Import openssh_8.2p1.orig.tar.gz

author: Colin Watson <cjwatson@debian.org> 2020-02-21 11:57:14 +0000
committer: Colin Watson <cjwatson@debian.org> 2020-02-21 11:57:14 +0000
commit: f0de78bd4f29fa688c5df116f3f9cd43543a76d0 (patch)
tree: 856b0dee3f2764c13a32dad5ffe2424fab7fef41 /contrib
parent: 4213eec74e74de6310c27a40c3e9759a08a73996 (diff)
parent: 8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 (diff)
4 files changed, 75 insertions, 46 deletions
diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c
index 535a69274..bc83a2d67 100644
--- a/contrib/gnome-ssh-askpass2.c
+++ b/contrib/gnome-ssh-askpass2.c
@@ -39,6 +39,10 @@
 #define GRAB_TRIES      16
 #define GRAB_WAIT       250 /* milliseconds */
+#define PROMPT_ENTRY    0
+#define PROMPT_CONFIRM  1
+#define PROMPT_NONE     2
 /*
 * Compile with:
 *
@@ -82,11 +86,12 @@ ok_dialog(GtkWidget *entry, gpointer dialog)
 }
 static int
-passphrase_dialog(char *message)
+passphrase_dialog(char *message, int prompt_type)
 {
        const char *failed;
        char *passphrase, *local;
        int result, grab_tries, grab_server, grab_pointer;
+        int buttons, default_response;
        GtkWidget *parent_window, *dialog, *entry;
        GdkGrabStatus status;
@@ -98,31 +103,43 @@ passphrase_dialog(char *message)
         * complain.  */
        parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
+        switch (prompt_type) {
+        case PROMPT_CONFIRM:
+                buttons = GTK_BUTTONS_YES_NO;
+                default_response = GTK_RESPONSE_YES;
+                break;
+        case PROMPT_NONE:
+                buttons = GTK_BUTTONS_CLOSE;
+                default_response = GTK_RESPONSE_CLOSE;
+                break;
+        default:
+                buttons = GTK_BUTTONS_OK_CANCEL;
+                default_response = GTK_RESPONSE_OK;
+                break;
+        }
        dialog = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
-                                        GTK_MESSAGE_QUESTION,
+            GTK_MESSAGE_QUESTION, buttons, "%s", message);
-                                        GTK_BUTTONS_OK_CANCEL,
-                                        "%s",
-                                        message);
-        entry = gtk_entry_new();
-        gtk_box_pack_start(
-            GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), entry,
-            FALSE, FALSE, 0);
-        gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
-        gtk_widget_grab_focus(entry);
-        gtk_widget_show(entry);
        gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
        gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
        gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+        gtk_dialog_set_default_response(GTK_DIALOG(dialog), default_response);
-        /* Make <enter> close dialog */
-        gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
-        g_signal_connect(G_OBJECT(entry), "activate",
-                         G_CALLBACK(ok_dialog), dialog);
        gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
+        if (prompt_type == PROMPT_ENTRY) {
+                entry = gtk_entry_new();
+                gtk_box_pack_start(
+                    GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
+                    entry, FALSE, FALSE, 0);
+                gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
+                gtk_widget_grab_focus(entry);
+                gtk_widget_show(entry);
+                /* Make <enter> close dialog */
+                g_signal_connect(G_OBJECT(entry), "activate",
+                                 G_CALLBACK(ok_dialog), dialog);
+        }
        /* Grab focus */
        gtk_widget_show_now(dialog);
        if (grab_pointer) {
@@ -166,32 +183,37 @@ passphrase_dialog(char *message)
        gdk_flush();
        /* Report passphrase if user selected OK */
-        passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
+        if (prompt_type == PROMPT_ENTRY) {
-        if (result == GTK_RESPONSE_OK) {
+                passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
-                local = g_locale_from_utf8(passphrase, strlen(passphrase),
+                if (result == GTK_RESPONSE_OK) {
-                                           NULL, NULL, NULL);
+                        local = g_locale_from_utf8(passphrase,
-                if (local != NULL) {
+                            strlen(passphrase), NULL, NULL, NULL);
-                        puts(local);
+                        if (local != NULL) {
-                        memset(local, '\0', strlen(local));
+                                puts(local);
-                        g_free(local);
+                                memset(local, '\0', strlen(local));
-                } else {
+                                g_free(local);
-                        puts(passphrase);
+                        } else {
+                                puts(passphrase);
+                        }
                }
+                /* Zero passphrase in memory */
+                memset(passphrase, '\b', strlen(passphrase));
+                gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
+                memset(passphrase, '\0', strlen(passphrase));
+                g_free(passphrase);
        }
-                
-        /* Zero passphrase in memory */
-        memset(passphrase, '\b', strlen(passphrase));
-        gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
-        memset(passphrase, '\0', strlen(passphrase));
-        g_free(passphrase);
-                        
        gtk_widget_destroy(dialog);
-        return (result == GTK_RESPONSE_OK ? 0 : -1);
+        if (result != GTK_RESPONSE_OK && result != GTK_RESPONSE_YES)
+                return -1;
+        return 0;
-        /* At least one grab failed - ungrab what we got, and report
-           the failure to the user.  Note that XGrabServer() cannot
-           fail.  */
 nograbkb:
+        /*
+         * At least one grab failed - ungrab what we got, and report
+         * the failure to the user.  Note that XGrabServer() cannot
+         * fail.
+         */
        gdk_pointer_ungrab(GDK_CURRENT_TIME);
 nograb:
        if (grab_server)
@@ -206,8 +228,8 @@ passphrase_dialog(char *message)
 int
 main(int argc, char **argv)
 {
-        char *message;
+        char *message, *prompt_mode;
-        int result;
+        int result, prompt_type = PROMPT_ENTRY;
        gtk_init(&argc, &argv);
@@ -217,8 +239,15 @@ main(int argc, char **argv)
                message = g_strdup("Enter your OpenSSH passphrase:");
        }
+        if ((prompt_mode = getenv("SSH_ASKPASS_PROMPT")) != NULL) {
+                if (strcasecmp(prompt_mode, "confirm") == 0)
+                        prompt_type = PROMPT_CONFIRM;
+                else if (strcasecmp(prompt_mode, "none") == 0)
+                        prompt_type = PROMPT_NONE;
+        }
        setvbuf(stdout, 0, _IONBF, 0);
-        result = passphrase_dialog(message);
+        result = passphrase_dialog(message, prompt_type);
        g_free(message);
        return (result);
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index a440a11c2..54dc39610 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 8.1p1
+%define ver 8.2p1
 %define rel 1%{?dist}
 # OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1
index 8850cceda..ae75c79a5 100644
--- a/contrib/ssh-copy-id.1
+++ b/contrib/ssh-copy-id.1
@@ -158,7 +158,7 @@ asked for confirmation, which is your cue to log back out and run
 The reason you might want to specify the -i option in this case is to
 ensure that the comment on the installed key is the one from the
 .Pa .pub
-file, rather than just the filename that was loaded into you agent.
+file, rather than just the filename that was loaded into your agent.
 It also ensures that only the id you intended is installed, rather than
 all the keys that you have in your
 .Xr ssh-agent 1 .
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 8c081acc0..4c318001e 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
 Summary:        OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name:           openssh
-Version:        8.1p1
+Version:        8.2p1
 URL:            https://www.openssh.com/
 Release:        1
 Source0:        openssh-%{version}.tar.gz
author	Colin Watson <cjwatson@debian.org>	2020-02-21 11:57:14 +0000
committer	Colin Watson <cjwatson@debian.org>	2020-02-21 11:57:14 +0000
commit	f0de78bd4f29fa688c5df116f3f9cd43543a76d0 (patch)
tree	856b0dee3f2764c13a32dad5ffe2424fab7fef41 /contrib
parent	4213eec74e74de6310c27a40c3e9759a08a73996 (diff)
parent	8aa3455b16fddea4c0144a7c4a1edb10ec67dcc8 (diff)

diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c index 535a69274..bc83a2d67 100644 --- a/contrib/gnome-ssh-askpass2.c +++ b/contrib/gnome-ssh-askpass2.c
@@ -39,6 +39,10 @@
39	#define GRAB_TRIES 16	39	#define GRAB_TRIES 16
40	#define GRAB_WAIT 250 /* milliseconds */	40	#define GRAB_WAIT 250 /* milliseconds */
41		41
		42	#define PROMPT_ENTRY 0
		43	#define PROMPT_CONFIRM 1
		44	#define PROMPT_NONE 2
		45
42	/*	46	/*
43	* Compile with:	47	* Compile with:
44	*	48	*
@@ -82,11 +86,12 @@ ok_dialog(GtkWidget *entry, gpointer dialog)
82	}	86	}
83		87
84	static int	88	static int
85	passphrase_dialog(char *message)	89	passphrase_dialog(char *message, int prompt_type)
86	{	90	{
87	const char *failed;	91	const char *failed;
88	char passphrase, local;	92	char passphrase, local;
89	int result, grab_tries, grab_server, grab_pointer;	93	int result, grab_tries, grab_server, grab_pointer;
		94	int buttons, default_response;
90	GtkWidget parent_window, dialog, *entry;	95	GtkWidget parent_window, dialog, *entry;
91	GdkGrabStatus status;	96	GdkGrabStatus status;
92		97
@@ -98,31 +103,43 @@ passphrase_dialog(char *message)
98	* complain. */	103	* complain. */
99	parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL);	104	parent_window = gtk_window_new(GTK_WINDOW_TOPLEVEL);
100		105
		106	switch (prompt_type) {
		107	case PROMPT_CONFIRM:
		108	buttons = GTK_BUTTONS_YES_NO;
		109	default_response = GTK_RESPONSE_YES;
		110	break;
		111	case PROMPT_NONE:
		112	buttons = GTK_BUTTONS_CLOSE;
		113	default_response = GTK_RESPONSE_CLOSE;
		114	break;
		115	default:
		116	buttons = GTK_BUTTONS_OK_CANCEL;
		117	default_response = GTK_RESPONSE_OK;
		118	break;
		119	}
		120
101	dialog = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,	121	dialog = gtk_message_dialog_new(GTK_WINDOW(parent_window), 0,
102	GTK_MESSAGE_QUESTION,	122	GTK_MESSAGE_QUESTION, buttons, "%s", message);
103	GTK_BUTTONS_OK_CANCEL,
104	"%s",
105	message);
106
107	entry = gtk_entry_new();
108	gtk_box_pack_start(
109	GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))), entry,
110	FALSE, FALSE, 0);
111	gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
112	gtk_widget_grab_focus(entry);
113	gtk_widget_show(entry);
114		123
115	gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");	124	gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH");
116	gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);	125	gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER);
117	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);	126	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
118		127	gtk_dialog_set_default_response(GTK_DIALOG(dialog), default_response);
119	/* Make <enter> close dialog */
120	gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK);
121	g_signal_connect(G_OBJECT(entry), "activate",
122	G_CALLBACK(ok_dialog), dialog);
123
124	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);	128	gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE);
125		129
		130	if (prompt_type == PROMPT_ENTRY) {
		131	entry = gtk_entry_new();
		132	gtk_box_pack_start(
		133	GTK_BOX(gtk_dialog_get_content_area(GTK_DIALOG(dialog))),
		134	entry, FALSE, FALSE, 0);
		135	gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE);
		136	gtk_widget_grab_focus(entry);
		137	gtk_widget_show(entry);
		138	/* Make <enter> close dialog */
		139	g_signal_connect(G_OBJECT(entry), "activate",
		140	G_CALLBACK(ok_dialog), dialog);
		141	}
		142
126	/* Grab focus */	143	/* Grab focus */
127	gtk_widget_show_now(dialog);	144	gtk_widget_show_now(dialog);
128	if (grab_pointer) {	145	if (grab_pointer) {
@@ -166,32 +183,37 @@ passphrase_dialog(char *message)
166	gdk_flush();	183	gdk_flush();
167		184
168	/* Report passphrase if user selected OK */	185	/* Report passphrase if user selected OK */
169	passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));	186	if (prompt_type == PROMPT_ENTRY) {
170	if (result == GTK_RESPONSE_OK) {	187	passphrase = g_strdup(gtk_entry_get_text(GTK_ENTRY(entry)));
171	local = g_locale_from_utf8(passphrase, strlen(passphrase),	188	if (result == GTK_RESPONSE_OK) {
172	NULL, NULL, NULL);	189	local = g_locale_from_utf8(passphrase,
173	if (local != NULL) {	190	strlen(passphrase), NULL, NULL, NULL);
174	puts(local);	191	if (local != NULL) {
175	memset(local, '\0', strlen(local));	192	puts(local);
176	g_free(local);	193	memset(local, '\0', strlen(local));
177	} else {	194	g_free(local);
178	puts(passphrase);	195	} else {
		196	puts(passphrase);
		197	}
179	}	198	}
		199	/* Zero passphrase in memory */
		200	memset(passphrase, '\b', strlen(passphrase));
		201	gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
		202	memset(passphrase, '\0', strlen(passphrase));
		203	g_free(passphrase);
180	}	204	}
181		205
182	/* Zero passphrase in memory */
183	memset(passphrase, '\b', strlen(passphrase));
184	gtk_entry_set_text(GTK_ENTRY(entry), passphrase);
185	memset(passphrase, '\0', strlen(passphrase));
186	g_free(passphrase);
187
188	gtk_widget_destroy(dialog);	206	gtk_widget_destroy(dialog);
189	return (result == GTK_RESPONSE_OK ? 0 : -1);	207	if (result != GTK_RESPONSE_OK && result != GTK_RESPONSE_YES)
		208	return -1;
		209	return 0;
190		210
191	/* At least one grab failed - ungrab what we got, and report
192	the failure to the user. Note that XGrabServer() cannot
193	fail. */
194	nograbkb:	211	nograbkb:
		212	/*
		213	* At least one grab failed - ungrab what we got, and report
		214	* the failure to the user. Note that XGrabServer() cannot
		215	* fail.
		216	*/
195	gdk_pointer_ungrab(GDK_CURRENT_TIME);	217	gdk_pointer_ungrab(GDK_CURRENT_TIME);
196	nograb:	218	nograb:
197	if (grab_server)	219	if (grab_server)
@@ -206,8 +228,8 @@ passphrase_dialog(char *message)
206	int	228	int
207	main(int argc, char **argv)	229	main(int argc, char **argv)
208	{	230	{
209	char *message;	231	char message, prompt_mode;
210	int result;	232	int result, prompt_type = PROMPT_ENTRY;
211		233
212	gtk_init(&argc, &argv);	234	gtk_init(&argc, &argv);
213		235
@@ -217,8 +239,15 @@ main(int argc, char **argv)
217	message = g_strdup("Enter your OpenSSH passphrase:");	239	message = g_strdup("Enter your OpenSSH passphrase:");
218	}	240	}
219		241
		242	if ((prompt_mode = getenv("SSH_ASKPASS_PROMPT")) != NULL) {
		243	if (strcasecmp(prompt_mode, "confirm") == 0)
		244	prompt_type = PROMPT_CONFIRM;
		245	else if (strcasecmp(prompt_mode, "none") == 0)
		246	prompt_type = PROMPT_NONE;
		247	}
		248
220	setvbuf(stdout, 0, _IONBF, 0);	249	setvbuf(stdout, 0, _IONBF, 0);
221	result = passphrase_dialog(message);	250	result = passphrase_dialog(message, prompt_type);
222	g_free(message);	251	g_free(message);
223		252
224	return (result);	253	return (result);


diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index a440a11c2..54dc39610 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1	%define ver 8.1p1	1	%define ver 8.2p1
2	%define rel 1%{?dist}	2	%define rel 1%{?dist}
3		3
4	# OpenSSH privilege separation requires a user & group ID	4	# OpenSSH privilege separation requires a user & group ID


diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1 index 8850cceda..ae75c79a5 100644 --- a/contrib/ssh-copy-id.1 +++ b/contrib/ssh-copy-id.1
@@ -158,7 +158,7 @@ asked for confirmation, which is your cue to log back out and run
158	The reason you might want to specify the -i option in this case is to	158	The reason you might want to specify the -i option in this case is to
159	ensure that the comment on the installed key is the one from the	159	ensure that the comment on the installed key is the one from the
160	.Pa .pub	160	.Pa .pub
161	file, rather than just the filename that was loaded into you agent.	161	file, rather than just the filename that was loaded into your agent.
162	It also ensures that only the id you intended is installed, rather than	162	It also ensures that only the id you intended is installed, rather than
163	all the keys that you have in your	163	all the keys that you have in your
164	.Xr ssh-agent 1 .	164	.Xr ssh-agent 1 .


diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 8c081acc0..4c318001e 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
13		13
14	Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation	14	Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15	Name: openssh	15	Name: openssh
16	Version: 8.1p1	16	Version: 8.2p1
17	URL: https://www.openssh.com/	17	URL: https://www.openssh.com/
18	Release: 1	18	Release: 1
19	Source0: openssh-%{version}.tar.gz	19	Source0: openssh-%{version}.tar.gz