- up to 8.2p1; new - FIDO/U2F support auto/th/openssh-8.2p1-1
authorArkadiusz Miśkiewicz <arekm@maven.pl>
Sat, 15 Feb 2020 12:06:22 +0000 (13:06 +0100)
committerArkadiusz Miśkiewicz <arekm@maven.pl>
Sat, 15 Feb 2020 12:06:22 +0000 (13:06 +0100)
openssh-include.patch [deleted file]
openssh-ldap.patch
openssh-sigpipe.patch
openssh.spec
ossh-bug-3093.patch [deleted file]

diff --git a/openssh-include.patch b/openssh-include.patch
deleted file mode 100644 (file)
index 801c681..0000000
+++ /dev/null
@@ -1,11 +0,0 @@
---- openssh-5.9p1/configure.ac~        2011-09-06 19:31:16.000000000 +0200
-+++ openssh-5.9p1/configure.ac 2011-09-06 19:31:55.291791679 +0200
-@@ -1076,6 +1076,7 @@
- AC_MSG_CHECKING([for possibly buggy zlib])
- AC_RUN_IFELSE([AC_LANG_PROGRAM([[
-+#include <stdlib.h>
- #include <stdio.h>
- #include <zlib.h>
-       ]],
-
index 2920eabbf951856ed68404660e7550d29e1d28a7..fe93879a18fd404bb450ef1336a3040523381e40 100644 (file)
@@ -1995,14 +1995,16 @@ diff -up openssh-6.2p1/ldapmisc.h.ldap openssh-6.2p1/ldapmisc.h
  SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper
  PRIVSEP_PATH=@PRIVSEP_PATH@
  SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
-@@ -61,8 +63,9 @@
+@@ -61,10 +63,11 @@
  EXEEXT=@EXEEXT@
  MANFMT=@MANFMT@
  MKDIR_P=@MKDIR_P@
 +INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
+
+ .SUFFIXES: .lo
  
--TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
+-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT)
++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-sk-helper$(EXEEXT) ssh-ldap-helper$(EXEEXT)
  
  LIBOPENSSH_OBJS=\
        ssh_api.o \
@@ -2010,45 +2012,45 @@ diff -up openssh-6.2p1/ldapmisc.h.ldap openssh-6.2p1/ldapmisc.h
        sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \
        sandbox-solaris.o
  
--MANPAGES      = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
--MANPAGES_IN   = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
-+MANPAGES      = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out
-+MANPAGES_IN   = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5
+-MANPAGES      = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-sk-helper.8.out sshd_config.5.out ssh_config.5.out
+-MANPAGES_IN   = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 sshd_config.5 ssh_config.5
++MANPAGES      = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-sk-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out
++MANPAGES_IN   = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-sk-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5
  MANTYPE               = @MANTYPE@
  
  CONFIGFILES=sshd_config.out ssh_config.out moduli.out
-@@ -184,6 +187,9 @@
- ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o
-       $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS)
+@@ -235,6 +235,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT)
+ ssh-sk-helper$(EXEEXT): $(LIBCOMPAT) libssh.a $(SKHELPER_OBJS)
+       $(LD) -o $@ $(SKHELPER_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) $(LIBFIDO2)
  
 +ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o
 +      $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS)
 +
- ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o
-       $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
+ ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHKEYSCAN_OBJS)
+       $(LD) -o $@ $(SSHKEYSCAN_OBJS) $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS)
  
-@@ -311,6 +317,10 @@
-       $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
+@@ -395,6 +395,10 @@ install-files:
        $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
        $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
+       $(INSTALL) -m 0755 $(STRIP_OPT) ssh-sk-helper$(EXEEXT) $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
 +      if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
-+              $(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
-+              $(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
++          $(INSTALL) -m 0700 $(STRIP_OPT) ssh-ldap-helper $(DESTDIR)$(SSH_LDAP_HELPER) ; \
++          $(INSTALL) -m 0700 ssh-ldap-wrapper $(DESTDIR)$(SSH_LDAP_WRAPPER) ; \
 +      fi
        $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
        $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
        $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
-@@ -327,6 +337,10 @@
-       $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+@@ -416,6 +416,10 @@ install-files:
        $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
        $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+       $(INSTALL) -m 644 ssh-sk-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
 +      if test ! -z "$(INSTALL_SSH_LDAP_HELPER)" ; then \
-+              $(INSTALL) -m 644 ssh-ldap-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8 ; \
-+              $(INSTALL) -m 644 ssh-ldap.conf.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh-ldap.conf.5 ; \
++          $(INSTALL) -m 644 ssh-ldap-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8 ; \
++          $(INSTALL) -m 644 ssh-ldap.conf.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh-ldap.conf.5 ; \
 +      fi
  
  install-sysconf:
-       if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \
+       $(MKDIR_P) $(DESTDIR)$(sysconfdir)
 @@ -352,6 +366,13 @@
        else \
                echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \
@@ -2063,23 +2065,23 @@ diff -up openssh-6.2p1/ldapmisc.h.ldap openssh-6.2p1/ldapmisc.h
  
  host-key: ssh-keygen$(EXEEXT)
        @if [ -z "$(DESTDIR)" ] ; then \
-@@ -392,6 +413,8 @@
-       -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
+@@ -488,6 +488,8 @@ uninstall:
        -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT)
        -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
+       -rm -f $(DESTDIR)$(SSH_SK_HELPER)$(EXEEXT)
 +      -rm -f $(DESTDIR)$(SSH_LDAP_HELPER)$(EXEEXT)
 +      -rm -f $(DESTDIR)$(SSH_LDAP_WRAPPER)$(EXEEXT)
        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -403,6 +426,7 @@
-       -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
+@@ -502,6 +502,7 @@ uninstall:
        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
+       -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-sk-helper.8
 +      -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8
  
  regress-prep:
-       [ -d `pwd`/regress ] || mkdir -p `pwd`/regress
+       $(MKDIR_P) `pwd`/regress/unittests/test_helper
 diff -up openssh-6.2p1/openssh-lpk-openldap.schema.ldap openssh-6.2p1/openssh-lpk-openldap.schema
 --- openssh-6.2p1/openssh-lpk-openldap.schema.ldap     2013-03-25 21:27:15.894248110 +0100
 +++ openssh-6.2p1/openssh-lpk-openldap.schema  2013-03-25 21:27:15.894248110 +0100
index 3d60ddf2a6eaed207eaaa7dafd4a8838d3563a09..a190b7c82b048fc5f715878824274467d2d611b7 100644 (file)
  /*
   * Flag to indicate that we have received a window change signal which has
   * not yet been processed.  This will cause a message indicating the new
-@@ -1236,6 +1239,8 @@
-               signal(SIGQUIT, signal_handler);
-       if (signal(SIGTERM, SIG_IGN) != SIG_IGN)
-               signal(SIGTERM, signal_handler);
+@@ -1317,6 +1317,8 @@ client_loop(struct ssh *ssh, int have_pt
+               ssh_signal(SIGQUIT, signal_handler);
+       if (ssh_signal(SIGTERM, SIG_IGN) != SIG_IGN)
+               ssh_signal(SIGTERM, signal_handler);
 +      if (enable_sigpipe)
 +              signal(SIGPIPE, signal_handler);
-       signal(SIGWINCH, window_change_handler);
+       ssh_signal(SIGWINCH, window_change_handler);
  
        if (have_pty)
 diff -urN openssh-3.9p1.org/ssh.0 openssh-3.9p1/ssh.0
index 065eb67466d1e8c76997b0e23dc15a28d9d64c8d..b6e6ed1d1007717beb2048dde32c632f359ff76a 100644 (file)
@@ -36,13 +36,13 @@ Summary(pt_BR.UTF-8):       Implementação livre do SSH
 Summary(ru.UTF-8):     OpenSSH - свободная реализация протокола Secure Shell (SSH)
 Summary(uk.UTF-8):     OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
 Name:          openssh
-Version:       8.1p1
-Release:       4
+Version:       8.2p1
+Release:       1
 Epoch:         2
 License:       BSD
 Group:         Applications/Networking
 Source0:       http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: 513694343631a99841e815306806edf0
+# Source0-md5: 3076e6413e8dbe56d33848c1054ac091
 Source1:       http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
 Source2:       %{name}d.init
@@ -68,13 +68,12 @@ Patch8:             ldap-helper-sigpipe.patch
 # High Performance SSH/SCP - HPN-SSH - http://www.psc.edu/networking/projects/hpn-ssh/
 # http://www.psc.edu/networking/projects/hpn-ssh/openssh-5.2p1-hpn13v6.diff.gz
 Patch9:                %{name}-5.2p1-hpn13v6.diff
-Patch10:       %{name}-include.patch
+
 Patch11:       %{name}-chroot.patch
 Patch12:       openssh-bug-2905.patch
 Patch13:       %{name}-skip-interop-tests.patch
 Patch14:       %{name}-bind.patch
 Patch15:       %{name}-disable_ldap.patch
-Patch16:       ossh-bug-3093.patch
 URL:           http://www.openssh.com/portable.html
 BuildRequires: %{__perl}
 %{?with_audit:BuildRequires:   audit-libs-devel}
@@ -85,6 +84,7 @@ BuildRequires:        automake
 %{?with_kerberos5:BuildRequires:       heimdal-devel >= 0.7}
 %{?with_ldns:BuildRequires:    ldns-devel}
 %{?with_libedit:BuildRequires: libedit-devel}
+BuildRequires: libfido2-devel
 BuildRequires: libseccomp-devel
 %{?with_selinux:BuildRequires: libselinux-devel}
 %{?with_ldap:BuildRequires:    openldap-devel}
@@ -538,7 +538,7 @@ openldap-a.
 %patch8 -p1
 
 %{?with_hpn:%patch9 -p1}
-%patch10 -p1
+
 %patch11 -p1
 %patch12 -p1
 %patch13 -p1
@@ -551,8 +551,6 @@ openldap-a.
 %{__sed} -i -e 's/\(`$(PKG_CONFIG) --libs gtk+-2.0\) x11`/\1` -lX11/' contrib/Makefile
 %endif
 
-%patch16 -p1
-
 # hack since arc4random from openbsd-compat needs symbols from libssh and vice versa
 sed -i -e 's#-lssh -lopenbsd-compat#-lssh -lopenbsd-compat -lssh -lopenbsd-compat#g' Makefile*
 
@@ -586,6 +584,7 @@ CPPFLAGS="%{rpmcppflags} -DCHROOT -std=gnu99"
        --with-pid-dir=%{_localstatedir}/run \
        --with-privsep-path=%{_privsepdir} \
        --with-privsep-user=sshd \
+       --with-security-key-builtin \
        %{?with_selinux:--with-selinux} \
 %if "%{pld_release}" == "ac"
        --with-xauth=/usr/X11R6/bin/xauth
@@ -794,6 +793,7 @@ fi
 %attr(755,root,root) %{_bindir}/ssh-add
 %attr(755,root,root) %{_bindir}/ssh-copy-id
 %attr(755,root,root) %{_bindir}/scp
+%attr(755,root,root) %{_libexecdir}/ssh-sk-helper
 %config(noreplace) %verify(not md5 mtime size) %{_sysconfdir}/ssh_config
 %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS
 %{_mandir}/man1/scp.1*
@@ -803,6 +803,7 @@ fi
 %{_mandir}/man1/ssh-add.1*
 %{_mandir}/man1/ssh-copy-id.1*
 %{_mandir}/man5/ssh_config.5*
+%{_mandir}/man8/ssh-sk-helper.8*
 %lang(it) %{_mandir}/it/man1/ssh.1*
 %lang(it) %{_mandir}/it/man5/ssh_config.5*
 %lang(pl) %{_mandir}/pl/man1/scp.1*
diff --git a/ossh-bug-3093.patch b/ossh-bug-3093.patch
deleted file mode 100644 (file)
index fa33bae..0000000
+++ /dev/null
@@ -1,40 +0,0 @@
-diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c
-index b5cda70b..f80981fa 100644
---- a/sandbox-seccomp-filter.c
-+++ b/sandbox-seccomp-filter.c
-@@ -177,6 +177,9 @@ static const struct sock_filter preauth_insns[] = {
- #ifdef __NR_shmdt
-       SC_DENY(__NR_shmdt, EACCES),
- #endif
-+#ifdef __NR_ipc
-+      SC_DENY(__NR_ipc, EACCES),
-+#endif
-       /* Syscalls to permit */
- #ifdef __NR_brk
-@@ -185,6 +188,9 @@ static const struct sock_filter preauth_insns[] = {
- #ifdef __NR_clock_gettime
-       SC_ALLOW(__NR_clock_gettime),
- #endif
-+#ifdef __NR_clock_gettime64
-+      SC_ALLOW(__NR_clock_gettime64),
-+#endif
- #ifdef __NR_close
-       SC_ALLOW(__NR_close),
- #endif
-@@ -242,6 +248,15 @@ static const struct sock_filter preauth_insns[] = {
- #ifdef __NR_nanosleep
-       SC_ALLOW(__NR_nanosleep),
- #endif
-+#ifdef __NR_clock_nanosleep
-+      SC_ALLOW(__NR_clock_nanosleep),
-+#endif
-+#ifdef __NR_clock_nanosleep_time64
-+      SC_ALLOW(__NR_clock_nanosleep_time64),
-+#endif
-+#ifdef __NR_clock_gettime64
-+      SC_ALLOW(__NR_clock_gettime64),
-+#endif
- #ifdef __NR__newselect
-       SC_ALLOW(__NR__newselect),
- #endif
This page took 0.132268 seconds and 4 git commands to generate.