rpms/openssh/devel openssh-4.0p1-krb5-valid.patch, NONE, 1.1 openssh-4.0p1-local-forward.patch, NONE, 1.1 openssh.spec, 1.56, 1.57

Mon Apr 4 09:37:30 UTC 2005

Update of /cvs/dist/rpms/openssh/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv32619

Modified Files:
	openssh.spec 
Added Files:
	openssh-4.0p1-krb5-valid.patch 
	openssh-4.0p1-local-forward.patch 
Log Message:
* Mon Apr  4 2005 Tomas Mraz <tmraz at redhat.com> 4.0p1-2
- fixed Local/RemoteForward in ssh_config.5 manpage
- fix fatal when Local/RemoteForward is used and scp run (#153258)
- don't leak user validity when using krb5 authentication


openssh-4.0p1-krb5-valid.patch:
 auth-krb5.c |    5 +----
 1 files changed, 1 insertion(+), 4 deletions(-)

--- NEW FILE openssh-4.0p1-krb5-valid.patch ---
Index: auth-krb5.c
===================================================================
RCS file: /usr/local/src/security/openssh/cvs/openssh_cvs/auth-krb5.c,v
retrieving revision 1.25
diff -u -p -r1.25 auth-krb5.c
--- auth-krb5.c	11 Sep 2004 13:32:09 -0000	1.25
+++ auth-krb5.c	27 Jan 2005 07:15:56 -0000
@@ -75,9 +75,6 @@ auth_krb5_password(Authctxt *authctxt, c
 	krb5_ccache ccache = NULL;
 	int len;
 
-	if (!authctxt->valid)
-		return (0);
-
 	temporarily_use_uid(authctxt->pw);
 
 	problem = krb5_init(authctxt);
@@ -213,7 +210,7 @@ auth_krb5_password(Authctxt *authctxt, c
 		else
 			return (0);
 	}
-	return (1);
+	return (authctxt->valid ? 1 : 0);
 }
 
 void

openssh-4.0p1-local-forward.patch:
 readconf.c   |    6 ++++--
 ssh_config.5 |   40 ++++++++++++++++------------------------
 2 files changed, 20 insertions(+), 26 deletions(-)

--- NEW FILE openssh-4.0p1-local-forward.patch ---
Fixes bugs in the manpage of Local/RemoteForward and in reading the directives from
the config file when using scp.
--- openssh-4.0p1/readconf.c.local-forward	2005-03-05 01:22:50.000000000 +0100
+++ openssh-4.0p1/readconf.c	2005-04-04 11:20:30.595691630 +0200
@@ -253,12 +253,14 @@
 	int i;
 
 	for (i = 0; i < options->num_local_forwards; i++) {
-		xfree(options->local_forwards[i].listen_host);
+		if (options->local_forwards[i].listen_host != NULL)
+			xfree(options->local_forwards[i].listen_host);
 		xfree(options->local_forwards[i].connect_host);
 	}
 	options->num_local_forwards = 0;
 	for (i = 0; i < options->num_remote_forwards; i++) {
-		xfree(options->remote_forwards[i].listen_host);
+		if (options->remote_forwards[i].listen_host != NULL)
+			xfree(options->remote_forwards[i].listen_host);
 		xfree(options->remote_forwards[i].connect_host);
 	}
 	options->num_remote_forwards = 0;
--- openssh-4.0p1/ssh_config.5.local-forward	2005-03-09 01:00:06.000000000 +0100
+++ openssh-4.0p1/ssh_config.5	2005-04-04 11:19:01.368913000 +0200
@@ -495,21 +495,17 @@
 .It Cm LocalForward
 Specifies that a TCP/IP port on the local machine be forwarded over
 the secure channel to the specified host and port from the remote machine.
-The first argument must be a port number, and the second must be
-.Xo
+The first argument must be
 .Sm off
-.Oo Ar bind_address : Oc
-.Ar host : port
+.Oo Ar bind_address : Oc Ar port
 .Sm on
-.Xc .
+and the second argument must be
+.Ar host : Ns Ar hostport .
 IPv6 addresses can be specified by enclosing addresses in square brackets or
 by using an alternative syntax:
-.Sm off
-.Xo
-.Op Ar bind_address No /
-.Ar host No / Ar port
-.Xc .
-.Sm on
+.Oo Ar bind_address Ns / Oc Ns Ar port
+and
+.Ar host Ns / Ns Ar hostport .
 Multiple forwardings may be specified, and additional forwardings can be
 given on the command line.
 Only the superuser can forward privileged ports.
@@ -632,21 +628,17 @@
 .It Cm RemoteForward
 Specifies that a TCP/IP port on the remote machine be forwarded over
 the secure channel to the specified host and port from the local machine.
-The first argument must be a port number, and the second must be
-.Xo
+The first argument must be
 .Sm off
-.Oo Ar bind_address : Oc
-.Ar host : port
-.Sm on
-.Xc .
-IPv6 addresses can be specified by enclosing any addresses in square brackets
-or by using the alternative syntax:
-.Sm off
-.Xo
-.Op Ar bind_address No /
-.Ar host No / Ar port
-.Xc .
+.Oo Ar bind_address : Oc Ar port
 .Sm on
+and the second argument must be
+.Ar host : Ns Ar hostport .
+IPv6 addresses can be specified by enclosing addresses in square brackets
+or by using an alternative syntax:
+.Oo Ar bind_address Ns / Oc Ns Ar port
+and
+.Ar host Ns / Ns Ar hostport .
 Multiple forwardings may be specified, and additional
 forwardings can be given on the command line.
 Only the superuser can forward privileged ports.


Index: openssh.spec
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- openssh.spec	24 Mar 2005 12:02:37 -0000	1.56
+++ openssh.spec	4 Apr 2005 09:37:28 -0000	1.57
@@ -74,7 +74,7 @@
 Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
 Name: openssh
 Version: 4.0p1
-%define rel 1
+%define rel 2
 %if %{rescue}
 Release: %{rel}rescue
 %else
@@ -99,6 +99,8 @@
 Patch22: openssh-3.9p1-askpass-keep-above.patch
 Patch23: openssh-3.9p1-no-log-signal.patch
 Patch24: openssh-3.9p1-fromto-remote.patch
+Patch25: openssh-4.0p1-local-forward.patch
+Patch26: openssh-4.0p1-krb5-valid.patch
 License: BSD
 Group: Applications/Internet
 BuildRoot: %{_tmppath}/%{name}-%{version}-buildroot
@@ -235,6 +237,8 @@
 %patch22 -p1 -b .keep-above
 %patch23 -p1 -b .signal
 %patch24 -p1 -b .fromto-remote
+%patch25 -p1 -b .local-forward
+%patch26 -p0 -b .krb5-valid
 
 autoreconf
 
@@ -503,6 +507,11 @@
 %endif
 
 %changelog
+* Mon Apr  4 2005 Tomas Mraz <tmraz at redhat.com> 4.0p1-2
+- fixed Local/RemoteForward in ssh_config.5 manpage
+- fix fatal when Local/RemoteForward is used and scp run (#153258)
+- don't leak user validity when using krb5 authentication
+
 * Thu Mar 24 2005 Tomas Mraz <tmraz at redhat.com> 4.0p1-1
 - upgrade to 4.0p1
 - remove obsolete groups patch


