From 96e630ce673bdc20a5ea36a4fb2a73052fe5e814 Mon Sep 17 00:00:00 2001 From: Jan Palus Date: Fri, 11 Aug 2023 22:52:37 +0200 Subject: [PATCH] up to 9.4p1 --- openssh-config.patch | 2 +- openssh-sigpipe.patch | 14 +++---- openssh.spec | 10 ++--- openssl3.0.patch | 87 ------------------------------------------- 4 files changed, 12 insertions(+), 101 deletions(-) delete mode 100644 openssl3.0.patch diff --git a/openssh-config.patch b/openssh-config.patch index a4865fd..4d34975 100644 --- a/openssh-config.patch +++ b/openssh-config.patch @@ -13,7 +13,7 @@ diff -urNp -x '*.orig' openssh-8.8p1.org/ssh_config openssh-8.8p1/ssh_config +# GSSAPIKeyExchange no +# GSSAPITrustDNS no # BatchMode no - # CheckHostIP yes + # CheckHostIP no # AddressFamily any @@ -44,3 +47,18 @@ # ProxyCommand ssh -q -W %h:%p gateway.example.com diff --git a/openssh-sigpipe.patch b/openssh-sigpipe.patch index c4378f4..64d8616 100644 --- a/openssh-sigpipe.patch +++ b/openssh-sigpipe.patch @@ -73,17 +73,17 @@ diff -urNp -x '*.orig' openssh-8.4p1.org/ssh.c openssh-8.4p1/ssh.c usage(void) { fprintf(stderr, --"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]\n" -+"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYyZ] [-B bind_interface]\n" - " [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]\n" - " [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]\n" - " [-i identity_file] [-J [user@]host[:port]] [-L address]\n" +-"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface] [-b bind_address]\n" ++"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYyZ] [-B bind_interface] [-b bind_address]\n" + " [-c cipher_spec] [-D [bind_address:]port] [-E log_file]\n" + " [-e escape_char] [-F configfile] [-I pkcs11] [-i identity_file]\n" + " [-J destination] [-L address] [-l login_name] [-m mac_spec]\n" @@ -699,7 +699,7 @@ main(int ac, char **av) again: while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" -- "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */ -+ "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYyZ")) != -1) { /* HUZdhjruz */ +- "AB:CD:E:F:GI:J:KL:MNO:P:Q:R:S:TVw:W:XYy")) != -1) { /* HUZdhjruz */ ++ "AB:CD:E:F:GI:J:KL:MNO:P:Q:R:S:TVw:W:XYyZ")) != -1) { /* HUZdhjruz */ switch (opt) { case '1': fatal("SSH protocol v.1 is no longer supported"); diff --git a/openssh.spec b/openssh.spec index 294c203..3073812 100644 --- a/openssh.spec +++ b/openssh.spec @@ -36,13 +36,13 @@ Summary(pt_BR.UTF-8): Implementação livre do SSH Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH) Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) Name: openssh -Version: 9.3p2 -Release: 2 +Version: 9.4p1 +Release: 1 Epoch: 2 License: BSD Group: Applications/Networking Source0: https://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz -# Source0-md5: e21180e7c902e596b047b5520842c2e1 +# Source0-md5: 4bbd56a7ba51b0cd61debe8f9e77f8bb Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2 # Source1-md5: 66943d481cc422512b537bcc2c7400d1 Source2: %{name}d.init @@ -76,7 +76,6 @@ Patch11: %{name}-chroot.patch Patch13: %{name}-skip-interop-tests.patch Patch14: %{name}-bind.patch Patch15: %{name}-disable_ldap.patch -Patch16: openssl3.0.patch URL: http://www.openssh.com/portable.html BuildRequires: %{__perl} %{?with_audit:BuildRequires: audit-libs-devel} @@ -91,7 +90,7 @@ BuildRequires: libfido2-devel >= 1.5.0 %{?with_libseccomp:BuildRequires: libseccomp-devel} %{?with_selinux:BuildRequires: libselinux-devel} %{?with_ldap:BuildRequires: openldap-devel} -BuildRequires: openssl-devel >= 1.1.0g +BuildRequires: openssl-devel >= 1.1.1 BuildRequires: pam-devel %{?with_gtk:BuildRequires: pkgconfig} %if %{with tests} && %{with tests_conch} @@ -562,7 +561,6 @@ openldap-a. %patch14 -p1 %{!?with_ldap:%patch15 -p1} -%patch16 -p1 %if "%{pld_release}" == "ac" # fix for missing x11.pc diff --git a/openssl3.0.patch b/openssl3.0.patch deleted file mode 100644 index f9e9c89..0000000 --- a/openssl3.0.patch +++ /dev/null @@ -1,87 +0,0 @@ ---- openssh-8.9p1/regress/misc/sk-dummy/sk-dummy.c.orig 2022-02-23 12:31:11.000000000 +0100 -+++ openssh-8.9p1/regress/misc/sk-dummy/sk-dummy.c 2022-03-16 08:49:30.708560186 +0100 -@@ -326,7 +326,7 @@ - BIO *bio = NULL; - EVP_PKEY *pk = NULL; - EC_KEY *ec = NULL; -- SHA2_CTX ctx; -+ SHA256_CTX ctx; - uint8_t apphash[SHA256_DIGEST_LENGTH]; - uint8_t sighash[SHA256_DIGEST_LENGTH]; - uint8_t countbuf[4]; -@@ -356,9 +356,9 @@ - } - /* Prepare data to be signed */ - dump("message", message, message_len); -- SHA256Init(&ctx); -- SHA256Update(&ctx, (const u_char *)application, strlen(application)); -- SHA256Final(apphash, &ctx); -+ SHA256_Init(&ctx); -+ SHA256_Update(&ctx, (const u_char *)application, strlen(application)); -+ SHA256_Final(apphash, &ctx); - dump("apphash", apphash, sizeof(apphash)); - countbuf[0] = (counter >> 24) & 0xff; - countbuf[1] = (counter >> 16) & 0xff; -@@ -366,12 +366,12 @@ - countbuf[3] = counter & 0xff; - dump("countbuf", countbuf, sizeof(countbuf)); - dump("flags", &flags, sizeof(flags)); -- SHA256Init(&ctx); -- SHA256Update(&ctx, apphash, sizeof(apphash)); -- SHA256Update(&ctx, &flags, sizeof(flags)); -- SHA256Update(&ctx, countbuf, sizeof(countbuf)); -- SHA256Update(&ctx, message, message_len); -- SHA256Final(sighash, &ctx); -+ SHA256_Init(&ctx); -+ SHA256_Update(&ctx, apphash, sizeof(apphash)); -+ SHA256_Update(&ctx, &flags, sizeof(flags)); -+ SHA256_Update(&ctx, countbuf, sizeof(countbuf)); -+ SHA256_Update(&ctx, message, message_len); -+ SHA256_Final(sighash, &ctx); - dump("sighash", sighash, sizeof(sighash)); - /* create and encode signature */ - if ((sig = ECDSA_do_sign(sighash, sizeof(sighash), ec)) == NULL) { -@@ -417,7 +417,7 @@ - { - size_t o; - int ret = -1; -- SHA2_CTX ctx; -+ SHA256_CTX ctx; - uint8_t apphash[SHA256_DIGEST_LENGTH]; - uint8_t signbuf[sizeof(apphash) + sizeof(flags) + - sizeof(counter) + SHA256_DIGEST_LENGTH]; -@@ -435,9 +435,9 @@ - } - /* Prepare data to be signed */ - dump("message", message, message_len); -- SHA256Init(&ctx); -- SHA256Update(&ctx, (const u_char *)application, strlen(application)); -- SHA256Final(apphash, &ctx); -+ SHA256_Init(&ctx); -+ SHA256_Update(&ctx, (const u_char *)application, strlen(application)); -+ SHA256_Final(apphash, &ctx); - dump("apphash", apphash, sizeof(apphash)); - - memcpy(signbuf, apphash, sizeof(apphash)); -@@ -495,7 +495,7 @@ - { - struct sk_sign_response *response = NULL; - int ret = SSH_SK_ERR_GENERAL; -- SHA2_CTX ctx; -+ SHA256_CTX ctx; - uint8_t message[32]; - - if (sign_response == NULL) { -@@ -509,9 +509,9 @@ - skdebug(__func__, "calloc response failed"); - goto out; - } -- SHA256Init(&ctx); -- SHA256Update(&ctx, data, datalen); -- SHA256Final(message, &ctx); -+ SHA256_Init(&ctx); -+ SHA256_Update(&ctx, data, datalen); -+ SHA256_Final(message, &ctx); - response->flags = flags; - response->counter = 0x12345678; - switch(alg) { -- 2.44.0