[openssh] Coverity first pass
Jan F. Chadima
jfch2222 at fedoraproject.org
Thu Sep 8 22:55:46 UTC 2011
commit 3b545be5d7d969f9b75fc89d9170b519a2630ce4
Author: Jan F. Chadima <jfch at fukusima15.jagda.eu>
Date: Fri Sep 9 00:54:28 2011 +0200
Coverity first pass
openssh-5.9p1-coverity.patch | 698 ++++++++++++++++++++++++++++++++++++++++++
openssh-5.9p1-fips.patch | 86 +++---
openssh-5.9p1-gsskex.patch | 4 +-
openssh-5.9p1-ldap.patch | 4 +-
openssh.spec | 27 +-
5 files changed, 762 insertions(+), 57 deletions(-)
---
diff --git a/openssh-5.9p1-coverity.patch b/openssh-5.9p1-coverity.patch
new file mode 100644
index 0000000..5b1a4d3
--- /dev/null
+++ b/openssh-5.9p1-coverity.patch
@@ -0,0 +1,698 @@
+diff -up openssh-5.9p1/auth-pam.c.coverity openssh-5.9p1/auth-pam.c
+--- openssh-5.9p1/auth-pam.c.coverity 2009-07-12 14:07:21.000000000 +0200
++++ openssh-5.9p1/auth-pam.c 2011-09-08 14:13:59.596485750 +0200
+@@ -216,7 +216,7 @@ pthread_join(sp_pthread_t thread, void *
+ if (sshpam_thread_status != -1)
+ return (sshpam_thread_status);
+ signal(SIGCHLD, sshpam_oldsig);
+- waitpid(thread, &status, 0);
++ (void) waitpid(thread, &status, 0);
+ return (status);
+ }
+ #endif
+diff -up openssh-5.9p1/channels.c.coverity openssh-5.9p1/channels.c
+--- openssh-5.9p1/channels.c.coverity 2011-06-23 00:31:57.000000000 +0200
++++ openssh-5.9p1/channels.c 2011-09-08 14:13:59.724564062 +0200
+@@ -229,11 +229,11 @@ channel_register_fds(Channel *c, int rfd
+ channel_max_fd = MAX(channel_max_fd, wfd);
+ channel_max_fd = MAX(channel_max_fd, efd);
+
+- if (rfd != -1)
++ if (rfd >= 0)
+ fcntl(rfd, F_SETFD, FD_CLOEXEC);
+- if (wfd != -1 && wfd != rfd)
++ if (wfd >= 0 && wfd != rfd)
+ fcntl(wfd, F_SETFD, FD_CLOEXEC);
+- if (efd != -1 && efd != rfd && efd != wfd)
++ if (efd >= 0 && efd != rfd && efd != wfd)
+ fcntl(efd, F_SETFD, FD_CLOEXEC);
+
+ c->rfd = rfd;
+@@ -248,11 +248,11 @@ channel_register_fds(Channel *c, int rfd
+
+ /* enable nonblocking mode */
+ if (nonblock) {
+- if (rfd != -1)
++ if (rfd >= 0)
+ set_nonblock(rfd);
+- if (wfd != -1)
++ if (wfd >= 0)
+ set_nonblock(wfd);
+- if (efd != -1)
++ if (efd >= 0)
+ set_nonblock(efd);
+ }
+ }
+diff -up openssh-5.9p1/clientloop.c.coverity openssh-5.9p1/clientloop.c
+--- openssh-5.9p1/clientloop.c.coverity 2011-06-23 00:31:58.000000000 +0200
++++ openssh-5.9p1/clientloop.c 2011-09-08 14:13:59.829450205 +0200
+@@ -1970,6 +1970,7 @@ client_input_global_request(int type, u_
+ char *rtype;
+ int want_reply;
+ int success = 0;
++/* success is still 0 the packet is allways SSH2_MSG_REQUEST_FAILURE, isn't it? */
+
+ rtype = packet_get_string(NULL);
+ want_reply = packet_get_char();
+diff -up openssh-5.9p1/key.c.coverity openssh-5.9p1/key.c
+--- openssh-5.9p1/key.c.coverity 2011-05-20 11:03:08.000000000 +0200
++++ openssh-5.9p1/key.c 2011-09-08 14:13:59.959563856 +0200
+@@ -803,8 +803,10 @@ key_read(Key *ret, char **cpp)
+ success = 1;
+ /*XXXX*/
+ key_free(k);
++/*XXXX
+ if (success != 1)
+ break;
++XXXX*/
+ /* advance cp: skip whitespace and data */
+ while (*cp == ' ' || *cp == '\t')
+ cp++;
+diff -up openssh-5.9p1/packet.c.coverity openssh-5.9p1/packet.c
+--- openssh-5.9p1/packet.c.coverity 2011-05-15 00:58:15.000000000 +0200
++++ openssh-5.9p1/packet.c 2011-09-08 14:14:00.075501777 +0200
+@@ -1177,6 +1177,7 @@ packet_read_poll1(void)
+ case DEATTACK_DETECTED:
+ packet_disconnect("crc32 compensation attack: "
+ "network attack detected");
++ break;
+ case DEATTACK_DOS_DETECTED:
+ packet_disconnect("deattack denial of "
+ "service detected");
+@@ -1684,7 +1685,7 @@ void
+ packet_write_wait(void)
+ {
+ fd_set *setp;
+- int ret, ms_remain;
++ int ret, ms_remain = 0;
+ struct timeval start, timeout, *timeoutp = NULL;
+
+ setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1,
+diff -up openssh-5.9p1/progressmeter.c.coverity openssh-5.9p1/progressmeter.c
+--- openssh-5.9p1/progressmeter.c.coverity 2006-08-05 04:39:40.000000000 +0200
++++ openssh-5.9p1/progressmeter.c 2011-09-08 14:14:00.186620217 +0200
+@@ -65,7 +65,7 @@ static void update_progress_meter(int);
+
+ static time_t start; /* start progress */
+ static time_t last_update; /* last progress update */
+-static char *file; /* name of the file being transferred */
++static const char *file; /* name of the file being transferred */
+ static off_t end_pos; /* ending position of transfer */
+ static off_t cur_pos; /* transfer position as of last refresh */
+ static volatile off_t *counter; /* progress counter */
+@@ -247,7 +247,7 @@ update_progress_meter(int ignore)
+ }
+
+ void
+-start_progress_meter(char *f, off_t filesize, off_t *ctr)
++start_progress_meter(const char *f, off_t filesize, off_t *ctr)
+ {
+ start = last_update = time(NULL);
+ file = f;
+diff -up openssh-5.9p1/progressmeter.h.coverity openssh-5.9p1/progressmeter.h
+--- openssh-5.9p1/progressmeter.h.coverity 2006-03-26 05:30:02.000000000 +0200
++++ openssh-5.9p1/progressmeter.h 2011-09-08 14:14:00.299626834 +0200
+@@ -23,5 +23,5 @@
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+-void start_progress_meter(char *, off_t, off_t *);
++void start_progress_meter(const char *, off_t, off_t *);
+ void stop_progress_meter(void);
+diff -up openssh-5.9p1/scp.c.coverity openssh-5.9p1/scp.c
+--- openssh-5.9p1/scp.c.coverity 2011-01-06 12:41:21.000000000 +0100
++++ openssh-5.9p1/scp.c 2011-09-08 14:14:00.404502349 +0200
+@@ -155,7 +155,7 @@ killchild(int signo)
+ {
+ if (do_cmd_pid > 1) {
+ kill(do_cmd_pid, signo ? signo : SIGTERM);
+- waitpid(do_cmd_pid, NULL, 0);
++ (void) waitpid(do_cmd_pid, NULL, 0);
+ }
+
+ if (signo)
+diff -up openssh-5.9p1/serverloop.c.coverity openssh-5.9p1/serverloop.c
+--- openssh-5.9p1/serverloop.c.coverity 2011-05-20 11:02:50.000000000 +0200
++++ openssh-5.9p1/serverloop.c 2011-09-08 14:14:00.516501505 +0200
+@@ -147,13 +147,13 @@ notify_setup(void)
+ static void
+ notify_parent(void)
+ {
+- if (notify_pipe[1] != -1)
++ if (notify_pipe[1] >= 0)
+ write(notify_pipe[1], "", 1);
+ }
+ static void
+ notify_prepare(fd_set *readset)
+ {
+- if (notify_pipe[0] != -1)
++ if (notify_pipe[0] >= 0)
+ FD_SET(notify_pipe[0], readset);
+ }
+ static void
+@@ -161,8 +161,8 @@ notify_done(fd_set *readset)
+ {
+ char c;
+
+- if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset))
+- while (read(notify_pipe[0], &c, 1) != -1)
++ if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset))
++ while (read(notify_pipe[0], &c, 1) >= 0)
+ debug2("notify_done: reading");
+ }
+
+@@ -330,7 +330,7 @@ wait_until_can_do_something(fd_set **rea
+ * If we have buffered data, try to write some of that data
+ * to the program.
+ */
+- if (fdin != -1 && buffer_len(&stdin_buffer) > 0)
++ if (fdin >= 0 && buffer_len(&stdin_buffer) > 0)
+ FD_SET(fdin, *writesetp);
+ }
+ notify_prepare(*readsetp);
+@@ -470,7 +470,7 @@ process_output(fd_set *writeset)
+ int len;
+
+ /* Write buffered data to program stdin. */
+- if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) {
++ if (!compat20 && fdin >= 0 && FD_ISSET(fdin, writeset)) {
+ data = buffer_ptr(&stdin_buffer);
+ dlen = buffer_len(&stdin_buffer);
+ len = write(fdin, data, dlen);
+@@ -583,7 +583,7 @@ server_loop(pid_t pid, int fdin_arg, int
+ set_nonblock(fdin);
+ set_nonblock(fdout);
+ /* we don't have stderr for interactive terminal sessions, see below */
+- if (fderr != -1)
++ if (fderr >= 0)
+ set_nonblock(fderr);
+
+ if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin))
+@@ -607,7 +607,7 @@ server_loop(pid_t pid, int fdin_arg, int
+ max_fd = MAX(connection_in, connection_out);
+ max_fd = MAX(max_fd, fdin);
+ max_fd = MAX(max_fd, fdout);
+- if (fderr != -1)
++ if (fderr >= 0)
+ max_fd = MAX(max_fd, fderr);
+ #endif
+
+@@ -637,7 +637,7 @@ server_loop(pid_t pid, int fdin_arg, int
+ * If we have received eof, and there is no more pending
+ * input data, cause a real eof by closing fdin.
+ */
+- if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) {
++ if (stdin_eof && fdin >= 0 && buffer_len(&stdin_buffer) == 0) {
+ if (fdin != fdout)
+ close(fdin);
+ else
+@@ -735,15 +735,15 @@ server_loop(pid_t pid, int fdin_arg, int
+ buffer_free(&stderr_buffer);
+
+ /* Close the file descriptors. */
+- if (fdout != -1)
++ if (fdout >= 0)
+ close(fdout);
+ fdout = -1;
+ fdout_eof = 1;
+- if (fderr != -1)
++ if (fderr >= 0)
+ close(fderr);
+ fderr = -1;
+ fderr_eof = 1;
+- if (fdin != -1)
++ if (fdin >= 0)
+ close(fdin);
+ fdin = -1;
+
+@@ -937,7 +937,7 @@ server_input_window_size(int type, u_int
+
+ debug("Window change received.");
+ packet_check_eom();
+- if (fdin != -1)
++ if (fdin >= 0)
+ pty_change_window_size(fdin, row, col, xpixel, ypixel);
+ }
+
+@@ -990,7 +990,7 @@ server_request_tun(void)
+ }
+
+ tun = packet_get_int();
+- if (forced_tun_device != -1) {
++ if (forced_tun_device >= 0) {
+ if (tun != SSH_TUNID_ANY && forced_tun_device != tun)
+ goto done;
+ tun = forced_tun_device;
+diff -up openssh-5.9p1/sftp-client.c.coverity openssh-5.9p1/sftp-client.c
+--- openssh-5.9p1/sftp-client.c.coverity 2010-12-04 23:02:48.000000000 +0100
++++ openssh-5.9p1/sftp-client.c 2011-09-08 14:14:00.640502358 +0200
+@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer *
+ }
+
+ static void
+-send_string_request(struct sftp_conn *conn, u_int id, u_int code, char *s,
++send_string_request(struct sftp_conn *conn, u_int id, u_int code, const char *s,
+ u_int len)
+ {
+ Buffer msg;
+@@ -165,7 +165,7 @@ send_string_request(struct sftp_conn *co
+
+ static void
+ send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code,
+- char *s, u_int len, Attrib *a)
++ const char *s, u_int len, Attrib *a)
+ {
+ Buffer msg;
+
+@@ -422,7 +422,7 @@ sftp_proto_version(struct sftp_conn *con
+ }
+
+ int
+-do_close(struct sftp_conn *conn, char *handle, u_int handle_len)
++do_close(struct sftp_conn *conn, const char *handle, u_int handle_len)
+ {
+ u_int id, status;
+ Buffer msg;
+@@ -447,7 +447,7 @@ do_close(struct sftp_conn *conn, char *h
+
+
+ static int
+-do_lsreaddir(struct sftp_conn *conn, char *path, int printflag,
++do_lsreaddir(struct sftp_conn *conn, const char *path, int printflag,
+ SFTP_DIRENT ***dir)
+ {
+ Buffer msg;
+@@ -571,7 +571,7 @@ do_lsreaddir(struct sftp_conn *conn, cha
+ }
+
+ int
+-do_readdir(struct sftp_conn *conn, char *path, SFTP_DIRENT ***dir)
++do_readdir(struct sftp_conn *conn, const char *path, SFTP_DIRENT ***dir)
+ {
+ return(do_lsreaddir(conn, path, 0, dir));
+ }
+@@ -589,7 +589,7 @@ void free_sftp_dirents(SFTP_DIRENT **s)
+ }
+
+ int
+-do_rm(struct sftp_conn *conn, char *path)
++do_rm(struct sftp_conn *conn, const char *path)
+ {
+ u_int status, id;
+
+@@ -604,7 +604,7 @@ do_rm(struct sftp_conn *conn, char *path
+ }
+
+ int
+-do_mkdir(struct sftp_conn *conn, char *path, Attrib *a, int printflag)
++do_mkdir(struct sftp_conn *conn, const char *path, Attrib *a, int printflag)
+ {
+ u_int status, id;
+
+@@ -620,7 +620,7 @@ do_mkdir(struct sftp_conn *conn, char *p
+ }
+
+ int
+-do_rmdir(struct sftp_conn *conn, char *path)
++do_rmdir(struct sftp_conn *conn, const char *path)
+ {
+ u_int status, id;
+
+@@ -636,7 +636,7 @@ do_rmdir(struct sftp_conn *conn, char *p
+ }
+
+ Attrib *
+-do_stat(struct sftp_conn *conn, char *path, int quiet)
++do_stat(struct sftp_conn *conn, const char *path, int quiet)
+ {
+ u_int id;
+
+@@ -650,7 +650,7 @@ do_stat(struct sftp_conn *conn, char *pa
+ }
+
+ Attrib *
+-do_lstat(struct sftp_conn *conn, char *path, int quiet)
++do_lstat(struct sftp_conn *conn, const char *path, int quiet)
+ {
+ u_int id;
+
+@@ -684,7 +684,7 @@ do_fstat(struct sftp_conn *conn, char *h
+ #endif
+
+ int
+-do_setstat(struct sftp_conn *conn, char *path, Attrib *a)
++do_setstat(struct sftp_conn *conn, const char *path, Attrib *a)
+ {
+ u_int status, id;
+
+@@ -701,7 +701,7 @@ do_setstat(struct sftp_conn *conn, char
+ }
+
+ int
+-do_fsetstat(struct sftp_conn *conn, char *handle, u_int handle_len,
++do_fsetstat(struct sftp_conn *conn, const char *handle, u_int handle_len,
+ Attrib *a)
+ {
+ u_int status, id;
+@@ -718,12 +718,12 @@ do_fsetstat(struct sftp_conn *conn, char
+ }
+
+ char *
+-do_realpath(struct sftp_conn *conn, char *path)
++do_realpath(struct sftp_conn *conn, const char *path)
+ {
+ Buffer msg;
+ u_int type, expected_id, count, id;
+ char *filename, *longname;
+- Attrib *a;
++/*UNUSED Attrib *a; */
+
+ expected_id = id = conn->msg_id++;
+ send_string_request(conn, id, SSH2_FXP_REALPATH, path,
+@@ -754,7 +754,7 @@ do_realpath(struct sftp_conn *conn, char
+
+ filename = buffer_get_string(&msg, NULL);
+ longname = buffer_get_string(&msg, NULL);
+- a = decode_attrib(&msg);
++ /*a =*/ (void) decode_attrib(&msg);
+
+ debug3("SSH_FXP_REALPATH %s -> %s", path, filename);
+
+@@ -766,7 +766,7 @@ do_realpath(struct sftp_conn *conn, char
+ }
+
+ int
+-do_rename(struct sftp_conn *conn, char *oldpath, char *newpath)
++do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath)
+ {
+ Buffer msg;
+ u_int status, id;
+@@ -800,7 +800,7 @@ do_rename(struct sftp_conn *conn, char *
+ }
+
+ int
+-do_hardlink(struct sftp_conn *conn, char *oldpath, char *newpath)
++do_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
+ {
+ Buffer msg;
+ u_int status, id;
+@@ -833,7 +833,7 @@ do_hardlink(struct sftp_conn *conn, char
+ }
+
+ int
+-do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath)
++do_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath)
+ {
+ Buffer msg;
+ u_int status, id;
+@@ -984,7 +984,7 @@ send_read_request(struct sftp_conn *conn
+ }
+
+ int
+-do_download(struct sftp_conn *conn, char *remote_path, char *local_path,
++do_download(struct sftp_conn *conn, const char *remote_path, const char *local_path,
+ Attrib *a, int pflag)
+ {
+ Attrib junk;
+@@ -1223,7 +1223,7 @@ do_download(struct sftp_conn *conn, char
+ }
+
+ static int
+-download_dir_internal(struct sftp_conn *conn, char *src, char *dst,
++download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
+ Attrib *dirattrib, int pflag, int printflag, int depth)
+ {
+ int i, ret = 0;
+@@ -1313,7 +1313,7 @@ download_dir_internal(struct sftp_conn *
+ }
+
+ int
+-download_dir(struct sftp_conn *conn, char *src, char *dst,
++download_dir(struct sftp_conn *conn, const char *src, const char *dst,
+ Attrib *dirattrib, int pflag, int printflag)
+ {
+ char *src_canon;
+@@ -1331,7 +1331,7 @@ download_dir(struct sftp_conn *conn, cha
+ }
+
+ int
+-do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
++do_upload(struct sftp_conn *conn, const char *local_path, const char *remote_path,
+ int pflag)
+ {
+ int local_fd;
+@@ -1514,7 +1514,7 @@ do_upload(struct sftp_conn *conn, char *
+ }
+
+ static int
+-upload_dir_internal(struct sftp_conn *conn, char *src, char *dst,
++upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst,
+ int pflag, int printflag, int depth)
+ {
+ int ret = 0, status;
+@@ -1605,7 +1605,7 @@ upload_dir_internal(struct sftp_conn *co
+ }
+
+ int
+-upload_dir(struct sftp_conn *conn, char *src, char *dst, int printflag,
++upload_dir(struct sftp_conn *conn, const char *src, const char *dst, int printflag,
+ int pflag)
+ {
+ char *dst_canon;
+@@ -1622,7 +1622,7 @@ upload_dir(struct sftp_conn *conn, char
+ }
+
+ char *
+-path_append(char *p1, char *p2)
++path_append(const char *p1, const char *p2)
+ {
+ char *ret;
+ size_t len = strlen(p1) + strlen(p2) + 2;
+diff -up openssh-5.9p1/sftp-client.h.coverity openssh-5.9p1/sftp-client.h
+--- openssh-5.9p1/sftp-client.h.coverity 2010-12-04 23:02:48.000000000 +0100
++++ openssh-5.9p1/sftp-client.h 2011-09-08 14:14:00.750502818 +0200
+@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in
+ u_int sftp_proto_version(struct sftp_conn *);
+
+ /* Close file referred to by 'handle' */
+-int do_close(struct sftp_conn *, char *, u_int);
++int do_close(struct sftp_conn *, const char *, u_int);
+
+ /* Read contents of 'path' to NULL-terminated array 'dir' */
+-int do_readdir(struct sftp_conn *, char *, SFTP_DIRENT ***);
++int do_readdir(struct sftp_conn *, const char *, SFTP_DIRENT ***);
+
+ /* Frees a NULL-terminated array of SFTP_DIRENTs (eg. from do_readdir) */
+ void free_sftp_dirents(SFTP_DIRENT **);
+
+ /* Delete file 'path' */
+-int do_rm(struct sftp_conn *, char *);
++int do_rm(struct sftp_conn *, const char *);
+
+ /* Create directory 'path' */
+-int do_mkdir(struct sftp_conn *, char *, Attrib *, int);
++int do_mkdir(struct sftp_conn *, const char *, Attrib *, int);
+
+ /* Remove directory 'path' */
+-int do_rmdir(struct sftp_conn *, char *);
++int do_rmdir(struct sftp_conn *, const char *);
+
+ /* Get file attributes of 'path' (follows symlinks) */
+-Attrib *do_stat(struct sftp_conn *, char *, int);
++Attrib *do_stat(struct sftp_conn *, const char *, int);
+
+ /* Get file attributes of 'path' (does not follow symlinks) */
+-Attrib *do_lstat(struct sftp_conn *, char *, int);
++Attrib *do_lstat(struct sftp_conn *, const char *, int);
+
+ /* Set file attributes of 'path' */
+-int do_setstat(struct sftp_conn *, char *, Attrib *);
++int do_setstat(struct sftp_conn *, const char *, Attrib *);
+
+ /* Set file attributes of open file 'handle' */
+-int do_fsetstat(struct sftp_conn *, char *, u_int, Attrib *);
++int do_fsetstat(struct sftp_conn *, const char *, u_int, Attrib *);
+
+ /* Canonicalise 'path' - caller must free result */
+-char *do_realpath(struct sftp_conn *, char *);
++char *do_realpath(struct sftp_conn *, const char *);
+
+ /* Get statistics for filesystem hosting file at "path" */
+ int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int);
+
+ /* Rename 'oldpath' to 'newpath' */
+-int do_rename(struct sftp_conn *, char *, char *);
++int do_rename(struct sftp_conn *, const char *, const char *);
+
+ /* Link 'oldpath' to 'newpath' */
+-int do_hardlink(struct sftp_conn *, char *, char *);
++int do_hardlink(struct sftp_conn *, const char *, const char *);
+
+-/* Rename 'oldpath' to 'newpath' */
+-int do_symlink(struct sftp_conn *, char *, char *);
++/* Symlink 'oldpath' to 'newpath' */
++int do_symlink(struct sftp_conn *, const char *, const char *);
+
+ /* XXX: add callbacks to do_download/do_upload so we can do progress meter */
+
+@@ -106,27 +106,27 @@ int do_symlink(struct sftp_conn *, char
+ * Download 'remote_path' to 'local_path'. Preserve permissions and times
+ * if 'pflag' is set
+ */
+-int do_download(struct sftp_conn *, char *, char *, Attrib *, int);
++int do_download(struct sftp_conn *, const char *, const char *, Attrib *, int);
+
+ /*
+ * Recursively download 'remote_directory' to 'local_directory'. Preserve
+ * times if 'pflag' is set
+ */
+-int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int);
++int download_dir(struct sftp_conn *, const char *, const char *, Attrib *, int, int);
+
+ /*
+ * Upload 'local_path' to 'remote_path'. Preserve permissions and times
+ * if 'pflag' is set
+ */
+-int do_upload(struct sftp_conn *, char *, char *, int);
++int do_upload(struct sftp_conn *, const char *, const char *, int);
+
+ /*
+ * Recursively upload 'local_directory' to 'remote_directory'. Preserve
+ * times if 'pflag' is set
+ */
+-int upload_dir(struct sftp_conn *, char *, char *, int, int);
++int upload_dir(struct sftp_conn *, const char *, const char *, int, int);
+
+ /* Concatenate paths, taking care of slashes. Caller must free result. */
+-char *path_append(char *, char *);
++char *path_append(const char *, const char *);
+
+ #endif
+diff -up openssh-5.9p1/sftp.c.coverity openssh-5.9p1/sftp.c
+--- openssh-5.9p1/sftp.c.coverity 2010-12-04 23:02:48.000000000 +0100
++++ openssh-5.9p1/sftp.c 2011-09-08 14:25:08.647440423 +0200
+@@ -316,7 +316,7 @@ local_do_ls(const char *args)
+
+ /* Strip one path (usually the pwd) from the start of another */
+ static char *
+-path_strip(char *path, char *strip)
++path_strip(const char *path, const char *strip)
+ {
+ size_t len;
+
+@@ -334,7 +334,7 @@ path_strip(char *path, char *strip)
+ }
+
+ static char *
+-make_absolute(char *p, char *pwd)
++make_absolute(char *p, const char *pwd)
+ {
+ char *abs_str;
+
+@@ -482,7 +482,7 @@ parse_df_flags(const char *cmd, char **a
+ }
+
+ static int
+-is_dir(char *path)
++is_dir(const char *path)
+ {
+ struct stat sb;
+
+@@ -494,7 +494,7 @@ is_dir(char *path)
+ }
+
+ static int
+-remote_is_dir(struct sftp_conn *conn, char *path)
++remote_is_dir(struct sftp_conn *conn, const char *path)
+ {
+ Attrib *a;
+
+@@ -508,7 +508,7 @@ remote_is_dir(struct sftp_conn *conn, ch
+
+ /* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
+ static int
+-pathname_is_dir(char *pathname)
++pathname_is_dir(const char *pathname)
+ {
+ size_t l = strlen(pathname);
+
+@@ -516,7 +516,7 @@ pathname_is_dir(char *pathname)
+ }
+
+ static int
+-process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd,
++process_get(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd,
+ int pflag, int rflag)
+ {
+ char *abs_src = NULL;
+@@ -590,7 +590,7 @@ out:
+ }
+
+ static int
+-process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
++process_put(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd,
+ int pflag, int rflag)
+ {
+ char *tmp_dst = NULL;
+@@ -695,7 +695,7 @@ sdirent_comp(const void *aa, const void
+
+ /* sftp ls.1 replacement for directories */
+ static int
+-do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
++do_ls_dir(struct sftp_conn *conn, const char *path, const char *strip_path, int lflag)
+ {
+ int n;
+ u_int c = 1, colspace = 0, columns = 1;
+@@ -780,10 +780,10 @@ do_ls_dir(struct sftp_conn *conn, char *
+
+ /* sftp ls.1 replacement which handles path globs */
+ static int
+-do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
++do_globbed_ls(struct sftp_conn *conn, const char *path, const char *strip_path,
+ int lflag)
+ {
+- Attrib *a = NULL;
++/*UNUSED Attrib *a = NULL;*/
+ char *fname, *lname;
+ glob_t g;
+ int err;
+@@ -828,7 +828,7 @@ do_globbed_ls(struct sftp_conn *conn, ch
+ colspace = width / columns;
+ }
+
+- for (i = 0; g.gl_pathv[i] && !interrupted; i++, a = NULL) {
++ for (i = 0; g.gl_pathv[i] && !interrupted; i++/*, a = NULL*/) {
+ fname = path_strip(g.gl_pathv[i], strip_path);
+ if (lflag & LS_LONG_VIEW) {
+ if (g.gl_statv[i] == NULL) {
+@@ -861,7 +861,7 @@ do_globbed_ls(struct sftp_conn *conn, ch
+ }
+
+ static int
+-do_df(struct sftp_conn *conn, char *path, int hflag, int iflag)
++do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag)
+ {
+ struct sftp_statvfs st;
+ char s_used[FMT_SCALED_STRSIZE];
+diff -up openssh-5.9p1/sshd.c.coverity openssh-5.9p1/sshd.c
+--- openssh-5.9p1/sshd.c.coverity 2011-06-23 11:45:51.000000000 +0200
++++ openssh-5.9p1/sshd.c 2011-09-08 14:14:01.018565321 +0200
+@@ -1302,6 +1302,9 @@ server_accept_loop(int *sock_in, int *so
+ if (num_listen_socks < 0)
+ break;
+ }
++
++ if (fdset != NULL)
++ xfree(fdset);
+ }
+
+
+@@ -1774,7 +1777,7 @@ main(int ac, char **av)
+
+ /* Chdir to the root directory so that the current disk can be
+ unmounted if desired. */
+- chdir("/");
++ (void) chdir("/");
+
+ /* ignore SIGPIPE */
+ signal(SIGPIPE, SIG_IGN);
diff --git a/openssh-5.9p1-fips.patch b/openssh-5.9p1-fips.patch
index 3c069d2..c783f6a 100644
--- a/openssh-5.9p1-fips.patch
+++ b/openssh-5.9p1-fips.patch
@@ -1,6 +1,6 @@
-diff -up openssh-5.9p0/Makefile.in.fips openssh-5.9p0/Makefile.in
---- openssh-5.9p0/Makefile.in.fips 2011-08-31 13:16:25.548087929 +0200
-+++ openssh-5.9p0/Makefile.in 2011-08-31 13:17:42.820212398 +0200
+diff -up openssh-5.9p1/Makefile.in.fips openssh-5.9p1/Makefile.in
+--- openssh-5.9p1/Makefile.in.fips 2011-09-08 14:51:55.788515769 +0200
++++ openssh-5.9p1/Makefile.in 2011-09-08 14:51:58.390439672 +0200
@@ -142,25 +142,25 @@ libssh.a: $(LIBSSH_OBJS)
$(RANLIB) $@
@@ -42,9 +42,9 @@ diff -up openssh-5.9p0/Makefile.in.fips openssh-5.9p0/Makefile.in
sftp-server$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-common.o sftp-server.o sftp-server-main.o
$(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
-diff -up openssh-5.9p0/authfile.c.fips openssh-5.9p0/authfile.c
---- openssh-5.9p0/authfile.c.fips 2011-08-31 13:16:26.896087056 +0200
-+++ openssh-5.9p0/authfile.c 2011-08-31 13:16:28.586211616 +0200
+diff -up openssh-5.9p1/authfile.c.fips openssh-5.9p1/authfile.c
+--- openssh-5.9p1/authfile.c.fips 2011-09-08 14:51:57.076455523 +0200
++++ openssh-5.9p1/authfile.c 2011-09-08 14:51:58.485565698 +0200
@@ -148,8 +148,14 @@ key_private_rsa1_to_blob(Key *key, Buffe
/* Allocate space for the private part of the key in the buffer. */
cp = buffer_append_space(&encrypted, buffer_len(&buffer));
@@ -78,9 +78,9 @@ diff -up openssh-5.9p0/authfile.c.fips openssh-5.9p0/authfile.c
cipher_crypt(&ciphercontext, cp,
buffer_ptr(©), buffer_len(©));
cipher_cleanup(&ciphercontext);
-diff -up openssh-5.9p0/cipher-ctr.c.fips openssh-5.9p0/cipher-ctr.c
---- openssh-5.9p0/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200
-+++ openssh-5.9p0/cipher-ctr.c 2011-08-31 13:16:28.690026009 +0200
+diff -up openssh-5.9p1/cipher-ctr.c.fips openssh-5.9p1/cipher-ctr.c
+--- openssh-5.9p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200
++++ openssh-5.9p1/cipher-ctr.c 2011-09-08 14:51:58.593563819 +0200
@@ -140,7 +140,8 @@ evp_aes_128_ctr(void)
aes_ctr.do_cipher = ssh_aes_ctr;
#ifndef SSH_OLD_EVP
@@ -91,9 +91,9 @@ diff -up openssh-5.9p0/cipher-ctr.c.fips openssh-5.9p0/cipher-ctr.c
#endif
return (&aes_ctr);
}
-diff -up openssh-5.9p0/cipher.c.fips openssh-5.9p0/cipher.c
---- openssh-5.9p0/cipher.c.fips 2011-08-31 13:16:14.685087304 +0200
-+++ openssh-5.9p0/cipher.c 2011-08-31 13:16:28.815092896 +0200
+diff -up openssh-5.9p1/cipher.c.fips openssh-5.9p1/cipher.c
+--- openssh-5.9p1/cipher.c.fips 2011-09-08 14:51:44.592501867 +0200
++++ openssh-5.9p1/cipher.c 2011-09-08 14:51:58.700440064 +0200
@@ -40,6 +40,7 @@
#include <sys/types.h>
@@ -178,9 +178,9 @@ diff -up openssh-5.9p0/cipher.c.fips openssh-5.9p0/cipher.c
}
/*
-diff -up openssh-5.9p0/cipher.h.fips openssh-5.9p0/cipher.h
---- openssh-5.9p0/cipher.h.fips 2011-08-31 13:16:14.816212495 +0200
-+++ openssh-5.9p0/cipher.h 2011-08-31 13:16:28.939073884 +0200
+diff -up openssh-5.9p1/cipher.h.fips openssh-5.9p1/cipher.h
+--- openssh-5.9p1/cipher.h.fips 2011-09-08 14:51:44.697501719 +0200
++++ openssh-5.9p1/cipher.h 2011-09-08 14:51:58.800502283 +0200
@@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe
const u_char *, u_int, int);
void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int);
@@ -190,9 +190,9 @@ diff -up openssh-5.9p0/cipher.h.fips openssh-5.9p0/cipher.h
u_int cipher_blocksize(const Cipher *);
u_int cipher_keylen(const Cipher *);
u_int cipher_is_cbc(const Cipher *);
-diff -up openssh-5.9p0/key.c.fips openssh-5.9p0/key.c
---- openssh-5.9p0/key.c.fips 2011-08-31 13:16:18.179212858 +0200
-+++ openssh-5.9p0/key.c 2011-08-31 13:16:29.069031653 +0200
+diff -up openssh-5.9p1/key.c.fips openssh-5.9p1/key.c
+--- openssh-5.9p1/key.c.fips 2011-09-08 14:51:49.002451595 +0200
++++ openssh-5.9p1/key.c 2011-09-08 14:51:58.908501542 +0200
@@ -40,6 +40,7 @@
#include <sys/types.h>
@@ -218,9 +218,9 @@ diff -up openssh-5.9p0/key.c.fips openssh-5.9p0/key.c
rv_defined = 1;
}
return rv;
-diff -up openssh-5.9p0/mac.c.fips openssh-5.9p0/mac.c
---- openssh-5.9p0/mac.c.fips 2011-08-31 13:16:16.521087343 +0200
-+++ openssh-5.9p0/mac.c 2011-08-31 13:16:29.171039694 +0200
+diff -up openssh-5.9p1/mac.c.fips openssh-5.9p1/mac.c
+--- openssh-5.9p1/mac.c.fips 2011-09-08 14:51:46.755466816 +0200
++++ openssh-5.9p1/mac.c 2011-09-08 14:51:59.029600712 +0200
@@ -28,6 +28,7 @@
#include <sys/types.h>
@@ -270,9 +270,9 @@ diff -up openssh-5.9p0/mac.c.fips openssh-5.9p0/mac.c
for (i = 0; macs[i].name; i++) {
if (strcmp(name, macs[i].name) == 0) {
-diff -up openssh-5.9p0/myproposal.h.fips openssh-5.9p0/myproposal.h
---- openssh-5.9p0/myproposal.h.fips 2011-08-17 02:29:03.000000000 +0200
-+++ openssh-5.9p0/myproposal.h 2011-08-31 13:16:29.301087416 +0200
+diff -up openssh-5.9p1/myproposal.h.fips openssh-5.9p1/myproposal.h
+--- openssh-5.9p1/myproposal.h.fips 2011-08-17 02:29:03.000000000 +0200
++++ openssh-5.9p1/myproposal.h 2011-09-08 14:51:59.150503573 +0200
@@ -97,6 +97,12 @@
#define KEX_DEFAULT_COMP "none,zlib at openssh.com,zlib"
#define KEX_DEFAULT_LANG ""
@@ -286,9 +286,9 @@ diff -up openssh-5.9p0/myproposal.h.fips openssh-5.9p0/myproposal.h
static char *myproposal[PROPOSAL_MAX] = {
KEX_DEFAULT_KEX,
-diff -up openssh-5.9p0/openbsd-compat/bsd-arc4random.c.fips openssh-5.9p0/openbsd-compat/bsd-arc4random.c
---- openssh-5.9p0/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100
-+++ openssh-5.9p0/openbsd-compat/bsd-arc4random.c 2011-08-31 13:16:29.741086847 +0200
+diff -up openssh-5.9p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.9p1/openbsd-compat/bsd-arc4random.c
+--- openssh-5.9p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100
++++ openssh-5.9p1/openbsd-compat/bsd-arc4random.c 2011-09-08 14:51:59.262439903 +0200
@@ -37,25 +37,18 @@
#define REKEY_BYTES (1 << 24)
@@ -344,9 +344,9 @@ diff -up openssh-5.9p0/openbsd-compat/bsd-arc4random.c.fips openssh-5.9p0/openbs
}
#endif /* !HAVE_ARC4RANDOM */
-diff -up openssh-5.9p0/ssh.c.fips openssh-5.9p0/ssh.c
---- openssh-5.9p0/ssh.c.fips 2011-08-05 22:18:16.000000000 +0200
-+++ openssh-5.9p0/ssh.c 2011-08-31 13:16:29.852212356 +0200
+diff -up openssh-5.9p1/ssh.c.fips openssh-5.9p1/ssh.c
+--- openssh-5.9p1/ssh.c.fips 2011-08-05 22:18:16.000000000 +0200
++++ openssh-5.9p1/ssh.c 2011-09-08 14:51:59.369485419 +0200
@@ -73,6 +73,8 @@
#include <openssl/evp.h>
@@ -409,9 +409,9 @@ diff -up openssh-5.9p0/ssh.c.fips openssh-5.9p0/ssh.c
/* Open a connection to the remote host. */
if (ssh_connect(host, &hostaddr, options.port,
options.address_family, options.connection_attempts, &timeout_ms,
-diff -up openssh-5.9p0/sshconnect2.c.fips openssh-5.9p0/sshconnect2.c
---- openssh-5.9p0/sshconnect2.c.fips 2011-08-31 13:16:09.532024846 +0200
-+++ openssh-5.9p0/sshconnect2.c 2011-08-31 13:16:29.959087217 +0200
+diff -up openssh-5.9p1/sshconnect2.c.fips openssh-5.9p1/sshconnect2.c
+--- openssh-5.9p1/sshconnect2.c.fips 2011-09-08 14:51:38.333470704 +0200
++++ openssh-5.9p1/sshconnect2.c 2011-09-08 14:51:59.474500288 +0200
@@ -44,6 +44,8 @@
#include <vis.h>
#endif
@@ -444,9 +444,9 @@ diff -up openssh-5.9p0/sshconnect2.c.fips openssh-5.9p0/sshconnect2.c
if (options.hostkeyalgorithms != NULL)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] =
options.hostkeyalgorithms;
-diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
---- openssh-5.9p0/sshd.c.fips 2011-08-31 13:16:22.525057137 +0200
-+++ openssh-5.9p0/sshd.c 2011-08-31 13:16:30.078212687 +0200
+diff -up openssh-5.9p1/sshd.c.fips openssh-5.9p1/sshd.c
+--- openssh-5.9p1/sshd.c.fips 2011-09-08 14:51:52.866451334 +0200
++++ openssh-5.9p1/sshd.c 2011-09-08 14:57:01.982447369 +0200
@@ -76,6 +76,8 @@
#include <openssl/bn.h>
#include <openssl/md5.h>
@@ -456,7 +456,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
#include "openbsd-compat/openssl-compat.h"
#ifdef HAVE_SECUREWARE
-@@ -1388,6 +1390,11 @@ main(int ac, char **av)
+@@ -1391,6 +1393,11 @@ main(int ac, char **av)
#endif
__progname = ssh_get_progname(av[0]);
@@ -468,7 +468,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
/* Save argv. Duplicate so setproctitle emulation doesn't clobber it */
saved_argc = ac;
rexec_argc = ac;
-@@ -1547,8 +1554,6 @@ main(int ac, char **av)
+@@ -1550,8 +1557,6 @@ main(int ac, char **av)
else
closefrom(REEXEC_DEVCRYPTO_RESERVED_FD);
@@ -477,7 +477,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
/*
* Force logging to stderr until we have loaded the private host
* key (unless started from inetd)
-@@ -1666,6 +1671,10 @@ main(int ac, char **av)
+@@ -1669,6 +1674,10 @@ main(int ac, char **av)
debug("private host key: #%d type %d %s", i, key->type,
key_type(key));
}
@@ -488,7 +488,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) {
logit("Disabling protocol version 1. Could not load host key");
options.protocol &= ~SSH_PROTO_1;
-@@ -1830,6 +1839,10 @@ main(int ac, char **av)
+@@ -1833,6 +1842,10 @@ main(int ac, char **av)
/* Initialize the random number generator. */
arc4random_stir();
@@ -498,8 +498,8 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
+
/* Chdir to the root directory so that the current disk can be
unmounted if desired. */
- chdir("/");
-@@ -2372,6 +2385,9 @@ do_ssh2_kex(void)
+ (void) chdir("/");
+@@ -2375,6 +2388,9 @@ do_ssh2_kex(void)
if (options.ciphers != NULL) {
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers;
@@ -509,7 +509,7 @@ diff -up openssh-5.9p0/sshd.c.fips openssh-5.9p0/sshd.c
}
myproposal[PROPOSAL_ENC_ALGS_CTOS] =
compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]);
-@@ -2381,6 +2397,9 @@ do_ssh2_kex(void)
+@@ -2384,6 +2400,9 @@ do_ssh2_kex(void)
if (options.macs != NULL) {
myproposal[PROPOSAL_MAC_ALGS_CTOS] =
myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs;
diff --git a/openssh-5.9p1-gsskex.patch b/openssh-5.9p1-gsskex.patch
index 1cf6bb7..c7ac7e2 100644
--- a/openssh-5.9p1-gsskex.patch
+++ b/openssh-5.9p1-gsskex.patch
@@ -1454,7 +1454,7 @@ diff -up openssh-5.9p0/kexgssc.c.gsskex openssh-5.9p0/kexgssc.c
+ klen = DH_size(dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_server_pub, dh);
-+ if (kout < 0)
++ if ((int)kout < 0)
+ fatal("DH_compute_key: failed");
+
+ shared_secret = BN_new();
@@ -1738,7 +1738,7 @@ diff -up openssh-5.9p0/kexgsss.c.gsskex openssh-5.9p0/kexgsss.c
+ klen = DH_size(dh);
+ kbuf = xmalloc(klen);
+ kout = DH_compute_key(kbuf, dh_client_pub, dh);
-+ if (kout < 0)
++ if ((int)kout < 0)
+ fatal("DH_compute_key: failed");
+
+ shared_secret = BN_new();
diff --git a/openssh-5.9p1-ldap.patch b/openssh-5.9p1-ldap.patch
index e6bc256..10f303e 100644
--- a/openssh-5.9p1-ldap.patch
+++ b/openssh-5.9p1-ldap.patch
@@ -473,7 +473,7 @@ diff -up openssh-5.9p0/ldap-helper.c.ldap openssh-5.9p0/ldap-helper.c
+}
+
+/* Ugly hack */
-+void *buffer_get_string(Buffer *b, u_int *l) {}
++void *buffer_get_string(Buffer *b, u_int *l) { return NULL; }
+void buffer_put_string(Buffer *b, const void *f, u_int l) {}
+
diff -up openssh-5.9p0/ldap-helper.h.ldap openssh-5.9p0/ldap-helper.h
@@ -776,7 +776,7 @@ diff -up openssh-5.9p0/ldapbody.c.ldap openssh-5.9p0/ldapbody.c
+ ber_set_option (NULL, LBER_OPT_DEBUG_LEVEL, &options.debug);
+#endif /* LBER_OPT_DEBUG_LEVEL */
+#ifdef LDAP_OPT_DEBUG_LEVEL
-+ ldap_set_option (NULL, LDAP_OPT_DEBUG_LEVEL, &options.debug);
++ (void) ldap_set_option (NULL, LDAP_OPT_DEBUG_LEVEL, &options.debug);
+#endif /* LDAP_OPT_DEBUG_LEVEL */
+ debug3 ("Set LDAP debug to %d", options.debug);
+ }
diff --git a/openssh.spec b/openssh.spec
index acb22a8..98d9e82 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -79,7 +79,7 @@
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
%define openssh_ver 5.9p1
-%define openssh_rel 1
+%define openssh_rel 2
%define pam_ssh_agent_ver 0.9.2
%define pam_ssh_agent_rel 32
@@ -111,14 +111,16 @@ Source13: sshd-keygen
# Internal debug
Patch0: openssh-5.8p1-wIm.patch
+#?
+Patch100: openssh-5.9p1-coverity.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1872
-Patch100: openssh-5.8p1-fingerprint.patch
+Patch101: openssh-5.8p1-fingerprint.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1894
-Patch101: openssh-5.8p1-getaddrinfo.patch
+Patch102: openssh-5.8p1-getaddrinfo.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1889
-Patch102: openssh-5.8p1-packet.patch
-#?
-Patch103: openssh-5.9p1-2auth.patch
+Patch103: openssh-5.8p1-packet.patch
+#https://bugzilla.mindrot.org/show_bug.cgi?id=983
+Patch104: openssh-5.9p1-2auth.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1402
Patch200: openssh-5.8p1-audit0.patch
@@ -384,10 +386,11 @@ The module is most useful for su and sudo service stacks.
#Do not enable by default
###%patch0 -p1 -b .wIm
-%patch100 -p1 -b .fingerprint
-%patch101 -p1 -b .getaddrinfo
-%patch102 -p1 -b .packet
-%patch103 -p1 -b .2auth
+%patch100 -p1 -b .coverity
+%patch101 -p1 -b .fingerprint
+%patch102 -p1 -b .getaddrinfo
+%patch103 -p1 -b .packet
+%patch104 -p1 -b .2auth
%patch200 -p1 -b .audit0
%patch201 -p1 -b .audit1
@@ -415,6 +418,7 @@ popd
%if %{ldap}
%patch501 -p1 -b .ldap
%endif
+
%patch502 -p1 -b .keycat
%patch600 -p1 -b .keygen
@@ -781,6 +785,9 @@ fi
%endif
%changelog
+* Thu Sep 8 2011 Jan F. Chadima <jchadima at redhat.com> - 5.9p1-2 + 0.9.2-32
+- Coverity first pass
+
* Wed Sep 7 2011 Jan F. Chadima <jchadima at redhat.com> - 5.9p1-1 + 0.9.2-32
- Rebase to 5.9p1
- Add chroot sftp patch
More information about the scm-commits
mailing list