up to 9.4p1

diff --git a/openssh-config.patch b/openssh-config.patch
index a4865fdc7b101e274e72ccd7a4e6fbd5cfac700b..4d34975155637d5c1e544a81883fe43cebb917b9 100644 (file)
--- a/openssh-config.patch
+++ b/openssh-config.patch
@@ -13,7 +13,7 @@ diff -urNp -x '*.orig' openssh-8.8p1.org/ssh_config openssh-8.8p1/ssh_config
 +#   GSSAPIKeyExchange no
 +#   GSSAPITrustDNS no
  #   BatchMode no
- #   CheckHostIP yes
+ #   CheckHostIP no
  #   AddressFamily any
 @@ -44,3 +47,18 @@
  #   ProxyCommand ssh -q -W %h:%p gateway.example.com

diff --git a/openssh-sigpipe.patch b/openssh-sigpipe.patch
index c4378f43fa38facd8f9bb48f189edffd43d49934..64d8616f58fcb491ae564e3dc182df100e5fd3e6 100644 (file)
--- a/openssh-sigpipe.patch
+++ b/openssh-sigpipe.patch
@@ -73,17 +73,17 @@ diff -urNp -x '*.orig' openssh-8.4p1.org/ssh.c openssh-8.4p1/ssh.c
  usage(void)
  {
        fprintf(stderr,
--"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]\n"
-+"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYyZ] [-B bind_interface]\n"
- "           [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]\n"
- "           [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]\n"
- "           [-i identity_file] [-J [user@]host[:port]] [-L address]\n"
+-"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address]\n"
++"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYyZ] [-B bind_interface] [-b bind_address]\n"
+ "           [-c cipher_spec] [-D [bind_address:]port] [-E log_file]\n"
+ "           [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file]\n"
+ "           [-J destination] [-L address] [-l login_name] [-m mac_spec]\n"
 @@ -699,7 +699,7 @@ main(int ac, char **av)
  
   again:
        while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
--          "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */
-+          "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYyZ")) != -1) { /* HUZdhjruz */
+-          "AB:CD:E:F:GI:J:KL:MNO:P:Q:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */
++          "AB:CD:E:F:GI:J:KL:MNO:P:Q:R:S:TVw:W:XYyZ")) != -1) { /* HUZdhjruz */
                switch (opt) {
                case '1':
                        fatal("SSH protocol v.1 is no longer supported");

diff --git a/openssh.spec b/openssh.spec
index 294c203ac4ad4a9b730c15937df2fef1b3de7561..30738123f7fbd5596a9980562609d52aa446a765 100644 (file)
--- a/openssh.spec
+++ b/openssh.spec
@@ -36,13 +36,13 @@ Summary(pt_BR.UTF-8):       Implementação livre do SSH
 Summary(ru.UTF-8):     OpenSSH - свободная реализация протокола Secure Shell (SSH)
 Summary(uk.UTF-8):     OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
 Name:          openssh
-Version:       9.3p2
-Release:       2
+Version:       9.4p1
+Release:       1
 Epoch:         2
 License:       BSD
 Group:         Applications/Networking
 Source0:       https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: e21180e7c902e596b047b5520842c2e1
+# Source0-md5: 4bbd56a7ba51b0cd61debe8f9e77f8bb
 Source1:       http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
 # Source1-md5: 66943d481cc422512b537bcc2c7400d1
 Source2:       %{name}d.init
@@ -76,7 +76,6 @@ Patch11:      %{name}-chroot.patch
 Patch13:       %{name}-skip-interop-tests.patch
 Patch14:       %{name}-bind.patch
 Patch15:       %{name}-disable_ldap.patch
-Patch16:       openssl3.0.patch
 URL:           http://www.openssh.com/portable.html
 BuildRequires: %{__perl}
 %{?with_audit:BuildRequires:   audit-libs-devel}
@@ -91,7 +90,7 @@ BuildRequires:        libfido2-devel >= 1.5.0
 %{?with_libseccomp:BuildRequires:      libseccomp-devel}
 %{?with_selinux:BuildRequires: libselinux-devel}
 %{?with_ldap:BuildRequires:    openldap-devel}
-BuildRequires: openssl-devel >= 1.1.0g
+BuildRequires: openssl-devel >= 1.1.1
 BuildRequires: pam-devel
 %{?with_gtk:BuildRequires:     pkgconfig}
 %if %{with tests} && %{with tests_conch}
@@ -562,7 +561,6 @@ openldap-a.
 
 %patch14 -p1
 %{!?with_ldap:%patch15 -p1}
-%patch16 -p1
 
 %if "%{pld_release}" == "ac"
 # fix for missing x11.pc

diff --git a/openssl3.0.patch b/openssl3.0.patch
deleted file mode 100644 (file)
index f9e9c89..0000000
--- a/openssl3.0.patch
+++ /dev/null
@@ -1,87 +0,0 @@
---- openssh-8.9p1/regress/misc/sk-dummy/sk-dummy.c.orig        2022-02-23 12:31:11.000000000 +0100
-+++ openssh-8.9p1/regress/misc/sk-dummy/sk-dummy.c     2022-03-16 08:49:30.708560186 +0100
-@@ -326,7 +326,7 @@
-       BIO *bio = NULL;
-       EVP_PKEY *pk = NULL;
-       EC_KEY *ec = NULL;
--      SHA2_CTX ctx;
-+      SHA256_CTX ctx;
-       uint8_t apphash[SHA256_DIGEST_LENGTH];
-       uint8_t sighash[SHA256_DIGEST_LENGTH];
-       uint8_t countbuf[4];
-@@ -356,9 +356,9 @@
-       }
-       /* Prepare data to be signed */
-       dump("message", message, message_len);
--      SHA256Init(&ctx);
--      SHA256Update(&ctx, (const u_char *)application, strlen(application));
--      SHA256Final(apphash, &ctx);
-+      SHA256_Init(&ctx);
-+      SHA256_Update(&ctx, (const u_char *)application, strlen(application));
-+      SHA256_Final(apphash, &ctx);
-       dump("apphash", apphash, sizeof(apphash));
-       countbuf[0] = (counter >> 24) & 0xff;
-       countbuf[1] = (counter >> 16) & 0xff;
-@@ -366,12 +366,12 @@
-       countbuf[3] = counter & 0xff;
-       dump("countbuf", countbuf, sizeof(countbuf));
-       dump("flags", &flags, sizeof(flags));
--      SHA256Init(&ctx);
--      SHA256Update(&ctx, apphash, sizeof(apphash));
--      SHA256Update(&ctx, &flags, sizeof(flags));
--      SHA256Update(&ctx, countbuf, sizeof(countbuf));
--      SHA256Update(&ctx, message, message_len);
--      SHA256Final(sighash, &ctx);
-+      SHA256_Init(&ctx);
-+      SHA256_Update(&ctx, apphash, sizeof(apphash));
-+      SHA256_Update(&ctx, &flags, sizeof(flags));
-+      SHA256_Update(&ctx, countbuf, sizeof(countbuf));
-+      SHA256_Update(&ctx, message, message_len);
-+      SHA256_Final(sighash, &ctx);
-       dump("sighash", sighash, sizeof(sighash));
-       /* create and encode signature */
-       if ((sig = ECDSA_do_sign(sighash, sizeof(sighash), ec)) == NULL) {
-@@ -417,7 +417,7 @@
- {
-       size_t o;
-       int ret = -1;
--      SHA2_CTX ctx;
-+      SHA256_CTX ctx;
-       uint8_t apphash[SHA256_DIGEST_LENGTH];
-       uint8_t signbuf[sizeof(apphash) + sizeof(flags) +
-           sizeof(counter) + SHA256_DIGEST_LENGTH];
-@@ -435,9 +435,9 @@
-       }
-       /* Prepare data to be signed */
-       dump("message", message, message_len);
--      SHA256Init(&ctx);
--      SHA256Update(&ctx, (const u_char *)application, strlen(application));
--      SHA256Final(apphash, &ctx);
-+      SHA256_Init(&ctx);
-+      SHA256_Update(&ctx, (const u_char *)application, strlen(application));
-+      SHA256_Final(apphash, &ctx);
-       dump("apphash", apphash, sizeof(apphash));
- 
-       memcpy(signbuf, apphash, sizeof(apphash));
-@@ -495,7 +495,7 @@
- {
-       struct sk_sign_response *response = NULL;
-       int ret = SSH_SK_ERR_GENERAL;
--      SHA2_CTX ctx;
-+      SHA256_CTX ctx;
-       uint8_t message[32];
- 
-       if (sign_response == NULL) {
-@@ -509,9 +509,9 @@
-               skdebug(__func__, "calloc response failed");
-               goto out;
-       }
--      SHA256Init(&ctx);
--      SHA256Update(&ctx, data, datalen);
--      SHA256Final(message, &ctx);
-+      SHA256_Init(&ctx);
-+      SHA256_Update(&ctx, data, datalen);
-+      SHA256_Final(message, &ctx);
-       response->flags = flags;
-       response->counter = 0x12345678;
-       switch(alg) {