[gsi-openssh/f20] Based on openssh-6.4p1-5.fc20

Wed Oct 22 16:59:00 UTC 2014

commit eb7dbd3f4237360056a2b04156e55ed923b0963e
Author: Mattias Ellert <mattias.ellert at fysast.uu.se>
Date:   Wed Oct 22 16:45:09 2014 +0200

    Based on openssh-6.4p1-5.fc20

 gsi-openssh.spec               |    8 ++++-
 openssh-6.4p1-NI_MAXHOST.patch |   70 ++++++++++++++++++++++++++++++++++++++++
 2 files changed, 77 insertions(+), 1 deletions(-)
---

diff --git a/gsi-openssh.spec b/gsi-openssh.spec
index b2247a7..8663977 100644
--- a/gsi-openssh.spec
+++ b/gsi-openssh.spec
@@ -29,7 +29,7 @@
 %global ldap 1
 
 %global openssh_ver 6.4p1
-%global openssh_rel 3
+%global openssh_rel 4
 
 Summary: An implementation of the SSH protocol with GSI authentication
 Name: gsi-openssh
@@ -142,6 +142,8 @@ Patch907: openssh-6.4p1-CLOCK_BOOTTIME.patch
 Patch908: openssh-6.4p1-CVE-2014-2653.patch
 # ignore environment variables with embedded '=' or '\0' characters (#1077843)
 Patch909: openssh-6.4p1-ignore-bad-env-var.patch
+# standardise on NI_MAXHOST for gethostname() string lengths (#1051490)
+Patch910: openssh-6.4p1-NI_MAXHOST.patch
 
 # This is the patch that adds GSI support
 # Based on http://grid.ncsa.illinois.edu/ssh/dl/patch/openssh-6.4p1.patch
@@ -297,6 +299,7 @@ This version of OpenSSH has been modified to support GSI authentication.
 %patch907 -p1 -b .CLOCK_BOOTTIME
 %patch908 -p1 -b .CVE-2014-2653
 %patch909 -p1 -b .bad-env-var
+%patch910 -p1 -b .NI_MAXHOST
 
 %patch98 -p1 -b .gsi
 
@@ -510,6 +513,9 @@ getent passwd sshd >/dev/null || \
 %attr(0644,root,root) %{_unitdir}/gsisshd-keygen.service
 
 %changelog
+* Wed Oct 22 2014 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.4p1-4
+- Based on openssh-6.4p1-5.fc20
+
 * Thu Jul 10 2014 Mattias Ellert <mattias.ellert at fysast.uu.se> - 6.4p1-3
 - Based on openssh-6.4p1-4.fc20
 
diff --git a/openssh-6.4p1-NI_MAXHOST.patch b/openssh-6.4p1-NI_MAXHOST.patch
new file mode 100644
index 0000000..cd660d5
--- /dev/null
+++ b/openssh-6.4p1-NI_MAXHOST.patch
@@ -0,0 +1,70 @@
+diff --git a/ChangeLog b/ChangeLog
+index 55dee98..7bcd596 100644
+--- a/ChangeLog
++++ b/ChangeLog
+@@ -1,3 +1,10 @@
++20140703
++ - OpenBSD CVS Sync
++   - djm at cvs.openbsd.org 2014/07/03 03:34:09
++     [gss-serv.c session.c ssh-keygen.c]
++     standardise on NI_MAXHOST for gethostname() string lengths; about
++     1/2 the cases were using it already. Fixes bz#2239 en passant
++
+ 20140304
+  - OpenBSD CVS Sync
+    - djm at cvs.openbsd.org 2014/03/03 22:22:30
+diff --git a/gss-serv.c b/gss-serv.c
+index e533c3a..7e343db 100644
+--- a/gss-serv.c
++++ b/gss-serv.c
+@@ -83,14 +83,14 @@ static OM_uint32
+ ssh_gssapi_acquire_cred(Gssctxt *ctx)
+ {
+ 	OM_uint32 status;
+-	char lname[MAXHOSTNAMELEN];
++	char lname[NI_MAXHOST];
+ 	gss_OID_set oidset;
+ 
+ 	if (options.gss_strict_acceptor) {
+ 		gss_create_empty_oid_set(&status, &oidset);
+ 		gss_add_oid_set_member(&status, ctx->oid, &oidset);
+ 
+-		if (gethostname(lname, MAXHOSTNAMELEN)) {
++		if (gethostname(lname, sizeof(lname))) {
+ 			gss_release_oid_set(&status, &oidset);
+ 			return (-1);
+ 		}
+diff --git a/session.c b/session.c
+index f5b6848..86da7cf 100644
+--- a/session.c
++++ b/session.c
+@@ -49,6 +49,7 @@
+ #include <errno.h>
+ #include <fcntl.h>
+ #include <grp.h>
++#include <netdb.h>
+ #ifdef HAVE_PATHS_H
+ #include <paths.h>
+ #endif
+@@ -2697,7 +2698,7 @@ session_setup_x11fwd(Session *s)
+ {
+ 	struct stat st;
+ 	char display[512], auth_display[512];
+-	char hostname[MAXHOSTNAMELEN];
++	char hostname[NI_MAXHOST];
+ 	u_int i;
+ 
+ 	if (no_x11_forwarding_flag) {
+diff --git a/ssh-keygen.c b/ssh-keygen.c
+index 2569016..1bddd72 100644
+--- a/ssh-keygen.c
++++ b/ssh-keygen.c
+@@ -153,7 +153,7 @@ char *pkcs11provider = NULL;
+ /* argv0 */
+ extern char *__progname;
+ 
+-char hostname[MAXHOSTNAMELEN];
++char hostname[NI_MAXHOST];
+ 
+ /* moduli.c */
+ int gen_candidates(FILE *, u_int32_t, u_int32_t, BIGNUM *);
