[gsi-openssh/el6] Drop openssh-5.3p1-unblock-signals.patch - not needed with GT >= 5.2 Based on openssh-5.3p1-70.el6

Sun Jan 22 18:06:32 UTC 2012

commit 0e80382a5d3e8d0d0e0c68ea225e7e96147901e9
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date:   Sun Jan 22 18:39:56 2012 +0100

    Drop openssh-5.3p1-unblock-signals.patch - not needed with GT >= 5.2
    Based on openssh-5.3p1-70.el6

 gsi-openssh.spec                                   |   26 ++++--
 openssh-5.3p1-askpass-ld.patch                     |   18 ++++
 openssh-5.3p1-biguid.patch                         |    2 +-
 openssh-5.3p1-entropy.patch                        |   17 +++-
 openssh-5.3p1-gsissh.patch                         |    4 +-
 openssh-5.3p1-ipv6man.patch                        |   48 +++++++++++
 openssh-5.3p1-ldap.patch                           |   81 ++++++++++---------
 openssh-5.3p1-manerr.patch                         |   60 ++++++++++++++
 ....2p1-sesftp.patch => openssh-5.3p1-sesftp.patch |   35 ++++----
 openssh-5.3p1-sftp-chroot.patch                    |   83 ++++++++++++++++++--
 openssh-5.3p1-unblock-signals.patch                |   76 ------------------
 11 files changed, 294 insertions(+), 156 deletions(-)
---

diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index f01c52d..e4badf9 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -2,7 +2,11 @@
 # This gsissh specfile is based on the openssh specfile
 
 # Do we want SELinux & Audit
+%if 0%{?!noselinux:1}
 %global WITH_SELINUX 1
+%else
+%define WITH_SELINUX 0
+%endif
 
 # OpenSSH privilege separation requires a user & group ID
 %global sshd_uid    74
@@ -33,7 +37,7 @@
 Summary: An implementation of the SSH protocol with GSI authentication
 Name: gsi-openssh
 Version: 5.3p1
-Release: 3%{?dist}
+Release: 4%{?dist}
 Provides: gsissh = %{version}-%{release}
 Obsoletes: gsissh < 5.3p1-3
 URL: http://www.openssh.com/portable.html
@@ -55,7 +59,7 @@ Patch5: openssh-5.3p1-engine.patch
 Patch12: openssh-5.2p1-selinux.patch
 Patch13: openssh-5.3p1-mls.patch
 Patch18: openssh-5.0p1-pam_selinux.patch
-Patch19: openssh-5.2p1-sesftp.patch
+Patch19: openssh-5.3p1-sesftp.patch
 Patch22: openssh-3.9p1-askpass-keep-above.patch
 Patch24: openssh-4.3p1-fromto-remote.patch
 Patch27: openssh-5.1p1-log-in-chroot.patch
@@ -88,15 +92,14 @@ Patch86: openssh-5.3p1-keycat.patch
 Patch87: openssh-5.3p1-sftp-chroot.patch
 Patch88: openssh-5.3p1-entropy.patch
 Patch89: openssh-5.3p1-multiple-sighup.patch
+Patch90: openssh-5.3p1-ipv6man.patch
+Patch91: openssh-5.3p1-manerr.patch
+Patch92: openssh-5.3p1-askpass-ld.patch
 
 # This is the patch that adds GSI support
 # Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-5.3p1.patch
 Patch98: openssh-5.3p1-gsissh.patch
 
-# The gsissh server has problems with blocked signals in threaded globus libs
-# This patch from OSG resolves these problems
-Patch99: openssh-5.3p1-unblock-signals.patch
-
 License: BSD
 Group: Applications/Internet
 BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -122,8 +125,10 @@ BuildRequires: krb5-devel
 %endif
 
 %if %{gsi}
-BuildRequires: globus-gss-assist-devel
-BuildRequires: globus-usage-devel
+BuildRequires: globus-gss-assist-devel >= 8
+BuildRequires: globus-gssapi-gsi >= 10
+BuildRequires: globus-common >=	 14
+BuildRequires: globus-usage-devel >= 3
 %endif
 
 %if %{libedit}
@@ -241,7 +246,6 @@ This version of OpenSSH has been modified to support GSI authentication.
 %patch88 -p1 -b .entropy
 %patch89 -p1 -b .multiple-sighhup
 %patch98 -p1 -b .gsi
-%patch99 -p1 -b .signals
 
 sed 's/sshd.pid/gsisshd.pid/' -i pathnames.h
 sed 's!$(piddir)/sshd.pid!$(piddir)/gsisshd.pid!' -i Makefile.in
@@ -444,6 +448,10 @@ fi
 %attr(0640,root,root) %config(noreplace) /etc/sysconfig/gsisshd
 
 %changelog
+* Sun Jan 22 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.3p1-4
+- Drop openssh-5.3p1-unblock-signals.patch - not needed with GT >= 5.2
+- Based on openssh-5.3p1-70.el6
+
 * Thu Oct 06 2011 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.3p1-3
 - Change package name gsissh → gsi-openssh
 - Based on openssh-5.3p1-52.el6_1.2
diff --git a/openssh-5.3p1-askpass-ld.patch b/openssh-5.3p1-askpass-ld.patch
new file mode 100644
index 0000000..8d4e01a
--- /dev/null
+++ b/openssh-5.3p1-askpass-ld.patch
@@ -0,0 +1,18 @@
+diff -up openssh-5.3p1/contrib/Makefile.askpass-ld openssh-5.3p1/contrib/Makefile
+--- openssh-5.3p1/contrib/Makefile.askpass-ld	2002-09-30 02:44:40.000000000 +0200
++++ openssh-5.3p1/contrib/Makefile	2011-08-22 12:15:17.637420293 +0200
+@@ -2,12 +2,12 @@ all:
+ 	@echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2"
+ 
+ gnome-ssh-askpass1: gnome-ssh-askpass1.c
+-	$(CC) `gnome-config --cflags gnome gnomeui` \
++	$(CC) ${CFLAGS} `gnome-config --cflags gnome gnomeui` \
+ 		gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \
+ 		`gnome-config --libs gnome gnomeui`
+ 
+ gnome-ssh-askpass2: gnome-ssh-askpass2.c
+-	$(CC) `pkg-config --cflags gtk+-2.0` \
++	$(CC) ${CFLAGS} `pkg-config --cflags gtk+-2.0` \
+ 		gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \
+ 		`pkg-config --libs gtk+-2.0`
+ 
diff --git a/openssh-5.3p1-biguid.patch b/openssh-5.3p1-biguid.patch
index 5892008..dc545e4 100644
--- a/openssh-5.3p1-biguid.patch
+++ b/openssh-5.3p1-biguid.patch
@@ -52,7 +52,7 @@ diff -up openssh-5.6p1/loginrec.c.biguid openssh-5.6p1/loginrec.c
  	if (S_ISREG(st.st_mode)) {
  		/* find this uid's offset in the lastlog file */
 -		offset = (off_t) ((long)li->uid * sizeof(struct lastlog));
-+		offset = (off_t) ((u_long)li->uid * sizeof(struct lastlog));
++		offset = (off_t) ((unsigned long long)li->uid * sizeof(struct lastlog));
  
  		if (lseek(*fd, offset, SEEK_SET) != offset) {
  			logit("%s: %s->lseek(): %s", __func__,
diff --git a/openssh-5.3p1-entropy.patch b/openssh-5.3p1-entropy.patch
index c3d52d6..214702f 100644
--- a/openssh-5.3p1-entropy.patch
+++ b/openssh-5.3p1-entropy.patch
@@ -89,10 +89,12 @@ diff -up openssh-5.3p1/openbsd-compat/port-linux-prng.c.entropy openssh-5.3p1/op
 diff -up openssh-5.3p1/ssh.1.entropy openssh-5.3p1/ssh.1
 --- openssh-5.3p1/ssh.1.entropy	2009-06-21 09:48:52.000000000 +0200
 +++ openssh-5.3p1/ssh.1	2011-05-28 01:28:30.341858350 +0200
-@@ -1252,6 +1252,20 @@ For more information, see the
+@@ -1252,6 +1252,23 @@ For more information, see the
  .Cm PermitUserEnvironment
  option in
  .Xr sshd_config 5 .
++.Sh ENVIRONMENT
++.Bl -tag -width Ds -compact
 +.It Ev SSH_USE_STRONG_RNG
 +The reseeding of the OpenSSL random generator is usually done from
 +.Cm /dev/urandom .
@@ -107,6 +109,7 @@ diff -up openssh-5.3p1/ssh.1.entropy openssh-5.3p1/ssh.1
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
++.El
  .Sh FILES
  .Bl -tag -width Ds -compact
  .It ~/.rhosts
@@ -137,7 +140,7 @@ diff -up openssh-5.3p1/ssh-add.1.entropy openssh-5.3p1/ssh-add.1
 diff -up openssh-5.3p1/ssh-agent.1.entropy openssh-5.3p1/ssh-agent.1
 --- openssh-5.3p1/ssh-agent.1.entropy	2009-06-21 09:52:28.000000000 +0200
 +++ openssh-5.3p1/ssh-agent.1	2011-05-28 01:28:30.592856618 +0200
-@@ -191,6 +191,23 @@ authentication agent.
+@@ -191,6 +191,24 @@ authentication agent.
  These sockets should only be readable by the owner.
  The sockets should get automatically removed when the agent exits.
  .El
@@ -158,13 +161,14 @@ diff -up openssh-5.3p1/ssh-agent.1.entropy openssh-5.3p1/ssh-agent.1
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
++.El
  .Sh SEE ALSO
  .Xr ssh 1 ,
  .Xr ssh-add 1 ,
 diff -up openssh-5.3p1/sshd.8.entropy openssh-5.3p1/sshd.8
 --- openssh-5.3p1/sshd.8.entropy	2009-06-21 09:52:28.000000000 +0200
 +++ openssh-5.3p1/sshd.8	2011-05-28 01:28:30.716858123 +0200
-@@ -863,6 +863,23 @@ concurrently for different ports, this c
+@@ -863,6 +863,24 @@ concurrently for different ports, this c
  started last).
  The content of this file is not sensitive; it can be world-readable.
  .El
@@ -185,13 +189,14 @@ diff -up openssh-5.3p1/sshd.8.entropy openssh-5.3p1/sshd.8
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
++.El
  .Sh SEE ALSO
  .Xr scp 1 ,
  .Xr sftp 1 ,
 diff -up openssh-5.3p1/ssh-keygen.1.entropy openssh-5.3p1/ssh-keygen.1
 --- openssh-5.3p1/ssh-keygen.1.entropy	2011-05-28 01:28:08.141857715 +0200
 +++ openssh-5.3p1/ssh-keygen.1	2011-05-28 01:28:30.843857051 +0200
-@@ -452,6 +452,23 @@ Contains Diffie-Hellman groups used for 
+@@ -452,6 +452,24 @@ Contains Diffie-Hellman groups used for 
  The file format is described in
  .Xr moduli 5 .
  .El
@@ -212,13 +217,14 @@ diff -up openssh-5.3p1/ssh-keygen.1.entropy openssh-5.3p1/ssh-keygen.1
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
++.El
  .Sh SEE ALSO
  .Xr ssh 1 ,
  .Xr ssh-add 1 ,
 diff -up openssh-5.3p1/ssh-keysign.8.entropy openssh-5.3p1/ssh-keysign.8
 --- openssh-5.3p1/ssh-keysign.8.entropy	2007-06-05 10:27:13.000000000 +0200
 +++ openssh-5.3p1/ssh-keysign.8	2011-05-28 01:28:30.954857427 +0200
-@@ -69,6 +69,23 @@ Since they are readable only by root,
+@@ -69,6 +69,24 @@ Since they are readable only by root,
  .Nm
  must be set-uid root if host-based authentication is used.
  .El
@@ -239,6 +245,7 @@ diff -up openssh-5.3p1/ssh-keysign.8.entropy openssh-5.3p1/ssh-keysign.8
 +This setting is not recommended on the computers without the hardware
 +random generator because insufficient entropy causes the connection to 
 +be blocked until enough entropy is available.
++.El
  .Sh SEE ALSO
  .Xr ssh 1 ,
  .Xr ssh-keygen 1 ,
diff --git a/openssh-5.3p1-gsissh.patch b/openssh-5.3p1-gsissh.patch
index d63bd2a..298fe8c 100644
--- a/openssh-5.3p1-gsissh.patch
+++ b/openssh-5.3p1-gsissh.patch
@@ -601,8 +601,8 @@ diff -Nur openssh-5.3p1.orig/configure.ac openssh-5.3p1/configure.ac
 +		GSSAPI="GSI"
 +	fi
 +
-+	LIBS="$LIBS `pkg-config --libs globus-gss-assist`"
-+	CPPFLAGS="$CPPFLAGS `pkg-config --cflags globus-gss-assist`"
++	LIBS="$LIBS `pkg-config --libs globus-gss-assist globus-gssapi-gsi globus-common`"
++	CPPFLAGS="$CPPFLAGS `pkg-config --cflags globus-gss-assist globus-gssapi-gsi globus-common`"
 +
 +	AC_DEFINE(GSSAPI)
 +	AC_DEFINE(HAVE_GSSAPI_H)
diff --git a/openssh-5.3p1-ipv6man.patch b/openssh-5.3p1-ipv6man.patch
new file mode 100644
index 0000000..62b9fec
--- /dev/null
+++ b/openssh-5.3p1-ipv6man.patch
@@ -0,0 +1,48 @@
+diff -up openssh-5.3p1/scp.1.ipv6man openssh-5.3p1/scp.1
+--- openssh-5.3p1/scp.1.ipv6man	2011-09-07 10:57:07.674442095 +0200
++++ openssh-5.3p1/scp.1	2011-09-07 11:01:01.693446719 +0200
+@@ -219,6 +219,8 @@ debugging connection, authentication, an
+ .El
+ .Pp
+ .Ex -std scp
++.Sh IPV6
++IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
+ .Sh SEE ALSO
+ .Xr rcp 1 ,
+ .Xr sftp 1 ,
+diff -up openssh-5.3p1/sftp.1.ipv6man openssh-5.3p1/sftp.1
+--- openssh-5.3p1/sftp.1.ipv6man	2011-09-07 11:05:24.720458419 +0200
++++ openssh-5.3p1/sftp.1	2011-09-07 11:08:23.002567843 +0200
+@@ -450,6 +450,8 @@ Escape to local shell.
+ .It Ic \&?
+ Synonym for help.
+ .El
++.Sh IPV6
++IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
+ .Sh SEE ALSO
+ .Xr ftp 1 ,
+ .Xr ls 1 ,
+diff -up openssh-5.3p1/ssh.1.ipv6man openssh-5.3p1/ssh.1
+--- openssh-5.3p1/ssh.1.ipv6man	2011-09-07 10:55:13.803453440 +0200
++++ openssh-5.3p1/ssh.1	2011-09-07 10:55:15.645549247 +0200
+@@ -1406,6 +1406,8 @@ See the
+ .Xr sshd 8
+ manual page for more information.
+ .El
++.Sh IPV6
++IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
+ .Sh SEE ALSO
+ .Xr scp 1 ,
+ .Xr sftp 1 ,
+diff -up openssh-5.3p1/sshd.8.ipv6man openssh-5.3p1/sshd.8
+--- openssh-5.3p1/sshd.8.ipv6man	2011-09-07 10:55:14.611444938 +0200
++++ openssh-5.3p1/sshd.8	2011-09-07 10:55:15.813502969 +0200
+@@ -881,6 +881,8 @@ This setting is not recommended on the c
+ random generator because insufficient entropy causes the connection to 
+ be blocked until enough entropy is available.
+ .El
++.Sh IPV6
++IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell.
+ .Sh SEE ALSO
+ .Xr scp 1 ,
+ .Xr sftp 1 ,
diff --git a/openssh-5.3p1-ldap.patch b/openssh-5.3p1-ldap.patch
index 316909b..ec836cd 100644
--- a/openssh-5.3p1-ldap.patch
+++ b/openssh-5.3p1-ldap.patch
@@ -1,6 +1,6 @@
 diff -up openssh-5.3p1/configure.ac.ldap openssh-5.3p1/configure.ac
---- openssh-5.3p1/configure.ac.ldap	2011-03-10 22:39:33.204854859 +0100
-+++ openssh-5.3p1/configure.ac	2011-03-10 22:39:34.913980413 +0100
+--- openssh-5.3p1/configure.ac.ldap	2011-05-28 09:22:48.143856747 +0200
++++ openssh-5.3p1/configure.ac	2011-05-28 09:22:52.868860720 +0200
 @@ -1363,6 +1363,109 @@ AC_ARG_WITH(authorized-keys-command,
  	]
  )
@@ -112,8 +112,8 @@ diff -up openssh-5.3p1/configure.ac.ldap openssh-5.3p1/configure.ac
  AC_CHECK_FUNCS( \
  	arc4random \
 diff -up openssh-5.3p1/HOWTO.ldap-keys.ldap openssh-5.3p1/HOWTO.ldap-keys
---- openssh-5.3p1/HOWTO.ldap-keys.ldap	2011-03-10 22:39:34.940854648 +0100
-+++ openssh-5.3p1/HOWTO.ldap-keys	2011-03-10 22:39:34.952854376 +0100
+--- openssh-5.3p1/HOWTO.ldap-keys.ldap	2011-05-28 09:22:52.967865560 +0200
++++ openssh-5.3p1/HOWTO.ldap-keys	2011-05-28 09:22:52.973858316 +0200
 @@ -0,0 +1,108 @@
 +
 +HOW TO START
@@ -224,8 +224,8 @@ diff -up openssh-5.3p1/HOWTO.ldap-keys.ldap openssh-5.3p1/HOWTO.ldap-keys
 +    Jan F. Chadima <jchadima at redhat.com>
 +
 diff -up openssh-5.3p1/ldapbody.c.ldap openssh-5.3p1/ldapbody.c
---- openssh-5.3p1/ldapbody.c.ldap	2011-03-10 22:39:34.982980062 +0100
-+++ openssh-5.3p1/ldapbody.c	2011-03-10 22:39:34.995855141 +0100
+--- openssh-5.3p1/ldapbody.c.ldap	2011-05-28 09:22:53.037865268 +0200
++++ openssh-5.3p1/ldapbody.c	2011-05-28 09:22:53.043861843 +0200
 @@ -0,0 +1,494 @@
 +/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -722,8 +722,8 @@ diff -up openssh-5.3p1/ldapbody.c.ldap openssh-5.3p1/ldapbody.c
 +}
 +
 diff -up openssh-5.3p1/ldapbody.h.ldap openssh-5.3p1/ldapbody.h
---- openssh-5.3p1/ldapbody.h.ldap	2011-03-10 22:39:35.008854699 +0100
-+++ openssh-5.3p1/ldapbody.h	2011-03-10 22:39:35.016854649 +0100
+--- openssh-5.3p1/ldapbody.h.ldap	2011-05-28 09:22:53.112919409 +0200
++++ openssh-5.3p1/ldapbody.h	2011-05-28 09:22:53.117924005 +0200
 @@ -0,0 +1,37 @@
 +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -763,8 +763,8 @@ diff -up openssh-5.3p1/ldapbody.h.ldap openssh-5.3p1/ldapbody.h
 +#endif /* LDAPBODY_H */
 +
 diff -up openssh-5.3p1/ldapconf.c.ldap openssh-5.3p1/ldapconf.c
---- openssh-5.3p1/ldapconf.c.ldap	2011-03-10 22:39:35.030979743 +0100
-+++ openssh-5.3p1/ldapconf.c	2011-03-10 22:39:35.039854544 +0100
+--- openssh-5.3p1/ldapconf.c.ldap	2011-05-28 09:22:53.182919207 +0200
++++ openssh-5.3p1/ldapconf.c	2011-05-28 09:22:53.189922758 +0200
 @@ -0,0 +1,682 @@
 +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -1449,8 +1449,8 @@ diff -up openssh-5.3p1/ldapconf.c.ldap openssh-5.3p1/ldapconf.c
 +}
 +
 diff -up openssh-5.3p1/ldapconf.h.ldap openssh-5.3p1/ldapconf.h
---- openssh-5.3p1/ldapconf.h.ldap	2011-03-10 22:39:35.055854552 +0100
-+++ openssh-5.3p1/ldapconf.h	2011-03-10 22:39:35.065855563 +0100
+--- openssh-5.3p1/ldapconf.h.ldap	2011-05-28 09:22:53.256919658 +0200
++++ openssh-5.3p1/ldapconf.h	2011-05-28 09:22:53.263919774 +0200
 @@ -0,0 +1,71 @@
 +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -1524,8 +1524,8 @@ diff -up openssh-5.3p1/ldapconf.h.ldap openssh-5.3p1/ldapconf.h
 +
 +#endif /* LDAPCONF_H */
 diff -up openssh-5.3p1/ldap.conf.ldap openssh-5.3p1/ldap.conf
---- openssh-5.3p1/ldap.conf.ldap	2011-03-10 22:39:35.079855199 +0100
-+++ openssh-5.3p1/ldap.conf	2011-03-10 22:39:35.087979869 +0100
+--- openssh-5.3p1/ldap.conf.ldap	2011-05-28 09:22:53.330862108 +0200
++++ openssh-5.3p1/ldap.conf	2011-05-28 09:22:53.337859759 +0200
 @@ -0,0 +1,88 @@
 +# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $
 +#
@@ -1616,8 +1616,8 @@ diff -up openssh-5.3p1/ldap.conf.ldap openssh-5.3p1/ldap.conf
 +#tls_key
 +
 diff -up openssh-5.3p1/ldap-helper.c.ldap openssh-5.3p1/ldap-helper.c
---- openssh-5.3p1/ldap-helper.c.ldap	2011-03-10 22:39:35.102854543 +0100
-+++ openssh-5.3p1/ldap-helper.c	2011-03-10 22:39:35.111854833 +0100
+--- openssh-5.3p1/ldap-helper.c.ldap	2011-05-28 09:22:53.406919574 +0200
++++ openssh-5.3p1/ldap-helper.c	2011-05-28 09:22:53.412919868 +0200
 @@ -0,0 +1,155 @@
 +/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -1775,8 +1775,8 @@ diff -up openssh-5.3p1/ldap-helper.c.ldap openssh-5.3p1/ldap-helper.c
 +void    buffer_put_string(Buffer *b, const void *f, u_int l) {}
 +
 diff -up openssh-5.3p1/ldap-helper.h.ldap openssh-5.3p1/ldap-helper.h
---- openssh-5.3p1/ldap-helper.h.ldap	2011-03-10 22:39:35.126854639 +0100
-+++ openssh-5.3p1/ldap-helper.h	2011-03-10 22:39:35.134854896 +0100
+--- openssh-5.3p1/ldap-helper.h.ldap	2011-05-28 09:22:53.487857455 +0200
++++ openssh-5.3p1/ldap-helper.h	2011-05-28 09:22:53.493862808 +0200
 @@ -0,0 +1,32 @@
 +/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -1811,8 +1811,8 @@ diff -up openssh-5.3p1/ldap-helper.h.ldap openssh-5.3p1/ldap-helper.h
 +
 +#endif /* LDAP_HELPER_H */
 diff -up openssh-5.3p1/ldapincludes.h.ldap openssh-5.3p1/ldapincludes.h
---- openssh-5.3p1/ldapincludes.h.ldap	2011-03-10 22:39:35.147854785 +0100
-+++ openssh-5.3p1/ldapincludes.h	2011-03-10 22:39:35.155979595 +0100
+--- openssh-5.3p1/ldapincludes.h.ldap	2011-05-28 09:22:53.565865885 +0200
++++ openssh-5.3p1/ldapincludes.h	2011-05-28 09:22:53.571920016 +0200
 @@ -0,0 +1,41 @@
 +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -1856,8 +1856,8 @@ diff -up openssh-5.3p1/ldapincludes.h.ldap openssh-5.3p1/ldapincludes.h
 +
 +#endif /* LDAPINCLUDES_H */
 diff -up openssh-5.3p1/ldapmisc.c.ldap openssh-5.3p1/ldapmisc.c
---- openssh-5.3p1/ldapmisc.c.ldap	2011-03-10 22:39:35.169854892 +0100
-+++ openssh-5.3p1/ldapmisc.c	2011-03-10 22:39:35.177981004 +0100
+--- openssh-5.3p1/ldapmisc.c.ldap	2011-05-28 09:22:53.630856564 +0200
++++ openssh-5.3p1/ldapmisc.c	2011-05-28 09:22:53.635919960 +0200
 @@ -0,0 +1,79 @@
 +
 +#include "ldapincludes.h"
@@ -1939,8 +1939,8 @@ diff -up openssh-5.3p1/ldapmisc.c.ldap openssh-5.3p1/ldapmisc.c
 +#endif
 +
 diff -up openssh-5.3p1/ldapmisc.h.ldap openssh-5.3p1/ldapmisc.h
---- openssh-5.3p1/ldapmisc.h.ldap	2011-03-10 22:39:35.192855203 +0100
-+++ openssh-5.3p1/ldapmisc.h	2011-03-10 22:39:35.201854926 +0100
+--- openssh-5.3p1/ldapmisc.h.ldap	2011-05-28 09:22:53.706856962 +0200
++++ openssh-5.3p1/ldapmisc.h	2011-05-28 09:22:53.712920133 +0200
 @@ -0,0 +1,35 @@
 +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
 +/*
@@ -1978,8 +1978,8 @@ diff -up openssh-5.3p1/ldapmisc.h.ldap openssh-5.3p1/ldapmisc.h
 +#endif /* LDAPMISC_H */
 +
 diff -up openssh-5.3p1/Makefile.in.ldap openssh-5.3p1/Makefile.in
---- openssh-5.3p1/Makefile.in.ldap	2011-03-10 22:39:33.602854839 +0100
-+++ openssh-5.3p1/Makefile.in	2011-03-10 22:39:35.237854870 +0100
+--- openssh-5.3p1/Makefile.in.ldap	2011-05-28 09:22:49.651856957 +0200
++++ openssh-5.3p1/Makefile.in	2011-05-28 09:22:53.835856734 +0200
 @@ -25,6 +25,8 @@ SSH_PROGRAM=@bindir@/ssh
  ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
  SFTP_SERVER=$(libexecdir)/sftp-server
@@ -2066,8 +2066,8 @@ diff -up openssh-5.3p1/Makefile.in.ldap openssh-5.3p1/Makefile.in
  
  tests interop-tests:	$(TARGETS)
 diff -up openssh-5.3p1/openssh-lpk-openldap.schema.ldap openssh-5.3p1/openssh-lpk-openldap.schema
---- openssh-5.3p1/openssh-lpk-openldap.schema.ldap	2011-03-10 22:39:35.263854862 +0100
-+++ openssh-5.3p1/openssh-lpk-openldap.schema	2011-03-10 22:39:35.271854845 +0100
+--- openssh-5.3p1/openssh-lpk-openldap.schema.ldap	2011-05-28 09:22:53.922861293 +0200
++++ openssh-5.3p1/openssh-lpk-openldap.schema	2011-05-28 09:22:53.928859824 +0200
 @@ -0,0 +1,21 @@
 +#
 +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -2091,8 +2091,8 @@ diff -up openssh-5.3p1/openssh-lpk-openldap.schema.ldap openssh-5.3p1/openssh-lp
 +	MUST ( sshPublicKey $ uid ) 
 +	)
 diff -up openssh-5.3p1/openssh-lpk-sun.schema.ldap openssh-5.3p1/openssh-lpk-sun.schema
---- openssh-5.3p1/openssh-lpk-sun.schema.ldap	2011-03-10 22:39:35.285854812 +0100
-+++ openssh-5.3p1/openssh-lpk-sun.schema	2011-03-10 22:39:35.295979788 +0100
+--- openssh-5.3p1/openssh-lpk-sun.schema.ldap	2011-05-28 09:22:54.000865350 +0200
++++ openssh-5.3p1/openssh-lpk-sun.schema	2011-05-28 09:22:54.008865109 +0200
 @@ -0,0 +1,23 @@
 +#
 +# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -2118,9 +2118,9 @@ diff -up openssh-5.3p1/openssh-lpk-sun.schema.ldap openssh-5.3p1/openssh-lpk-sun
 +	MUST ( sshPublicKey $ uid ) 
 +	)
 diff -up openssh-5.3p1/ssh-ldap.conf.5.ldap openssh-5.3p1/ssh-ldap.conf.5
---- openssh-5.3p1/ssh-ldap.conf.5.ldap	2011-03-10 22:39:35.310854926 +0100
-+++ openssh-5.3p1/ssh-ldap.conf.5	2011-03-10 22:39:35.319854605 +0100
-@@ -0,0 +1,373 @@
+--- openssh-5.3p1/ssh-ldap.conf.5.ldap	2011-05-28 09:22:54.076856990 +0200
++++ openssh-5.3p1/ssh-ldap.conf.5	2011-05-28 09:30:39.790918625 +0200
+@@ -0,0 +1,376 @@
 +.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $
 +.\"
 +.\" Copyright (c) 2010 Jan F. Chadima.  All rights reserved.
@@ -2164,6 +2164,7 @@ diff -up openssh-5.3p1/ssh-ldap.conf.5.ldap openssh-5.3p1/ssh-ldap.conf.5
 +may be incorrect, as the quotes would become part of the value.
 +The possible keywords and their meanings are as follows (note that
 +keywords are case-insensitive, and arguments, on a case by case basis, may be case-sensitive).
++.Bl -tag -width Ds
 +.It Cm URI
 +The argument(s) are in the form
 +.Pa ldap[si]://[name[:port]]
@@ -2331,7 +2332,7 @@ diff -up openssh-5.3p1/ssh-ldap.conf.5.ldap openssh-5.3p1/ssh-ldap.conf.5
 +are the aliases for
 +.Dq no .
 +If
-+.Dqstart_tls
++.Dq start_tls
 +is specified then StartTLS is used rather than raw LDAP over SSL.
 +The default for ldap:// is
 +.Dq start_tls ,
@@ -2480,11 +2481,13 @@ diff -up openssh-5.3p1/ssh-ldap.conf.5.ldap openssh-5.3p1/ssh-ldap.conf.5
 +.It Cm SSH_Filter
 +Specifies the user filter applied on the LDAP serch.
 +The default is no filter.
++.El
 +.Sh FILES
 +.Bl -tag -width Ds
 +.It Pa  /etc/ssh/ldap.conf
 +Ldap configuration file for
 +.Xr ssh-ldap-helper 8 .
++.El
 +.Sh "SEE ALSO"
 +.Xr ldap.conf 5 ,
 +.Xr ssh-ldap-helper 8
@@ -2495,8 +2498,8 @@ diff -up openssh-5.3p1/ssh-ldap.conf.5.ldap openssh-5.3p1/ssh-ldap.conf.5
 +.Sh AUTHORS
 +.An Jan F. Chadima Aq jchadima at redhat.com
 diff -up openssh-5.3p1/ssh-ldap-helper.8.ldap openssh-5.3p1/ssh-ldap-helper.8
---- openssh-5.3p1/ssh-ldap-helper.8.ldap	2011-03-10 22:39:35.333855077 +0100
-+++ openssh-5.3p1/ssh-ldap-helper.8	2011-03-10 22:39:35.342854887 +0100
+--- openssh-5.3p1/ssh-ldap-helper.8.ldap	2011-05-28 09:22:54.149856901 +0200
++++ openssh-5.3p1/ssh-ldap-helper.8	2011-05-28 09:30:39.913857981 +0200
 @@ -0,0 +1,79 @@
 +.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $
 +.\"
@@ -2566,7 +2569,7 @@ diff -up openssh-5.3p1/ssh-ldap-helper.8.ldap openssh-5.3p1/ssh-ldap-helper.8
 +.It Fl w
 +.Nm
 +writes warnings about unknown items in the ldap.conf configuration file.
-+
++.El
 +.Sh SEE ALSO
 +.Xr sshd 8 ,
 +.Xr sshd_config 5 ,
@@ -2578,8 +2581,8 @@ diff -up openssh-5.3p1/ssh-ldap-helper.8.ldap openssh-5.3p1/ssh-ldap-helper.8
 +.Sh AUTHORS
 +.An Jan F. Chadima Aq jchadima at redhat.com
 diff -up openssh-5.3p1/ssh-ldap-wrapper.ldap openssh-5.3p1/ssh-ldap-wrapper
---- openssh-5.3p1/ssh-ldap-wrapper.ldap	2011-03-10 22:39:35.356855153 +0100
-+++ openssh-5.3p1/ssh-ldap-wrapper	2011-03-10 22:39:35.365854937 +0100
+--- openssh-5.3p1/ssh-ldap-wrapper.ldap	2011-05-28 09:22:54.224857230 +0200
++++ openssh-5.3p1/ssh-ldap-wrapper	2011-05-28 09:22:54.230861451 +0200
 @@ -0,0 +1,4 @@
 +#!/bin/sh
 +
diff --git a/openssh-5.3p1-manerr.patch b/openssh-5.3p1-manerr.patch
new file mode 100644
index 0000000..c631c42
--- /dev/null
+++ b/openssh-5.3p1-manerr.patch
@@ -0,0 +1,60 @@
+diff -up openssh-5.3p1/contrib/ssh-copy-id.1.manerr openssh-5.3p1/contrib/ssh-copy-id.1
+--- openssh-5.3p1/contrib/ssh-copy-id.1.manerr	2009-01-21 10:29:21.000000000 +0100
++++ openssh-5.3p1/contrib/ssh-copy-id.1	2011-08-08 07:18:11.764892034 +0200
+@@ -17,18 +17,18 @@ translations approved by the Free Softwa
+ the original English.
+ ..
+ .TH SSH-COPY-ID 1 "14 November 1999" "OpenSSH"
+-.SH NAME
++.SH NAME
+ ssh-copy-id \- install your public key in a remote machine's authorized_keys
+-.SH SYNOPSIS
++.SH SYNOPSIS
+ .B ssh-copy-id [-i [identity_file]]
+ .I "[user@]machine"
+ .br
+-.SH DESCRIPTION
++.SH DESCRIPTION
+ .BR ssh-copy-id
+ is a script that uses ssh to log into a remote machine (presumably
+ using a login password, so password authentication should be enabled,
+ unless you've done some clever use of multiple identities)
+-.PP
++.Pp
+ It also changes the permissions of the remote user's home,
+ .BR ~/.ssh ,
+ and
+@@ -38,7 +38,7 @@ to remove group writability (which would
+ has
+ .B StrictModes
+ set in its configuration).
+-.PP
++.Pp
+ If the
+ .B -i
+ option is given then the identity file (defaults to
+@@ -46,11 +46,11 @@ option is given then the identity file (
+ is used, regardless of whether there are any keys in your
+ .BR ssh-agent .
+ Otherwise, if this:
+-.PP
++.Pp
+ .B "      ssh-add -L"
+-.PP
++.Pp
+ provides any output, it uses that in preference to the identity file.
+-.PP
++.Pp
+ If the
+ .B -i
+ option is used, or the
+@@ -60,8 +60,7 @@ file.  Once it has one or more fingerpri
+ uses ssh to append them to
+ .B ~/.ssh/authorized_keys
+ on the remote machine (creating the file, and directory, if necessary)
+-
+-.SH "SEE ALSO"
++.SH "SEE ALSO"
+ .BR ssh (1),
+ .BR ssh-agent (1),
+ .BR sshd (8)
diff --git a/openssh-5.2p1-sesftp.patch b/openssh-5.3p1-sesftp.patch
similarity index 58%
rename from openssh-5.2p1-sesftp.patch
rename to openssh-5.3p1-sesftp.patch
index 3470e8f..61e9811 100644
--- a/openssh-5.2p1-sesftp.patch
+++ b/openssh-5.3p1-sesftp.patch
@@ -1,6 +1,6 @@
-diff -up openssh-5.2p1/openbsd-compat/port-linux.c.sesftp openssh-5.2p1/openbsd-compat/port-linux.c
---- openssh-5.2p1/openbsd-compat/port-linux.c.sesftp	2009-08-12 00:29:37.712368892 +0200
-+++ openssh-5.2p1/openbsd-compat/port-linux.c	2009-08-12 00:29:37.732544890 +0200
+diff -up openssh-5.3p1/openbsd-compat/port-linux.c.sesftp openssh-5.3p1/openbsd-compat/port-linux.c
+--- openssh-5.3p1/openbsd-compat/port-linux.c.sesftp	2011-06-20 13:03:45.615457484 +0200
++++ openssh-5.3p1/openbsd-compat/port-linux.c	2011-06-20 13:03:45.741457374 +0200
 @@ -469,4 +469,36 @@ ssh_selinux_setup_pty(char *pwname, cons
  		freecon(user_ctx);
  	debug3("%s: done", __func__);
@@ -38,9 +38,9 @@ diff -up openssh-5.2p1/openbsd-compat/port-linux.c.sesftp openssh-5.2p1/openbsd-
 +	xfree(newctx);
 +}
  #endif /* WITH_SELINUX */
-diff -up openssh-5.2p1/openbsd-compat/port-linux.h.sesftp openssh-5.2p1/openbsd-compat/port-linux.h
---- openssh-5.2p1/openbsd-compat/port-linux.h.sesftp	2008-03-26 21:27:21.000000000 +0100
-+++ openssh-5.2p1/openbsd-compat/port-linux.h	2009-08-12 00:29:37.733388083 +0200
+diff -up openssh-5.3p1/openbsd-compat/port-linux.h.sesftp openssh-5.3p1/openbsd-compat/port-linux.h
+--- openssh-5.3p1/openbsd-compat/port-linux.h.sesftp	2008-03-26 21:27:21.000000000 +0100
++++ openssh-5.3p1/openbsd-compat/port-linux.h	2011-06-20 13:03:45.786457484 +0200
 @@ -23,6 +23,7 @@
  int ssh_selinux_enabled(void);
  void ssh_selinux_setup_pty(char *, const char *);
@@ -49,16 +49,17 @@ diff -up openssh-5.2p1/openbsd-compat/port-linux.h.sesftp openssh-5.2p1/openbsd-
  #endif
  
  #endif /* ! _PORT_LINUX_H */
-diff -up openssh-5.2p1/session.c.sesftp openssh-5.2p1/session.c
---- openssh-5.2p1/session.c.sesftp	2009-08-12 00:29:37.659250161 +0200
-+++ openssh-5.2p1/session.c	2009-08-12 00:29:37.729578695 +0200
-@@ -1798,6 +1798,9 @@ do_child(Session *s, const char *command
- 		argv[i] = NULL;
- 		optind = optreset = 1;
- 		__progname = argv[0];
+diff -up openssh-5.3p1/session.c.sesftp openssh-5.3p1/session.c
+--- openssh-5.3p1/session.c.sesftp	2011-06-20 13:03:45.000000000 +0200
++++ openssh-5.3p1/session.c	2011-06-20 13:06:29.224741978 +0200
+@@ -1533,6 +1533,10 @@ do_setusercontext(struct passwd *pw)
+ 			free(chroot_path);
+ 		}
+ 
 +#ifdef WITH_SELINUX
-+		ssh_selinux_change_context("sftpd_t");
++		ssh_selinux_change_context("sshd_sftpd_t");
 +#endif
- 		exit(sftp_server_main(i, argv, s->pw));
- 	}
- 
++
+ #ifdef HAVE_SETPCRED
+ 		if (setpcred(pw->pw_name, (char **)NULL) == -1)
+ 			fatal("Failed to set process credentials");
diff --git a/openssh-5.3p1-sftp-chroot.patch b/openssh-5.3p1-sftp-chroot.patch
index 109e8b3..d71a150 100644
--- a/openssh-5.3p1-sftp-chroot.patch
+++ b/openssh-5.3p1-sftp-chroot.patch
@@ -1,6 +1,6 @@
 diff -up openssh-5.3p1/channels.c.sftp-chroot openssh-5.3p1/channels.c
---- openssh-5.3p1/channels.c.sftp-chroot	2011-03-03 12:03:43.000000000 +0100
-+++ openssh-5.3p1/channels.c	2011-03-03 12:03:48.000000000 +0100
+--- openssh-5.3p1/channels.c.sftp-chroot	2011-08-25 22:56:05.097081555 +0200
++++ openssh-5.3p1/channels.c	2011-08-25 22:56:17.284027242 +0200
 @@ -839,8 +839,9 @@ channel_pre_open(Channel *c, fd_set *rea
  		if (c->extended_usage == CHAN_EXTENDED_WRITE &&
  		    buffer_len(&c->extended) > 0)
@@ -22,7 +22,7 @@ diff -up openssh-5.3p1/channels.c.sftp-chroot openssh-5.3p1/channels.c
 +		} else if (c->efd != -1 &&
 +		    (c->extended_usage == CHAN_EXTENDED_READ ||
 +		    c->extended_usage == CHAN_EXTENDED_IGNORE) &&
-+ 		    FD_ISSET(c->efd, readset)) {
++ 		    (c->detach_close || FD_ISSET(c->efd, readset))) {
  			len = read(c->efd, buf, sizeof(buf));
  			debug2("channel %d: read %d from efd %d",
  			    c->self, len, c->efd);
@@ -39,9 +39,45 @@ diff -up openssh-5.3p1/channels.c.sftp-chroot openssh-5.3p1/channels.c
  			}
  		}
  	}
+diff -up openssh-5.3p1/openbsd-compat/port-linux.c.sftp-chroot openssh-5.3p1/openbsd-compat/port-linux.c
+--- openssh-5.3p1/openbsd-compat/port-linux.c.sftp-chroot	2011-08-25 22:56:16.941023541 +0200
++++ openssh-5.3p1/openbsd-compat/port-linux.c	2011-08-25 22:56:17.445026125 +0200
+@@ -519,4 +519,21 @@ ssh_selinux_change_context(const char *n
+ 	xfree(oldctx);
+ 	xfree(newctx);
+ }
++
++void
++ssh_selinux_copy_context(void)
++{
++	char *ctx;
++
++	if (!ssh_selinux_enabled())
++		return;
++
++	if (getexeccon((security_context_t *)&ctx) < 0) {
++		logit("%s: getcon failed with %s", __func__, strerror (errno));
++		return;
++	}
++	if (setcon(ctx) < 0)
++		logit("%s: setcon failed with %s", __func__, strerror (errno));
++	xfree(ctx);
++}
+ #endif /* WITH_SELINUX */
+diff -up openssh-5.3p1/openbsd-compat/port-linux.h.sftp-chroot openssh-5.3p1/openbsd-compat/port-linux.h
+--- openssh-5.3p1/openbsd-compat/port-linux.h.sftp-chroot	2011-08-25 22:55:48.496222543 +0200
++++ openssh-5.3p1/openbsd-compat/port-linux.h	2011-08-25 22:56:17.603031980 +0200
+@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
+ void ssh_selinux_setup_pty(char *, const char *);
+ void ssh_selinux_setup_exec_context(char *);
+ void ssh_selinux_change_context(const char *);
++void ssh_selinux_chopy_context(void);
+ #endif
+ 
+ #endif /* ! _PORT_LINUX_H */
 diff -up openssh-5.3p1/session.c.sftp-chroot openssh-5.3p1/session.c
---- openssh-5.3p1/session.c.sftp-chroot	2011-03-03 12:03:46.000000000 +0100
-+++ openssh-5.3p1/session.c	2011-03-03 12:03:49.000000000 +0100
+--- openssh-5.3p1/session.c.sftp-chroot	2011-08-25 22:56:11.262030419 +0200
++++ openssh-5.3p1/session.c	2011-08-26 10:01:26.419149592 +0200
 @@ -105,7 +105,7 @@
  /* func */
  
@@ -184,7 +220,40 @@ diff -up openssh-5.3p1/session.c.sftp-chroot openssh-5.3p1/session.c
  	} else {
  		server_loop(pid, ptyfd, fdout, -1);
  		/* server_loop _has_ closed ptyfd and fdout. */
-@@ -2342,7 +2316,8 @@ session_input_channel_req(Channel *c, co
+@@ -1568,15 +1542,14 @@ do_setusercontext(struct passwd *pw)
+ 			    pw->pw_uid);
+ 			chroot_path = percent_expand(tmp, "h", pw->pw_dir,
+ 			    "u", pw->pw_name, (char *)NULL);
++#ifdef WITH_SELINUX
++			ssh_selinux_change_context("chroot_user_t");
++#endif
+ 			safely_chroot(chroot_path, pw->pw_uid);
+ 			free(tmp);
+ 			free(chroot_path);
+ 		}
+ 
+-#ifdef WITH_SELINUX
+-		ssh_selinux_change_context("sshd_sftpd_t");
+-#endif
+-
+ #ifdef HAVE_SETPCRED
+ 		if (setpcred(pw->pw_name, (char **)NULL) == -1)
+ 			fatal("Failed to set process credentials");
+@@ -1832,6 +1805,13 @@ do_child(Session *s, const char *command
+ 		int i;
+ 		char *p, *args;
+ 
++#ifdef WITH_SELINUX
++		if (options.chroot_directory == NULL ||
++		    strcasecmp(options.chroot_directory, "none") == 0) {
++			ssh_selinux_copy_context();
++		}
++#endif
++
+ 		setproctitle("%s@%s", s->pw->pw_name, INTERNAL_SFTP_NAME);
+ 		args = xstrdup(command ? command : "sftp-server");
+ 		for (i = 0, (p = strtok(args, " ")); p; (p = strtok(NULL, " ")))
+@@ -2343,7 +2323,8 @@ session_input_channel_req(Channel *c, co
  }
  
  void
@@ -194,7 +263,7 @@ diff -up openssh-5.3p1/session.c.sftp-chroot openssh-5.3p1/session.c
  {
  	if (!compat20)
  		fatal("session_set_fds: called for proto != 2.0");
-@@ -2354,7 +2329,7 @@ session_set_fds(Session *s, int fdin, in
+@@ -2355,7 +2336,7 @@ session_set_fds(Session *s, int fdin, in
  		fatal("no channel for session %d", s->self);
  	channel_set_fds(s->chanid,
  	    fdout, fdin, fderr,
