-diff -urNpa openssh-7.6p1.orig/auth-krb5.c openssh-7.6p1/auth-krb5.c
---- openssh-7.6p1.orig/auth-krb5.c 2017-10-02 19:34:26.000000000 +0000
-+++ openssh-7.6p1/auth-krb5.c 2017-11-07 07:46:03.640125509 +0000
+diff -urpa openssh-7.7p1.orig/auth-krb5.c openssh-7.7p1/auth-krb5.c
+--- openssh-7.7p1.orig/auth-krb5.c 2018-04-02 05:38:28.000000000 +0000
++++ openssh-7.7p1/auth-krb5.c 2018-04-09 14:22:27.146431415 +0000
@@ -54,6 +54,20 @@
extern ServerOptions options;
authctxt->pw->pw_name)) {
problem = -1;
goto out;
-diff -urNpa openssh-7.6p1.orig/gss-serv-krb5.c openssh-7.6p1/gss-serv-krb5.c
---- openssh-7.6p1.orig/gss-serv-krb5.c 2017-10-02 19:34:26.000000000 +0000
-+++ openssh-7.6p1/gss-serv-krb5.c 2017-11-07 07:46:03.640125509 +0000
+diff -urpa openssh-7.7p1.orig/gss-serv-krb5.c openssh-7.7p1/gss-serv-krb5.c
+--- openssh-7.7p1.orig/gss-serv-krb5.c 2018-04-02 05:38:28.000000000 +0000
++++ openssh-7.7p1/gss-serv-krb5.c 2018-04-09 14:22:27.146431415 +0000
@@ -57,6 +57,7 @@ extern ServerOptions options;
#endif
retval = 1;
logit("Authorized to %s, krb5 principal %s (krb5_kuserok)",
name, (char *)client->displayname.value);
-diff -urNpa openssh-7.6p1.orig/servconf.c openssh-7.6p1/servconf.c
---- openssh-7.6p1.orig/servconf.c 2017-11-07 07:44:54.000000000 +0000
-+++ openssh-7.6p1/servconf.c 2017-11-07 07:48:00.014118573 +0000
-@@ -152,6 +152,7 @@ initialize_server_options(ServerOptions
+diff -urpa openssh-7.7p1.orig/servconf.c openssh-7.7p1/servconf.c
+--- openssh-7.7p1.orig/servconf.c 2018-04-09 14:19:20.369433518 +0000
++++ openssh-7.7p1/servconf.c 2018-04-09 14:23:35.581430645 +0000
+@@ -162,6 +162,7 @@ initialize_server_options(ServerOptions
options->num_accept_env = 0;
options->permit_tun = -1;
options->permitted_opens = NULL;
options->adm_forced_command = NULL;
options->chroot_directory = NULL;
options->authorized_keys_command = NULL;
-@@ -377,6 +378,8 @@ fill_default_server_options(ServerOption
+@@ -429,6 +430,8 @@ fill_default_server_options(ServerOption
options->num_auth_methods = 0;
}
#ifndef HAVE_MMAP
if (use_privsep && options->compression == 1) {
error("This platform does not support both privilege "
-@@ -399,7 +402,7 @@ typedef enum {
+@@ -451,7 +454,7 @@ typedef enum {
sPermitRootLogin, sLogFacility, sLogLevel,
sRhostsRSAAuthentication, sRSAAuthentication,
sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup,
-- sKerberosGetAFSToken,
-+ sKerberosGetAFSToken, sKerberosUseKuserok,
- sKerberosTgtPassing, sChallengeResponseAuthentication,
+- sKerberosGetAFSToken, sChallengeResponseAuthentication,
++ sKerberosGetAFSToken, sKerberosUseKuserok, sChallengeResponseAuthentication,
sPasswordAuthentication, sKbdInteractiveAuthentication,
sListenAddress, sAddressFamily,
-@@ -484,11 +487,13 @@ static struct {
+ sPrintMotd, sPrintLastLog, sIgnoreRhosts,
+@@ -535,11 +538,13 @@ static struct {
#else
{ "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL },
#endif
#endif
{ "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL },
{ "afstokenpassing", sUnsupported, SSHCFG_GLOBAL },
-@@ -1674,6 +1679,10 @@ process_server_config_line(ServerOptions
+@@ -1815,6 +1820,10 @@ process_server_config_line(ServerOptions
*activep = value;
break;
case sPermitOpen:
arg = strdelim(&cp);
if (!arg || *arg == '\0')
-@@ -2055,6 +2064,7 @@ copy_set_server_options(ServerOptions *d
+@@ -2193,6 +2202,7 @@ copy_set_server_options(ServerOptions *d
M_CP_INTOPT(rekey_limit);
M_CP_INTOPT(rekey_interval);
M_CP_INTOPT(log_level);
/*
* The bind_mask is a mode_t that may be unsigned, so we can't use
-@@ -2346,6 +2356,7 @@ dump_config(ServerOptions *o)
+@@ -2498,6 +2508,7 @@ dump_config(ServerOptions *o)
dump_cfg_fmtint(sStreamLocalBindUnlink, o->fwd_opts.streamlocal_bind_unlink);
dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash);
dump_cfg_fmtint(sExposeAuthInfo, o->expose_userauth_info);
/* string arguments */
dump_cfg_string(sPidFile, o->pid_file);
-diff -urNpa openssh-7.6p1.orig/servconf.h openssh-7.6p1/servconf.h
---- openssh-7.6p1.orig/servconf.h 2017-11-07 07:44:54.000000000 +0000
-+++ openssh-7.6p1/servconf.h 2017-11-07 07:46:03.642125509 +0000
-@@ -180,6 +180,7 @@ typedef struct {
+diff -urpa openssh-7.7p1.orig/servconf.h openssh-7.7p1/servconf.h
+--- openssh-7.7p1.orig/servconf.h 2018-04-09 14:18:20.148434196 +0000
++++ openssh-7.7p1/servconf.h 2018-04-09 14:22:27.147431415 +0000
+@@ -191,6 +191,7 @@ typedef struct {
char **permitted_opens;
u_int num_permitted_opens; /* May also be one of PERMITOPEN_* */
char *chroot_directory;
char *revoked_keys_file;
char *trusted_user_ca_keys;
-diff -urNpa openssh-7.6p1.orig/sshd_config openssh-7.6p1/sshd_config
---- openssh-7.6p1.orig/sshd_config 2017-11-07 07:44:54.000000000 +0000
-+++ openssh-7.6p1/sshd_config 2017-11-07 07:46:03.642125509 +0000
-@@ -69,6 +69,7 @@ AuthorizedKeysFile .ssh/authorized_keys
+diff -urpa openssh-7.7p1.orig/sshd_config openssh-7.7p1/sshd_config
+--- openssh-7.7p1.orig/sshd_config 2018-04-09 14:18:20.149434196 +0000
++++ openssh-7.7p1/sshd_config 2018-04-09 14:22:27.147431415 +0000
+@@ -68,6 +68,7 @@ AuthorizedKeysFile .ssh/authorized_keys
#KerberosOrLocalPasswd yes
#KerberosTicketCleanup yes
#KerberosGetAFSToken no
# GSSAPI options
#GSSAPIAuthentication no
-diff -urNpa openssh-7.6p1.orig/sshd_config.5 openssh-7.6p1/sshd_config.5
---- openssh-7.6p1.orig/sshd_config.5 2017-11-07 07:44:54.000000000 +0000
-+++ openssh-7.6p1/sshd_config.5 2017-11-07 07:48:44.118115944 +0000
-@@ -854,6 +854,10 @@ Specifies whether to automatically destr
+diff -urpa openssh-7.7p1.orig/sshd_config.5 openssh-7.7p1/sshd_config.5
+--- openssh-7.7p1.orig/sshd_config.5 2018-04-09 14:18:20.149434196 +0000
++++ openssh-7.7p1/sshd_config.5 2018-04-09 14:22:27.148431415 +0000
+@@ -856,6 +856,10 @@ Specifies whether to automatically destr
file on logout.
The default is
.Cm yes .
.It Cm KexAlgorithms
Specifies the available KEX (Key Exchange) algorithms.
Multiple algorithms must be comma-separated.
-@@ -1087,6 +1091,7 @@ Available keywords are
+@@ -1119,6 +1123,7 @@ Available keywords are
.Cm KbdInteractiveAuthentication ,
.Cm KerberosAuthentication ,
.Cm LogLevel ,
PRIVSEP_PATH=@PRIVSEP_PATH@
SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@
@@ -61,8 +63,9 @@
- LDFLAGS=-L. -Lopenbsd-compat/ @LDFLAGS@
EXEEXT=@EXEEXT@
MANFMT=@MANFMT@
+ MKDIR_P=@MKDIR_P@
+INSTALL_SSH_LDAP_HELPER=@INSTALL_SSH_LDAP_HELPER@
-TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT)
+++ /dev/null
---- a/configure.ac~ 2017-10-02 21:34:26.000000000 +0200
-+++ b/configure.ac 2017-10-06 08:35:16.756080761 +0200
-@@ -1487,7 +1487,7 @@ AC_ARG_WITH(ldns,
- ldns=""
- if test "x$withval" = "xyes" ; then
- AC_PATH_TOOL([LDNSCONFIG], [ldns-config], [no])
-- if test "x$PKGCONFIG" = "xno"; then
-+ if test "x$LDNSCONFIG" = "xno"; then
- CPPFLAGS="$CPPFLAGS -I${withval}/include"
- LDFLAGS="$LDFLAGS -L${withval}/lib"
- LIBS="-lldns $LIBS"
-
diff -urN openssh-3.9p1.org/ssh.0 openssh-3.9p1/ssh.0
--- openssh-3.9p1.org/ssh.0 2004-08-17 19:03:29.327565840 +0200
+++ openssh-3.9p1/ssh.0 2004-08-17 19:03:41.809668272 +0200
-@@ -235,6 +235,8 @@
- that enable them to authenticate using the identities loaded into
- the agent.
+@@ -433,6 +433,8 @@ DESCRIPTION
+ -y Send log information using the syslog(3) system module. By
+ default this information is sent to stderr.
-+ -B Enable SIGPIPE processing.
++ -Z Enable SIGPIPE processing.
+
- -a Disables forwarding of the authentication agent connection.
-
- -b bind_address
+ ssh may additionally obtain configuration data from a per-user
+ configuration file and a system-wide configuration file. The file format
+ and configuration options are described in ssh_config(5).
--- openssh-5.6p1/ssh.1~ 2010-08-24 14:05:48.000000000 +0300
+++ openssh-5.6p1/ssh.1 2010-08-24 14:06:57.879253682 +0300
-@@ -43,7 +43,7 @@
+@@ -42,7 +42,7 @@
+ .Nd OpenSSH SSH client (remote login program)
.Sh SYNOPSIS
.Nm ssh
- .Bk -words
-.Op Fl 46AaCfGgKkMNnqsTtVvXxYy
-+.Op Fl 46AaBCfGgKkMNnqsTtVvXxYy
++.Op Fl 46AaCfGgKkMNnqsTtVvXxYyZ
+ .Op Fl B Ar bind_interface
.Op Fl b Ar bind_address
.Op Fl c Ar cipher_spec
- .Op Fl D Oo Ar bind_address : Oc Ns Ar port
@@ -138,6 +138,11 @@ on the local machine as the source addre
of the connection.
Only useful on systems with more than one address.
.Pp
-+.It Fl B
++.It Fl Z
+Enables processing of SIGPIPE. Useful when using ssh output as input for
+another process, for example in a shell script. Be careful - it may break
+port/X11 forwarding when used.
/* # of replies received for global requests */
static int client_global_request_id = 0;
-@@ -200,7 +200,7 @@ static void
+@@ -204,7 +204,7 @@ static void
usage(void)
{
fprintf(stderr,
--"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
-+"usage: ssh [-46AaBCfGgKkMNnqsTtVvXxYy] [-b bind_address] [-c cipher_spec]\n"
- " [-D [bind_address:]port] [-E log_file] [-e escape_char]\n"
- " [-F configfile] [-I pkcs11] [-i identity_file]\n"
- " [-J [user@]host[:port]] [-L address] [-l login_name] [-m mac_spec]\n"
-@@ -330,7 +330,7 @@ main(int ac, char **av)
+-"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYy] [-B bind_interface]\n"
++"usage: ssh [-46AaCfGgKkMNnqsTtVvXxYyZ] [-B bind_interface]\n"
+ " [-b bind_address] [-c cipher_spec] [-D [bind_address:]port]\n"
+ " [-E log_file] [-e escape_char] [-F configfile] [-I pkcs11]\n"
+ " [-i identity_file] [-J [user@]host[:port]] [-L address]\n"
+@@ -666,7 +666,7 @@ main(int ac, char **av)
again:
while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
-- "ACD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
-+ "ABCD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
+- "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
++ "AB:CD:E:F:GI:J:KL:MNO:PQ:R:S:TVw:W:XYyZ")) != -1) {
switch (opt) {
case '1':
- options.protocol = SSH_PROTO_1;
-@@ -291,6 +294,9 @@
- case 'A':
- options.forward_agent = 1;
+ fatal("SSH protocol v.1 is no longer supported");
+@@ -985,6 +985,9 @@ main(int ac, char **av)
+ case 'F':
+ config = optarg;
break;
-+ case 'B':
++ case 'Z':
+ enable_sigpipe = 1;
+ break;
- case 'k':
- options.gss_deleg_creds = 0;
- break;
+ default:
+ usage();
+ }
+
--- openssh-6.9p1/regress/netcat.c.orig 2015-07-01 04:35:31.000000000 +0200
+++ openssh-6.9p1/regress/netcat.c 2015-07-03 17:23:33.544777525 +0200
-@@ -775,7 +775,7 @@
+@@ -738,7 +738,7 @@ local_listen(char *host, char *port, str
#ifdef SO_REUSEPORT
ret = setsockopt(s, SOL_SOCKET, SO_REUSEPORT, &x, sizeof(x));
if (ret == -1)
-- err(1, "setsockopt");
+- err(1, "setsockopt SO_REUSEPORT");
+ warn("setsockopt SO_REUSEPORT");
#endif
- set_common_sockopts(s);
-
+ #ifdef SO_REUSEADDR
+ ret = setsockopt(s, SOL_SOCKET, SO_REUSEADDR, &x, sizeof(x));
+
index 7613ff2..bcd8cad 100644
--- a/readconf.c
+++ b/readconf.c
-@@ -226,6 +226,7 @@ static struct {
+@@ -226,6 +226,7 @@
{ "passwordauthentication", oPasswordAuthentication },
{ "kbdinteractiveauthentication", oKbdInteractiveAuthentication },
{ "kbdinteractivedevices", oKbdInteractiveDevices },
index 0083cf8..90de888 100644
--- a/servconf.c
+++ b/servconf.c
-@@ -521,6 +521,7 @@ static struct {
+@@ -572,6 +572,7 @@
{ "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL },
{ "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL },
{ "strictmodes", sStrictModes, SSHCFG_GLOBAL },
+ { "permitblacklistedkeys", sDeprecated, SSHCFG_GLOBAL },
{ "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL },
{ "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL },
- { "uselogin", sUseLogin, SSHCFG_GLOBAL },
+ { "uselogin", sDeprecated, SSHCFG_GLOBAL },
Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH)
Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH)
Name: openssh
-Version: 7.6p1
+Version: 7.7p1
Release: 1
Epoch: 2
License: BSD
Group: Applications/Networking
Source0: http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz
-# Source0-md5: 06a88699018e5fef13d4655abfed1f63
+# Source0-md5: 68ba883aff6958297432e5877e9a0fe2
Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2
# Source1-md5: 66943d481cc422512b537bcc2c7400d1
Source2: %{name}d.init
Source5: ssh-agent.sh
Source6: ssh-agent.conf
Source7: %{name}-lpk.schema
-Source8: sshd-keygen
-Patch0: %{name}-ldns.patch
+Source10: sshd-keygen
Patch1: %{name}-tests-reuseport.patch
Patch2: %{name}-pam_misc.patch
Patch3: %{name}-sigpipe.patch
%prep
%setup -q
-%patch0 -p1
+
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
+
%{?with_hpn:%patch9 -p1}
%patch10 -p1
%patch11 -p1
cp -p %{SOURCE6} $RPM_BUILD_ROOT%{_sysconfdir}
cp -p %{SOURCE7} $RPM_BUILD_ROOT%{schemadir}
-install -p %{SOURCE8} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
+install -p %{SOURCE10} $RPM_BUILD_ROOT%{_libexecdir}/sshd-keygen
%{__sed} -i -e 's|@@LIBEXECDIR@@|%{_libexecdir}|g' \
$RPM_BUILD_ROOT/etc/rc.d/init.d/sshd \
%userremove sshd
fi
-%triggerpostun server -- %{name}-server < %{epoch}:7.0p1-2
+%triggerpostun server -- %{name}-server < 2:7.0p1-2
%banner %{name}-server -e << EOF
!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!!
! Starting from openssh 7.0 DSA keys are disabled !
TLD / packages / openssh.git / commitdiff