[gsi-openssh/f19: 2/2] Based on openssh-6.2p2-5.fc19
Mattias Ellert
ellert at fedoraproject.org
Fri Aug 23 08:23:12 UTC 2013
commit 1b21942619d4ddd57f2f32cbbad32fd9aa7d0fd5
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date: Fri Aug 23 10:09:24 2013 +0200
Based on openssh-6.2p2-5.fc19
gsi-openssh.spec | 10 ++++++++--
openssh-6.2p1-gsskex.patch | 29 -----------------------------
openssh-6.2p2-ssh_gai_strerror.patch | 23 +++++++++++++++++++++++
3 files changed, 31 insertions(+), 31 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index 8c46508..cefa31e 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -29,12 +29,12 @@
%global ldap 1
%global openssh_ver 6.2p2
-%global openssh_rel 1
+%global openssh_rel 2
Summary: An implementation of the SSH protocol with GSI authentication
Name: gsi-openssh
Version: %{openssh_ver}
-Release: %{openssh_rel}%{?dist}.1
+Release: %{openssh_rel}%{?dist}
Provides: gsissh = %{version}-%{release}
Obsoletes: gsissh < 5.8p2-2
URL: http://www.openssh.com/portable.html
@@ -132,6 +132,8 @@ Patch905: openssh-6.2p1-modpipe-cflags.patch
Patch907: openssh-6.2p1-aarch64.patch
# make sftp's libedit interface marginally multibyte aware (#841771)
Patch908: openssh-6.2p2-sftp-multibyte.patch
+# don't show Success for EAI_SYSTEM (#985964)
+Patch909: openssh-6.2p2-ssh_gai_strerror.patch
# This is the patch that adds GSI support
# Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-6.2p2.patch
@@ -281,6 +283,7 @@ This version of OpenSSH has been modified to support GSI authentication.
%patch905 -p1 -b .modpipe-cflags
%patch907 -p1 -b .aarch64
%patch908 -p1 -b .sftp-multibyte
+%patch909 -p1 -b .ssh_gai_strerror
%patch98 -p1 -b .gsi
@@ -494,6 +497,9 @@ getent passwd sshd >/dev/null || \
%attr(0644,root,root) %{_unitdir}/gsisshd-keygen.service
%changelog
+* Fri Aug 23 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.2p2-2
+- Based on openssh-6.2p2-5.fc19
+
* Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 6.2p2-1.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
diff --git a/openssh-6.2p1-gsskex.patch b/openssh-6.2p1-gsskex.patch
index d6f0810..f1fe8d1 100644
--- a/openssh-6.2p1-gsskex.patch
+++ b/openssh-6.2p1-gsskex.patch
@@ -2846,35 +2846,6 @@ diff -up openssh-6.2p1/sshd.c.gsskex openssh-6.2p1/sshd.c
/*
* We don't want to listen forever unless the other side
* successfully authenticates itself. So we set up an alarm which is
-@@ -2139,14 +2200,6 @@ main(int ac, char **av)
- #ifdef SSH_AUDIT_EVENTS
- audit_event(SSH_AUTH_SUCCESS);
- #endif
--
--#ifdef GSSAPI
-- if (options.gss_authentication) {
-- temporarily_use_uid(authctxt->pw);
-- ssh_gssapi_storecreds();
-- restore_uid();
-- }
--#endif
- #ifdef WITH_SELINUX
- ssh_selinux_setup_exec_context(authctxt->pw->pw_name);
- #endif
-@@ -2156,6 +2209,13 @@ main(int ac, char **av)
- do_pam_session();
- }
- #endif
-+#ifdef GSSAPI
-+ if (options.gss_authentication) {
-+ temporarily_use_uid(authctxt->pw);
-+ ssh_gssapi_storecreds();
-+ restore_uid();
-+ }
-+#endif
-
- /*
- * In privilege separation, we fork another child and prepare
@@ -2466,6 +2526,48 @@ do_ssh2_kex(void)
myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
diff --git a/openssh-6.2p2-ssh_gai_strerror.patch b/openssh-6.2p2-ssh_gai_strerror.patch
new file mode 100644
index 0000000..0e433fa
--- /dev/null
+++ b/openssh-6.2p2-ssh_gai_strerror.patch
@@ -0,0 +1,23 @@
+diff -U0 openssh-6.2p2/ChangeLog.ssh_gai_strerror openssh-6.2p2/ChangeLog
+--- openssh-6.2p2/ChangeLog.ssh_gai_strerror 2013-07-23 12:03:41.467902339 +0200
++++ openssh-6.2p2/ChangeLog 2013-07-23 12:06:03.414281151 +0200
+@@ -0,0 +1,7 @@
++20130718
++ - djm at cvs.openbsd.org 2013/07/12 00:43:50
++ [misc.c]
++ in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
++ errno == 0. Avoids confusing error message in some broken resolver
++ cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
++
+diff -up openssh-6.2p2/misc.c.ssh_gai_strerror openssh-6.2p2/misc.c
+--- openssh-6.2p2/misc.c.ssh_gai_strerror 2013-07-23 12:03:41.321902978 +0200
++++ openssh-6.2p2/misc.c 2013-07-23 12:03:41.467902339 +0200
+@@ -127,7 +127,7 @@ unset_nonblock(int fd)
+ const char *
+ ssh_gai_strerror(int gaierr)
+ {
+- if (gaierr == EAI_SYSTEM)
++ if (gaierr == EAI_SYSTEM && errno != 0)
+ return strerror(errno);
+ return gai_strerror(gaierr);
+ }
More information about the scm-commits
mailing list