diff --git a/openssh/openssh.patch.alias b/openssh/openssh.patch.alias index a37573b2f3..ba5aa44ac4 100644 --- a/openssh/openssh.patch.alias +++ b/openssh/openssh.patch.alias @@ -1,6 +1,6 @@ Index: auth2.c ---- auth2.c.orig 2021-09-26 16:03:19.000000000 +0200 -+++ auth2.c 2021-09-30 12:00:44.627802000 +0200 +--- auth2.c.orig 2021-03-02 11:31:47.000000000 +0100 ++++ auth2.c 2021-03-03 08:25:17.978876000 +0100 @@ -58,6 +58,9 @@ #endif #include "monitor_wrap.h" @@ -49,9 +49,9 @@ Index: auth2.c /* setup auth context */ authctxt->pw = PRIVSEP(getpwnamallow(ssh, user)); Index: servconf.c ---- servconf.c.orig 2021-09-26 16:03:19.000000000 +0200 -+++ servconf.c 2021-09-30 12:00:44.629664000 +0200 -@@ -195,6 +195,9 @@ +--- servconf.c.orig 2021-03-02 11:31:47.000000000 +0100 ++++ servconf.c 2021-03-03 08:25:17.979352000 +0100 +@@ -196,6 +196,9 @@ options->fingerprint_hash = -1; options->disable_forwarding = -1; options->expose_userauth_info = -1; @@ -61,7 +61,7 @@ Index: servconf.c } /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ -@@ -517,6 +520,9 @@ +@@ -520,6 +523,9 @@ sStreamLocalBindMask, sStreamLocalBindUnlink, sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, @@ -71,7 +71,7 @@ Index: servconf.c sDeprecated, sIgnore, sUnsupported } ServerOpCodes; -@@ -676,6 +682,9 @@ +@@ -678,6 +684,9 @@ { "rdomain", sRDomain, SSHCFG_ALL }, { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, @@ -81,7 +81,7 @@ Index: servconf.c { NULL, sBadOption, 0 } }; -@@ -2435,6 +2444,26 @@ +@@ -2395,6 +2404,26 @@ *charptr = xstrdup(arg); break; @@ -109,8 +109,8 @@ Index: servconf.c case sIgnore: case sUnsupported: Index: servconf.h ---- servconf.h.orig 2021-09-26 16:03:19.000000000 +0200 -+++ servconf.h 2021-09-30 12:00:44.630463000 +0200 +--- servconf.h.orig 2021-03-02 11:31:47.000000000 +0100 ++++ servconf.h 2021-03-03 08:25:17.979556000 +0100 @@ -229,6 +229,14 @@ int expose_userauth_info; u_int64_t timing_secret; @@ -127,8 +127,8 @@ Index: servconf.h /* Information about the incoming connection as used by Match */ Index: sshd_config.5 ---- sshd_config.5.orig 2021-09-26 16:03:19.000000000 +0200 -+++ sshd_config.5 2021-09-30 12:00:44.631757000 +0200 +--- sshd_config.5.orig 2021-03-02 11:31:47.000000000 +0100 ++++ sshd_config.5 2021-03-03 08:25:17.979860000 +0100 @@ -106,6 +106,15 @@ Note that disabling agent forwarding does not improve security unless users are also denied shell access, as they can always install diff --git a/openssh/openssh.patch.chroot b/openssh/openssh.patch.chroot index 24f4170a6c..ef2b40be61 100644 --- a/openssh/openssh.patch.chroot +++ b/openssh/openssh.patch.chroot @@ -1,7 +1,7 @@ Index: scp.c ---- scp.c.orig 2021-09-26 16:03:19.000000000 +0200 -+++ scp.c 2021-09-30 12:00:21.319372000 +0200 -@@ -171,6 +171,11 @@ +--- scp.c.orig 2021-03-02 11:31:47.000000000 +0100 ++++ scp.c 2021-03-03 08:26:22.056945000 +0100 +@@ -159,6 +159,11 @@ /* This is the program to execute for the secured connection. ("ssh" or -S) */ char *ssh_program = _PATH_SSH_PROGRAM; @@ -12,32 +12,32 @@ Index: scp.c + /* This is used to store the pid of ssh_program */ pid_t do_cmd_pid = -1; - pid_t do_cmd_pid2 = -1; -@@ -481,7 +486,11 @@ + +@@ -432,7 +437,11 @@ fflag = Tflag = tflag = 0; while ((ch = getopt(argc, argv, +#ifdef USE_CHROOT -+ "12346ABCTdfOpqRrstvD:F:J:M:P:S:c:i:l:o:X:")) != -1) { ++ "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:R:")) != -1) { +#else - "12346ABCTdfOpqRrstvD:F:J:M:P:S:c:i:l:o:")) != -1) { + "12346ABCTdfpqrtvF:J:P:S:c:i:l:o:")) != -1) { +#endif switch (ch) { /* User-visible flags. */ case '1': -@@ -581,6 +590,11 @@ +@@ -516,6 +525,11 @@ case 'T': Tflag = 1; break; +#ifdef USE_CHROOT -+ case 'X': ++ case 'R': + chrootdir = xstrdup(optarg); + break; +#endif default: usage(); } -@@ -615,6 +629,19 @@ +@@ -545,6 +559,19 @@ remin = STDIN_FILENO; remout = STDOUT_FILENO; @@ -58,8 +58,8 @@ Index: scp.c /* Follow "protocol", send data. */ (void) response(); Index: session.c ---- session.c.orig 2021-09-26 16:03:19.000000000 +0200 -+++ session.c 2021-09-30 11:59:33.904574000 +0200 +--- session.c.orig 2021-03-02 11:31:47.000000000 +0100 ++++ session.c 2021-03-03 08:25:31.704168000 +0100 @@ -1402,6 +1402,25 @@ options.chroot_directory = NULL; in_chroot = 1; @@ -87,9 +87,9 @@ Index: session.c #ifdef HAVE_LOGIN_CAP if (setusercontext(lc, pw, pw->pw_uid, LOGIN_SETUSER) < 0) { Index: sftp-server.c ---- sftp-server.c.orig 2021-09-26 16:03:19.000000000 +0200 -+++ sftp-server.c 2021-09-30 11:59:33.905055000 +0200 -@@ -1818,6 +1818,38 @@ +--- sftp-server.c.orig 2021-03-02 11:31:47.000000000 +0100 ++++ sftp-server.c 2021-03-03 08:25:31.704450000 +0100 +@@ -1717,6 +1717,38 @@ logit("session opened for local user %s from [%s]", pw->pw_name, client_addr); diff --git a/openssh/openssh.patch.lpk b/openssh/openssh.patch.lpk index 87fafdec1e..2037611f88 100644 --- a/openssh/openssh.patch.lpk +++ b/openssh/openssh.patch.lpk @@ -1,18 +1,18 @@ Index: Makefile.in ---- Makefile.in.orig 2021-09-26 16:03:19.000000000 +0200 -+++ Makefile.in 2021-09-30 12:01:07.588022000 +0200 -@@ -129,7 +129,7 @@ +--- Makefile.in.orig 2021-03-02 11:31:47.000000000 +0100 ++++ Makefile.in 2021-03-03 08:26:38.162144000 +0100 +@@ -128,7 +128,7 @@ srclimit.o sftp-server.o sftp-common.o \ sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ sandbox-seccomp-filter.o sandbox-capsicum.o sandbox-pledge.o \ - sandbox-solaris.o uidswap.o $(SKOBJS) + sandbox-solaris.o uidswap.o ldapauth.o $(SKOBJS) - SFTP_CLIENT_OBJS=sftp-common.o sftp-client.o sftp-glob.o + SCP_OBJS= scp.o progressmeter.o Index: README.lpk ---- README.lpk.orig 2021-09-30 12:01:07.589683000 +0200 -+++ README.lpk 2021-09-30 12:01:07.589238000 +0200 +--- README.lpk.orig 2021-03-03 08:26:38.162489000 +0100 ++++ README.lpk 2021-03-03 08:26:38.162407000 +0100 @@ -0,0 +1,267 @@ +OpenSSH LDAP PUBLIC KEY PATCH +Copyright (c) 2003 Eric AUGE (eau@phear.org) @@ -282,8 +282,8 @@ Index: README.lpk + - Eric AUGE + - Andrea Barisani Index: auth2-pubkey.c ---- auth2-pubkey.c.orig 2021-09-26 16:03:19.000000000 +0200 -+++ auth2-pubkey.c 2021-09-30 12:01:07.590574000 +0200 +--- auth2-pubkey.c.orig 2021-03-02 11:31:47.000000000 +0100 ++++ auth2-pubkey.c 2021-03-03 08:26:38.162683000 +0100 @@ -71,6 +71,10 @@ #include "session.h" /* XXX for child_set_env(); refactor? */ #include "sk-api.h" @@ -295,7 +295,7 @@ Index: auth2-pubkey.c /* import */ extern ServerOptions options; -@@ -720,10 +724,76 @@ +@@ -718,10 +722,76 @@ size_t linesize = 0; int found_key = 0; u_long linenum = 0; @@ -373,8 +373,8 @@ Index: auth2-pubkey.c linenum++; /* Always consume entire file */ Index: config.h.in ---- config.h.in.orig 2021-09-26 16:07:24.000000000 +0200 -+++ config.h.in 2021-09-30 12:01:07.592043000 +0200 +--- config.h.in.orig 2021-03-02 13:05:41.000000000 +0100 ++++ config.h.in 2021-03-03 08:26:38.162979000 +0100 @@ -903,6 +903,9 @@ /* Define to 1 if you have the `localtime_r' function. */ #undef HAVE_LOCALTIME_R @@ -386,9 +386,9 @@ Index: config.h.in #undef HAVE_LOGIN Index: configure.ac ---- configure.ac.orig 2021-09-26 16:03:19.000000000 +0200 -+++ configure.ac 2021-09-30 12:01:07.595150000 +0200 -@@ -1793,6 +1793,37 @@ +--- configure.ac.orig 2021-03-02 11:31:47.000000000 +0100 ++++ configure.ac 2021-03-03 08:26:38.163566000 +0100 +@@ -1782,6 +1782,37 @@ CFLAGS="$SAVED_CFLAGS" AC_SUBST([PICFLAG]) @@ -426,7 +426,7 @@ Index: configure.ac dnl Checks for library functions. Please keep in alphabetical order AC_CHECK_FUNCS([ \ Blowfish_initstate \ -@@ -5558,6 +5589,7 @@ +@@ -5500,6 +5531,7 @@ echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" @@ -435,9 +435,9 @@ Index: configure.ac echo " libedit support: $LIBEDIT_MSG" echo " libldns support: $LDNS_MSG" Index: configure ---- configure.orig 2021-09-26 16:07:20.000000000 +0200 -+++ configure 2021-09-30 12:01:07.603532000 +0200 -@@ -1465,6 +1465,7 @@ +--- configure.orig 2021-03-02 13:05:37.000000000 +0100 ++++ configure 2021-03-03 08:26:38.165184000 +0100 +@@ -1466,6 +1466,7 @@ --with-ldns[=PATH] Use ldns for DNSSEC support (optionally in PATH) --with-libedit[=PATH] Enable libedit support for sftp --with-audit=module Enable audit support (modules=debug,bsm,linux) @@ -445,7 +445,7 @@ Index: configure --with-pie Build Position Independent Executables if possible --with-security-key-builtin include builtin U2F/FIDO support --with-ssl-dir=PATH Specify path to OpenSSL installation -@@ -14545,6 +14546,57 @@ +@@ -14521,6 +14522,57 @@ fi @@ -503,7 +503,7 @@ Index: configure for ac_func in \ arc4random \ arc4random_buf \ -@@ -21998,6 +22050,7 @@ +@@ -21762,6 +21814,7 @@ echo " OSF SIA support: $SIA_MSG" echo " KerberosV support: $KRB5_MSG" echo " SELinux support: $SELINUX_MSG" @@ -512,8 +512,8 @@ Index: configure echo " libedit support: $LIBEDIT_MSG" echo " libldns support: $LDNS_MSG" Index: ldapauth.c ---- ldapauth.c.orig 2021-09-30 12:01:07.605215000 +0200 -+++ ldapauth.c 2021-09-30 12:01:07.604781000 +0200 +--- ldapauth.c.orig 2021-03-03 08:26:38.165500000 +0100 ++++ ldapauth.c 2021-03-03 08:26:38.165418000 +0100 @@ -0,0 +1,579 @@ +/* + * $Id: openssh-lpk-4.3p1-0.3.7.patch,v 1.3 2006/04/18 15:29:09 eau Exp $ @@ -1095,8 +1095,8 @@ Index: ldapauth.c + +#endif /* WITH_LDAP_PUBKEY */ Index: ldapauth.h ---- ldapauth.h.orig 2021-09-30 12:01:07.606030000 +0200 -+++ ldapauth.h 2021-09-30 12:01:07.605606000 +0200 +--- ldapauth.h.orig 2021-03-03 08:26:38.165661000 +0100 ++++ ldapauth.h 2021-03-03 08:26:38.165581000 +0100 @@ -0,0 +1,130 @@ +/* + * $Id: openssh-lpk-4.3p1-0.3.7.patch,v 1.3 2006/04/18 15:29:09 eau Exp $ @@ -1229,8 +1229,8 @@ Index: ldapauth.h + +#endif Index: lpk-user-example.txt ---- lpk-user-example.txt.orig 2021-09-30 12:01:07.606815000 +0200 -+++ lpk-user-example.txt 2021-09-30 12:01:07.606387000 +0200 +--- lpk-user-example.txt.orig 2021-03-03 08:26:38.165827000 +0100 ++++ lpk-user-example.txt 2021-03-03 08:26:38.165745000 +0100 @@ -0,0 +1,117 @@ + +Post to ML -> User Made Quick Install Doc. @@ -1350,8 +1350,8 @@ Index: lpk-user-example.txt + +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Index: openssh-lpk_openldap.schema ---- openssh-lpk_openldap.schema.orig 2021-09-30 12:01:07.607555000 +0200 -+++ openssh-lpk_openldap.schema 2021-09-30 12:01:07.607134000 +0200 +--- openssh-lpk_openldap.schema.orig 2021-03-03 08:26:38.165970000 +0100 ++++ openssh-lpk_openldap.schema 2021-03-03 08:26:38.165890000 +0100 @@ -0,0 +1,19 @@ +# +# LDAP Public Key Patch schema for use with openssh-ldappubkey @@ -1373,8 +1373,8 @@ Index: openssh-lpk_openldap.schema + MUST ( sshPublicKey $ uid ) + ) Index: openssh-lpk_sun.schema ---- openssh-lpk_sun.schema.orig 2021-09-30 12:01:07.608281000 +0200 -+++ openssh-lpk_sun.schema 2021-09-30 12:01:07.607858000 +0200 +--- openssh-lpk_sun.schema.orig 2021-03-03 08:26:38.166114000 +0100 ++++ openssh-lpk_sun.schema 2021-03-03 08:26:38.166034000 +0100 @@ -0,0 +1,21 @@ +# +# LDAP Public Key Patch schema for use with openssh-ldappubkey @@ -1398,8 +1398,8 @@ Index: openssh-lpk_sun.schema + MUST ( sshPublicKey $ uid ) + ) Index: servconf.c ---- servconf.c.orig 2021-09-26 16:03:19.000000000 +0200 -+++ servconf.c 2021-09-30 12:01:07.610189000 +0200 +--- servconf.c.orig 2021-03-02 11:31:47.000000000 +0100 ++++ servconf.c 2021-03-03 08:26:38.166425000 +0100 @@ -71,6 +71,10 @@ #include "myproposal.h" #include "digest.h" @@ -1411,7 +1411,7 @@ Index: servconf.c static void add_listen_addr(ServerOptions *, const char *, const char *, int); static void add_one_listen_addr(ServerOptions *, const char *, -@@ -154,6 +158,26 @@ +@@ -155,6 +159,26 @@ options->num_allow_groups = 0; options->num_deny_groups = 0; options->ciphers = NULL; @@ -1438,7 +1438,7 @@ Index: servconf.c options->macs = NULL; options->kex_algorithms = NULL; options->ca_sign_algorithms = NULL; -@@ -441,6 +465,36 @@ +@@ -442,6 +466,36 @@ options->expose_userauth_info = 0; if (options->sk_provider == NULL) options->sk_provider = xstrdup("internal"); @@ -1475,7 +1475,7 @@ Index: servconf.c assemble_algorithms(options); -@@ -518,6 +572,12 @@ +@@ -521,6 +575,12 @@ sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, sDeprecated, sIgnore, sUnsupported @@ -1488,7 +1488,7 @@ Index: servconf.c } ServerOpCodes; #define SSHCFG_GLOBAL 0x01 /* allowed in main section of config */ -@@ -643,6 +703,22 @@ +@@ -645,6 +705,22 @@ { "clientalivecountmax", sClientAliveCountMax, SSHCFG_ALL }, { "authorizedkeysfile", sAuthorizedKeysFile, SSHCFG_ALL }, { "authorizedkeysfile2", sDeprecated, SSHCFG_ALL }, @@ -1511,7 +1511,7 @@ Index: servconf.c { "useprivilegeseparation", sDeprecated, SSHCFG_GLOBAL}, { "acceptenv", sAcceptEnv, SSHCFG_ALL }, { "setenv", sSetEnv, SSHCFG_ALL }, -@@ -1265,6 +1341,7 @@ +@@ -1256,6 +1332,7 @@ int cmdline = 0, *intptr, value, value2, n, port, oactive, r, found; SyslogFacility *log_facility_ptr; LogLevel *log_level_ptr; @@ -1519,17 +1519,17 @@ Index: servconf.c ServerOpCodes opcode; u_int i, *uintptr, uvalue, flags = 0; size_t len; -@@ -1300,6 +1377,7 @@ - return -1; - } +@@ -1283,6 +1360,7 @@ + if (!arg || !*arg || *arg == '#') + return 0; intptr = NULL; + longptr = NULL; charptr = NULL; - opcode = parse_token(keyword, filename, linenum, &flags); + opcode = parse_token(arg, filename, linenum, &flags); -@@ -2412,6 +2490,133 @@ - if (*activep) - options->fingerprint_hash = value; +@@ -2405,6 +2483,133 @@ + while (arg) + arg = strdelim(&cp); break; +#ifdef WITH_LDAP_PUBKEY + case sLdapPublickey: @@ -1659,11 +1659,11 @@ Index: servconf.c + +#endif - case sExposeAuthInfo: - intptr = &options->expose_userauth_info; + default: + fatal("%s line %d: Missing handler for opcode %s (%d)", Index: servconf.h ---- servconf.h.orig 2021-09-26 16:03:19.000000000 +0200 -+++ servconf.h 2021-09-30 12:01:07.611175000 +0200 +--- servconf.h.orig 2021-03-02 11:31:47.000000000 +0100 ++++ servconf.h 2021-03-03 08:26:38.166616000 +0100 @@ -18,6 +18,10 @@ #include @@ -1686,9 +1686,9 @@ Index: servconf.h char **permitted_opens; /* May also be one of PERMITOPEN_* */ u_int num_permitted_opens; Index: sshd.c ---- sshd.c.orig 2021-09-26 16:03:19.000000000 +0200 -+++ sshd.c 2021-09-30 12:01:07.612871000 +0200 -@@ -132,6 +132,10 @@ +--- sshd.c.orig 2021-03-02 11:31:47.000000000 +0100 ++++ sshd.c 2021-03-03 22:55:00.213357000 +0100 +@@ -131,6 +131,10 @@ #define REEXEC_CONFIG_PASS_FD (STDERR_FILENO + 3) #define REEXEC_MIN_FREE_FD (STDERR_FILENO + 4) @@ -1699,7 +1699,7 @@ Index: sshd.c extern char *__progname; /* Server configuration options. */ -@@ -1788,6 +1792,17 @@ +@@ -1766,6 +1770,17 @@ exit(1); } @@ -1718,9 +1718,9 @@ Index: sshd.c /* Store privilege separation user for later use if required. */ Index: sshd_config.5 ---- sshd_config.5.orig 2021-09-26 16:03:19.000000000 +0200 -+++ sshd_config.5 2021-09-30 12:01:07.614437000 +0200 -@@ -1850,6 +1850,62 @@ +--- sshd_config.5.orig 2021-03-02 11:31:47.000000000 +0100 ++++ sshd_config.5 2021-03-03 08:26:38.167335000 +0100 +@@ -1832,6 +1832,62 @@ to not use one. The default is .Pa /usr/X11R6/bin/xauth . @@ -1784,8 +1784,8 @@ Index: sshd_config.5 .Sh TIME FORMATS .Xr sshd 8 Index: sshd_config ---- sshd_config.orig 2021-09-26 16:03:19.000000000 +0200 -+++ sshd_config 2021-09-30 12:01:07.615339000 +0200 +--- sshd_config.orig 2021-03-02 11:31:47.000000000 +0100 ++++ sshd_config 2021-03-03 08:26:38.167506000 +0100 @@ -105,6 +105,22 @@ # no default banner path #Banner none diff --git a/openssh/openssh.patch.scpbindir b/openssh/openssh.patch.scpbindir index 4a78db45bc..eb97464ace 100644 --- a/openssh/openssh.patch.scpbindir +++ b/openssh/openssh.patch.scpbindir @@ -1,6 +1,6 @@ Index: session.c ---- session.c.orig 2021-09-26 16:03:19.000000000 +0200 -+++ session.c 2021-09-30 12:00:56.519149000 +0200 +--- session.c.orig 2021-03-02 11:31:47.000000000 +0100 ++++ session.c 2021-03-03 22:55:16.091026000 +0100 @@ -111,6 +111,10 @@ c[sizeof(INTERNAL_SFTP_NAME) - 1] == ' ' || \ c[sizeof(INTERNAL_SFTP_NAME) - 1] == '\t')) diff --git a/openssh/openssh.spec b/openssh/openssh.spec index 72c19c2094..4bc6a91ae8 100644 --- a/openssh/openssh.spec +++ b/openssh/openssh.spec @@ -22,10 +22,10 @@ ## # package versions -%define V_base 8.8 +%define V_base 8.7 %define V_portable p1 %define V_connect 100 -%define V_hpn 8_4_P1-hpn-15.1 +%define V_hpn 7_8_P1-hpn-14.16 # package information Name: openssh @@ -38,7 +38,7 @@ Class: CORE Group: SSH License: BSD Version: %{V_base}%{V_portable} -Release: 20210930 +Release: 20211001 # package options %option with_fsl yes