Hello community, here is the log from the commit of package openssh for openSUSE:Factory checked in at 2011-12-21 14:57:45 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openssh (Old) and /work/SRC/openSUSE:Factory/.openssh.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openssh", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/openssh/openssh-askpass-gnome.changes 2011-09-23 12:20:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh-askpass-gnome.changes 2011-12-21 14:57:49.000000000 +0100 @@ -1,0 +2,5 @@ +Wed Oct 19 00:40:15 UTC 2011 - [email protected] + +- Update to 5.9p1 + +------------------------------------------------------------------- --- /work/SRC/openSUSE:Factory/openssh/openssh.changes 2011-10-05 18:03:13.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh.changes 2011-12-21 14:57:49.000000000 +0100 @@ -1,0 +2,16 @@ +Tue Nov 29 19:48:29 UTC 2011 - [email protected] + +- Add systemd startup units + +------------------------------------------------------------------- +Sat Oct 29 22:41:55 UTC 2011 - [email protected] + +- finalising libexecdir change (bnc#726712) + +------------------------------------------------------------------- +Wed Oct 19 00:32:20 UTC 2011 - [email protected] + +- Update to 5.9p1 + * sandboxing privsep child through rlimit + +------------------------------------------------------------------- Old: ---- openssh-5.8p1-askpass-fix.diff openssh-5.8p1-audit.patch openssh-5.8p1-blocksigalrm.diff openssh-5.8p1-default-protocol.diff openssh-5.8p1-eal3.diff openssh-5.8p1-engines.diff openssh-5.8p1-gssapimitm.patch openssh-5.8p1-homechroot.patch openssh-5.8p1-host_ident.diff openssh-5.8p1-pam-fix2.diff openssh-5.8p1-pam-fix3.diff openssh-5.8p1-pts.diff openssh-5.8p1-saveargv-fix.diff openssh-5.8p1-send_locale.diff openssh-5.8p1-sshconfig-knownhostschanges.diff openssh-5.8p1-sshd_config.diff openssh-5.8p1-xauth.diff openssh-5.8p1-xauthlocalhostname.diff openssh-5.8p2.tar.bz2 openssh-SuSE.tar.bz2 New: ---- openssh-5.9p1-askpass-fix.diff openssh-5.9p1-audit.patch openssh-5.9p1-blocksigalrm.diff openssh-5.9p1-default-protocol.diff openssh-5.9p1-eal3.diff openssh-5.9p1-engines.diff openssh-5.9p1-gssapimitm.patch openssh-5.9p1-homechroot.patch openssh-5.9p1-host_ident.diff openssh-5.9p1-pam-fix2.diff openssh-5.9p1-pam-fix3.diff openssh-5.9p1-pts.diff openssh-5.9p1-saveargv-fix.diff openssh-5.9p1-send_locale.diff openssh-5.9p1-sshconfig-knownhostschanges.diff openssh-5.9p1-sshd_config.diff openssh-5.9p1-xauth.diff openssh-5.9p1-xauthlocalhostname.diff openssh-5.9p1.tar.bz2 sshd-gen-keys-start sshd.init sshd.service sysconfig.ssh ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openssh-askpass-gnome.spec ++++++ --- /var/tmp/diff_new_pack.Jo5Y9W/_old 2011-12-21 14:57:51.000000000 +0100 +++ /var/tmp/diff_new_pack.Jo5Y9W/_new 2011-12-21 14:57:51.000000000 +0100 @@ -21,22 +21,22 @@ BuildRequires: gtk2-devel krb5-devel openssh openssl-devel pam-devel tcpd-devel update-desktop-files License: BSD3c(or similar) Group: Productivity/Networking/SSH -Version: 5.8p2 +Version: 5.9p1 Release: 1 Requires: openssh = %{version} openssh-askpass = %{version} AutoReqProv: on Summary: A GNOME-Based Passphrase Dialog for OpenSSH -URL: http://www.openssh.com/ +Url: http://www.openssh.com/ %define _name openssh Source: %{_name}-%{version}.tar.bz2 -Patch: %{_name}-5.8p1-sshd_config.diff -Patch1: %{_name}-5.8p1-pam-fix2.diff -Patch2: %{_name}-5.8p1-saveargv-fix.diff -Patch3: %{_name}-5.8p1-pam-fix3.diff -Patch4: %{_name}-5.8p1-gssapimitm.patch -Patch5: %{_name}-5.8p1-eal3.diff -Patch6: %{_name}-5.8p1-engines.diff -Patch7: %{_name}-5.8p1-blocksigalrm.diff +Patch: %{_name}-5.9p1-sshd_config.diff +Patch1: %{_name}-5.9p1-pam-fix2.diff +Patch2: %{_name}-5.9p1-saveargv-fix.diff +Patch3: %{_name}-5.9p1-pam-fix3.diff +Patch4: %{_name}-5.9p1-gssapimitm.patch +Patch5: %{_name}-5.9p1-eal3.diff +Patch6: %{_name}-5.9p1-engines.diff +Patch7: %{_name}-5.9p1-blocksigalrm.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -61,8 +61,8 @@ autoheader autoconf %configure \ - --sysconfdir=%_sysconfdir/ssh \ - --libexecdir=%_libexecdir/ssh \ + --sysconfdir=%{_sysconfdir}/ssh \ + --libexecdir=%{_libexecdir}/ssh \ --with-tcp-wrappers \ --with-pam \ --with-kerberos5=/usr \ @@ -74,12 +74,12 @@ mv gnome-ssh-askpass2 gnome-ssh-askpass %install -install -d -m 755 %buildroot/%_libexecdir/ssh/ -install contrib/gnome-ssh-askpass %buildroot/%_libexecdir/ssh/gnome-ssh-askpass +install -d -m 755 %{buildroot}%{_libexecdir}/ssh/ +install contrib/gnome-ssh-askpass %{buildroot}%{_libexecdir}/ssh/gnome-ssh-askpass %files %defattr(-,root,root) -%dir %_libexecdir/ssh -%attr(0755,root,root) %_libexecdir/ssh/gnome-ssh-askpass +%dir %{_libexecdir}/ssh +%attr(0755,root,root) %{_libexecdir}/ssh/gnome-ssh-askpass %changelog ++++++ openssh.spec ++++++ --- /var/tmp/diff_new_pack.Jo5Y9W/_old 2011-12-21 14:57:51.000000000 +0100 +++ /var/tmp/diff_new_pack.Jo5Y9W/_new 2011-12-21 14:57:51.000000000 +0100 @@ -18,7 +18,7 @@ Name: openssh -%define _fwdefdir %_sysconfdir/sysconfig/SuSEfirewall2.d/services +%define _fwdefdir %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services %define _appdefdir %{_prefix}/share/X11/app-defaults BuildRequires: audit-devel krb5-devel openssl-devel pam-devel tcpd-devel xorg-x11-devel BuildRequires: libselinux-devel @@ -26,15 +26,15 @@ License: BSD3c(or similar) ; MIT License (or similar) Group: Productivity/Networking/SSH Requires: /bin/netstat -PreReq: pwdutils %insserv_prereq %fillup_prereq coreutils +PreReq: pwdutils %{insserv_prereq} %{fillup_prereq} coreutils Conflicts: nonfreessh -Version: 5.8p2 +Version: 5.9p1 Release: 1 %define xversion 1.2.4.1 Summary: Secure Shell Client and Server (Remote Login Program) -URL: http://www.openssh.com/ +Url: http://www.openssh.com/ Source: %{name}-%{version}.tar.bz2 -Source1: %{name}-SuSE.tar.bz2 +Source1: sshd.init Source2: sshd.pamd Source3: x11-ssh-askpass-%{xversion}.tar.bz2 Source4: README.SuSE @@ -43,32 +43,40 @@ Source7: ssh.reg Source8: ssh-askpass Source9: sshd.fw -Patch: %{name}-5.8p1-sshd_config.diff -Patch1: %{name}-5.8p1-askpass-fix.diff -Patch2: %{name}-5.8p1-pam-fix2.diff -Patch3: %{name}-5.8p1-saveargv-fix.diff -Patch4: %{name}-5.8p1-pam-fix3.diff -Patch5: %{name}-5.8p1-gssapimitm.patch -Patch6: %{name}-5.8p1-eal3.diff -Patch7: %{name}-5.8p1-engines.diff -Patch8: %{name}-5.8p1-blocksigalrm.diff -Patch9: %{name}-5.8p1-send_locale.diff -Patch10: %{name}-5.8p1-xauthlocalhostname.diff -Patch12: %{name}-5.8p1-xauth.diff -Patch14: %{name}-5.8p1-default-protocol.diff -Patch15: %{name}-5.8p1-audit.patch -Patch16: %{name}-5.8p1-pts.diff -Patch17: %{name}-5.8p1-homechroot.patch -Patch18: %{name}-5.8p1-sshconfig-knownhostschanges.diff -Patch19: %{name}-5.8p1-host_ident.diff +Source10: sysconfig.ssh +Source11: sshd-gen-keys-start +Source12: sshd.service +Patch: %{name}-5.9p1-sshd_config.diff +Patch1: %{name}-5.9p1-askpass-fix.diff +Patch2: %{name}-5.9p1-pam-fix2.diff +Patch3: %{name}-5.9p1-saveargv-fix.diff +Patch4: %{name}-5.9p1-pam-fix3.diff +Patch5: %{name}-5.9p1-gssapimitm.patch +Patch6: %{name}-5.9p1-eal3.diff +Patch7: %{name}-5.9p1-engines.diff +Patch8: %{name}-5.9p1-blocksigalrm.diff +Patch9: %{name}-5.9p1-send_locale.diff +Patch10: %{name}-5.9p1-xauthlocalhostname.diff +Patch12: %{name}-5.9p1-xauth.diff +Patch14: %{name}-5.9p1-default-protocol.diff +Patch15: %{name}-5.9p1-audit.patch +Patch16: %{name}-5.9p1-pts.diff +Patch17: %{name}-5.9p1-homechroot.patch +Patch18: %{name}-5.9p1-sshconfig-knownhostschanges.diff +Patch19: %{name}-5.9p1-host_ident.diff Patch20: converter-linking.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build +%if 0%{?suse_version} > 1140 +BuildRequires: systemd +%{?systemd_requires} +%define has_systemd 1 +%endif %package askpass License: BSD3c(or similar) ; MIT License (or similar) Summary: A passphrase dialog for OpenSSH and the X Window System Requires: openssh = %{version} -Provides: openssh:%_libexecdir/ssh/ssh-askpass +Provides: openssh:%{_libexecdir}/ssh/ssh-askpass Group: Productivity/Networking/SSH %description @@ -86,7 +94,7 @@ Window System passphrase dialog for OpenSSH. %prep -%setup -q -b 3 -a 1 -a 5 +%setup -q -b 3 -a 5 %patch %patch2 %patch3 @@ -117,20 +125,22 @@ %else PIEFLAGS="-fpie" %endif -%configure --with-ssl-engine \ - CFLAGS="%optflags $PIEFLAGS -fstack-protector" \ - CXXFLAGS="%optflags $PIEFLAGS -fstack-protector" \ - LDFLAGS="-pie" \ +export CFLAGS="%{optflags} $PIEFLAGS -fstack-protector" +export CXXFLAGS="%{optflags} $PIEFLAGS -fstack-protector" +export LDFLAGS="-pie" +%configure \ + --with-ssl-engine \ %if 0%{suse_version} >= 1140 --with-libedit \ %endif - --sysconfdir=%_sysconfdir/ssh \ - --libexecdir=%_libexecdir/ssh \ + --sysconfdir=%{_sysconfdir}/ssh \ + --libexecdir=%{_libexecdir}/ssh \ --with-tcp-wrappers \ --with-selinux \ --with-pam \ --with-kerberos5=/usr \ --with-privsep-path=/var/lib/empty \ + --with-sandbox=rlimit \ --disable-strip \ --with-linux-audit \ --with-xauth=%{_prefix}/bin/xauth \ @@ -141,67 +151,87 @@ cd contrib cd ../../x11-ssh-askpass-%{xversion} %configure \ - --libexecdir=%_libdir/ssh + --libexecdir=%{_libdir}/ssh xmkmf -make includes USRLIBDIR=%_libdir -make %{?_smp_mflags} USRLIBDIR=%_libdir CCOPTIONS="%optflags" +make includes USRLIBDIR=%{_libdir} +make %{?_smp_mflags} USRLIBDIR=%{_libdir} CCOPTIONS="%{optflags}" %install -make DESTDIR=%buildroot/ install -install -d -m 755 %buildroot%_sysconfdir/pam.d -install -d -m 755 %buildroot/var/lib/sshd -install -m 644 %{S:2} %buildroot%_sysconfdir/pam.d/sshd -install -d -m 755 %buildroot%_sysconfdir/slp.reg.d/ -install -m 644 %{S:7} %buildroot%_sysconfdir/slp.reg.d/ -cp -a SuSE/* %buildroot +make DESTDIR=%{buildroot}/ install +install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d +install -d -m 755 %{buildroot}/var/lib/sshd +install -m 644 %{S:2} %{buildroot}%{_sysconfdir}/pam.d/sshd +install -d -m 755 %{buildroot}%{_sysconfdir}/slp.reg.d/ +install -m 644 %{S:7} %{buildroot}%{_sysconfdir}/slp.reg.d/ +install -d -m 755 %{buildroot}/etc/init.d +install -m 755 %{S:1} %{buildroot}/etc/init.d/sshd +ln -vs ../../etc/init.d/sshd %{buildroot}/usr/sbin/rcsshd +install -d -m 755 %{buildroot}/var/adm/fillup-templates +install -m 644 %{S:10} %{buildroot}/var/adm/fillup-templates # install shell script to automate the process of adding your public key to a remote machine -install -m 755 contrib/ssh-copy-id %buildroot%_bindir -install -m 644 contrib/ssh-copy-id.1 %buildroot/%_mandir/man1 -(cd converter; make install DESTDIR=%buildroot/) -cd ../x11-ssh-askpass-%xversion -make BINDIR=%_libexecdir/ssh DESTDIR=%buildroot install install.man -rm -rf %buildroot/%_libexecdir/ssh/ssh-askpass -sed -e "s@usr/lib/ssh@usr/%_lib/ssh@" < %{S:8} > %buildroot/%_libexecdir/ssh/ssh-askpass -rm -f %buildroot%_datadir/Ssh.bin -sed -i -e s@/usr/libexec@%_libexecdir@g %buildroot%_sysconfdir/ssh/sshd_config +install -m 755 contrib/ssh-copy-id %{buildroot}%{_bindir} +install -m 644 contrib/ssh-copy-id.1 %{buildroot}%{_mandir}/man1 +( cd converter; make install DESTDIR=%{buildroot} ) +cd ../x11-ssh-askpass-%{xversion} +make BINDIR=%{_libexecdir}/ssh DESTDIR=%{buildroot} install install.man +rm -rf %{buildroot}%{_libexecdir}/ssh/ssh-askpass +sed -e "s,@LIBEXEC@,%{_libexecdir},g" < %{S:8} > %{buildroot}%{_libexecdir}/ssh/ssh-askpass +rm -f %{buildroot}%{_datadir}/Ssh.bin +sed -i -e s@/usr/libexec@%{_libexecdir}@g %{buildroot}%{_sysconfdir}/ssh/sshd_config #install firewall definitions format is described here: -#%_datadir/SuSEfirewall2/services/TEMPLATE -mkdir -p %buildroot/%{_fwdefdir} -install -m 644 %{S:9} %buildroot/%{_fwdefdir}/sshd +#%{_datadir}/SuSEfirewall2/services/TEMPLATE +mkdir -p %{buildroot}%{_fwdefdir} +install -m 644 %{S:9} %{buildroot}%{_fwdefdir}/sshd +%if 0%{?has_systemd} +install -D -m 0755 %{SOURCE11} %{buildroot}%{_sbindir}/sshd-gen-keys-start +install -D -m 0644 %{SOURCE12} %{buildroot}%{_unitdir}/sshd.service +%endif %pre -getent group sshd >/dev/null || %_sbindir/groupadd -o -r sshd -getent passwd sshd >/dev/null || %_sbindir/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd +getent group sshd >/dev/null || %{_sbindir}/groupadd -o -r sshd +getent passwd sshd >/dev/null || %{_sbindir}/useradd -r -g sshd -d /var/lib/sshd -s /bin/false -c "SSH daemon" sshd +%if 0%{?has_systemd} +%service_add_pre sshd.service +%endif %post %{fillup_and_insserv -n ssh sshd} +%if 0%{?has_systemd} +%service_add_post sshd.service +%endif %preun %stop_on_removal sshd +%if 0%{?has_systemd} +%service_del_preun sshd.service +%endif %postun %restart_on_update sshd %{insserv_cleanup} +%if 0%{?has_systemd} +%service_del_postun sshd.service +%endif %files %defattr(-,root,root) %dir %attr(755,root,root) /var/lib/sshd %doc README.SuSE README.kerberos ChangeLog OVERVIEW README TODO LICENCE CREDITS -%attr(0755,root,root) %dir %_sysconfdir/ssh -%attr(0600,root,root) %config(noreplace) %_sysconfdir/ssh/moduli -%attr(0644,root,root) %config(noreplace) %_sysconfdir/ssh/ssh_config -%attr(0640,root,root) %config(noreplace) %_sysconfdir/ssh/sshd_config -%attr(0644,root,root) %config %_sysconfdir/pam.d/sshd -%attr(0755,root,root) %config %_initddir/sshd -%attr(0755,root,root) %_bindir/ssh -%_bindir/scp -%_bindir/sftp -%_bindir/slogin -%_bindir/ssh-* -%_sbindir/* +%attr(0755,root,root) %dir %{_sysconfdir}/ssh +%attr(0600,root,root) %config(noreplace) %{_sysconfdir}/ssh/moduli +%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/ssh/ssh_config +%attr(0640,root,root) %config(noreplace) %{_sysconfdir}/ssh/sshd_config +%attr(0644,root,root) %config %{_sysconfdir}/pam.d/sshd +%attr(0755,root,root) %config %{_initddir}/sshd +%attr(0755,root,root) %{_bindir}/ssh +%{_bindir}/scp +%{_bindir}/sftp +%{_bindir}/slogin +%{_bindir}/ssh-* +%{_sbindir}/* %attr(444,root,root) %doc %{_mandir}/man1/scp.1.gz %attr(444,root,root) %doc %{_mandir}/man1/ssh-keygen.1.gz -%attr(444,root,root) %doc %_mandir/man1/ssh-keyconverter.1.gz +%attr(444,root,root) %doc %{_mandir}/man1/ssh-keyconverter.1.gz %attr(444,root,root) %doc %{_mandir}/man1/ssh.1.gz %attr(444,root,root) %doc %{_mandir}/man1/slogin.1.gz %attr(444,root,root) %doc %{_mandir}/man1/ssh-agent.1* @@ -211,21 +241,25 @@ %attr(444,root,root) %doc %{_mandir}/man1/ssh-copy-id.1* %attr(444,root,root) %doc %{_mandir}/man5/* %attr(444,root,root) %doc %{_mandir}/man8/* -%attr(0755,root,root) %dir %_libexecdir/ssh -%attr(0755,root,root) %_libexecdir/ssh/sftp-server -%attr(0755,root,root) %_libexecdir/ssh/ssh-keysign -%attr(0755,root,root) %_libexecdir/ssh/ssh-pkcs11-helper -%dir %_sysconfdir/slp.reg.d -%config %_sysconfdir/slp.reg.d/ssh.reg +%attr(0755,root,root) %dir %{_libexecdir}/ssh +%attr(0755,root,root) %{_libexecdir}/ssh/sftp-server +%attr(0755,root,root) %{_libexecdir}/ssh/ssh-keysign +%attr(0755,root,root) %{_libexecdir}/ssh/ssh-pkcs11-helper +%dir %{_sysconfdir}/slp.reg.d +%config %{_sysconfdir}/slp.reg.d/ssh.reg /var/adm/fillup-templates/sysconfig.ssh %config %{_fwdefdir}/sshd +%if 0%{?has_systemd} +%{_sbindir}/sshd-gen-keys-start +%{_unitdir}/sshd.service +%endif %files askpass %defattr(-,root,root) -%attr(0755,root,root) %_libexecdir/ssh/ssh-askpass -%attr(0755,root,root) %_libexecdir/ssh/x11-ssh-askpass -%doc %_mandir/man1/ssh-askpass.1x.gz -%doc %_mandir/man1/x11-ssh-askpass.1x.gz -%_appdefdir/SshAskpass +%attr(0755,root,root) %{_libexecdir}/ssh/ssh-askpass +%attr(0755,root,root) %{_libexecdir}/ssh/x11-ssh-askpass +%doc %{_mandir}/man1/ssh-askpass.1x.gz +%doc %{_mandir}/man1/x11-ssh-askpass.1x.gz +%{_appdefdir}/SshAskpass %changelog ++++++ openssh-5.8p1-askpass-fix.diff -> openssh-5.9p1-askpass-fix.diff ++++++ ++++++ openssh-5.8p1-audit.patch -> openssh-5.9p1-audit.patch ++++++ --- /work/SRC/openSUSE:Factory/openssh/openssh-5.8p1-audit.patch 2011-09-23 12:20:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh-5.9p1-audit.patch 2011-12-21 14:57:48.000000000 +0100 @@ -60,34 +60,34 @@ +/* Define if you want Linux audit support. */ +#undef HAVE_LINUX_AUDIT + - /* Define to 1 if your processor stores words with the most significant byte - first (like Motorola and SPARC, unlike Intel and VAX). */ - #undef WORDS_BIGENDIAN + /* Define WORDS_BIGENDIAN to 1 if your processor stores words with the most + significant byte first (like Motorola and SPARC, unlike Intel). */ + #if defined AC_APPLE_UNIVERSAL_BUILD Index: openssh-5.8p1/configure.ac =================================================================== --- openssh-5.8p1.orig/configure.ac +++ openssh-5.8p1/configure.ac @@ -3522,6 +3522,20 @@ AC_ARG_WITH(selinux, - AC_SUBST(SSHLIBS) - AC_SUBST(SSHDLIBS) + AC_SUBST([SSHLIBS]) + AC_SUBST([SSHDLIBS]) +# Check whether user wants Linux audit support +LINUX_AUDIT_MSG="no" +LIBAUDIT="" -+AC_ARG_WITH(linux-audit, ++AC_ARG_WITH([linux-audit], + [ --with-linux-audit Enable Linux audit support], + [ if test "x$withval" != "xno" ; then -+ AC_DEFINE(HAVE_LINUX_AUDIT,1,[Define if you want Linux audit support.]) ++ AC_DEFINE([HAVE_LINUX_AUDIT],[1],[Define if you want Linux audit support.]) + LINUX_AUDIT_MSG="yes" -+ AC_CHECK_HEADERS(libaudit.h) ++ AC_CHECK_HEADERS([libaudit.h]) + LIBAUDIT="-laudit" + fi + ]) -+AC_SUBST(LIBAUDIT) ++AC_SUBST([LIBAUDIT]) + # Check whether user wants Kerberos 5 support KRB5_MSG="no" - AC_ARG_WITH(kerberos5, + AC_ARG_WITH([kerberos5], @@ -4316,6 +4330,7 @@ echo " PAM support echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" ++++++ openssh-5.8p1-blocksigalrm.diff -> openssh-5.9p1-blocksigalrm.diff ++++++ --- /work/SRC/openSUSE:Factory/openssh/openssh-5.8p1-blocksigalrm.diff 2011-09-23 12:20:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh-5.9p1-blocksigalrm.diff 2011-12-21 14:57:48.000000000 +0100 @@ -16,6 +16,7 @@ int pri = LOG_INFO; + sigset_t nset, oset; int saved_errno = errno; + log_handler_fn *tmp_handler; if (level > log_level) @@ -387,6 +389,14 @@ do_log(LogLevel level, const char *fmt, ++++++ openssh-5.8p1-default-protocol.diff -> openssh-5.9p1-default-protocol.diff ++++++ ++++++ openssh-5.8p1-eal3.diff -> openssh-5.9p1-eal3.diff ++++++ ++++++ openssh-5.8p1-engines.diff -> openssh-5.9p1-engines.diff ++++++ --- /work/SRC/openSUSE:Factory/openssh/openssh-5.8p1-engines.diff 2011-09-23 12:20:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh-5.9p1-engines.diff 2011-12-21 14:57:48.000000000 +0100 @@ -42,8 +42,8 @@ + ENGINE_register_all_complete(); + __progname = ssh_get_progname(av[0]); - init_rng(); seed_rng(); + Index: openssh-5.8p1/ssh-keygen.c =================================================================== --- openssh-5.8p1.orig/ssh-keygen.c @@ -67,7 +67,7 @@ + log_init(argv[0], SYSLOG_LEVEL_INFO, SYSLOG_FACILITY_USER, 1); - init_rng(); + seed_rng(); Index: openssh-5.8p1/ssh-keysign.c =================================================================== --- openssh-5.8p1.orig/ssh-keysign.c ++++++ openssh-5.8p1-gssapimitm.patch -> openssh-5.9p1-gssapimitm.patch ++++++ --- /work/SRC/openSUSE:Factory/openssh/openssh-5.8p1-gssapimitm.patch 2011-09-23 12:20:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh-5.9p1-gssapimitm.patch 2011-12-21 14:57:48.000000000 +0100 @@ -153,7 +153,7 @@ @@ -322,7 +325,7 @@ typedef enum { sBanner, sUseDNS, sHostbasedAuthentication, sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, - sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2, + sClientAliveCountMax, sAuthorizedKeysFile, - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, + sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, sGssEnableMITM, sMatch, sPermitOpen, sForceCommand, sChrootDirectory, ++++++ openssh-5.8p1-homechroot.patch -> openssh-5.9p1-homechroot.patch ++++++ ++++++ openssh-5.8p1-host_ident.diff -> openssh-5.9p1-host_ident.diff ++++++ --- /work/SRC/openSUSE:Factory/openssh/openssh-5.8p1-host_ident.diff 2011-09-23 12:20:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh-5.9p1-host_ident.diff 2011-12-21 14:57:48.000000000 +0100 @@ -3,7 +3,7 @@ --- openssh-5.7p1.orig/sshconnect.c +++ openssh-5.7p1/sshconnect.c @@ -958,6 +958,11 @@ check_host_key(char *hostname, struct so - user_hostfile); + user_hostfiles[0]); error("Offending %s key in %s:%lu", key_type(host_found->key), host_found->file, host_found->line); + error("You can use following command to remove all keys for this IP:"); ++++++ openssh-5.8p1-pam-fix2.diff -> openssh-5.9p1-pam-fix2.diff ++++++ ++++++ openssh-5.8p1-pam-fix2.diff -> openssh-5.9p1-pam-fix3.diff ++++++ --- /work/SRC/openSUSE:Factory/openssh/openssh-5.8p1-pam-fix2.diff 2011-09-23 12:20:44.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.openssh.new/openssh-5.9p1-pam-fix3.diff 2011-12-21 14:57:48.000000000 +0100 @@ -1,22 +1,15 @@ -Index: sshd_config +Index: auth-pam.c =================================================================== ---- sshd_config.orig -+++ sshd_config -@@ -57,7 +57,7 @@ - #IgnoreRhosts yes - - # To disable tunneled clear text passwords, change to no here! --#PasswordAuthentication yes -+PasswordAuthentication no - #PermitEmptyPasswords no - - # Change to no to disable s/key passwords -@@ -82,7 +82,7 @@ - # If you just want the PAM account and session checks to run without - # PAM authentication, then enable this but set PasswordAuthentication - # and ChallengeResponseAuthentication to 'no'. --#UsePAM no -+UsePAM yes - - #AllowAgentForwarding yes - #AllowTcpForwarding yes +--- auth-pam.c.orig ++++ auth-pam.c +@@ -786,7 +786,9 @@ sshpam_query(void *ctx, char **name, cha + fatal("Internal error: PAM auth " + "succeeded when it should have " + "failed"); +- import_environments(&buffer); ++#ifndef USE_POSIX_THREADS ++ import_environments(&buffer); ++#endif + *num = 0; + **echo_on = 0; + ctxt->pam_done = 1; ++++++ openssh-5.8p1-pts.diff -> openssh-5.9p1-pts.diff ++++++ ++++++ openssh-5.8p1-saveargv-fix.diff -> openssh-5.9p1-saveargv-fix.diff ++++++ ++++++ openssh-5.8p1-send_locale.diff -> openssh-5.9p1-send_locale.diff ++++++ ++++++ openssh-5.8p1-sshconfig-knownhostschanges.diff -> openssh-5.9p1-sshconfig-knownhostschanges.diff ++++++ ++++++ openssh-5.8p1-sshd_config.diff -> openssh-5.9p1-sshd_config.diff ++++++ ++++++ openssh-5.8p1-xauth.diff -> openssh-5.9p1-xauth.diff ++++++ ++++++ openssh-5.8p1-xauthlocalhostname.diff -> openssh-5.9p1-xauthlocalhostname.diff ++++++ ++++++ openssh-5.8p2.tar.bz2 -> openssh-5.9p1.tar.bz2 ++++++ ++++ 56961 lines of diff (skipped) ++++++ ssh-askpass ++++++ --- /var/tmp/diff_new_pack.Jo5Y9W/_old 2011-12-21 14:57:52.000000000 +0100 +++ /var/tmp/diff_new_pack.Jo5Y9W/_new 2011-12-21 14:57:52.000000000 +0100 @@ -24,9 +24,9 @@ fi fi -GNOME_SSH_ASKPASS="/usr/lib/ssh/gnome-ssh-askpass" -KDE_SSH_ASKPASS="/usr/lib/ssh/ksshaskpass" -X11_SSH_ASKPASS="/usr/lib/ssh/x11-ssh-askpass" +GNOME_SSH_ASKPASS="@LIBEXEC@/ssh/gnome-ssh-askpass" +KDE_SSH_ASKPASS="@LIBEXEC@/ssh/ksshaskpass" +X11_SSH_ASKPASS="@LIBEXEC@/ssh/x11-ssh-askpass" case "$SESSION" in gnome) ++++++ sshd-gen-keys-start ++++++ #!/bin/bash if ! grep -q '^[[:space:]]*HostKey[[:space:]]' /etc/ssh/sshd_config; then if ! test -f /etc/ssh/ssh_host_key ; then echo Generating /etc/ssh/ssh_host_key. ssh-keygen -t rsa1 -b 2048 -f /etc/ssh/ssh_host_key -N '' fi if ! test -f /etc/ssh/ssh_host_dsa_key ; then echo Generating /etc/ssh/ssh_host_dsa_key. ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' fi if ! test -f /etc/ssh/ssh_host_rsa_key ; then echo Generating /etc/ssh/ssh_host_rsa_key. ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' fi if ! test -f /etc/ssh/ssh_host_ecdsa_key ; then echo Generating /etc/ssh/ssh_host_ecdsa_key. ssh-keygen -t ecdsa -b 256 -f /etc/ssh/ssh_host_ecdsa_key -N '' fi fi ++++++ sshd.init ++++++ #! /bin/sh # Copyright (c) 1995-2000 SuSE GmbH Nuernberg, Germany. # # Author: Jiri Smid <[email protected]> # # /etc/init.d/sshd # # and symbolic its link # # /usr/sbin/rcsshd # ### BEGIN INIT INFO # Provides: sshd # Required-Start: $network $remote_fs # Required-Stop: $network $remote_fs # Default-Start: 3 5 # Default-Stop: 0 1 2 6 # Description: Start the sshd daemon ### END INIT INFO SSHD_BIN=/usr/sbin/sshd test -x $SSHD_BIN || exit 5 SSHD_SYSCONFIG=/etc/sysconfig/ssh test -r $SSHD_SYSCONFIG || exit 6 . $SSHD_SYSCONFIG SSHD_PIDFILE=/var/run/sshd.init.pid . /etc/rc.status # Shell functions sourced from /etc/rc.status: # rc_check check and set local and overall rc status # rc_status check and set local and overall rc status # rc_status -v ditto but be verbose in local rc status # rc_status -v -r ditto and clear the local rc status # rc_failed set local and overall rc status to failed # rc_reset clear local rc status (overall remains) # rc_exit exit appropriate to overall rc status # First reset status of this service rc_reset case "$1" in start) if ! grep -q '^[[:space:]]*HostKey[[:space:]]' /etc/ssh/sshd_config; then if ! test -f /etc/ssh/ssh_host_key ; then echo Generating /etc/ssh/ssh_host_key. ssh-keygen -t rsa1 -b 2048 -f /etc/ssh/ssh_host_key -N '' fi if ! test -f /etc/ssh/ssh_host_dsa_key ; then echo Generating /etc/ssh/ssh_host_dsa_key. ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key -N '' fi if ! test -f /etc/ssh/ssh_host_rsa_key ; then echo Generating /etc/ssh/ssh_host_rsa_key. ssh-keygen -t rsa -b 2048 -f /etc/ssh/ssh_host_rsa_key -N '' fi if ! test -f /etc/ssh/ssh_host_ecdsa_key ; then echo Generating /etc/ssh/ssh_host_ecdsa_key. ssh-keygen -t ecdsa -b 256 -f /etc/ssh/ssh_host_ecdsa_key -N '' fi fi echo -n "Starting SSH daemon" ## Start daemon with startproc(8). If this fails ## the echo return value is set appropriate. startproc -f $SSHD_BIN $SSHD_OPTS -o "PidFile=$SSHD_PIDFILE" # Remember status and be verbose rc_status -v ;; stop) echo -n "Shutting down SSH daemon" ## Stop daemon with killproc(8) and if this fails ## set echo the echo return value. killproc -p $SSHD_PIDFILE -TERM $SSHD_BIN # Remember status and be verbose rc_status -v ;; try-restart) ## Stop the service and if this succeeds (i.e. the ## service was running before), start it again. $0 status >/dev/null && $0 restart # Remember status and be quiet rc_status ;; restart) ## Stop the service and regardless of whether it was ## running or not, start it again. $0 stop $0 start # Remember status and be quiet rc_status ;; force-reload|reload) ## Signal the daemon to reload its config. Most daemons ## do this on signal 1 (SIGHUP). echo -n "Reload service sshd" killproc -p $SSHD_PIDFILE -HUP $SSHD_BIN rc_status -v ;; status) echo -n "Checking for service sshd " ## Check status with checkproc(8), if process is running ## checkproc will return with exit status 0. # Status has a slightly different for the status command: # 0 - service running # 1 - service dead, but /var/run/ pid file exists # 2 - service dead, but /var/lock/ lock file exists # 3 - service not running checkproc -p $SSHD_PIDFILE $SSHD_BIN rc_status -v ;; probe) ## Optional: Probe for the necessity of a reload, ## give out the argument which is required for a reload. test /etc/ssh/sshd_config -nt $SSHD_PIDFILE && echo reload ;; *) echo "Usage: $0 {start|stop|status|try-restart|restart|force-reload|reload|probe}" exit 1 ;; esac rc_exit ++++++ sshd.service ++++++ [Unit] Description=OpenSSH Daemon After=syslog.target network.target [Service] EnvironmentFile=/etc/sysconfig/ssh ExecStartPre=/usr/sbin/sshd-gen-keys-start ExecStart=/usr/sbin/sshd -D $SSHD_OPTS ExecReload=/bin/kill -HUP $MAINPID KillMode=process Restart=always [Install] WantedBy=multi-user.target ++++++ sysconfig.ssh ++++++ ## Path: Network/Remote access/SSH ## Description: SSH server settings ## Type: string ## Default: "" ## ServiceRestart: sshd # # Options for sshd # SSHD_OPTS="" -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
