rpms/openssh/devel openssh-4.3p2-initscript.patch, 1.2, 1.3 openssh-4.7p1-mls.patch, 1.1, 1.2 openssh-4.7p1-nss-keys.patch, 1.1, 1.2 openssh.spec, 1.114, 1.115
Tomas Mraz (tmraz)
fedora-extras-commits at redhat.com
Tue Nov 20 14:53:49 UTC 2007
Author: tmraz
Update of /cvs/pkgs/rpms/openssh/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv2260
Modified Files:
openssh-4.3p2-initscript.patch openssh-4.7p1-mls.patch
openssh-4.7p1-nss-keys.patch openssh.spec
Log Message:
* Tue Nov 20 2007 Tomas Mraz <tmraz at redhat.com> - 4.7p1-3
- do not copy /etc/localtime into the chroot as it is not
necessary anymore (#193184)
- call setkeycreatecon when selinux context is established
- test for NULL privk when freeing key (#391871) - patch by
Pierre Ossman
openssh-4.3p2-initscript.patch:
Index: openssh-4.3p2-initscript.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh-4.3p2-initscript.patch,v
retrieving revision 1.2
retrieving revision 1.3
diff -u -r1.2 -r1.3
--- openssh-4.3p2-initscript.patch 9 Aug 2007 18:33:41 -0000 1.2
+++ openssh-4.3p2-initscript.patch 20 Nov 2007 14:53:45 -0000 1.3
@@ -9,7 +9,7 @@
do_rsa1_keygen() {
if [ ! -s $RSA1_KEY ]; then
echo -n $"Generating SSH1 RSA host key: "
-@@ -99,12 +101,16 @@
+@@ -99,12 +101,14 @@
start()
{
# Create keys if necessary
@@ -21,8 +21,6 @@
+ do_rsa_keygen
+ do_dsa_keygen
+ fi
-+
-+ cp -af /etc/localtime /var/empty/sshd/etc
- echo -n $"Starting $prog:"
- initlog -c "$SSHD $OPTIONS" && success || failure
@@ -31,7 +29,7 @@
RETVAL=$?
[ "$RETVAL" = 0 ] && touch /var/lock/subsys/sshd
echo
-@@ -112,17 +118,30 @@
+@@ -112,17 +116,30 @@
stop()
{
openssh-4.7p1-mls.patch:
Index: openssh-4.7p1-mls.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh-4.7p1-mls.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openssh-4.7p1-mls.patch 6 Sep 2007 19:49:16 -0000 1.1
+++ openssh-4.7p1-mls.patch 20 Nov 2007 14:53:45 -0000 1.2
@@ -359,7 +359,7 @@
security_context_t user_ctx = NULL;
if (!ssh_selinux_enabled())
-@@ -126,22 +324,39 @@ ssh_selinux_setup_exec_context(char *pwn
+@@ -126,22 +324,45 @@ ssh_selinux_setup_exec_context(char *pwn
debug3("%s: setting execution context", __func__);
@@ -371,7 +371,13 @@
+ if (r < 0) {
+ error("%s: Failed to set SELinux execution context %s for %s",
+ __func__, user_ctx, pwname);
++ }
++#ifdef HAVE_SETKEYCREATECON
++ else if (setkeycreatecon(user_ctx) < 0) {
++ error("%s: Failed to set SELinux keyring creation context %s for %s",
++ __func__, user_ctx, pwname);
+ }
++#endif
+ }
+ if (user_ctx == NULL) {
+ user_ctx = default_ctx;
@@ -406,7 +412,7 @@
debug3("%s: done", __func__);
}
-@@ -159,7 +374,10 @@ ssh_selinux_setup_pty(char *pwname, cons
+@@ -159,7 +380,10 @@ ssh_selinux_setup_pty(char *pwname, cons
debug3("%s: setting TTY context on %s", __func__, tty);
@@ -418,6 +424,17 @@
/* XXX: should these calls fatal() upon failure in enforcing mode? */
+diff -up openssh-4.7p1/configure.ac.mls openssh-4.7p1/configure.ac
+--- openssh-4.7p1/configure.ac.mls 2007-10-17 19:05:10.000000000 +0200
++++ openssh-4.7p1/configure.ac 2007-10-17 19:05:38.000000000 +0200
+@@ -3213,6 +3213,7 @@ AC_ARG_WITH(selinux,
+ SSHDLIBS="$SSHDLIBS $LIBSELINUX"
+ LIBS="$LIBS $LIBSELINUX"
+ AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
++ AC_CHECK_FUNCS(setkeycreatecon)
+ LIBS="$save_LIBS"
+ fi ]
+ )
diff -up openssh-4.7p1/sshd.c.mls openssh-4.7p1/sshd.c
--- openssh-4.7p1/sshd.c.mls 2007-09-06 17:39:28.000000000 +0200
+++ openssh-4.7p1/sshd.c 2007-09-06 17:39:28.000000000 +0200
openssh-4.7p1-nss-keys.patch:
Index: openssh-4.7p1-nss-keys.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh-4.7p1-nss-keys.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- openssh-4.7p1-nss-keys.patch 6 Sep 2007 19:49:16 -0000 1.1
+++ openssh-4.7p1-nss-keys.patch 20 Nov 2007 14:53:45 -0000 1.2
@@ -1,6 +1,6 @@
diff -up openssh-4.7p1/key.c.nss-keys openssh-4.7p1/key.c
--- openssh-4.7p1/key.c.nss-keys 2007-08-08 06:28:26.000000000 +0200
-+++ openssh-4.7p1/key.c 2007-09-06 17:43:59.000000000 +0200
++++ openssh-4.7p1/key.c 2007-11-20 14:40:17.000000000 +0100
@@ -93,6 +93,54 @@ key_new(int type)
return k;
}
@@ -62,7 +62,7 @@
}
+#ifdef HAVE_LIBNSS
+ if (k->flags & KEY_FLAG_NSS) {
-+ if (k->nss->privk->wincx != NULL) {
++ if (k->nss->privk != NULL && k->nss->privk->wincx != NULL) {
+ memset(k->nss->privk->wincx, 0,
+ strlen(k->nss->privk->wincx));
+ xfree(k->nss->privk->wincx);
@@ -78,7 +78,7 @@
diff -up openssh-4.7p1/ssh-dss.c.nss-keys openssh-4.7p1/ssh-dss.c
--- openssh-4.7p1/ssh-dss.c.nss-keys 2006-11-07 13:14:42.000000000 +0100
-+++ openssh-4.7p1/ssh-dss.c 2007-09-06 17:43:59.000000000 +0200
++++ openssh-4.7p1/ssh-dss.c 2007-11-20 14:26:43.000000000 +0100
@@ -39,6 +39,10 @@
#include "log.h"
#include "key.h"
@@ -138,7 +138,7 @@
*lenp = SIGBLOB_LEN;
diff -up openssh-4.7p1/ssh-agent.c.nss-keys openssh-4.7p1/ssh-agent.c
--- openssh-4.7p1/ssh-agent.c.nss-keys 2007-03-21 10:45:07.000000000 +0100
-+++ openssh-4.7p1/ssh-agent.c 2007-09-06 17:43:59.000000000 +0200
++++ openssh-4.7p1/ssh-agent.c 2007-11-20 14:26:43.000000000 +0100
@@ -79,6 +79,10 @@
#include "scard.h"
#endif
@@ -283,7 +283,7 @@
error("Unknown message %d", type);
diff -up openssh-4.7p1/authfd.h.nss-keys openssh-4.7p1/authfd.h
--- openssh-4.7p1/authfd.h.nss-keys 2006-08-05 04:39:39.000000000 +0200
-+++ openssh-4.7p1/authfd.h 2007-09-06 17:43:59.000000000 +0200
++++ openssh-4.7p1/authfd.h 2007-11-20 14:26:43.000000000 +0100
@@ -49,6 +49,12 @@
#define SSH2_AGENTC_ADD_ID_CONSTRAINED 25
#define SSH_AGENTC_ADD_SMARTCARD_KEY_CONSTRAINED 26
@@ -307,9 +307,9 @@
int
ssh_decrypt_challenge(AuthenticationConnection *, Key *, BIGNUM *, u_char[16],
diff -up openssh-4.7p1/configure.ac.nss-keys openssh-4.7p1/configure.ac
---- openssh-4.7p1/configure.ac.nss-keys 2007-09-06 17:43:59.000000000 +0200
-+++ openssh-4.7p1/configure.ac 2007-09-06 17:51:48.000000000 +0200
-@@ -3228,6 +3228,20 @@ AC_ARG_WITH(linux-audit,
+--- openssh-4.7p1/configure.ac.nss-keys 2007-11-20 14:26:43.000000000 +0100
++++ openssh-4.7p1/configure.ac 2007-11-20 14:26:43.000000000 +0100
+@@ -3230,6 +3230,20 @@ AC_ARG_WITH(linux-audit,
fi ]
)
@@ -330,7 +330,7 @@
# Check whether user wants Kerberos 5 support
KRB5_MSG="no"
AC_ARG_WITH(kerberos5,
-@@ -4050,6 +4064,7 @@ echo " OSF SIA support
+@@ -4052,6 +4066,7 @@ echo " OSF SIA support
echo " KerberosV support: $KRB5_MSG"
echo " SELinux support: $SELINUX_MSG"
echo " Linux audit support: $LINUX_AUDIT_MSG"
@@ -339,8 +339,8 @@
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
diff -up /dev/null openssh-4.7p1/README.nss
---- /dev/null 2007-09-04 17:17:14.474470098 +0200
-+++ openssh-4.7p1/README.nss 2007-09-06 17:43:59.000000000 +0200
+--- /dev/null 2007-11-05 08:22:09.502001637 +0100
++++ openssh-4.7p1/README.nss 2007-11-20 14:26:43.000000000 +0100
@@ -0,0 +1,36 @@
+How to use NSS tokens with OpenSSH?
+
@@ -380,7 +380,7 @@
+ $ ssh-keygen -n -D 'My PKCS11 Token' 'My Key ID'
diff -up openssh-4.7p1/authfd.c.nss-keys openssh-4.7p1/authfd.c
--- openssh-4.7p1/authfd.c.nss-keys 2006-09-01 07:38:36.000000000 +0200
-+++ openssh-4.7p1/authfd.c 2007-09-06 17:43:59.000000000 +0200
++++ openssh-4.7p1/authfd.c 2007-11-20 14:26:43.000000000 +0100
@@ -626,6 +626,45 @@ ssh_update_card(AuthenticationConnection
return decode_reply(type);
}
@@ -429,7 +429,7 @@
* by normal applications.
diff -up openssh-4.7p1/readconf.h.nss-keys openssh-4.7p1/readconf.h
--- openssh-4.7p1/readconf.h.nss-keys 2006-08-05 04:39:40.000000000 +0200
-+++ openssh-4.7p1/readconf.h 2007-09-06 17:43:59.000000000 +0200
++++ openssh-4.7p1/readconf.h 2007-11-20 14:26:43.000000000 +0100
@@ -84,6 +84,8 @@ typedef struct {
char *preferred_authentications;
char *bind_address; /* local socket address for connection to sshd */
@@ -440,8 +440,8 @@
int num_identity_files; /* Number of files for RSA/DSA identities. */
diff -up /dev/null openssh-4.7p1/nsskeys.c
---- /dev/null 2007-09-04 17:17:14.474470098 +0200
-+++ openssh-4.7p1/nsskeys.c 2007-09-06 17:43:59.000000000 +0200
+--- /dev/null 2007-11-05 08:22:09.502001637 +0100
++++ openssh-4.7p1/nsskeys.c 2007-11-20 14:26:43.000000000 +0100
@@ -0,0 +1,327 @@
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -772,7 +772,7 @@
+#endif /* HAVE_LIBNSS */
diff -up openssh-4.7p1/ssh.c.nss-keys openssh-4.7p1/ssh.c
--- openssh-4.7p1/ssh.c.nss-keys 2007-08-08 06:32:41.000000000 +0200
-+++ openssh-4.7p1/ssh.c 2007-09-06 17:43:59.000000000 +0200
++++ openssh-4.7p1/ssh.c 2007-11-20 14:26:43.000000000 +0100
@@ -104,6 +104,9 @@
#ifdef SMARTCARD
#include "scard.h"
@@ -825,8 +825,8 @@
fatal("load_public_identity_files: getpwuid failed");
if (gethostname(thishost, sizeof(thishost)) == -1)
diff -up /dev/null openssh-4.7p1/nsskeys.h
---- /dev/null 2007-09-04 17:17:14.474470098 +0200
-+++ openssh-4.7p1/nsskeys.h 2007-09-06 17:43:59.000000000 +0200
+--- /dev/null 2007-11-05 08:22:09.502001637 +0100
++++ openssh-4.7p1/nsskeys.h 2007-11-20 14:26:43.000000000 +0100
@@ -0,0 +1,39 @@
+/*
+ * Copyright (c) 2001 Markus Friedl. All rights reserved.
@@ -869,7 +869,7 @@
+#endif
diff -up openssh-4.7p1/Makefile.in.nss-keys openssh-4.7p1/Makefile.in
--- openssh-4.7p1/Makefile.in.nss-keys 2007-06-11 06:01:42.000000000 +0200
-+++ openssh-4.7p1/Makefile.in 2007-09-06 17:53:14.000000000 +0200
++++ openssh-4.7p1/Makefile.in 2007-11-20 14:26:43.000000000 +0100
@@ -71,7 +71,7 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b
atomicio.o key.o dispatch.o kex.o mac.o uidswap.o uuencode.o misc.o \
monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \
@@ -881,7 +881,7 @@
sshconnect.o sshconnect1.o sshconnect2.o
diff -up openssh-4.7p1/key.h.nss-keys openssh-4.7p1/key.h
--- openssh-4.7p1/key.h.nss-keys 2006-08-05 04:39:40.000000000 +0200
-+++ openssh-4.7p1/key.h 2007-09-06 17:43:59.000000000 +0200
++++ openssh-4.7p1/key.h 2007-11-20 14:26:43.000000000 +0100
@@ -29,11 +29,17 @@
#include <openssl/rsa.h>
#include <openssl/dsa.h>
@@ -933,7 +933,7 @@
int key_equal(const Key *, const Key *);
diff -up openssh-4.7p1/ssh-add.c.nss-keys openssh-4.7p1/ssh-add.c
--- openssh-4.7p1/ssh-add.c.nss-keys 2006-09-01 07:38:37.000000000 +0200
-+++ openssh-4.7p1/ssh-add.c 2007-09-06 17:43:59.000000000 +0200
++++ openssh-4.7p1/ssh-add.c 2007-11-20 14:26:43.000000000 +0100
@@ -43,6 +43,14 @@
#include <openssl/evp.h>
@@ -1162,7 +1162,7 @@
struct passwd *pw;
diff -up openssh-4.7p1/ssh-rsa.c.nss-keys openssh-4.7p1/ssh-rsa.c
--- openssh-4.7p1/ssh-rsa.c.nss-keys 2006-09-01 07:38:37.000000000 +0200
-+++ openssh-4.7p1/ssh-rsa.c 2007-09-06 17:43:59.000000000 +0200
++++ openssh-4.7p1/ssh-rsa.c 2007-11-20 14:26:43.000000000 +0100
@@ -32,6 +32,10 @@
#include "compat.h"
#include "ssh.h"
@@ -1235,7 +1235,7 @@
buffer_put_cstring(&b, "ssh-rsa");
diff -up openssh-4.7p1/ssh-keygen.c.nss-keys openssh-4.7p1/ssh-keygen.c
--- openssh-4.7p1/ssh-keygen.c.nss-keys 2007-02-19 12:10:25.000000000 +0100
-+++ openssh-4.7p1/ssh-keygen.c 2007-09-06 17:48:08.000000000 +0200
++++ openssh-4.7p1/ssh-keygen.c 2007-11-20 14:26:43.000000000 +0100
@@ -52,6 +52,11 @@
#include "scard.h"
#endif
@@ -1339,7 +1339,7 @@
if (download)
diff -up openssh-4.7p1/readconf.c.nss-keys openssh-4.7p1/readconf.c
--- openssh-4.7p1/readconf.c.nss-keys 2007-03-21 10:46:03.000000000 +0100
-+++ openssh-4.7p1/readconf.c 2007-09-06 17:43:59.000000000 +0200
++++ openssh-4.7p1/readconf.c 2007-11-20 14:26:43.000000000 +0100
@@ -124,6 +124,7 @@ typedef enum {
oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias,
oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication,
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.114
retrieving revision 1.115
diff -u -r1.114 -r1.115
--- openssh.spec 17 Sep 2007 21:33:02 -0000 1.114
+++ openssh.spec 20 Nov 2007 14:53:45 -0000 1.115
@@ -63,7 +63,7 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2
Name: openssh
Version: 4.7p1
-Release: 2%{?dist}%{?rescue_rel}
+Release: 3%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -461,8 +461,6 @@
%files server
%defattr(-,root,root)
%dir %attr(0711,root,root) %{_var}/empty/sshd
-%dir %attr(0755,root,root) %{_var}/empty/sshd/etc
-%ghost %verify(not md5 size mtime) %{_var}/empty/sshd/etc/localtime
%attr(0755,root,root) %{_sbindir}/sshd
%attr(0755,root,root) %{_libexecdir}/openssh/sftp-server
%attr(0644,root,root) %{_mandir}/man5/sshd_config.5*
@@ -482,6 +480,13 @@
%endif
%changelog
+* Tue Nov 20 2007 Tomas Mraz <tmraz at redhat.com> - 4.7p1-3
+- do not copy /etc/localtime into the chroot as it is not
+ necessary anymore (#193184)
+- call setkeycreatecon when selinux context is established
+- test for NULL privk when freeing key (#391871) - patch by
+ Pierre Ossman
+
* Mon Sep 17 2007 Tomas Mraz <tmraz at redhat.com> - 4.7p1-2
- revert default window size adjustments (#286181)
More information about the fedora-extras-commits
mailing list