rpms/openssh/devel openssh-5.2p1-edns.patch, NONE, 1.1 openssh.spec, 1.154, 1.155
Jan F. Chadima
jfch2222 at fedoraproject.org
Thu Jul 30 08:29:01 UTC 2009
- Previous message (by thread): rpms/perl-Exception-Class/devel .cvsignore, 1.6, 1.7 perl-Exception-Class.spec, 1.15, 1.16 sources, 1.6, 1.7
- Next message (by thread): rpms/xscreensaver/devel xscreensaver-autostart, NONE, 1.1 xscreensaver-autostart.desktop, NONE, 1.1 xscreensaver.spec, 1.92, 1.93
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: jfch2222
Update of /cvs/pkgs/rpms/openssh/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv19513
Modified Files:
openssh.spec
Added Files:
openssh-5.2p1-edns.patch
Log Message:
Added dnssec support.
openssh-5.2p1-edns.patch:
dns.c | 14 +++++++++++++-
openbsd-compat/getrrsetbyname.c | 10 +++++-----
openbsd-compat/getrrsetbyname.h | 3 +++
3 files changed, 21 insertions(+), 6 deletions(-)
--- NEW FILE openssh-5.2p1-edns.patch ---
diff -up openssh-5.2p1/dns.c.rh205842 openssh-5.2p1/dns.c
--- openssh-5.2p1/dns.c.rh205842 2009-07-27 16:25:28.000000000 +0200
+++ openssh-5.2p1/dns.c 2009-07-27 16:40:59.000000000 +0200
@@ -176,6 +176,7 @@ verify_host_key_dns(const char *hostname
{
u_int counter;
int result;
+ unsigned int rrset_flags = 0;
struct rrsetinfo *fingerprints = NULL;
u_int8_t hostkey_algorithm;
@@ -199,8 +200,19 @@ verify_host_key_dns(const char *hostname
return -1;
}
+ /*
+ * Original getrrsetbyname function, found on OpenBSD for example,
+ * doesn't accept any flag and prerequisite for obtaining AD bit in
+ * DNS response is set by "options edns0" in resolv.conf.
+ *
+ * Our version is more clever and use RRSET_FORCE_EDNS0 flag.
+ */
+#ifndef HAVE_GETRRSETBYNAME
+ rrset_flags |= RRSET_FORCE_EDNS0;
+#endif
result = getrrsetbyname(hostname, DNS_RDATACLASS_IN,
- DNS_RDATATYPE_SSHFP, 0, &fingerprints);
+ DNS_RDATATYPE_SSHFP, rrset_flags, &fingerprints);
+
if (result) {
verbose("DNS lookup error: %s", dns_result_totext(result));
return -1;
diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 openssh-5.2p1/openbsd-compat/getrrsetbyname.c
--- openssh-5.2p1/openbsd-compat/getrrsetbyname.c.rh205842 2009-07-27 16:22:23.000000000 +0200
+++ openssh-5.2p1/openbsd-compat/getrrsetbyname.c 2009-07-27 16:41:55.000000000 +0200
@@ -209,8 +209,8 @@ getrrsetbyname(const char *hostname, uns
goto fail;
}
- /* don't allow flags yet, unimplemented */
- if (flags) {
+ /* Allow RRSET_FORCE_EDNS0 flag only. */
+ if ((flags & !RRSET_FORCE_EDNS0) != 0) {
result = ERRSET_INVAL;
goto fail;
}
@@ -226,9 +226,9 @@ getrrsetbyname(const char *hostname, uns
#endif /* DEBUG */
#ifdef RES_USE_DNSSEC
- /* turn on DNSSEC if EDNS0 is configured */
- if (_resp->options & RES_USE_EDNS0)
- _resp->options |= RES_USE_DNSSEC;
+ /* turn on DNSSEC if required */
+ if (flags & RRSET_FORCE_EDNS0)
+ _resp->options |= (RES_USE_EDNS0|RES_USE_DNSSEC);
#endif /* RES_USE_DNSEC */
/* make query */
diff -up openssh-5.2p1/openbsd-compat/getrrsetbyname.h.rh205842 openssh-5.2p1/openbsd-compat/getrrsetbyname.h
--- openssh-5.2p1/openbsd-compat/getrrsetbyname.h.rh205842 2009-07-27 16:35:02.000000000 +0200
+++ openssh-5.2p1/openbsd-compat/getrrsetbyname.h 2009-07-27 16:36:09.000000000 +0200
@@ -72,6 +72,9 @@
#ifndef RRSET_VALIDATED
# define RRSET_VALIDATED 1
#endif
+#ifndef RRSET_FORCE_EDNS0
+# define RRSET_FORCE_EDNS0 0x0001
+#endif
/*
* Return codes for getrrsetbyname()
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.154
retrieving revision 1.155
diff -u -p -r1.154 -r1.155
--- openssh.spec 25 Jul 2009 20:53:38 -0000 1.154
+++ openssh.spec 30 Jul 2009 08:29:01 -0000 1.155
@@ -63,7 +63,7 @@
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
Version: 5.2p1
-Release: 16%{?dist}%{?rescue_rel}
+Release: 17%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
@@ -102,6 +102,7 @@ Patch67: openssh-5.2p1-xmodifiers.patch
Patch68: openssh-5.2p1-pathmax.patch
Patch69: openssh-5.2p1-selabel.patch
Patch70: openssh-5.2p1-sesftp.patch
+Patch71: openssh-5.2p1-edns.patch
License: BSD
Group: Applications/Internet
@@ -238,6 +239,7 @@ an X11 passphrase dialog for OpenSSH.
%patch68 -p1 -b .pathmax
%patch69 -p1 -b .selabel
%patch70 -p1 -b .sesftp
+%patch71 -p1 -b .edns
autoreconf
@@ -472,6 +474,9 @@ fi
%endif
%changelog
+* Thu Jul 30 2009 Jan F. Chadima <jchadima at redhat.com> - 5.2p1-17
+- Added dnssec support.
+
* Sat Jul 25 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 5.2p1-16
- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild
- Previous message (by thread): rpms/perl-Exception-Class/devel .cvsignore, 1.6, 1.7 perl-Exception-Class.spec, 1.15, 1.16 sources, 1.6, 1.7
- Next message (by thread): rpms/xscreensaver/devel xscreensaver-autostart, NONE, 1.1 xscreensaver-autostart.desktop, NONE, 1.1 xscreensaver.spec, 1.92, 1.93
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list