OpenPKG CVS Repository
http://cvs.openpkg.org/
____________________________________________________________________________
Server: cvs.openpkg.org Name: Ralf S. Engelschall
Root: /v/openpkg/cvs Email: r...@openpkg.org
Module: openpkg-src Date: 25-Feb-2009 12:30:08
Branch: HEAD Handle: 2009022511300700
Modified files:
openpkg-src/openssh openssh.patch openssh.patch.alias
openssh.patch.chroot openssh.patch.lpk
openssh.patch.scpbindir openssh.patch.sftplogging
openssh.patch.watchdog openssh.spec
Log:
upgrading package: openssh 5.1p1 -> 5.2p1
Summary:
Revision Changes Path
1.24 +6 -6 openpkg-src/openssh/openssh.patch
1.14 +18 -18 openpkg-src/openssh/openssh.patch.alias
1.15 +6 -6 openpkg-src/openssh/openssh.patch.chroot
1.2 +56 -59 openpkg-src/openssh/openssh.patch.lpk
1.17 +7 -7 openpkg-src/openssh/openssh.patch.scpbindir
1.16 +32 -26 openpkg-src/openssh/openssh.patch.sftplogging
1.3 +31 -31 openpkg-src/openssh/openssh.patch.watchdog
1.219 +2 -2 openpkg-src/openssh/openssh.spec
____________________________________________________________________________
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch
============================================================================
$ cvs diff -u -r1.23 -r1.24 openssh.patch
--- openpkg-src/openssh/openssh.patch 22 Jul 2008 06:40:10 -0000 1.23
+++ openpkg-src/openssh/openssh.patch 25 Feb 2009 11:30:07 -0000 1.24
@@ -1,6 +1,6 @@
Index: Makefile.in
---- Makefile.in.orig 2008-07-08 16:21:12 +0200
-+++ Makefile.in 2008-07-22 08:30:25 +0200
+--- Makefile.in.orig 2008-11-05 06:20:46 +0100
++++ Makefile.in 2009-02-25 11:19:48 +0100
@@ -232,7 +232,7 @@
-rm -rf autom4te.cache
(cd scard && $(MAKE) -f Makefile.in distprep)
@@ -12,7 +12,7 @@
Index: auth-pam.h
--- auth-pam.h.orig 2004-09-11 14:17:26 +0200
-+++ auth-pam.h 2008-07-22 08:30:25 +0200
++++ auth-pam.h 2009-02-25 11:19:48 +0100
@@ -28,7 +28,7 @@
#ifdef USE_PAM
@@ -23,10 +23,10 @@
void start_pam(Authctxt *);
Index: version.h
---- version.h.orig 2008-07-21 10:21:06 +0200
-+++ version.h 2008-07-22 08:30:25 +0200
+--- version.h.orig 2009-02-23 01:09:26 +0100
++++ version.h 2009-02-25 11:19:48 +0100
@@ -3,4 +3,4 @@
- #define SSH_VERSION "OpenSSH_5.1"
+ #define SSH_VERSION "OpenSSH_5.2"
#define SSH_PORTABLE "p1"
-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch.alias
============================================================================
$ cvs diff -u -r1.13 -r1.14 openssh.patch.alias
--- openpkg-src/openssh/openssh.patch.alias 22 Jul 2008 06:40:10 -0000
1.13
+++ openpkg-src/openssh/openssh.patch.alias 25 Feb 2009 11:30:07 -0000
1.14
@@ -1,6 +1,6 @@
Index: auth1.c
--- auth1.c.orig 2008-07-09 12:54:05 +0200
-+++ auth1.c 2008-07-22 08:31:42 +0200
++++ auth1.c 2009-02-25 11:20:14 +0100
@@ -40,6 +40,9 @@
#endif
#include "monitor_wrap.h"
@@ -49,8 +49,8 @@
authctxt->style = style;
Index: auth2.c
---- auth2.c.orig 2008-07-05 01:44:53 +0200
-+++ auth2.c 2008-07-22 08:31:42 +0200
+--- auth2.c.orig 2008-11-05 06:20:46 +0100
++++ auth2.c 2009-02-25 11:20:14 +0100
@@ -49,6 +49,9 @@
#include "dispatch.h"
#include "pathnames.h"
@@ -61,7 +61,7 @@
#ifdef GSSAPI
#include "ssh-gss.h"
-@@ -211,6 +214,10 @@
+@@ -217,6 +220,10 @@
Authmethod *m = NULL;
char *user, *service, *method, *style = NULL;
int authenticated = 0;
@@ -72,7 +72,7 @@
if (authctxt == NULL)
fatal("input_userauth_request: no authctxt");
-@@ -224,6 +231,25 @@
+@@ -230,6 +237,25 @@
if ((style = strchr(user, ':')) != NULL)
*style++ = 0;
@@ -99,29 +99,29 @@
/* setup auth context */
authctxt->pw = PRIVSEP(getpwnamallow(user));
Index: servconf.c
---- servconf.c.orig 2008-07-04 05:51:12 +0200
-+++ servconf.c 2008-07-22 08:32:07 +0200
-@@ -127,6 +127,9 @@
- options->num_permitted_opens = -1;
+--- servconf.c.orig 2009-01-28 06:31:23 +0100
++++ servconf.c 2009-02-25 12:21:31 +0100
+@@ -128,6 +128,9 @@
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
+ options->zero_knowledge_password_authentication = -1;
+#ifdef USE_ALIAS
+ options->num_alias = 0;
+#endif
}
void
-@@ -302,6 +305,9 @@
- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+@@ -306,6 +309,9 @@
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
+ sZeroKnowledgePasswordAuthentication,
+#ifdef USE_ALIAS
+ sAlias,
+#endif
sDeprecated, sUnsupported
} ServerOpCodes;
-@@ -415,6 +421,9 @@
+@@ -424,6 +430,9 @@
{ "permitopen", sPermitOpen, SSHCFG_ALL },
{ "forcecommand", sForceCommand, SSHCFG_ALL },
{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
@@ -131,7 +131,7 @@
{ NULL, sBadOption, 0 }
};
-@@ -1288,6 +1297,26 @@
+@@ -1301,6 +1310,26 @@
arg = strdelim(&cp);
break;
@@ -159,9 +159,9 @@
logit("%s line %d: Unsupported option %s",
filename, linenum, arg);
Index: servconf.h
---- servconf.h.orig 2008-06-10 15:01:51 +0200
-+++ servconf.h 2008-07-22 08:31:42 +0200
-@@ -149,6 +149,14 @@
+--- servconf.h.orig 2009-01-28 06:31:23 +0100
++++ servconf.h 2009-02-25 11:20:14 +0100
+@@ -151,6 +151,14 @@
int num_permitted_opens;
char *chroot_directory;
@@ -177,8 +177,8 @@
void initialize_server_options(ServerOptions *);
Index: sshd_config.5
---- sshd_config.5.orig 2008-07-02 14:35:43 +0200
-+++ sshd_config.5 2008-07-22 08:32:30 +0200
+--- sshd_config.5.orig 2009-02-23 01:00:24 +0100
++++ sshd_config.5 2009-02-25 11:20:14 +0100
@@ -104,6 +104,15 @@
Note that disabling agent forwarding does not improve security
unless users are also denied shell access, as they can always install
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch.chroot
============================================================================
$ cvs diff -u -r1.14 -r1.15 openssh.patch.chroot
--- openpkg-src/openssh/openssh.patch.chroot 22 Jul 2008 06:40:11 -0000
1.14
+++ openpkg-src/openssh/openssh.patch.chroot 25 Feb 2009 11:30:07 -0000
1.15
@@ -1,6 +1,6 @@
Index: scp.c
---- scp.c.orig 2008-07-04 15:10:49 +0200
-+++ scp.c 2008-07-22 08:33:00 +0200
+--- scp.c.orig 2008-11-03 09:23:45 +0100
++++ scp.c 2009-02-25 12:22:04 +0100
@@ -140,6 +140,11 @@
/* This is the program to execute for the secured connection. ("ssh" or -S)
*/
char *ssh_program = _PATH_SSH_PROGRAM;
@@ -58,9 +58,9 @@
/* Follow "protocol", send data. */
(void) response();
Index: session.c
---- session.c.orig 2008-06-16 15:29:18 +0200
-+++ session.c 2008-07-22 08:33:00 +0200
-@@ -1533,6 +1533,25 @@
+--- session.c.orig 2009-01-28 06:29:49 +0100
++++ session.c 2009-02-25 12:22:04 +0100
+@@ -1539,6 +1539,25 @@
free(tmp);
free(chroot_path);
}
@@ -88,7 +88,7 @@
if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) {
Index: sftp-server.c
--- sftp-server.c.orig 2008-07-04 06:10:19 +0200
-+++ sftp-server.c 2008-07-22 08:33:00 +0200
++++ sftp-server.c 2009-02-25 12:22:04 +0100
@@ -1387,6 +1387,38 @@
logit("session opened for local user %s from [%s]",
pw->pw_name, client_addr);
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch.lpk
============================================================================
$ cvs diff -u -r1.1 -r1.2 openssh.patch.lpk
--- openpkg-src/openssh/openssh.patch.lpk 15 Nov 2008 09:14:28 -0000
1.1
+++ openpkg-src/openssh/openssh.patch.lpk 25 Feb 2009 11:30:07 -0000
1.2
@@ -1,10 +1,6 @@
-OpenSSH LPK Patch
-Forward ported from the upstream vendor patch
-http://dev.inversepath.com/openssh-lpk/openssh-lpk-4.6p1-0.3.9.patch
-
Index: Makefile.in
---- Makefile.in.orig 2008-07-08 16:21:12 +0200
-+++ Makefile.in 2008-11-15 10:10:10 +0100
+--- Makefile.in.orig 2008-11-05 06:20:46 +0100
++++ Makefile.in 2009-02-25 12:22:32 +0100
@@ -86,7 +86,7 @@
auth-krb5.o \
auth2-gss.o gss-serv.o gss-serv-krb5.o \
@@ -15,8 +11,8 @@
MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out
ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out
sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out
ssh_config.5.out
MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1
ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8
sshd_config.5 ssh_config.5
Index: README.lpk
---- /dev/null 2008-11-15 10:10:30 +0100
-+++ README.lpk 2008-11-15 10:10:10 +0100
+--- /dev/null 2009-02-25 12:22:00 +0100
++++ README.lpk 2009-02-25 12:22:32 +0100
@@ -0,0 +1,267 @@
+OpenSSH LDAP PUBLIC KEY PATCH
+Copyright (c) 2003 Eric AUGE (e...@phear.org)
@@ -287,7 +283,7 @@
+ - Andrea Barisani <and...@inversepath.com>
Index: auth-rsa.c
--- auth-rsa.c.orig 2008-07-02 14:37:30 +0200
-+++ auth-rsa.c 2008-11-15 10:10:10 +0100
++++ auth-rsa.c 2009-02-25 12:22:32 +0100
@@ -174,10 +174,96 @@
FILE *f;
u_long linenum = 0;
@@ -387,7 +383,7 @@
debug("trying public RSA key file %s", file);
Index: auth2-pubkey.c
--- auth2-pubkey.c.orig 2008-07-04 04:54:25 +0200
-+++ auth2-pubkey.c 2008-11-15 10:10:10 +0100
++++ auth2-pubkey.c 2009-02-25 12:22:32 +0100
@@ -55,6 +55,10 @@
#include "monitor_wrap.h"
#include "misc.h"
@@ -480,9 +476,9 @@
f = auth_openkeyfile(file, pw, options.strict_modes);
Index: config.h.in
---- config.h.in.orig 2008-07-21 10:30:49 +0200
-+++ config.h.in 2008-11-15 10:10:10 +0100
-@@ -560,6 +560,9 @@
+--- config.h.in.orig 2009-02-23 01:18:12 +0100
++++ config.h.in 2009-02-25 12:22:32 +0100
+@@ -563,6 +563,9 @@
/* Define to 1 if you have the <linux/if_tun.h> header file. */
#undef HAVE_LINUX_IF_TUN_H
@@ -493,9 +489,9 @@
#undef HAVE_LOGIN
Index: configure.ac
---- configure.ac.orig 2008-07-09 13:07:19 +0200
-+++ configure.ac 2008-11-15 10:10:10 +0100
-@@ -1299,6 +1299,37 @@
+--- configure.ac.orig 2009-02-16 05:37:03 +0100
++++ configure.ac 2009-02-25 12:22:32 +0100
+@@ -1314,6 +1314,37 @@
esac ]
)
@@ -533,7 +529,7 @@
dnl Checks for library functions. Please keep in alphabetical order
AC_CHECK_FUNCS( \
arc4random \
-@@ -4137,6 +4168,7 @@
+@@ -4163,6 +4194,7 @@
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
@@ -542,8 +538,8 @@
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
Index: configure
---- configure.orig 2008-07-21 10:30:50 +0200
-+++ configure 2008-11-15 10:10:10 +0100
+--- configure.orig 2009-02-23 01:18:14 +0100
++++ configure 2009-02-25 12:22:32 +0100
@@ -1340,6 +1340,7 @@
--with-tcp-wrappers[=PATH] Enable tcpwrappers support (optionally in PATH)
--with-libedit[=PATH] Enable libedit support for sftp
@@ -552,7 +548,7 @@
--with-ssl-dir=PATH Specify path to OpenSSL installation
--without-openssl-header-check Disable OpenSSL version consistency check
--with-ssl-engine Enable OpenSSL (hardware) ENGINE support
-@@ -12568,6 +12569,85 @@
+@@ -12767,6 +12768,85 @@
fi
@@ -638,7 +634,7 @@
-@@ -30135,6 +30215,7 @@
+@@ -30543,6 +30623,7 @@
echo " Smartcard support: $SCARD_MSG"
echo " S/KEY support: $SKEY_MSG"
echo " TCP Wrappers support: $TCPW_MSG"
@@ -647,11 +643,11 @@
echo " libedit support: $LIBEDIT_MSG"
echo " Solaris process contract support: $SPC_MSG"
Index: ldapauth.c
---- /dev/null 2008-11-15 10:10:30 +0100
-+++ ldapauth.c 2008-11-15 10:10:30 +0100
+--- /dev/null 2009-02-25 12:22:00 +0100
++++ ldapauth.c 2009-02-25 12:22:32 +0100
@@ -0,0 +1,576 @@
+/*
-+ * $Id: openssh.patch.lpk,v 1.1 2008/11/15 09:14:28 rse Exp $
++ * $Id: openssh.patch.lpk,v 1.2 2009/02/25 11:30:07 rse Exp $
+ */
+
+/*
@@ -1227,11 +1223,11 @@
+
+#endif /* WITH_LDAP_PUBKEY */
Index: ldapauth.h
---- /dev/null 2008-11-15 10:10:30 +0100
-+++ ldapauth.h 2008-11-15 10:10:10 +0100
+--- /dev/null 2009-02-25 12:22:00 +0100
++++ ldapauth.h 2009-02-25 12:22:32 +0100
@@ -0,0 +1,124 @@
+/*
-+ * $Id: openssh.patch.lpk,v 1.1 2008/11/15 09:14:28 rse Exp $
++ * $Id: openssh.patch.lpk,v 1.2 2009/02/25 11:30:07 rse Exp $
+ */
+
+/*
@@ -1355,8 +1351,8 @@
+
+#endif
Index: lpk-user-example.txt
---- /dev/null 2008-11-15 10:10:30 +0100
-+++ lpk-user-example.txt 2008-11-15 10:10:10 +0100
+--- /dev/null 2009-02-25 12:22:00 +0100
++++ lpk-user-example.txt 2009-02-25 12:22:32 +0100
@@ -0,0 +1,117 @@
+
+Post to ML -> User Made Quick Install Doc.
@@ -1476,8 +1472,8 @@
+
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Index: openssh-lpk_openldap.schema
---- /dev/null 2008-11-15 10:10:30 +0100
-+++ openssh-lpk_openldap.schema 2008-11-15 10:10:10 +0100
+--- /dev/null 2009-02-25 12:22:00 +0100
++++ openssh-lpk_openldap.schema 2009-02-25 12:22:32 +0100
@@ -0,0 +1,19 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -1499,8 +1495,8 @@
+ MUST ( sshPublicKey $ uid )
+ )
Index: openssh-lpk_sun.schema
---- /dev/null 2008-11-15 10:10:30 +0100
-+++ openssh-lpk_sun.schema 2008-11-15 10:10:10 +0100
+--- /dev/null 2009-02-25 12:22:00 +0100
++++ openssh-lpk_sun.schema 2009-02-25 12:22:32 +0100
@@ -0,0 +1,21 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
@@ -1524,8 +1520,8 @@
+ MUST ( sshPublicKey $ uid )
+ )
Index: servconf.c
---- servconf.c.orig 2008-07-04 05:51:12 +0200
-+++ servconf.c 2008-11-15 10:10:10 +0100
+--- servconf.c.orig 2009-01-28 06:31:23 +0100
++++ servconf.c 2009-02-25 12:24:13 +0100
@@ -42,6 +42,10 @@
#include "channels.h"
#include "groupaccess.h"
@@ -1534,13 +1530,13 @@
+#include "ldapauth.h"
+#endif
+
- static void add_listen_addr(ServerOptions *, char *, u_short);
- static void add_one_listen_addr(ServerOptions *, char *, u_short);
+ static void add_listen_addr(ServerOptions *, char *, int);
+ static void add_one_listen_addr(ServerOptions *, char *, int);
-@@ -127,6 +131,24 @@
- options->num_permitted_opens = -1;
+@@ -128,6 +132,24 @@
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
+ options->zero_knowledge_password_authentication = -1;
+#ifdef WITH_LDAP_PUBKEY
+ /* XXX dirty */
+ options->lpk.ld = NULL;
@@ -1562,10 +1558,10 @@
}
void
-@@ -258,6 +280,32 @@
- options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
- if (options->permit_tun == -1)
- options->permit_tun = SSH_TUNMODE_NO;
+@@ -262,6 +284,33 @@
+ if (options->zero_knowledge_password_authentication == -1)
+ options->zero_knowledge_password_authentication = 0;
+
+#ifdef WITH_LDAP_PUBKEY
+ if (options->lpk.on == -1)
+ options->lpk.on = _DEFAULT_LPK_ON;
@@ -1592,12 +1588,13 @@
+ if (options->lpk.l_conf == NULL)
+ options->lpk.l_conf = _DEFAULT_LPK_LDP;
+#endif
-
++
/* Turn privilege separation on by default */
if (use_privsep == -1)
-@@ -303,6 +351,12 @@
- sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
+ use_privsep = 1;
+@@ -307,6 +356,12 @@
sUsePrivilegeSeparation, sAllowAgentForwarding,
+ sZeroKnowledgePasswordAuthentication,
sDeprecated, sUnsupported
+#ifdef WITH_LDAP_PUBKEY
+ ,sLdapPublickey, sLdapServers, sLdapUserDN
@@ -1608,7 +1605,7 @@
} ServerOpCodes;
#define SSHCFG_GLOBAL 0x01 /* allowed in main section of
sshd_config */
-@@ -408,6 +462,20 @@
+@@ -417,6 +472,20 @@
{ "clientalivecountmax", sClientAliveCountMax, SSHCFG_GLOBAL },
{ "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_GLOBAL },
{ "authorizedkeysfile2", sAuthorizedKeysFile2, SSHCFG_GLOBAL },
@@ -1629,7 +1626,7 @@
{ "useprivilegeseparation", sUsePrivilegeSeparation, SSHCFG_GLOBAL },
{ "acceptenv", sAcceptEnv, SSHCFG_GLOBAL },
{ "permittunnel", sPermitTunnel, SSHCFG_GLOBAL },
-@@ -1294,6 +1362,107 @@
+@@ -1307,6 +1376,107 @@
while (arg)
arg = strdelim(&cp);
break;
@@ -1738,8 +1735,8 @@
default:
fatal("%s line %d: Missing handler for opcode %s (%d)",
Index: servconf.h
---- servconf.h.orig 2008-06-10 15:01:51 +0200
-+++ servconf.h 2008-11-15 10:10:10 +0100
+--- servconf.h.orig 2009-01-28 06:31:23 +0100
++++ servconf.h 2009-02-25 12:22:32 +0100
@@ -16,6 +16,10 @@
#ifndef SERVCONF_H
#define SERVCONF_H
@@ -1751,7 +1748,7 @@
#define MAX_PORTS 256 /* Max # ports. */
#define MAX_ALLOW_USERS 256 /* Max # users on allow list. */
-@@ -145,6 +149,9 @@
+@@ -147,6 +151,9 @@
int use_pam; /* Enable auth via PAM */
int permit_tun;
@@ -1762,9 +1759,9 @@
int num_permitted_opens;
Index: sshd.c
---- sshd.c.orig 2008-07-11 09:36:49 +0200
-+++ sshd.c 2008-11-15 10:10:10 +0100
-@@ -127,6 +127,10 @@
+--- sshd.c.orig 2009-01-28 06:31:23 +0100
++++ sshd.c 2009-02-25 12:22:32 +0100
+@@ -126,6 +126,10 @@
int deny_severity;
#endif /* LIBWRAP */
@@ -1775,7 +1772,7 @@
#ifndef O_NOCTTY
#define O_NOCTTY 0
#endif
-@@ -1484,6 +1488,16 @@
+@@ -1483,6 +1487,16 @@
exit(1);
}
@@ -1793,9 +1790,9 @@
/* Store privilege separation user for later use if required. */
Index: sshd_config.5
---- sshd_config.5.orig 2008-07-02 14:35:43 +0200
-+++ sshd_config.5 2008-11-15 10:10:10 +0100
-@@ -1003,6 +1003,62 @@
+--- sshd_config.5.orig 2009-02-23 01:00:24 +0100
++++ sshd_config.5 2009-02-25 12:22:32 +0100
+@@ -1005,6 +1005,62 @@
program.
The default is
.Pa /usr/X11R6/bin/xauth .
@@ -1860,7 +1857,7 @@
.Xr sshd 8
Index: sshd_config
--- sshd_config.orig 2008-07-02 14:35:43 +0200
-+++ sshd_config 2008-11-15 10:10:10 +0100
++++ sshd_config 2009-02-25 12:22:32 +0100
@@ -109,6 +109,19 @@
# no default banner path
#Banner none
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch.scpbindir
============================================================================
$ cvs diff -u -r1.16 -r1.17 openssh.patch.scpbindir
--- openpkg-src/openssh/openssh.patch.scpbindir 22 Jul 2008 06:40:11
-0000 1.16
+++ openpkg-src/openssh/openssh.patch.scpbindir 25 Feb 2009 11:30:07
-0000 1.17
@@ -1,9 +1,9 @@
Index: session.c
---- session.c.orig 2008-06-16 15:29:18 +0200
-+++ session.c 2008-07-22 08:31:23 +0200
-@@ -95,6 +95,10 @@
- #include <kafs.h>
- #endif
+--- session.c.orig 2009-01-28 06:29:49 +0100
++++ session.c 2009-02-25 12:24:37 +0100
+@@ -101,6 +101,10 @@
+ c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \
+ c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t'))
+#ifndef SCPBINDIR
+#define SCPBINDIR "@l_prefix@/bin"
@@ -12,7 +12,7 @@
/* func */
Session *session_new(void);
-@@ -777,6 +781,20 @@
+@@ -783,6 +787,20 @@
do_exec(Session *s, const char *command)
{
int ret;
@@ -33,7 +33,7 @@
if (options.adm_forced_command) {
original_command = command;
-@@ -813,6 +831,8 @@
+@@ -819,6 +837,8 @@
ret = do_exec_no_pty(s, command);
original_command = NULL;
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch.sftplogging
============================================================================
$ cvs diff -u -r1.15 -r1.16 openssh.patch.sftplogging
--- openpkg-src/openssh/openssh.patch.sftplogging 15 Nov 2008 08:40:42
-0000 1.15
+++ openpkg-src/openssh/openssh.patch.sftplogging 25 Feb 2009 11:30:07
-0000 1.16
@@ -1,10 +1,10 @@
Index: servconf.c
---- servconf.c.orig 2008-07-04 05:51:12 +0200
-+++ servconf.c 2008-07-22 08:33:33 +0200
-@@ -127,6 +127,12 @@
- options->num_permitted_opens = -1;
+--- servconf.c.orig 2009-01-28 06:31:23 +0100
++++ servconf.c 2009-02-25 12:25:26 +0100
+@@ -128,6 +128,12 @@
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
+ options->zero_knowledge_password_authentication = -1;
+ options->log_sftp = LOG_SFTP_NOT_SET;
+ options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET;
+ options->sftp_log_level = SYSLOG_LEVEL_NOT_SET;
@@ -14,9 +14,9 @@
}
void
-@@ -259,6 +265,24 @@
- if (options->permit_tun == -1)
- options->permit_tun = SSH_TUNMODE_NO;
+@@ -262,6 +268,24 @@
+ if (options->zero_knowledge_password_authentication == -1)
+ options->zero_knowledge_password_authentication = 0;
+ /* Turn sftp-server logging off by default */
+ if (options->log_sftp == LOG_SFTP_NOT_SET)
@@ -39,17 +39,17 @@
/* Turn privilege separation on by default */
if (use_privsep == -1)
use_privsep = 1;
-@@ -302,6 +326,9 @@
- sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+@@ -306,6 +330,9 @@
sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
sUsePrivilegeSeparation, sAllowAgentForwarding,
+ sZeroKnowledgePasswordAuthentication,
+ sLogSftp, sSftpLogFacility, sSftpLogLevel,
+ sSftpUmask,
+ sSftpPermitChown, sSftpPermitChmod,
sDeprecated, sUnsupported
} ServerOpCodes;
-@@ -316,6 +343,12 @@
+@@ -320,6 +347,12 @@
u_int flags;
} keywords[] = {
/* Portable-specific options */
@@ -62,8 +62,8 @@
#ifdef USE_PAM
{ "usepam", sUsePAM, SSHCFG_GLOBAL },
#else
-@@ -636,6 +669,8 @@
- u_short port;
+@@ -645,6 +678,8 @@
+ int port;
u_int i, flags = 0;
size_t len;
+ unsigned int umaskvalue = 0;
@@ -71,7 +71,7 @@
cp = line;
if ((arg = strdelim(&cp)) == NULL)
-@@ -1165,6 +1200,58 @@
+@@ -1178,6 +1213,58 @@
charptr = &options->banner;
goto parse_filename;
@@ -130,8 +130,9 @@
/*
* These options can contain %X options expanded at
* connect time, so that you can specify paths like:
---- servconf.h.orig 2008-06-10 15:01:51 +0200
-+++ servconf.h 2008-07-22 08:33:13 +0200
+Index: servconf.h
+--- servconf.h.orig 2009-01-28 06:31:23 +0100
++++ servconf.h 2009-02-25 12:25:01 +0100
@@ -34,6 +34,19 @@
#define PERMIT_NO_PASSWD 2
#define PERMIT_YES 3
@@ -152,7 +153,7 @@
#define DEFAULT_AUTH_FAIL_MAX 6 /* Default for MaxAuthTries */
#define DEFAULT_SESSIONS_MAX 10 /* Default for MaxSessions */
-@@ -149,6 +162,12 @@
+@@ -151,6 +164,12 @@
int num_permitted_opens;
char *chroot_directory;
@@ -165,9 +166,10 @@
} ServerOptions;
void initialize_server_options(ServerOptions *);
---- session.c.orig 2008-06-16 15:29:18 +0200
-+++ session.c 2008-07-22 08:33:13 +0200
-@@ -146,6 +146,15 @@
+Index: session.c
+--- session.c.orig 2009-01-28 06:29:49 +0100
++++ session.c 2009-02-25 12:25:01 +0100
+@@ -152,6 +152,15 @@
static int is_child = 0;
@@ -183,7 +185,7 @@
/* Name and directory of socket for authentication agent forwarding. */
static char *auth_sock_name = NULL;
static char *auth_sock_dir = NULL;
-@@ -1279,6 +1289,67 @@
+@@ -1285,6 +1294,67 @@
child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
auth_sock_name);
@@ -251,8 +253,9 @@
/* read $HOME/.ssh/environment. */
if (options.permit_user_env && !options.use_login) {
snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
+Index: sftp-server.8
--- sftp-server.8.orig 2008-07-21 10:20:40 +0200
-+++ sftp-server.8 2008-07-22 08:33:14 +0200
++++ sftp-server.8 2009-02-25 12:25:01 +0100
@@ -49,6 +49,20 @@
.Cm Subsystem
declaration.
@@ -274,8 +277,9 @@
.Xr sshd_config 5
for more information.
.Pp
+Index: sftp-server.c
--- sftp-server.c.orig 2008-07-04 06:10:19 +0200
-+++ sftp-server.c 2008-07-22 08:35:27 +0200
++++ sftp-server.c 2009-02-25 12:25:01 +0100
@@ -59,6 +59,12 @@
/* Our verbosity */
LogLevel log_level = SYSLOG_LEVEL_ERROR;
@@ -564,8 +568,9 @@
#ifdef HAVE_CYGWIN
setmode(in, O_BINARY);
setmode(out, O_BINARY);
---- sshd_config.5.orig 2008-07-02 14:35:43 +0200
-+++ sshd_config.5 2008-07-22 08:35:50 +0200
+Index: sshd_config.5
+--- sshd_config.5.orig 2009-02-23 01:00:24 +0100
++++ sshd_config.5 2009-02-25 12:25:01 +0100
@@ -539,6 +539,10 @@
DEBUG and DEBUG1 are equivalent.
DEBUG2 and DEBUG3 each specify higher levels of debugging output.
@@ -577,7 +582,7 @@
.It Cm MACs
Specifies the available MAC (message authentication code) algorithms.
The MAC algorithm is used in protocol version 2
-@@ -812,6 +816,37 @@
+@@ -814,6 +818,37 @@
.It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key.
The minimum value is 512, and the default is 1024.
@@ -615,8 +620,9 @@
.It Cm StrictModes
Specifies whether
.Xr sshd 8
+Index: sshd_config
--- sshd_config.orig 2008-07-02 14:35:43 +0200
-+++ sshd_config 2008-07-22 08:33:14 +0200
++++ sshd_config 2009-02-25 12:25:01 +0100
@@ -112,6 +112,17 @@
# override default of no subsystems
Subsystem sftp /usr/libexec/sftp-server
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.patch.watchdog
============================================================================
$ cvs diff -u -r1.2 -r1.3 openssh.patch.watchdog
--- openpkg-src/openssh/openssh.patch.watchdog 22 Nov 2008 08:25:55
-0000 1.2
+++ openpkg-src/openssh/openssh.patch.watchdog 25 Feb 2009 11:30:07
-0000 1.3
@@ -4,9 +4,9 @@
http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-4.4p1-watchdog.patch.tgz
Index: clientloop.c
---- clientloop.c.orig 2008-07-16 14:40:52 +0200
-+++ clientloop.c 2008-11-15 10:14:27 +0100
-@@ -155,6 +155,7 @@
+--- clientloop.c.orig 2009-02-14 06:28:21 +0100
++++ clientloop.c 2009-02-25 12:25:48 +0100
+@@ -154,6 +154,7 @@
static u_int buffer_high;/* Soft max buffer size. */
static int connection_in; /* Connection to server (input). */
static int connection_out; /* Connection to server (output). */
@@ -14,7 +14,7 @@
static int need_rekeying; /* Set to non-zero if rekeying is requested. */
static int session_closed = 0; /* In SSH2: login session closed. */
-@@ -568,16 +569,19 @@
+@@ -567,16 +568,19 @@
* event pending.
*/
@@ -41,7 +41,7 @@
/*
* We have to clear the select masks, because we return.
-@@ -593,8 +597,43 @@
+@@ -592,8 +596,43 @@
snprintf(buf, sizeof buf, "select: %s\r\n", strerror(errno));
buffer_append(&stderr_buffer, buf, strlen(buf));
quit_pending = 1;
@@ -87,7 +87,7 @@
}
static void
-@@ -1305,6 +1344,7 @@
+@@ -1311,6 +1350,7 @@
debug("Entering interactive session.");
start_time = get_current_time();
@@ -96,8 +96,8 @@
/* Initialize variables. */
escape_pending1 = 0;
Index: readconf.c
---- readconf.c.orig 2008-06-29 16:04:03 +0200
-+++ readconf.c 2008-11-15 10:14:27 +0100
+--- readconf.c.orig 2009-02-14 06:28:21 +0100
++++ readconf.c 2009-02-25 12:25:48 +0100
@@ -118,7 +118,7 @@
oUser, oHost, oEscapeChar, oRhostsRSAAuthentication, oProxyCommand,
oGlobalKnownHostsFile, oUserKnownHostsFile, oConnectionAttempts,
@@ -115,7 +115,7 @@
{ "numberofpasswordprompts", oNumberOfPasswordPrompts },
{ "loglevel", oLogLevel },
{ "dynamicforward", oDynamicForward },
-@@ -492,6 +493,10 @@
+@@ -501,6 +502,10 @@
intptr = &options->no_host_authentication_for_localhost;
goto parse_flag;
@@ -126,7 +126,7 @@
case oNumberOfPasswordPrompts:
intptr = &options->number_of_password_prompts;
goto parse_int;
-@@ -1027,6 +1032,7 @@
+@@ -1019,6 +1024,7 @@
options->strict_host_key_checking = -1;
options->compression = -1;
options->tcp_keep_alive = -1;
@@ -134,7 +134,7 @@
options->compression_level = -1;
options->port = -1;
options->address_family = -1;
-@@ -1126,6 +1132,8 @@
+@@ -1119,6 +1125,8 @@
options->compression = 0;
if (options->tcp_keep_alive == -1)
options->tcp_keep_alive = 1;
@@ -144,9 +144,9 @@
options->compression_level = 6;
if (options->port == -1)
Index: readconf.h
---- readconf.h.orig 2008-06-29 16:04:03 +0200
-+++ readconf.h 2008-11-15 10:14:27 +0100
-@@ -56,6 +56,9 @@
+--- readconf.h.orig 2009-02-14 06:28:21 +0100
++++ readconf.h 2009-02-25 12:25:48 +0100
+@@ -57,6 +57,9 @@
int compression_level; /* Compression level 1 (fast) to 9
* (best). */
int tcp_keep_alive; /* Set SO_KEEPALIVE. */
@@ -157,8 +157,8 @@
int port; /* Port to connect. */
Index: servconf.c
---- servconf.c.orig 2008-07-04 05:51:12 +0200
-+++ servconf.c 2008-11-15 10:14:27 +0100
+--- servconf.c.orig 2009-01-28 06:31:23 +0100
++++ servconf.c 2009-02-25 12:25:48 +0100
@@ -80,6 +80,8 @@
options->xauth_location = NULL;
options->strict_modes = -1;
@@ -168,7 +168,7 @@
options->log_facility = SYSLOG_FACILITY_NOT_SET;
options->log_level = SYSLOG_LEVEL_NOT_SET;
options->rhosts_rsa_authentication = -1;
-@@ -185,6 +187,10 @@
+@@ -186,6 +188,10 @@
options->strict_modes = 1;
if (options->tcp_keep_alive == -1)
options->tcp_keep_alive = 1;
@@ -179,7 +179,7 @@
if (options->log_facility == SYSLOG_FACILITY_NOT_SET)
options->log_facility = SYSLOG_FACILITY_AUTH;
if (options->log_level == SYSLOG_LEVEL_NOT_SET)
-@@ -290,7 +296,7 @@
+@@ -293,7 +299,7 @@
sListenAddress, sAddressFamily,
sPrintMotd, sPrintLastLog, sIgnoreRhosts,
sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost,
@@ -188,7 +188,7 @@
sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression,
sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups,
sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile,
-@@ -386,6 +392,8 @@
+@@ -395,6 +401,8 @@
{ "compression", sCompression, SSHCFG_GLOBAL },
{ "tcpkeepalive", sTCPKeepAlive, SSHCFG_GLOBAL },
{ "keepalive", sTCPKeepAlive, SSHCFG_GLOBAL }, /* obsolete alias */
@@ -197,7 +197,7 @@
{ "allowtcpforwarding", sAllowTcpForwarding, SSHCFG_ALL },
{ "allowagentforwarding", sAllowAgentForwarding, SSHCFG_ALL },
{ "allowusers", sAllowUsers, SSHCFG_GLOBAL },
-@@ -930,6 +938,14 @@
+@@ -943,6 +951,14 @@
intptr = &options->tcp_keep_alive;
goto parse_flag;
@@ -213,8 +213,8 @@
intptr = &options->permit_empty_passwd;
goto parse_flag;
Index: servconf.h
---- servconf.h.orig 2008-06-10 15:01:51 +0200
-+++ servconf.h 2008-11-15 10:14:27 +0100
+--- servconf.h.orig 2009-01-28 06:31:23 +0100
++++ servconf.h 2009-02-25 12:25:48 +0100
@@ -67,6 +67,10 @@
char *xauth_location; /* Location of xauth program */
int strict_modes; /* If true, require string home dir modes. */
@@ -227,8 +227,8 @@
char *macs; /* Supported SSH2 macs. */
int protocol; /* Supported protocol versions. */
Index: serverloop.c
---- serverloop.c.orig 2008-07-04 15:10:49 +0200
-+++ serverloop.c 2008-11-15 10:15:01 +0100
+--- serverloop.c.orig 2009-02-14 06:33:09 +0100
++++ serverloop.c 2009-02-25 12:25:48 +0100
@@ -106,6 +106,8 @@
static int connection_closed = 0; /* Connection to client closed. */
static u_int buffer_high; /* "Soft" max buffer size. */
@@ -400,8 +400,8 @@
if (!rekeying) {
channel_after_select(readset, writeset);
Index: ssh.1
---- ssh.1.orig 2008-07-04 04:53:50 +0200
-+++ ssh.1 2008-11-15 10:14:27 +0100
+--- ssh.1.orig 2009-02-14 06:34:05 +0100
++++ ssh.1 2009-02-25 12:25:48 +0100
@@ -470,6 +470,7 @@
.It GSSAPIAuthentication
.It GSSAPIDelegateCredentials
@@ -411,8 +411,8 @@
.It HostbasedAuthentication
.It HostKeyAlgorithms
Index: ssh_config.5
---- ssh_config.5.orig 2008-06-29 16:04:03 +0200
-+++ ssh_config.5 2008-11-15 10:14:27 +0100
+--- ssh_config.5.orig 2009-02-23 00:53:58 +0100
++++ ssh_config.5 2009-02-25 12:25:48 +0100
@@ -500,6 +500,23 @@
will not be converted automatically,
but may be manually hashed using
@@ -438,9 +438,9 @@
Specifies whether to try rhosts based authentication with public key
authentication.
Index: sshd_config.5
---- sshd_config.5.orig 2008-07-02 14:35:43 +0200
-+++ sshd_config.5 2008-11-15 10:14:27 +0100
-@@ -932,6 +932,30 @@
+--- sshd_config.5.orig 2009-02-23 01:00:24 +0100
++++ sshd_config.5 2009-02-25 12:25:48 +0100
+@@ -934,6 +934,30 @@
escalation by containing any corruption within the unprivileged processes.
The default is
.Dq yes .
@@ .
patch -p0 <<'@@ .'
Index: openpkg-src/openssh/openssh.spec
============================================================================
$ cvs diff -u -r1.218 -r1.219 openssh.spec
--- openpkg-src/openssh/openssh.spec 23 Dec 2008 09:12:41 -0000 1.218
+++ openpkg-src/openssh/openssh.spec 25 Feb 2009 11:30:07 -0000 1.219
@@ -22,7 +22,7 @@
##
# package versions
-%define V_base 5.1
+%define V_base 5.2
%define V_portable p1
%define V_connect 100
%define V_hpn 5.1p1-hpn13v5
@@ -38,7 +38,7 @@
Group: SSH
License: BSD
Version: %{V_base}%{V_portable}
-Release: 20081223
+Release: 20090225
# package options
%option with_fsl yes
@@ .
______________________________________________________________________
OpenPKG http://openpkg.org
CVS Repository Commit List openpkg-cvs@openpkg.org
