From f685d17fb4b2eab8c769c88b3a910e3292647816 Mon Sep 17 00:00:00 2001 From: Jakub Bogusz Date: Sat, 5 Mar 2016 11:37:29 +0100 Subject: [PATCH] - updated to 7.2p1; slogin is gone - updated ldap,chroot patches - removed obsolete no_libnsl patch - fixed memory leaks in chroot patch --- openssh-chroot.patch | 32 ++++++++++++++++------------- openssh-ldap.patch | 45 ++++++++++++++++++++--------------------- openssh-no_libnsl.patch | 23 --------------------- openssh.spec | 13 +++--------- 4 files changed, 43 insertions(+), 70 deletions(-) delete mode 100644 openssh-no_libnsl.patch diff --git a/openssh-chroot.patch b/openssh-chroot.patch index 3bef762..828de68 100644 --- a/openssh-chroot.patch +++ b/openssh-chroot.patch @@ -62,12 +62,12 @@ int use_dns; int client_alive_interval; /* * poke the client this often to ---- ./session.c.org 2008-05-05 16:22:11.935003283 +0200 -+++ ./session.c 2008-05-05 16:32:50.025507650 +0200 +--- openssh-7.2p1/session.c.orig 2016-03-05 10:24:44.227756638 +0100 ++++ openssh-7.2p1/session.c 2016-03-05 10:24:50.237756386 +0100 @@ -1492,6 +1492,10 @@ do_setusercontext(struct passwd *pw) - #ifdef USE_LIBIAF - int doing_chroot = 0; - #endif + do_setusercontext(struct passwd *pw) + { + char *chroot_path, *tmp; +#ifdef CHROOT + char *user_dir; + char *new_root; @@ -75,28 +75,32 @@ platform_setusercontext(pw); -@@ -1534,6 +1538,25 @@ do_setusercontext(struct passwd *pw) - #ifdef USE_LIBIAF - doing_chroot = 1; - #endif +@@ -1532,6 +1536,29 @@ do_setusercontext(struct passwd *pw) + free(options.chroot_directory); + options.chroot_directory = NULL; + in_chroot = 1; +#ifdef CHROOT -+ } else if (options.use_chroot) { ++ } else if (!in_chroot && options.use_chroot) { + user_dir = xstrdup(pw->pw_dir); + new_root = user_dir + 1; + -+ while((new_root = strchr(new_root, '.')) != NULL) { ++ while ((new_root = strchr(new_root, '.')) != NULL) { + new_root--; -+ if(strncmp(new_root, "/./", 3) == 0) { ++ if (strncmp(new_root, "/./", 3) == 0) { + *new_root = '\0'; + new_root += 2; + -+ if(chroot(user_dir) != 0) ++ if (chroot(user_dir) != 0) + fatal("Couldn't chroot to user directory %s", user_dir); -+ pw->pw_dir = new_root; ++ /* NOTE: session->pw comes from pwcopy(), so replace pw_dir this way (incompatible with plain getpwnam() or getpwnam_r()) */ ++ free(pw->pw_dir); ++ pw->pw_dir = xstrdup(new_root); ++ in_chroot = 1; + break; + } + new_root += 2; + } ++ free(user_dir); +#endif /* CHROOT */ } diff --git a/openssh-ldap.patch b/openssh-ldap.patch index 67a7c07..741b5b5 100644 --- a/openssh-ldap.patch +++ b/openssh-ldap.patch @@ -1984,10 +1984,9 @@ diff -up openssh-6.2p1/ldapmisc.h.ldap openssh-6.2p1/ldapmisc.h + +#endif /* LDAPMISC_H */ + -diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in ---- openssh-6.2p1/Makefile.in.ldap 2013-03-25 21:27:15.850247822 +0100 -+++ openssh-6.2p1/Makefile.in 2013-03-25 21:27:57.356518817 +0100 -@@ -25,6 +25,8 @@ SSH_PROGRAM=@bindir@/ssh +--- openssh-7.2p1/Makefile.in.orig 2016-02-26 04:40:04.000000000 +0100 ++++ openssh-7.2p1/Makefile.in 2016-03-04 19:44:30.903306337 +0100 +@@ -25,6 +25,8 @@ ASKPASS_PROGRAM=$(libexecdir)/ssh-askpass SFTP_SERVER=$(libexecdir)/sftp-server SSH_KEYSIGN=$(libexecdir)/ssh-keysign @@ -1996,7 +1995,7 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in SSH_PKCS11_HELPER=$(libexecdir)/ssh-pkcs11-helper PRIVSEP_PATH=@PRIVSEP_PATH@ SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ -@@ -60,8 +62,9 @@ XAUTH_PATH=@XAUTH_PATH@ +@@ -61,8 +63,9 @@ LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@ EXEEXT=@EXEEXT@ MANFMT=@MANFMT@ @@ -2005,11 +2004,11 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) - LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \ - canohost.o channels.o cipher.o cipher-aes.o \ -@@ -95,8 +98,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passw - sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ - sandbox-seccomp-filter.o + LIBOPENSSH_OBJS=\ + ssh_api.o \ +@@ -112,8 +115,8 @@ + sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ + sandbox-solaris.o -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out -MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 @@ -2018,17 +2017,17 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in MANTYPE = @MANTYPE@ CONFIGFILES=sshd_config.out ssh_config.out moduli.out -@@ -164,6 +167,9 @@ ssh-keysign$(EXEEXT): $(LIBCOMPAT) libss +@@ -184,6 +187,9 @@ ssh-pkcs11-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-pkcs11-helper.o ssh-pkcs11.o $(LD) -o $@ ssh-pkcs11-helper.o ssh-pkcs11.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh -lopenbsd-compat $(LIBS) +ssh-ldap-helper$(EXEEXT): $(LIBCOMPAT) libssh.a ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o + $(LD) -o $@ ldapconf.o ldapbody.o ldapmisc.o ldap-helper.o $(LDFLAGS) -lssh -lopenbsd-compat -lfipscheck $(LIBS) + - ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o roaming_dummy.o - $(LD) -o $@ ssh-keyscan.o roaming_dummy.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) + ssh-keyscan$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-keyscan.o + $(LD) -o $@ ssh-keyscan.o $(LDFLAGS) -lssh -lopenbsd-compat -lssh $(LIBS) -@@ -266,6 +272,10 @@ install-files: +@@ -311,6 +317,10 @@ $(INSTALL) -m 0755 $(STRIP_OPT) sshd$(EXEEXT) $(DESTDIR)$(sbindir)/sshd$(EXEEXT) $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign$(EXEEXT) $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) @@ -2039,7 +2038,7 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 -@@ -282,6 +292,10 @@ install-files: +@@ -327,6 +337,10 @@ $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 @@ -2047,10 +2046,10 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in + $(INSTALL) -m 644 ssh-ldap-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8 ; \ + $(INSTALL) -m 644 ssh-ldap.conf.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh-ldap.conf.5 ; \ + fi - -rm -f $(DESTDIR)$(bindir)/slogin - ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 -@@ -311,6 +325,13 @@ install-sysconf: + + install-sysconf: + if [ ! -d $(DESTDIR)$(sysconfdir) ]; then \ +@@ -352,6 +366,13 @@ else \ echo "$(DESTDIR)$(sysconfdir)/moduli already exists, install will not overwrite"; \ fi @@ -2064,7 +2063,7 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in host-key: ssh-keygen$(EXEEXT) @if [ -z "$(DESTDIR)" ] ; then \ -@@ -368,6 +389,8 @@ uninstall: +@@ -392,6 +413,8 @@ -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) -rm -f $(DESTDIR)$(SSH_KEYSIGN)$(EXEEXT) -rm -f $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) @@ -2073,14 +2072,14 @@ diff -up openssh-6.2p1/Makefile.in.ldap openssh-6.2p1/Makefile.in -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 -@@ -379,6 +402,7 @@ uninstall: +@@ -403,6 +426,7 @@ -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 + -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-ldap-helper.8 - -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 - regress/modpipe$(EXEEXT): $(srcdir)/regress/modpipe.c + regress-prep: + [ -d `pwd`/regress ] || mkdir -p `pwd`/regress diff -up openssh-6.2p1/openssh-lpk-openldap.schema.ldap openssh-6.2p1/openssh-lpk-openldap.schema --- openssh-6.2p1/openssh-lpk-openldap.schema.ldap 2013-03-25 21:27:15.894248110 +0100 +++ openssh-6.2p1/openssh-lpk-openldap.schema 2013-03-25 21:27:15.894248110 +0100 diff --git a/openssh-no_libnsl.patch b/openssh-no_libnsl.patch deleted file mode 100644 index c8fbdd4..0000000 --- a/openssh-no_libnsl.patch +++ /dev/null @@ -1,23 +0,0 @@ -diff -urN openssh-3.0p1.orig/configure.ac openssh-3.0p1/configure.ac ---- openssh-3.0p1.orig/configure.ac Sat Nov 3 20:09:33 2001 -+++ openssh-3.0p1/configure.ac Wed Nov 7 16:22:54 2001 -@@ -123,6 +123,8 @@ - AC_DEFINE(LOCKED_PASSWD_PREFIX, "!!") - AC_DEFINE(SPT_TYPE,SPT_REUSEARGV) - inet6_default_4in6=yes -+ no_libnsl=1 -+ no_libsocket=1 - case `uname -r` in - 1.*|2.0.*) - AC_DEFINE(BROKEN_CMSG_TYPE) ---- openssh-5.9p1/configure.ac~ 2011-09-06 19:01:09.000000000 +0200 -+++ openssh-5.9p1/configure.ac 2011-09-06 19:02:14.816070290 +0200 -@@ -972,7 +972,6 @@ - - dnl Checks for header files. - # Checks for libraries. --AC_CHECK_FUNC([yp_match], , [AC_CHECK_LIB([nsl], [yp_match])]) - AC_CHECK_FUNC([setsockopt], , [AC_CHECK_LIB([socket], [setsockopt])]) - - dnl IRIX and Solaris 2.5.1 have dirname() in libgen - diff --git a/openssh.spec b/openssh.spec index e6b9c95..1fcfb0d 100644 --- a/openssh.spec +++ b/openssh.spec @@ -45,13 +45,13 @@ Summary(pt_BR.UTF-8): Implementação livre do SSH Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH) Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) Name: openssh -Version: 7.1p2 -Release: 3 +Version: 7.2p1 +Release: 1 Epoch: 2 License: BSD Group: Applications/Networking Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz -# Source0-md5: 4d8547670e2a220d5ef805ad9e47acf2 +# Source0-md5: b984775f0cfff1f7ff18b8797fce8a28 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2 # Source1-md5: 66943d481cc422512b537bcc2c7400d1 Source2: %{name}d.init @@ -64,7 +64,6 @@ Source9: sshd.service Source10: sshd-keygen Source11: sshd.socket Source12: sshd@.service -Patch0: %{name}-no_libnsl.patch Patch1: %{name}-tests-reuseport.patch Patch2: %{name}-pam_misc.patch Patch3: %{name}-sigpipe.patch @@ -530,7 +529,6 @@ openldap-a. %prep %setup -q -%patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 @@ -655,9 +653,6 @@ ln -s %{_libexecdir}/ssh/ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/ssh-askpass install -p contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir} cp -p contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1 -%{__rm} $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1 -echo ".so ssh.1" > $RPM_BUILD_ROOT%{_mandir}/man1/slogin.1 - touch $RPM_BUILD_ROOT/etc/security/blacklist.sshd cat << 'EOF' > $RPM_BUILD_ROOT/etc/env.d/SSH_ASKPASS @@ -783,7 +778,6 @@ fi %files clients %defattr(644,root,root,755) %attr(755,root,root) %{_bindir}/ssh -%attr(755,root,root) %{_bindir}/slogin %attr(755,root,root) %{_bindir}/sftp %attr(755,root,root) %{_bindir}/ssh-agent %attr(755,root,root) %{_bindir}/ssh-add @@ -793,7 +787,6 @@ fi %config(noreplace,missingok) %verify(not md5 mtime size) /etc/env.d/SSH_ASKPASS %{_mandir}/man1/scp.1* %{_mandir}/man1/ssh.1* -%{_mandir}/man1/slogin.1* %{_mandir}/man1/sftp.1* %{_mandir}/man1/ssh-agent.1* %{_mandir}/man1/ssh-add.1* -- 2.44.0