packages: openssh/openssh-blacklist.diff, openssh/openssh.spec - rel 1

arekm arekm at pld-linux.org
Sun Mar 28 22:20:05 CEST 2010 

Author: arekm                        Date: Sun Mar 28 20:20:05 2010 GMT
Module: packages                      Tag: HEAD
---- Log message:
- rel 1

---- Files affected:
packages/openssh:
   openssh-blacklist.diff (1.5 -> 1.6) , openssh.spec (1.327 -> 1.328) 

---- Diffs:

================================================================
Index: packages/openssh/openssh-blacklist.diff
diff -u packages/openssh/openssh-blacklist.diff:1.5 packages/openssh/openssh-blacklist.diff:1.6
--- packages/openssh/openssh-blacklist.diff:1.5	Tue May 26 17:35:15 2009
+++ packages/openssh/openssh-blacklist.diff	Sun Mar 28 22:19:59 2010
@@ -116,23 +116,23 @@
  	int     permit_empty_passwd;	/* If false, do not permit empty
 --- openssh-4.7p1.orig/Makefile.in
 +++ openssh-4.7p1/Makefile.in
-@@ -60,7 +60,7 @@
+@@ -62,7 +62,7 @@
  INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
  INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
  
--TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-vulnkey$(EXEEXT)
+-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-vulnkey$(EXEEXT)
  
  LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
  	canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
-@@ -88,8 +88,8 @@
- 	loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
- 	audit.o audit-bsm.o platform.o
- 
--MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
--MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
-+MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
-+MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
+@@ -93,8 +93,8 @@
+ 	audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \
+ 	roaming_common.o roaming_serv.o ldapauth.o
+ 
+-MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
+-MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
++MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out ssh-vulnkey.1.out
++MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 ssh-vulnkey.1
  MANTYPE		= @MANTYPE@
  
  CONFIGFILES=sshd_config.out ssh_config.out moduli.out
@@ -154,14 +154,14 @@
  	$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
  	$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
  	$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -280,6 +284,7 @@
+@@ -289,6 +289,7 @@
  	$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
  	$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
  	$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
 +	$(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
+ 	$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
  	-rm -f $(DESTDIR)$(bindir)/slogin
- 	ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
- 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
+ 	ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
 @@ -361,6 +366,7 @@
  	-rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
  	-rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
@@ -216,9 +216,9 @@
 +			return 0;
 +	}
 +
- 	/* Check if we would accept it using rhosts authentication. */
- 	if (!auth_rhosts(pw, cuser))
+ 	if (auth_key_is_revoked(client_host_key))
  		return 0;
+ 
 --- openssh-4.7p1.orig/authfile.h
 +++ openssh-4.7p1/authfile.h
 @@ -23,4 +23,7 @@
@@ -451,8 +451,8 @@
 +			return 0;
 +	}
 +
- 	resolvedname = get_canonical_hostname(options.use_dns);
- 	ipaddr = get_remote_ipaddr();
+ 	if (auth_key_is_revoked(key))
+ 		return 0;
  
 --- openssh-4.7p1.orig/authfile.c
 +++ openssh-4.7p1/authfile.c
@@ -465,9 +465,9 @@
  /* Version identification string for SSH v1 identity files. */
  static const char authfile_id_string[] =
 @@ -677,3 +678,113 @@
- 	key_free(pub);
- 	return NULL;
+ 	return ret;
  }
+ 
 +
 +char *
 +blacklist_filename(const Key *key)
@@ -986,6 +986,6 @@
 +			return 0;
 +	}
 +
- 	file = authorized_keys_file(pw);
- 	success = user_key_allowed2(pw, key, file);
- 	xfree(file);
+ 	if (auth_key_is_revoked(key))
+ 		return 0;
+ 	if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))

================================================================
Index: packages/openssh/openssh.spec
diff -u packages/openssh/openssh.spec:1.327 packages/openssh/openssh.spec:1.328
--- packages/openssh/openssh.spec:1.327	Mon Mar  8 14:51:46 2010
+++ packages/openssh/openssh.spec	Sun Mar 28 22:19:59 2010
@@ -656,9 +656,11 @@
 %attr(755,root,root) %{_sbindir}/sshd
 %attr(755,root,root) %{_libexecdir}/sftp-server
 %attr(755,root,root) %{_libexecdir}/ssh-keysign
+%attr(755,root,root) %{_libexecdir}/ssh-pkcs11-helper
 %{_mandir}/man8/sshd.8*
 %{_mandir}/man8/sftp-server.8*
 %{_mandir}/man8/ssh-keysign.8*
+%{_mandir}/man8/ssh-pkcs11-helper.8*
 %{_mandir}/man5/sshd_config.5*
 %{_mandir}/man5/moduli.5*
 %attr(640,root,root) %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/sshd_config
@@ -689,6 +691,9 @@
 All persons listed below can be reached at <cvs_login>@pld-linux.org
 
 $Log$
+Revision 1.328  2010/03/28 20:19:59  arekm
+- rel 1
+
 Revision 1.327  2010/03/08 13:51:46  arekm
 - 5.4 partial update
 
================================================================

---- CVS-web:
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssh/openssh-blacklist.diff?r1=1.5&r2=1.6&f=u
    http://cvs.pld-linux.org/cgi-bin/cvsweb.cgi/packages/openssh/openssh.spec?r1=1.327&r2=1.328&f=u

More information about the pld-cvs-commit mailing list