summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--ChangeLog28
-rw-r--r--Makefile.in5
-rw-r--r--PROTOCOL.mux4
-rw-r--r--README4
-rwxr-xr-xconfigure20
-rw-r--r--configure.ac12
-rw-r--r--contrib/caldera/openssh.spec4
-rw-r--r--contrib/redhat/openssh.spec2
-rw-r--r--contrib/suse/openssh.spec2
-rw-r--r--key.c7
-rw-r--r--moduli.02
-rw-r--r--openbsd-compat/port-linux.c18
-rw-r--r--openbsd-compat/port-linux.h3
-rw-r--r--scp.02
-rw-r--r--sftp-server.02
-rw-r--r--sftp.02
-rw-r--r--ssh-add.02
-rw-r--r--ssh-agent.02
-rw-r--r--ssh-keygen.02
-rw-r--r--ssh-keyscan.02
-rw-r--r--ssh-keysign.02
-rw-r--r--ssh-pkcs11-helper.02
-rw-r--r--ssh-rand-helper.02
-rw-r--r--ssh.02
-rw-r--r--ssh.c7
-rw-r--r--ssh_config.02
-rw-r--r--sshd.02
-rw-r--r--sshd_config.02
-rw-r--r--version.h4
29 files changed, 101 insertions, 49 deletions
diff --git a/ChangeLog b/ChangeLog
index 0356a33c5..993e0cb0b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,31 @@
120110204
2 - OpenBSD CVS Sync
3 - djm@cvs.openbsd.org 2011/01/31 21:42:15
4 [PROTOCOL.mux]
5 cut'n'pasto; from bert.wesarg AT googlemail.com
6 - djm@cvs.openbsd.org 2011/02/04 00:44:21
7 [key.c]
8 fix uninitialised nonce variable; reported by Mateusz Kocielski
9 - djm@cvs.openbsd.org 2011/02/04 00:44:43
10 [version.h]
11 openssh-5.8
12 - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
13 [contrib/suse/openssh.spec] update versions in docs and spec files.
14 - Release OpenSSH 5.8p1
15
1620110128
17 - (djm) [openbsd-compat/port-linux.c] Check whether SELinux is enabled
18 before attempting setfscreatecon(). Check whether matchpathcon()
19 succeeded before using its result. Patch from cjwatson AT debian.org;
20 bz#1851
21
2220110125
23 - (djm) [configure.ac Makefile.in ssh.c openbsd-compat/port-linux.c
24 openbsd-compat/port-linux.h] Move SELinux-specific code from ssh.c to
25 port-linux.c to avoid compilation errors. Add -lselinux to ssh when
26 building with SELinux support to avoid linking failure; report from
27 amk AT spamfence.net; ok dtucker
28
120110122 2920110122
2 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add 30 - (dtucker) [configure.ac openbsd-compat/openssl-compat.{c,h}] Add
3 RSA_get_default_method() for the benefit of openssl versions that don't 31 RSA_get_default_method() for the benefit of openssl versions that don't
diff --git a/Makefile.in b/Makefile.in
index 947eec075..f966fbd31 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -1,4 +1,4 @@
1# $Id: Makefile.in,v 1.320 2011/01/17 10:15:29 dtucker Exp $ 1# $Id: Makefile.in,v 1.320.4.1 2011/02/04 00:42:13 djm Exp $
2 2
3# uncomment if you run a non bourne compatable shell. Ie. csh 3# uncomment if you run a non bourne compatable shell. Ie. csh
4#SHELL = @SH@ 4#SHELL = @SH@
@@ -46,6 +46,7 @@ LD=@LD@
46CFLAGS=@CFLAGS@ 46CFLAGS=@CFLAGS@
47CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ 47CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@
48LIBS=@LIBS@ 48LIBS=@LIBS@
49SSHLIBS=@SSHLIBS@
49SSHDLIBS=@SSHDLIBS@ 50SSHDLIBS=@SSHDLIBS@
50LIBEDIT=@LIBEDIT@ 51LIBEDIT=@LIBEDIT@
51AR=@AR@ 52AR=@AR@
@@ -143,7 +144,7 @@ libssh.a: $(LIBSSH_OBJS)
143 $(RANLIB) $@ 144 $(RANLIB) $@
144 145
145ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS) 146ssh$(EXEEXT): $(LIBCOMPAT) libssh.a $(SSHOBJS)
146 $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 147 $(LD) -o $@ $(SSHOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHLIBS) $(LIBS)
147 148
148sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS) 149sshd$(EXEEXT): libssh.a $(LIBCOMPAT) $(SSHDOBJS)
149 $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS) 150 $(LD) -o $@ $(SSHDOBJS) $(LDFLAGS) -lssh -lopenbsd-compat $(SSHDLIBS) $(LIBS)
diff --git a/PROTOCOL.mux b/PROTOCOL.mux
index 3d6f81878..2a5817bd7 100644
--- a/PROTOCOL.mux
+++ b/PROTOCOL.mux
@@ -122,7 +122,7 @@ For dynamically allocated listen port the server replies with
122 122
123Note: currently unimplemented (server will always reply with MUX_S_FAILURE). 123Note: currently unimplemented (server will always reply with MUX_S_FAILURE).
124 124
125A client may request the master to establish a port forward: 125A client may request the master to close a port forward:
126 126
127 uint32 MUX_C_CLOSE_FWD 127 uint32 MUX_C_CLOSE_FWD
128 uint32 request id 128 uint32 request id
@@ -200,4 +200,4 @@ XXX server->client error/warning notifications
200XXX port0 rfwd (need custom response message) 200XXX port0 rfwd (need custom response message)
201XXX send signals via mux 201XXX send signals via mux
202 202
203$OpenBSD: PROTOCOL.mux,v 1.3 2011/01/13 21:55:25 djm Exp $ 203$OpenBSD: PROTOCOL.mux,v 1.4 2011/01/31 21:42:15 djm Exp $
diff --git a/README b/README
index 4e7e9a9f2..4f695066b 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
1See http://www.openssh.com/txt/release-5.7 for the release notes. 1See http://www.openssh.com/txt/release-5.8 for the release notes.
2 2
3- A Japanese translation of this document and of the OpenSSH FAQ is 3- A Japanese translation of this document and of the OpenSSH FAQ is
4- available at http://www.unixuser.org/~haruyama/security/openssh/index.html 4- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -62,4 +62,4 @@ References -
62[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 62[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
63[7] http://www.openssh.com/faq.html 63[7] http://www.openssh.com/faq.html
64 64
65$Id: README,v 1.75 2011/01/22 09:23:12 djm Exp $ 65$Id: README,v 1.75.4.1 2011/02/04 00:57:50 djm Exp $
diff --git a/configure b/configure
index 6e05311aa..73040c5d3 100755
--- a/configure
+++ b/configure
@@ -1,5 +1,5 @@
1#! /bin/sh 1#! /bin/sh
2# From configure.ac Revision: 1.469 . 2# From configure.ac Revision: 1.469.4.1 .
3# Guess values for system-dependent variables and create Makefiles. 3# Guess values for system-dependent variables and create Makefiles.
4# Generated by GNU Autoconf 2.61 for OpenSSH Portable. 4# Generated by GNU Autoconf 2.61 for OpenSSH Portable.
5# 5#
@@ -696,7 +696,6 @@ STARTUP_SCRIPT_SHELL
696LOGIN_PROGRAM_FALLBACK 696LOGIN_PROGRAM_FALLBACK
697PATH_PASSWD_PROG 697PATH_PASSWD_PROG
698LD 698LD
699SSHDLIBS
700PKGCONFIG 699PKGCONFIG
701LIBEDIT 700LIBEDIT
702TEST_SSH_SHA256 701TEST_SSH_SHA256
@@ -721,6 +720,8 @@ PROG_UPTIME
721PROG_IPCS 720PROG_IPCS
722PROG_TAIL 721PROG_TAIL
723INSTALL_SSH_PRNG_CMDS 722INSTALL_SSH_PRNG_CMDS
723SSHLIBS
724SSHDLIBS
724KRB5CONF 725KRB5CONF
725PRIVSEP_PATH 726PRIVSEP_PATH
726xauth_path 727xauth_path
@@ -9047,7 +9048,6 @@ cat >>confdefs.h <<\_ACEOF
9047_ACEOF 9048_ACEOF
9048 9049
9049 SSHDLIBS="$SSHDLIBS -lcontract" 9050 SSHDLIBS="$SSHDLIBS -lcontract"
9050
9051 SPC_MSG="yes" 9051 SPC_MSG="yes"
9052fi 9052fi
9053 9053
@@ -9126,7 +9126,6 @@ cat >>confdefs.h <<\_ACEOF
9126_ACEOF 9126_ACEOF
9127 9127
9128 SSHDLIBS="$SSHDLIBS -lproject" 9128 SSHDLIBS="$SSHDLIBS -lproject"
9129
9130 SP_MSG="yes" 9129 SP_MSG="yes"
9131fi 9130fi
9132 9131
@@ -27806,6 +27805,7 @@ echo "$as_me: error: SELinux support requires libselinux library" >&2;}
27806 { (exit 1); exit 1; }; } 27805 { (exit 1); exit 1; }; }
27807fi 27806fi
27808 27807
27808 SSHLIBS="$SSHLIBS $LIBSELINUX"
27809 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 27809 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
27810 27810
27811 27811
@@ -27908,6 +27908,8 @@ done
27908fi 27908fi
27909 27909
27910 27910
27911
27912
27911# Check whether user wants Kerberos 5 support 27913# Check whether user wants Kerberos 5 support
27912KRB5_MSG="no" 27914KRB5_MSG="no"
27913 27915
@@ -31416,7 +31418,6 @@ STARTUP_SCRIPT_SHELL!$STARTUP_SCRIPT_SHELL$ac_delim
31416LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim 31418LOGIN_PROGRAM_FALLBACK!$LOGIN_PROGRAM_FALLBACK$ac_delim
31417PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim 31419PATH_PASSWD_PROG!$PATH_PASSWD_PROG$ac_delim
31418LD!$LD$ac_delim 31420LD!$LD$ac_delim
31419SSHDLIBS!$SSHDLIBS$ac_delim
31420PKGCONFIG!$PKGCONFIG$ac_delim 31421PKGCONFIG!$PKGCONFIG$ac_delim
31421LIBEDIT!$LIBEDIT$ac_delim 31422LIBEDIT!$LIBEDIT$ac_delim
31422TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim 31423TEST_SSH_SHA256!$TEST_SSH_SHA256$ac_delim
@@ -31433,6 +31434,7 @@ PROG_PS!$PROG_PS$ac_delim
31433PROG_SAR!$PROG_SAR$ac_delim 31434PROG_SAR!$PROG_SAR$ac_delim
31434PROG_W!$PROG_W$ac_delim 31435PROG_W!$PROG_W$ac_delim
31435PROG_WHO!$PROG_WHO$ac_delim 31436PROG_WHO!$PROG_WHO$ac_delim
31437PROG_LAST!$PROG_LAST$ac_delim
31436_ACEOF 31438_ACEOF
31437 31439
31438 if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then 31440 if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 97; then
@@ -31474,7 +31476,6 @@ _ACEOF
31474ac_delim='%!_!# ' 31476ac_delim='%!_!# '
31475for ac_last_try in false false false false false :; do 31477for ac_last_try in false false false false false :; do
31476 cat >conf$$subs.sed <<_ACEOF 31478 cat >conf$$subs.sed <<_ACEOF
31477PROG_LAST!$PROG_LAST$ac_delim
31478PROG_LASTLOG!$PROG_LASTLOG$ac_delim 31479PROG_LASTLOG!$PROG_LASTLOG$ac_delim
31479PROG_DF!$PROG_DF$ac_delim 31480PROG_DF!$PROG_DF$ac_delim
31480PROG_VMSTAT!$PROG_VMSTAT$ac_delim 31481PROG_VMSTAT!$PROG_VMSTAT$ac_delim
@@ -31482,6 +31483,8 @@ PROG_UPTIME!$PROG_UPTIME$ac_delim
31482PROG_IPCS!$PROG_IPCS$ac_delim 31483PROG_IPCS!$PROG_IPCS$ac_delim
31483PROG_TAIL!$PROG_TAIL$ac_delim 31484PROG_TAIL!$PROG_TAIL$ac_delim
31484INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim 31485INSTALL_SSH_PRNG_CMDS!$INSTALL_SSH_PRNG_CMDS$ac_delim
31486SSHLIBS!$SSHLIBS$ac_delim
31487SSHDLIBS!$SSHDLIBS$ac_delim
31485KRB5CONF!$KRB5CONF$ac_delim 31488KRB5CONF!$KRB5CONF$ac_delim
31486PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim 31489PRIVSEP_PATH!$PRIVSEP_PATH$ac_delim
31487xauth_path!$xauth_path$ac_delim 31490xauth_path!$xauth_path$ac_delim
@@ -31496,7 +31499,7 @@ LIBOBJS!$LIBOBJS$ac_delim
31496LTLIBOBJS!$LTLIBOBJS$ac_delim 31499LTLIBOBJS!$LTLIBOBJS$ac_delim
31497_ACEOF 31500_ACEOF
31498 31501
31499 if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 20; then 31502 if test `sed -n "s/.*$ac_delim\$/X/p" conf$$subs.sed | grep -c X` = 21; then
31500 break 31503 break
31501 elif $ac_last_try; then 31504 elif $ac_last_try; then
31502 { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5 31505 { { echo "$as_me:$LINENO: error: could not make $CONFIG_STATUS" >&5
@@ -31993,6 +31996,9 @@ echo " Libraries: ${LIBS}"
31993if test ! -z "${SSHDLIBS}"; then 31996if test ! -z "${SSHDLIBS}"; then
31994echo " +for sshd: ${SSHDLIBS}" 31997echo " +for sshd: ${SSHDLIBS}"
31995fi 31998fi
31999if test ! -z "${SSHLIBS}"; then
32000echo " +for ssh: ${SSHLIBS}"
32001fi
31996 32002
31997echo "" 32003echo ""
31998 32004
diff --git a/configure.ac b/configure.ac
index d7d1a988d..ad3c4ab0f 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,4 +1,4 @@
1# $Id: configure.ac,v 1.469 2011/01/21 22:37:05 dtucker Exp $ 1# $Id: configure.ac,v 1.469.4.1 2011/02/04 00:42:14 djm Exp $
2# 2#
3# Copyright (c) 1999-2004 Damien Miller 3# Copyright (c) 1999-2004 Damien Miller
4# 4#
@@ -15,7 +15,7 @@
15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 15# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16 16
17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org) 17AC_INIT(OpenSSH, Portable, openssh-unix-dev@mindrot.org)
18AC_REVISION($Revision: 1.469 $) 18AC_REVISION($Revision: 1.469.4.1 $)
19AC_CONFIG_SRCDIR([ssh.c]) 19AC_CONFIG_SRCDIR([ssh.c])
20 20
21# local macros 21# local macros
@@ -761,7 +761,6 @@ mips-sony-bsd|mips-sony-newsos4)
761 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1, 761 [ AC_DEFINE(USE_SOLARIS_PROCESS_CONTRACTS, 1,
762 [Define if you have Solaris process contracts]) 762 [Define if you have Solaris process contracts])
763 SSHDLIBS="$SSHDLIBS -lcontract" 763 SSHDLIBS="$SSHDLIBS -lcontract"
764 AC_SUBST(SSHDLIBS)
765 SPC_MSG="yes" ], ) 764 SPC_MSG="yes" ], )
766 ], 765 ],
767 ) 766 )
@@ -772,7 +771,6 @@ mips-sony-bsd|mips-sony-newsos4)
772 [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1, 771 [ AC_DEFINE(USE_SOLARIS_PROJECTS, 1,
773 [Define if you have Solaris projects]) 772 [Define if you have Solaris projects])
774 SSHDLIBS="$SSHDLIBS -lproject" 773 SSHDLIBS="$SSHDLIBS -lproject"
775 AC_SUBST(SSHDLIBS)
776 SP_MSG="yes" ], ) 774 SP_MSG="yes" ], )
777 ], 775 ],
778 ) 776 )
@@ -3539,11 +3537,14 @@ AC_ARG_WITH(selinux,
3539 LIBS="$LIBS -lselinux" 3537 LIBS="$LIBS -lselinux"
3540 ], 3538 ],
3541 AC_MSG_ERROR(SELinux support requires libselinux library)) 3539 AC_MSG_ERROR(SELinux support requires libselinux library))
3540 SSHLIBS="$SSHLIBS $LIBSELINUX"
3542 SSHDLIBS="$SSHDLIBS $LIBSELINUX" 3541 SSHDLIBS="$SSHDLIBS $LIBSELINUX"
3543 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level) 3542 AC_CHECK_FUNCS(getseuserbyname get_default_context_with_level)
3544 LIBS="$save_LIBS" 3543 LIBS="$save_LIBS"
3545 fi ] 3544 fi ]
3546) 3545)
3546AC_SUBST(SSHLIBS)
3547AC_SUBST(SSHDLIBS)
3547 3548
3548# Check whether user wants Kerberos 5 support 3549# Check whether user wants Kerberos 5 support
3549KRB5_MSG="no" 3550KRB5_MSG="no"
@@ -4365,6 +4366,9 @@ echo " Libraries: ${LIBS}"
4365if test ! -z "${SSHDLIBS}"; then 4366if test ! -z "${SSHDLIBS}"; then
4366echo " +for sshd: ${SSHDLIBS}" 4367echo " +for sshd: ${SSHDLIBS}"
4367fi 4368fi
4369if test ! -z "${SSHLIBS}"; then
4370echo " +for ssh: ${SSHLIBS}"
4371fi
4368 4372
4369echo "" 4373echo ""
4370 4374
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 23397b04d..435003a2a 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -16,7 +16,7 @@
16 16
17#old cvs stuff. please update before use. may be deprecated. 17#old cvs stuff. please update before use. may be deprecated.
18%define use_stable 1 18%define use_stable 1
19%define version 5.7p1 19%define version 5.8p1
20%if %{use_stable} 20%if %{use_stable}
21 %define cvs %{nil} 21 %define cvs %{nil}
22 %define release 1 22 %define release 1
@@ -363,4 +363,4 @@ fi
363* Mon Jan 01 1998 ... 363* Mon Jan 01 1998 ...
364Template Version: 1.31 364Template Version: 1.31
365 365
366$Id: openssh.spec,v 1.73 2011/01/22 09:23:33 djm Exp $ 366$Id: openssh.spec,v 1.73.4.1 2011/02/04 00:57:54 djm Exp $
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 8fc76b625..e99e33d0f 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 5.7p1 1%define ver 5.8p1
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 4573c52fd..6afdcc4b4 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
13 13
14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15Name: openssh 15Name: openssh
16Version: 5.7p1 16Version: 5.8p1
17URL: http://www.openssh.com/ 17URL: http://www.openssh.com/
18Release: 1 18Release: 1
19Source0: openssh-%{version}.tar.gz 19Source0: openssh-%{version}.tar.gz
diff --git a/key.c b/key.c
index 6ccfd8dcb..d30dc5c3c 100644
--- a/key.c
+++ b/key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: key.c,v 1.95 2010/11/10 01:33:07 djm Exp $ */ 1/* $OpenBSD: key.c,v 1.96 2011/02/04 00:44:21 djm Exp $ */
2/* 2/*
3 * read_bignum(): 3 * read_bignum():
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1890,10 +1890,9 @@ key_certify(Key *k, Key *ca)
1890 buffer_put_cstring(&k->cert->certblob, key_ssh_name(k)); 1890 buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
1891 1891
1892 /* -v01 certs put nonce first */ 1892 /* -v01 certs put nonce first */
1893 if (!key_cert_is_legacy(k)) { 1893 arc4random_buf(&nonce, sizeof(nonce));
1894 arc4random_buf(&nonce, sizeof(nonce)); 1894 if (!key_cert_is_legacy(k))
1895 buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce)); 1895 buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
1896 }
1897 1896
1898 switch (k->type) { 1897 switch (k->type) {
1899 case KEY_DSA_CERT_V00: 1898 case KEY_DSA_CERT_V00:
diff --git a/moduli.0 b/moduli.0
index af4b37511..ded094ff0 100644
--- a/moduli.0
+++ b/moduli.0
@@ -69,4 +69,4 @@ SEE ALSO
69 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer 69 Diffie-Hellman Group Exchange for the Secure Shell (SSH) Transport Layer
70 Protocol, RFC 4419, 2006. 70 Protocol, RFC 4419, 2006.
71 71
72OpenBSD 4.8 June 26, 2008 OpenBSD 4.8 72OpenBSD 4.9 June 26, 2008 OpenBSD 4.9
diff --git a/openbsd-compat/port-linux.c b/openbsd-compat/port-linux.c
index 5b1cf402c..ede533fdd 100644
--- a/openbsd-compat/port-linux.c
+++ b/openbsd-compat/port-linux.c
@@ -1,4 +1,4 @@
1/* $Id: port-linux.c,v 1.11 2011/01/17 07:50:24 dtucker Exp $ */ 1/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com> 4 * Copyright (c) 2005 Daniel Walsh <dwalsh@redhat.com>
@@ -205,6 +205,22 @@ ssh_selinux_change_context(const char *newname)
205 xfree(oldctx); 205 xfree(oldctx);
206 xfree(newctx); 206 xfree(newctx);
207} 207}
208
209void
210ssh_selinux_setfscreatecon(const char *path)
211{
212 security_context_t context;
213
214 if (!ssh_selinux_enabled())
215 return;
216 if (path == NULL)
217 setfscreatecon(NULL);
218 return;
219 }
220 if (matchpathcon(path, 0700, &context) == 0)
221 setfscreatecon(context);
222}
223
208#endif /* WITH_SELINUX */ 224#endif /* WITH_SELINUX */
209 225
210#ifdef LINUX_OOM_ADJUST 226#ifdef LINUX_OOM_ADJUST
diff --git a/openbsd-compat/port-linux.h b/openbsd-compat/port-linux.h
index 209d9a7a2..c2f618400 100644
--- a/openbsd-compat/port-linux.h
+++ b/openbsd-compat/port-linux.h
@@ -1,4 +1,4 @@
1/* $Id: port-linux.h,v 1.4 2009/12/08 02:39:48 dtucker Exp $ */ 1/* $Id: port-linux.h,v 1.4.10.1 2011/02/04 00:42:21 djm Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2006 Damien Miller <djm@openbsd.org> 4 * Copyright (c) 2006 Damien Miller <djm@openbsd.org>
@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void);
24void ssh_selinux_setup_pty(char *, const char *); 24void ssh_selinux_setup_pty(char *, const char *);
25void ssh_selinux_setup_exec_context(char *); 25void ssh_selinux_setup_exec_context(char *);
26void ssh_selinux_change_context(const char *); 26void ssh_selinux_change_context(const char *);
27void ssh_selinux_setfscreatecon(const char *);
27#endif 28#endif
28 29
29#ifdef LINUX_OOM_ADJUST 30#ifdef LINUX_OOM_ADJUST
diff --git a/scp.0 b/scp.0
index f00631626..72467c8ec 100644
--- a/scp.0
+++ b/scp.0
@@ -153,4 +153,4 @@ AUTHORS
153 Timo Rinne <tri@iki.fi> 153 Timo Rinne <tri@iki.fi>
154 Tatu Ylonen <ylo@cs.hut.fi> 154 Tatu Ylonen <ylo@cs.hut.fi>
155 155
156OpenBSD 4.8 December 9, 2010 OpenBSD 4.8 156OpenBSD 4.9 December 9, 2010 OpenBSD 4.9
diff --git a/sftp-server.0 b/sftp-server.0
index d8d91c5d5..b7d30ec09 100644
--- a/sftp-server.0
+++ b/sftp-server.0
@@ -61,4 +61,4 @@ HISTORY
61AUTHORS 61AUTHORS
62 Markus Friedl <markus@openbsd.org> 62 Markus Friedl <markus@openbsd.org>
63 63
64OpenBSD 4.8 January 9, 2010 OpenBSD 4.8 64OpenBSD 4.9 January 9, 2010 OpenBSD 4.9
diff --git a/sftp.0 b/sftp.0
index 6ceed93ab..960ffb9df 100644
--- a/sftp.0
+++ b/sftp.0
@@ -328,4 +328,4 @@ SEE ALSO
328 draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress 328 draft-ietf-secsh-filexfer-00.txt, January 2001, work in progress
329 material. 329 material.
330 330
331OpenBSD 4.8 December 4, 2010 OpenBSD 4.8 331OpenBSD 4.9 December 4, 2010 OpenBSD 4.9
diff --git a/ssh-add.0 b/ssh-add.0
index bf62ca905..d91512888 100644
--- a/ssh-add.0
+++ b/ssh-add.0
@@ -112,4 +112,4 @@ AUTHORS
112 created OpenSSH. Markus Friedl contributed the support for SSH protocol 112 created OpenSSH. Markus Friedl contributed the support for SSH protocol
113 versions 1.5 and 2.0. 113 versions 1.5 and 2.0.
114 114
115OpenBSD 4.8 October 28, 2010 OpenBSD 4.8 115OpenBSD 4.9 October 28, 2010 OpenBSD 4.9
diff --git a/ssh-agent.0 b/ssh-agent.0
index 7fe1560d3..c3de21b42 100644
--- a/ssh-agent.0
+++ b/ssh-agent.0
@@ -120,4 +120,4 @@ AUTHORS
120 created OpenSSH. Markus Friedl contributed the support for SSH protocol 120 created OpenSSH. Markus Friedl contributed the support for SSH protocol
121 versions 1.5 and 2.0. 121 versions 1.5 and 2.0.
122 122
123OpenBSD 4.8 November 21, 2010 OpenBSD 4.8 123OpenBSD 4.9 November 21, 2010 OpenBSD 4.9
diff --git a/ssh-keygen.0 b/ssh-keygen.0
index e01ad16d9..a01b30db0 100644
--- a/ssh-keygen.0
+++ b/ssh-keygen.0
@@ -440,4 +440,4 @@ AUTHORS
440 created OpenSSH. Markus Friedl contributed the support for SSH protocol 440 created OpenSSH. Markus Friedl contributed the support for SSH protocol
441 versions 1.5 and 2.0. 441 versions 1.5 and 2.0.
442 442
443OpenBSD 4.8 October 28, 2010 OpenBSD 4.8 443OpenBSD 4.9 October 28, 2010 OpenBSD 4.9
diff --git a/ssh-keyscan.0 b/ssh-keyscan.0
index ba53bce81..4c3d2dbcc 100644
--- a/ssh-keyscan.0
+++ b/ssh-keyscan.0
@@ -106,4 +106,4 @@ BUGS
106 This is because it opens a connection to the ssh port, reads the public 106 This is because it opens a connection to the ssh port, reads the public
107 key, and drops the connection as soon as it gets the key. 107 key, and drops the connection as soon as it gets the key.
108 108
109OpenBSD 4.8 August 31, 2010 OpenBSD 4.8 109OpenBSD 4.9 August 31, 2010 OpenBSD 4.9
diff --git a/ssh-keysign.0 b/ssh-keysign.0
index 9da4b2446..bff850f27 100644
--- a/ssh-keysign.0
+++ b/ssh-keysign.0
@@ -48,4 +48,4 @@ HISTORY
48AUTHORS 48AUTHORS
49 Markus Friedl <markus@openbsd.org> 49 Markus Friedl <markus@openbsd.org>
50 50
51OpenBSD 4.8 August 31, 2010 OpenBSD 4.8 51OpenBSD 4.9 August 31, 2010 OpenBSD 4.9
diff --git a/ssh-pkcs11-helper.0 b/ssh-pkcs11-helper.0
index 664ec971f..22526781e 100644
--- a/ssh-pkcs11-helper.0
+++ b/ssh-pkcs11-helper.0
@@ -22,4 +22,4 @@ HISTORY
22AUTHORS 22AUTHORS
23 Markus Friedl <markus@openbsd.org> 23 Markus Friedl <markus@openbsd.org>
24 24
25OpenBSD 4.8 February 10, 2010 OpenBSD 4.8 25OpenBSD 4.9 February 10, 2010 OpenBSD 4.9
diff --git a/ssh-rand-helper.0 b/ssh-rand-helper.0
index 5bc19e8a7..93d3554fc 100644
--- a/ssh-rand-helper.0
+++ b/ssh-rand-helper.0
@@ -48,4 +48,4 @@ AUTHORS
48SEE ALSO 48SEE ALSO
49 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8) 49 ssh(1), ssh-add(1), ssh-keygen(1), sshd(8)
50 50
51OpenBSD 4.8 April 14, 2002 OpenBSD 4.8 51OpenBSD 4.9 April 14, 2002 OpenBSD 4.9
diff --git a/ssh.0 b/ssh.0
index 3d2036253..c1d3135ce 100644
--- a/ssh.0
+++ b/ssh.0
@@ -895,4 +895,4 @@ AUTHORS
895 created OpenSSH. Markus Friedl contributed the support for SSH protocol 895 created OpenSSH. Markus Friedl contributed the support for SSH protocol
896 versions 1.5 and 2.0. 896 versions 1.5 and 2.0.
897 897
898OpenBSD 4.8 November 18, 2010 OpenBSD 4.8 898OpenBSD 4.9 November 18, 2010 OpenBSD 4.9
diff --git a/ssh.c b/ssh.c
index 9409fa713..d32ef78b0 100644
--- a/ssh.c
+++ b/ssh.c
@@ -852,15 +852,12 @@ main(int ac, char **av)
852 strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR); 852 strcmp(pw->pw_dir, "/") ? "/" : "", _PATH_SSH_USER_DIR);
853 if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) { 853 if (r > 0 && (size_t)r < sizeof(buf) && stat(buf, &st) < 0) {
854#ifdef WITH_SELINUX 854#ifdef WITH_SELINUX
855 char *scon; 855 ssh_selinux_setfscreatecon(buf);
856
857 matchpathcon(buf, 0700, &scon);
858 setfscreatecon(scon);
859#endif 856#endif
860 if (mkdir(buf, 0700) < 0) 857 if (mkdir(buf, 0700) < 0)
861 error("Could not create directory '%.200s'.", buf); 858 error("Could not create directory '%.200s'.", buf);
862#ifdef WITH_SELINUX 859#ifdef WITH_SELINUX
863 setfscreatecon(NULL); 860 ssh_selinux_setfscreatecon(NULL);
864#endif 861#endif
865 } 862 }
866 /* load options.identity_files */ 863 /* load options.identity_files */
diff --git a/ssh_config.0 b/ssh_config.0
index 71233b49b..c4a12f7bb 100644
--- a/ssh_config.0
+++ b/ssh_config.0
@@ -741,4 +741,4 @@ AUTHORS
741 created OpenSSH. Markus Friedl contributed the support for SSH protocol 741 created OpenSSH. Markus Friedl contributed the support for SSH protocol
742 versions 1.5 and 2.0. 742 versions 1.5 and 2.0.
743 743
744OpenBSD 4.8 December 8, 2010 OpenBSD 4.8 744OpenBSD 4.9 December 8, 2010 OpenBSD 4.9
diff --git a/sshd.0 b/sshd.0
index bb01b7164..873584d7d 100644
--- a/sshd.0
+++ b/sshd.0
@@ -631,4 +631,4 @@ CAVEATS
631 System security is not improved unless rshd, rlogind, and rexecd are 631 System security is not improved unless rshd, rlogind, and rexecd are
632 disabled (thus completely disabling rlogin and rsh into the machine). 632 disabled (thus completely disabling rlogin and rsh into the machine).
633 633
634OpenBSD 4.8 October 28, 2010 OpenBSD 4.8 634OpenBSD 4.9 October 28, 2010 OpenBSD 4.9
diff --git a/sshd_config.0 b/sshd_config.0
index 669d29a06..ab0d79be6 100644
--- a/sshd_config.0
+++ b/sshd_config.0
@@ -710,4 +710,4 @@ AUTHORS
710 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support 710 versions 1.5 and 2.0. Niels Provos and Markus Friedl contributed support
711 for privilege separation. 711 for privilege separation.
712 712
713OpenBSD 4.8 December 8, 2010 OpenBSD 4.8 713OpenBSD 4.9 December 8, 2010 OpenBSD 4.9
diff --git a/version.h b/version.h
index 202e0dec2..bf1c7124a 100644
--- a/version.h
+++ b/version.h
@@ -1,6 +1,6 @@
1/* $OpenBSD: version.h,v 1.60 2011/01/22 09:18:53 djm Exp $ */ 1/* $OpenBSD: version.h,v 1.61 2011/02/04 00:44:43 djm Exp $ */
2 2
3#define SSH_VERSION "OpenSSH_5.7" 3#define SSH_VERSION "OpenSSH_5.8"
4 4
5#define SSH_PORTABLE "p1" 5#define SSH_PORTABLE "p1"
6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE 6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE