From ba25ecfbc797718e23c928a074cc6d7ce6dcc3d8 Mon Sep 17 00:00:00 2001 From: Jan F Date: Oct 20 2010 09:52:05 +0000 Subject: - rebase linux audit according to upstream --- diff --git a/openssh-5.6p1-audit.patch b/openssh-5.6p1-audit.patch index ee4c6a3..2232bf1 100644 --- a/openssh-5.6p1-audit.patch +++ b/openssh-5.6p1-audit.patch @@ -1,6 +1,6 @@ diff -up openssh-5.6p1/audit-bsm.c.audit openssh-5.6p1/audit-bsm.c --- openssh-5.6p1/audit-bsm.c.audit 2008-02-25 11:05:04.000000000 +0100 -+++ openssh-5.6p1/audit-bsm.c 2010-10-01 08:48:17.000000000 +0200 ++++ openssh-5.6p1/audit-bsm.c 2010-10-20 09:15:47.000000000 +0200 @@ -305,13 +305,13 @@ audit_run_command(const char *command) } @@ -19,7 +19,7 @@ diff -up openssh-5.6p1/audit-bsm.c.audit openssh-5.6p1/audit-bsm.c } diff -up openssh-5.6p1/audit.c.audit openssh-5.6p1/audit.c --- openssh-5.6p1/audit.c.audit 2006-09-01 07:38:36.000000000 +0200 -+++ openssh-5.6p1/audit.c 2010-10-01 08:48:17.000000000 +0200 ++++ openssh-5.6p1/audit.c 2010-10-20 09:15:47.000000000 +0200 @@ -147,9 +147,9 @@ audit_event(ssh_audit_event_t event) * within a single connection. */ @@ -46,7 +46,7 @@ diff -up openssh-5.6p1/audit.c.audit openssh-5.6p1/audit.c audit_username(), t); diff -up openssh-5.6p1/audit.h.audit openssh-5.6p1/audit.h --- openssh-5.6p1/audit.h.audit 2006-08-05 16:05:10.000000000 +0200 -+++ openssh-5.6p1/audit.h 2010-10-01 08:48:17.000000000 +0200 ++++ openssh-5.6p1/audit.h 2010-10-20 09:15:47.000000000 +0200 @@ -26,6 +26,9 @@ #ifndef _SSH_AUDIT_H @@ -69,9 +69,9 @@ diff -up openssh-5.6p1/audit.h.audit openssh-5.6p1/audit.h ssh_audit_event_t audit_classify_auth(const char *); diff -up openssh-5.6p1/audit-linux.c.audit openssh-5.6p1/audit-linux.c ---- openssh-5.6p1/audit-linux.c.audit 2010-10-01 08:48:17.000000000 +0200 -+++ openssh-5.6p1/audit-linux.c 2010-10-01 08:53:11.000000000 +0200 -@@ -0,0 +1,122 @@ +--- openssh-5.6p1/audit-linux.c.audit 2010-10-20 09:15:47.000000000 +0200 ++++ openssh-5.6p1/audit-linux.c 2010-10-20 09:15:47.000000000 +0200 +@@ -0,0 +1,120 @@ +/* $Id: audit-linux.c,v 1.1 jfch Exp $ */ + +/* @@ -100,7 +100,6 @@ diff -up openssh-5.6p1/audit-linux.c.audit openssh-5.6p1/audit-linux.c + * + * Red Hat author: Jan F. Chadima + */ -+/* #pragma ident "@(#)audit-linux.c 1.1 01/09/17 SMI" */ + +#include "includes.h" +#if defined(USE_LINUX_AUDIT) @@ -116,26 +115,25 @@ diff -up openssh-5.6p1/audit-linux.c.audit openssh-5.6p1/audit-linux.c + +int +linux_audit_record_event(int uid, const char *username, -+ const char *hostname, const char *ip, const char *ttyn, int success) ++ const char *hostname, const char *ip, const char *ttyn, int success) +{ -+ int audit_fd, rc; ++ int audit_fd, rc, saved_errno; + + audit_fd = audit_open(); + if (audit_fd < 0) { + if (errno == EINVAL || errno == EPROTONOSUPPORT || -+ errno == EAFNOSUPPORT) ++ errno == EAFNOSUPPORT) + return 1; /* No audit support in kernel */ + else -+ return 0; /* Must prevent login */ ++ return 0; /* Must prevent login */ + } + rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, -+ NULL, "login", username ? username : "(unknown)", -+ username == NULL ? uid : -1, hostname, ip, ttyn, success); ++ NULL, "login", username ? username : "(unknown)", ++ username == NULL ? uid : -1, hostname, ip, ttyn, success); ++ saved_errno = errno; + close(audit_fd); -+ if (rc >= 0) -+ return 1; -+ else -+ return 0; ++ errno = saved_errno; ++ return (rc >= 0); +} + +/* Below is the sshd audit API code */ @@ -156,8 +154,8 @@ diff -up openssh-5.6p1/audit-linux.c.audit openssh-5.6p1/audit-linux.c +audit_session_open(struct logininfo *li) +{ + if (linux_audit_record_event(li->uid, NULL, li->hostname, -+ NULL, li->line, 1) == 0) -+ fatal("linux_audit_write_entry failed: %s", strerror(errno)); ++ NULL, li->line, 1) == 0) ++ fatal("linux_audit_write_entry failed: %s", strerror(errno)); +} + +void @@ -196,13 +194,13 @@ diff -up openssh-5.6p1/audit-linux.c.audit openssh-5.6p1/audit-linux.c +#endif /* USE_LINUX_AUDIT */ diff -up openssh-5.6p1/configure.ac.audit openssh-5.6p1/configure.ac --- openssh-5.6p1/configure.ac.audit 2010-08-16 05:15:23.000000000 +0200 -+++ openssh-5.6p1/configure.ac 2010-10-01 08:48:17.000000000 +0200 ++++ openssh-5.6p1/configure.ac 2010-10-20 09:15:47.000000000 +0200 @@ -1308,7 +1308,7 @@ int main(void) AUDIT_MODULE=none AC_ARG_WITH(audit, - [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm)], -+ [ --with-audit=module Enable EXPERIMENTAL audit support (modules=debug,bsm,linux)], ++ [ --with-audit=module Enable audit support (modules=debug,bsm,linux)], [ AC_MSG_CHECKING(for supported audit module) case "$withval" in @@ -228,7 +226,7 @@ diff -up openssh-5.6p1/configure.ac.audit openssh-5.6p1/configure.ac AC_MSG_RESULT(no) diff -up openssh-5.6p1/defines.h.audit openssh-5.6p1/defines.h --- openssh-5.6p1/defines.h.audit 2010-04-09 10:13:27.000000000 +0200 -+++ openssh-5.6p1/defines.h 2010-10-01 08:48:17.000000000 +0200 ++++ openssh-5.6p1/defines.h 2010-10-20 09:15:47.000000000 +0200 @@ -566,6 +566,11 @@ struct winsize { # define CUSTOM_SSH_AUDIT_EVENTS #endif @@ -243,7 +241,7 @@ diff -up openssh-5.6p1/defines.h.audit openssh-5.6p1/defines.h #elif !defined(HAVE___func__) diff -up openssh-5.6p1/loginrec.c.audit openssh-5.6p1/loginrec.c --- openssh-5.6p1/loginrec.c.audit 2010-04-09 10:13:27.000000000 +0200 -+++ openssh-5.6p1/loginrec.c 2010-10-01 08:48:17.000000000 +0200 ++++ openssh-5.6p1/loginrec.c 2010-10-20 09:15:47.000000000 +0200 @@ -468,9 +468,9 @@ login_write(struct logininfo *li) #endif #ifdef SSH_AUDIT_EVENTS @@ -258,13 +256,21 @@ diff -up openssh-5.6p1/loginrec.c.audit openssh-5.6p1/loginrec.c } diff -up openssh-5.6p1/Makefile.in.audit openssh-5.6p1/Makefile.in --- openssh-5.6p1/Makefile.in.audit 2010-05-12 08:51:39.000000000 +0200 -+++ openssh-5.6p1/Makefile.in 2010-10-01 08:48:17.000000000 +0200 -@@ -90,7 +90,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw ++++ openssh-5.6p1/Makefile.in 2010-10-20 09:15:47.000000000 +0200 +@@ -81,6 +81,7 @@ SSHOBJS= ssh.o readconf.o clientloop.o s + roaming_common.o roaming_client.o + + SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ ++ audit.o audit-bsm.o audit-linux.o platform.o \ + sshpty.o sshlogin.o servconf.o serverloop.o \ + auth.o auth1.o auth2.o auth-options.o session.o \ + auth-chall.o auth2-chall.o groupaccess.o \ +@@ -90,7 +91,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw auth-krb5.o \ auth2-gss.o gss-serv.o gss-serv-krb5.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ - audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \ -+ audit.o audit-bsm.o audit-linux.o platform.o sftp-server.o sftp-common.o \ ++ sftp-server.o sftp-common.o \ roaming_common.o roaming_serv.o MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out diff --git a/openssh-5.6p1-gsskex.patch b/openssh-5.6p1-gsskex.patch index a0079ae..f00c01b 100644 --- a/openssh-5.6p1-gsskex.patch +++ b/openssh-5.6p1-gsskex.patch @@ -1,6 +1,6 @@ diff -up openssh-5.6p1/auth2.c.gsskex openssh-5.6p1/auth2.c ---- openssh-5.6p1/auth2.c.gsskex 2010-09-25 12:10:55.000000000 +0200 -+++ openssh-5.6p1/auth2.c 2010-09-25 12:10:58.000000000 +0200 +--- openssh-5.6p1/auth2.c.gsskex 2010-10-20 10:37:41.000000000 +0200 ++++ openssh-5.6p1/auth2.c 2010-10-20 10:37:43.000000000 +0200 @@ -69,6 +69,7 @@ extern Authmethod method_passwd; extern Authmethod method_kbdint; extern Authmethod method_hostbased; @@ -36,8 +36,8 @@ diff -up openssh-5.6p1/auth2.c.gsskex openssh-5.6p1/auth2.c if (authctxt->failures >= options.max_authtries) { #ifdef SSH_AUDIT_EVENTS diff -up openssh-5.6p1/auth2-gss.c.gsskex openssh-5.6p1/auth2-gss.c ---- openssh-5.6p1/auth2-gss.c.gsskex 2010-09-25 12:10:55.000000000 +0200 -+++ openssh-5.6p1/auth2-gss.c 2010-09-25 12:10:58.000000000 +0200 +--- openssh-5.6p1/auth2-gss.c.gsskex 2010-10-20 10:37:41.000000000 +0200 ++++ openssh-5.6p1/auth2-gss.c 2010-10-20 10:37:43.000000000 +0200 @@ -1,7 +1,7 @@ /* $OpenBSD: auth2-gss.c,v 1.16 2007/10/29 00:52:45 dtucker Exp $ */ @@ -138,8 +138,8 @@ diff -up openssh-5.6p1/auth2-gss.c.gsskex openssh-5.6p1/auth2-gss.c "gssapi-with-mic", userauth_gssapi, diff -up openssh-5.6p1/auth.h.gsskex openssh-5.6p1/auth.h ---- openssh-5.6p1/auth.h.gsskex 2010-09-25 12:10:56.000000000 +0200 -+++ openssh-5.6p1/auth.h 2010-09-25 12:10:58.000000000 +0200 +--- openssh-5.6p1/auth.h.gsskex 2010-10-20 10:37:41.000000000 +0200 ++++ openssh-5.6p1/auth.h 2010-10-20 10:37:43.000000000 +0200 @@ -53,6 +53,7 @@ struct Authctxt { int valid; /* user exists and is allowed to login */ int attempt; @@ -150,7 +150,7 @@ diff -up openssh-5.6p1/auth.h.gsskex openssh-5.6p1/auth.h char *service; diff -up openssh-5.6p1/auth-krb5.c.gsskex openssh-5.6p1/auth-krb5.c --- openssh-5.6p1/auth-krb5.c.gsskex 2009-12-21 00:49:22.000000000 +0100 -+++ openssh-5.6p1/auth-krb5.c 2010-09-25 12:10:58.000000000 +0200 ++++ openssh-5.6p1/auth-krb5.c 2010-10-20 10:37:43.000000000 +0200 @@ -170,8 +170,13 @@ auth_krb5_password(Authctxt *authctxt, c len = strlen(authctxt->krb5_ticket_file) + 6; @@ -199,8 +199,8 @@ diff -up openssh-5.6p1/auth-krb5.c.gsskex openssh-5.6p1/auth-krb5.c return (krb5_cc_resolve(ctx, ccname, ccache)); } diff -up openssh-5.6p1/ChangeLog.gssapi.gsskex openssh-5.6p1/ChangeLog.gssapi ---- openssh-5.6p1/ChangeLog.gssapi.gsskex 2010-09-25 12:10:58.000000000 +0200 -+++ openssh-5.6p1/ChangeLog.gssapi 2010-09-25 12:10:58.000000000 +0200 +--- openssh-5.6p1/ChangeLog.gssapi.gsskex 2010-10-20 10:37:43.000000000 +0200 ++++ openssh-5.6p1/ChangeLog.gssapi 2010-10-20 10:37:43.000000000 +0200 @@ -0,0 +1,95 @@ +20090615 + - [ gss-genr.c gss-serv.c kexgssc.c kexgsss.c monitor.c sshconnect2.c @@ -299,7 +299,7 @@ diff -up openssh-5.6p1/ChangeLog.gssapi.gsskex openssh-5.6p1/ChangeLog.gssapi + diff -up openssh-5.6p1/clientloop.c.gsskex openssh-5.6p1/clientloop.c --- openssh-5.6p1/clientloop.c.gsskex 2010-08-03 08:04:46.000000000 +0200 -+++ openssh-5.6p1/clientloop.c 2010-09-25 12:10:58.000000000 +0200 ++++ openssh-5.6p1/clientloop.c 2010-10-20 10:37:43.000000000 +0200 @@ -111,6 +111,10 @@ #include "msg.h" #include "roaming.h" @@ -326,8 +326,8 @@ diff -up openssh-5.6p1/clientloop.c.gsskex openssh-5.6p1/clientloop.c debug("need rekeying"); xxx_kex->done = 0; diff -up openssh-5.6p1/configure.ac.gsskex openssh-5.6p1/configure.ac ---- openssh-5.6p1/configure.ac.gsskex 2010-09-25 12:10:58.000000000 +0200 -+++ openssh-5.6p1/configure.ac 2010-09-25 12:10:58.000000000 +0200 +--- openssh-5.6p1/configure.ac.gsskex 2010-10-20 10:37:42.000000000 +0200 ++++ openssh-5.6p1/configure.ac 2010-10-20 10:37:43.000000000 +0200 @@ -477,6 +477,30 @@ main() { if (NSVersionOfRunTimeLibrary(" [Use tunnel device compatibility to OpenBSD]) AC_DEFINE(SSH_TUN_PREPEND_AF, 1, @@ -361,7 +361,7 @@ diff -up openssh-5.6p1/configure.ac.gsskex openssh-5.6p1/configure.ac AC_DEFINE(AU_IPv4, 0, [System only supports IPv4 audit records]) diff -up openssh-5.6p1/gss-genr.c.gsskex openssh-5.6p1/gss-genr.c --- openssh-5.6p1/gss-genr.c.gsskex 2009-06-22 08:11:07.000000000 +0200 -+++ openssh-5.6p1/gss-genr.c 2010-09-25 12:10:59.000000000 +0200 ++++ openssh-5.6p1/gss-genr.c 2010-10-20 10:37:43.000000000 +0200 @@ -39,12 +39,167 @@ #include "buffer.h" #include "log.h" @@ -702,7 +702,7 @@ diff -up openssh-5.6p1/gss-genr.c.gsskex openssh-5.6p1/gss-genr.c #endif /* GSSAPI */ diff -up openssh-5.6p1/gss-serv.c.gsskex openssh-5.6p1/gss-serv.c --- openssh-5.6p1/gss-serv.c.gsskex 2008-05-19 07:05:07.000000000 +0200 -+++ openssh-5.6p1/gss-serv.c 2010-09-25 12:10:59.000000000 +0200 ++++ openssh-5.6p1/gss-serv.c 2010-10-20 10:37:43.000000000 +0200 @@ -1,7 +1,7 @@ /* $OpenBSD: gss-serv.c,v 1.22 2008/05/08 12:02:23 djm Exp $ */ @@ -1018,7 +1018,7 @@ diff -up openssh-5.6p1/gss-serv.c.gsskex openssh-5.6p1/gss-serv.c #endif diff -up openssh-5.6p1/gss-serv-krb5.c.gsskex openssh-5.6p1/gss-serv-krb5.c --- openssh-5.6p1/gss-serv-krb5.c.gsskex 2006-09-01 07:38:36.000000000 +0200 -+++ openssh-5.6p1/gss-serv-krb5.c 2010-09-25 12:10:59.000000000 +0200 ++++ openssh-5.6p1/gss-serv-krb5.c 2010-10-20 10:37:43.000000000 +0200 @@ -1,7 +1,7 @@ /* $OpenBSD: gss-serv-krb5.c,v 1.7 2006/08/03 03:34:42 deraadt Exp $ */ @@ -1141,7 +1141,7 @@ diff -up openssh-5.6p1/gss-serv-krb5.c.gsskex openssh-5.6p1/gss-serv-krb5.c #endif /* KRB5 */ diff -up openssh-5.6p1/kex.c.gsskex openssh-5.6p1/kex.c --- openssh-5.6p1/kex.c.gsskex 2010-01-08 06:50:41.000000000 +0100 -+++ openssh-5.6p1/kex.c 2010-09-25 12:10:59.000000000 +0200 ++++ openssh-5.6p1/kex.c 2010-10-20 10:37:43.000000000 +0200 @@ -50,6 +50,10 @@ #include "monitor.h" #include "roaming.h" @@ -1175,8 +1175,8 @@ diff -up openssh-5.6p1/kex.c.gsskex openssh-5.6p1/kex.c fatal("bad kex alg %s", k->name); } diff -up openssh-5.6p1/kexgssc.c.gsskex openssh-5.6p1/kexgssc.c ---- openssh-5.6p1/kexgssc.c.gsskex 2010-09-25 12:10:59.000000000 +0200 -+++ openssh-5.6p1/kexgssc.c 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/kexgssc.c.gsskex 2010-10-20 10:37:43.000000000 +0200 ++++ openssh-5.6p1/kexgssc.c 2010-10-20 10:37:43.000000000 +0200 @@ -0,0 +1,334 @@ +/* + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. @@ -1513,8 +1513,8 @@ diff -up openssh-5.6p1/kexgssc.c.gsskex openssh-5.6p1/kexgssc.c + +#endif /* GSSAPI */ diff -up openssh-5.6p1/kexgsss.c.gsskex openssh-5.6p1/kexgsss.c ---- openssh-5.6p1/kexgsss.c.gsskex 2010-09-25 12:10:59.000000000 +0200 -+++ openssh-5.6p1/kexgsss.c 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/kexgsss.c.gsskex 2010-10-20 10:37:43.000000000 +0200 ++++ openssh-5.6p1/kexgsss.c 2010-10-20 10:37:43.000000000 +0200 @@ -0,0 +1,288 @@ +/* + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. @@ -1806,7 +1806,7 @@ diff -up openssh-5.6p1/kexgsss.c.gsskex openssh-5.6p1/kexgsss.c +#endif /* GSSAPI */ diff -up openssh-5.6p1/kex.h.gsskex openssh-5.6p1/kex.h --- openssh-5.6p1/kex.h.gsskex 2010-02-26 21:55:05.000000000 +0100 -+++ openssh-5.6p1/kex.h 2010-09-25 12:10:59.000000000 +0200 ++++ openssh-5.6p1/kex.h 2010-10-20 10:37:43.000000000 +0200 @@ -67,6 +67,9 @@ enum kex_exchange { KEX_DH_GRP14_SHA1, KEX_DH_GEX_SHA1, @@ -1844,7 +1844,7 @@ diff -up openssh-5.6p1/kex.h.gsskex openssh-5.6p1/kex.h BIGNUM *, BIGNUM *, BIGNUM *, u_char **, u_int *); diff -up openssh-5.6p1/key.c.gsskex openssh-5.6p1/key.c --- openssh-5.6p1/key.c.gsskex 2010-07-16 05:58:37.000000000 +0200 -+++ openssh-5.6p1/key.c 2010-09-25 12:10:59.000000000 +0200 ++++ openssh-5.6p1/key.c 2010-10-20 10:37:43.000000000 +0200 @@ -1020,6 +1020,8 @@ key_type_from_name(char *name) return KEY_RSA_CERT; } else if (strcmp(name, "ssh-dss-cert-v01@openssh.com") == 0) { @@ -1856,7 +1856,7 @@ diff -up openssh-5.6p1/key.c.gsskex openssh-5.6p1/key.c return KEY_UNSPEC; diff -up openssh-5.6p1/key.h.gsskex openssh-5.6p1/key.h --- openssh-5.6p1/key.h.gsskex 2010-04-16 07:56:22.000000000 +0200 -+++ openssh-5.6p1/key.h 2010-09-25 12:10:59.000000000 +0200 ++++ openssh-5.6p1/key.h 2010-10-20 10:37:43.000000000 +0200 @@ -39,6 +39,7 @@ enum types { KEY_DSA_CERT, KEY_RSA_CERT_V00, @@ -1866,8 +1866,8 @@ diff -up openssh-5.6p1/key.h.gsskex openssh-5.6p1/key.h }; enum fp_type { diff -up openssh-5.6p1/Makefile.in.gsskex openssh-5.6p1/Makefile.in ---- openssh-5.6p1/Makefile.in.gsskex 2010-09-25 12:10:58.000000000 +0200 -+++ openssh-5.6p1/Makefile.in 2010-09-25 12:11:54.000000000 +0200 +--- openssh-5.6p1/Makefile.in.gsskex 2010-10-20 10:37:42.000000000 +0200 ++++ openssh-5.6p1/Makefile.in 2010-10-20 11:34:14.000000000 +0200 @@ -77,11 +77,11 @@ LIBSSH_OBJS=acss.o authfd.o authfile.o b monitor_fdpass.o rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o \ kexgex.o kexdhc.o kexgexc.o msg.o progressmeter.o dns.o \ @@ -1881,19 +1881,19 @@ diff -up openssh-5.6p1/Makefile.in.gsskex openssh-5.6p1/Makefile.in + roaming_common.o roaming_client.o kexgssc.o SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ - sshpty.o sshlogin.o servconf.o serverloop.o \ -@@ -94,7 +94,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw + audit.o audit-bsm.o audit-linux.o platform.o \ +@@ -95,7 +95,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw auth2-gss.o gss-serv.o gss-serv-krb5.o \ loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ - audit.o audit-bsm.o audit-linux.o platform.o sftp-server.o sftp-common.o \ + sftp-server.o sftp-common.o \ - roaming_common.o roaming_serv.o + roaming_common.o roaming_serv.o kexgsss.o MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5 diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c ---- openssh-5.6p1/monitor.c.gsskex 2010-09-25 12:10:56.000000000 +0200 -+++ openssh-5.6p1/monitor.c 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/monitor.c.gsskex 2010-10-20 10:37:41.000000000 +0200 ++++ openssh-5.6p1/monitor.c 2010-10-20 10:37:43.000000000 +0200 @@ -175,6 +175,8 @@ int mm_answer_gss_setup_ctx(int, Buffer int mm_answer_gss_accept_ctx(int, Buffer *); int mm_answer_gss_userok(int, Buffer *); @@ -2087,8 +2087,8 @@ diff -up openssh-5.6p1/monitor.c.gsskex openssh-5.6p1/monitor.c #ifdef JPAKE diff -up openssh-5.6p1/monitor.h.gsskex openssh-5.6p1/monitor.h ---- openssh-5.6p1/monitor.h.gsskex 2010-09-25 12:10:56.000000000 +0200 -+++ openssh-5.6p1/monitor.h 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/monitor.h.gsskex 2010-10-20 10:37:41.000000000 +0200 ++++ openssh-5.6p1/monitor.h 2010-10-20 10:37:43.000000000 +0200 @@ -56,6 +56,8 @@ enum monitor_reqtype { MONITOR_REQ_GSSSTEP, MONITOR_ANS_GSSSTEP, MONITOR_REQ_GSSUSEROK, MONITOR_ANS_GSSUSEROK, @@ -2099,8 +2099,8 @@ diff -up openssh-5.6p1/monitor.h.gsskex openssh-5.6p1/monitor.h MONITOR_REQ_PAM_ACCOUNT, MONITOR_ANS_PAM_ACCOUNT, MONITOR_REQ_PAM_INIT_CTX, MONITOR_ANS_PAM_INIT_CTX, diff -up openssh-5.6p1/monitor_wrap.c.gsskex openssh-5.6p1/monitor_wrap.c ---- openssh-5.6p1/monitor_wrap.c.gsskex 2010-09-25 12:10:56.000000000 +0200 -+++ openssh-5.6p1/monitor_wrap.c 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/monitor_wrap.c.gsskex 2010-10-20 10:37:41.000000000 +0200 ++++ openssh-5.6p1/monitor_wrap.c 2010-10-20 10:37:43.000000000 +0200 @@ -1250,7 +1250,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss } @@ -2163,8 +2163,8 @@ diff -up openssh-5.6p1/monitor_wrap.c.gsskex openssh-5.6p1/monitor_wrap.c #ifdef JPAKE diff -up openssh-5.6p1/monitor_wrap.h.gsskex openssh-5.6p1/monitor_wrap.h ---- openssh-5.6p1/monitor_wrap.h.gsskex 2010-09-25 12:10:56.000000000 +0200 -+++ openssh-5.6p1/monitor_wrap.h 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/monitor_wrap.h.gsskex 2010-10-20 10:37:41.000000000 +0200 ++++ openssh-5.6p1/monitor_wrap.h 2010-10-20 10:37:43.000000000 +0200 @@ -60,8 +60,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(K OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, @@ -2179,7 +2179,7 @@ diff -up openssh-5.6p1/monitor_wrap.h.gsskex openssh-5.6p1/monitor_wrap.h #ifdef USE_PAM diff -up openssh-5.6p1/readconf.c.gsskex openssh-5.6p1/readconf.c --- openssh-5.6p1/readconf.c.gsskex 2010-08-03 08:04:46.000000000 +0200 -+++ openssh-5.6p1/readconf.c 2010-09-25 12:10:59.000000000 +0200 ++++ openssh-5.6p1/readconf.c 2010-10-20 10:37:43.000000000 +0200 @@ -127,6 +127,7 @@ typedef enum { oClearAllForwardings, oNoHostAuthenticationForLocalhost, oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, @@ -2263,7 +2263,7 @@ diff -up openssh-5.6p1/readconf.c.gsskex openssh-5.6p1/readconf.c if (options->kbd_interactive_authentication == -1) diff -up openssh-5.6p1/readconf.h.gsskex openssh-5.6p1/readconf.h --- openssh-5.6p1/readconf.h.gsskex 2010-08-03 08:04:46.000000000 +0200 -+++ openssh-5.6p1/readconf.h 2010-09-25 12:10:59.000000000 +0200 ++++ openssh-5.6p1/readconf.h 2010-10-20 10:37:43.000000000 +0200 @@ -46,7 +46,11 @@ typedef struct { int challenge_response_authentication; /* Try S/Key or TIS, authentication. */ @@ -2277,8 +2277,8 @@ diff -up openssh-5.6p1/readconf.h.gsskex openssh-5.6p1/readconf.h * authentication. */ int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ diff -up openssh-5.6p1/servconf.c.gsskex openssh-5.6p1/servconf.c ---- openssh-5.6p1/servconf.c.gsskex 2010-09-25 12:10:56.000000000 +0200 -+++ openssh-5.6p1/servconf.c 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/servconf.c.gsskex 2010-10-20 10:37:41.000000000 +0200 ++++ openssh-5.6p1/servconf.c 2010-10-20 10:37:43.000000000 +0200 @@ -93,7 +93,10 @@ initialize_server_options(ServerOptions options->kerberos_ticket_cleanup = -1; options->kerberos_get_afs_token = -1; @@ -2356,8 +2356,8 @@ diff -up openssh-5.6p1/servconf.c.gsskex openssh-5.6p1/servconf.c intptr = &options->password_authentication; goto parse_flag; diff -up openssh-5.6p1/servconf.h.gsskex openssh-5.6p1/servconf.h ---- openssh-5.6p1/servconf.h.gsskex 2010-09-25 12:10:56.000000000 +0200 -+++ openssh-5.6p1/servconf.h 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/servconf.h.gsskex 2010-10-20 10:37:41.000000000 +0200 ++++ openssh-5.6p1/servconf.h 2010-10-20 10:37:43.000000000 +0200 @@ -94,7 +94,10 @@ typedef struct { int kerberos_get_afs_token; /* If true, try to get AFS token if * authenticated with Kerberos. */ @@ -2371,7 +2371,7 @@ diff -up openssh-5.6p1/servconf.h.gsskex openssh-5.6p1/servconf.h int kbd_interactive_authentication; /* If true, permit */ diff -up openssh-5.6p1/ssh_config.5.gsskex openssh-5.6p1/ssh_config.5 --- openssh-5.6p1/ssh_config.5.gsskex 2010-08-05 05:03:13.000000000 +0200 -+++ openssh-5.6p1/ssh_config.5 2010-09-25 12:10:59.000000000 +0200 ++++ openssh-5.6p1/ssh_config.5 2010-10-20 10:37:43.000000000 +0200 @@ -509,11 +509,38 @@ Specifies whether user authentication ba The default is .Dq no . @@ -2413,8 +2413,8 @@ diff -up openssh-5.6p1/ssh_config.5.gsskex openssh-5.6p1/ssh_config.5 Indicates that .Xr ssh 1 diff -up openssh-5.6p1/ssh_config.gsskex openssh-5.6p1/ssh_config ---- openssh-5.6p1/ssh_config.gsskex 2010-09-25 12:10:55.000000000 +0200 -+++ openssh-5.6p1/ssh_config 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/ssh_config.gsskex 2010-10-20 10:37:40.000000000 +0200 ++++ openssh-5.6p1/ssh_config 2010-10-20 10:37:43.000000000 +0200 @@ -26,6 +26,8 @@ # HostbasedAuthentication no # GSSAPIAuthentication no @@ -2425,8 +2425,8 @@ diff -up openssh-5.6p1/ssh_config.gsskex openssh-5.6p1/ssh_config # CheckHostIP yes # AddressFamily any diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c ---- openssh-5.6p1/sshconnect2.c.gsskex 2010-09-25 12:10:58.000000000 +0200 -+++ openssh-5.6p1/sshconnect2.c 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/sshconnect2.c.gsskex 2010-10-20 10:37:42.000000000 +0200 ++++ openssh-5.6p1/sshconnect2.c 2010-10-20 10:37:43.000000000 +0200 @@ -108,9 +108,34 @@ ssh_kex2(char *host, struct sockaddr *ho { Kex *kex; @@ -2625,8 +2625,8 @@ diff -up openssh-5.6p1/sshconnect2.c.gsskex openssh-5.6p1/sshconnect2.c int diff -up openssh-5.6p1/sshd.c.gsskex openssh-5.6p1/sshd.c ---- openssh-5.6p1/sshd.c.gsskex 2010-09-25 12:10:58.000000000 +0200 -+++ openssh-5.6p1/sshd.c 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/sshd.c.gsskex 2010-10-20 10:37:42.000000000 +0200 ++++ openssh-5.6p1/sshd.c 2010-10-20 10:37:43.000000000 +0200 @@ -129,6 +129,10 @@ int allow_severity; int deny_severity; #endif /* LIBWRAP */ @@ -2776,8 +2776,8 @@ diff -up openssh-5.6p1/sshd.c.gsskex openssh-5.6p1/sshd.c kex->client_version_string=client_version_string; kex->server_version_string=server_version_string; diff -up openssh-5.6p1/sshd_config.5.gsskex openssh-5.6p1/sshd_config.5 ---- openssh-5.6p1/sshd_config.5.gsskex 2010-09-25 12:10:56.000000000 +0200 -+++ openssh-5.6p1/sshd_config.5 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/sshd_config.5.gsskex 2010-10-20 10:37:41.000000000 +0200 ++++ openssh-5.6p1/sshd_config.5 2010-10-20 10:37:43.000000000 +0200 @@ -424,12 +424,40 @@ Specifies whether user authentication ba The default is .Dq no . @@ -2820,8 +2820,8 @@ diff -up openssh-5.6p1/sshd_config.5.gsskex openssh-5.6p1/sshd_config.5 Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed diff -up openssh-5.6p1/sshd_config.gsskex openssh-5.6p1/sshd_config ---- openssh-5.6p1/sshd_config.gsskex 2010-09-25 12:10:56.000000000 +0200 -+++ openssh-5.6p1/sshd_config 2010-09-25 12:10:59.000000000 +0200 +--- openssh-5.6p1/sshd_config.gsskex 2010-10-20 10:37:41.000000000 +0200 ++++ openssh-5.6p1/sshd_config 2010-10-20 10:37:43.000000000 +0200 @@ -78,6 +78,8 @@ ChallengeResponseAuthentication no GSSAPIAuthentication yes #GSSAPICleanupCredentials yes @@ -2833,7 +2833,7 @@ diff -up openssh-5.6p1/sshd_config.gsskex openssh-5.6p1/sshd_config # and session processing. If this is enabled, PAM authentication will diff -up openssh-5.6p1/ssh-gss.h.gsskex openssh-5.6p1/ssh-gss.h --- openssh-5.6p1/ssh-gss.h.gsskex 2007-06-12 15:40:39.000000000 +0200 -+++ openssh-5.6p1/ssh-gss.h 2010-09-25 12:10:59.000000000 +0200 ++++ openssh-5.6p1/ssh-gss.h 2010-10-20 10:37:43.000000000 +0200 @@ -1,6 +1,6 @@ /* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */ /* diff --git a/openssh-5.6p1-ldap.patch b/openssh-5.6p1-ldap.patch index a1917e8..ca7183b 100644 --- a/openssh-5.6p1-ldap.patch +++ b/openssh-5.6p1-ldap.patch @@ -1,6 +1,6 @@ diff -up openssh-5.6p1/configure.ac.ldap openssh-5.6p1/configure.ac ---- openssh-5.6p1/configure.ac.ldap 2010-09-25 12:07:39.000000000 +0200 -+++ openssh-5.6p1/configure.ac 2010-09-25 12:07:39.000000000 +0200 +--- openssh-5.6p1/configure.ac.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/configure.ac 2010-10-20 09:21:04.000000000 +0200 @@ -1366,6 +1366,106 @@ AC_ARG_WITH(authorized-keys-command, ] ) @@ -109,8 +109,8 @@ diff -up openssh-5.6p1/configure.ac.ldap openssh-5.6p1/configure.ac AC_CHECK_FUNCS( \ arc4random \ diff -up openssh-5.6p1/ldapbody.c.ldap openssh-5.6p1/ldapbody.c ---- openssh-5.6p1/ldapbody.c.ldap 2010-09-25 12:07:39.000000000 +0200 -+++ openssh-5.6p1/ldapbody.c 2010-09-25 12:07:39.000000000 +0200 +--- openssh-5.6p1/ldapbody.c.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/ldapbody.c 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,494 @@ +/* $OpenBSD: ldapbody.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -607,8 +607,8 @@ diff -up openssh-5.6p1/ldapbody.c.ldap openssh-5.6p1/ldapbody.c +} + diff -up openssh-5.6p1/ldapbody.h.ldap openssh-5.6p1/ldapbody.h ---- openssh-5.6p1/ldapbody.h.ldap 2010-09-25 12:07:39.000000000 +0200 -+++ openssh-5.6p1/ldapbody.h 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/ldapbody.h.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/ldapbody.h 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,37 @@ +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -648,8 +648,8 @@ diff -up openssh-5.6p1/ldapbody.h.ldap openssh-5.6p1/ldapbody.h +#endif /* LDAPBODY_H */ + diff -up openssh-5.6p1/ldapconf.c.ldap openssh-5.6p1/ldapconf.c ---- openssh-5.6p1/ldapconf.c.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/ldapconf.c 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/ldapconf.c.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/ldapconf.c 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,682 @@ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -1334,8 +1334,8 @@ diff -up openssh-5.6p1/ldapconf.c.ldap openssh-5.6p1/ldapconf.c +} + diff -up openssh-5.6p1/ldapconf.h.ldap openssh-5.6p1/ldapconf.h ---- openssh-5.6p1/ldapconf.h.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/ldapconf.h 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/ldapconf.h.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/ldapconf.h 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,71 @@ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -1409,8 +1409,8 @@ diff -up openssh-5.6p1/ldapconf.h.ldap openssh-5.6p1/ldapconf.h + +#endif /* LDAPCONF_H */ diff -up openssh-5.6p1/ldap.conf.ldap openssh-5.6p1/ldap.conf ---- openssh-5.6p1/ldap.conf.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/ldap.conf 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/ldap.conf.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/ldap.conf 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,88 @@ +# $Id: openssh-5.5p1-ldap.patch,v 1.3 2010/07/07 13:48:36 jfch2222 Exp $ +# @@ -1501,8 +1501,8 @@ diff -up openssh-5.6p1/ldap.conf.ldap openssh-5.6p1/ldap.conf +#tls_key + diff -up openssh-5.6p1/ldap-helper.c.ldap openssh-5.6p1/ldap-helper.c ---- openssh-5.6p1/ldap-helper.c.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/ldap-helper.c 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/ldap-helper.c.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/ldap-helper.c 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,154 @@ +/* $OpenBSD: ssh-pka-ldap.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -1659,8 +1659,8 @@ diff -up openssh-5.6p1/ldap-helper.c.ldap openssh-5.6p1/ldap-helper.c +void buffer_put_string(Buffer *b, const void *f, u_int l) {} + diff -up openssh-5.6p1/ldap-helper.h.ldap openssh-5.6p1/ldap-helper.h ---- openssh-5.6p1/ldap-helper.h.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/ldap-helper.h 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/ldap-helper.h.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/ldap-helper.h 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,32 @@ +/* $OpenBSD: ldap-helper.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -1695,8 +1695,8 @@ diff -up openssh-5.6p1/ldap-helper.h.ldap openssh-5.6p1/ldap-helper.h + +#endif /* LDAP_HELPER_H */ diff -up openssh-5.6p1/ldapincludes.h.ldap openssh-5.6p1/ldapincludes.h ---- openssh-5.6p1/ldapincludes.h.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/ldapincludes.h 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/ldapincludes.h.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/ldapincludes.h 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,41 @@ +/* $OpenBSD: ldapconf.c,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -1740,8 +1740,8 @@ diff -up openssh-5.6p1/ldapincludes.h.ldap openssh-5.6p1/ldapincludes.h + +#endif /* LDAPINCLUDES_H */ diff -up openssh-5.6p1/ldapmisc.c.ldap openssh-5.6p1/ldapmisc.c ---- openssh-5.6p1/ldapmisc.c.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/ldapmisc.c 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/ldapmisc.c.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/ldapmisc.c 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,79 @@ + +#include "ldapincludes.h" @@ -1823,8 +1823,8 @@ diff -up openssh-5.6p1/ldapmisc.c.ldap openssh-5.6p1/ldapmisc.c +#endif + diff -up openssh-5.6p1/ldapmisc.h.ldap openssh-5.6p1/ldapmisc.h ---- openssh-5.6p1/ldapmisc.h.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/ldapmisc.h 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/ldapmisc.h.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/ldapmisc.h 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,35 @@ +/* $OpenBSD: ldapbody.h,v 1.1 2009/12/03 03:34:42 jfch Exp $ */ +/* @@ -1862,8 +1862,8 @@ diff -up openssh-5.6p1/ldapmisc.h.ldap openssh-5.6p1/ldapmisc.h +#endif /* LDAPMISC_H */ + diff -up openssh-5.6p1/lpk-user-example.txt.ldap openssh-5.6p1/lpk-user-example.txt ---- openssh-5.6p1/lpk-user-example.txt.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/lpk-user-example.txt 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/lpk-user-example.txt.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/lpk-user-example.txt 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,117 @@ + +Post to ML -> User Made Quick Install Doc. @@ -1983,8 +1983,8 @@ diff -up openssh-5.6p1/lpk-user-example.txt.ldap openssh-5.6p1/lpk-user-example. + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in ---- openssh-5.6p1/Makefile.in.ldap 2010-09-25 12:07:39.000000000 +0200 -+++ openssh-5.6p1/Makefile.in 2010-09-25 12:09:46.000000000 +0200 +--- openssh-5.6p1/Makefile.in.ldap 2010-10-20 09:21:03.000000000 +0200 ++++ openssh-5.6p1/Makefile.in 2010-10-20 10:36:39.000000000 +0200 @@ -26,6 +26,7 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpas SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign @@ -2004,8 +2004,8 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ -@@ -93,8 +95,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw - audit.o audit-bsm.o audit-linux.o platform.o sftp-server.o sftp-common.o \ +@@ -94,8 +96,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw + sftp-server.o sftp-common.o \ roaming_common.o roaming_serv.o -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out @@ -2015,7 +2015,7 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in MANTYPE = @MANTYPE@ CONFIGFILES=sshd_config.out ssh_config.out moduli.out -@@ -162,6 +164,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss +@@ -163,6 +165,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) @@ -2025,7 +2025,7 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) -@@ -266,6 +271,9 @@ install-files: +@@ -267,6 +272,9 @@ install-files: fi $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) @@ -2035,7 +2035,7 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 -@@ -285,6 +293,10 @@ install-files: +@@ -286,6 +294,10 @@ install-files: $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 @@ -2046,7 +2046,7 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in -rm -f $(DESTDIR)$(bindir)/slogin ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 -@@ -321,6 +333,13 @@ install-sysconf: +@@ -322,6 +334,13 @@ install-sysconf: else \ echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \ fi @@ -2060,7 +2060,7 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in host-key: ssh-keygen$(EXEEXT) @if [ -z "$(DESTDIR)" ] ; then \ -@@ -384,6 +403,7 @@ uninstall: +@@ -385,6 +404,7 @@ uninstall: -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 @@ -2069,8 +2069,8 @@ diff -up openssh-5.6p1/Makefile.in.ldap openssh-5.6p1/Makefile.in tests interop-tests: $(TARGETS) diff -up openssh-5.6p1/openssh-lpk-openldap.schema.ldap openssh-5.6p1/openssh-lpk-openldap.schema ---- openssh-5.6p1/openssh-lpk-openldap.schema.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/openssh-lpk-openldap.schema 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/openssh-lpk-openldap.schema.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/openssh-lpk-openldap.schema 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,21 @@ +# +# LDAP Public Key Patch schema for use with openssh-ldappubkey @@ -2094,8 +2094,8 @@ diff -up openssh-5.6p1/openssh-lpk-openldap.schema.ldap openssh-5.6p1/openssh-lp + MUST ( sshPublicKey $ uid ) + ) diff -up openssh-5.6p1/openssh-lpk-sun.schema.ldap openssh-5.6p1/openssh-lpk-sun.schema ---- openssh-5.6p1/openssh-lpk-sun.schema.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/openssh-lpk-sun.schema 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/openssh-lpk-sun.schema.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/openssh-lpk-sun.schema 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,23 @@ +# +# LDAP Public Key Patch schema for use with openssh-ldappubkey @@ -2121,8 +2121,8 @@ diff -up openssh-5.6p1/openssh-lpk-sun.schema.ldap openssh-5.6p1/openssh-lpk-sun + MUST ( sshPublicKey $ uid ) + ) diff -up openssh-5.6p1/README.lpk.ldap openssh-5.6p1/README.lpk ---- openssh-5.6p1/README.lpk.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/README.lpk 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/README.lpk.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/README.lpk 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,274 @@ +OpenSSH LDAP PUBLIC KEY PATCH +Copyright (c) 2003 Eric AUGE (eau@phear.org) @@ -2399,8 +2399,8 @@ diff -up openssh-5.6p1/README.lpk.ldap openssh-5.6p1/README.lpk + Jan F. Chadima + diff -up openssh-5.6p1/ssh-ldap.conf.5.ldap openssh-5.6p1/ssh-ldap.conf.5 ---- openssh-5.6p1/ssh-ldap.conf.5.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/ssh-ldap.conf.5 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/ssh-ldap.conf.5.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/ssh-ldap.conf.5 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,373 @@ +.\" $OpenBSD: ssh-ldap.conf.5,v 1.1 2010/02/10 23:20:38 markus Exp $ +.\" @@ -2776,8 +2776,8 @@ diff -up openssh-5.6p1/ssh-ldap.conf.5.ldap openssh-5.6p1/ssh-ldap.conf.5 +.Sh AUTHORS +.An Jan F. Chadima Aq jchadima@redhat.com diff -up openssh-5.6p1/ssh-ldap-helper.8.ldap openssh-5.6p1/ssh-ldap-helper.8 ---- openssh-5.6p1/ssh-ldap-helper.8.ldap 2010-09-25 12:07:40.000000000 +0200 -+++ openssh-5.6p1/ssh-ldap-helper.8 2010-09-25 12:07:40.000000000 +0200 +--- openssh-5.6p1/ssh-ldap-helper.8.ldap 2010-10-20 09:21:04.000000000 +0200 ++++ openssh-5.6p1/ssh-ldap-helper.8 2010-10-20 09:21:04.000000000 +0200 @@ -0,0 +1,78 @@ +.\" $OpenBSD: ssh-ldap-helper.8,v 1.1 2010/02/10 23:20:38 markus Exp $ +.\" diff --git a/openssh.spec b/openssh.spec index 7da3961..c039410 100644 --- a/openssh.spec +++ b/openssh.spec @@ -71,7 +71,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.6p1 -%define openssh_rel 10 +%define openssh_rel 11 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 27 @@ -585,6 +585,9 @@ fi %endif %changelog +* Wed Oct 20 2010 Jan F. Chadima - 5.6p1-11 + 0.9.2-27 +- rebase linux audit according to upstream + * Fri Oct 1 2010 Jan F. Chadima - 5.6p1-10 + 0.9.2-27 - add missing headers to linux audit