rpms/openssh/F-12 openssh-5.3p1-pka.patch, 1.1, 1.2 openssh.spec, 1.175, 1.176

Jan F. Chadima jfch2222 at fedoraproject.org
Tue Jan 5 09:37:18 UTC 2010 

Author: jfch2222

Update of /cvs/pkgs/rpms/openssh/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv8142

Modified Files:
	openssh-5.3p1-pka.patch openssh.spec 
Log Message:
Update the pka patch

openssh-5.3p1-pka.patch:
 auth2-pubkey.c |  159 +++++++++++++++++++++++++++++++++++++++++++++++++++------
 configure      |   22 +++++++
 configure.ac   |   13 ++++
 servconf.c     |   30 ++++++++++
 servconf.h     |    2 
 sshd_config    |    2 
 sshd_config.0  |   20 +++++--
 sshd_config.5  |   13 ++++
 8 files changed, 241 insertions(+), 20 deletions(-)

Index: openssh-5.3p1-pka.patch
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-12/openssh-5.3p1-pka.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- openssh-5.3p1-pka.patch	20 Nov 2009 17:01:48 -0000	1.1
+++ openssh-5.3p1-pka.patch	5 Jan 2010 09:37:17 -0000	1.2
@@ -1,7 +1,7 @@
 diff -up openssh-5.3p1/auth2-pubkey.c.pka openssh-5.3p1/auth2-pubkey.c
---- openssh-5.3p1/auth2-pubkey.c.pka	2009-10-15 06:26:25.000000000 +0200
-+++ openssh-5.3p1/auth2-pubkey.c	2009-10-15 06:44:32.000000000 +0200
-@@ -184,26 +184,14 @@ done:
+--- openssh-5.3p1/auth2-pubkey.c.pka	2009-03-08 01:40:28.000000000 +0100
++++ openssh-5.3p1/auth2-pubkey.c	2010-01-04 16:07:53.000000000 +0100
+@@ -175,26 +175,14 @@ done:
  
  /* return 1 if user allows given key */
  static int
@@ -29,7 +29,7 @@ diff -up openssh-5.3p1/auth2-pubkey.c.pk
  	found_key = 0;
  	found = key_new(key->type);
  
-@@ -248,21 +236,160 @@ user_key_allowed2(struct passwd *pw, Key
+@@ -239,21 +227,160 @@ user_key_allowed2(struct passwd *pw, Key
  			break;
  		}
  	}
@@ -193,36 +193,6 @@ diff -up openssh-5.3p1/auth2-pubkey.c.pk
  	file = authorized_keys_file(pw);
  	success = user_key_allowed2(pw, key, file);
  	xfree(file);
-diff -up openssh-5.3p1/configure.ac.pka openssh-5.3p1/configure.ac
---- openssh-5.3p1/configure.ac.pka	2009-10-15 06:26:25.000000000 +0200
-+++ openssh-5.3p1/configure.ac	2009-10-15 06:26:26.000000000 +0200
-@@ -1319,6 +1319,18 @@ AC_ARG_WITH(audit,
- 	esac ]
- )
- 
-+# Check whether user wants pubkey agent support
-+PKA_MSG="no"
-+AC_ARG_WITH(pka,
-+	[  --with-pka      Enable pubkey agent support],
-+	[
-+		if test "x$withval" != "xno" ; then
-+			AC_DEFINE([WITH_PUBKEY_AGENT], 1, [Enable pubkey agent support])
-+			PKA_MSG="yes"
-+		fi
-+	]
-+)
-+
- dnl    Checks for library functions. Please keep in alphabetical order
- AC_CHECK_FUNCS( \
- 	arc4random \
-@@ -4264,6 +4276,7 @@ echo "               Linux audit support
- echo "                 Smartcard support: $SCARD_MSG"
- echo "                     S/KEY support: $SKEY_MSG"
- echo "              TCP Wrappers support: $TCPW_MSG"
-+echo "                       PKA support: $PKA_MSG"
- echo "              MD5 password support: $MD5_MSG"
- echo "                   libedit support: $LIBEDIT_MSG"
- echo "  Solaris process contract support: $SPC_MSG"
 diff -up openssh-5.3p1/configure.pka openssh-5.3p1/configure
 --- openssh-5.3p1/configure.pka	2009-10-13 19:27:51.000000000 +0200
 +++ openssh-5.3p1/configure	2009-10-15 06:26:33.000000000 +0200
@@ -276,10 +246,40 @@ diff -up openssh-5.3p1/configure.pka ope
  echo "              MD5 password support: $MD5_MSG"
  echo "                   libedit support: $LIBEDIT_MSG"
  echo "  Solaris process contract support: $SPC_MSG"
+diff -up openssh-5.3p1/configure.ac.pka openssh-5.3p1/configure.ac
+--- openssh-5.3p1/configure.ac.pka	2009-09-11 06:56:08.000000000 +0200
++++ openssh-5.3p1/configure.ac	2010-01-04 16:07:53.000000000 +0100
+@@ -1319,6 +1319,18 @@ AC_ARG_WITH(audit,
+ 	esac ]
+ )
+ 
++# Check whether user wants pubkey agent support
++PKA_MSG="no"
++AC_ARG_WITH(pka,
++	[  --with-pka      Enable pubkey agent support],
++	[
++		if test "x$withval" != "xno" ; then
++			AC_DEFINE([WITH_PUBKEY_AGENT], 1, [Enable pubkey agent support])
++			PKA_MSG="yes"
++		fi
++	]
++)
++
+ dnl    Checks for library functions. Please keep in alphabetical order
+ AC_CHECK_FUNCS( \
+ 	arc4random \
+@@ -4229,6 +4241,7 @@ echo "                   SELinux support
+ echo "                 Smartcard support: $SCARD_MSG"
+ echo "                     S/KEY support: $SKEY_MSG"
+ echo "              TCP Wrappers support: $TCPW_MSG"
++echo "                       PKA support: $PKA_MSG"
+ echo "              MD5 password support: $MD5_MSG"
+ echo "                   libedit support: $LIBEDIT_MSG"
+ echo "  Solaris process contract support: $SPC_MSG"
 diff -up openssh-5.3p1/servconf.c.pka openssh-5.3p1/servconf.c
---- openssh-5.3p1/servconf.c.pka	2009-10-15 06:26:24.000000000 +0200
-+++ openssh-5.3p1/servconf.c	2009-10-15 06:26:26.000000000 +0200
-@@ -128,6 +128,8 @@ initialize_server_options(ServerOptions 
+--- openssh-5.3p1/servconf.c.pka	2009-06-21 12:26:17.000000000 +0200
++++ openssh-5.3p1/servconf.c	2010-01-04 16:07:53.000000000 +0100
+@@ -127,6 +127,8 @@ initialize_server_options(ServerOptions 
  	options->num_permitted_opens = -1;
  	options->adm_forced_command = NULL;
  	options->chroot_directory = NULL;
@@ -288,7 +288,7 @@ diff -up openssh-5.3p1/servconf.c.pka op
  	options->zero_knowledge_password_authentication = -1;
  }
  
-@@ -310,6 +312,7 @@ typedef enum {
+@@ -306,6 +308,7 @@ typedef enum {
  	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
  	sUsePrivilegeSeparation, sAllowAgentForwarding,
  	sZeroKnowledgePasswordAuthentication,
@@ -296,7 +296,7 @@ diff -up openssh-5.3p1/servconf.c.pka op
  	sDeprecated, sUnsupported
  } ServerOpCodes;
  
-@@ -429,6 +432,13 @@ static struct {
+@@ -424,6 +427,13 @@ static struct {
  	{ "permitopen", sPermitOpen, SSHCFG_ALL },
  	{ "forcecommand", sForceCommand, SSHCFG_ALL },
  	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
@@ -310,7 +310,7 @@ diff -up openssh-5.3p1/servconf.c.pka op
  	{ NULL, sBadOption, 0 }
  };
  
-@@ -1303,6 +1313,16 @@ process_server_config_line(ServerOptions
+@@ -1294,6 +1304,20 @@ process_server_config_line(ServerOptions
  			*charptr = xstrdup(arg);
  		break;
  
@@ -322,12 +322,16 @@ diff -up openssh-5.3p1/servconf.c.pka op
 +
 +	case sPubkeyAgentRunAs:
 +		charptr = &options->pubkey_agent_runas;
++
++		arg = strdelim(&cp);
++		if (*activep && *charptr == NULL)
++			*charptr = xstrdup(arg);
 +		break;
 +
  	case sDeprecated:
  		logit("%s line %d: Deprecated option %s",
  		    filename, linenum, arg);
-@@ -1396,6 +1416,8 @@ copy_set_server_options(ServerOptions *d
+@@ -1387,6 +1411,8 @@ copy_set_server_options(ServerOptions *d
  	M_CP_INTOPT(gss_authentication);
  	M_CP_INTOPT(rsa_authentication);
  	M_CP_INTOPT(pubkey_authentication);
@@ -336,7 +340,7 @@ diff -up openssh-5.3p1/servconf.c.pka op
  	M_CP_INTOPT(kerberos_authentication);
  	M_CP_INTOPT(hostbased_authentication);
  	M_CP_INTOPT(kbd_interactive_authentication);
-@@ -1636,6 +1658,10 @@ dump_config(ServerOptions *o)
+@@ -1626,6 +1652,10 @@ dump_config(ServerOptions *o)
  	dump_cfg_string(sAuthorizedKeysFile, o->authorized_keys_file);
  	dump_cfg_string(sAuthorizedKeysFile2, o->authorized_keys_file2);
  	dump_cfg_string(sForceCommand, o->adm_forced_command);
@@ -348,9 +352,9 @@ diff -up openssh-5.3p1/servconf.c.pka op
  	/* string arguments requiring a lookup */
  	dump_cfg_string(sLogLevel, log_level_name(o->log_level));
 diff -up openssh-5.3p1/servconf.h.pka openssh-5.3p1/servconf.h
---- openssh-5.3p1/servconf.h.pka	2009-10-15 06:26:24.000000000 +0200
-+++ openssh-5.3p1/servconf.h	2009-10-15 06:26:26.000000000 +0200
-@@ -152,6 +152,8 @@ typedef struct {
+--- openssh-5.3p1/servconf.h.pka	2009-01-28 06:31:23.000000000 +0100
++++ openssh-5.3p1/servconf.h	2010-01-04 16:07:53.000000000 +0100
+@@ -151,6 +151,8 @@ typedef struct {
  	int	num_permitted_opens;
  
  	char   *chroot_directory;
@@ -360,8 +364,8 @@ diff -up openssh-5.3p1/servconf.h.pka op
  
  void	 initialize_server_options(ServerOptions *);
 diff -up openssh-5.3p1/sshd_config.0.pka openssh-5.3p1/sshd_config.0
---- openssh-5.3p1/sshd_config.0.pka	2009-10-15 06:26:24.000000000 +0200
-+++ openssh-5.3p1/sshd_config.0	2009-10-15 06:26:26.000000000 +0200
+--- openssh-5.3p1/sshd_config.0.pka	2009-09-26 08:31:16.000000000 +0200
++++ openssh-5.3p1/sshd_config.0	2010-01-04 16:07:53.000000000 +0100
 @@ -344,10 +344,11 @@ DESCRIPTION
               AllowTcpForwarding, Banner, ChrootDirectory, ForceCommand,
               GatewayPorts, GSSAPIAuthentication, HostbasedAuthentication,
@@ -396,9 +400,21 @@ diff -up openssh-5.3p1/sshd_config.0.pka
       RhostsRSAAuthentication
               Specifies whether rhosts or /etc/hosts.equiv authentication to-
               gether with successful RSA host authentication is allowed.  The
+diff -up openssh-5.3p1/sshd_config.pka openssh-5.3p1/sshd_config
+--- openssh-5.3p1/sshd_config.pka	2008-07-02 14:35:43.000000000 +0200
++++ openssh-5.3p1/sshd_config	2010-01-04 16:07:53.000000000 +0100
+@@ -46,6 +46,8 @@ Protocol 2
+ #RSAAuthentication yes
+ #PubkeyAuthentication yes
+ #AuthorizedKeysFile	.ssh/authorized_keys
++#PubkeyAgent none
++#PubkeyAgentRunAs nobody
+ 
+ # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
+ #RhostsRSAAuthentication no
 diff -up openssh-5.3p1/sshd_config.5.pka openssh-5.3p1/sshd_config.5
---- openssh-5.3p1/sshd_config.5.pka	2009-10-15 06:26:24.000000000 +0200
-+++ openssh-5.3p1/sshd_config.5	2009-10-15 06:26:26.000000000 +0200
+--- openssh-5.3p1/sshd_config.5.pka	2009-08-28 02:27:08.000000000 +0200
++++ openssh-5.3p1/sshd_config.5	2010-01-04 16:07:53.000000000 +0100
 @@ -610,6 +610,9 @@ Available keywords are
  .Cm KerberosAuthentication ,
  .Cm MaxAuthTries ,
@@ -426,15 +442,3 @@ diff -up openssh-5.3p1/sshd_config.5.pka
  .It Cm RhostsRSAAuthentication
  Specifies whether rhosts or /etc/hosts.equiv authentication together
  with successful RSA host authentication is allowed.
-diff -up openssh-5.3p1/sshd_config.pka openssh-5.3p1/sshd_config
---- openssh-5.3p1/sshd_config.pka	2009-10-15 06:26:24.000000000 +0200
-+++ openssh-5.3p1/sshd_config	2009-10-15 06:26:26.000000000 +0200
-@@ -47,6 +47,8 @@ SyslogFacility AUTHPRIV
- #RSAAuthentication yes
- #PubkeyAuthentication yes
- #AuthorizedKeysFile	.ssh/authorized_keys
-+#PubkeyAgent none
-+#PubkeyAgentRunAs nobody
- 
- # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
- #RhostsRSAAuthentication no


Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/F-12/openssh.spec,v
retrieving revision 1.175
retrieving revision 1.176
diff -u -p -r1.175 -r1.176
--- openssh.spec	21 Dec 2009 11:38:04 -0000	1.175
+++ openssh.spec	5 Jan 2010 09:37:18 -0000	1.176
@@ -69,7 +69,7 @@
 Summary: An open source implementation of SSH protocol versions 1 and 2
 Name: openssh
 Version: 5.3p1
-Release: 13%{?dist}%{?rescue_rel}
+Release: 14%{?dist}%{?rescue_rel}
 URL: http://www.openssh.com/portable.html
 #URL1: http://pamsshauth.sourceforge.net
 #Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
@@ -525,6 +525,9 @@ fi
 %endif
 
 %changelog
+* Tue Jan  5 2010 Jan F. Chadima <jchadima at redhat.com> - 5.3p1-14
+- Update the pka patch
+
 * Mon Dec 21 2009 Jan F. Chadima <jchadima at redhat.com> - 5.3p1-13
 - Update the audit patch
 - Add possibility to autocreate only RSA key into initscript (#533339)

More information about the fedora-extras-commits mailing list