- packet_send();
+ packet_length = packet_send();
c->remote_window -= dlen + 4;
- xfree(data);
+ free(data);
}
@@ -2043,7 +2082,7 @@ channel_output_poll(void)
SSH2_MSG_CHANNEL_DATA : SSH_MSG_CHANNEL_DATA);
+ if (c == NULL || (c->number != SSH_CIPHER_SSH2 &&
+c->number != SSH_CIPHER_NONE)) {
debug("bad cipher %s [%s]", p, names);
- xfree(cipher_list);
+ free(cipher_list);
return 0;
@@ -337,6 +339,7 @@ cipher_get_keyiv(CipherContext *cc, u_ch
int evplen;
+ pthread_join(c->tid[i], NULL);
+
+ memset(c, 0, sizeof(*c));
-+ xfree(c);
++ free(c);
+ EVP_CIPHER_CTX_set_app_data(ctx, NULL);
+ }
+ return (1);
@@ -931,19 +933,22 @@ packet_send2(void)
sizeof(Buffer));
TAILQ_REMOVE(&outgoing, p, next);
- xfree(p);
+ free(p);
- packet_send2_wrapped();
+ packet_length += packet_send2_wrapped();
}
- packet_write_poll();
+ bytes_sent += packet_write_poll();
}
- xfree(setp);
+ free(setp);
}
@@ -1736,12 +1744,24 @@ packet_send_ignore(int nbytes)
}
+
+ for (i = 0; i < options->num_local_forwards; i++) {
+ if (options->local_forwards[i].listen_host != NULL)
-+ xfree(options->local_forwards[i].listen_host);
-+ xfree(options->local_forwards[i].connect_host);
++ free(options->local_forwards[i].listen_host);
++ free(options->local_forwards[i].connect_host);
+ }
+ options->num_local_forwards = 0;
+ for (i = 0; i < options->num_remote_forwards; i++) {
+ if (options->remote_forwards[i].listen_host != NULL)
-+ xfree(options->remote_forwards[i].listen_host);
-+ xfree(options->remote_forwards[i].connect_host);
++ free(options->remote_forwards[i].listen_host);
++ free(options->remote_forwards[i].connect_host);
+ }
+ options->num_remote_forwards = 0;
+ options->tun_open = SSH_TUNMODE_NO;
+ i = 0; /* failure */
+ }
+
-+ xfree(p);
++ free(p);
+
+ if (dynamicfwd) {
+ if (!(i == 1 || i == 2))
+
+ fail_free:
+ if (fwd->connect_host != NULL) {
-+ xfree(fwd->connect_host);
++ free(fwd->connect_host);
+ fwd->connect_host = NULL;
+ }
+ if (fwd->listen_host != NULL) {
-+ xfree(fwd->listen_host);
++ free(fwd->listen_host);
+ fwd->listen_host = NULL;
+ }
+ return (0);
line = xstrdup(optarg);
@@ -503,6 +500,13 @@ main(int ac, char **av)
exit(255);
- xfree(line);
+ free(line);
break;
+ case 'T':
+ no_tty_flag = 1;
+ /* what about the return value from the child process? */
+go_away:
+ if (progname)
-+ xfree (progname);
++ free (progname);
+
+ if (runas_pw->pw_uid != 0)
+ restore_uid();
+ if ((logfile = fopen (logfilename, "a")) == NULL)
+ fatal ("cannot append to %s: %s", logfilename, strerror (errno));
+ debug3 ("LDAP debug into %s", logfilename);
-+ xfree (logfilename);
++ free (logfilename);
+ ber_set_option (NULL, LBER_OPT_LOG_PRINT_FILE, logfile);
+ }
+#endif
+ timeout.tv_usec = 0;
+ if ((rc = ldap_search_st(ld, options.base, options.scope, buffer, attrs, 0, &timeout, &res)) != LDAP_SUCCESS) {
+ error ("ldap_search_st(): %s", ldap_err2string (rc));
-+ xfree (buffer);
++ free (buffer);
+ return;
+ }
+
+ /* free */
-+ xfree (buffer);
++ free (buffer);
+
+ for (e = ldap_first_entry(ld, res); e != NULL; e = ldap_next_entry(ld, e)) {
+ int num;
+ else
+ error("Host key %s blacklisted (see "
+ "ssh-vulnkey(1))", fp);
-+ xfree(fp);
++ free(fp);
+ if (!options.permit_blacklisted_keys) {
+ sensitive_data.host_keys[i] = NULL;
+ continue;
+ }
+ }
+ pubkey = key_load_public(options.host_key_files[i], NULL);
sensitive_data.host_keys[i] = key;
- if (key == NULL) {
- error("Could not load host key: %s",
+ sensitive_data.host_pubkeys[i] = pubkey;
--- openssh-4.7p1.orig/servconf.c
+++ openssh-4.7p1/servconf.c
@@ -96,6 +96,7 @@
# test driver for the loginrec code - not built by default
logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
-@@ -271,6 +271,7 @@
+@@ -271,6 +274,7 @@
$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -289,6 +289,7 @@
+@@ -289,6 +293,7 @@
$(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
+ else
+ logit("Public key %s blacklisted (see "
+ "ssh-vulnkey(1))", fp);
-+ xfree(fp);
++ free(fp);
+ if (!options.permit_blacklisted_keys)
+ return 0;
+ }
#include "auth.h"
#include "canohost.h"
#ifdef GSSAPI
-@@ -147,6 +147,19 @@
+@@ -147,6 +148,19 @@
int len;
char *fp;
+ else
+ logit("Public key %s blacklisted (see "
+ "ssh-vulnkey(1))", fp);
-+ xfree(fp);
++ free(fp);
+ if (!options.permit_blacklisted_keys)
+ return 0;
+ }
+
+out:
+ if (dgst_packed)
-+ xfree(dgst_packed);
++ free(dgst_packed);
+ if (dgst_hex)
-+ xfree(dgst_hex);
++ free(dgst_hex);
+ if (fd >= 0)
+ close(fd);
-+ xfree(blacklist_file);
++ free(blacklist_file);
+ return ret;
+}
--- openssh-4.7p1.orig/ssh-vulnkey.c
+ fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
+ if (!quiet)
+ printf("%s: %u %s %s\n", msg, key_size(key), fp, comment);
-+ xfree(fp);
++ free(fp);
+}
+
+int
+ ret = 0;
+ } else
+ describe_key("Not blacklisted", key, comment);
-+ xfree(blacklist_file);
++ free(blacklist_file);
+
+ return ret;
+}
+ found = 1;
+ }
+ if (comment)
-+ xfree(comment);
++ free(comment);
+ }
+
+ return ret;
+ else
+ logit("Public key %s blacklisted (see "
+ "ssh-vulnkey(1))", fp);
-+ xfree(fp);
++ free(fp);
+ if (!options.permit_blacklisted_keys)
+ continue;
+ }
#include "auth.h"
#include "pathnames.h"
#include "uidswap.h"
-@@ -608,6 +608,20 @@
+@@ -608,6 +609,20 @@
{
u_int success, i;
char *file;
+ else
+ logit("Public key %s blacklisted (see "
+ "ssh-vulnkey(1))", fp);
-+ xfree(fp);
++ free(fp);
+ if (!options.permit_blacklisted_keys)
+ return 0;
+ }
#ifdef WITH_SELINUX
/* Cache selinux status for later use */
@@ -1425,8 +1429,28 @@ do_setusercontext(struct passwd *pw)
- safely_chroot(chroot_path, pw->pw_uid);
- free(tmp);
- free(chroot_path);
+ /* Make sure we don't attempt to chroot again */
+ free(options.chroot_directory);
+ options.chroot_directory = NULL;
+#ifdef CHROOT
+ } else if (options.use_chroot) {
+ user_dir = xstrdup(pw->pw_dir);
# CheckHostIP yes
# AddressFamily any
@@ -42,3 +45,19 @@
- # PermitLocalCommand no
# VisualHostKey no
# ProxyCommand ssh -q -W %h:%p gateway.example.com
+ # RekeyLimit 1G 1h
+
+Host *
+ GSSAPIAuthentication yes
+++ /dev/null
---- openssh-5.9p1/configure.ac~ 2011-08-18 06:48:24.000000000 +0200
-+++ openssh-5.9p1/configure.ac 2011-09-06 19:00:46.856319713 +0200
-@@ -3424,13 +3424,13 @@
- [ AC_MSG_RESULT([yes])
- AC_DEFINE([HEIMDAL])
- K5LIBS="-lkrb5"
-- K5LIBS="$K5LIBS -lcom_err -lasn1"
-+ K5LIBS="$K5LIBS -lasn1"
- AC_CHECK_LIB([roken], [net_write],
- [K5LIBS="$K5LIBS -lroken"])
- AC_CHECK_LIB([des], [des_cbc_encrypt],
- [K5LIBS="$K5LIBS -ldes"])
- ], [ AC_MSG_RESULT([no])
-- K5LIBS="-lkrb5 -lk5crypto -lcom_err"
-+ K5LIBS="-lkrb5 -lk5crypto"
-
- ])
- AC_SEARCH_LIBS([dn_expand], [resolv])
-diff -ur openssh-5.8p1-orig/auth-krb5.c openssh-5.8p1/auth-krb5.c
---- openssh-5.8p1-orig/auth-krb5.c 2011-04-20 00:30:23.632652510 +0200
-+++ openssh-5.8p1/auth-krb5.c 2011-04-20 00:34:06.218117429 +0200
-@@ -88,6 +88,8 @@
- #ifndef HEIMDAL
- krb5_creds creds;
- krb5_principal server;
-+#else
-+ const char *ccache_type, *ccache_name;
- #endif
- krb5_error_code problem;
- krb5_ccache ccache = NULL;
-@@ -129,7 +131,11 @@
- if (problem)
- goto out;
-
-- problem = krb5_cc_gen_new(authctxt->krb5_ctx, &krb5_fcc_ops,
-+ problem = krb5_cc_set_default_name(authctxt->krb5_ctx, NULL);
-+ if (problem)
-+ goto out;
-+ problem = krb5_cc_new_unique(authctxt->krb5_ctx,
-+ krb5_cc_default_name(authctxt->krb5_ctx), NULL,
- &authctxt->krb5_fwd_ccache);
- if (problem)
- goto out;
-@@ -180,12 +186,23 @@
- goto out;
- #endif
-
-+#ifdef HEIMDAL
-+ ccache_type = krb5_cc_get_type(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
-+ ccache_name = krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
-+ if (strncmp(ccache_type, "FILE", 4) == 0) {
-+ authctxt->krb5_ticket_file = (char *)ccache_name;
-+ }
-+ len = strlen(ccache_type) + strlen(ccache_name) + 2;
-+ authctxt->krb5_ccname = xmalloc(len);
-+ snprintf(authctxt->krb5_ccname, len, "%s:%s", ccache_type, ccache_name);
-+#else
- authctxt->krb5_ticket_file = (char *)krb5_cc_get_name(authctxt->krb5_ctx, authctxt->krb5_fwd_ccache);
-
- len = strlen(authctxt->krb5_ticket_file) + 6;
- authctxt->krb5_ccname = xmalloc(len);
- snprintf(authctxt->krb5_ccname, len, "FILE:%s",
- authctxt->krb5_ticket_file);
-+#endif
-
- #ifdef USE_PAM
- if (options.use_pam)
-diff -ur openssh-5.8p1-orig/gss-serv-krb5.c openssh-5.8p1/gss-serv-krb5.c
---- openssh-5.8p1-orig/gss-serv-krb5.c 2011-04-20 00:30:23.632652510 +0200
-+++ openssh-5.8p1/gss-serv-krb5.c 2011-04-20 00:34:06.218117429 +0200
-@@ -121,6 +121,9 @@
- krb5_principal princ;
- OM_uint32 maj_status, min_status;
- int len;
-+#ifdef HEIMDAL
-+ const char *ccache_type, *ccache_name;
-+#endif
-
- if (client->creds == NULL) {
- debug("No credentials stored");
-@@ -131,8 +134,14 @@
- return;
-
- #ifdef HEIMDAL
-- if ((problem = krb5_cc_gen_new(krb_context, &krb5_fcc_ops, &ccache))) {
-- logit("krb5_cc_gen_new(): %.100s",
-+ if ((problem = krb5_cc_set_default_name(krb_context, NULL))) {
-+ logit("krb5_cc_set_default_name(): %.100s",
-+ krb5_get_err_text(krb_context, problem));
-+ return;
-+ }
-+ if ((problem = krb5_cc_new_unique(krb_context,
-+ krb5_cc_default_name(krb_context), NULL, &ccache))) {
-+ logit("krb5_cc_new_unique(): %.100s",
- krb5_get_err_text(krb_context, problem));
- return;
- }
-@@ -169,11 +178,23 @@
- return;
- }
-
-+#ifdef HEIMDAL
-+ ccache_type = krb5_cc_get_type(krb_context, ccache);
-+ ccache_name = krb5_cc_get_name(krb_context, ccache);
-+ if (strncmp(ccache_type, "FILE", 4) == 0) {
-+ client->store.filename = xstrdup(ccache_name);
-+ }
-+ client->store.envvar = "KRB5CCNAME";
-+ len = strlen(ccache_type) + strlen(ccache_name) + 2;
-+ client->store.envval = xmalloc(len);
-+ snprintf(client->store.envval, len, "%s:%s", ccache_type, ccache_name);
-+#else
- client->store.filename = xstrdup(krb5_cc_get_name(krb_context, ccache));
- client->store.envvar = "KRB5CCNAME";
- len = strlen(client->store.filename) + 6;
- client->store.envval = xmalloc(len);
- snprintf(client->store.envval, len, "FILE:%s", client->store.filename);
-+#endif
-
- #ifdef USE_PAM
- if (options.use_pam)
arg = strdelim(&cp);
if (!arg || *arg == '\0')
@@ -1544,6 +1553,7 @@ copy_set_server_options(ServerOptions *d
- M_CP_INTOPT(max_authtries);
- M_CP_INTOPT(ip_qos_interactive);
M_CP_INTOPT(ip_qos_bulk);
+ M_CP_INTOPT(rekey_limit);
+ M_CP_INTOPT(rekey_interval);
+ M_CP_INTOPT(use_kuserok);
M_CP_STROPT(banner);
/* # of replies received for global requests */
static int client_global_request_id = 0;
-@@ -157,7 +160,7 @@
+@@ -199,7 +199,7 @@ static void
usage(void)
{
fprintf(stderr,
-"usage: ssh [-1246AaCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
+"usage: ssh [-1246AaBCfgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
- " [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
- " [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
- " [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
-@@ -275,7 +275,7 @@
+ " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
+ " [-F configfile] [-I pkcs11] [-i identity_file]\n"
+ " [-L [bind_address:]port:host:hostport] [-Q protocol_feature]\n"
+@@ -330,7 +330,7 @@ main(int ac, char **av)
again:
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
-- "ACD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) {
-+ "ABCD:F:I:KL:MNO:PR:S:TVw:W:XYy")) != -1) {
+- "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
++ "ABCD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
options.protocol = SSH_PROTO_1;
Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
-Version: 6.2p2
-Release: 4
+Version: 6.3p1
+Release: 1
Epoch: 2
License: BSD
Group: Applications/Networking
Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: be46174dcbb77ebb4ea88ef140685de1
+# Source0-md5: 225e75c9856f76011966013163784038
Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
# Source1-md5: 66943d481cc422512b537bcc2c7400d1
Source2: %{name}d.init
Source10: sshd-keygen
Source11: sshd.socket
Source12: sshd@.service
-Patch100: %{name}-heimdal.patch
Patch0: %{name}-no_libnsl.patch
Patch2: %{name}-pam_misc.patch
Patch3: %{name}-sigpipe.patch
%prep
%setup -q
-%{?with_kerberos5:%patch100 -p1}
%patch0 -p1
%patch2 -p1
%patch3 -p1