rpms/openssh/devel openssh-5.1p1-skip-initial.patch, NONE, 1.1 openssh.spec, 1.128, 1.129 openssh-3.8.1p1-skip-initial.patch, 1.1, NONE
Tomáš Mráz (tmraz)
fedora-extras-commits at redhat.com
Wed Jul 23 16:31:03 UTC 2008
Author: tmraz
Update of /cvs/pkgs/rpms/openssh/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv26047
Modified Files:
openssh.spec
Added Files:
openssh-5.1p1-skip-initial.patch
Removed Files:
openssh-3.8.1p1-skip-initial.patch
Log Message:
- rediff for zero fuzz tolerance
openssh-5.1p1-skip-initial.patch:
--- NEW FILE openssh-5.1p1-skip-initial.patch ---
Skip the initial empty-password check if permit_empty_passwd is disabled. This
doesn't change the timing profiles of the host because the additional condition
check which can short-circuit the call to pam_authenticate() has no dependency
on the identity of the user who is being authenticated.
diff -up openssh-5.1p1/auth1.c.skip-initial openssh-5.1p1/auth1.c
--- openssh-5.1p1/auth1.c.skip-initial 2008-07-09 12:54:05.000000000 +0200
+++ openssh-5.1p1/auth1.c 2008-07-23 18:26:01.000000000 +0200
@@ -244,7 +244,7 @@ do_authloop(Authctxt *authctxt)
authctxt->valid ? "" : "invalid user ", authctxt->user);
/* If the user has no password, accept authentication immediately. */
- if (options.password_authentication &&
+ if (options.permit_empty_passwd && options.password_authentication &&
#ifdef KRB5
(!options.kerberos_authentication || options.kerberos_or_local_passwd) &&
#endif
diff -up openssh-5.1p1/auth2-none.c.skip-initial openssh-5.1p1/auth2-none.c
--- openssh-5.1p1/auth2-none.c.skip-initial 2008-07-02 14:56:09.000000000 +0200
+++ openssh-5.1p1/auth2-none.c 2008-07-23 18:26:01.000000000 +0200
@@ -65,7 +65,7 @@ userauth_none(Authctxt *authctxt)
if (check_nt_auth(1, authctxt->pw) == 0)
return (0);
#endif
- if (options.password_authentication)
+ if (options.permit_empty_passwd && options.password_authentication)
return (PRIVSEP(auth_password(authctxt, "")));
return (0);
}
Index: openssh.spec
===================================================================
RCS file: /cvs/pkgs/rpms/openssh/devel/openssh.spec,v
retrieving revision 1.128
retrieving revision 1.129
diff -u -r1.128 -r1.129
--- openssh.spec 23 Jul 2008 14:47:19 -0000 1.128
+++ openssh.spec 23 Jul 2008 16:30:14 -0000 1.129
@@ -75,13 +75,14 @@
Source2: sshd.pam
Source3: sshd.init
Patch0: openssh-5.1p1-redhat.patch
-Patch2: openssh-3.8.1p1-skip-initial.patch
+Patch2: openssh-5.1p1-skip-initial.patch
Patch3: openssh-3.8.1p1-krb5-config.patch
Patch4: openssh-5.1p1-vendor.patch
Patch12: openssh-5.1p1-selinux.patch
Patch13: openssh-4.7p1-mls.patch
Patch16: openssh-4.7p1-audit.patch
Patch17: openssh-4.3p2-cve-2007-3102.patch
+Patch18: openssh-5.0p1-pam_selinux.patch
Patch22: openssh-3.9p1-askpass-keep-above.patch
Patch24: openssh-4.3p1-fromto-remote.patch
Patch27: openssh-5.1p1-log-in-chroot.patch
@@ -94,7 +95,6 @@
Patch51: openssh-4.7p1-nss-keys.patch
Patch54: openssh-4.7p1-gssapi-role.patch
Patch55: openssh-5.1p1-cloexec.patch
-Patch60: openssh-5.0p1-pam_selinux.patch
Patch62: openssh-3.9p1-scp-manpage.patch
License: BSD
@@ -199,7 +199,6 @@
an X11 passphrase dialog for OpenSSH.
%prep
-
%setup -q
%patch0 -p1 -b .redhat
%patch2 -p1 -b .skip-initial
@@ -212,6 +211,7 @@
%patch13 -p1 -b .mls
%patch16 -p1 -b .audit
%patch17 -p1 -b .inject-fix
+%patch18 -p1 -b .pam_selinux
%endif
%patch22 -p1 -b .keep-above
@@ -226,7 +226,6 @@
%patch51 -p1 -b .nss-keys
%patch54 -p0 -b .gssapi-role
%patch55 -p1 -b .cloexec
-%patch60 -p1 -b .pam_selinux
%patch62 -p0 -b .manpage
autoreconf
--- openssh-3.8.1p1-skip-initial.patch DELETED ---
More information about the fedora-extras-commits
mailing list