[openssh] Update coverity patch after rebase to 6.7
Jakub Jelen
jjelen at fedoraproject.org
Wed Feb 18 15:34:33 UTC 2015
commit 580f9868391c6b35c7116facff112edc6f1d35da
Author: Jakub Jelen <jjelen at redhat.com>
Date: Fri Jan 30 14:27:43 2015 +0100
Update coverity patch after rebase to 6.7
openssh-6.6p1-GSSAPIEnablek5users.patch | 2 +-
openssh-6.6p1-force_krb.patch | 2 +-
openssh-6.6p1-gsskex.patch | 18 ++-
...-coverity.patch => openssh-6.7p1-coverity.patch | 231 ++++++++++++++------
openssh-6.7p1-fips.patch | 7 +-
openssh-6.7p1-ldap.patch | 5 +-
openssh.spec | 6 +-
7 files changed, 185 insertions(+), 86 deletions(-)
---
diff --git a/openssh-6.6p1-GSSAPIEnablek5users.patch b/openssh-6.6p1-GSSAPIEnablek5users.patch
index a51e199..efd7917 100644
--- a/openssh-6.6p1-GSSAPIEnablek5users.patch
+++ b/openssh-6.6p1-GSSAPIEnablek5users.patch
@@ -5,7 +5,7 @@ index 961c564..0fcfd7b 100644
@@ -260,7 +260,6 @@ ssh_gssapi_krb5_cmdok(krb5_principal principal, const char *name,
FILE *fp;
char file[MAXPATHLEN];
- char line[BUFSIZ];
+ char line[BUFSIZ] = "";
- char kuser[65]; /* match krb5_kuserok() */
struct stat st;
struct passwd *pw = the_authctxt->pw;
diff --git a/openssh-6.6p1-force_krb.patch b/openssh-6.6p1-force_krb.patch
index b7bc826..6703c15 100644
--- a/openssh-6.6p1-force_krb.patch
+++ b/openssh-6.6p1-force_krb.patch
@@ -97,7 +97,7 @@ index 413b845..54dd383 100644
+{
+ FILE *fp;
+ char file[MAXPATHLEN];
-+ char line[BUFSIZ];
++ char line[BUFSIZ] = "";
+ char kuser[65]; /* match krb5_kuserok() */
+ struct stat st;
+ struct passwd *pw = the_authctxt->pw;
diff --git a/openssh-6.6p1-gsskex.patch b/openssh-6.6p1-gsskex.patch
index 6efa67d..82e59ac 100644
--- a/openssh-6.6p1-gsskex.patch
+++ b/openssh-6.6p1-gsskex.patch
@@ -23,6 +23,14 @@ diff --git a/auth2-gss.c b/auth2-gss.c
index 4803e7e..222e3e0 100644
--- a/auth2-gss.c
+++ b/auth2-gss.c
+@@ -31,6 +31,7 @@
+ #include <sys/types.h>
+
+ #include <stdarg.h>
++#include <string.h>
+
+ #include "xmalloc.h"
+ #include "key.h"
@@ -53,6 +53,40 @@ static void input_gssapi_mic(int type, u_int32_t plen, void *ctxt);
static void input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt);
static void input_gssapi_errtok(int, u_int32_t, void *);
@@ -456,7 +464,7 @@ index b39281b..a3a2289 100644
if (!GSS_ERROR(major)) {
major = ssh_gssapi_init_ctx(*ctx, 0, GSS_C_NO_BUFFER, &token,
NULL);
-@@ -272,10 +483,67 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
+@@ -272,10 +483,66 @@ ssh_gssapi_check_mechanism(Gssctxt **ctx, gss_OID oid, const char *host)
GSS_C_NO_BUFFER);
}
@@ -476,7 +484,6 @@ index b39281b..a3a2289 100644
+ static OM_uint32 last_call = 0;
+ OM_uint32 lifetime, now, major, minor;
+ int equal;
-+ gss_cred_usage_t usage = GSS_C_INITIATE;
+
+ now = time(NULL);
+
@@ -1415,7 +1422,7 @@ new file mode 100644
index 0000000..b880998
--- /dev/null
+++ b/kexgsss.c
-@@ -0,0 +1,289 @@
+@@ -0,0 +1,290 @@
+/*
+ * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved.
+ *
@@ -1462,6 +1469,7 @@ index 0000000..b880998
+#include "monitor_wrap.h"
+#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */
+#include "servconf.h"
++#include "ssh-gss.h"
+
+extern ServerOptions options;
+
@@ -2341,7 +2349,7 @@ index a99d7f0..0374c88 100644
int ssh_gssapi_check_oid(Gssctxt *, void *, size_t);
void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t);
-@@ -119,16 +136,30 @@ void ssh_gssapi_build_ctx(Gssctxt **);
+@@ -119,16 +136,32 @@ void ssh_gssapi_build_ctx(Gssctxt **);
void ssh_gssapi_delete_ctx(Gssctxt **);
OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t);
void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *);
@@ -2371,6 +2379,8 @@ index a99d7f0..0374c88 100644
+int ssh_gssapi_oid_table_ok();
+
+int ssh_gssapi_update_creds(ssh_gssapi_ccache *store);
++
++void ssh_gssapi_rekey_creds(void);
#endif /* GSSAPI */
#endif /* _SSH_GSS_H */
diff --git a/openssh-6.6.1p1-coverity.patch b/openssh-6.7p1-coverity.patch
similarity index 79%
rename from openssh-6.6.1p1-coverity.patch
rename to openssh-6.7p1-coverity.patch
index 9f71f9c..875b79a 100644
--- a/openssh-6.6.1p1-coverity.patch
+++ b/openssh-6.7p1-coverity.patch
@@ -1,5 +1,5 @@
diff --git a/auth-pam.c b/auth-pam.c
-index cd1a775..690711e 100644
+index cd1a775..2fff267 100644
--- a/auth-pam.c
+++ b/auth-pam.c
@@ -216,7 +216,12 @@ pthread_join(sp_pthread_t thread, void **value)
@@ -7,20 +7,20 @@ index cd1a775..690711e 100644
return (sshpam_thread_status);
signal(SIGCHLD, sshpam_oldsig);
- waitpid(thread, &status, 0);
-+ while (waitpid(thread, &status, 0) < 0) {
-+ if (errno == EINTR)
++ while (waitpid(thread, &status, 0) < 0) {
++ if (errno == EINTR)
+ continue;
-+ fatal("%s: waitpid: %s", __func__,
-+ strerror(errno));
++ fatal("%s: waitpid: %s", __func__,
++ strerror(errno));
+ }
return (status);
}
#endif
diff --git a/channels.c b/channels.c
-index af3fdc2..39c9f89 100644
+index 51a221d..0ef1d90 100644
--- a/channels.c
+++ b/channels.c
-@@ -233,11 +233,11 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
+@@ -239,11 +239,11 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
channel_max_fd = MAX(channel_max_fd, wfd);
channel_max_fd = MAX(channel_max_fd, efd);
@@ -35,7 +35,7 @@ index af3fdc2..39c9f89 100644
fcntl(efd, F_SETFD, FD_CLOEXEC);
c->rfd = rfd;
-@@ -255,11 +255,11 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
+@@ -261,11 +261,11 @@ channel_register_fds(Channel *c, int rfd, int wfd, int efd,
/* enable nonblocking mode */
if (nonblock) {
@@ -50,15 +50,33 @@ index af3fdc2..39c9f89 100644
set_nonblock(efd);
}
}
+@@ -3959,13 +3959,13 @@ connect_local_xsocket_path(const char *pathname, int len)
+ int sock;
+ struct sockaddr_un addr;
+
++ if (len <= 0)
++ return -1;
+ sock = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (sock < 0)
+ error("socket: %.100s", strerror(errno));
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+- if (len <= 0)
+- return -1;
+ if (len > sizeof addr.sun_path)
+ len = sizeof addr.sun_path;
+ memcpy(addr.sun_path, pathname, len);
diff --git a/clientloop.c b/clientloop.c
-index 9c60108..d372b53 100644
+index 20ce0b5..65cb26a 100644
--- a/clientloop.c
+++ b/clientloop.c
-@@ -2081,14 +2081,15 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt)
+@@ -2090,15 +2090,16 @@ client_input_global_request(int type, u_int32_t seq, void *ctxt)
+ {
char *rtype;
int want_reply;
- int success = 0;
-+/* success is still 0 the packet is allways SSH2_MSG_REQUEST_FAILURE, isn't it? */
+- int success = 0;
++/* int success = 0;
++ success is still 0 the packet is allways SSH2_MSG_REQUEST_FAILURE, isn't it? */
rtype = packet_get_string(NULL);
want_reply = packet_get_char();
@@ -72,26 +90,23 @@ index 9c60108..d372b53 100644
packet_send();
packet_write_wait();
}
-diff --git a/key.c b/key.c
-index a2050f6..6487d81 100644
---- a/key.c
-+++ b/key.c
-@@ -880,8 +880,10 @@ key_read(Key *ret, char **cpp)
- success = 1;
- /*XXXX*/
- key_free(k);
-+/*XXXX
- if (success != 1)
- break;
-+XXXX*/
- /* advance cp: skip whitespace and data */
- while (*cp == ' ' || *cp == '\t')
- cp++;
+diff --git a/entropy.c b/entropy.c
+index 06b0095..a4097da 100644
+--- a/entropy.c
++++ b/entropy.c
+@@ -44,6 +44,7 @@
+ #include <openssl/err.h>
+
+ #include "openbsd-compat/openssl-compat.h"
++#include "openbsd-compat/port-linux.h"
+
+ #include "ssh.h"
+ #include "misc.h"
diff --git a/monitor.c b/monitor.c
-index 3ff62b0..70b9b4c 100644
+index 07fa655..b8e6e06 100644
--- a/monitor.c
+++ b/monitor.c
-@@ -472,7 +472,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
+@@ -488,7 +488,7 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor)
mm_get_keystate(pmonitor);
/* Drain any buffered messages from the child */
@@ -100,7 +115,7 @@ index 3ff62b0..70b9b4c 100644
;
close(pmonitor->m_sendfd);
-@@ -1254,6 +1254,10 @@ mm_answer_keyallowed(int sock, Buffer *m)
+@@ -1276,6 +1276,10 @@ mm_answer_keyallowed(int sock, Buffer *m)
break;
}
}
@@ -111,7 +126,7 @@ index 3ff62b0..70b9b4c 100644
if (key != NULL)
key_free(key);
-@@ -1275,9 +1279,6 @@ mm_answer_keyallowed(int sock, Buffer *m)
+@@ -1297,9 +1301,6 @@ mm_answer_keyallowed(int sock, Buffer *m)
free(chost);
}
@@ -122,10 +137,10 @@ index 3ff62b0..70b9b4c 100644
buffer_put_int(m, allowed);
buffer_put_int(m, forced_command != NULL);
diff --git a/monitor_wrap.c b/monitor_wrap.c
-index 6df236a..93f6535 100644
+index ba4ecd7..b3e4ca1 100644
--- a/monitor_wrap.c
+++ b/monitor_wrap.c
-@@ -743,10 +743,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
+@@ -749,10 +749,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, char *namebuf, size_t namebuflen)
if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 ||
(tmp2 = dup(pmonitor->m_recvfd)) == -1) {
error("%s: cannot allocate fds for pty", __func__);
@@ -152,11 +167,22 @@ index c89f214..80115c2 100644
int i;
if (sa == NULL) {
+diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
+index 8b7cda2..e2ca8a1 100644
+--- a/openbsd-compat/port-linux.h
++++ b/openbsd-compat/port-linux.h
+@@ -37,4 +37,6 @@ void oom_adjust_restore(void);
+ void oom_adjust_setup(void);
+ #endif
+
++void linux_seed(void);
++
+ #endif /* ! _PORT_LINUX_H */
diff --git a/packet.c b/packet.c
-index f5b122b..1305e87 100644
+index 8ec353e..dbc2c33 100644
--- a/packet.c
+++ b/packet.c
-@@ -1234,6 +1234,7 @@ packet_read_poll1(void)
+@@ -1246,6 +1246,7 @@ packet_read_poll1(void)
case DEATTACK_DETECTED:
packet_disconnect("crc32 compensation attack: "
"network attack detected");
@@ -164,6 +190,41 @@ index f5b122b..1305e87 100644
case DEATTACK_DOS_DETECTED:
packet_disconnect("deattack denial of "
"service detected");
+diff --git a/pam_ssh_agent_auth-0.9.3/pam_user_key_allowed2.c b/pam_ssh_agent_auth-0.9.3/pam_user_key_allowed2.c
+index 8ba6d87..a7808c7 100644
+--- a/pam_ssh_agent_auth-0.9.3/pam_user_key_allowed2.c
++++ b/pam_ssh_agent_auth-0.9.3/pam_user_key_allowed2.c
+@@ -87,7 +87,7 @@ pam_user_key_allowed2(struct passwd *pw, Key *key, char *file)
+ found = key_new(key->type);
+
+ while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
+- char *cp, *key_options = NULL;
++ char *cp = NULL;
+
+ /* Skip leading whitespace, empty and comment lines. */
+ for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
+@@ -99,7 +99,6 @@ pam_user_key_allowed2(struct passwd *pw, Key *key, char *file)
+ /* no key? check if there are options for this key */
+ int quoted = 0;
+ verbose("user_key_allowed: check options: '%s'", cp);
+- key_options = cp;
+ for (; *cp && (quoted || (*cp != ' ' && *cp != '\t')); cp++) {
+ if (*cp == '\\' && cp[1] == '"')
+ cp++; /* Skip both */
+diff --git a/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c b/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
+index e14eb27..323817a 100644
+--- a/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
++++ b/pam_ssh_agent_auth-0.9.3/userauth_pubkey_from_id.c
+@@ -89,8 +89,7 @@ userauth_pubkey_from_id(Identity * id)
+ authenticated = 1;
+
+ user_auth_clean_exit:
+- if(&b != NULL)
+- buffer_free(&b);
++ buffer_free(&b);
+ if(sig != NULL)
+ free(sig);
+ if(pkblob != NULL)
diff --git a/progressmeter.c b/progressmeter.c
index bbbc706..ae6d1aa 100644
--- a/progressmeter.c
@@ -198,7 +259,7 @@ index 10bab99..e9ca8f0 100644
+void start_progress_meter(const char *, off_t, off_t *);
void stop_progress_meter(void);
diff --git a/scp.c b/scp.c
-index 1178a07..d9bc016 100644
+index cbd904d..e4e9fa1 100644
--- a/scp.c
+++ b/scp.c
@@ -155,7 +155,7 @@ killchild(int signo)
@@ -211,10 +272,10 @@ index 1178a07..d9bc016 100644
if (signo)
diff --git a/servconf.c b/servconf.c
-index 3839928..d482e79 100644
+index 87a311b..895cdca 100644
--- a/servconf.c
+++ b/servconf.c
-@@ -1382,7 +1382,7 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1418,7 +1418,7 @@ process_server_config_line(ServerOptions *options, char *line,
fatal("%s line %d: Missing subsystem name.",
filename, linenum);
if (!*activep) {
@@ -223,7 +284,7 @@ index 3839928..d482e79 100644
break;
}
for (i = 0; i < options->num_subsystems; i++)
-@@ -1473,8 +1473,9 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1509,8 +1509,9 @@ process_server_config_line(ServerOptions *options, char *line,
if (*activep && *charptr == NULL) {
*charptr = tilde_expand_filename(arg, getuid());
/* increase optional counter */
@@ -236,7 +297,7 @@ index 3839928..d482e79 100644
break;
diff --git a/serverloop.c b/serverloop.c
-index 2f8e3a0..e03bc6c 100644
+index e92f9e2..3cad041 100644
--- a/serverloop.c
+++ b/serverloop.c
@@ -147,13 +147,13 @@ notify_setup(void)
@@ -339,7 +400,7 @@ index 2f8e3a0..e03bc6c 100644
pty_change_window_size(fdin, row, col, xpixel, ypixel);
}
-@@ -1007,7 +1007,7 @@ server_request_tun(void)
+@@ -1039,7 +1039,7 @@ server_request_tun(void)
}
tun = packet_get_int();
@@ -349,7 +410,7 @@ index 2f8e3a0..e03bc6c 100644
goto done;
tun = forced_tun_device;
diff --git a/sftp-client.c b/sftp-client.c
-index 2f5907c..3a2affd 100644
+index 990b58d..3d0f22b 100644
--- a/sftp-client.c
+++ b/sftp-client.c
@@ -151,7 +151,7 @@ get_msg(struct sftp_conn *conn, Buffer *m)
@@ -565,28 +626,28 @@ index 2f5907c..3a2affd 100644
int
-do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
+do_upload(struct sftp_conn *conn, const char *local_path, const char *remote_path,
- int preserve_flag, int fsync_flag)
+ int preserve_flag, int resume, int fsync_flag)
{
int local_fd;
-@@ -1607,7 +1607,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
+@@ -1628,7 +1628,7 @@ do_upload(struct sftp_conn *conn, char *local_path, char *remote_path,
}
static int
-upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, int depth,
+upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, int depth,
- int preserve_flag, int print_flag, int fsync_flag)
+ int preserve_flag, int print_flag, int resume, int fsync_flag)
{
int ret = 0, status;
-@@ -1700,7 +1700,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, int depth,
+@@ -1721,7 +1721,7 @@ upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, int depth,
}
int
-upload_dir(struct sftp_conn *conn, char *src, char *dst, int preserve_flag,
+upload_dir(struct sftp_conn *conn, const char *src, const char *dst, int preserve_flag,
- int print_flag, int fsync_flag)
+ int print_flag, int resume, int fsync_flag)
{
char *dst_canon;
-@@ -1719,7 +1719,7 @@ upload_dir(struct sftp_conn *conn, char *src, char *dst, int preserve_flag,
+@@ -1740,7 +1740,7 @@ upload_dir(struct sftp_conn *conn, char *src, char *dst, int preserve_flag,
}
char *
@@ -596,7 +657,7 @@ index 2f5907c..3a2affd 100644
char *ret;
size_t len = strlen(p1) + strlen(p2) + 2;
diff --git a/sftp-client.h b/sftp-client.h
-index ba92ad0..c085423 100644
+index 967840b..ffbcade 100644
--- a/sftp-client.h
+++ b/sftp-client.h
@@ -56,79 +56,79 @@ struct sftp_conn *do_init(int, int, u_int, u_int, u_int64_t);
@@ -683,15 +744,15 @@ index ba92ad0..c085423 100644
* Upload 'local_path' to 'remote_path'. Preserve permissions and times
* if 'pflag' is set
*/
--int do_upload(struct sftp_conn *, char *, char *, int, int);
-+int do_upload(struct sftp_conn *, const char *, const char *, int, int);
+-int do_upload(struct sftp_conn *, char *, char *, int, int, int);
++int do_upload(struct sftp_conn *, const char *, const char *, int, int, int);
/*
* Recursively upload 'local_directory' to 'remote_directory'. Preserve
* times if 'pflag' is set
*/
--int upload_dir(struct sftp_conn *, char *, char *, int, int, int);
-+int upload_dir(struct sftp_conn *, const char *, const char *, int, int, int);
+-int upload_dir(struct sftp_conn *, char *, char *, int, int, int, int);
++int upload_dir(struct sftp_conn *, const char *, const char *, int, int, int, int);
/* Concatenate paths, taking care of slashes. Caller must free result. */
-char *path_append(char *, char *);
@@ -699,10 +760,10 @@ index ba92ad0..c085423 100644
#endif
diff --git a/sftp.c b/sftp.c
-index ad1f8c8..3987117 100644
+index ff4d63d..4439100 100644
--- a/sftp.c
+++ b/sftp.c
-@@ -218,7 +218,7 @@ killchild(int signo)
+@@ -220,7 +220,7 @@ killchild(int signo)
{
if (sshpid > 1) {
kill(sshpid, SIGTERM);
@@ -711,7 +772,7 @@ index ad1f8c8..3987117 100644
}
_exit(1);
-@@ -329,7 +329,7 @@ local_do_ls(const char *args)
+@@ -332,7 +332,7 @@ local_do_ls(const char *args)
/* Strip one path (usually the pwd) from the start of another */
static char *
@@ -720,7 +781,7 @@ index ad1f8c8..3987117 100644
{
size_t len;
-@@ -347,7 +347,7 @@ path_strip(char *path, char *strip)
+@@ -350,7 +350,7 @@ path_strip(char *path, char *strip)
}
static char *
@@ -729,7 +790,7 @@ index ad1f8c8..3987117 100644
{
char *abs_str;
-@@ -545,7 +545,7 @@ parse_no_flags(const char *cmd, char **argv, int argc)
+@@ -548,7 +548,7 @@ parse_no_flags(const char *cmd, char **argv, int argc)
}
static int
@@ -738,7 +799,7 @@ index ad1f8c8..3987117 100644
{
struct stat sb;
-@@ -557,7 +557,7 @@ is_dir(char *path)
+@@ -560,7 +560,7 @@ is_dir(char *path)
}
static int
@@ -747,7 +808,7 @@ index ad1f8c8..3987117 100644
{
Attrib *a;
-@@ -571,7 +571,7 @@ remote_is_dir(struct sftp_conn *conn, char *path)
+@@ -574,7 +574,7 @@ remote_is_dir(struct sftp_conn *conn, char *path)
/* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */
static int
@@ -756,7 +817,7 @@ index ad1f8c8..3987117 100644
{
size_t l = strlen(pathname);
-@@ -579,7 +579,7 @@ pathname_is_dir(char *pathname)
+@@ -582,7 +582,7 @@ pathname_is_dir(char *pathname)
}
static int
@@ -765,16 +826,16 @@ index ad1f8c8..3987117 100644
int pflag, int rflag, int resume, int fflag)
{
char *abs_src = NULL;
-@@ -659,7 +659,7 @@ out:
+@@ -666,7 +666,7 @@ out:
}
static int
-process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd,
+process_put(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd,
- int pflag, int rflag, int fflag)
+ int pflag, int rflag, int resume, int fflag)
{
char *tmp_dst = NULL;
-@@ -765,7 +765,7 @@ sdirent_comp(const void *aa, const void *bb)
+@@ -776,7 +776,7 @@ sdirent_comp(const void *aa, const void *bb)
/* sftp ls.1 replacement for directories */
static int
@@ -783,7 +844,7 @@ index ad1f8c8..3987117 100644
{
int n;
u_int c = 1, colspace = 0, columns = 1;
-@@ -850,7 +850,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
+@@ -861,7 +861,7 @@ do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag)
/* sftp ls.1 replacement which handles path globs */
static int
@@ -792,7 +853,7 @@ index ad1f8c8..3987117 100644
int lflag)
{
char *fname, *lname;
-@@ -931,7 +931,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
+@@ -946,7 +946,7 @@ do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path,
}
static int
@@ -802,10 +863,10 @@ index ad1f8c8..3987117 100644
struct sftp_statvfs st;
char s_used[FMT_SCALED_STRSIZE];
diff --git a/ssh-agent.c b/ssh-agent.c
-index 117fdde..2b50132 100644
+index c8036c8..4da3bb6 100644
--- a/ssh-agent.c
+++ b/ssh-agent.c
-@@ -1037,8 +1037,8 @@ main(int ac, char **av)
+@@ -1056,8 +1056,8 @@ main(int ac, char **av)
sanitise_stdfd();
/* drop */
@@ -816,8 +877,26 @@ index 117fdde..2b50132 100644
#if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE)
/* Disable ptrace on Linux without sgid bit */
+diff --git a/ssh-keygen.c b/ssh-keygen.c
+index 64fa217..635e8fd 100644
+--- a/ssh-keygen.c
++++ b/ssh-keygen.c
+@@ -687,11 +687,11 @@ do_convert_from(struct passwd *pw)
+ fatal("%s: unknown key format %d", __func__, convert_format);
+ }
+
+- if (!private)
++ if (!private) {
+ ok = key_write(k, stdout);
+ if (ok)
+ fprintf(stdout, "\n");
+- else {
++ } else {
+ switch (k->type) {
+ case KEY_DSA:
+ ok = PEM_write_DSAPrivateKey(stdout, k->dsa, NULL,
diff --git a/sshd.c b/sshd.c
-index 773bb02..1eaa9f7 100644
+index 783abe3..eaade2a 100644
--- a/sshd.c
+++ b/sshd.c
@@ -771,8 +771,10 @@ privsep_preauth(Authctxt *authctxt)
@@ -832,7 +911,7 @@ index 773bb02..1eaa9f7 100644
return 0;
}
-@@ -1439,6 +1441,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
+@@ -1458,6 +1460,9 @@ server_accept_loop(int *sock_in, int *sock_out, int *newsock, int *config_s)
if (num_listen_socks < 0)
break;
}
@@ -842,3 +921,15 @@ index 773bb02..1eaa9f7 100644
}
+diff --git a/sshkey.c b/sshkey.c
+index 5e3d97f..dae8270 100644
+--- a/sshkey.c
++++ b/sshkey.c
+@@ -54,6 +54,7 @@
+ #include "digest.h"
+ #define SSHKEY_INTERNAL
+ #include "sshkey.h"
++#include "log.h"
+
+ /* openssh private key file format */
+ #define MARK_BEGIN "-----BEGIN OPENSSH PRIVATE KEY-----\n"
diff --git a/openssh-6.7p1-fips.patch b/openssh-6.7p1-fips.patch
index ea82670..8c53c9a 100644
--- a/openssh-6.7p1-fips.patch
+++ b/openssh-6.7p1-fips.patch
@@ -191,7 +191,7 @@ index e0cf3de..e11198f 100644
+ SSH_DIGEST_SHA512 },
+# endif
+#endif
-+ { NULL, -1, -1, NULL},
++ { NULL, -1, -1, -1},
+};
+
char *
@@ -399,17 +399,18 @@ index 26e9681..a0a7c29 100644
#include "openbsd-compat/openssl-compat.h"
#include "openbsd-compat/sys-queue.h"
-@@ -433,6 +435,13 @@ main(int ac, char **av)
+@@ -433,6 +435,14 @@ main(int ac, char **av)
sanitise_stdfd();
__progname = ssh_get_progname(av[0]);
+ SSLeay_add_all_algorithms();
+ if (access("/etc/system-fips", F_OK) == 0)
-+ if (! FIPSCHECK_verify(NULL, NULL))
++ if (! FIPSCHECK_verify(NULL, NULL)){
+ if (FIPS_mode())
+ fatal("FIPS integrity verification test failed.");
+ else
+ logit("FIPS integrity verification test failed.");
++ }
#ifndef HAVE_SETPROCTITLE
/* Prepare for later setproctitle emulation */
diff --git a/openssh-6.7p1-ldap.patch b/openssh-6.7p1-ldap.patch
index 51faad6..af00abd 100644
--- a/openssh-6.7p1-ldap.patch
+++ b/openssh-6.7p1-ldap.patch
@@ -1162,7 +1162,7 @@ new file mode 100644
index 0000000..b49cae6
--- /dev/null
+++ b/ldapconf.c
-@@ -0,0 +1,722 @@
+@@ -0,0 +1,721 @@
+/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */
+/*
+ * Copyright (c) 2009 Jan F. Chadima. All rights reserved.
@@ -1620,7 +1620,7 @@ index 0000000..b49cae6
+{
+ FILE *f;
+ char line[1024];
-+ int active, linenum;
++ int linenum;
+ int bad_options = 0;
+ struct stat sb;
+
@@ -1639,7 +1639,6 @@ index 0000000..b49cae6
+ * Mark that we are now processing the options. This flag is turned
+ * on/off by Host specifications.
+ */
-+ active = 1;
+ linenum = 0;
+ while (fgets(line, sizeof(line), f)) {
+ /* Update line number counter. */
diff --git a/openssh.spec b/openssh.spec
index cde83e8..5bc5098 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -92,7 +92,7 @@ Source13: sshd-keygen
Patch0: openssh-5.9p1-wIm.patch
#?
-Patch100: openssh-6.6.1p1-coverity.patch
+Patch100: openssh-6.7p1-coverity.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1872
Patch101: openssh-6.7p1-fingerprint.patch
#https://bugzilla.mindrot.org/show_bug.cgi?id=1894
@@ -223,7 +223,6 @@ Patch920: openssh-6.6.1p1-ip-port-config-parser.patch
# https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
Patch921: openssh-6.7p1-debian-restore-tcp-wrappers.patch
-
License: BSD
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
@@ -433,8 +432,7 @@ popd
%patch200 -p1 -b .audit
%patch700 -p1 -b .fips
-# FIXME rebase 6.7p1
-# %patch100 -p1 -b .coverity
+%patch100 -p1 -b .coverity
%if 0
# Nothing here yet
More information about the scm-commits
mailing list