From: Marcin Krol Date: Wed, 12 Aug 2015 14:35:09 +0000 (+0000) Subject: - merged 7.0p1 from PLD X-Git-Url: https://git.tld-linux.org/?a=commitdiff_plain;h=025f3aaeb29b48215e9eb61b01bac94baa6313c0;p=packages%2Fopenssh.git - merged 7.0p1 from PLD --- diff --git a/openssh-chroot.patch b/openssh-chroot.patch index 3c93ac0..3bef762 100644 --- a/openssh-chroot.patch +++ b/openssh-chroot.patch @@ -116,9 +116,9 @@ # http://securitytracker.com/alerts/2004/Sep/1011143.html --- openssh-4.4p1/sshd_config.0.orig 2006-09-26 13:03:48.000000000 +0200 +++ openssh-4.4p1/sshd_config.0 2006-10-05 10:11:41.615971000 +0200 -@@ -451,6 +451,16 @@ - To disable TCP keepalive messages, the value should be set to - ``no''. +@@ -921,6 +921,16 @@ DESCRIPTION + TrustedUserCAKeys. For more details on certificates, see the + CERTIFICATES section in ssh-keygen(1). + UseChroot + Specifies whether to use chroot-jail environment with ssh/sftp, @@ -130,9 +130,9 @@ + For this to work properly you have to create special chroot-jail + environment in a /path/to/chroot directory. + - UseDNS Specifies whether sshd(8) should look up the remote host name and - check that the resolved host name for the remote IP address maps - back to the very same IP address. The default is ``yes''. + UseDNS Specifies whether sshd(8) should look up the remote host name, + and to check that the resolved host name for the remote IP + address maps back to the very same IP address. --- openssh-3.8p1/sshd_config.5.orig 2004-02-18 04:31:24.000000000 +0100 +++ openssh-3.8p1/sshd_config.5 2004-02-25 21:17:23.000000000 +0100 @@ -552,6 +552,16 @@ diff --git a/openssh-config.patch b/openssh-config.patch index f82be4f..51c9878 100644 --- a/openssh-config.patch +++ b/openssh-config.patch @@ -4,7 +4,7 @@ # Authentication: #LoginGraceTime 2m --#PermitRootLogin no +-#PermitRootLogin prohibit-password +PermitRootLogin no #StrictModes yes #MaxAuthTries 6 diff --git a/openssh-sigpipe.patch b/openssh-sigpipe.patch index 78d72b7..11969dd 100644 --- a/openssh-sigpipe.patch +++ b/openssh-sigpipe.patch @@ -42,17 +42,18 @@ diff -urN openssh-3.9p1.org/ssh.0 openssh-3.9p1/ssh.0 .Op Fl b Ar bind_address .Op Fl c Ar cipher_spec .Op Fl D Oo Ar bind_address : Oc Ns Ar port -@@ -425,6 +425,10 @@ - on the local machine as the source address +@@ -138,6 +138,11 @@ on the local machine as the source addre of the connection. Only useful on systems with more than one address. + .Pp +.It Fl B +Enables processing of SIGPIPE. Useful when using ssh output as input for +another process, for example in a shell script. Be careful - it may break +port/X11 forwarding when used. ++.Pp .It Fl C Requests compression of all data (including stdin, stdout, stderr, and - data for forwarded X11 and TCP/IP connections). + data for forwarded X11, TCP and --- openssh-4.0p1/ssh.c.orig 2005-03-02 02:04:33.000000000 +0100 +++ openssh-4.0p1/ssh.c 2005-03-10 15:11:10.000000000 +0100 @@ -135,6 +135,9 @@ diff --git a/openssh.spec b/openssh.spec index bb49f47..0fe4854 100644 --- a/openssh.spec +++ b/openssh.spec @@ -41,13 +41,13 @@ Summary(pt_BR.UTF-8): Implementação livre do SSH Summary(ru.UTF-8): OpenSSH - свободная реализация протокола Secure Shell (SSH) Summary(uk.UTF-8): OpenSSH - вільна реалізація протоколу Secure Shell (SSH) Name: openssh -Version: 6.9p1 -Release: 3 +Version: 7.0p1 +Release: 2 Epoch: 2 License: BSD Group: Applications/Networking Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/%{name}-%{version}.tar.gz -# Source0-md5: 0b161c44fc31fbc6b76a6f8ae639f16f +# Source0-md5: 831883f251ac34f0ab9c812acc24ee69 Source1: http://www.mif.pg.gda.pl/homepages/ankry/man-PLD/%{name}-non-english-man-pages.tar.bz2 # Source1-md5: 66943d481cc422512b537bcc2c7400d1 Source2: %{name}d.init @@ -683,6 +683,16 @@ if [ "$1" = "0" ]; then %userremove sshd fi +%triggerpostun server -- %{name}-server < %{epoch}:7.0p1-2 +%banner %{name}-server -e << EOF +!!!!!!!!!!!!!!!!!!!!! WARNING !!!!!!!!!!!!!!!!!!!!! +! Starting from openssh 7.0 DSA keys are disabled ! +! on server and client side. You will NOT be able ! +! to use DSA keys for authentication. Please read ! +! about PubkeyAcceptedKeyTypes in man ssh_config. ! +!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +EOF + %triggerpostun server -- %{name}-server < 6.2p1-1 cp -f %{_sysconfdir}/sshd_config{,.rpmorig} sed -i -e 's#AuthorizedKeysCommandRunAs#AuthorizedKeysCommandUser##g' %{_sysconfdir}/sshd_config