rpms/openssh/devel openssh-4.0p1-krb5-valid.patch, NONE, 1.1 openssh-4.0p1-local-forward.patch, NONE, 1.1 openssh.spec, 1.56, 1.57
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Apr 4 09:37:30 UTC 2005
- Previous message (by thread): rpms/util-linux/FC-3 util-linux-2.12a-dmesg-bufsiz.patch, NONE, 1.1 util-linux-2.12a-fstab-man.patch, NONE, 1.1 util-linux-2.12a-swap-label.patch, NONE, 1.1 util-linux-2.12p-ipcs-typo.patch, NONE, 1.1 util-linux.spec, 1.50, 1.51
- Next message (by thread): rpms/openoffice.org/devel openoffice.org.spec, 1.126, 1.127 openoffice.org-1.9.89.oooXXXXX.parallel.insetset_native.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /cvs/dist/rpms/openssh/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv32619
Modified Files:
openssh.spec
Added Files:
openssh-4.0p1-krb5-valid.patch
openssh-4.0p1-local-forward.patch
Log Message:
* Mon Apr 4 2005 Tomas Mraz <tmraz at redhat.com> 4.0p1-2
- fixed Local/RemoteForward in ssh_config.5 manpage
- fix fatal when Local/RemoteForward is used and scp run (#153258)
- don't leak user validity when using krb5 authentication
openssh-4.0p1-krb5-valid.patch:
auth-krb5.c | 5 +----
1 files changed, 1 insertion(+), 4 deletions(-)
--- NEW FILE openssh-4.0p1-krb5-valid.patch ---
Index: auth-krb5.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-krb5.c,v
retrieving revision 1.25
diff -u -p -r1.25 auth-krb5.c
--- auth-krb5.c 11 Sep 2004 13:32:09 -0000 1.25
+++ auth-krb5.c 27 Jan 2005 07:15:56 -0000
@@ -75,9 +75,6 @@ auth_krb5_password(Authctxt *authctxt, c
krb5_ccache ccache = NULL;
int len;
- if (!authctxt->valid)
- return (0);
-
temporarily_use_uid(authctxt->pw);
problem = krb5_init(authctxt);
@@ -213,7 +210,7 @@ auth_krb5_password(Authctxt *authctxt, c
else
return (0);
}
- return (1);
+ return (authctxt->valid ? 1 : 0);
}
void
openssh-4.0p1-local-forward.patch:
readconf.c | 6 ++++--
ssh_config.5 | 40 ++++++++++++++++------------------------
2 files changed, 20 insertions(+), 26 deletions(-)
--- NEW FILE openssh-4.0p1-local-forward.patch ---
Fixes bugs in the manpage of Local/RemoteForward and in reading the directives from
the config file when using scp.
--- openssh-4.0p1/readconf.c.local-forward 2005-03-05 01:22:50.000000000 +0100
+++ openssh-4.0p1/readconf.c 2005-04-04 11:20:30.595691630 +0200
@@ -253,12 +253,14 @@
int i;
for (i = 0; i < options->num_local_forwards; i++) {
- xfree(options->local_forwards[i].listen_host);
+ if (options->local_forwards[i].listen_host != NULL)
+ xfree(options->local_forwards[i].listen_host);
xfree(options->local_forwards[i].connect_host);
}
options->num_local_forwards = 0;
for (i = 0; i < options->num_remote_forwards; i++) {
- xfree(options->remote_forwards[i].listen_host);
+ if (options->remote_forwards[i].listen_host != NULL)
+ xfree(options->remote_forwards[i].listen_host);
xfree(options->remote_forwards[i].connect_host);
}
options->num_remote_forwards = 0;
--- openssh-4.0p1/ssh_config.5.local-forward 2005-03-09 01:00:06.000000000 +0100
+++ openssh-4.0p1/ssh_config.5 2005-04-04 11:19:01.368913000 +0200
@@ -495,21 +495,17 @@
.It Cm LocalForward
Specifies that a TCP/IP port on the local machine be forwarded over
the secure channel to the specified host and port from the remote machine.
-The first argument must be a port number, and the second must be
-.Xo
+The first argument must be
.Sm off
-.Oo Ar bind_address : Oc
-.Ar host : port
+.Oo Ar bind_address : Oc Ar port
.Sm on
-.Xc .
+and the second argument must be
+.Ar host : Ns Ar hostport .
IPv6 addresses can be specified by enclosing addresses in square brackets or
by using an alternative syntax:
-.Sm off
-.Xo
-.Op Ar bind_address No /
-.Ar host No / Ar port
-.Xc .
-.Sm on
+.Oo Ar bind_address Ns / Oc Ns Ar port
+and
+.Ar host Ns / Ns Ar hostport .
Multiple forwardings may be specified, and additional forwardings can be
given on the command line.
Only the superuser can forward privileged ports.
@@ -632,21 +628,17 @@
.It Cm RemoteForward
Specifies that a TCP/IP port on the remote machine be forwarded over
the secure channel to the specified host and port from the local machine.
-The first argument must be a port number, and the second must be
-.Xo
+The first argument must be
.Sm off
-.Oo Ar bind_address : Oc
-.Ar host : port
-.Sm on
-.Xc .
-IPv6 addresses can be specified by enclosing any addresses in square brackets
-or by using the alternative syntax:
-.Sm off
-.Xo
-.Op Ar bind_address No /
-.Ar host No / Ar port
-.Xc .
+.Oo Ar bind_address : Oc Ar port
.Sm on
+and the second argument must be
+.Ar host : Ns Ar hostport .
+IPv6 addresses can be specified by enclosing addresses in square brackets
+or by using an alternative syntax:
+.Oo Ar bind_address Ns / Oc Ns Ar port
+and
+.Ar host Ns / Ns Ar hostport .
Multiple forwardings may be specified, and additional
forwardings can be given on the command line.
Only the superuser can forward privileged ports.
Index: openssh.spec
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- openssh.spec 24 Mar 2005 12:02:37 -0000 1.56
+++ openssh.spec 4 Apr 2005 09:37:28 -0000 1.57
@@ -74,7 +74,7 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
Name: openssh
Version: 4.0p1
-%define rel 1
+%define rel 2
%if %{rescue}
Release: %{rel}rescue
%else
@@ -99,6 +99,8 @@
Patch22: openssh-3.9p1-askpass-keep-above.patch
Patch23: openssh-3.9p1-no-log-signal.patch
Patch24: openssh-3.9p1-fromto-remote.patch
+Patch25: openssh-4.0p1-local-forward.patch
+Patch26: openssh-4.0p1-krb5-valid.patch
License: BSD
Group: Applications/Internet
BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -235,6 +237,8 @@
%patch22 -p1 -b .keep-above
%patch23 -p1 -b .signal
%patch24 -p1 -b .fromto-remote
+%patch25 -p1 -b .local-forward
+%patch26 -p0 -b .krb5-valid
autoreconf
@@ -503,6 +507,11 @@
%endif
%changelog
+* Mon Apr 4 2005 Tomas Mraz <tmraz at redhat.com> 4.0p1-2
+- fixed Local/RemoteForward in ssh_config.5 manpage
+- fix fatal when Local/RemoteForward is used and scp run (#153258)
+- don't leak user validity when using krb5 authentication
+
* Thu Mar 24 2005 Tomas Mraz <tmraz at redhat.com> 4.0p1-1
- upgrade to 4.0p1
- remove obsolete groups patch
- Previous message (by thread): rpms/util-linux/FC-3 util-linux-2.12a-dmesg-bufsiz.patch, NONE, 1.1 util-linux-2.12a-fstab-man.patch, NONE, 1.1 util-linux-2.12a-swap-label.patch, NONE, 1.1 util-linux-2.12p-ipcs-typo.patch, NONE, 1.1 util-linux.spec, 1.50, 1.51
- Next message (by thread): rpms/openoffice.org/devel openoffice.org.spec, 1.126, 1.127 openoffice.org-1.9.89.oooXXXXX.parallel.insetset_native.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-cvs-commits
mailing list