[packages/openssh] up to 9.4p1

atler atler at pld-linux.org
Fri Aug 11 23:19:38 CEST 2023


commit 96e630ce673bdc20a5ea36a4fb2a73052fe5e814
Author: Jan Palus <atler at pld-linux.org>
Date:   Fri Aug 11 22:52:37 2023 +0200

    up to 9.4p1

 openssh-config.patch  |  2 +-
 openssh-sigpipe.patch | 14 ++++-----
 openssh.spec          | 10 +++---
 openssl3.0.patch      | 87 ---------------------------------------------------
 4 files changed, 12 insertions(+), 101 deletions(-)
---
diff --git a/openssh.spec b/openssh.spec
index 294c203..3073812 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -36,13 +36,13 @@ Summary(pt_BR.UTF-8):	Implementação livre do SSH
 Summary(ru.UTF-8):	OpenSSH - свободная реализация протокола Secure Shell (SSH)
 Summary(uk.UTF-8):	OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
 Name:		openssh
-Version:	9.3p2
-Release:	2
+Version:	9.4p1
+Release:	1
 Epoch:		2
 License:	BSD
 Group:		Applications/Networking
 Source0:	https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5:	e21180e7c902e596b047b5520842c2e1
+# Source0-md5:	4bbd56a7ba51b0cd61debe8f9e77f8bb
 Source1:	http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
 # Source1-md5:	66943d481cc422512b537bcc2c7400d1
 Source2:	%{name}d.init
@@ -76,7 +76,6 @@ Patch11:	%{name}-chroot.patch
 Patch13:	%{name}-skip-interop-tests.patch
 Patch14:	%{name}-bind.patch
 Patch15:	%{name}-disable_ldap.patch
-Patch16:	openssl3.0.patch
 URL:		http://www.openssh.com/portable.html
 BuildRequires:	%{__perl}
 %{?with_audit:BuildRequires:	audit-libs-devel}
@@ -91,7 +90,7 @@ BuildRequires:	libfido2-devel >= 1.5.0
 %{?with_libseccomp:BuildRequires:	libseccomp-devel}
 %{?with_selinux:BuildRequires:	libselinux-devel}
 %{?with_ldap:BuildRequires:	openldap-devel}
-BuildRequires:	openssl-devel >= 1.1.0g
+BuildRequires:	openssl-devel >= 1.1.1
 BuildRequires:	pam-devel
 %{?with_gtk:BuildRequires:	pkgconfig}
 %if %{with tests} && %{with tests_conch}
@@ -562,7 +561,6 @@ openldap-a.
 
 %patch14 -p1
 %{!?with_ldap:%patch15 -p1}
-%patch16 -p1
 
 %if "%{pld_release}" == "ac"
 # fix for missing x11.pc
diff --git a/openssh-config.patch b/openssh-config.patch
index a4865fd..4d34975 100644
--- a/openssh-config.patch
+++ b/openssh-config.patch
@@ -13,7 +13,7 @@ diff -urNp -x '*.orig' openssh-8.8p1.org/ssh_config openssh-8.8p1/ssh_config
 +#   GSSAPIKeyExchange no
 +#   GSSAPITrustDNS no
  #   BatchMode no
- #   CheckHostIP yes
+ #   CheckHostIP no
  #   AddressFamily any
 @@ -44,3 +47,18 @@
  #   ProxyCommand ssh -q -W %h:%p gateway.example.com
diff --git a/openssh-sigpipe.patch b/openssh-sigpipe.patch
index c4378f4..64d8616 100644
--- a/openssh-sigpipe.patch
+++ b/openssh-sigpipe.patch
@@ -73,17 +73,17 @@ diff -urNp -x '*.orig' openssh-8.4p1.org/ssh.c openssh-8.4p1/ssh.c
  usage(void)
  {
  	fprintf(stderr,
--"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]\n"
-+"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYyZ] [-B bind_interface]\n"
- "           [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]\n"
- "           [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]\n"
- "           [-i identity_file] [-J [user@]host[:port]] [-L address]\n"
+-"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address]\n"
++"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYyZ] [-B bind_interface] [-b bind_address]\n"
+ "           [-c cipher_spec] [-D [bind_address:]port] [-E log_file]\n"
+ "           [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file]\n"
+ "           [-J destination] [-L address] [-l login_name] [-m mac_spec]\n"
 @@ -699,7 +699,7 @@ main(int ac, char **av)
  
   again:
  	while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
--	    "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */
-+	    "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYyZ")) != -1) { /* HUZdhjruz */
+-	    "AB:CD:E:F:GI:J:KL:MNO:P:Q:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */
++	    "AB:CD:E:F:GI:J:KL:MNO:P:Q:R:S:TVw:W:XYyZ")) != -1) { /* HUZdhjruz */
  		switch (opt) {
  		case '1':
  			fatal("SSH protocol v.1 is no longer supported");
diff --git a/openssl3.0.patch b/openssl3.0.patch
deleted file mode 100644
index f9e9c89..0000000
--- a/openssl3.0.patch
+++ /dev/null
@@ -1,87 +0,0 @@
---- openssh-8.9p1/regress/misc/sk-dummy/sk-dummy.c.orig	2022-02-23 12:31:11.000000000 +0100
-+++ openssh-8.9p1/regress/misc/sk-dummy/sk-dummy.c	2022-03-16 08:49:30.708560186 +0100
-@@ -326,7 +326,7 @@
- 	BIO *bio = NULL;
- 	EVP_PKEY *pk = NULL;
- 	EC_KEY *ec = NULL;
--	SHA2_CTX ctx;
-+	SHA256_CTX ctx;
- 	uint8_t	apphash[SHA256_DIGEST_LENGTH];
- 	uint8_t	sighash[SHA256_DIGEST_LENGTH];
- 	uint8_t countbuf[4];
-@@ -356,9 +356,9 @@
- 	}
- 	/* Prepare data to be signed */
- 	dump("message", message, message_len);
--	SHA256Init(&ctx);
--	SHA256Update(&ctx, (const u_char *)application, strlen(application));
--	SHA256Final(apphash, &ctx);
-+	SHA256_Init(&ctx);
-+	SHA256_Update(&ctx, (const u_char *)application, strlen(application));
-+	SHA256_Final(apphash, &ctx);
- 	dump("apphash", apphash, sizeof(apphash));
- 	countbuf[0] = (counter >> 24) & 0xff;
- 	countbuf[1] = (counter >> 16) & 0xff;
-@@ -366,12 +366,12 @@
- 	countbuf[3] = counter & 0xff;
- 	dump("countbuf", countbuf, sizeof(countbuf));
- 	dump("flags", &flags, sizeof(flags));
--	SHA256Init(&ctx);
--	SHA256Update(&ctx, apphash, sizeof(apphash));
--	SHA256Update(&ctx, &flags, sizeof(flags));
--	SHA256Update(&ctx, countbuf, sizeof(countbuf));
--	SHA256Update(&ctx, message, message_len);
--	SHA256Final(sighash, &ctx);
-+	SHA256_Init(&ctx);
-+	SHA256_Update(&ctx, apphash, sizeof(apphash));
-+	SHA256_Update(&ctx, &flags, sizeof(flags));
-+	SHA256_Update(&ctx, countbuf, sizeof(countbuf));
-+	SHA256_Update(&ctx, message, message_len);
-+	SHA256_Final(sighash, &ctx);
- 	dump("sighash", sighash, sizeof(sighash));
- 	/* create and encode signature */
- 	if ((sig = ECDSA_do_sign(sighash, sizeof(sighash), ec)) == NULL) {
-@@ -417,7 +417,7 @@
- {
- 	size_t o;
- 	int ret = -1;
--	SHA2_CTX ctx;
-+	SHA256_CTX ctx;
- 	uint8_t	apphash[SHA256_DIGEST_LENGTH];
- 	uint8_t signbuf[sizeof(apphash) + sizeof(flags) +
- 	    sizeof(counter) + SHA256_DIGEST_LENGTH];
-@@ -435,9 +435,9 @@
- 	}
- 	/* Prepare data to be signed */
- 	dump("message", message, message_len);
--	SHA256Init(&ctx);
--	SHA256Update(&ctx, (const u_char *)application, strlen(application));
--	SHA256Final(apphash, &ctx);
-+	SHA256_Init(&ctx);
-+	SHA256_Update(&ctx, (const u_char *)application, strlen(application));
-+	SHA256_Final(apphash, &ctx);
- 	dump("apphash", apphash, sizeof(apphash));
- 
- 	memcpy(signbuf, apphash, sizeof(apphash));
-@@ -495,7 +495,7 @@
- {
- 	struct sk_sign_response *response = NULL;
- 	int ret = SSH_SK_ERR_GENERAL;
--	SHA2_CTX ctx;
-+	SHA256_CTX ctx;
- 	uint8_t message[32];
- 
- 	if (sign_response == NULL) {
-@@ -509,9 +509,9 @@
- 		skdebug(__func__, "calloc response failed");
- 		goto out;
- 	}
--	SHA256Init(&ctx);
--	SHA256Update(&ctx, data, datalen);
--	SHA256Final(message, &ctx);
-+	SHA256_Init(&ctx);
-+	SHA256_Update(&ctx, data, datalen);
-+	SHA256_Final(message, &ctx);
- 	response->flags = flags;
- 	response->counter = 0x12345678;
- 	switch(alg) {
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/openssh.git/commitdiff/96e630ce673bdc20a5ea36a4fb2a73052fe5e814



More information about the pld-cvs-commit mailing list