upgrading package: openssh 4.3p2 -> 4.4p1

openssh/openssh.patch

@@ -1,7 +1,7 @@
 Index: Makefile.in
---- Makefile.in.orig	2006-01-01 09:47:05 +0100
-+++ Makefile.in	2006-02-11 09:25:19 +0100
-@@ -230,7 +230,7 @@
+--- Makefile.in.orig	2006-09-12 13:54:10 +0200
++++ Makefile.in	2006-09-28 08:00:38 +0200
+@@ -233,7 +233,7 @@
  	-rm -rf autom4te.cache
  	(cd scard && $(MAKE) -f Makefile.in distprep)
  
@@ -12,7 +12,7 @@ Index: Makefile.in
  
 Index: auth-pam.h
 --- auth-pam.h.orig	2004-09-11 14:17:26 +0200
-+++ auth-pam.h	2006-02-11 09:25:19 +0100
++++ auth-pam.h	2006-09-28 08:00:38 +0200
 @@ -28,7 +28,7 @@
  #ifdef USE_PAM
  
@@ -23,11 +23,11 @@ Index: auth-pam.h
  
  void start_pam(Authctxt *);
 Index: version.h
---- version.h.orig	2006-02-11 01:00:45 +0100
-+++ version.h	2006-02-11 09:25:19 +0100
+--- version.h.orig	2006-08-30 03:09:01 +0200
++++ version.h	2006-09-28 08:00:38 +0200
 @@ -3,4 +3,4 @@
- #define SSH_VERSION	"OpenSSH_4.3"
+ #define SSH_VERSION	"OpenSSH_4.4"
  
- #define SSH_PORTABLE	"p2"
+ #define SSH_PORTABLE	"p1"
 -#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE
 +#define SSH_RELEASE	SSH_VERSION SSH_PORTABLE " @l_openpkg_release@"

openssh/openssh.patch.alias

@@ -1,8 +1,8 @@
 Index: auth1.c
---- auth1.c.orig	2005-07-17 09:26:44 +0200
-+++ auth1.c	2006-02-11 09:26:30 +0100
-@@ -26,6 +26,9 @@
- #include "uidswap.h"
+--- auth1.c.orig	2006-09-01 07:38:36 +0200
++++ auth1.c	2006-09-28 08:00:58 +0200
+@@ -39,6 +39,9 @@
+ #endif
  #include "monitor_wrap.h"
  #include "buffer.h"
 +#ifdef USE_ALIAS
@@ -11,7 +11,7 @@ Index: auth1.c
  
  /* import */
  extern ServerOptions options;
-@@ -371,6 +374,10 @@
+@@ -389,6 +392,10 @@
  {
  	u_int ulen;
  	char *user, *style = NULL;
@@ -22,7 +22,7 @@ Index: auth1.c
  
  	/* Get the name of the user that we wish to log in as. */
  	packet_read_expect(SSH_CMSG_USER);
-@@ -382,6 +389,25 @@
+@@ -400,6 +407,25 @@
  	if ((style = strchr(user, ':')) != NULL)
  		*style++ = '\0';
  
@@ -49,11 +49,11 @@ Index: auth1.c
  	authctxt->style = style;
  
 Index: auth2.c
---- auth2.c.orig	2005-09-24 04:43:51 +0200
-+++ auth2.c	2006-02-11 09:26:30 +0100
-@@ -36,6 +36,9 @@
+--- auth2.c.orig	2006-08-05 04:39:39 +0200
++++ auth2.c	2006-09-28 08:00:58 +0200
+@@ -44,6 +44,9 @@
+ #include "dispatch.h"
  #include "pathnames.h"
- #include "monitor_wrap.h"
  #include "buffer.h"
 +#ifdef USE_ALIAS
 +#include "match.h"
@@ -61,7 +61,7 @@ Index: auth2.c
  
  #ifdef GSSAPI
  #include "ssh-gss.h"
-@@ -136,6 +139,10 @@
+@@ -147,6 +150,10 @@
  	Authmethod *m = NULL;
  	char *user, *service, *method, *style = NULL;
  	int authenticated = 0;
@@ -72,7 +72,7 @@ Index: auth2.c
  
  	if (authctxt == NULL)
  		fatal("input_userauth_request: no authctxt");
-@@ -149,6 +156,25 @@
+@@ -160,6 +167,25 @@
  	if ((style = strchr(user, ':')) != NULL)
  		*style++ = 0;
  
@@ -99,21 +99,21 @@ Index: auth2.c
  		/* setup auth context */
  		authctxt->pw = PRIVSEP(getpwnamallow(user));
 Index: servconf.c
---- servconf.c.orig	2005-12-13 09:33:20 +0100
-+++ servconf.c	2006-02-11 09:26:30 +0100
-@@ -102,6 +102,9 @@
- 	options->authorized_keys_file2 = NULL;
- 	options->num_accept_env = 0;
+--- servconf.c.orig	2006-08-18 16:23:15 +0200
++++ servconf.c	2006-09-28 08:01:48 +0200
+@@ -122,6 +122,9 @@
  	options->permit_tun = -1;
+ 	options->num_permitted_opens = -1;
+ 	options->adm_forced_command = NULL;
 +#ifdef USE_ALIAS
 + 	options->num_alias = 0;
 +#endif
+ }
  
- 	/* Needs to be accessable in many places */
- 	use_privsep = -1;
-@@ -275,6 +278,9 @@
- 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+ void
+@@ -293,6 +296,9 @@
  	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ 	sMatch, sPermitOpen, sForceCommand,
  	sUsePrivilegeSeparation,
 +#ifdef USE_ALIAS
 +	sAlias,
@@ -121,17 +121,17 @@ Index: servconf.c
  	sDeprecated, sUnsupported
  } ServerOpCodes;
  
-@@ -377,6 +383,9 @@
- 	{ "useprivilegeseparation", sUsePrivilegeSeparation},
- 	{ "acceptenv", sAcceptEnv },
- 	{ "permittunnel", sPermitTunnel },
+@@ -403,6 +409,9 @@
+  	{ "match", sMatch, SSHCFG_ALL },
+ 	{ "permitopen", sPermitOpen, SSHCFG_ALL },
+ 	{ "forcecommand", sForceCommand, SSHCFG_ALL },
 +#ifdef USE_ALIAS
 + 	{ "alias", sAlias },
 +#endif
- 	{ NULL, sBadOption }
+ 	{ NULL, sBadOption, 0 }
  };
  
-@@ -995,6 +1004,26 @@
+@@ -1260,6 +1269,26 @@
  		    arg = strdelim(&cp);
  		break;
  
@@ -159,12 +159,12 @@ Index: servconf.c
  		logit("%s line %d: Unsupported option %s",
  		    filename, linenum, arg);
 Index: servconf.h
---- servconf.h.orig	2005-12-13 09:29:03 +0100
-+++ servconf.h	2006-02-11 09:26:30 +0100
-@@ -137,6 +137,14 @@
- 	int	use_pam;		/* Enable auth via PAM */
- 
+--- servconf.h.orig	2006-08-18 16:23:15 +0200
++++ servconf.h	2006-09-28 08:02:15 +0200
+@@ -141,6 +141,14 @@
  	int	permit_tun;
+ 
+ 	int	num_permitted_opens;
 +#ifdef USE_ALIAS
 +#define MAX_ALIAS 256
 +	u_int num_alias;
@@ -177,9 +177,9 @@ Index: servconf.h
  
  void	 initialize_server_options(ServerOptions *);
 Index: sshd_config.5
---- sshd_config.5.orig	2006-01-03 08:47:31 +0100
-+++ sshd_config.5	2006-02-11 09:26:30 +0100
-@@ -94,6 +94,15 @@
+--- sshd_config.5.orig	2006-08-30 03:06:34 +0200
++++ sshd_config.5	2006-09-28 08:00:58 +0200
+@@ -97,6 +97,15 @@
  (use IPv6 only).
  The default is
  .Dq any .

openssh/openssh.patch.chroot

@@ -1,7 +1,7 @@
 Index: scp.c
---- scp.c.orig	2006-01-31 12:11:38 +0100
-+++ scp.c	2006-02-11 09:27:20 +0100
-@@ -102,6 +102,11 @@
+--- scp.c.orig	2006-08-05 04:39:40 +0200
++++ scp.c	2006-09-28 08:02:41 +0200
+@@ -128,6 +128,11 @@
  /* This is the program to execute for the secured connection. ("ssh" or -S) */
  char *ssh_program = _PATH_SSH_PROGRAM;
  
@@ -13,7 +13,7 @@ Index: scp.c
  /* This is used to store the pid of ssh_program */
  pid_t do_cmd_pid = -1;
  
-@@ -278,7 +283,11 @@
+@@ -310,7 +315,11 @@
  	addargs(&args, "-oClearAllForwardings yes");
  
  	fflag = tflag = 0;
@@ -25,7 +25,7 @@ Index: scp.c
  		switch (ch) {
  		/* User-visible flags. */
  		case '1':
-@@ -339,6 +348,11 @@
+@@ -371,6 +380,11 @@
  			setmode(0, O_BINARY);
  #endif
  			break;
@@ -37,7 +37,7 @@ Index: scp.c
  		default:
  			usage();
  		}
-@@ -354,6 +368,19 @@
+@@ -386,6 +400,19 @@
  	remin = STDIN_FILENO;
  	remout = STDOUT_FILENO;
  
@@ -58,9 +58,9 @@ Index: scp.c
  		/* Follow "protocol", send data. */
  		(void) response();
 Index: session.c
---- session.c.orig	2006-02-08 00:18:55 +0100
-+++ session.c	2006-02-11 09:27:20 +0100
-@@ -1301,6 +1301,26 @@
+--- session.c.orig	2006-09-01 07:38:37 +0200
++++ session.c	2006-09-28 08:02:41 +0200
+@@ -1337,6 +1337,26 @@
  			exit(1);
  		}
  		endgrent();
@@ -88,11 +88,11 @@ Index: session.c
  		if (options.gss_authentication) {
  			temporarily_use_uid(pw);
 Index: sftp-server.c
---- sftp-server.c.orig	2006-01-02 13:40:51 +0100
-+++ sftp-server.c	2006-02-11 09:27:20 +0100
-@@ -1049,6 +1049,38 @@
- 	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
- #endif
+--- sftp-server.c.orig	2006-08-05 04:39:40 +0200
++++ sftp-server.c	2006-09-28 08:02:41 +0200
+@@ -1270,6 +1270,38 @@
+ 
+ 	handle_init();
  
 +#ifdef USE_CHROOT
 +{

openssh/openssh.patch.scpbindir

@@ -1,8 +1,8 @@
 Index: session.c
---- session.c.orig	2006-02-08 00:18:55 +0100
-+++ session.c	2006-02-11 09:27:54 +0100
-@@ -67,6 +67,10 @@
- #include "ssh-gss.h"
+--- session.c.orig	2006-09-01 07:38:37 +0200
++++ session.c	2006-09-28 08:04:00 +0200
+@@ -92,6 +92,10 @@
+ #include <kafs.h>
  #endif
  
 +#ifndef SCPBINDIR
@@ -12,7 +12,7 @@ Index: session.c
  /* func */
  
  Session *session_new(void);
-@@ -651,6 +655,21 @@
+@@ -680,6 +684,21 @@
  void
  do_exec(Session *s, const char *command)
  {
@@ -31,10 +31,10 @@ Index: session.c
 +		debug("Forced SCP command '%.900s'", command);
 +	}
 +
- 	if (forced_command) {
+ 	if (options.adm_forced_command) {
  		original_command = command;
- 		command = forced_command;
-@@ -675,6 +694,8 @@
+ 		command = options.adm_forced_command;
+@@ -708,6 +727,8 @@
  		do_exec_no_pty(s, command);
  
  	original_command = NULL;

openssh/openssh.patch.sftplogging

@@ -1,23 +1,20 @@
 Index: servconf.c
---- servconf.c.orig	2005-12-13 09:33:20 +0100
-+++ servconf.c	2006-02-11 09:28:21 +0100
-@@ -103,6 +103,15 @@
- 	options->num_accept_env = 0;
+--- servconf.c.orig	2006-08-18 16:23:15 +0200
++++ servconf.c	2006-09-28 08:06:00 +0200
+@@ -122,6 +122,12 @@
  	options->permit_tun = -1;
- 
+ 	options->num_permitted_opens = -1;
+ 	options->adm_forced_command = NULL;
 +	options->log_sftp = LOG_SFTP_NOT_SET;
-+        options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET;
-+        options->sftp_log_level = SYSLOG_LEVEL_NOT_SET;
-+
++	options->sftp_log_facility = SYSLOG_FACILITY_NOT_SET;
++	options->sftp_log_level = SYSLOG_LEVEL_NOT_SET;
 +	memset(options->sftp_umask, 0, SFTP_UMASK_LENGTH);
-+
 +	options->sftp_permit_chmod = SFTP_PERMIT_NOT_SET;
 +	options->sftp_permit_chown = SFTP_PERMIT_NOT_SET;
-+
- 	/* Needs to be accessable in many places */
- 	use_privsep = -1;
  }
-@@ -233,6 +242,24 @@
+ 
+ void
+@@ -250,6 +256,24 @@
  	if (options->permit_tun == -1)
  		options->permit_tun = SSH_TUNMODE_NO;
  
@@ -42,9 +39,9 @@ Index: servconf.c
  	/* Turn privilege separation on by default */
  	if (use_privsep == -1)
  		use_privsep = 1;
-@@ -275,6 +302,9 @@
- 	sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
+@@ -293,6 +317,9 @@
  	sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel,
+ 	sMatch, sPermitOpen, sForceCommand,
  	sUsePrivilegeSeparation,
 +	sLogSftp, sSftpLogFacility, sSftpLogLevel,
 +	sSftpUmask,
@@ -52,8 +49,8 @@ Index: servconf.c
  	sDeprecated, sUnsupported
  } ServerOpCodes;
  
-@@ -284,6 +314,12 @@
- 	ServerOpCodes opcode;
+@@ -307,6 +334,12 @@
+ 	u_int flags;
  } keywords[] = {
  	/* Portable-specific options */
 + 	{ "logsftp", sLogSftp},
@@ -63,18 +60,18 @@ Index: servconf.c
 + 	{ "sftppermitchmod", sSftpPermitChmod},
 + 	{ "sftppermitchown", sSftpPermitChown},
  #ifdef USE_PAM
- 	{ "usepam", sUsePAM },
+ 	{ "usepam", sUsePAM, SSHCFG_GLOBAL },
  #else
-@@ -446,6 +482,8 @@
- 	ServerOpCodes opcode;
- 	u_short port;
+@@ -431,6 +464,8 @@
+ add_listen_addr(ServerOptions *options, char *addr, u_short port)
+ {
  	u_int i;
 + 	unsigned int umaskvalue = 0;
 + 	char *umaskptr;
  
- 	cp = line;
- 	arg = strdelim(&cp);
-@@ -932,6 +970,58 @@
+ 	if (options->num_ports == 0)
+ 		options->ports[options->num_ports++] = SSH_DEFAULT_PORT;
+@@ -1146,6 +1181,58 @@
  	case sBanner:
  		charptr = &options->banner;
  		goto parse_filename;
@@ -134,9 +131,9 @@ Index: servconf.c
  	 * These options can contain %X options expanded at
  	 * connect time, so that you can specify paths like:
 Index: servconf.h
---- servconf.h.orig	2005-12-13 09:29:03 +0100
-+++ servconf.h	2006-02-11 09:28:21 +0100
-@@ -35,6 +35,19 @@
+--- servconf.h.orig	2006-08-18 16:23:15 +0200
++++ servconf.h	2006-09-28 08:05:25 +0200
+@@ -34,6 +34,19 @@
  #define	PERMIT_NO_PASSWD	2
  #define	PERMIT_YES		3
  
@@ -156,10 +153,10 @@ Index: servconf.h
  #define DEFAULT_AUTH_FAIL_MAX	6	/* Default for MaxAuthTries */
  
  typedef struct {
-@@ -137,6 +150,13 @@
- 	int	use_pam;		/* Enable auth via PAM */
- 
+@@ -141,6 +154,13 @@
  	int	permit_tun;
+ 
+ 	int	num_permitted_opens;
 +	int	log_sftp;		/* perform sftp-server logging */
 +	SyslogFacility sftp_log_facility;    /* Facility for sftp subsystem logging. */
 +	LogLevel sftp_log_level;     /* Level for sftp subsystem logging. */
@@ -171,9 +168,9 @@ Index: servconf.h
  
  void	 initialize_server_options(ServerOptions *);
 Index: session.c
---- session.c.orig	2006-02-08 00:18:55 +0100
-+++ session.c	2006-02-11 09:28:21 +0100
-@@ -113,6 +113,15 @@
+--- session.c.orig	2006-09-01 07:38:37 +0200
++++ session.c	2006-09-28 08:04:35 +0200
+@@ -138,6 +138,15 @@
  
  static int is_child = 0;
  
@@ -189,15 +186,15 @@ Index: session.c
  /* Name and directory of socket for authentication agent forwarding. */
  static char *auth_sock_name = NULL;
  static char *auth_sock_dir = NULL;
-@@ -975,6 +984,7 @@
- 	env = xmalloc(envsize * sizeof(char *));
+@@ -1011,6 +1020,7 @@
+ 	env = xcalloc(envsize, sizeof(char *));
  	env[0] = NULL;
  
 +
  #ifdef HAVE_CYGWIN
  	/*
  	 * The Windows environment contains some setting which are
-@@ -1135,6 +1145,67 @@
+@@ -1171,6 +1181,67 @@
  		child_set_env(&env, &envsize, SSH_AUTHSOCKET_ENV_NAME,
  		    auth_sock_name);
  
@@ -266,11 +263,11 @@ Index: session.c
  	if (options.permit_user_env && !options.use_login) {
  		snprintf(buf, sizeof buf, "%.200s/.ssh/environment",
 Index: sftp-server.8
---- sftp-server.8.orig	2003-10-15 07:50:43 +0200
-+++ sftp-server.8	2006-02-11 09:28:22 +0100
-@@ -41,6 +41,20 @@
+--- sftp-server.8.orig	2006-09-26 12:57:06 +0200
++++ sftp-server.8	2006-09-28 08:04:35 +0200
+@@ -49,6 +49,20 @@
  .Cm Subsystem
- option.
+ declaration.
  See
 +.Xr sshd 8
 +for more information. Sftp-server transactions may be logged
@@ -288,40 +285,37 @@ Index: sftp-server.8
 +. See
  .Xr sshd_config 5
  for more information.
- .Sh SEE ALSO
+ .Pp
 Index: sftp-server.c
---- sftp-server.c.orig	2006-01-02 13:40:51 +0100
-+++ sftp-server.c	2006-02-11 09:28:22 +0100
-@@ -32,6 +32,13 @@
- #define get_string(lenp)		buffer_get_string(&iqueue, lenp);
- #define TRACE				debug
+--- sftp-server.c.orig	2006-08-05 04:39:40 +0200
++++ sftp-server.c	2006-09-28 08:18:48 +0200
+@@ -53,6 +53,12 @@
+ /* Our verbosity */
+ LogLevel log_level = SYSLOG_LEVEL_ERROR;
  
 +/* SFTP_UMASK */
 +static mode_t setumask = 0;
-+
 +static int permit_chmod = 1;
 +static int permit_chown = 1;
 +static int permit_logging = 0;
 +
- extern char *__progname;
- 
- /* input and output queue */
-@@ -382,6 +389,14 @@
+ /* Our client */
+ struct passwd *pw = NULL;
+ char *client_addr = NULL;
+@@ -498,6 +504,12 @@
  	a = get_attrib();
  	flags = flags_from_portable(pflags);
  	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a->perm : 0666;
-+
 +	if (setumask != 0) {
-+		if ( permit_logging == 1 )
-+		logit("setting file creation mode to 0666 and umask to %o", setumask);
++		if (permit_logging == 0)
++			logit("setting file creation mode to 0666 and umask to %o", setumask);
 +		mode = 0666;
 +		umask(setumask);
 +	}
-+
- 	TRACE("open id %u name %s flags %d mode 0%o", id, name, pflags, mode);
+ 	logit("open \"%s\" flags %s mode 0%o",
+ 	    name, string_from_portable(pflags), mode);
  	fd = open(name, flags, mode);
- 	if (fd < 0) {
-@@ -395,6 +410,8 @@
+@@ -512,6 +524,8 @@
  			status = SSH2_FX_OK;
  		}
  	}
@@ -330,15 +324,7 @@ Index: sftp-server.c
  	if (status != SSH2_FX_OK)
  		send_status(id, status);
  	xfree(name);
-@@ -431,6 +448,7 @@
- 	    (unsigned long long)off, len);
- 	if (len > sizeof buf) {
- 		len = sizeof buf;
-+		if ( permit_logging == 1 )
- 		logit("read change len %d", len);
- 	}
- 	fd = handle_to_fd(handle);
-@@ -450,6 +468,8 @@
+@@ -569,6 +583,8 @@
  			}
  		}
  	}
@@ -347,70 +333,59 @@ Index: sftp-server.c
  	if (status != SSH2_FX_OK)
  		send_status(id, status);
  }
-@@ -484,10 +504,13 @@
- 			} else if ((size_t)ret == len) {
- 				status = SSH2_FX_OK;
- 			} else {
-+				if ( permit_logging == 1 )
- 				logit("nothing at all written");
+@@ -608,6 +624,8 @@
  			}
  		}
  	}
-+	if ( permit_logging == 1 )
-+	logit("writing file");
++	if (permit_logging == 1)
++		logit("writing file");
  	send_status(id, status);
  	xfree(data);
  }
-@@ -580,24 +603,46 @@
- 	a = get_attrib();
- 	TRACE("setstat id %u name %s", id, name);
- 	if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
-+if ( permit_logging == 1 )
-+logit("process_setstat: truncate");
- 		ret = truncate(name, a->size);
- 		if (ret == -1)
+@@ -708,10 +726,19 @@
  			status = errno_to_portable(errno);
  	}
  	if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
 +		if (permit_chmod == 1) {
+ 		logit("set \"%s\" mode %04o", name, a->perm);
  		ret = chmod(name, a->perm & 0777);
  		if (ret == -1)
  			status = errno_to_portable(errno);
-+			else
-+				if ( permit_logging == 1 )
++		else
++			if (permit_logging == 1)
 +				logit("chmod'ed %s", name);
 +		} else {
 +			status = SSH2_FX_PERMISSION_DENIED;
-+			if ( permit_logging == 1 )
-+			logit("chmod %s: operation prohibited by sftp-server configuration.", name);
++			if (permit_logging == 1)
++				logit("chmod %s: operation prohibited by sftp-server configuration.", name);
 +		}
  	}
  	if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
-+if ( permit_logging == 1 )
-+logit("process_setstat: utimes");
- 		ret = utimes(name, attrib_to_tv(a));
- 		if (ret == -1)
+ 		char buf[64];
+@@ -725,11 +752,20 @@
  			status = errno_to_portable(errno);
  	}
  	if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
 +		if (permit_chown == 1) {
+ 		logit("set \"%s\" owner %lu group %lu", name,
+ 		    (u_long)a->uid, (u_long)a->gid);
  		ret = chown(name, a->uid, a->gid);
  		if (ret == -1)
  			status = errno_to_portable(errno);
-+			else
-+				if ( permit_logging == 1 )
++		else
++			if (permit_logging == 1)
 +				logit("chown'ed %s.", name);
 +		} else {
 +			status = SSH2_FX_PERMISSION_DENIED;
-+			if ( permit_logging == 1 )
-+			logit("chown %s: operation prohibited by sftp-server configuration.", name);
++			if (permit_logging == 1)
++				logit("chown %s: operation prohibited by sftp-server configuration.", name);
 +		}
  	}
  	send_status(id, status);
  	xfree(name);
-@@ -612,6 +657,9 @@
+@@ -743,6 +779,9 @@
+ 	int handle, fd, ret;
  	int status = SSH2_FX_OK;
- 	char *name;
  
 +if ( permit_logging == 1 )
 +logit("process_fsetstat");
@@ -418,64 +393,53 @@ Index: sftp-server.c
  	id = get_int();
  	handle = get_handle();
  	a = get_attrib();
-@@ -622,11 +670,14 @@
- 		status = SSH2_FX_FAILURE;
- 	} else {
- 		if (a->flags & SSH2_FILEXFER_ATTR_SIZE) {
-+if ( permit_logging == 1 )
-+logit("process_fsetstat: ftruncate");
- 			ret = ftruncate(fd, a->size);
- 			if (ret == -1)
+@@ -760,6 +799,7 @@
  				status = errno_to_portable(errno);
  		}
  		if (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) {
 +			if (permit_chmod == 1) {
+ 			logit("set \"%s\" mode %04o", name, a->perm);
  #ifdef HAVE_FCHMOD
  			ret = fchmod(fd, a->perm & 0777);
- #else
-@@ -634,8 +685,18 @@
+@@ -768,6 +808,14 @@
  #endif
  			if (ret == -1)
  				status = errno_to_portable(errno);
-+				else
-+					if ( permit_logging == 1 )
++			else
++				if (permit_logging == 1)
 +					logit("chmod: succeeded.");
 +			} else {
 +	                        status = SSH2_FX_PERMISSION_DENIED;
-+				if ( permit_logging == 1 )
-+				logit("chmod: operation prohibited by sftp-server configuration.");
++				if (permit_logging == 1)
++					logit("chmod: operation prohibited by sftp-server configuration.");
 +			}
  		}
  		if (a->flags & SSH2_FILEXFER_ATTR_ACMODTIME) {
-+if ( permit_logging == 1 )
-+logit("process_fsetstat: utimes");
- #ifdef HAVE_FUTIMES
- 			ret = futimes(fd, attrib_to_tv(a));
- #else
-@@ -645,6 +706,7 @@
+ 			char buf[64];
+@@ -785,6 +833,7 @@
  				status = errno_to_portable(errno);
  		}
  		if (a->flags & SSH2_FILEXFER_ATTR_UIDGID) {
 +			if (permit_chown == 1) {
+ 			logit("set \"%s\" owner %lu group %lu", name,
+ 			    (u_long)a->uid, (u_long)a->gid);
  #ifdef HAVE_FCHOWN
- 			ret = fchown(fd, a->uid, a->gid);
- #else
-@@ -652,6 +714,14 @@
+@@ -794,6 +843,14 @@
  #endif
  			if (ret == -1)
  				status = errno_to_portable(errno);
-+				else
-+					if ( permit_logging == 1 )
++			else
++				if (permit_logging == 1)
 +					logit("chown: succeeded");
 +			} else {
 +				status = SSH2_FX_PERMISSION_DENIED;
-+				if ( permit_logging == 1 )
-+				logit("chown: operation prohibited by sftp-server configuration.");
++				if (permit_logging == 1)
++					logit("chown: operation prohibited by sftp-server configuration.");
 +			}
  		}
  	}
  	send_status(id, status);
-@@ -681,6 +751,8 @@
+@@ -824,6 +881,8 @@
  		}
  
  	}
@@ -484,8 +448,8 @@ Index: sftp-server.c
  	if (status != SSH2_FX_OK)
  		send_status(id, status);
  	xfree(path);
-@@ -754,6 +826,8 @@
- 	TRACE("remove id %u name %s", id, name);
+@@ -899,6 +958,8 @@
+ 	logit("remove name \"%s\"", name);
  	ret = unlink(name);
  	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
 +	if ( permit_logging == 1 )
@@ -493,28 +457,21 @@ Index: sftp-server.c
  	send_status(id, status);
  	xfree(name);
  }
-@@ -771,9 +845,19 @@
+@@ -916,6 +977,12 @@
  	a = get_attrib();
  	mode = (a->flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ?
  	    a->perm & 0777 : 0777;
-+
 +        if (setumask != 0) {
-+		if ( permit_logging == 1 )
-+                logit("setting directory creation mode to 0777 and umask to %o.", setumask);
++		if (permit_logging == 1)
++                	logit("setting directory creation mode to 0777 and umask to %o.", setumask);
 +                mode = 0777;
 +                umask(setumask);
 +        }
-+
- 	TRACE("mkdir id %u name %s mode 0%o", id, name, mode);
+ 	debug3("request %u: mkdir", id);
+ 	logit("mkdir name \"%s\" mode 0%o", name, mode);
  	ret = mkdir(name, mode);
- 	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
-+	if ( permit_logging == 1 )
-+	logit("mkdir %s", name);
- 	send_status(id, status);
- 	xfree(name);
- }
-@@ -790,6 +874,8 @@
- 	TRACE("rmdir id %u name %s", id, name);
+@@ -937,6 +1004,8 @@
+ 	logit("rmdir name \"%s\"", name);
  	ret = rmdir(name);
  	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
 +	if ( permit_logging == 1 )
@@ -522,7 +479,7 @@ Index: sftp-server.c
  	send_status(id, status);
  	xfree(name);
  }
-@@ -816,6 +902,8 @@
+@@ -964,6 +1033,8 @@
  		s.name = s.long_name = resolvedname;
  		send_names(id, 1, &s);
  	}
@@ -531,7 +488,7 @@ Index: sftp-server.c
  	xfree(path);
  }
  
-@@ -871,6 +959,8 @@
+@@ -1020,6 +1091,8 @@
  			status = SSH2_FX_OK;
  	}
  	send_status(id, status);
@@ -540,7 +497,7 @@ Index: sftp-server.c
  	xfree(oldpath);
  	xfree(newpath);
  }
-@@ -896,6 +986,8 @@
+@@ -1046,6 +1119,8 @@
  		s.name = s.long_name = buf;
  		send_names(id, 1, &s);
  	}
@@ -549,7 +506,7 @@ Index: sftp-server.c
  	xfree(path);
  }
  
-@@ -914,6 +1006,8 @@
+@@ -1065,6 +1140,8 @@
  	ret = symlink(oldpath, newpath);
  	status = (ret == -1) ? errno_to_portable(errno) : SSH2_FX_OK;
  	send_status(id, status);
@@ -558,33 +515,29 @@ Index: sftp-server.c
  	xfree(oldpath);
  	xfree(newpath);
  }
-@@ -1035,6 +1129,8 @@
- {
- 	fd_set *rset, *wset;
- 	int in, out, max;
+@@ -1212,6 +1289,8 @@
+ 	ssize_t len, olen, set_size;
+ 	SyslogFacility log_facility = SYSLOG_FACILITY_AUTH;
+ 	char *cp;
 +	unsigned int val = 0;
 +	char *umask_env;
- 	ssize_t len, olen, set_size;
  
- 	/* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
-@@ -1045,6 +1141,16 @@
- 	__progname = ssh_get_progname(av[0]);
- 	handle_init();
+ 	extern char *optarg;
+ 	extern char *__progname;
+@@ -1250,6 +1329,12 @@
+ 		}
+ 	}
  
-+	/* Transaction logging */
-+
-+	if (atoi(getenv("LOG_SFTP")) == 1)
-+	{
++	if (atoi(getenv("LOG_SFTP")) == 1) {
 +		permit_logging = 1;
 +		log_init("sftp-server", atoi(getenv("SFTP_LOG_LEVEL")),
 +			atoi(getenv("SFTP_LOG_FACILITY")), 0);
-+	};
-+
-+
- #ifdef DEBUG_SFTP_SERVER
- 	log_init("sftp-server", SYSLOG_LEVEL_DEBUG1, SYSLOG_FACILITY_AUTH, 0);
- #endif
-@@ -1052,6 +1158,39 @@
++	}
++        else
+ 	log_init(__progname, log_level, log_facility, log_stderr);
+ 
+ 	if ((cp = getenv("SSH_CONNECTION")) != NULL) {
+@@ -1273,6 +1358,39 @@
  	in = dup(STDIN_FILENO);
  	out = dup(STDOUT_FILENO);
  
@@ -624,19 +577,10 @@ Index: sftp-server.c
  #ifdef HAVE_CYGWIN
  	setmode(in, O_BINARY);
  	setmode(out, O_BINARY);
-@@ -1091,6 +1230,8 @@
- 			len = read(in, buf, sizeof buf);
- 			if (len == 0) {
- 				debug("read eof");
-+				if ( permit_logging == 1 )
-+				logit("sftp-server finished.");
- 				exit(0);
- 			} else if (len < 0) {
- 				error("read error");
 Index: sshd_config.5
---- sshd_config.5.orig	2006-01-03 08:47:31 +0100
-+++ sshd_config.5	2006-02-11 09:28:22 +0100
-@@ -426,6 +426,10 @@
+--- sshd_config.5.orig	2006-08-30 03:06:34 +0200
++++ sshd_config.5	2006-09-28 08:04:35 +0200
+@@ -485,6 +485,10 @@
  DEBUG and DEBUG1 are equivalent.
  DEBUG2 and DEBUG3 each specify higher levels of debugging output.
  Logging with a DEBUG level violates the privacy of users and is not recommended.
@@ -647,7 +591,7 @@ Index: sshd_config.5
  .It Cm MACs
  Specifies the available MAC (message authentication code) algorithms.
  The MAC algorithm is used in protocol version 2
-@@ -597,6 +601,37 @@
+@@ -717,6 +721,37 @@
  .It Cm ServerKeyBits
  Defines the number of bits in the ephemeral protocol version 1 server key.
  The minimum value is 512, and the default is 768.
@@ -684,15 +628,14 @@ Index: sshd_config.5
 +mode specified by the sftp client. The default is for no umask.
  .It Cm StrictModes
  Specifies whether
- .Nm sshd
+ .Xr sshd 8
 Index: sshd_config
---- sshd_config.orig	2005-12-13 09:29:03 +0100
-+++ sshd_config	2006-02-11 09:28:22 +0100
-@@ -103,3 +103,14 @@
- 
+--- sshd_config.orig	2006-07-24 06:06:47 +0200
++++ sshd_config	2006-09-28 08:19:22 +0200
+@@ -105,6 +105,17 @@
  # override default of no subsystems
  Subsystem	sftp	/usr/libexec/sftp-server
-+
+ 
 +# sftp-server logging
 +#LogSftp no
 +#SftpLogFacility AUTH
@@ -703,3 +646,7 @@ Index: sshd_config
 +
 +#SftpPermitChmod yes
 +#SftpPermitChown yes
++
+ # Example of overriding settings on a per-user basis
+ #Match User anoncvs
+ #	X11Forwarding no

openssh/openssh.spec

@@ -23,13 +23,13 @@
 ##
 
 #   package versions
-%define       V_base        4.3
-%define       V_portable    p2
+%define       V_base        4.4
+%define       V_portable    p1
 %define       V_watchdog    4.0p1
 %define       V_ldap_base   4.3p1
 %define       V_ldap_vers   0.3.7
 %define       V_connect     1.96
-%define       V_hpn         12
+%define       V_hpn         4.3p2-hpn12
 
 #   package information
 Name:         openssh
@@ -42,7 +42,7 @@ Class:        CORE
 Group:        SSH
 License:      BSD
 Version:      %{V_base}%{V_portable}
-Release:      20060924
+Release:      20060928
 
 #   package options
 %option       with_fsl          yes
@@ -78,7 +78,7 @@ Patch3:       http://www.sc.isc.tohoku.ac.jp/~hgot/sources/openssh-%{V_watchdog}
 Patch4:       http://www.opendarwin.org/projects/openssh-lpk/files/openssh-lpk-%{V_ldap_base}-%{V_ldap_vers}.patch
 Patch5:       openssh.patch.sftplogging
 Patch6:       openssh.patch.scpbindir
-Patch7:       http://www.psc.edu/networking/projects/hpn-ssh/openssh-%{version}-hpn%{V_hpn}.diff.gz
+Patch7:       http://www.psc.edu/networking/projects/hpn-ssh/openssh-%{V_hpn}.diff.gz
 
 #   build information
 Prefix:       %{l_prefix}
@@ -148,7 +148,7 @@ AutoReqProv:  no
     prog openssh:hpn = {
         version   = %{V_hpn}
         url       = http://www.psc.edu/networking/projects/hpn-ssh/
-        regex     = openssh-%{version}-hpn(__VER__)\.diff\.gz
+        regex     = openssh-(__VER__-hpn__VER__)\.diff\.gz
     }
 
 %prep