diff options
author | Damien Miller <djm@mindrot.org> | 2003-04-29 19:12:07 +1000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2003-04-29 19:12:07 +1000 |
commit | fad82e8999e790899083f9e22a1841148d746df6 (patch) | |
tree | 14606498951158ca5339dd8be7b6d39367b7286c | |
parent | 0e7f4363f3d7b2ae707709607fd816f663c7449a (diff) |
- (djm) Add back radix.o (used by AFS support), after it went missing from
Makefile many moons ago
- (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer
- (djm) Fix blibpath specification for AIX/gcc
- (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org
-rw-r--r-- | CREDITS | 4 | ||||
-rw-r--r-- | ChangeLog | 61 | ||||
-rw-r--r-- | Makefile.in | 4 | ||||
-rw-r--r-- | auth-pam.c | 20 | ||||
-rw-r--r-- | auth-passwd.c | 15 | ||||
-rw-r--r-- | auth2-none.c | 2 | ||||
-rw-r--r-- | auth2-passwd.c | 8 | ||||
-rw-r--r-- | configure.ac | 37 | ||||
-rw-r--r-- | contrib/caldera/openssh.spec | 4 | ||||
-rw-r--r-- | contrib/redhat/openssh.spec | 6 | ||||
-rw-r--r-- | contrib/suse/openssh.spec | 2 | ||||
-rw-r--r-- | monitor.c | 20 | ||||
-rw-r--r-- | version.h | 2 |
13 files changed, 70 insertions, 115 deletions
@@ -5,7 +5,7 @@ Theo de Raadt, and Dug Song - Creators of OpenSSH | |||
5 | 5 | ||
6 | Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix | 6 | Alain St-Denis <Alain.St-Denis@ec.gc.ca> - Irix fix |
7 | Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes | 7 | Alexandre Oliva <oliva@lsd.ic.unicamp.br> - AIX fixes |
8 | Andre Lucas <andre.lucas@dial.pipex.com> - new login code, many fixes | 8 | Andre Lucas <andre@ae-35.com> - new login code, many fixes |
9 | Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support | 9 | Andreas Steinmetz <ast@domdv.de> - Shadow password expiry support |
10 | Andrew McGill <andrewm@datrix.co.za> - SCO fixes | 10 | Andrew McGill <andrewm@datrix.co.za> - SCO fixes |
11 | Andrew Morgan <morgan@transmeta.com> - PAM bugfixes | 11 | Andrew Morgan <morgan@transmeta.com> - PAM bugfixes |
@@ -91,5 +91,5 @@ Apologies to anyone I have missed. | |||
91 | 91 | ||
92 | Damien Miller <djm@mindrot.org> | 92 | Damien Miller <djm@mindrot.org> |
93 | 93 | ||
94 | $Id: CREDITS,v 1.67 2002/07/28 20:31:19 stevesk Exp $ | 94 | $Id: CREDITS,v 1.67.6.1 2003/04/29 09:12:07 djm Exp $ |
95 | 95 | ||
@@ -1,56 +1,9 @@ | |||
1 | 20030428 | 1 | 20030429 |
2 | - (bal) [defines.h progressmeter.c scp.c] Some more culling of non 64bit | 2 | - (djm) Add back radix.o (used by AFS support), after it went missing from |
3 | hacked code. | 3 | Makefile many moons ago |
4 | 4 | - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer | |
5 | 20030427 | 5 | - (djm) Fix blibpath specification for AIX/gcc |
6 | - (bal) Bug #541: return; was dropped by mistake. Reported by | 6 | - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org |
7 | furrier@iglou.com | ||
8 | - (bal) Since we don't support platforms lacking u_int_64. We may | ||
9 | as well clean out some of those evil #ifdefs | ||
10 | - (bal) auth1.c minor resync while looking at the code. | ||
11 | - (bal) auth2.c same changed as above. | ||
12 | |||
13 | 20030409 | ||
14 | - (djm) Bug #539: Specify creation mode with O_CREAT for lastlog. Report | ||
15 | from matth@eecs.berkeley.edu | ||
16 | - (djm) Make the spec work with Redhat 9.0 (which renames sharutils) | ||
17 | - (djm) OpenBSD CVS Sync | ||
18 | - markus@cvs.openbsd.org 2003/04/02 09:48:07 | ||
19 | [clientloop.c monitor.c monitor_wrap.c packet.c packet.h readconf.c] | ||
20 | [readconf.h serverloop.c sshconnect2.c] | ||
21 | reapply rekeying chage, tested by henning@, ok djm@ | ||
22 | - markus@cvs.openbsd.org 2003/04/02 14:36:26 | ||
23 | [ssh-keysign.c] | ||
24 | potential segfault if KEY_UNSPEC; cjwatson@debian.org; bug #526 | ||
25 | - itojun@cvs.openbsd.org 2003/04/03 07:25:27 | ||
26 | [progressmeter.c] | ||
27 | $OpenBSD$ | ||
28 | - itojun@cvs.openbsd.org 2003/04/03 10:17:35 | ||
29 | [progressmeter.c] | ||
30 | remove $OpenBSD$, as other *.c does not have it. | ||
31 | - markus@cvs.openbsd.org 2003/04/07 08:29:57 | ||
32 | [monitor_wrap.c] | ||
33 | typo: get correct counters; introduced during rekeying change. | ||
34 | - millert@cvs.openbsd.org 2003/04/07 21:58:05 | ||
35 | [progressmeter.c] | ||
36 | The UCB copyright here is incorrect. This code did not originate | ||
37 | at UCB, it was written by Luke Mewburn. Updated the copyright at | ||
38 | the author's request. markus@ OK | ||
39 | - itojun@cvs.openbsd.org 2003/04/08 20:21:29 | ||
40 | [*.c *.h] | ||
41 | rename log() into logit() to avoid name conflict. markus ok, from | ||
42 | netbsd | ||
43 | - (djm) XXX - Performed locally using: | ||
44 | "perl -p -i -e 's/(\s|^)log\(/$1logit\(/g' *.c *.h" | ||
45 | - hin@cvs.openbsd.org 2003/04/09 08:23:52 | ||
46 | [servconf.c] | ||
47 | Don't include <krb.h> when compiling with Kerberos 5 support | ||
48 | - (djm) Fix up missing include for packet.c | ||
49 | - (djm) Fix missed log => logit occurance (reference by function pointer) | ||
50 | |||
51 | 20030402 | ||
52 | - (bal) if IP_TOS is not found or broken don't try to compile in | ||
53 | packet_set_tos() function call. bug #527 | ||
54 | 7 | ||
55 | 20030401 | 8 | 20030401 |
56 | - (djm) OpenBSD CVS Sync | 9 | - (djm) OpenBSD CVS Sync |
@@ -1349,4 +1302,4 @@ | |||
1349 | save auth method before monitor_reset_key_state(); bugzilla bug #284; | 1302 | save auth method before monitor_reset_key_state(); bugzilla bug #284; |
1350 | ok provos@ | 1303 | ok provos@ |
1351 | 1304 | ||
1352 | $Id: ChangeLog,v 1.2663 2003/04/28 23:30:43 mouring Exp $ | 1305 | $Id: ChangeLog,v 1.2648.2.1 2003/04/29 09:12:07 djm Exp $ |
diff --git a/Makefile.in b/Makefile.in index 6702eb96e..39bbf344d 100644 --- a/Makefile.in +++ b/Makefile.in | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: Makefile.in,v 1.228 2003/03/21 00:34:34 mouring Exp $ | 1 | # $Id: Makefile.in,v 1.228.2.1 2003/04/29 09:12:08 djm Exp $ |
2 | 2 | ||
3 | # uncomment if you run a non bourne compatable shell. Ie. csh | 3 | # uncomment if you run a non bourne compatable shell. Ie. csh |
4 | #SHELL = @SH@ | 4 | #SHELL = @SH@ |
@@ -62,7 +62,7 @@ TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keys | |||
62 | 62 | ||
63 | LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \ | 63 | LIBSSH_OBJS=authfd.o authfile.o bufaux.o buffer.o canohost.o channels.o \ |
64 | cipher.o compat.o compress.o crc32.o deattack.o fatal.o \ | 64 | cipher.o compat.o compress.o crc32.o deattack.o fatal.o \ |
65 | hostfile.o log.o match.o mpaux.o nchan.o packet.o readpass.o \ | 65 | hostfile.o log.o match.o mpaux.o nchan.o packet.o radix.o readpass.o \ |
66 | rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \ | 66 | rsa.o tildexpand.o ttymodes.o xmalloc.o atomicio.o \ |
67 | key.o dispatch.o kex.o mac.o uuencode.o misc.o \ | 67 | key.o dispatch.o kex.o mac.o uuencode.o misc.o \ |
68 | rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \ | 68 | rijndael.o ssh-dss.o ssh-rsa.o dh.o kexdh.o kexgex.o \ |
diff --git a/auth-pam.c b/auth-pam.c index b29444e89..cb57ba110 100644 --- a/auth-pam.c +++ b/auth-pam.c | |||
@@ -38,7 +38,7 @@ extern char *__progname; | |||
38 | 38 | ||
39 | extern int use_privsep; | 39 | extern int use_privsep; |
40 | 40 | ||
41 | RCSID("$Id: auth-pam.c,v 1.56 2003/04/09 10:59:48 djm Exp $"); | 41 | RCSID("$Id: auth-pam.c,v 1.55.4.1 2003/04/29 09:12:08 djm Exp $"); |
42 | 42 | ||
43 | #define NEW_AUTHTOK_MSG \ | 43 | #define NEW_AUTHTOK_MSG \ |
44 | "Warning: Your password has expired, please change it now." | 44 | "Warning: Your password has expired, please change it now." |
@@ -182,7 +182,7 @@ void do_pam_cleanup_proc(void *context) | |||
182 | if (__pamh && session_opened) { | 182 | if (__pamh && session_opened) { |
183 | pam_retval = pam_close_session(__pamh, 0); | 183 | pam_retval = pam_close_session(__pamh, 0); |
184 | if (pam_retval != PAM_SUCCESS) | 184 | if (pam_retval != PAM_SUCCESS) |
185 | logit("Cannot close PAM session[%d]: %.200s", | 185 | log("Cannot close PAM session[%d]: %.200s", |
186 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); | 186 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
187 | } | 187 | } |
188 | 188 | ||
@@ -196,12 +196,12 @@ void do_pam_cleanup_proc(void *context) | |||
196 | if (__pamh) { | 196 | if (__pamh) { |
197 | pam_retval = pam_end(__pamh, pam_retval); | 197 | pam_retval = pam_end(__pamh, pam_retval); |
198 | if (pam_retval != PAM_SUCCESS) | 198 | if (pam_retval != PAM_SUCCESS) |
199 | logit("Cannot release PAM authentication[%d]: %.200s", | 199 | log("Cannot release PAM authentication[%d]: %.200s", |
200 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); | 200 | pam_retval, PAM_STRERROR(__pamh, pam_retval)); |
201 | } | 201 | } |
202 | } | 202 | } |
203 | 203 | ||
204 | /* Attempt password authentation using PAM */ | 204 | /* Attempt password authentication using PAM */ |
205 | int auth_pam_password(Authctxt *authctxt, const char *password) | 205 | int auth_pam_password(Authctxt *authctxt, const char *password) |
206 | { | 206 | { |
207 | extern ServerOptions options; | 207 | extern ServerOptions options; |
@@ -215,13 +215,13 @@ int auth_pam_password(Authctxt *authctxt, const char *password) | |||
215 | pamstate = INITIAL_LOGIN; | 215 | pamstate = INITIAL_LOGIN; |
216 | pam_retval = do_pam_authenticate( | 216 | pam_retval = do_pam_authenticate( |
217 | options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); | 217 | options.permit_empty_passwd == 0 ? PAM_DISALLOW_NULL_AUTHTOK : 0); |
218 | if (pam_retval == PAM_SUCCESS) { | 218 | if (pam_retval == PAM_SUCCESS && pw) { |
219 | debug("PAM Password authentication accepted for " | 219 | debug("PAM password authentication accepted for " |
220 | "user \"%.100s\"", pw->pw_name); | 220 | "%.100s", pw->pw_name); |
221 | return 1; | 221 | return 1; |
222 | } else { | 222 | } else { |
223 | debug("PAM Password authentication for \"%.100s\" " | 223 | debug("PAM password authentication failed for " |
224 | "failed[%d]: %s", pw->pw_name, pam_retval, | 224 | "%.100s: %s", pw ? pw->pw_name : "an illegal user", |
225 | PAM_STRERROR(__pamh, pam_retval)); | 225 | PAM_STRERROR(__pamh, pam_retval)); |
226 | return 0; | 226 | return 0; |
227 | } | 227 | } |
@@ -261,7 +261,7 @@ int do_pam_account(char *username, char *remote_user) | |||
261 | break; | 261 | break; |
262 | #endif | 262 | #endif |
263 | default: | 263 | default: |
264 | logit("PAM rejected by account configuration[%d]: " | 264 | log("PAM rejected by account configuration[%d]: " |
265 | "%.200s", pam_retval, PAM_STRERROR(__pamh, | 265 | "%.200s", pam_retval, PAM_STRERROR(__pamh, |
266 | pam_retval)); | 266 | pam_retval)); |
267 | return(0); | 267 | return(0); |
diff --git a/auth-passwd.c b/auth-passwd.c index 9901d4842..62ea3a52d 100644 --- a/auth-passwd.c +++ b/auth-passwd.c | |||
@@ -93,6 +93,7 @@ int | |||
93 | auth_password(Authctxt *authctxt, const char *password) | 93 | auth_password(Authctxt *authctxt, const char *password) |
94 | { | 94 | { |
95 | struct passwd * pw = authctxt->pw; | 95 | struct passwd * pw = authctxt->pw; |
96 | int ok = authctxt->valid; | ||
96 | #if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) | 97 | #if !defined(USE_PAM) && !defined(HAVE_OSF_SIA) |
97 | char *encrypted_password; | 98 | char *encrypted_password; |
98 | char *pw_password; | 99 | char *pw_password; |
@@ -115,19 +116,23 @@ auth_password(Authctxt *authctxt, const char *password) | |||
115 | 116 | ||
116 | /* deny if no user. */ | 117 | /* deny if no user. */ |
117 | if (pw == NULL) | 118 | if (pw == NULL) |
118 | return 0; | 119 | ok = 0; |
119 | #ifndef HAVE_CYGWIN | 120 | #ifndef HAVE_CYGWIN |
120 | if (pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) | 121 | if (pw && pw->pw_uid == 0 && options.permit_root_login != PERMIT_YES) |
121 | return 0; | 122 | ok = 0; |
122 | #endif | 123 | #endif |
123 | if (*password == '\0' && options.permit_empty_passwd == 0) | 124 | if (*password == '\0' && options.permit_empty_passwd == 0) |
124 | return 0; | 125 | ok = 0; |
125 | 126 | ||
126 | #if defined(USE_PAM) | 127 | #if defined(USE_PAM) |
127 | return auth_pam_password(authctxt, password); | 128 | return auth_pam_password(authctxt, password) && ok; |
128 | #elif defined(HAVE_OSF_SIA) | 129 | #elif defined(HAVE_OSF_SIA) |
130 | if (!ok) | ||
131 | return 0; | ||
129 | return auth_sia_password(authctxt, password); | 132 | return auth_sia_password(authctxt, password); |
130 | #else | 133 | #else |
134 | if (!ok) | ||
135 | return 0; | ||
131 | # ifdef KRB5 | 136 | # ifdef KRB5 |
132 | if (options.kerberos_authentication == 1) { | 137 | if (options.kerberos_authentication == 1) { |
133 | int ret = auth_krb5_password(authctxt, password); | 138 | int ret = auth_krb5_password(authctxt, password); |
diff --git a/auth2-none.c b/auth2-none.c index c07b2dd81..692a2961f 100644 --- a/auth2-none.c +++ b/auth2-none.c | |||
@@ -100,7 +100,7 @@ userauth_none(Authctxt *authctxt) | |||
100 | if (check_nt_auth(1, authctxt->pw) == 0) | 100 | if (check_nt_auth(1, authctxt->pw) == 0) |
101 | return(0); | 101 | return(0); |
102 | #endif | 102 | #endif |
103 | return (authctxt->valid ? PRIVSEP(auth_password(authctxt, "")) : 0); | 103 | return PRIVSEP(auth_password(authctxt, "")) && authctxt->valid; |
104 | } | 104 | } |
105 | 105 | ||
106 | Authmethod method_none = { | 106 | Authmethod method_none = { |
diff --git a/auth2-passwd.c b/auth2-passwd.c index a8f15161a..5026969f8 100644 --- a/auth2-passwd.c +++ b/auth2-passwd.c | |||
@@ -44,14 +44,14 @@ userauth_passwd(Authctxt *authctxt) | |||
44 | u_int len; | 44 | u_int len; |
45 | change = packet_get_char(); | 45 | change = packet_get_char(); |
46 | if (change) | 46 | if (change) |
47 | logit("password change not supported"); | 47 | log("password change not supported"); |
48 | password = packet_get_string(&len); | 48 | password = packet_get_string(&len); |
49 | packet_check_eom(); | 49 | packet_check_eom(); |
50 | if (authctxt->valid && | 50 | if (PRIVSEP(auth_password(authctxt, password)) == 1 && authctxt->valid |
51 | #ifdef HAVE_CYGWIN | 51 | #ifdef HAVE_CYGWIN |
52 | check_nt_auth(1, authctxt->pw) && | 52 | && check_nt_auth(1, authctxt->pw) |
53 | #endif | 53 | #endif |
54 | PRIVSEP(auth_password(authctxt, password)) == 1) | 54 | ) |
55 | authenticated = 1; | 55 | authenticated = 1; |
56 | memset(password, 0, len); | 56 | memset(password, 0, len); |
57 | xfree(password); | 57 | xfree(password); |
diff --git a/configure.ac b/configure.ac index 47fef0cbe..e5a8d6f05 100644 --- a/configure.ac +++ b/configure.ac | |||
@@ -1,4 +1,4 @@ | |||
1 | # $Id: configure.ac,v 1.113 2003/03/21 01:18:09 mouring Exp $ | 1 | # $Id: configure.ac,v 1.113.2.1 2003/04/29 09:12:08 djm Exp $ |
2 | 2 | ||
3 | AC_INIT | 3 | AC_INIT |
4 | AC_CONFIG_SRCDIR([ssh.c]) | 4 | AC_CONFIG_SRCDIR([ssh.c]) |
@@ -57,20 +57,24 @@ case "$host" in | |||
57 | AFS_LIBS="-lld" | 57 | AFS_LIBS="-lld" |
58 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" | 58 | CPPFLAGS="$CPPFLAGS -I/usr/local/include" |
59 | LDFLAGS="$LDFLAGS -L/usr/local/lib" | 59 | LDFLAGS="$LDFLAGS -L/usr/local/lib" |
60 | if (test "$LD" != "gcc" && test -z "$blibpath"); then | 60 | AC_MSG_CHECKING([how to specify blibpath for linker ($LD)]) |
61 | AC_MSG_CHECKING([if linkage editor ($LD) accepts -blibpath]) | 61 | if (test -z "$blibpath"); then |
62 | saved_LDFLAGS="$LDFLAGS" | 62 | blibpath="/usr/lib:/lib:/usr/local/lib" |
63 | LDFLAGS="$LDFLAGS -blibpath:/usr/lib:/lib:/usr/local/lib" | 63 | fi |
64 | AC_TRY_LINK([], | 64 | saved_LDFLAGS="$LDFLAGS" |
65 | [], | 65 | for tryflags in -blibpath: -Wl,-blibpath: -Wl,-rpath, ;do |
66 | [ | 66 | if (test -z "$blibflags"); then |
67 | AC_MSG_RESULT(yes) | 67 | LDFLAGS="$saved_LDFLAGS $tryflags$blibpath" |
68 | blibpath="/usr/lib:/lib:/usr/local/lib" | 68 | AC_TRY_LINK([], [], [blibflags=$tryflags]) |
69 | ], | 69 | fi |
70 | [ AC_MSG_RESULT(no) ] | 70 | done |
71 | ) | 71 | if (test -z "$blibflags"); then |
72 | LDFLAGS="$saved_LDFLAGS" | 72 | AC_MSG_RESULT(not found) |
73 | AC_MSG_ERROR([*** must be able to specify blibpath on AIX - check config.log]) | ||
74 | else | ||
75 | AC_MSG_RESULT($blibflags) | ||
73 | fi | 76 | fi |
77 | LDFLAGS="$saved_LDFLAGS" | ||
74 | AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)], | 78 | AC_CHECK_FUNC(authenticate, [AC_DEFINE(WITH_AIXAUTHENTICATE)], |
75 | [AC_CHECK_LIB(s,authenticate, | 79 | [AC_CHECK_LIB(s,authenticate, |
76 | [ AC_DEFINE(WITH_AIXAUTHENTICATE) | 80 | [ AC_DEFINE(WITH_AIXAUTHENTICATE) |
@@ -618,6 +622,7 @@ AC_CHECK_FUNCS(\ | |||
618 | ) | 622 | ) |
619 | 623 | ||
620 | AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) | 624 | AC_SEARCH_LIBS(nanosleep, rt posix4, AC_DEFINE(HAVE_NANOSLEEP)) |
625 | AC_SEARCH_LIBS(basename, gen, AC_DEFINE(HAVE_BASENAME)) | ||
621 | 626 | ||
622 | dnl Make sure strsep prototype is defined before defining HAVE_STRSEP | 627 | dnl Make sure strsep prototype is defined before defining HAVE_STRSEP |
623 | AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)]) | 628 | AC_CHECK_DECL(strsep, [AC_CHECK_FUNCS(strsep)]) |
@@ -2473,8 +2478,8 @@ fi | |||
2473 | 2478 | ||
2474 | 2479 | ||
2475 | if test ! -z "$blibpath" ; then | 2480 | if test ! -z "$blibpath" ; then |
2476 | LDFLAGS="$LDFLAGS -blibpath:$blibpath" | 2481 | LDFLAGS="$LDFLAGS $blibflags$blibpath" |
2477 | AC_MSG_WARN([Please check and edit -blibpath in LDFLAGS in Makefile]) | 2482 | AC_MSG_WARN([Please check and edit blibpath in LDFLAGS in Makefile]) |
2478 | fi | 2483 | fi |
2479 | 2484 | ||
2480 | dnl remove pam and dl because they are in $LIBPAM | 2485 | dnl remove pam and dl because they are in $LIBPAM |
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 142d30d88..f7fbe15e5 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec | |||
@@ -17,7 +17,7 @@ | |||
17 | #old cvs stuff. please update before use. may be deprecated. | 17 | #old cvs stuff. please update before use. may be deprecated. |
18 | %define use_stable 1 | 18 | %define use_stable 1 |
19 | %if %{use_stable} | 19 | %if %{use_stable} |
20 | %define version 3.6.1p1 | 20 | %define version 3.6.1p2 |
21 | %define cvs %{nil} | 21 | %define cvs %{nil} |
22 | %define release 2 | 22 | %define release 2 |
23 | %else | 23 | %else |
@@ -364,4 +364,4 @@ fi | |||
364 | * Mon Jan 01 1998 ... | 364 | * Mon Jan 01 1998 ... |
365 | Template Version: 1.31 | 365 | Template Version: 1.31 |
366 | 366 | ||
367 | $Id: openssh.spec,v 1.42 2003/04/01 11:46:53 djm Exp $ | 367 | $Id: openssh.spec,v 1.42.2.1 2003/04/29 09:12:08 djm Exp $ |
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 11d86a83c..e7c3bb121 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,5 +1,5 @@ | |||
1 | %define ver 3.6.1p1 | 1 | %define ver 3.6.1p2 |
2 | %define rel 2 | 2 | %define rel 1 |
3 | 3 | ||
4 | # OpenSSH privilege separation requires a user & group ID | 4 | # OpenSSH privilege separation requires a user & group ID |
5 | %define sshd_uid 74 | 5 | %define sshd_uid 74 |
@@ -87,7 +87,7 @@ PreReq: initscripts >= 5.00 | |||
87 | %else | 87 | %else |
88 | PreReq: initscripts >= 5.20 | 88 | PreReq: initscripts >= 5.20 |
89 | %endif | 89 | %endif |
90 | BuildPreReq: perl, openssl-devel, tcp_wrappers | 90 | BuildPreReq: perl, openssl-devel, sharutils, tcp_wrappers |
91 | BuildPreReq: /bin/login | 91 | BuildPreReq: /bin/login |
92 | %if ! %{build6x} | 92 | %if ! %{build6x} |
93 | BuildPreReq: glibc-devel, pam | 93 | BuildPreReq: glibc-devel, pam |
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 194dbb7d1..707c3a221 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -1,6 +1,6 @@ | |||
1 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation | 1 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation |
2 | Name: openssh | 2 | Name: openssh |
3 | Version: 3.6.1p1 | 3 | Version: 3.6.1p2 |
4 | URL: http://www.openssh.com/ | 4 | URL: http://www.openssh.com/ |
5 | Release: 1 | 5 | Release: 1 |
6 | Source0: openssh-%{version}.tar.gz | 6 | Source0: openssh-%{version}.tar.gz |
@@ -25,7 +25,7 @@ | |||
25 | */ | 25 | */ |
26 | 26 | ||
27 | #include "includes.h" | 27 | #include "includes.h" |
28 | RCSID("$OpenBSD: monitor.c,v 1.37 2003/04/02 09:48:07 markus Exp $"); | 28 | RCSID("$OpenBSD: monitor.c,v 1.36 2003/04/01 10:22:21 markus Exp $"); |
29 | 29 | ||
30 | #include <openssl/dh.h> | 30 | #include <openssl/dh.h> |
31 | 31 | ||
@@ -606,7 +606,7 @@ mm_answer_authpassword(int socket, Buffer *m) | |||
606 | passwd = buffer_get_string(m, &plen); | 606 | passwd = buffer_get_string(m, &plen); |
607 | /* Only authenticate if the context is valid */ | 607 | /* Only authenticate if the context is valid */ |
608 | authenticated = options.password_authentication && | 608 | authenticated = options.password_authentication && |
609 | authctxt->valid && auth_password(authctxt, passwd); | 609 | auth_password(authctxt, passwd) && authctxt->valid; |
610 | memset(passwd, 0, strlen(passwd)); | 610 | memset(passwd, 0, strlen(passwd)); |
611 | xfree(passwd); | 611 | xfree(passwd); |
612 | 612 | ||
@@ -870,7 +870,7 @@ monitor_valid_userblob(u_char *data, u_int datalen) | |||
870 | fail++; | 870 | fail++; |
871 | p = buffer_get_string(&b, NULL); | 871 | p = buffer_get_string(&b, NULL); |
872 | if (strcmp(authctxt->user, p) != 0) { | 872 | if (strcmp(authctxt->user, p) != 0) { |
873 | logit("wrong user name passed to monitor: expected %s != %.100s", | 873 | log("wrong user name passed to monitor: expected %s != %.100s", |
874 | authctxt->user, p); | 874 | authctxt->user, p); |
875 | fail++; | 875 | fail++; |
876 | } | 876 | } |
@@ -918,7 +918,7 @@ monitor_valid_hostbasedblob(u_char *data, u_int datalen, char *cuser, | |||
918 | fail++; | 918 | fail++; |
919 | p = buffer_get_string(&b, NULL); | 919 | p = buffer_get_string(&b, NULL); |
920 | if (strcmp(authctxt->user, p) != 0) { | 920 | if (strcmp(authctxt->user, p) != 0) { |
921 | logit("wrong user name passed to monitor: expected %s != %.100s", | 921 | log("wrong user name passed to monitor: expected %s != %.100s", |
922 | authctxt->user, p); | 922 | authctxt->user, p); |
923 | fail++; | 923 | fail++; |
924 | } | 924 | } |
@@ -1497,8 +1497,6 @@ mm_get_keystate(struct monitor *pmonitor) | |||
1497 | Buffer m; | 1497 | Buffer m; |
1498 | u_char *blob, *p; | 1498 | u_char *blob, *p; |
1499 | u_int bloblen, plen; | 1499 | u_int bloblen, plen; |
1500 | u_int32_t seqnr, packets; | ||
1501 | u_int64_t blocks; | ||
1502 | 1500 | ||
1503 | debug3("%s: Waiting for new keys", __func__); | 1501 | debug3("%s: Waiting for new keys", __func__); |
1504 | 1502 | ||
@@ -1528,14 +1526,8 @@ mm_get_keystate(struct monitor *pmonitor) | |||
1528 | xfree(blob); | 1526 | xfree(blob); |
1529 | 1527 | ||
1530 | /* Now get sequence numbers for the packets */ | 1528 | /* Now get sequence numbers for the packets */ |
1531 | seqnr = buffer_get_int(&m); | 1529 | packet_set_seqnr(MODE_OUT, buffer_get_int(&m)); |
1532 | blocks = buffer_get_int64(&m); | 1530 | packet_set_seqnr(MODE_IN, buffer_get_int(&m)); |
1533 | packets = buffer_get_int(&m); | ||
1534 | packet_set_state(MODE_OUT, seqnr, blocks, packets); | ||
1535 | seqnr = buffer_get_int(&m); | ||
1536 | blocks = buffer_get_int64(&m); | ||
1537 | packets = buffer_get_int(&m); | ||
1538 | packet_set_state(MODE_IN, seqnr, blocks, packets); | ||
1539 | 1531 | ||
1540 | skip: | 1532 | skip: |
1541 | /* Get the key context */ | 1533 | /* Get the key context */ |
@@ -1,3 +1,3 @@ | |||
1 | /* $OpenBSD: version.h,v 1.37 2003/04/01 10:56:46 markus Exp $ */ | 1 | /* $OpenBSD: version.h,v 1.37 2003/04/01 10:56:46 markus Exp $ */ |
2 | 2 | ||
3 | #define SSH_VERSION "OpenSSH_3.6.1p1" | 3 | #define SSH_VERSION "OpenSSH_3.6.1p2" |