Hello community,

here is the log from the commit of package openssh for openSUSE:Factory checked 
in at 2018-02-02 22:19:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/openssh (Old)
 and      /work/SRC/openSUSE:Factory/.openssh.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "openssh"

Fri Feb  2 22:19:52 2018 rev:114 rq:571577 version:7.6p1

Changes:
--------
--- /work/SRC/openSUSE:Factory/openssh/openssh-askpass-gnome.changes    
2016-07-28 23:45:14.000000000 +0200
+++ /work/SRC/openSUSE:Factory/.openssh.new/openssh-askpass-gnome.changes       
2018-02-02 22:19:53.864554713 +0100
@@ -1,0 +2,11 @@
+Wed Jan 31 22:54:55 UTC 2018 - pce...@suse.com
+
+- .spec file cleanup
+
+-------------------------------------------------------------------
+Fri Nov  3 12:27:18 UTC 2017 - pce...@suse.com
+
+- upgrade to 7.6p1
+  see main package changelog for details
+
+-------------------------------------------------------------------
--- /work/SRC/openSUSE:Factory/openssh/openssh.changes  2018-01-22 
15:56:42.935142459 +0100
+++ /work/SRC/openSUSE:Factory/.openssh.new/openssh.changes     2018-02-02 
22:19:53.908552659 +0100
@@ -1,0 +2,11 @@
+Wed Jan 31 13:31:41 UTC 2018 - pce...@suse.com
+
+- Add missing crypto hardware enablement patches for IBM mainframes
+  (FATE#323902)
+
+-------------------------------------------------------------------
+Wed Jan 24 21:42:35 UTC 2018 - pce...@suse.com
+
+- add missing part of systemd integration (unit type)
+
+-------------------------------------------------------------------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ openssh-askpass-gnome.spec ++++++
--- /var/tmp/diff_new_pack.F1pRlK/_old  2018-02-02 22:19:54.832509524 +0100
+++ /var/tmp/diff_new_pack.F1pRlK/_new  2018-02-02 22:19:54.836509338 +0100
@@ -16,26 +16,18 @@
 #
 
 
+%define _name openssh
 Name:           openssh-askpass-gnome
-BuildRequires:  autoconf
-BuildRequires:  automake
 BuildRequires:  gtk2-devel
-BuildRequires:  krb5-devel
-BuildRequires:  openssh
-BuildRequires:  openssl-devel
-BuildRequires:  pam-devel
-BuildRequires:  tcpd-devel
-BuildRequires:  update-desktop-files
 Version:        7.6p1
 Release:        0
-Requires:       openssh = %{version}
+Requires:       %{_name} = %{version}
 Summary:        A GNOME-Based Passphrase Dialog for OpenSSH
 License:        BSD-2-Clause
 Group:          Productivity/Networking/SSH
 Url:            http://www.openssh.com/
-%define _name openssh
-Source:         
http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz
-Source42:       
http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.asc
+Source:         
http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz
+Source42:       
http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{_name}-%{version}.tar.gz.asc
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 
 %description

++++++ openssh-7.6p1-SUSE_patches.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' 
old/SUSE_patches/openssh-7.6p1-seccomp_ioctl_s390_EP11.patch 
new/SUSE_patches/openssh-7.6p1-seccomp_ioctl_s390_EP11.patch
--- old/SUSE_patches/openssh-7.6p1-seccomp_ioctl_s390_EP11.patch        
1970-01-01 01:00:00.000000000 +0100
+++ new/SUSE_patches/openssh-7.6p1-seccomp_ioctl_s390_EP11.patch        
2018-01-30 00:18:17.000000000 +0100
@@ -0,0 +1,36 @@
+# HG changeset patch
+# Parent  a64f36149cef8579bcca3c9207219603d5d3da48
+Patch from IBM enabling use of EP11 hw crypto accelerator, submitted upstreams:
+
+From: Eduardo Barretto <ebarre...@linux.vnet.ibm.com>
+To: openssh-unix-...@mindrot.org
+Subject: [PATCH 3/3] Enable specific ioctl call for EP11 crypto card (s390)
+Date: Tue,  9 May 2017 14:27:15 -0300
+
+The EP11 crypto card needs to make an ioctl call, which receives an
+specific argument. This crypto card is for s390 only.
+
+Signed-off-by: Eduardo Barretto <ebarre...@linux.vnet.ibm.com>
+
+diff --git a/openssh-7.6p1/sandbox-seccomp-filter.c 
b/openssh-7.6p1/sandbox-seccomp-filter.c
+--- a/openssh-7.6p1/sandbox-seccomp-filter.c
++++ b/openssh-7.6p1/sandbox-seccomp-filter.c
+@@ -248,16 +248,18 @@ static const struct sock_filter preauth_
+       SC_ALLOW_ARG(__NR_socketcall, 0, SYS_SHUTDOWN),
+       SC_DENY(__NR_socketcall, EACCES),
+ #endif
+ #if defined(__NR_ioctl) && defined(__s390__)
+       /* Allow ioctls for ICA crypto card on s390 */
+       SC_ALLOW_ARG(__NR_ioctl, 1, Z90STAT_STATUS_MASK),
+       SC_ALLOW_ARG(__NR_ioctl, 1, ICARSAMODEXPO),
+       SC_ALLOW_ARG(__NR_ioctl, 1, ICARSACRT),
++      /* Allow ioctls for EP11 crypto card on s390 */
++      SC_ALLOW_ARG(__NR_ioctl, 1, ZSENDEP11CPRB),
+ #endif
+ #if defined(__x86_64__) && defined(__ILP32__) && defined(__X32_SYSCALL_BIT)
+       /*
+        * On Linux x32, the clock_gettime VDSO falls back to the
+        * x86-64 syscall under some circumstances, e.g.
+        * https://bugs.debian.org/849923
+        */
+       SC_ALLOW(__NR_clock_gettime & ~__X32_SYSCALL_BIT),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/SUSE_patches/openssh-7.6p1-seccomp_ipc_flock.patch 
new/SUSE_patches/openssh-7.6p1-seccomp_ipc_flock.patch
--- old/SUSE_patches/openssh-7.6p1-seccomp_ipc_flock.patch      1970-01-01 
01:00:00.000000000 +0100
+++ new/SUSE_patches/openssh-7.6p1-seccomp_ipc_flock.patch      2018-01-30 
00:14:40.000000000 +0100
@@ -0,0 +1,60 @@
+# HG changeset patch
+# Parent  089f89e036e8d906db26a1e538c879ebc9c0f830
+Patch from IBM enabling the use of OpenCryptoki, submitted upstreams:
+
+From: Eduardo Barretto <ebarre...@linux.vnet.ibm.com>
+To: openssh-unix-...@mindrot.org
+Subject: [PATCH 1/3] Allow flock and ipc syscall for s390 architecture
+Date: Tue,  9 May 2017 14:27:13 -0300
+
+In order to use the OpenSSL-ibmpkcs11 engine it is needed to allow flock
+and ipc calls, because this engine calls OpenCryptoki (a PKCS#11
+implementation) which calls the libraries that will communicate with the
+crypto cards. OpenCryptoki makes use of flock and ipc and, as of now,
+this is only need on s390 architecture.
+
+Signed-off-by: Eduardo Barretto <ebarre...@linux.vnet.ibm.com>
+
+diff --git a/openssh-7.6p1/sandbox-seccomp-filter.c 
b/openssh-7.6p1/sandbox-seccomp-filter.c
+--- a/openssh-7.6p1/sandbox-seccomp-filter.c
++++ b/openssh-7.6p1/sandbox-seccomp-filter.c
+@@ -167,16 +167,19 @@ static const struct sock_filter preauth_
+       SC_ALLOW(__NR_exit_group),
+ #endif
+ #ifdef __NR_geteuid
+       SC_ALLOW(__NR_geteuid),
+ #endif
+ #ifdef __NR_geteuid32
+       SC_ALLOW(__NR_geteuid32),
+ #endif
++#if defined(__NR_flock) && defined(__s390__)
++      SC_ALLOW(__NR_flock),
++#endif
+ #ifdef __NR_getpgid
+       SC_ALLOW(__NR_getpgid),
+ #endif
+ #ifdef __NR_getpid
+       SC_ALLOW(__NR_getpid),
+ #endif
+ #ifdef __NR_getrandom
+       SC_ALLOW(__NR_getrandom),
+@@ -185,16 +188,19 @@ static const struct sock_filter preauth_
+       SC_ALLOW(__NR_gettimeofday),
+ #endif
+ #ifdef __NR_getuid
+       SC_ALLOW(__NR_getuid),
+ #endif
+ #ifdef __NR_getuid32
+       SC_ALLOW(__NR_getuid32),
+ #endif
++#if defined(__NR_ipc) && defined(__s390__)
++      SC_ALLOW(__NR_ipc),
++#endif
+ #ifdef __NR_madvise
+       SC_ALLOW(__NR_madvise),
+ #endif
+ #ifdef __NR_mmap
+       SC_ALLOW(__NR_mmap),
+ #endif
+ #ifdef __NR_mmap2
+       SC_ALLOW(__NR_mmap2),
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' 
'--exclude=.svnignore' old/SUSE_patches/patch.series 
new/SUSE_patches/patch.series
--- old/SUSE_patches/patch.series       2018-01-11 23:02:18.000000000 +0100
+++ new/SUSE_patches/patch.series       2018-01-30 00:54:43.000000000 +0100
@@ -13,6 +13,8 @@
 openssh-7.6p1-seccomp_getuid.patch
 openssh-7.6p1-seccomp_geteuid.patch
 openssh-7.6p1-seccomp_stat.patch
+openssh-7.6p1-seccomp_ipc_flock.patch
+openssh-7.6p1-seccomp_ioctl_s390_EP11.patch
 openssh-7.6p1-fips.patch
 openssh-7.6p1-cavstest-ctr.patch
 openssh-7.6p1-cavstest-kdf.patch


++++++ sshd.service ++++++
--- /var/tmp/diff_new_pack.F1pRlK/_old  2018-02-02 22:19:55.068498507 +0100
+++ /var/tmp/diff_new_pack.F1pRlK/_new  2018-02-02 22:19:55.068498507 +0100
@@ -3,8 +3,10 @@
 After=network.target
 
 [Service]
+Type=notify
 EnvironmentFile=-/etc/sysconfig/ssh
 ExecStartPre=/usr/sbin/sshd-gen-keys-start
+ExecStartPre=/usr/sbin/sshd -t $SSHD_OPTS
 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process


Reply via email to