summaryrefslogtreecommitdiff
path: root/contrib
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2009-12-29 21:38:40 +0000
committerColin Watson <cjwatson@debian.org>2009-12-29 21:38:40 +0000
commit1b816ea846aca3ee89e7995373ace609e9518424 (patch)
treeb41cdc8495cae7fa9c2e0f98a5f2e71656b61f9a /contrib
parentfa585019a79ebcb4e0202b1c33f87ff1c5c9ce1c (diff)
parent086ea76990b1e6287c24b6db74adffd4605eb3b0 (diff)
import openssh-4.6p1-gsskex-20070312.patch
Diffstat (limited to 'contrib')
-rwxr-xr-xcontrib/aix/buildbff.sh46
-rw-r--r--contrib/caldera/openssh.spec4
-rw-r--r--contrib/cygwin/ssh-host-config41
-rw-r--r--contrib/findssl.sh21
-rw-r--r--contrib/redhat/openssh.spec2
-rwxr-xr-xcontrib/redhat/sshd.init9
-rw-r--r--contrib/suse/openssh.spec2
7 files changed, 81 insertions, 44 deletions
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh
index 09b9c118c..97a7cbbba 100755
--- a/contrib/aix/buildbff.sh
+++ b/contrib/aix/buildbff.sh
@@ -1,7 +1,7 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# buildbff.sh: Create AIX SMIT-installable OpenSSH packages 3# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
4# $Id: buildbff.sh,v 1.8 2005/03/29 13:24:12 dtucker Exp $ 4# $Id: buildbff.sh,v 1.10 2006/09/10 03:24:19 dtucker Exp $
5# 5#
6# Author: Darren Tucker (dtucker at zip dot com dot au) 6# Author: Darren Tucker (dtucker at zip dot com dot au)
7# This file is placed in the public domain and comes with absolutely 7# This file is placed in the public domain and comes with absolutely
@@ -23,6 +23,8 @@ umask 022
23 23
24startdir=`pwd` 24startdir=`pwd`
25 25
26perl -v >/dev/null || (echo perl required; exit 1)
27
26# Path to inventory.sh: same place as buildbff.sh 28# Path to inventory.sh: same place as buildbff.sh
27if echo $0 | egrep '^/' 29if echo $0 | egrep '^/'
28then 30then
@@ -200,33 +202,29 @@ do
200done 202done
201echo 203echo
202 204
203# Create PrivSep user if PrivSep not disabled in config 205# Create PrivilegeSeparation user and group if not present
204echo Creating PrivSep prereqs if required. 206echo Checking for PrivilegeSeparation user and group.
205if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null 207if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
206then 208then
207 echo "UsePrivilegeSeparation disabled in config, not creating PrivSep user," 209 echo "PrivSep group $SSH_PRIVSEP_USER already exists."
208 echo "group or chroot directory."
209else 210else
210 echo "UsePrivilegeSeparation enabled in config (or defaulting to on)." 211 echo "Creating PrivSep group $SSH_PRIVSEP_USER."
211 212 mkgroup -A $SSH_PRIVSEP_USER
212 # create group if required 213fi
213 if cut -f1 -d: /etc/group | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
214 then
215 echo "PrivSep group $SSH_PRIVSEP_USER already exists."
216 else
217 echo "Creating PrivSep group $SSH_PRIVSEP_USER."
218 mkgroup -A $SSH_PRIVSEP_USER
219 fi
220 214
221 # Create user if required 215# Create user if required
222 if lsuser "$SSH_PRIVSEP_USER" >/dev/null 216if lsuser "$SSH_PRIVSEP_USER" >/dev/null
223 then 217then
224 echo "PrivSep user $SSH_PRIVSEP_USER already exists." 218 echo "PrivSep user $SSH_PRIVSEP_USER already exists."
225 else 219else
226 echo "Creating PrivSep user $SSH_PRIVSEP_USER." 220 echo "Creating PrivSep user $SSH_PRIVSEP_USER."
227 mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER 221 mkuser gecos='SSHD PrivSep User' login=false rlogin=false account_locked=true pgrp=$SSH_PRIVSEP_USER $SSH_PRIVSEP_USER
228 fi 222fi
229 223
224if egrep '^[ \t]*UsePrivilegeSeparation[ \t]+no' $sysconfdir/sshd_config >/dev/null
225then
226 echo UsePrivilegeSeparation not enabled, privsep directory not required.
227else
230 # create chroot directory if required 228 # create chroot directory if required
231 if [ -d $PRIVSEP_PATH ] 229 if [ -d $PRIVSEP_PATH ]
232 then 230 then
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 09c08f194..3d756eb7f 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,7 +17,7 @@
17#old cvs stuff. please update before use. may be deprecated. 17#old cvs stuff. please update before use. may be deprecated.
18%define use_stable 1 18%define use_stable 1
19%if %{use_stable} 19%if %{use_stable}
20 %define version 4.3p2 20 %define version 4.6p1
21 %define cvs %{nil} 21 %define cvs %{nil}
22 %define release 1 22 %define release 1
23%else 23%else
@@ -357,4 +357,4 @@ fi
357* Mon Jan 01 1998 ... 357* Mon Jan 01 1998 ...
358Template Version: 1.31 358Template Version: 1.31
359 359
360$Id: openssh.spec,v 1.56.2.1 2006/02/11 00:00:45 djm Exp $ 360$Id: openssh.spec,v 1.60 2007/03/06 10:23:27 djm Exp $
diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config
index 0540890e6..e2ad69f19 100644
--- a/contrib/cygwin/ssh-host-config
+++ b/contrib/cygwin/ssh-host-config
@@ -153,22 +153,31 @@ fi
153 153
154# Create /var/log and /var/log/lastlog if not already existing 154# Create /var/log and /var/log/lastlog if not already existing
155 155
156if [ -f ${LOCALSTATEDIR}/log ] 156if [ -e ${LOCALSTATEDIR}/log -a ! -d ${LOCALSTATEDIR}/log ]
157then 157then
158 echo "Creating ${LOCALSTATEDIR}/log failed!" 158 echo
159else 159 echo "${LOCALSTATEDIR}/log is existant but not a directory."
160 if [ ! -d ${LOCALSTATEDIR}/log ] 160 echo "Cannot create ssh host configuration."
161 then 161 echo
162 mkdir -p ${LOCALSTATEDIR}/log 162 exit 1
163 fi 163fi
164 if [ -d ${LOCALSTATEDIR}/log/lastlog ] 164if [ ! -e ${LOCALSTATEDIR}/log ]
165 then 165then
166 chmod 777 ${LOCALSTATEDIR}/log/lastlog 166 mkdir -p ${LOCALSTATEDIR}/log
167 elif [ ! -f ${LOCALSTATEDIR}/log/lastlog ] 167fi
168 then 168
169 cat /dev/null > ${LOCALSTATEDIR}/log/lastlog 169if [ -e ${LOCALSTATEDIR}/log/lastlog -a ! -f ${LOCALSTATEDIR}/log/lastlog ]
170 chmod 666 ${LOCALSTATEDIR}/log/lastlog 170then
171 fi 171 echo
172 echo "${LOCALSTATEDIR}/log/lastlog exists, but is not a file."
173 echo "Cannot create ssh host configuration."
174 echo
175 exit 1
176fi
177if [ ! -e ${LOCALSTATEDIR}/log/lastlog ]
178then
179 cat /dev/null > ${LOCALSTATEDIR}/log/lastlog
180 chmod 644 ${LOCALSTATEDIR}/log/lastlog
172fi 181fi
173 182
174# Create /var/empty file used as chroot jail for privilege separation 183# Create /var/empty file used as chroot jail for privilege separation
@@ -507,6 +516,7 @@ then
507 fi 516 fi
508 editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server && 517 editrights -a SeAssignPrimaryTokenPrivilege -u sshd_server &&
509 editrights -a SeCreateTokenPrivilege -u sshd_server && 518 editrights -a SeCreateTokenPrivilege -u sshd_server &&
519 editrights -a SeTcbPrivilege -u sshd_server &&
510 editrights -a SeDenyInteractiveLogonRight -u sshd_server && 520 editrights -a SeDenyInteractiveLogonRight -u sshd_server &&
511 editrights -a SeDenyNetworkLogonRight -u sshd_server && 521 editrights -a SeDenyNetworkLogonRight -u sshd_server &&
512 editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server && 522 editrights -a SeDenyRemoteInteractiveLogonRight -u sshd_server &&
@@ -578,6 +588,7 @@ then
578 fi 588 fi
579 chown "${_user}" ${SYSCONFDIR}/ssh* 589 chown "${_user}" ${SYSCONFDIR}/ssh*
580 chown "${_user}".544 ${LOCALSTATEDIR}/empty 590 chown "${_user}".544 ${LOCALSTATEDIR}/empty
591 chown "${_user}".544 ${LOCALSTATEDIR}/log/lastlog
581 if [ -f ${LOCALSTATEDIR}/log/sshd.log ] 592 if [ -f ${LOCALSTATEDIR}/log/sshd.log ]
582 then 593 then
583 chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log 594 chown "${_user}".544 ${LOCALSTATEDIR}/log/sshd.log
diff --git a/contrib/findssl.sh b/contrib/findssl.sh
index 716abced5..263fd2644 100644
--- a/contrib/findssl.sh
+++ b/contrib/findssl.sh
@@ -1,6 +1,6 @@
1#!/bin/sh 1#!/bin/sh
2# 2#
3# $Id: findssl.sh,v 1.3 2004/12/13 07:08:33 dtucker Exp $ 3# $Id: findssl.sh,v 1.4 2007/02/19 11:44:25 dtucker Exp $
4# 4#
5# findssl.sh 5# findssl.sh
6# Search for all instances of OpenSSL headers and libraries 6# Search for all instances of OpenSSL headers and libraries
@@ -89,6 +89,25 @@ LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH}
89LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH} 89LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
90export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH 90export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
91 91
92# not all platforms have a 'which' command
93if which ls >/dev/null 2>/dev/null; then
94 : which is defined
95else
96 which () {
97 saveIFS="$IFS"
98 IFS=:
99 for p in $PATH; do
100 if test -x "$p/$1" -a -f "$p/$1"; then
101 IFS="$saveIFS"
102 echo "$p/$1"
103 return 0
104 fi
105 done
106 IFS="$saveIFS"
107 return 1
108 }
109fi
110
92# 111#
93# Search for OpenSSL headers and print versions 112# Search for OpenSSL headers and print versions
94# 113#
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index cbdf7bbc7..08515d2b0 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 4.3p2 1%define ver 4.6p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/redhat/sshd.init b/contrib/redhat/sshd.init
index 4ee8630c3..e5d837cbc 100755
--- a/contrib/redhat/sshd.init
+++ b/contrib/redhat/sshd.init
@@ -35,6 +35,9 @@ do_rsa1_keygen() {
35 if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then 35 if $KEYGEN -q -t rsa1 -f $RSA1_KEY -C '' -N '' >&/dev/null; then
36 chmod 600 $RSA1_KEY 36 chmod 600 $RSA1_KEY
37 chmod 644 $RSA1_KEY.pub 37 chmod 644 $RSA1_KEY.pub
38 if [ -x /sbin/restorecon ]; then
39 /sbin/restorecon $RSA1_KEY.pub
40 fi
38 success $"RSA1 key generation" 41 success $"RSA1 key generation"
39 echo 42 echo
40 else 43 else
@@ -51,6 +54,9 @@ do_rsa_keygen() {
51 if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then 54 if $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
52 chmod 600 $RSA_KEY 55 chmod 600 $RSA_KEY
53 chmod 644 $RSA_KEY.pub 56 chmod 644 $RSA_KEY.pub
57 if [ -x /sbin/restorecon ]; then
58 /sbin/restorecon $RSA_KEY.pub
59 fi
54 success $"RSA key generation" 60 success $"RSA key generation"
55 echo 61 echo
56 else 62 else
@@ -67,6 +73,9 @@ do_dsa_keygen() {
67 if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then 73 if $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
68 chmod 600 $DSA_KEY 74 chmod 600 $DSA_KEY
69 chmod 644 $DSA_KEY.pub 75 chmod 644 $DSA_KEY.pub
76 if [ -x /sbin/restorecon ]; then
77 /sbin/restorecon $DSA_KEY.pub
78 fi
70 success $"DSA key generation" 79 success $"DSA key generation"
71 echo 80 echo
72 else 81 else
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index b49e78c65..95b394f18 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
13 13
14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15Name: openssh 15Name: openssh
16Version: 4.3p2 16Version: 4.6p1
17URL: http://www.openssh.com/ 17URL: http://www.openssh.com/
18Release: 1 18Release: 1
19Source0: openssh-%{version}.tar.gz 19Source0: openssh-%{version}.tar.gz