]> git.pld-linux.org Git - packages/openssh.git/blobdiff - openssh-blacklist.diff
projects / packages / openssh.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
one more 'ldap' bcond fix
[packages/openssh.git] / openssh-blacklist.diff
diff --git a/openssh-blacklist.diff b/openssh-blacklist.diff
index 8d7d0a296cf0bd77ba7485f9629a773aaa245d48..deded7024e4e8665a7070d2941d17348a0c3f687 100644 (file)
--- a/openssh-blacklist.diff
+++ b/openssh-blacklist.diff
@@ -120,8 +120,8 @@ This patch is up to date with respect to Debian openssh 1:4.7p1-10.
  INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
  INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
  
--TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT)
-+TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-vulnkey$(EXEEXT)
+-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT)
++TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-ldap-helper$(EXEEXT) ssh-vulnkey$(EXEEXT)
  
  LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
        canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
@@ -129,10 +129,10 @@ This patch is up to date with respect to Debian openssh 1:4.7p1-10.
        audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \
        roaming_common.o roaming_serv.o ldapauth.o
  
--MANPAGES      = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
--MANPAGES_IN   = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
-+MANPAGES      = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out ssh-vulnkey.1.out
-+MANPAGES_IN   = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 ssh-vulnkey.1
+-MANPAGES      = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out
+-MANPAGES_IN   = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5
++MANPAGES      = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out ssh-ldap-helper.8.out sshd_config.5.out ssh_config.5.out ssh-ldap.conf.5.out ssh-vulnkey.1.out
++MANPAGES_IN   = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 ssh-ldap-helper.8 sshd_config.5 ssh_config.5 ssh-ldap.conf.5 ssh-vulnkey.1
  MANTYPE               = @MANTYPE@
  
  CONFIGFILES=sshd_config.out ssh_config.out moduli.out
@@ -419,8 +419,8 @@ This patch is up to date with respect to Debian openssh 1:4.7p1-10.
 +of processing
 +.Xr ssh-keyscan 1
 +output.
---- openssh-4.7p1.orig/auth2-hostbased.c
-+++ openssh-4.7p1/auth2-hostbased.c
+--- openssh-5.6p1/auth2-hostbased.c~   2010-08-24 14:10:03.000000000 +0300
++++ openssh-5.6p1/auth2-hostbased.c    2010-08-24 14:12:10.632553591 +0300
 @@ -40,6 +40,7 @@
  #include "compat.h"
  #include "key.h"
@@ -429,14 +429,9 @@ This patch is up to date with respect to Debian openssh 1:4.7p1-10.
  #include "auth.h"
  #include "canohost.h"
  #ifdef GSSAPI
-@@ -141,10 +142,24 @@
- hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost,
-     Key *key)
- {
-+      char *fp;
-       const char *resolvedname, *ipaddr, *lookup;
-       HostStatus host_status;
+@@ -147,6 +147,19 @@
        int len;
+       char *fp;
  
 +      if (blacklisted_key(key)) {
 +              fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX);
@@ -856,8 +851,8 @@ This patch is up to date with respect to Debian openssh 1:4.7p1-10.
 +      /* We don't need the RNG ourselves, but symbol references here allow
 +       * ld to link us properly.
 +       */
-+      init_rng();
-+      seed_rng();
++      //init_rng();
++      //seed_rng();
 +
 +      while ((opt = getopt(argc, argv, "ahq")) != -1) {
 +              switch (opt) {
@@ -955,8 +950,8 @@ This patch is up to date with respect to Debian openssh 1:4.7p1-10.
  #ifndef _PATH_SSH_PROGRAM
  #define _PATH_SSH_PROGRAM             "/usr/bin/ssh"
  #endif
---- openssh-4.7p1.orig/auth2-pubkey.c
-+++ openssh-4.7p1/auth2-pubkey.c
+--- openssh-5.9p1/auth2-pubkey.c~      2011-09-29 00:36:17.000000000 +0300
++++ openssh-5.9p1/auth2-pubkey.c       2011-09-29 00:37:17.847762648 +0300
 @@ -42,6 +42,7 @@
  #include "compat.h"
  #include "key.h"
@@ -965,12 +960,12 @@ This patch is up to date with respect to Debian openssh 1:4.7p1-10.
  #include "auth.h"
  #include "pathnames.h"
  #include "uidswap.h"
-@@ -269,9 +270,23 @@
+@@ -596,9 +596,23 @@
  int
  user_key_allowed(struct passwd *pw, Key *key)
  {
 +      char *fp;
-       int success;
+       u_int success, i;
        char *file;
  
 +      if (blacklisted_key(key)) {
@@ -986,6 +981,6 @@ This patch is up to date with respect to Debian openssh 1:4.7p1-10.
 +                      return 0;
 +      }
 +
-       if (auth_key_is_revoked(key))
-               return 0;
-       if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key))
+ #ifdef WITH_AUTHORIZED_KEYS_COMMAND
+       success = user_key_via_command_allowed2(pw, key);
+       if (success > 0)
OpenSSH free Secure Shell (SSH) implementation
This page took 0.035456 seconds and 4 git commands to generate.