[openssh] Make output of sshd -T more consistent, using upstream patch (#1187521)
Jakub Jelen
jjelen at fedoraproject.org
Wed Feb 18 15:34:38 UTC 2015
commit b552eb67143fc52dd4f367eaf535648c16e1de1f
Author: Jakub Jelen <jjelen at redhat.com>
Date: Tue Feb 3 14:06:59 2015 +0100
Make output of sshd -T more consistent, using upstream patch (#1187521)
openssh-6.7p1-fips.patch | 24 +++++++++++
openssh-6.7p1-sshdT-output.patch | 82 ++++++++++++++++++++++++++++++++++++++
openssh.spec | 4 ++
3 files changed, 110 insertions(+), 0 deletions(-)
---
diff --git a/openssh-6.7p1-fips.patch b/openssh-6.7p1-fips.patch
index 8c53c9a..3d9afe7 100644
--- a/openssh-6.7p1-fips.patch
+++ b/openssh-6.7p1-fips.patch
@@ -683,3 +683,27 @@ index f078e11..5e3d97f 100644
ret = SSH_ERR_LIBCRYPTO_ERROR;
goto out;
}
+--- a/servconf.c 2015-01-30 12:24:12.388337643 +0100
++++ b/servconf.c 2015-01-30 12:26:36.229229751 +0100
+@@ -2159,8 +2162,10 @@
+ /* string arguments */
+ dump_cfg_string(sPidFile, o->pid_file);
+ dump_cfg_string(sXAuthLocation, o->xauth_location);
+- dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT);
+- dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC);
++ dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : FIPS_mode()
++ ? KEX_FIPS_ENCRYPT : KEX_SERVER_ENCRYPT);
++ dump_cfg_string(sMacs, o->macs ? o->macs : FIPS_mode()
++ ? KEX_FIPS_MAC : KEX_SERVER_MAC);
+ dump_cfg_string(sBanner, o->banner);
+ dump_cfg_string(sForceCommand, o->adm_forced_command);
+ dump_cfg_string(sChrootDirectory, o->chroot_directory);
+@@ -2180,7 +2180,7 @@
+ dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
+ dump_cfg_string(sHostKeyAgent, o->host_key_agent);
+ dump_cfg_string(sKexAlgorithms, o->kex_algorithms ? o->kex_algorithms :
+- KEX_SERVER_KEX);
++ FIPS_mode() ? KEX_DEFAULT_KEX_FIPS : KEX_SERVER_KEX);
+
+ /* string arguments requiring a lookup */
+ dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff --git a/openssh-6.7p1-sshdT-output.patch b/openssh-6.7p1-sshdT-output.patch
new file mode 100644
index 0000000..11e9c69
--- /dev/null
+++ b/openssh-6.7p1-sshdT-output.patch
@@ -0,0 +1,82 @@
+--- a/servconf.c 2015-01-30 12:24:12.388337643 +0100
++++ b/servconf.c 2015-01-30 12:26:36.229229751 +0100
+@@ -55,6 +55,7 @@
+ #include "hostfile.h"
+ #include "auth.h"
+ #include "digest.h"
++#include "myproposal.h"
+
+ static void add_listen_addr(ServerOptions *, char *, int);
+ static void add_one_listen_addr(ServerOptions *, char *, int);
+@@ -1974,6 +1974,8 @@ dump_cfg_strarray_oneline(ServerOpCodes code, u_int count, char **vals)
+ {
+ u_int i;
+
++ if (count <= 0)
++ return;
+ printf("%s", lookup_opcode_name(code));
+ for (i = 0; i < count; i++)
+ printf(" %s", vals[i]);
+@@ -2093,7 +2094,7 @@
+
+ /* integer arguments */
+ #ifdef USE_PAM
+- dump_cfg_int(sUsePAM, o->use_pam);
++ dump_cfg_fmtint(sUsePAM, o->use_pam);
+ #endif
+ dump_cfg_int(sServerKeyBits, o->server_key_bits);
+ dump_cfg_int(sLoginGraceTime, o->login_grace_time);
+@@ -2103,6 +2104,7 @@
+ dump_cfg_int(sMaxSessions, o->max_sessions);
+ dump_cfg_int(sClientAliveInterval, o->client_alive_interval);
+ dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max);
++ dump_cfg_int(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask);
+
+ /* formatted integer arguments */
+ dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login);
+@@ -2150,6 +2152,7 @@
+ dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel);
+ dump_cfg_fmtint(sUseDNS, o->use_dns);
+ dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding);
++ dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding);
+ dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding);
+ dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep);
+ dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
+@@ -2159,9 +2162,8 @@
+ /* string arguments */
+ dump_cfg_string(sPidFile, o->pid_file);
+ dump_cfg_string(sXAuthLocation, o->xauth_location);
+- dump_cfg_string(sCiphers, o->ciphers ? o->ciphers :
+- cipher_alg_list(',', 0));
+- dump_cfg_string(sMacs, o->macs ? o->macs : mac_alg_list(','));
++ dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT);
++ dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC);
+ dump_cfg_string(sBanner, o->banner);
+ dump_cfg_string(sForceCommand, o->adm_forced_command);
+ dump_cfg_string(sChrootDirectory, o->chroot_directory);
+@@ -2169,12 +2171,13 @@
+ dump_cfg_string(sRevokedKeys, o->revoked_keys_file);
+ dump_cfg_string(sAuthorizedPrincipalsFile,
+ o->authorized_principals_file);
+- dump_cfg_string(sVersionAddendum, o->version_addendum);
++ dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0'
++ ? "none" : o->version_addendum);
+ dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command);
+ dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user);
+ dump_cfg_string(sHostKeyAgent, o->host_key_agent);
+- dump_cfg_string(sKexAlgorithms, o->kex_algorithms ? o->kex_algorithms :
+- kex_alg_list(','));
++ dump_cfg_string(sKexAlgorithms, o->kex_algorithms ? o->kex_algorithms :
++ KEX_SERVER_KEX);
+
+ /* string arguments requiring a lookup */
+ dump_cfg_string(sLogLevel, log_level_name(o->log_level));
+@@ -2096,7 +2101,7 @@ dump_config(ServerOptions *o)
+ o->authorized_keys_files);
+ dump_cfg_strarray(sHostKeyFile, o->num_host_key_files,
+ o->host_key_files);
+- dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files,
++ dump_cfg_strarray(sHostCertificate, o->num_host_cert_files,
+ o->host_cert_files);
+ dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users);
+ dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users);
diff --git a/openssh.spec b/openssh.spec
index 5bc5098..9b000c3 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -222,6 +222,9 @@ Patch920: openssh-6.6.1p1-ip-port-config-parser.patch
# restore tcp wrappers support, based on Debian patch
# https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
Patch921: openssh-6.7p1-debian-restore-tcp-wrappers.patch
+# apply upstream patch and make sshd -T more consistent (#1187521)
+Patch922: openssh-6.7p1-sshdT-output.patch
+
License: BSD
Group: Applications/Internet
@@ -428,6 +431,7 @@ popd
%patch920 -p1 -b .config
%patch802 -p1 -b .GSSAPIEnablek5users
%patch921 -p1 -b .tcp_wrappers
+%patch922 -p1 -b .sshdt
%patch200 -p1 -b .audit
%patch700 -p1 -b .fips
More information about the scm-commits
mailing list