[gsi-openssh/f19: 2/2] Based on openssh-6.2p2-5.fc19

Mattias Ellert ellert at fedoraproject.org
Fri Aug 23 08:23:12 UTC 2013 

commit 1b21942619d4ddd57f2f32cbbad32fd9aa7d0fd5
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date:   Fri Aug 23 10:09:24 2013 +0200

    Based on openssh-6.2p2-5.fc19

 gsi-openssh.spec                     |   10 ++++++++--
 openssh-6.2p1-gsskex.patch           |   29 -----------------------------
 openssh-6.2p2-ssh_gai_strerror.patch |   23 +++++++++++++++++++++++
 3 files changed, 31 insertions(+), 31 deletions(-)
---
diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index 8c46508..cefa31e 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -29,12 +29,12 @@
 %global ldap 1
 
 %global openssh_ver 6.2p2
-%global openssh_rel 1
+%global openssh_rel 2
 
 Summary: An implementation of the SSH protocol with GSI authentication
 Name: gsi-openssh
 Version: %{openssh_ver}
-Release: %{openssh_rel}%{?dist}.1
+Release: %{openssh_rel}%{?dist}
 Provides: gsissh = %{version}-%{release}
 Obsoletes: gsissh < 5.8p2-2
 URL: http://www.openssh.com/portable.html
@@ -132,6 +132,8 @@ Patch905: openssh-6.2p1-modpipe-cflags.patch
 Patch907: openssh-6.2p1-aarch64.patch
 # make sftp's libedit interface marginally multibyte aware (#841771)
 Patch908: openssh-6.2p2-sftp-multibyte.patch
+# don't show Success for EAI_SYSTEM (#985964)
+Patch909: openssh-6.2p2-ssh_gai_strerror.patch
 
 # This is the patch that adds GSI support
 # Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-6.2p2.patch
@@ -281,6 +283,7 @@ This version of OpenSSH has been modified to support GSI authentication.
 %patch905 -p1 -b .modpipe-cflags
 %patch907 -p1 -b .aarch64
 %patch908 -p1 -b .sftp-multibyte
+%patch909 -p1 -b .ssh_gai_strerror
 
 %patch98 -p1 -b .gsi
 
@@ -494,6 +497,9 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_unitdir}/gsisshd-keygen.service
 
 %changelog
+* Fri Aug 23 2013 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.2p2-2
+- Based on openssh-6.2p2-5.fc19
+
 * Sat Aug 03 2013 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 6.2p2-1.1
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild
 
diff --git a/openssh-6.2p1-gsskex.patch b/openssh-6.2p1-gsskex.patch
index d6f0810..f1fe8d1 100644
--- a/openssh-6.2p1-gsskex.patch
+++ b/openssh-6.2p1-gsskex.patch
@@ -2846,35 +2846,6 @@ diff -up openssh-6.2p1/sshd.c.gsskex openssh-6.2p1/sshd.c
  	/*
  	 * We don't want to listen forever unless the other side
  	 * successfully authenticates itself.  So we set up an alarm which is
-@@ -2139,14 +2200,6 @@ main(int ac, char **av)
- #ifdef SSH_AUDIT_EVENTS
- 	audit_event(SSH_AUTH_SUCCESS);
- #endif
--
--#ifdef GSSAPI
--	if (options.gss_authentication) {
--		temporarily_use_uid(authctxt->pw);
--		ssh_gssapi_storecreds();
--		restore_uid();
--	}
--#endif
- #ifdef WITH_SELINUX
- 	ssh_selinux_setup_exec_context(authctxt->pw->pw_name);
- #endif
-@@ -2156,6 +2209,13 @@ main(int ac, char **av)
- 		do_pam_session();
- 	}
- #endif
-+#ifdef GSSAPI
-+	if (options.gss_authentication) {
-+		temporarily_use_uid(authctxt->pw);
-+		ssh_gssapi_storecreds();
-+		restore_uid();
-+	}
-+#endif
- 
- 	/*
- 	 * In privilege separation, we fork another child and prepare
 @@ -2466,6 +2526,48 @@ do_ssh2_kex(void)
  
  	myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
diff --git a/openssh-6.2p2-ssh_gai_strerror.patch b/openssh-6.2p2-ssh_gai_strerror.patch
new file mode 100644
index 0000000..0e433fa
--- /dev/null
+++ b/openssh-6.2p2-ssh_gai_strerror.patch
@@ -0,0 +1,23 @@
+diff -U0 openssh-6.2p2/ChangeLog.ssh_gai_strerror openssh-6.2p2/ChangeLog
+--- openssh-6.2p2/ChangeLog.ssh_gai_strerror	2013-07-23 12:03:41.467902339 +0200
++++ openssh-6.2p2/ChangeLog	2013-07-23 12:06:03.414281151 +0200
+@@ -0,0 +1,7 @@
++20130718
++   - djm at cvs.openbsd.org 2013/07/12 00:43:50
++     [misc.c]
++     in ssh_gai_strerror() don't fallback to strerror for EAI_SYSTEM when
++     errno == 0. Avoids confusing error message in some broken resolver
++     cases. bz#2122 patch from plautrba AT redhat.com; ok dtucker
++
+diff -up openssh-6.2p2/misc.c.ssh_gai_strerror openssh-6.2p2/misc.c
+--- openssh-6.2p2/misc.c.ssh_gai_strerror	2013-07-23 12:03:41.321902978 +0200
++++ openssh-6.2p2/misc.c	2013-07-23 12:03:41.467902339 +0200
+@@ -127,7 +127,7 @@ unset_nonblock(int fd)
+ const char *
+ ssh_gai_strerror(int gaierr)
+ {
+-	if (gaierr == EAI_SYSTEM)
++	if (gaierr == EAI_SYSTEM && errno != 0)
+ 		return strerror(errno);
+ 	return gai_strerror(gaierr);
+ }

More information about the scm-commits mailing list