[packages/openssh] up to 9.4p1
atler
atler at pld-linux.org
Fri Aug 11 23:19:38 CEST 2023
commit 96e630ce673bdc20a5ea36a4fb2a73052fe5e814
Author: Jan Palus <atler at pld-linux.org>
Date: Fri Aug 11 22:52:37 2023 +0200
up to 9.4p1
openssh-config.patch | 2 +-
openssh-sigpipe.patch | 14 ++++-----
openssh.spec | 10 +++---
openssl3.0.patch | 87 ---------------------------------------------------
4 files changed, 12 insertions(+), 101 deletions(-)
---
diff --git a/openssh.spec b/openssh.spec
index 294c203..3073812 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -36,13 +36,13 @@ Summary(pt_BR.UTF-8): Implementação livre do SSH
Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
-Version: 9.3p2
-Release: 2
+Version: 9.4p1
+Release: 1
Epoch: 2
License: BSD
Group: Applications/Networking
Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: e21180e7c902e596b047b5520842c2e1
+# Source0-md5: 4bbd56a7ba51b0cd61debe8f9e77f8bb
Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
# Source1-md5: 66943d481cc422512b537bcc2c7400d1
Source2: %{name}d.init
@@ -76,7 +76,6 @@ Patch11: %{name}-chroot.patch
Patch13: %{name}-skip-interop-tests.patch
Patch14: %{name}-bind.patch
Patch15: %{name}-disable_ldap.patch
-Patch16: openssl3.0.patch
URL: http://www.openssh.com/portable.html
BuildRequires: %{__perl}
%{?with_audit:BuildRequires: audit-libs-devel}
@@ -91,7 +90,7 @@ BuildRequires: libfido2-devel >= 1.5.0
%{?with_libseccomp:BuildRequires: libseccomp-devel}
%{?with_selinux:BuildRequires: libselinux-devel}
%{?with_ldap:BuildRequires: openldap-devel}
-BuildRequires: openssl-devel >= 1.1.0g
+BuildRequires: openssl-devel >= 1.1.1
BuildRequires: pam-devel
%{?with_gtk:BuildRequires: pkgconfig}
%if %{with tests} && %{with tests_conch}
@@ -562,7 +561,6 @@ openldap-a.
%patch14 -p1
%{!?with_ldap:%patch15 -p1}
-%patch16 -p1
%if "%{pld_release}" == "ac"
# fix for missing x11.pc
diff --git a/openssh-config.patch b/openssh-config.patch
index a4865fd..4d34975 100644
--- a/openssh-config.patch
+++ b/openssh-config.patch
@@ -13,7 +13,7 @@ diff -urNp -x '*.orig' openssh-8.8p1.org/ssh_config openssh-8.8p1/ssh_config
+# GSSAPIKeyExchange no
+# GSSAPITrustDNS no
# BatchMode no
- # CheckHostIP yes
+ # CheckHostIP no
# AddressFamily any
@@ -44,3 +47,18 @@
# ProxyCommand ssh -q -W %h:%p gateway.example.com
diff --git a/openssh-sigpipe.patch b/openssh-sigpipe.patch
index c4378f4..64d8616 100644
--- a/openssh-sigpipe.patch
+++ b/openssh-sigpipe.patch
@@ -73,17 +73,17 @@ diff -urNp -x '*.orig' openssh-8.4p1.org/ssh.c openssh-8.4p1/ssh.c
usage(void)
{
fprintf(stderr,
--"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]\n"
-+"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYyZ] [-B bind_interface]\n"
- " [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]\n"
- " [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]\n"
- " [-i identity_file] [-J [user@]host[:port]] [-L address]\n"
+-"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address]\n"
++"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYyZ] [-B bind_interface] [-b bind_address]\n"
+ " [-c cipher_spec] [-D [bind_address:]port] [-E log_file]\n"
+ " [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file]\n"
+ " [-J destination] [-L address] [-l login_name] [-m mac_spec]\n"
@@ -699,7 +699,7 @@ main(int ac, char **av)
again:
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
-- "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */
-+ "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYyZ")) != -1) { /* HUZdhjruz */
+- "AB:CD:E:F:GI:J:KL:MNO:P:Q:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */
++ "AB:CD:E:F:GI:J:KL:MNO:P:Q:R:S:TVw:W:XYyZ")) != -1) { /* HUZdhjruz */
switch (opt) {
case '1':
fatal("SSH protocol v.1 is no longer supported");
diff --git a/openssl3.0.patch b/openssl3.0.patch
deleted file mode 100644
index f9e9c89..0000000
--- a/openssl3.0.patch
+++ /dev/null
@@ -1,87 +0,0 @@
---- openssh-8.9p1/regress/misc/sk-dummy/sk-dummy.c.orig 2022-02-23 12:31:11.000000000 +0100
-+++ openssh-8.9p1/regress/misc/sk-dummy/sk-dummy.c 2022-03-16 08:49:30.708560186 +0100
-@@ -326,7 +326,7 @@
- BIO *bio = NULL;
- EVP_PKEY *pk = NULL;
- EC_KEY *ec = NULL;
-- SHA2_CTX ctx;
-+ SHA256_CTX ctx;
- uint8_t apphash[SHA256_DIGEST_LENGTH];
- uint8_t sighash[SHA256_DIGEST_LENGTH];
- uint8_t countbuf[4];
-@@ -356,9 +356,9 @@
- }
- /* Prepare data to be signed */
- dump("message", message, message_len);
-- SHA256Init(&ctx);
-- SHA256Update(&ctx, (const u_char *)application, strlen(application));
-- SHA256Final(apphash, &ctx);
-+ SHA256_Init(&ctx);
-+ SHA256_Update(&ctx, (const u_char *)application, strlen(application));
-+ SHA256_Final(apphash, &ctx);
- dump("apphash", apphash, sizeof(apphash));
- countbuf[0] = (counter >> 24) & 0xff;
- countbuf[1] = (counter >> 16) & 0xff;
-@@ -366,12 +366,12 @@
- countbuf[3] = counter & 0xff;
- dump("countbuf", countbuf, sizeof(countbuf));
- dump("flags", &flags, sizeof(flags));
-- SHA256Init(&ctx);
-- SHA256Update(&ctx, apphash, sizeof(apphash));
-- SHA256Update(&ctx, &flags, sizeof(flags));
-- SHA256Update(&ctx, countbuf, sizeof(countbuf));
-- SHA256Update(&ctx, message, message_len);
-- SHA256Final(sighash, &ctx);
-+ SHA256_Init(&ctx);
-+ SHA256_Update(&ctx, apphash, sizeof(apphash));
-+ SHA256_Update(&ctx, &flags, sizeof(flags));
-+ SHA256_Update(&ctx, countbuf, sizeof(countbuf));
-+ SHA256_Update(&ctx, message, message_len);
-+ SHA256_Final(sighash, &ctx);
- dump("sighash", sighash, sizeof(sighash));
- /* create and encode signature */
- if ((sig = ECDSA_do_sign(sighash, sizeof(sighash), ec)) == NULL) {
-@@ -417,7 +417,7 @@
- {
- size_t o;
- int ret = -1;
-- SHA2_CTX ctx;
-+ SHA256_CTX ctx;
- uint8_t apphash[SHA256_DIGEST_LENGTH];
- uint8_t signbuf[sizeof(apphash) + sizeof(flags) +
- sizeof(counter) + SHA256_DIGEST_LENGTH];
-@@ -435,9 +435,9 @@
- }
- /* Prepare data to be signed */
- dump("message", message, message_len);
-- SHA256Init(&ctx);
-- SHA256Update(&ctx, (const u_char *)application, strlen(application));
-- SHA256Final(apphash, &ctx);
-+ SHA256_Init(&ctx);
-+ SHA256_Update(&ctx, (const u_char *)application, strlen(application));
-+ SHA256_Final(apphash, &ctx);
- dump("apphash", apphash, sizeof(apphash));
-
- memcpy(signbuf, apphash, sizeof(apphash));
-@@ -495,7 +495,7 @@
- {
- struct sk_sign_response *response = NULL;
- int ret = SSH_SK_ERR_GENERAL;
-- SHA2_CTX ctx;
-+ SHA256_CTX ctx;
- uint8_t message[32];
-
- if (sign_response == NULL) {
-@@ -509,9 +509,9 @@
- skdebug(__func__, "calloc response failed");
- goto out;
- }
-- SHA256Init(&ctx);
-- SHA256Update(&ctx, data, datalen);
-- SHA256Final(message, &ctx);
-+ SHA256_Init(&ctx);
-+ SHA256_Update(&ctx, data, datalen);
-+ SHA256_Final(message, &ctx);
- response->flags = flags;
- response->counter = 0x12345678;
- switch(alg) {
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/openssh.git/commitdiff/96e630ce673bdc20a5ea36a4fb2a73052fe5e814
More information about the pld-cvs-commit
mailing list