rpms/openssh/F-12 openssh-5.3p1-pka.patch, 1.1, 1.2 openssh.spec, 1.175, 1.176
Jan F. Chadima
jfch2222 at fedoraproject.org
Tue Jan 5 09:37:18 UTC 2010
Author: jfch2222
Update of /cvs/pkgs/rpms/openssh/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8142
Modified Files:
openssh-5.3p1-pka.patch openssh.spec
Log Message:
Update the pka patch
openssh-5.3p1-pka.patch:
auth2-pubkey.c | 159 +++++++++++++++++++++++++++++++++++++++++++++++++++------
configure | 22 +++++++
configure.ac | 13 ++++
servconf.c | 30 ++++++++++
servconf.h | 2
sshd_config | 2
sshd_config.0 | 20 +++++--
sshd_config.5 | 13 ++++
8 files changed, 241 insertions(+), 20 deletions(-)
Index: openssh-5.3p1-pka.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-12/openssh-5.3p1-pka.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- openssh-5.3p1-pka.patch 20 Nov 2009 17:01:48 -0000 1.1
+++ openssh-5.3p1-pka.patch 5 Jan 2010 09:37:17 -0000 1.2
@@ -1,7 +1,7 @@
diff -up openssh-5.3p1/auth2-pubkey.c.pka openssh-5.3p1/auth2-pubkey.c
---- openssh-5.3p1/auth2-pubkey.c.pka 2009-10-15 06:26:25.000000000 +0200
-+++ openssh-5.3p1/auth2-pubkey.c 2009-10-15 06:44:32.000000000 +0200
-@@ -184,26 +184,14 @@ done:
+--- openssh-5.3p1/auth2-pubkey.c.pka 2009-03-08 01:40:28.000000000 +0100
++++ openssh-5.3p1/auth2-pubkey.c 2010-01-04 16:07:53.000000000 +0100
+@@ -175,26 +175,14 @@ done:
/* return 1 if user allows given key */
static int
@@ -29,7 +29,7 @@ diff -up openssh-5.3p1/auth2-pubkey.c.pk
found_key = 0;
found = key_new(key->type);
-@@ -248,21 +236,160 @@ user_key_allowed2(struct passwd *pw, Key
+@@ -239,21 +227,160 @@ user_key_allowed2(struct passwd *pw, Key
break;
}
}
@@ -193,36 +193,6 @@ diff -up openssh-5.3p1/auth2-pubkey.c.pk
file = authorized_keys_file(pw);
success = user_key_allowed2(pw, key, file);
xfree(file);
-diff -up openssh-5.3p1/configure.ac.pka openssh-5.3p1/configure.ac
---- openssh-5.3p1/configure.ac.pka 2009-10-15 06:26:25.000000000 +0200
-+++ openssh-5.3p1/configure.ac 2009-10-15 06:26:26.000000000 +0200
-@@ -1319,6 +1319,18 @@ AC_ARG_WITH(audit,
- esac ]
- )
-
-+# Check whether user wants pubkey agent support
-+PKA_MSG="no"
-+AC_ARG_WITH(pka,
-+ [ --with-pka Enable pubkey agent support],
-+ [
-+ if test "x$withval" != "xno" ; then
-+ AC_DEFINE([WITH_PUBKEY_AGENT], 1, [Enable pubkey agent support])
-+ PKA_MSG="yes"
-+ fi
-+ ]
-+)
-+
- dnl Checks for library functions. Please keep in alphabetical order
- AC_CHECK_FUNCS( \
- arc4random \
-@@ -4264,6 +4276,7 @@ echo " Linux audit support
- echo " Smartcard support: $SCARD_MSG"
- echo " S/KEY support: $SKEY_MSG"
- echo " TCP Wrappers support: $TCPW_MSG"
-+echo " PKA support: $PKA_MSG"
- echo " MD5 password support: $MD5_MSG"
- echo " libedit support: $LIBEDIT_MSG"
- echo " Solaris process contract support: $SPC_MSG"
diff -up openssh-5.3p1/configure.pka openssh-5.3p1/configure
--- openssh-5.3p1/configure.pka 2009-10-13 19:27:51.000000000 +0200
+++ openssh-5.3p1/configure 2009-10-15 06:26:33.000000000 +0200
@@ -276,10 +246,40 @@ diff -up openssh-5.3p1/configure.pka ope
echo " MD5 password support: $MD5_MSG"
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
+diff -up openssh-5.3p1/configure.ac.pka openssh-5.3p1/configure.ac
+--- openssh-5.3p1/configure.ac.pka 2009-09-11 06:56:08.000000000 +0200
++++ openssh-5.3p1/configure.ac 2010-01-04 16:07:53.000000000 +0100
+@@ -1319,6 +1319,18 @@ AC_ARG_WITH(audit,
+ esac ]
+ )
+
++# Check whether user wants pubkey agent support
++PKA_MSG="no"
++AC_ARG_WITH(pka,
++ [ --with-pka Enable pubkey agent support],
++ [
++ if test "x$withval" != "xno" ; then
++ AC_DEFINE([WITH_PUBKEY_AGENT], 1, [Enable pubkey agent support])
++ PKA_MSG="yes"
++ fi
++ ]
++)
++
+ dnl Checks for library functions. Please keep in alphabetical order
+ AC_CHECK_FUNCS( \
+ arc4random \
+@@ -4229,6 +4241,7 @@ echo " SELinux support
+ echo " Smartcard support: $SCARD_MSG"
+ echo " S/KEY support: $SKEY_MSG"
+ echo " TCP Wrappers support: $TCPW_MSG"
++echo " PKA support: $PKA_MSG"
+ echo " MD5 password support: $MD5_MSG"
+ echo " libedit support: $LIBEDIT_MSG"
+ echo " Solaris process contract support: $SPC_MSG"
diff -up openssh-5.3p1/servconf.c.pka openssh-5.3p1/servconf.c
---- openssh-5.3p1/servconf.c.pka 2009-10-15 06:26:24.000000000 +0200
-+++ openssh-5.3p1/servconf.c 2009-10-15 06:26:26.000000000 +0200
-@@ -128,6 +128,8 @@ initialize_server_options(ServerOptions
+--- openssh-5.3p1/servconf.c.pka 2009-06-21 12:26:17.000000000 +0200
++++ openssh-5.3p1/servconf.c 2010-01-04 16:07:53.000000000 +0100
+@@ -127,6 +127,8 @@ initialize_server_options(ServerOptions
options->num_permitted_opens = -1;
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
@@ -288,7 +288,7 @@ diff -up openssh-5.3p1/servconf.c.pka op
options->zero_knowledge_password_authentication = -1;
}
-@@ -310,6 +312,7 @@ typedef enum {
+@@ -306,6 +308,7 @@ typedef enum {
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
sZeroKnowledgePasswordAuthentication,
@@ -296,7 +296,7 @@ diff -up openssh-5.3p1/servconf.c.pka op
sDeprecated, sUnsupported
} ServerOpCodes;
-@@ -429,6 +432,13 @@ static struct {
+@@ -424,6 +427,13 @@ static struct {
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
@@ -310,7 +310,7 @@ diff -up openssh-5.3p1/servconf.c.pka op
{ NULL, sBadOption, 0 }
};
-@@ -1303,6 +1313,16 @@ process_server_config_line(ServerOptions
+@@ -1294,6 +1304,20 @@ process_server_config_line(ServerOptions
*charptr = xstrdup(arg);
break;
@@ -322,12 +322,16 @@ diff -up openssh-5.3p1/servconf.c.pka op
+
+ case sPubkeyAgentRunAs:
+ charptr = &options->pubkey_agent_runas;
++
++ arg = strdelim(&cp);
++ if (*activep && *charptr == NULL)
++ *charptr = xstrdup(arg);
+ break;
+
case sDeprecated:
logit("%s line %d: Deprecated option %s",
filename, linenum, arg);
-@@ -1396,6 +1416,8 @@ copy_set_server_options(ServerOptions *d
+@@ -1387,6 +1411,8 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(gss_authentication);
M_CP_INTOPT(rsa_authentication);
M_CP_INTOPT(pubkey_authentication);
@@ -336,7 +340,7 @@ diff -up openssh-5.3p1/servconf.c.pka op
M_CP_INTOPT(kerberos_authentication);
M_CP_INTOPT(hostbased_authentication);
M_CP_INTOPT(kbd_interactive_authentication);
-@@ -1636,6 +1658,10 @@ dump_config(ServerOptions *o)
+@@ -1626,6 +1652,10 @@ dump_config(ServerOptions *o)
dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file);
dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2);
dump_cfg_string(sForceCommand, o->adm_forced_command);
@@ -348,9 +352,9 @@ diff -up openssh-5.3p1/servconf.c.pka op
/* string arguments requiring a lookup */
dump_cfg_string(sLogLevel, log_level_name(o->log_level));
diff -up openssh-5.3p1/servconf.h.pka openssh-5.3p1/servconf.h
---- openssh-5.3p1/servconf.h.pka 2009-10-15 06:26:24.000000000 +0200
-+++ openssh-5.3p1/servconf.h 2009-10-15 06:26:26.000000000 +0200
-@@ -152,6 +152,8 @@ typedef struct {
+--- openssh-5.3p1/servconf.h.pka 2009-01-28 06:31:23.000000000 +0100
++++ openssh-5.3p1/servconf.h 2010-01-04 16:07:53.000000000 +0100
+@@ -151,6 +151,8 @@ typedef struct {
int num_permitted_opens;
char *chroot_directory;
@@ -360,8 +364,8 @@ diff -up openssh-5.3p1/servconf.h.pka op
void initialize_server_options(ServerOptions *);
diff -up openssh-5.3p1/sshd_config.0.pka openssh-5.3p1/sshd_config.0
---- openssh-5.3p1/sshd_config.0.pka 2009-10-15 06:26:24.000000000 +0200
-+++ openssh-5.3p1/sshd_config.0 2009-10-15 06:26:26.000000000 +0200
+--- openssh-5.3p1/sshd_config.0.pka 2009-09-26 08:31:16.000000000 +0200
++++ openssh-5.3p1/sshd_config.0 2010-01-04 16:07:53.000000000 +0100
@@ -344,10 +344,11 @@ DESCRIPTION
AllowTcpForwarding, Banner, ChrootDirectory, ForceCommand,
GatewayPorts, GSSAPIAuthentication, HostbasedAuthentication,
@@ -396,9 +400,21 @@ diff -up openssh-5.3p1/sshd_config.0.pka
RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication to-
gether with successful RSA host authentication is allowed. The
+diff -up openssh-5.3p1/sshd_config.pka openssh-5.3p1/sshd_config
+--- openssh-5.3p1/sshd_config.pka 2008-07-02 14:35:43.000000000 +0200
++++ openssh-5.3p1/sshd_config 2010-01-04 16:07:53.000000000 +0100
+@@ -46,6 +46,8 @@ Protocol 2
+ #RSAAuthentication yes
+ #PubkeyAuthentication yes
+ #AuthorizedKeysFile .ssh/authorized_keys
++#PubkeyAgent none
++#PubkeyAgentRunAs nobody
+
+ # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+ #RhostsRSAAuthentication no
diff -up openssh-5.3p1/sshd_config.5.pka openssh-5.3p1/sshd_config.5
---- openssh-5.3p1/sshd_config.5.pka 2009-10-15 06:26:24.000000000 +0200
-+++ openssh-5.3p1/sshd_config.5 2009-10-15 06:26:26.000000000 +0200
+--- openssh-5.3p1/sshd_config.5.pka 2009-08-28 02:27:08.000000000 +0200
++++ openssh-5.3p1/sshd_config.5 2010-01-04 16:07:53.000000000 +0100
@@ -610,6 +610,9 @@ Available keywords are
.Cm KerberosAuthentication ,
.Cm MaxAuthTries ,
@@ -426,15 +442,3 @@ diff -up openssh-5.3p1/sshd_config.5.pka
.It Cm RhostsRSAAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful RSA host authentication is allowed.
-diff -up openssh-5.3p1/sshd_config.pka openssh-5.3p1/sshd_config
---- openssh-5.3p1/sshd_config.pka 2009-10-15 06:26:24.000000000 +0200
-+++ openssh-5.3p1/sshd_config 2009-10-15 06:26:26.000000000 +0200
-@@ -47,6 +47,8 @@ SyslogFacility AUTHPRIV
- #RSAAuthentication yes
- #PubkeyAuthentication yes
- #AuthorizedKeysFile .ssh/authorized_keys
-+#PubkeyAgent none
-+#PubkeyAgentRunAs nobody
-
- # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
- #RhostsRSAAuthentication no
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-12/openssh.spec,v
retrieving revision 1.175
retrieving revision 1.176
diff -u -p -r1.175 -r1.176
--- openssh.spec 21 Dec 2009 11:38:04 -0000 1.175
+++ openssh.spec 5 Jan 2010 09:37:18 -0000 1.176
@@ -69,7 +69,7 @@
Summary: An open source implementation of SSH protocol versions 1 and 2
Name: openssh
Version: 5.3p1
-Release: 13%{?dist}%{?rescue_rel}
+Release: 14%{?dist}%{?rescue_rel}
URL: http://www.openssh.com/portable.html
#URL1: http://pamsshauth.sourceforge.net
#Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@@ -525,6 +525,9 @@ fi
%endif
%changelog
+* Tue Jan 5 2010 Jan F. Chadima <jchadima at redhat.com> - 5.3p1-14
+- Update the pka patch
+
* Mon Dec 21 2009 Jan F. Chadima <jchadima at redhat.com> - 5.3p1-13
- Update the audit patch
- Add possibility to autocreate only RSA key into initscript (#533339)
More information about the fedora-extras-commits
mailing list