diff options
author | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:38:40 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2009-12-29 21:38:40 +0000 |
commit | 1b816ea846aca3ee89e7995373ace609e9518424 (patch) | |
tree | b41cdc8495cae7fa9c2e0f98a5f2e71656b61f9a /contrib | |
parent | fa585019a79ebcb4e0202b1c33f87ff1c5c9ce1c (diff) | |
parent | 086ea76990b1e6287c24b6db74adffd4605eb3b0 (diff) |
import openssh-4.6p1-gsskex-20070312.patch
Diffstat (limited to 'contrib')
-rwxr-xr-x | contrib/aix/buildbff.sh | 46 | ||||
-rw-r--r-- | contrib/caldera/openssh.spec | 4 | ||||
-rw-r--r-- | contrib/cygwin/ssh-host-config | 41 | ||||
-rw-r--r-- | contrib/findssl.sh | 21 | ||||
-rw-r--r-- | contrib/redhat/openssh.spec | 2 | ||||
-rwxr-xr-x | contrib/redhat/sshd.init | 9 | ||||
-rw-r--r-- | contrib/suse/openssh.spec | 2 |
7 files changed, 81 insertions, 44 deletions
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 09b9c118c..97a7cbbba 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh | |||
@@ -1,7 +1,7 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | # | 2 | # |
3 | # buildbff.sh: Create AIX SMIT-installable OpenSSH packages | 3 | # buildbff.sh: Create AIX SMIT-installable OpenSSH packages |
4 | # $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $ | 4 | # $Id: buildbff.sh,v 1.10 2006/09/10 03:24:19 dtucker Exp $ |
5 | # | 5 | # |
6 | # Author: Darren Tucker (dtucker at zip dot com dot au) | 6 | # Author: Darren Tucker (dtucker at zip dot com dot au) |
7 | # This file is placed in the public domain and comes with absolutely | 7 | # This file is placed in the public domain and comes with absolutely |
@@ -23,6 +23,8 @@ umask 022 | |||
23 | 23 | ||
24 | startdir=`pwd` | 24 | startdir=`pwd` |
25 | 25 | ||
26 | perl -v >/dev/null || (echo perl required; exit 1) | ||
27 | |||
26 | # Path to inventory.sh: same place as buildbff.sh | 28 | # Path to inventory.sh: same place as buildbff.sh |
27 | if echo $0 | egrep '^/' | 29 | if echo $0 | egrep '^/' |
28 | then | 30 | then |
@@ -200,33 +202,29 @@ do | |||
200 | done | 202 | done |
201 | echo | 203 | echo |
202 | 204 | ||
203 | # Create PrivSep user if PrivSep not disabled in config | 205 | # Create PrivilegeSeparation user and group if not present |
204 | echo Creating PrivSep prereqs if required. | 206 | echo Checking for PrivilegeSeparation user and group. |
205 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null | 207 | if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null |
206 | then | 208 | then |
207 | echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user," | 209 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." |
208 | echo "group or chroot directory." | ||
209 | else | 210 | else |
210 | echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." | 211 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." |
211 | 212 | mkgroup -A $SSH_PRIVSEP_USER | |
212 | # create group if required | 213 | fi |
213 | if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null | ||
214 | then | ||
215 | echo "PrivSep group $SSH_PRIVSEP_USER already exists." | ||
216 | else | ||
217 | echo "Creating PrivSep group $SSH_PRIVSEP_USER." | ||
218 | mkgroup -A $SSH_PRIVSEP_USER | ||
219 | fi | ||
220 | 214 | ||
221 | # Create user if required | 215 | # Create user if required |
222 | if lsuser "$SSH_PRIVSEP_USER" >/dev/null | 216 | if lsuser "$SSH_PRIVSEP_USER" >/dev/null |
223 | then | 217 | then |
224 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." | 218 | echo "PrivSep user $SSH_PRIVSEP_USER already exists." |
225 | else | 219 | else |
226 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." | 220 | echo "Creating PrivSep user $SSH_PRIVSEP_USER." |
227 | mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER | 221 | mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER |
228 | fi | 222 | fi |
229 | 223 | ||
224 | if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null | ||
225 | then | ||
226 | echo UsePrivilegeSeparation not enabled, privsep directory not required. | ||
227 | else | ||
230 | # create chroot directory if required | 228 | # create chroot directory if required |
231 | if [ -d $PRIVSEP_PATH ] | 229 | if [ -d $PRIVSEP_PATH ] |
232 | then | 230 | then |
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 09c08f194..3d756eb7f 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec | |||
@@ -17,7 +17,7 @@ | |||
17 | #old cvs stuff. please update before use. may be deprecated. | 17 | #old cvs stuff. please update before use. may be deprecated. |
18 | %define use_stable 1 | 18 | %define use_stable 1 |
19 | %if %{use_stable} | 19 | %if %{use_stable} |
20 | %define version 4.3p2 | 20 | %define version 4.6p1 |
21 | %define cvs %{nil} | 21 | %define cvs %{nil} |
22 | %define release 1 | 22 | %define release 1 |
23 | %else | 23 | %else |
@@ -357,4 +357,4 @@ fi | |||
357 | * Mon Jan 01 1998 ... | 357 | * Mon Jan 01 1998 ... |
358 | Template Version: 1.31 | 358 | Template Version: 1.31 |
359 | 359 | ||
360 | $Id: openssh.spec,v 1.56.2.1 2006/02/11 00:00:45 djm Exp $ | 360 | $Id: openssh.spec,v 1.60 2007/03/06 10:23:27 djm Exp $ |
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 0540890e6..e2ad69f19 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config | |||
@@ -153,22 +153,31 @@ fi | |||
153 | 153 | ||
154 | # Create /var/log and /var/log/lastlog if not already existing | 154 | # Create /var/log and /var/log/lastlog if not already existing |
155 | 155 | ||
156 | if [ -f ${LOCALSTATEDIR}/log ] | 156 | if [ -e ${LOCALSTATEDIR}/log -a ! -d ${LOCALSTATEDIR}/log ] |
157 | then | 157 | then |
158 | echo "Creating ${LOCALSTATEDIR}/log failed!" | 158 | echo |
159 | else | 159 | echo "${LOCALSTATEDIR}/log is existant but not a directory." |
160 | if [ ! -d ${LOCALSTATEDIR}/log ] | 160 | echo "Cannot create ssh host configuration." |
161 | then | 161 | echo |
162 | mkdir -p ${LOCALSTATEDIR}/log | 162 | exit 1 |
163 | fi | 163 | fi |
164 | if [ -d ${LOCALSTATEDIR}/log/lastlog ] | 164 | if [ ! -e ${LOCALSTATEDIR}/log ] |
165 | then | 165 | then |
166 | chmod 777 ${LOCALSTATEDIR}/log/lastlog | 166 | mkdir -p ${LOCALSTATEDIR}/log |
167 | elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ] | 167 | fi |
168 | then | 168 | |
169 | cat /dev/null > ${LOCALSTATEDIR}/log/lastlog | 169 | if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ] |
170 | chmod 666 ${LOCALSTATEDIR}/log/lastlog | 170 | then |
171 | fi | 171 | echo |
172 | echo "${LOCALSTATEDIR}/log/lastlog exists, but is not a file." | ||
173 | echo "Cannot create ssh host configuration." | ||
174 | echo | ||
175 | exit 1 | ||
176 | fi | ||
177 | if [ ! -e ${LOCALSTATEDIR}/log/lastlog ] | ||
178 | then | ||
179 | cat /dev/null > ${LOCALSTATEDIR}/log/lastlog | ||
180 | chmod 644 ${LOCALSTATEDIR}/log/lastlog | ||
172 | fi | 181 | fi |
173 | 182 | ||
174 | # Create /var/empty file used as chroot jail for privilege separation | 183 | # Create /var/empty file used as chroot jail for privilege separation |
@@ -507,6 +516,7 @@ then | |||
507 | fi | 516 | fi |
508 | editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server && | 517 | editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server && |
509 | editrights -a SeCreateTokenPrivilege -u sshd_server && | 518 | editrights -a SeCreateTokenPrivilege -u sshd_server && |
519 | editrights -a SeTcbPrivilege -u sshd_server && | ||
510 | editrights -a SeDenyInteractiveLogonRight -u sshd_server && | 520 | editrights -a SeDenyInteractiveLogonRight -u sshd_server && |
511 | editrights -a SeDenyNetworkLogonRight -u sshd_server && | 521 | editrights -a SeDenyNetworkLogonRight -u sshd_server && |
512 | editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server && | 522 | editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server && |
@@ -578,6 +588,7 @@ then | |||
578 | fi | 588 | fi |
579 | chown "${_user}" ${SYSCONFDIR}/ssh* | 589 | chown "${_user}" ${SYSCONFDIR}/ssh* |
580 | chown "${_user}".544 ${LOCALSTATEDIR}/empty | 590 | chown "${_user}".544 ${LOCALSTATEDIR}/empty |
591 | chown "${_user}".544 ${LOCALSTATEDIR}/log/lastlog | ||
581 | if [ -f ${LOCALSTATEDIR}/log/sshd.log ] | 592 | if [ -f ${LOCALSTATEDIR}/log/sshd.log ] |
582 | then | 593 | then |
583 | chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log | 594 | chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log |
diff --git a/contrib/findssl.sh b/contrib/findssl.sh index 716abced5..263fd2644 100644 --- a/contrib/findssl.sh +++ b/contrib/findssl.sh | |||
@@ -1,6 +1,6 @@ | |||
1 | #!/bin/sh | 1 | #!/bin/sh |
2 | # | 2 | # |
3 | # $Id: findssl.sh,v 1.3 2004/12/13 07:08:33 dtucker Exp $ | 3 | # $Id: findssl.sh,v 1.4 2007/02/19 11:44:25 dtucker Exp $ |
4 | # | 4 | # |
5 | # findssl.sh | 5 | # findssl.sh |
6 | # Search for all instances of OpenSSL headers and libraries | 6 | # Search for all instances of OpenSSL headers and libraries |
@@ -89,6 +89,25 @@ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH} | |||
89 | LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH} | 89 | LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH} |
90 | export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH | 90 | export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH |
91 | 91 | ||
92 | # not all platforms have a 'which' command | ||
93 | if which ls >/dev/null 2>/dev/null; then | ||
94 | : which is defined | ||
95 | else | ||
96 | which () { | ||
97 | saveIFS="$IFS" | ||
98 | IFS=: | ||
99 | for p in $PATH; do | ||
100 | if test -x "$p/$1" -a -f "$p/$1"; then | ||
101 | IFS="$saveIFS" | ||
102 | echo "$p/$1" | ||
103 | return 0 | ||
104 | fi | ||
105 | done | ||
106 | IFS="$saveIFS" | ||
107 | return 1 | ||
108 | } | ||
109 | fi | ||
110 | |||
92 | # | 111 | # |
93 | # Search for OpenSSL headers and print versions | 112 | # Search for OpenSSL headers and print versions |
94 | # | 113 | # |
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index cbdf7bbc7..08515d2b0 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec | |||
@@ -1,4 +1,4 @@ | |||
1 | %define ver 4.3p2 | 1 | %define ver 4.6p1 |
2 | %define rel 1 | 2 | %define rel 1 |
3 | 3 | ||
4 | # OpenSSH privilege separation requires a user & group ID | 4 | # OpenSSH privilege separation requires a user & group ID |
diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init index 4ee8630c3..e5d837cbc 100755 --- a/contrib/redhat/sshd.init +++ b/contrib/redhat/sshd.init | |||
@@ -35,6 +35,9 @@ do_rsa1_keygen() { | |||
35 | if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then | 35 | if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then |
36 | chmod 600 $RSA1_KEY | 36 | chmod 600 $RSA1_KEY |
37 | chmod 644 $RSA1_KEY.pub | 37 | chmod 644 $RSA1_KEY.pub |
38 | if [ -x /sbin/restorecon ]; then | ||
39 | /sbin/restorecon $RSA1_KEY.pub | ||
40 | fi | ||
38 | success $"RSA1 key generation" | 41 | success $"RSA1 key generation" |
39 | echo | 42 | echo |
40 | else | 43 | else |
@@ -51,6 +54,9 @@ do_rsa_keygen() { | |||
51 | if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then | 54 | if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then |
52 | chmod 600 $RSA_KEY | 55 | chmod 600 $RSA_KEY |
53 | chmod 644 $RSA_KEY.pub | 56 | chmod 644 $RSA_KEY.pub |
57 | if [ -x /sbin/restorecon ]; then | ||
58 | /sbin/restorecon $RSA_KEY.pub | ||
59 | fi | ||
54 | success $"RSA key generation" | 60 | success $"RSA key generation" |
55 | echo | 61 | echo |
56 | else | 62 | else |
@@ -67,6 +73,9 @@ do_dsa_keygen() { | |||
67 | if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then | 73 | if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then |
68 | chmod 600 $DSA_KEY | 74 | chmod 600 $DSA_KEY |
69 | chmod 644 $DSA_KEY.pub | 75 | chmod 644 $DSA_KEY.pub |
76 | if [ -x /sbin/restorecon ]; then | ||
77 | /sbin/restorecon $DSA_KEY.pub | ||
78 | fi | ||
70 | success $"DSA key generation" | 79 | success $"DSA key generation" |
71 | echo | 80 | echo |
72 | else | 81 | else |
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index b49e78c65..95b394f18 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec | |||
@@ -13,7 +13,7 @@ | |||
13 | 13 | ||
14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation | 14 | Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation |
15 | Name: openssh | 15 | Name: openssh |
16 | Version: 4.3p2 | 16 | Version: 4.6p1 |
17 | URL: http://www.openssh.com/ | 17 | URL: http://www.openssh.com/ |
18 | Release: 1 | 18 | Release: 1 |
19 | Source0: openssh-%{version}.tar.gz | 19 | Source0: openssh-%{version}.tar.gz |