile-install-rule \ %doc %{_mandir}/man1/mutter-window-demo.1.gz %changelog +* Tue Mar 1 2011 Matthias Clasen <mclasen(a)redhat.com> - 2.91.90-2 +- Build against libcanberra, to enable AccessX feedback features + * Tue Feb 22 2011 Matthias Clasen <mclasen(a)redhat.com> - 2.91.90-1 - Update to 2.91.90

1 0

[tweepy/f13/master] Imported tweepy-1.7.1 to f13
by Ratnadeep Debnath 28 Feb '11

28 Feb '11

commit b67964d4a3608926d9345465956e02434b802e36 Author: Ratnadeep Debnath <rtnpro(a)gmail.com> Date: Tue Mar 1 09:57:17 2011 +0530 Imported tweepy-1.7.1 to f13 .gitignore | 1 + MIT_LICENSE | 20 ++++++++++++++++++++ sources | 1 + tweepy.spec | 43 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 65 insertions(+), 0 deletions(-) --- diff --git a/.gitignore b/.gitignore index e69de29..c8ef283 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/tweepy-1.7.1.tar.gz diff --git a/MIT_LICENSE b/MIT_LICENSE new file mode 100644 index 0000000..8a91f2c --- /dev/null +++ b/MIT_LICENSE @@ -0,0 +1,20 @@ +MIT License +Copyright (c) 2009-2010 Joshua Roesslein + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/sources b/sources index e69de29..c660ca7 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +57905b4e6fd8ec52a22be37ee6ffcc31 tweepy-1.7.1.tar.gz diff --git a/tweepy.spec b/tweepy.spec new file mode 100644 index 0000000..7d954ae --- /dev/null +++ b/tweepy.spec @@ -0,0 +1,43 @@ +Name: tweepy +Version: 1.7.1 +Release: 3%{?dist} +Summary: Twitter library for python +Source0: http://pypi.python.org/packages/source/t/%{name}/%{name}-%{version}.tar.gz +Source1: MIT_LICENSE +License: MIT +Group: Development/Libraries +URL: http://pypi.python.org/pypi/tweepy/ +BuildArch: noarch +BuildRequires: python-devel +BuildRequires: python-setuptools python-simplejson +Requires: python-simplejson + +%description +A library for accessing the Twitter.com API. Supports OAuth, covers the +entire API, and streaming API. + +%prep +%setup -q -n %{name}-%{version} +cp -p %SOURCE1 ./LICENSE + +%build +CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build + +%install +%{__python} setup.py install -O1 --skip-build --root $RPM_BUILD_ROOT + +%files +%defattr(-,root,root,-) +%doc README LICENSE +%{python_sitelib}/%{name} +%{python_sitelib}/%{name}-*.egg-info + +%changelog +* Mon Feb 21 2011 rtnpro <rtnpro(a)gmail.com> 1.7.1-3 +- Added LICENSE, removed unnecessary macros + +* Sat Feb 05 2011 rtnpro <rtnpro(a)gmail.com> 1.7.1-2 +- Some fixes in the SPEC file + +* Fri Feb 04 2011 rtnpro <rtnpro(a)gmail.com> 1.7.1-1 +- Intial RPM package for tweepy

1 0

[tweepy/f14/master] Imported tweepy-1.7.1 to f14
by Ratnadeep Debnath 28 Feb '11

28 Feb '11

commit 720e39a061c0ffe669386c0452452eb0b73319ab Author: Ratnadeep Debnath <rtnpro(a)gmail.com> Date: Tue Mar 1 09:55:32 2011 +0530 Imported tweepy-1.7.1 to f14 .gitignore | 1 + sources | 1 + 2 files changed, 2 insertions(+), 0 deletions(-) --- diff --git a/.gitignore b/.gitignore index e69de29..c8ef283 100644 --- a/.gitignore +++ b/.gitignore @@ -0,0 +1 @@ +/tweepy-1.7.1.tar.gz diff --git a/sources b/sources index e69de29..c660ca7 100644 --- a/sources +++ b/sources @@ -0,0 +1 @@ +57905b4e6fd8ec52a22be37ee6ffcc31 tweepy-1.7.1.tar.gz

1 0

[tweepy/f14/master] initializing git for tweepy in f14
by Ratnadeep Debnath 28 Feb '11

28 Feb '11

commit 763e8b8b63afe17f040a2617bcaab222a5b86531 Author: Ratnadeep Debnath <rtnpro(a)gmail.com> Date: Tue Mar 1 09:45:04 2011 +0530 initializing git for tweepy in f14 MIT_LICENSE | 20 ++++++++++++++++++++ tweepy.spec | 43 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 63 insertions(+), 0 deletions(-) --- diff --git a/MIT_LICENSE b/MIT_LICENSE new file mode 100644 index 0000000..8a91f2c --- /dev/null +++ b/MIT_LICENSE @@ -0,0 +1,20 @@ +MIT License +Copyright (c) 2009-2010 Joshua Roesslein + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in +all copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN +THE SOFTWARE. diff --git a/tweepy.spec b/tweepy.spec new file mode 100644 index 0000000..7d954ae --- /dev/null +++ b/tweepy.spec @@ -0,0 +1,43 @@ +Name: tweepy +Version: 1.7.1 +Release: 3%{?dist} +Summary: Twitter library for python +Source0: http://pypi.python.org/packages/source/t/%{name}/%{name}-%{version}.tar.gz +Source1: MIT_LICENSE +License: MIT +Group: Development/Libraries +URL: http://pypi.python.org/pypi/tweepy/ +BuildArch: noarch +BuildRequires: python-devel +BuildRequires: python-setuptools python-simplejson +Requires: python-simplejson + +%description +A library for accessing the Twitter.com API. Supports OAuth, covers the +entire API, and streaming API. + +%prep +%setup -q -n %{name}-%{version} +cp -p %SOURCE1 ./LICENSE + +%build +CFLAGS="$RPM_OPT_FLAGS" %{__python} setup.py build + +%install +%{__python} setup.py install -O1 --skip-build --root $RPM_BUILD_ROOT + +%files +%defattr(-,root,root,-) +%doc README LICENSE +%{python_sitelib}/%{name} +%{python_sitelib}/%{name}-*.egg-info + +%changelog +* Mon Feb 21 2011 rtnpro <rtnpro(a)gmail.com> 1.7.1-3 +- Added LICENSE, removed unnecessary macros + +* Sat Feb 05 2011 rtnpro <rtnpro(a)gmail.com> 1.7.1-2 +- Some fixes in the SPEC file + +* Fri Feb 04 2011 rtnpro <rtnpro(a)gmail.com> 1.7.1-1 +- Intial RPM package for tweepy

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

scm-commits March 2011