[packages/openssh] - updated to 7.2p1; slogin is gone - updated ldap,chroot patches - removed obsolete no_libnsl patch
qboosh
qboosh at pld-linux.org
Sat Mar 5 11:33:53 CET 2016
commit f685d17fb4b2eab8c769c88b3a910e3292647816
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date: Sat Mar 5 11:37:29 2016 +0100
- updated to 7.2p1; slogin is gone
- updated ldap,chroot patches
- removed obsolete no_libnsl patch
- fixed memory leaks in chroot patch
openssh-chroot.patch | 32 ++++++++++++++++++--------------
openssh-ldap.patch | 45 ++++++++++++++++++++++-----------------------
openssh-no_libnsl.patch | 23 -----------------------
openssh.spec | 13 +++----------
4 files changed, 43 insertions(+), 70 deletions(-)
---
diff --git a/openssh.spec b/openssh.spec
index e6b9c95..1fcfb0d 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -45,13 +45,13 @@ Summary(pt_BR.UTF-8): Implementação livre do SSH
Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
-Version: 7.1p2
-Release: 3
+Version: 7.2p1
+Release: 1
Epoch: 2
License: BSD
Group: Applications/Networking
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: 4d8547670e2a220d5ef805ad9e47acf2
+# Source0-md5: b984775f0cfff1f7ff18b8797fce8a28
Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
# Source1-md5: 66943d481cc422512b537bcc2c7400d1
Source2: %{name}d.init
@@ -64,7 +64,6 @@ Source9: sshd.service
Source10: sshd-keygen
Source11: sshd.socket
Source12: sshd at .service
-Patch0: %{name}-no_libnsl.patch
Patch1: %{name}-tests-reuseport.patch
Patch2: %{name}-pam_misc.patch
Patch3: %{name}-sigpipe.patch
@@ -530,7 +529,6 @@ openldap-a.
%prep
%setup -q
-%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch3 -p1
@@ -655,9 +653,6 @@ ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
-%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
-echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
-
touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
@@ -783,7 +778,6 @@ fi
%files clients
%defattr(644,root,root,755)
%attr(755,root,root) %{_bindir}/ssh
-%attr(755,root,root) %{_bindir}/slogin
%attr(755,root,root) %{_bindir}/sftp
%attr(755,root,root) %{_bindir}/ssh-agent
%attr(755,root,root) %{_bindir}/ssh-add
@@ -793,7 +787,6 @@ fi
%config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
%{_mandir}/man1/scp.1*
%{_mandir}/man1/ssh.1*
-%{_mandir}/man1/slogin.1*
%{_mandir}/man1/sftp.1*
%{_mandir}/man1/ssh-agent.1*
%{_mandir}/man1/ssh-add.1*
diff --git a/openssh-chroot.patch b/openssh-chroot.patch
index 3bef762..828de68 100644
--- a/openssh-chroot.patch
+++ b/openssh-chroot.patch
@@ -62,12 +62,12 @@
int use_dns;
int client_alive_interval; /*
* poke the client this often to
---- ./session.c.org 2008-05-05 16:22:11.935003283 +0200
-+++ ./session.c 2008-05-05 16:32:50.025507650 +0200
+--- openssh-7.2p1/session.c.orig 2016-03-05 10:24:44.227756638 +0100
++++ openssh-7.2p1/session.c 2016-03-05 10:24:50.237756386 +0100
@@ -1492,6 +1492,10 @@ do_setusercontext(struct passwd *pw)
- #ifdef USE_LIBIAF
- int doing_chroot = 0;
- #endif
+ do_setusercontext(struct passwd *pw)
+ {
+ char *chroot_path, *tmp;
+#ifdef CHROOT
+ char *user_dir;
+ char *new_root;
@@ -75,28 +75,32 @@
platform_setusercontext(pw);
-@@ -1534,6 +1538,25 @@ do_setusercontext(struct passwd *pw)
- #ifdef USE_LIBIAF
- doing_chroot = 1;
- #endif
+@@ -1532,6 +1536,29 @@ do_setusercontext(struct passwd *pw)
+ free(options.chroot_directory);
+ options.chroot_directory = NULL;
+ in_chroot = 1;
+#ifdef CHROOT
-+ } else if (options.use_chroot) {
++ } else if (!in_chroot && options.use_chroot) {
+ user_dir = xstrdup(pw->pw_dir);
+ new_root = user_dir + 1;
+
-+ while((new_root = strchr(new_root, '.')) != NULL) {
++ while ((new_root = strchr(new_root, '.')) != NULL) {
+ new_root--;
-+ if(strncmp(new_root, "/./", 3) == 0) {
++ if (strncmp(new_root, "/./", 3) == 0) {
+ *new_root = '\0';
+ new_root += 2;
+
-+ if(chroot(user_dir) != 0)
++ if (chroot(user_dir) != 0)
+ fatal("Couldn't chroot to user directory %s", user_dir);
-+ pw->pw_dir = new_root;
++ /* NOTE: session->pw comes from pwcopy(), so replace pw_dir this way (incompatible with plain getpwnam() or getpwnam_r()) */
++ free(pw->pw_dir);
++ pw->pw_dir = xstrdup(new_root);
++ in_chroot = 1;
+ break;
+ }
+ new_root += 2;
+ }
++ free(user_dir);
+#endif /* CHROOT */
}
diff --git a/openssh-ldap.patch b/openssh-ldap.patch
index 67a7c07..741b5b5 100644
--- a/openssh-ldap.patch
+++ b/openssh-ldap.patch
@@ -1984,10 +1984,9 @@ diff -up openssh-6.2p1/ldapmisc.h.ldap openssh-6.2p1/ldapmisc.h
+
+#endif /* LDAPMISC_H */
+
-diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
---- openssh-6.2p1/Makefile.in.ldap 2013-03-25 21:27:15.850247822 +0100
-+++ openssh-6.2p1/Makefile.in 2013-03-25 21:27:57.356518817 +0100
-@@ -25,6 +25,8 @@ SSH_PROGRAM=@bindir@/ssh
+--- openssh-7.2p1/Makefile.in.orig 2016-02-26 04:40:04.000000000 +0100
++++ openssh-7.2p1/Makefile.in 2016-03-04 19:44:30.903306337 +0100
+@@ -25,6 +25,8 @@
ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
SFTP_SERVER=$(libexecdir)/sftp-server
SSH_KEYSIGN=$(libexecdir)/ssh-keysign
@@ -1996,7 +1995,7 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
-@@ -60,8 +62,9 @@ XAUTH_PATH=@XAUTH_PATH@
+@@ -61,8 +63,9 @@
LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
EXEEXT=@EXEEXT@
MANFMT=@MANFMT@
@@ -2005,11 +2004,11 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
- LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
- canohost.o channels.o cipher.o cipher-aes.o \
-@@ -95,8 +98,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
- sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
- sandbox-seccomp-filter.o
+ LIBOPENSSH_OBJS=\
+ ssh_api.o \
+@@ -112,8 +115,8 @@
+ sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
+ sandbox-solaris.o
-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@@ -2018,17 +2017,17 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
MANTYPE = @MANTYPE@
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
-@@ -164,6 +167,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss
+@@ -184,6 +187,9 @@
ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
+ $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
+
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
- $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+ $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
-@@ -266,6 +272,10 @@ install-files:
+@@ -311,6 +317,10 @@
$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
@@ -2039,7 +2038,7 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-@@ -282,6 +292,10 @@ install-files:
+@@ -327,6 +337,10 @@
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
@@ -2047,10 +2046,10 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
+ $(INSTALL) -m 644 ssh-ldap-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8 ; \
+ $(INSTALL) -m 644 ssh-ldap.conf.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh-ldap.conf.5 ; \
+ fi
- -rm -f $(DESTDIR)$(bindir)/slogin
- ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
-@@ -311,6 +325,13 @@ install-sysconf:
+
+ install-sysconf:
+ if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
+@@ -352,6 +366,13 @@
else \
echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
fi
@@ -2064,7 +2063,7 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
host-key: ssh-keygen$(EXEEXT)
@if [ -z "$(DESTDIR)" ] ; then \
-@@ -368,6 +389,8 @@ uninstall:
+@@ -392,6 +413,8 @@
-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
@@ -2073,14 +2072,14 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -379,6 +402,7 @@ uninstall:
+@@ -403,6 +426,7 @@
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8
- -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
- regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c
+ regress-prep:
+ [ -d `pwd`/regress ] || mkdir -p `pwd`/regress
diff -up openssh-6.2p1/openssh-lpk-openldap.schema.ldap openssh-6.2p1/openssh-lpk-openldap.schema
--- openssh-6.2p1/openssh-lpk-openldap.schema.ldap 2013-03-25 21:27:15.894248110 +0100
+++ openssh-6.2p1/openssh-lpk-openldap.schema 2013-03-25 21:27:15.894248110 +0100
diff --git a/openssh-no_libnsl.patch b/openssh-no_libnsl.patch
deleted file mode 100644
index c8fbdd4..0000000
--- a/openssh-no_libnsl.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff -urN openssh-3.0p1.orig/configure.ac openssh-3.0p1/configure.ac
---- openssh-3.0p1.orig/configure.ac Sat Nov 3 20:09:33 2001
-+++ openssh-3.0p1/configure.ac Wed Nov 7 16:22:54 2001
-@@ -123,6 +123,8 @@
- AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
- AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
- inet6_default_4in6=yes
-+ no_libnsl=1
-+ no_libsocket=1
- case `uname -r` in
- 1.*|2.0.*)
- AC_DEFINE(BROKEN_CMSG_TYPE)
---- openssh-5.9p1/configure.ac~ 2011-09-06 19:01:09.000000000 +0200
-+++ openssh-5.9p1/configure.ac 2011-09-06 19:02:14.816070290 +0200
-@@ -972,7 +972,6 @@
-
- dnl Checks for header files.
- # Checks for libraries.
--AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
- AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
-
- dnl IRIX and Solaris 2.5.1 have dirname() in libgen
-
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openssh.git/commitdiff/f685d17fb4b2eab8c769c88b3a910e3292647816
More information about the pld-cvs-commit
mailing list