diff --git a/openssh-5.8p1-audit1a.patch b/openssh-5.8p1-audit1a.patch index 0774dba..e69de29 100644 --- a/openssh-5.8p1-audit1a.patch +++ b/openssh-5.8p1-audit1a.patch @@ -1,39 +0,0 @@ -diff -up openssh-5.8p1/audit-linux.c.audit1a openssh-5.8p1/audit-linux.c ---- openssh-5.8p1/audit-linux.c.audit1a 2011-02-24 13:16:51.000000000 +0100 -+++ openssh-5.8p1/audit-linux.c 2011-02-24 13:17:17.000000000 +0100 -@@ -143,7 +143,7 @@ audit_connection_from(const char *host, - void - audit_run_command(const char *command) - { -- if (!user_login_count++) -+ if (!user_login_count++ && !options.use_pam) - linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), - NULL, "ssh", 1, AUDIT_USER_LOGIN); - linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), -@@ -155,7 +155,7 @@ audit_end_command(const char *command) - { - linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), - NULL, "ssh", 1, AUDIT_USER_END); -- if (!--user_login_count) -+ if (!--user_login_count && !options.use_pam) - linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), - NULL, "ssh", 1, AUDIT_USER_LOGOUT); - } -@@ -163,7 +163,7 @@ audit_end_command(const char *command) - void - audit_session_open(struct logininfo *li) - { -- if (!user_login_count++) -+ if (!user_login_count++ && !options.use_pam) - linux_audit_user_logxxx(li->uid, NULL, li->hostname, - NULL, li->line, 1, AUDIT_USER_LOGIN); - linux_audit_user_logxxx(li->uid, NULL, li->hostname, -@@ -175,7 +175,7 @@ audit_session_close(struct logininfo *li - { - linux_audit_user_logxxx(li->uid, NULL, li->hostname, - NULL, li->line, 1, AUDIT_USER_END); -- if (!--user_login_count) -+ if (!--user_login_count && !options.use_pam) - linux_audit_user_logxxx(li->uid, NULL, li->hostname, - NULL, li->line, 1, AUDIT_USER_LOGOUT); - } diff --git a/openssh-5.8p1-fingerprint.patch b/openssh-5.8p1-fingerprint.patch index 180c92a..a0438ff 100644 --- a/openssh-5.8p1-fingerprint.patch +++ b/openssh-5.8p1-fingerprint.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/auth2-hostbased.c.fingerprint openssh-5.8p1/auth2-hostbased.c --- openssh-5.8p1/auth2-hostbased.c.fingerprint 2010-08-05 05:04:50.000000000 +0200 -+++ openssh-5.8p1/auth2-hostbased.c 2011-02-24 10:30:47.000000000 +0100 ++++ openssh-5.8p1/auth2-hostbased.c 2011-02-25 09:17:18.000000000 +0100 @@ -196,16 +196,18 @@ hostbased_key_allowed(struct passwd *pw, if (host_status == HOST_OK) { @@ -29,7 +29,7 @@ diff -up openssh-5.8p1/auth2-hostbased.c.fingerprint openssh-5.8p1/auth2-hostbas } diff -up openssh-5.8p1/auth2-pubkey.c.fingerprint openssh-5.8p1/auth2-pubkey.c --- openssh-5.8p1/auth2-pubkey.c.fingerprint 2010-12-01 01:50:14.000000000 +0100 -+++ openssh-5.8p1/auth2-pubkey.c 2011-02-24 10:30:47.000000000 +0100 ++++ openssh-5.8p1/auth2-pubkey.c 2011-02-25 09:17:18.000000000 +0100 @@ -319,10 +319,10 @@ user_key_allowed2(struct passwd *pw, Key continue; if (!key_is_cert_authority) @@ -78,7 +78,7 @@ diff -up openssh-5.8p1/auth2-pubkey.c.fingerprint openssh-5.8p1/auth2-pubkey.c } diff -up openssh-5.8p1/auth.c.fingerprint openssh-5.8p1/auth.c --- openssh-5.8p1/auth.c.fingerprint 2010-12-01 02:21:51.000000000 +0100 -+++ openssh-5.8p1/auth.c 2011-02-24 10:30:47.000000000 +0100 ++++ openssh-5.8p1/auth.c 2011-02-25 09:17:18.000000000 +0100 @@ -639,9 +639,10 @@ auth_key_is_revoked(Key *key) return 1; case 1: @@ -94,7 +94,7 @@ diff -up openssh-5.8p1/auth.c.fingerprint openssh-5.8p1/auth.c } diff -up openssh-5.8p1/auth-rsa.c.fingerprint openssh-5.8p1/auth-rsa.c --- openssh-5.8p1/auth-rsa.c.fingerprint 2010-12-04 23:01:47.000000000 +0100 -+++ openssh-5.8p1/auth-rsa.c 2011-02-24 10:30:47.000000000 +0100 ++++ openssh-5.8p1/auth-rsa.c 2011-02-25 09:17:18.000000000 +0100 @@ -318,9 +318,9 @@ auth_rsa(Authctxt *authctxt, BIGNUM *cli * options; this will be reset if the options cause the * authentication to be rejected. @@ -110,20 +110,23 @@ diff -up openssh-5.8p1/auth-rsa.c.fingerprint openssh-5.8p1/auth-rsa.c diff -up openssh-5.8p1/key.c.fingerprint openssh-5.8p1/key.c --- openssh-5.8p1/key.c.fingerprint 2011-02-04 01:48:34.000000000 +0100 -+++ openssh-5.8p1/key.c 2011-02-24 10:33:05.000000000 +0100 -@@ -594,6 +594,32 @@ key_fingerprint(Key *k, enum fp_type dgs ++++ openssh-5.8p1/key.c 2011-02-25 09:18:16.000000000 +0100 +@@ -594,6 +594,34 @@ key_fingerprint(Key *k, enum fp_type dgs return retval; } -+int ++enum fp_type +key_fingerprint_selection(void) +{ ++ static enum fp_type rv; ++ static char rv_defined = 0; + char *env; -+ static int rv = -1; + -+ if (rv == -1) { ++ if (!rv_defined) { + env = getenv("SSH_FINGERPRINT_TYPE"); -+ rv = env && !strcmp (env, "sha"); ++ rv = (env && !strcmp (env, "sha")) ? ++ SSH_FP_SHA1 : SSH_FP_MD5; ++ rv_defined = 1; + } + return rv; +} @@ -131,14 +134,13 @@ diff -up openssh-5.8p1/key.c.fingerprint openssh-5.8p1/key.c +char * +key_selected_fingerprint(Key *k, enum fp_rep dgst_rep) +{ -+ return key_fingerprint(k, key_fingerprint_selection() ? -+ SSH_FP_SHA1 : SSH_FP_MD5, dgst_rep); ++ return key_fingerprint(k, key_fingerprint_selection(), dgst_rep); +} + +char * +key_fingerprint_prefix(void) +{ -+ return key_fingerprint_selection() ? "sha1:" : ""; ++ return key_fingerprint_selection() == SSH_FP_SHA1 ? "sha1:" : ""; +} + /* @@ -146,12 +148,12 @@ diff -up openssh-5.8p1/key.c.fingerprint openssh-5.8p1/key.c * the pointer. The integer must already be initialized. This function is diff -up openssh-5.8p1/key.h.fingerprint openssh-5.8p1/key.h --- openssh-5.8p1/key.h.fingerprint 2010-11-05 00:19:49.000000000 +0100 -+++ openssh-5.8p1/key.h 2011-02-24 10:30:47.000000000 +0100 ++++ openssh-5.8p1/key.h 2011-02-25 09:17:18.000000000 +0100 @@ -96,6 +96,9 @@ int key_equal_public(const Key *, cons int key_equal(const Key *, const Key *); char *key_fingerprint(Key *, enum fp_type, enum fp_rep); u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); -+int key_fingerprint_selection(void); ++enum fp_type key_fingerprint_selection(void); +char *key_selected_fingerprint(Key *, enum fp_rep); +char *key_fingerprint_prefix(void); const char *key_type(const Key *); @@ -159,7 +161,7 @@ diff -up openssh-5.8p1/key.h.fingerprint openssh-5.8p1/key.h int key_write(const Key *, FILE *); diff -up openssh-5.8p1/ssh-add.c.fingerprint openssh-5.8p1/ssh-add.c --- openssh-5.8p1/ssh-add.c.fingerprint 2010-11-11 04:17:02.000000000 +0100 -+++ openssh-5.8p1/ssh-add.c 2011-02-24 10:30:47.000000000 +0100 ++++ openssh-5.8p1/ssh-add.c 2011-02-25 09:17:18.000000000 +0100 @@ -280,10 +280,10 @@ list_identities(AuthenticationConnection key = ssh_get_next_identity(ac, &comment, version)) { had_identities = 1; @@ -177,7 +179,7 @@ diff -up openssh-5.8p1/ssh-add.c.fingerprint openssh-5.8p1/ssh-add.c if (!key_write(key, stdout)) diff -up openssh-5.8p1/ssh-agent.c.fingerprint openssh-5.8p1/ssh-agent.c --- openssh-5.8p1/ssh-agent.c.fingerprint 2010-12-01 01:50:35.000000000 +0100 -+++ openssh-5.8p1/ssh-agent.c 2011-02-24 10:30:47.000000000 +0100 ++++ openssh-5.8p1/ssh-agent.c 2011-02-25 09:17:18.000000000 +0100 @@ -199,9 +199,9 @@ confirm_key(Identity *id) char *p; int ret = -1; @@ -193,7 +195,7 @@ diff -up openssh-5.8p1/ssh-agent.c.fingerprint openssh-5.8p1/ssh-agent.c diff -up openssh-5.8p1/sshconnect2.c.fingerprint openssh-5.8p1/sshconnect2.c --- openssh-5.8p1/sshconnect2.c.fingerprint 2010-12-01 02:21:51.000000000 +0100 -+++ openssh-5.8p1/sshconnect2.c 2011-02-24 10:30:47.000000000 +0100 ++++ openssh-5.8p1/sshconnect2.c 2011-02-25 09:17:18.000000000 +0100 @@ -590,8 +590,9 @@ input_userauth_pk_ok(int type, u_int32_t key->type, pktype); goto done; @@ -220,7 +222,7 @@ diff -up openssh-5.8p1/sshconnect2.c.fingerprint openssh-5.8p1/sshconnect2.c if (key_to_blob(id->key, &blob, &bloblen) == 0) { diff -up openssh-5.8p1/sshconnect.c.fingerprint openssh-5.8p1/sshconnect.c --- openssh-5.8p1/sshconnect.c.fingerprint 2011-01-16 13:17:59.000000000 +0100 -+++ openssh-5.8p1/sshconnect.c 2011-02-24 10:30:47.000000000 +0100 ++++ openssh-5.8p1/sshconnect.c 2011-02-25 09:17:18.000000000 +0100 @@ -798,10 +798,10 @@ check_host_key(char *hostname, struct so "key for IP address '%.128s' to the list " "of known hosts.", type, ip); @@ -316,7 +318,7 @@ diff -up openssh-5.8p1/sshconnect.c.fingerprint openssh-5.8p1/sshconnect.c xfree(fp); diff -up openssh-5.8p1/ssh-keygen.c.fingerprint openssh-5.8p1/ssh-keygen.c --- openssh-5.8p1/ssh-keygen.c.fingerprint 2011-01-11 07:20:31.000000000 +0100 -+++ openssh-5.8p1/ssh-keygen.c 2011-02-24 10:30:47.000000000 +0100 ++++ openssh-5.8p1/ssh-keygen.c 2011-02-25 09:17:18.000000000 +0100 @@ -714,13 +714,14 @@ do_fingerprint(struct passwd *pw) { FILE *f; diff --git a/openssh-5.8p1-fips.patch b/openssh-5.8p1-fips.patch index 6fe3deb..044376e 100644 --- a/openssh-5.8p1-fips.patch +++ b/openssh-5.8p1-fips.patch @@ -1,6 +1,6 @@ diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c --- openssh-5.8p1/authfile.c.fips 2010-12-01 02:03:39.000000000 +0100 -+++ openssh-5.8p1/authfile.c 2011-02-24 10:34:41.000000000 +0100 ++++ openssh-5.8p1/authfile.c 2011-02-25 09:23:19.000000000 +0100 @@ -145,8 +145,14 @@ key_private_rsa1_to_blob(Key *key, Buffe /* Allocate space for the private part of the key in the buffer. */ cp = buffer_append_space(&encrypted, buffer_len(&buffer)); @@ -35,8 +35,8 @@ diff -up openssh-5.8p1/authfile.c.fips openssh-5.8p1/authfile.c buffer_ptr(blob), buffer_len(blob)); cipher_cleanup(&ciphercontext); diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c ---- openssh-5.8p1/cipher.c.fips 2011-02-24 10:34:40.000000000 +0100 -+++ openssh-5.8p1/cipher.c 2011-02-24 10:34:41.000000000 +0100 +--- openssh-5.8p1/cipher.c.fips 2011-02-25 09:23:18.000000000 +0100 ++++ openssh-5.8p1/cipher.c 2011-02-25 09:23:19.000000000 +0100 @@ -40,6 +40,7 @@ #include @@ -123,7 +123,7 @@ diff -up openssh-5.8p1/cipher.c.fips openssh-5.8p1/cipher.c /* diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c --- openssh-5.8p1/cipher-ctr.c.fips 2010-10-07 13:06:42.000000000 +0200 -+++ openssh-5.8p1/cipher-ctr.c 2011-02-24 10:34:41.000000000 +0100 ++++ openssh-5.8p1/cipher-ctr.c 2011-02-25 09:23:19.000000000 +0100 @@ -140,7 +140,8 @@ evp_aes_128_ctr(void) aes_ctr.do_cipher = ssh_aes_ctr; #ifndef SSH_OLD_EVP @@ -135,8 +135,8 @@ diff -up openssh-5.8p1/cipher-ctr.c.fips openssh-5.8p1/cipher-ctr.c return (&aes_ctr); } diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h ---- openssh-5.8p1/cipher.h.fips 2011-02-24 10:34:40.000000000 +0100 -+++ openssh-5.8p1/cipher.h 2011-02-24 10:34:41.000000000 +0100 +--- openssh-5.8p1/cipher.h.fips 2011-02-25 09:23:18.000000000 +0100 ++++ openssh-5.8p1/cipher.h 2011-02-25 09:23:19.000000000 +0100 @@ -87,7 +87,7 @@ void cipher_init(CipherContext *, Ciphe const u_char *, u_int, int); void cipher_crypt(CipherContext *, u_char *, const u_char *, u_int); @@ -147,8 +147,8 @@ diff -up openssh-5.8p1/cipher.h.fips openssh-5.8p1/cipher.h u_int cipher_keylen(const Cipher *); u_int cipher_is_cbc(const Cipher *); diff -up openssh-5.8p1/key.c.fips openssh-5.8p1/key.c ---- openssh-5.8p1/key.c.fips 2011-02-24 10:35:39.000000000 +0100 -+++ openssh-5.8p1/key.c 2011-02-24 10:37:20.000000000 +0100 +--- openssh-5.8p1/key.c.fips 2011-02-25 09:23:19.000000000 +0100 ++++ openssh-5.8p1/key.c 2011-02-25 09:24:35.000000000 +0100 @@ -40,6 +40,7 @@ #include @@ -157,18 +157,26 @@ diff -up openssh-5.8p1/key.c.fips openssh-5.8p1/key.c #include #include -@@ -601,6 +602,8 @@ key_fingerprint_selection(void) - static int rv = -1; +@@ -602,9 +603,13 @@ key_fingerprint_selection(void) + char *env; - if (rv == -1) { + if (!rv_defined) { +- env = getenv("SSH_FINGERPRINT_TYPE"); +- rv = (env && !strcmp (env, "sha")) ? +- SSH_FP_SHA1 : SSH_FP_MD5; + if (FIPS_mode()) -+ return (rv = 1); - env = getenv("SSH_FINGERPRINT_TYPE"); - rv = env && !strcmp (env, "sha"); ++ rv = SSH_FP_SHA1; ++ else { ++ env = getenv("SSH_FINGERPRINT_TYPE"); ++ rv = (env && !strcmp (env, "sha")) ? ++ SSH_FP_SHA1 : SSH_FP_MD5; ++ } + rv_defined = 1; } + return rv; diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c ---- openssh-5.8p1/mac.c.fips 2011-02-24 10:34:40.000000000 +0100 -+++ openssh-5.8p1/mac.c 2011-02-24 10:34:41.000000000 +0100 +--- openssh-5.8p1/mac.c.fips 2011-02-25 09:23:18.000000000 +0100 ++++ openssh-5.8p1/mac.c 2011-02-25 09:23:19.000000000 +0100 @@ -28,6 +28,7 @@ #include @@ -219,8 +227,8 @@ diff -up openssh-5.8p1/mac.c.fips openssh-5.8p1/mac.c for (i = 0; macs[i].name; i++) { if (strcmp(name, macs[i].name) == 0) { diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in ---- openssh-5.8p1/Makefile.in.fips 2011-02-24 10:34:40.000000000 +0100 -+++ openssh-5.8p1/Makefile.in 2011-02-24 10:34:41.000000000 +0100 +--- openssh-5.8p1/Makefile.in.fips 2011-02-25 09:23:19.000000000 +0100 ++++ openssh-5.8p1/Makefile.in 2011-02-25 09:23:19.000000000 +0100 @@ -145,25 +145,25 @@ libssh.a: $(LIBSSH_OBJS) $(RANLIB) $@ @@ -264,7 +272,7 @@ diff -up openssh-5.8p1/Makefile.in.fips openssh-5.8p1/Makefile.in $(LD) -o $@ sftp-server.o sftp-common.o sftp-server-main.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h --- openssh-5.8p1/myproposal.h.fips 2011-01-13 12:00:22.000000000 +0100 -+++ openssh-5.8p1/myproposal.h 2011-02-24 10:34:41.000000000 +0100 ++++ openssh-5.8p1/myproposal.h 2011-02-25 09:23:19.000000000 +0100 @@ -81,7 +81,12 @@ "hmac-sha1-96,hmac-md5-96" #define KEX_DEFAULT_COMP "none,zlib@openssh.com,zlib" @@ -281,7 +289,7 @@ diff -up openssh-5.8p1/myproposal.h.fips openssh-5.8p1/myproposal.h KEX_DEFAULT_KEX, diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbsd-compat/bsd-arc4random.c --- openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips 2010-03-25 22:52:02.000000000 +0100 -+++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-02-24 10:34:41.000000000 +0100 ++++ openssh-5.8p1/openbsd-compat/bsd-arc4random.c 2011-02-25 09:23:19.000000000 +0100 @@ -39,6 +39,7 @@ static int rc4_ready = 0; static RC4_KEY rc4; @@ -325,7 +333,7 @@ diff -up openssh-5.8p1/openbsd-compat/bsd-arc4random.c.fips openssh-5.8p1/openbs #ifndef HAVE_ARC4RANDOM_BUF diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c --- openssh-5.8p1/ssh.c.fips 2011-02-04 01:42:15.000000000 +0100 -+++ openssh-5.8p1/ssh.c 2011-02-24 10:34:41.000000000 +0100 ++++ openssh-5.8p1/ssh.c 2011-02-25 09:23:19.000000000 +0100 @@ -73,6 +73,8 @@ #include @@ -389,8 +397,8 @@ diff -up openssh-5.8p1/ssh.c.fips openssh-5.8p1/ssh.c if (ssh_connect(host, &hostaddr, options.port, options.address_family, options.connection_attempts, &timeout_ms, diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c ---- openssh-5.8p1/sshconnect2.c.fips 2011-02-24 10:34:40.000000000 +0100 -+++ openssh-5.8p1/sshconnect2.c 2011-02-24 10:34:41.000000000 +0100 +--- openssh-5.8p1/sshconnect2.c.fips 2011-02-25 09:23:18.000000000 +0100 ++++ openssh-5.8p1/sshconnect2.c 2011-02-25 09:23:19.000000000 +0100 @@ -44,6 +44,8 @@ #include #endif @@ -424,8 +432,8 @@ diff -up openssh-5.8p1/sshconnect2.c.fips openssh-5.8p1/sshconnect2.c myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = options.hostkeyalgorithms; diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c ---- openssh-5.8p1/sshd.c.fips 2011-02-24 10:34:41.000000000 +0100 -+++ openssh-5.8p1/sshd.c 2011-02-24 10:34:41.000000000 +0100 +--- openssh-5.8p1/sshd.c.fips 2011-02-25 09:23:19.000000000 +0100 ++++ openssh-5.8p1/sshd.c 2011-02-25 09:23:19.000000000 +0100 @@ -76,6 +76,8 @@ #include #include @@ -435,7 +443,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c #include "openbsd-compat/openssl-compat.h" #ifdef HAVE_SECUREWARE -@@ -1363,6 +1365,12 @@ main(int ac, char **av) +@@ -1364,6 +1366,12 @@ main(int ac, char **av) (void)set_auth_parameters(ac, av); #endif __progname = ssh_get_progname(av[0]); @@ -448,7 +456,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c init_rng(); /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ -@@ -1524,8 +1532,6 @@ main(int ac, char **av) +@@ -1525,8 +1533,6 @@ main(int ac, char **av) else closefrom(REEXEC_DEVCRYPTO_RESERVED_FD); @@ -457,7 +465,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c /* * Force logging to stderr until we have loaded the private host * key (unless started from inetd) -@@ -1644,6 +1650,10 @@ main(int ac, char **av) +@@ -1645,6 +1651,10 @@ main(int ac, char **av) debug("private host key: #%d type %d %s", i, key->type, key_type(key)); } @@ -468,7 +476,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c if ((options.protocol & SSH_PROTO_1) && !sensitive_data.have_ssh1_key) { logit("Disabling protocol version 1. Could not load host key"); options.protocol &= ~SSH_PROTO_1; -@@ -1808,6 +1818,10 @@ main(int ac, char **av) +@@ -1809,6 +1819,10 @@ main(int ac, char **av) /* Initialize the random number generator. */ arc4random_stir(); @@ -479,7 +487,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c /* Chdir to the root directory so that the current disk can be unmounted if desired. */ chdir("/"); -@@ -2349,6 +2363,9 @@ do_ssh2_kex(void) +@@ -2350,6 +2364,9 @@ do_ssh2_kex(void) if (options.ciphers != NULL) { myproposal[PROPOSAL_ENC_ALGS_CTOS] = myproposal[PROPOSAL_ENC_ALGS_STOC] = options.ciphers; @@ -489,7 +497,7 @@ diff -up openssh-5.8p1/sshd.c.fips openssh-5.8p1/sshd.c } myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal(myproposal[PROPOSAL_ENC_ALGS_CTOS]); -@@ -2358,6 +2375,9 @@ do_ssh2_kex(void) +@@ -2359,6 +2376,9 @@ do_ssh2_kex(void) if (options.macs != NULL) { myproposal[PROPOSAL_MAC_ALGS_CTOS] = myproposal[PROPOSAL_MAC_ALGS_STOC] = options.macs; diff --git a/openssh.spec b/openssh.spec index 420a265..ec0b24a 100644 --- a/openssh.spec +++ b/openssh.spec @@ -71,7 +71,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %define openssh_ver 5.8p1 -%define openssh_rel 8 +%define openssh_rel 9 %define pam_ssh_agent_ver 0.9.2 %define pam_ssh_agent_rel 30 @@ -619,11 +619,15 @@ fi %endif %changelog +* Fri Feb 25 2011 Jan F. Chadima - 5.8p1-9 + 0.9.2-30 +- another audit improovements + * Thu Feb 24 2011 Jan F. Chadima - 5.8p1-8 + 0.9.2-30 - another audit improovements +- switchable fingerprint mode * Thu Feb 17 2011 Jan F. Chadima - 5.8p1-4 + 0.9.2-30 -- improve audit of server ket management +- improve audit of server key management * Wed Feb 16 2011 Jan F. Chadima - 5.8p1-3 + 0.9.2-30 - improve audit of logins and auths