[gsi-openssh/f17] Based on openssh-5.9p1-27.fc17
Mattias Ellert
ellert at fedoraproject.org
Thu Nov 1 10:11:59 UTC 2012
commit 738668249a1098fdccfeefc476c6fec92ff8c9a5
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Thu Nov 1 11:11:36 2012 +0100
Based on openssh-5.9p1-27.fc17
gsi-openssh.spec | 12 +++++++-----
openssh-5.8p1-gssapi-canohost.patch | 24 ------------------------
openssh-5.9p1-gsissh.patch | 2 +-
openssh-5.9p1-gssapi-canohost.patch | 21 +++++++++++++++++++++
4 files changed, 29 insertions(+), 30 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index b80cdcd..4acc5ee 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -32,7 +32,7 @@
%global nologin 1
%global openssh_ver 5.9p1
-%global openssh_rel 7
+%global openssh_rel 8
Summary: An implementation of the SSH protocol with GSI authentication
Name: gsi-openssh
@@ -154,8 +154,7 @@ Patch800: openssh-5.9p1-gsskex.patch
#http://www.mail-archive.com/kerberos@mit.edu/msg17591.html
Patch801: openssh-5.8p2-force_krb.patch
-#?
-Patch900: openssh-5.8p1-gssapi-canohost.patch
+Patch900: openssh-5.9p1-gssapi-canohost.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1780
Patch901: openssh-5.9p1-kuserok.patch
#---
@@ -373,8 +372,8 @@ fi
--libexecdir=%{_libexecdir}/gsissh \
--datadir=%{_datadir}/gsissh \
--with-tcp-wrappers \
- --with-default-path=/usr/local/bin:/bin:/usr/bin \
- --with-superuser-path=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin \
+ --with-default-path=/usr/local/bin:/usr/bin \
+ --with-superuser-path=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin \
--with-privsep-path=%{_var}/empty/gsisshd \
--enable-vendor-patchlevel="FC-%{version}-%{release}" \
--disable-strip \
@@ -551,6 +550,9 @@ fi
%attr(0644,root,root) %{_unitdir}/gsisshd.service
%changelog
+* Thu Nov 01 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.9p1-8
+- Based on openssh-5.9p1-27.fc17
+
* Mon Aug 13 2012 Mattias Ellert <mattias.ellert at fysast.uu.se> - 5.9p1-7
- Based on openssh-5.9p1-26.fc17
diff --git a/openssh-5.9p1-gsissh.patch b/openssh-5.9p1-gsissh.patch
index 745255d..e947dfe 100644
--- a/openssh-5.9p1-gsissh.patch
+++ b/openssh-5.9p1-gsissh.patch
@@ -2068,7 +2068,7 @@ diff -Nur openssh-5.9p1.orig/sshconnect2.c openssh-5.9p1/sshconnect2.c
+
if (options.gss_server_identity)
gss_host = options.gss_server_identity;
- else if (options.gss_trust_dns)
+ else if (options.gss_trust_dns) {
@@ -935,6 +940,15 @@
xfree(lang);
}
diff --git a/openssh-5.9p1-gssapi-canohost.patch b/openssh-5.9p1-gssapi-canohost.patch
new file mode 100644
index 0000000..3252582
--- /dev/null
+++ b/openssh-5.9p1-gssapi-canohost.patch
@@ -0,0 +1,21 @@
+diff -up openssh-5.9p1/sshconnect2.c.canohost openssh-5.9p1/sshconnect2.c
+--- openssh-5.9p1/sshconnect2.c.canohost 2012-10-31 16:42:37.598288999 +0100
++++ openssh-5.9p1/sshconnect2.c 2012-10-31 16:47:40.963288964 +0100
+@@ -699,12 +699,15 @@ userauth_gssapi(Authctxt *authctxt)
+ static u_int mech = 0;
+ OM_uint32 min;
+ int ok = 0;
+- const char *gss_host;
++ const char *gss_host = NULL;
+
+ if (options.gss_server_identity)
+ gss_host = options.gss_server_identity;
+- else if (options.gss_trust_dns)
++ else if (options.gss_trust_dns) {
+ gss_host = get_canonical_hostname(1);
++ if ( strcmp( gss_host, "UNKNOWN" ) == 0 )
++ gss_host = authctxt->host;
++ }
+ else
+ gss_host = authctxt->host;
+
More information about the scm-commits
mailing list