rpms/openssh/devel openssh-4.0p1-redhat.patch, NONE, 1.1 openssh-4.0p1-vendor.patch, NONE, 1.1 .cvsignore, 1.13, 1.14 openssh.spec, 1.55, 1.56 sources, 1.13, 1.14 openssh-3.6.1p2-groups.patch, 1.1, NONE openssh-3.9p1-redhat.patch, 1.2, NONE openssh-3.9p1-vendor.patch, 1.1, NONE
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Thu Mar 24 12:02:39 UTC 2005
Update of /cvs/dist/rpms/openssh/devel
In directory cvs.devel.redhat.com:/tmp/cvs-serv13002
Modified Files:
.cvsignore openssh.spec sources
Added Files:
openssh-4.0p1-redhat.patch openssh-4.0p1-vendor.patch
Removed Files:
openssh-3.6.1p2-groups.patch openssh-3.9p1-redhat.patch
openssh-3.9p1-vendor.patch
Log Message:
* Thu Mar 24 2005 Tomas Mraz <tmraz at redhat.com> 4.0p1-1
- upgrade to 4.0p1
- remove obsolete groups patch
openssh-4.0p1-redhat.patch:
ssh_config | 6 ++++++
sshd_config | 8 ++++++++
2 files changed, 14 insertions(+)
--- NEW FILE openssh-4.0p1-redhat.patch ---
--- openssh-3.9p1/ssh_config.redhat 2003-08-13 12:37:05.000000000 +0200
+++ openssh-3.9p1/ssh_config 2005-02-08 15:29:36.027027051 +0100
@@ -35,3 +35,9 @@
# Cipher 3des
# Ciphers aes128-cbc,3des-cbc,blowfish-cbc,cast128-cbc,arcfour,aes192-cbc,aes256-cbc
# EscapeChar ~
+Host *
+ GSSAPIAuthentication yes
+# If this option is set to yes then remote X11 clients will have full access
+# to the original X11 display. As virtually no X11 client supports the untrusted
+# mode correctly we set this to yes.
+ ForwardX11Trusted yes
--- openssh-3.9p1/sshd_config.redhat 2004-05-24 02:36:24.000000000 +0200
+++ openssh-3.9p1/sshd_config 2005-02-08 15:32:55.063381056 +0100
@@ -12,6 +12,7 @@
#Port 22
#Protocol 2,1
+Protocol 2
#AddressFamily any
#ListenAddress 0.0.0.0
@@ -28,6 +29,7 @@
# Logging
#obsoletes QuietMode and FascistLogging
#SyslogFacility AUTH
+SyslogFacility AUTHPRIV
#LogLevel INFO
# Authentication:
@@ -54,9 +56,11 @@
# To disable tunneled clear text passwords, change to no here!
#PasswordAuthentication yes
#PermitEmptyPasswords no
+PasswordAuthentication yes
# Change to no to disable s/key passwords
#ChallengeResponseAuthentication yes
+ChallengeResponseAuthentication no
# Kerberos options
#KerberosAuthentication no
@@ -66,7 +70,9 @@
# GSSAPI options
#GSSAPIAuthentication no
+GSSAPIAuthentication yes
#GSSAPICleanupCredentials yes
+GSSAPICleanupCredentials yes
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
@@ -77,10 +83,12 @@
# session checks to run without PAM authentication, then enable this but set
# ChallengeResponseAuthentication=no
#UsePAM no
+UsePAM yes
#AllowTcpForwarding yes
#GatewayPorts no
#X11Forwarding no
+X11Forwarding yes
#X11DisplayOffset 10
#X11UseLocalhost yes
#PrintMotd yes
openssh-4.0p1-vendor.patch:
configure.ac | 7 +++++++
servconf.c | 10 ++++++++++
servconf.h | 1 +
sshd.c | 6 ++++--
sshd_config | 1 +
sshd_config.0 | 5 +++++
sshd_config.5 | 8 ++++++++
7 files changed, 36 insertions(+), 2 deletions(-)
--- NEW FILE openssh-4.0p1-vendor.patch ---
Add a --enable-vendor-patchlevel option which, if the
new-but-disabled-by-default ShowPatchLevel option is enabled,
will append a build-time-specified string to the SSH version
string. Based heavily on a patch by Frank Hirtz, modified to
trigger through configure.
--- openssh-3.9p1/configure.ac 2004-10-04 16:34:33.000000000 -0400
+++ openssh-3.9p1/configure.ac 2004-10-04 16:34:33.000000000 -0400
@@ -2741,6 +2741,12 @@
fi
]
)
+AC_ARG_ENABLE(vendor-patchlevel,
+ [ --enable-vendor-patchlevel=TAG specify a vendor patch level],
+ [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.])
+ SSH_VENDOR_PATCHLEVEL="$enableval"],
+ [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.])
+ SSH_VENDOR_PATCHLEVEL=none])
dnl lastlog, [uw]tmpx? detection
dnl NOTE: set the paths in the platform section to avoid the
@@ -2983,6 +2989,7 @@
echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG"
echo " BSD Auth support: $BSD_AUTH_MSG"
echo " Random number source: $RAND_MSG"
+echo " Vendor patch level: $SSH_VENDOR_PATCHLEVEL"
if test ! -z "$USE_RAND_HELPER" ; then
echo " ssh-rand-helper collects from: $RAND_HELPER_MSG"
fi
--- openssh-3.9p1/servconf.c 2004-08-13 07:30:24.000000000 -0400
+++ openssh-3.9p1/servconf.c 2004-10-04 16:36:12.000000000 -0400
@@ -102,6 +102,7 @@
options->authorized_keys_file = NULL;
options->authorized_keys_file2 = NULL;
options->num_accept_env = 0;
+ options->show_patchlevel = -1;
/* Needs to be accessable in many places */
use_privsep = -1;
@@ -231,6 +232,9 @@
if (options->authorized_keys_file == NULL)
options->authorized_keys_file = _PATH_SSH_USER_PERMITTED_KEYS;
+ if (options->show_patchlevel == -1)
+ options->show_patchlevel = 0;
+
/* Turn privilege separation on by default */
if (use_privsep == -1)
use_privsep = 1;
@@ -272,6 +276,7 @@
sClientAliveCountMax, sAuthorizedKeysFile, sAuthorizedKeysFile2,
sGssAuthentication, sGssCleanupCreds, sAcceptEnv,
sUsePrivilegeSeparation,
+ sShowPatchLevel,
sDeprecated, sUnsupported
} ServerOpCodes;
@@ -372,6 +377,7 @@
{ "authorizedkeysfile2", sAuthorizedKeysFile2 },
{ "useprivilegeseparation", sUsePrivilegeSeparation},
{ "acceptenv", sAcceptEnv },
+ { "showpatchlevel", sShowPatchLevel},
{ NULL, sBadOption }
};
@@ -756,6 +762,10 @@
intptr = &use_privsep;
goto parse_flag;
+ case sShowPatchLevel:
+ intptr = &options->show_patchlevel;
+ goto parse_flag;
+
case sAllowUsers:
while ((arg = strdelim(&cp)) && *arg != '\0') {
if (options->num_allow_users >= MAX_ALLOW_USERS)
--- openssh-3.9p1/sshd.c 2004-10-04 16:34:33.000000000 -0400
+++ openssh-3.9p1/sshd.c 2004-10-04 16:37:56.000000000 -0400
@@ -382,7 +382,8 @@
major = PROTOCOL_MAJOR_1;
minor = PROTOCOL_MINOR_1;
}
- snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor, SSH_VERSION);
+ snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s\n", major, minor,
+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION);
server_version_string = xstrdup(buf);
/* Send our protocol version identification. */
@@ -1092,7 +1093,8 @@
exit(1);
}
- debug("sshd version %.100s", SSH_RELEASE);
+ debug("sshd version %.100s",
+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_RELEASE);
/* load private host keys */
sensitive_data.host_keys = xmalloc(options.num_host_key_files *
--- openssh-3.9p1/sshd_config.5 2004-06-30 08:39:34.000000000 -0400
+++ openssh-3.9p1/sshd_config.5 2004-10-04 16:34:33.000000000 -0400
@@ -567,6 +567,14 @@
.It Cm ServerKeyBits
Defines the number of bits in the ephemeral protocol version 1 server key.
The minimum value is 512, and the default is 768.
+.It Cm ShowPatchLevel
+Specifies whether
+.Nm sshd
+will display the patch level of the binary in the identification string.
+The patch level is set at compile-time.
+The default is
+.Dq no .
+This option applies to protocol version 1 only.
.It Cm StrictModes
Specifies whether
.Nm sshd
--- openssh-3.9p1/sshd_config 2004-10-04 16:34:33.000000000 -0400
+++ openssh-3.9p1/sshd_config 2004-10-04 16:35:19.000000000 -0400
@@ -102,6 +102,7 @@
#UseDNS yes
#PidFile /var/run/sshd.pid
#MaxStartups 10
+#ShowPatchLevel no
# no default banner path
#Banner /some/path
--- openssh-3.9p1/sshd_config.0 2004-08-17 08:54:56.000000000 -0400
+++ openssh-3.9p1/sshd_config.0 2004-10-04 16:34:33.000000000 -0400
@@ -338,6 +338,11 @@
Defines the number of bits in the ephemeral protocol version 1
server key. The minimum value is 512, and the default is 768.
+ ShowPatchLevel
+ Specifies whether sshd will display the specific patch level of
+ the binary in the server identification string. The patch level
+ is set at compile-time. The default is M-bM-^@M-^\noM-bM-^@M-^].
+
StrictModes
Specifies whether sshd should check file modes and ownership of
the user's files and home directory before accepting login. This
--- openssh-3.9p1/servconf.h 2004-06-24 23:33:20.000000000 -0400
+++ openssh-3.9p1/servconf.h 2004-10-04 16:35:06.000000000 -0400
@@ -133,6 +133,7 @@
char *authorized_keys_file; /* File containing public keys */
char *authorized_keys_file2;
int use_pam; /* Enable auth via PAM */
+ int show_patchlevel; /* Show vendor patch level to clients */
} ServerOptions;
void initialize_server_options(ServerOptions *);
Index: .cvsignore
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/.cvsignore,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- .cvsignore 13 Sep 2004 19:39:41 -0000 1.13
+++ .cvsignore 24 Mar 2005 12:02:37 -0000 1.14
@@ -1,3 +1,2 @@
-openssh-3.9p1.tar.gz
x11-ssh-askpass-1.2.4.1.tar.gz
-openssh-3.9p1-noacss.tar.gz
+openssh-4.0p1-noacss.tar.bz2
Index: openssh.spec
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -r1.55 -r1.56
--- openssh.spec 16 Mar 2005 21:38:56 -0000 1.55
+++ openssh.spec 24 Mar 2005 12:02:37 -0000 1.56
@@ -73,8 +73,8 @@
Summary: The OpenSSH implementation of SSH protocol versions 1 and 2.
Name: openssh
-Version: 3.9p1
-%define rel 13
+Version: 4.0p1
+%define rel 1
%if %{rescue}
Release: %{rel}rescue
%else
@@ -85,14 +85,13 @@
#Source1: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz.sig
# This package differs from the upstream OpenSSH tarball in that it
# removes the ACSS cipher.
-Source0: openssh-%{version}-noacss.tar.gz
+Source0: openssh-%{version}-noacss.tar.bz2
Source1: openssh-nukeacss.sh
Source2: http://www.pobox.com/~jmknoble/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz
-Patch0: openssh-3.9p1-redhat.patch
-Patch1: openssh-3.6.1p2-groups.patch
+Patch0: openssh-4.0p1-redhat.patch
Patch2: openssh-3.8.1p1-skip-initial.patch
Patch3: openssh-3.8.1p1-krb5-config.patch
-Patch4: openssh-3.9p1-vendor.patch
+Patch4: openssh-4.0p1-vendor.patch
Patch5: openssh-3.9p1-noinitlog.patch
Patch12: openssh-selinux.patch
Patch20: openssh-3.9p1-gssapimitm.patch
@@ -221,7 +220,6 @@
%setup -q
%endif
%patch0 -p1 -b .redhat
-%patch1 -p1 -b .groups
%patch2 -p1 -b .skip-initial
%patch3 -p1 -b .krb5-config
%patch4 -p1 -b .vendor
@@ -505,6 +503,10 @@
%endif
%changelog
+* Thu Mar 24 2005 Tomas Mraz <tmraz at redhat.com> 4.0p1-1
+- upgrade to 4.0p1
+- remove obsolete groups patch
+
* Wed Mar 16 2005 Elliot Lee <sopwith at redhat.com>
- rebuilt
Index: sources
===================================================================
RCS file: /cvs/dist/rpms/openssh/devel/sources,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- sources 13 Sep 2004 19:39:41 -0000 1.13
+++ sources 24 Mar 2005 12:02:37 -0000 1.14
@@ -1,2 +1,2 @@
8f2e41f3f7eaa8543a2440454637f3c3 x11-ssh-askpass-1.2.4.1.tar.gz
-9b010148cd1afbee4ab35ce42d0cf340 openssh-3.9p1-noacss.tar.gz
+0b2ec566a44a88bffb00219bf6aa78db openssh-4.0p1-noacss.tar.bz2
--- openssh-3.6.1p2-groups.patch DELETED ---
--- openssh-3.9p1-redhat.patch DELETED ---
--- openssh-3.9p1-vendor.patch DELETED ---
More information about the fedora-cvs-commits
mailing list