[packages/openssh] - updated to 7.2p1; slogin is gone - updated ldap,chroot patches - removed obsolete no_libnsl patch

qboosh qboosh at pld-linux.org
Sat Mar 5 11:33:53 CET 2016


commit f685d17fb4b2eab8c769c88b3a910e3292647816
Author: Jakub Bogusz <qboosh at pld-linux.org>
Date:   Sat Mar 5 11:37:29 2016 +0100

    - updated to 7.2p1; slogin is gone
    - updated ldap,chroot patches
    - removed obsolete no_libnsl patch
    - fixed memory leaks in chroot patch

 openssh-chroot.patch    | 32 ++++++++++++++++++--------------
 openssh-ldap.patch      | 45 ++++++++++++++++++++++-----------------------
 openssh-no_libnsl.patch | 23 -----------------------
 openssh.spec            | 13 +++----------
 4 files changed, 43 insertions(+), 70 deletions(-)
---
diff --git a/openssh.spec b/openssh.spec
index e6b9c95..1fcfb0d 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -45,13 +45,13 @@ Summary(pt_BR.UTF-8):	Implementação livre do SSH
 Summary(ru.UTF-8):	OpenSSH - свободная реализация протокола Secure Shell (SSH)
 Summary(uk.UTF-8):	OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
 Name:		openssh
-Version:	7.1p2
-Release:	3
+Version:	7.2p1
+Release:	1
 Epoch:		2
 License:	BSD
 Group:		Applications/Networking
 Source0:	ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5:	4d8547670e2a220d5ef805ad9e47acf2
+# Source0-md5:	b984775f0cfff1f7ff18b8797fce8a28
 Source1:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
 # Source1-md5:	66943d481cc422512b537bcc2c7400d1
 Source2:	%{name}d.init
@@ -64,7 +64,6 @@ Source9:	sshd.service
 Source10:	sshd-keygen
 Source11:	sshd.socket
 Source12:	sshd at .service
-Patch0:		%{name}-no_libnsl.patch
 Patch1:		%{name}-tests-reuseport.patch
 Patch2:		%{name}-pam_misc.patch
 Patch3:		%{name}-sigpipe.patch
@@ -530,7 +529,6 @@ openldap-a.
 
 %prep
 %setup -q
-%patch0 -p1
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
@@ -655,9 +653,6 @@ ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass
 install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}
 cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1
 
-%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
-echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1
-
 touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd
 
 cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS
@@ -783,7 +778,6 @@ fi
 %files clients
 %defattr(644,root,root,755)
 %attr(755,root,root) %{_bindir}/ssh
-%attr(755,root,root) %{_bindir}/slogin
 %attr(755,root,root) %{_bindir}/sftp
 %attr(755,root,root) %{_bindir}/ssh-agent
 %attr(755,root,root) %{_bindir}/ssh-add
@@ -793,7 +787,6 @@ fi
 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
 %{_mandir}/man1/scp.1*
 %{_mandir}/man1/ssh.1*
-%{_mandir}/man1/slogin.1*
 %{_mandir}/man1/sftp.1*
 %{_mandir}/man1/ssh-agent.1*
 %{_mandir}/man1/ssh-add.1*
diff --git a/openssh-chroot.patch b/openssh-chroot.patch
index 3bef762..828de68 100644
--- a/openssh-chroot.patch
+++ b/openssh-chroot.patch
@@ -62,12 +62,12 @@
  	int	use_dns;
  	int	client_alive_interval;	/*
  					 * poke the client this often to
---- ./session.c.org	2008-05-05 16:22:11.935003283 +0200
-+++ ./session.c	2008-05-05 16:32:50.025507650 +0200
+--- openssh-7.2p1/session.c.orig	2016-03-05 10:24:44.227756638 +0100
++++ openssh-7.2p1/session.c	2016-03-05 10:24:50.237756386 +0100
 @@ -1492,6 +1492,10 @@ do_setusercontext(struct passwd *pw)
- #ifdef USE_LIBIAF
- 	int doing_chroot = 0;
- #endif
+ do_setusercontext(struct passwd *pw)
+ {
+ 	char *chroot_path, *tmp;
 +#ifdef CHROOT
 +	char *user_dir;
 +	char *new_root;
@@ -75,28 +75,32 @@
  
  	platform_setusercontext(pw);
  
-@@ -1534,6 +1538,25 @@ do_setusercontext(struct passwd *pw)
- #ifdef USE_LIBIAF
- 			doing_chroot = 1;
- #endif
+@@ -1532,6 +1536,29 @@ do_setusercontext(struct passwd *pw)
+ 			free(options.chroot_directory);
+ 			options.chroot_directory = NULL;
+ 			in_chroot = 1;
 +#ifdef CHROOT
-+		} else if (options.use_chroot) {
++		} else if (!in_chroot && options.use_chroot) {
 +			user_dir = xstrdup(pw->pw_dir);
 +			new_root = user_dir + 1;
 +
-+			while((new_root = strchr(new_root, '.')) != NULL) {
++			while ((new_root = strchr(new_root, '.')) != NULL) {
 +				new_root--;
-+				if(strncmp(new_root, "/./", 3) == 0) {
++				if (strncmp(new_root, "/./", 3) == 0) {
 +					*new_root = '\0';
 +					new_root += 2;
 +
-+					if(chroot(user_dir) != 0)
++					if (chroot(user_dir) != 0)
 +						fatal("Couldn't chroot to user directory %s", user_dir);
-+					pw->pw_dir = new_root;
++					/* NOTE: session->pw comes from pwcopy(), so replace pw_dir this way (incompatible with plain getpwnam() or getpwnam_r()) */
++					free(pw->pw_dir);
++					pw->pw_dir = xstrdup(new_root);
++					in_chroot = 1;
 +					break;
 +				}
 +				new_root += 2;
 +			}
++			free(user_dir);
 +#endif /* CHROOT */
  		}
  
diff --git a/openssh-ldap.patch b/openssh-ldap.patch
index 67a7c07..741b5b5 100644
--- a/openssh-ldap.patch
+++ b/openssh-ldap.patch
@@ -1984,10 +1984,9 @@ diff -up openssh-6.2p1/ldapmisc.h.ldap openssh-6.2p1/ldapmisc.h
 +
 +#endif /* LDAPMISC_H */
 +
-diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
---- openssh-6.2p1/Makefile.in.ldap	2013-03-25 21:27:15.850247822 +0100
-+++ openssh-6.2p1/Makefile.in	2013-03-25 21:27:57.356518817 +0100
-@@ -25,6 +25,8 @@ SSH_PROGRAM=@bindir@/ssh
+--- openssh-7.2p1/Makefile.in.orig	2016-02-26 04:40:04.000000000 +0100
++++ openssh-7.2p1/Makefile.in	2016-03-04 19:44:30.903306337 +0100
+@@ -25,6 +25,8 @@
  ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass
  SFTP_SERVER=$(libexecdir)/sftp-server
  SSH_KEYSIGN=$(libexecdir)/ssh-keysign
@@ -1996,7 +1995,7 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
  SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
  PRIVSEP_PATH=@PRIVSEP_PATH@
  SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
-@@ -60,8 +62,9 @@ XAUTH_PATH=@XAUTH_PATH@
+@@ -61,8 +63,9 @@
  LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
  EXEEXT=@EXEEXT@
  MANFMT=@MANFMT@
@@ -2005,11 +2004,11 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
 -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
 +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
  
- LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \
- 	canohost.o channels.o cipher.o cipher-aes.o \
-@@ -95,8 +98,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw
- 	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
- 	sandbox-seccomp-filter.o
+ LIBOPENSSH_OBJS=\
+ 	ssh_api.o \
+@@ -112,8 +115,8 @@
+ 	sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
+ 	sandbox-solaris.o
  
 -MANPAGES	= moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
 -MANPAGES_IN	= moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@@ -2018,17 +2017,17 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
  MANTYPE		= @MANTYPE@
  
  CONFIGFILES=sshd_config.out ssh_config.out moduli.out
-@@ -164,6 +167,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss
+@@ -184,6 +187,9 @@
  ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
  	$(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
  
 +ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
 +	$(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
 +
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o
- 	$(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
+ 	$(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
  
-@@ -266,6 +272,10 @@ install-files:
+@@ -311,6 +317,10 @@
  	$(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
  	$(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
  	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
@@ -2039,7 +2038,7 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
  	$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
  	$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
  	$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-@@ -282,6 +292,10 @@ install-files:
+@@ -327,6 +337,10 @@
  	$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
  	$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
  	$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
@@ -2047,10 +2046,10 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
 +		$(INSTALL) -m 644 ssh-ldap-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8 ; \
 +		$(INSTALL) -m 644 ssh-ldap.conf.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh-ldap.conf.5 ; \
 +	fi
- 	-rm -f $(DESTDIR)$(bindir)/slogin
- 	ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
- 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
-@@ -311,6 +325,13 @@ install-sysconf:
+ 
+ install-sysconf:
+ 	if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
+@@ -352,6 +366,13 @@
  	else \
  		echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
  	fi
@@ -2064,7 +2063,7 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
  
  host-key: ssh-keygen$(EXEEXT)
  	@if [ -z "$(DESTDIR)" ] ; then \
-@@ -368,6 +389,8 @@ uninstall:
+@@ -392,6 +413,8 @@
  	-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
  	-rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
  	-rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
@@ -2073,14 +2072,14 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in
  	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
  	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
  	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -379,6 +402,7 @@ uninstall:
+@@ -403,6 +426,7 @@
  	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
  	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
  	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
 +	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8
- 	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
  
- regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c
+ regress-prep:
+ 	[ -d `pwd`/regress ] || mkdir -p `pwd`/regress
 diff -up openssh-6.2p1/openssh-lpk-openldap.schema.ldap openssh-6.2p1/openssh-lpk-openldap.schema
 --- openssh-6.2p1/openssh-lpk-openldap.schema.ldap	2013-03-25 21:27:15.894248110 +0100
 +++ openssh-6.2p1/openssh-lpk-openldap.schema	2013-03-25 21:27:15.894248110 +0100
diff --git a/openssh-no_libnsl.patch b/openssh-no_libnsl.patch
deleted file mode 100644
index c8fbdd4..0000000
--- a/openssh-no_libnsl.patch
+++ /dev/null
@@ -1,23 +0,0 @@
-diff -urN openssh-3.0p1.orig/configure.ac openssh-3.0p1/configure.ac
---- openssh-3.0p1.orig/configure.ac	Sat Nov  3 20:09:33 2001
-+++ openssh-3.0p1/configure.ac	Wed Nov  7 16:22:54 2001
-@@ -123,6 +123,8 @@
- 	AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!")
- 	AC_DEFINE(SPT_TYPE,SPT_REUSEARGV)
- 	inet6_default_4in6=yes
-+	no_libnsl=1
-+	no_libsocket=1
- 	case `uname -r` in
- 	1.*|2.0.*)
- 		AC_DEFINE(BROKEN_CMSG_TYPE)
---- openssh-5.9p1/configure.ac~	2011-09-06 19:01:09.000000000 +0200
-+++ openssh-5.9p1/configure.ac	2011-09-06 19:02:14.816070290 +0200
-@@ -972,7 +972,6 @@
- 
- dnl Checks for header files.
- # Checks for libraries.
--AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])])
- AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])])
- 
- dnl IRIX and Solaris 2.5.1 have dirname() in libgen
-
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/openssh.git/commitdiff/f685d17fb4b2eab8c769c88b3a910e3292647816



More information about the pld-cvs-commit mailing list