8 files changed, 192 insertions, 28 deletions
diff --git a/contrib/aix/README b/contrib/aix/README
index 82fd8be1b..2a299350a 100644
--- a/contrib/aix/README
+++ b/contrib/aix/README
@@ -26,6 +26,7 @@ and for comparison with the output from this script, however no code
 from lppbuild is included and it is not required for operation.
 SRC support based on examples provided by Sandor Sklar and Maarten Kreuger.
+PrivSep account handling fixes contributed by W. Earl Allen.
 Other notes:
@@ -45,3 +46,5 @@ you get to keep both pieces.
        - Darren Tucker (dtucker at zip dot com dot au)
          2002/03/01
+$Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $
diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh
index 3b3699660..727ac446d 100755
--- a/contrib/aix/buildbff.sh
+++ b/contrib/aix/buildbff.sh
@@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # buildbff.sh: Create AIX SMIT-installable OpenSSH packages
+# $Id: buildbff.sh,v 1.6 2003/08/25 05:01:04 dtucker Exp $
 #
 # Author: Darren Tucker (dtucker at zip dot com dot au)
 # This file is placed in the public domain and comes with absolutely
@@ -14,9 +15,9 @@
 #       create a "config.local" in your build directory or set
 #       environment variables to override these.
 #
-[ -z "$PERMIT_ROOT_LOGIN" ] || PERMIT_ROOT_LOGIN=no
+[ -z "$PERMIT_ROOT_LOGIN" ] && PERMIT_ROOT_LOGIN=no
-[ -z "$X11_FORWARDING" ] || X11_FORWARDING=no
+[ -z "$X11_FORWARDING" ] && X11_FORWARDING=no
-[ -z "$AIX_SRC" ] || AIX_SRC=no
+[ -z "$AIX_SRC" ] && AIX_SRC=no
 umask 022
@@ -31,7 +32,7 @@ else
 fi
 #
-# We still support running from contrib/aix, but this is depreciated
+# We still support running from contrib/aix, but this is deprecated
 #
 if pwd | egrep 'contrib/aix$'
 then
@@ -121,7 +122,7 @@ cp $srcdir/README* $objdir/$PKGDIR/
 # Extract common info requires for the 'info' part of the package.
 #       AIX requires 4-part version numbers
 #
-VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _`
+VERSION=`./ssh -V 2>&1 | cut -f 1 -d , | cut -f 2 -d _`
 MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .`
 MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .`
 PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .`
@@ -218,7 +219,7 @@ else
        fi
        # Create user if required
-        if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
+        if lsuser ALL | cut -f1 -d: | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
        then
                echo "PrivSep user $SSH_PRIVSEP_USER already exists."
        else
diff --git a/contrib/aix/inventory.sh b/contrib/aix/inventory.sh
index 619493ae2..4f408e678 100755
--- a/contrib/aix/inventory.sh
+++ b/contrib/aix/inventory.sh
@@ -1,8 +1,10 @@
 #!/bin/sh
 #
 # inventory.sh
+# $Id: inventory.sh,v 1.5 2003/08/26 03:43:13 dtucker Exp $
 #
 # Originally written by Ben Lindstrom, modified by Darren Tucker to use perl
+# This file is placed into the public domain.
 #
 # This will produce an AIX package inventory file, which looks like:
 #
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index f7fbe15e5..97d6adf51 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -17,9 +17,9 @@
 #old cvs stuff.  please update before use.  may be deprecated.
 %define use_stable      1
 %if %{use_stable}
-  %define version       3.6.1p2
+  %define version       3.7p1
  %define cvs           %{nil}
-  %define release       2
+  %define release       1
 %else
  %define version       2.9.9p2
  %define cvs           cvs20011009
@@ -364,4 +364,4 @@ fi
 * Mon Jan 01 1998 ...
 Template Version: 1.31
-$Id: openssh.spec,v 1.42.2.1 2003/04/29 09:12:08 djm Exp $
+$Id: openssh.spec,v 1.43.2.2 2003/09/16 06:02:40 djm Exp $
diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config
index 5a76adbaf..4da113181 100644
--- a/contrib/cygwin/ssh-user-config
+++ b/contrib/cygwin/ssh-user-config
@@ -171,8 +171,8 @@ then
    fi
    if request "Do you want to use this identity to login to this machine?"
    then
-      echo "Adding to ${pwdhome}/.ssh/authorized_keys2"
+      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
-      cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys2"
+      cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
    fi
  fi
 fi
@@ -190,8 +190,8 @@ then
    fi
    if request "Do you want to use this identity to login to this machine?"
    then
-      echo "Adding to ${pwdhome}/.ssh/authorized_keys2"
+      echo "Adding to ${pwdhome}/.ssh/authorized_keys"
-      cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys2"
+      cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
    fi
  fi
 fi
diff --git a/contrib/findssl.sh b/contrib/findssl.sh
new file mode 100644
index 000000000..87a4abce2
--- /dev/null
+++ b/contrib/findssl.sh
@@ -0,0 +1,159 @@
+#!/bin/sh
+#
+# findssl.sh
+#       Search for all instances of OpenSSL headers and libraries
+#       and print their versions.
+#       Intended to help diagnose OpenSSH's "OpenSSL headers do not
+#       match your library" errors.
+#
+#       Written by Darren Tucker (dtucker at zip dot com dot au)
+#       This file is placed in the public domain.
+#
+# $Id: findssl.sh,v 1.1 2003/06/24 10:22:10 dtucker Exp $
+#       2002-07-27: Initial release.
+#       2002-08-04: Added public domain notice.
+#       2003-06-24: Incorporated readme, set library paths. First cvs version.
+#
+# "OpenSSL headers do not match your library" are usually caused by 
+# OpenSSH's configure picking up an older version of OpenSSL headers
+# or libraries.  You can use the following # procedure to help identify
+# the cause.
+# 
+# The  output  of  configure  will  tell you the versions of the OpenSSL
+# headers and libraries that were picked up, for example:
+# 
+# checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002)
+# checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001)
+# checking whether OpenSSL's headers match the library... no
+# configure: error: Your OpenSSL headers do not match your library
+# 
+# Now run findssl.sh. This should identify the headers and libraries
+# present  and  their  versions.  You  should  be  able  to identify the
+# libraries  and headers used and adjust your CFLAGS or remove incorrect
+# versions.  The  output will show OpenSSL's internal version identifier
+# and should look something like:
+# $ ./findssl.sh
+# Searching for OpenSSL header files.
+# 0x0090604fL /usr/include/openssl/opensslv.h
+# 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h
+# 
+# Searching for OpenSSL shared library files.
+# 0x0090602fL /lib/libcrypto.so.0.9.6b
+# 0x0090602fL /lib/libcrypto.so.2
+# 0x0090581fL /usr/lib/libcrypto.so.0
+# 0x0090602fL /usr/lib/libcrypto.so
+# 0x0090581fL /usr/lib/libcrypto.so.0.9.5a
+# 0x0090600fL /usr/lib/libcrypto.so.0.9.6
+# 0x0090600fL /usr/lib/libcrypto.so.1
+# 
+# Searching for OpenSSL static library files.
+# 0x0090602fL /usr/lib/libcrypto.a
+# 0x0090604fL /usr/local/ssl/lib/libcrypto.a
+# 
+# In  this  example, I gave configure no extra flags, so it's picking up
+# the  OpenSSL header from /usr/include/openssl (90604f) and the library
+# from /usr/lib/ (90602f).
+#
+# Adjust these to suit your compiler.
+# You may also need to set the *LIB*PATH environment variables if
+# DEFAULT_LIBPATH is not correct for your system.
+#
+CC=gcc
+STATIC=-static
+#
+# Set up conftest C source
+#
+rm -f findssl.log
+cat >conftest.c <<EOD
+#include <stdio.h>
+int main(){printf("0x%08xL\n", SSLeay());}
+EOD
+#
+# Set default library paths if not already set
+#
+DEFAULT_LIBPATH=/usr/lib:/usr/local/lib
+LIBPATH=${LIBPATH:=$DEFAULT_LIBPATH}
+LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH}
+LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
+export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
+#
+# Search for OpenSSL headers and print versions
+#
+echo Searching for OpenSSL header files.
+if [ -x "`which locate`" ]
+then
+        headers=`locate opensslv.h`
+else
+        headers=`find / -name opensslv.h -print 2>/dev/null`
+fi
+for header in $headers
+do
+        ver=`awk '/OPENSSL_VERSION_NUMBER/{printf \$3}' $header`
+        echo "$ver $header"
+done
+echo
+#
+# Search for shared libraries.
+# Relies on shared libraries looking like "libcrypto.s*"
+#
+echo Searching for OpenSSL shared library files.
+if [ -x "`which locate`" ]
+then
+        libraries=`locate libcrypto.s`
+else
+        libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null`
+fi
+for lib in $libraries
+do
+        (echo "Trying libcrypto $lib" >>findssl.log
+        dir=`dirname $lib`
+        LIBPATH="$dir:$LIBPATH"
+        LD_LIBRARY_PATH="$dir:$LIBPATH"
+        LIBRARY_PATH="$dir:$LIBPATH"
+        export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
+        ${CC} -o conftest conftest.c $lib 2>>findssl.log
+        if [ -x ./conftest ]
+        then
+                ver=`./conftest 2>/dev/null`
+                rm -f ./conftest
+                echo "$ver $lib"
+        fi)
+done
+echo
+#
+# Search for static OpenSSL libraries and print versions
+#
+echo Searching for OpenSSL static library files.
+if [ -x "`which locate`" ]
+then
+        libraries=`locate libcrypto.a`
+else
+        libraries=`find / -name libcrypto.a -print 2>/dev/null`
+fi
+for lib in $libraries
+do
+        libdir=`dirname $lib`
+        echo "Trying libcrypto $lib" >>findssl.log
+        ${CC} ${STATIC} -o conftest conftest.c -L${libdir} -lcrypto 2>>findssl.log
+        if [ -x ./conftest ]
+        then
+                ver=`./conftest 2>/dev/null`
+                rm -f ./conftest
+                echo "$ver $lib"
+        fi
+done
+#
+# Clean up
+#
+rm -f conftest.c
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index e7c3bb121..ce7c564c3 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
-%define ver 3.6.1p2
+%define ver 3.7p1
 %define rel 1
 # OpenSSH privilege separation requires a user & group ID
@@ -26,9 +26,6 @@
 # Is this build for RHL 6.x?
 %define build6x 0
-# Disable IPv6 (avoids DNS hangs on some glibc versions)
-%define noip6 0
 # Do we want kerberos5 support (1=yes 0=no)
 %define kerberos5 1
@@ -43,7 +40,6 @@
 # If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
 %if %{build6x}
 %define _sysconfdir /etc
-%define noip6 1
 %endif
 # Options for static OpenSSL link:
@@ -54,10 +50,6 @@
 # rpm -ba|--rebuild --define "smartcard 1"
 %{?smartcard:%define scard 1}
-# Option to disable ipv6
-# rpm -ba|--rebuild --define "noipv6 1"
-%{?noipv6:%define noip6 1}
 # Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
 %define rescue 0
 %{?build_rescue:%define rescue 1}
@@ -87,12 +79,12 @@ PreReq: initscripts >= 5.00
 %else
 PreReq: initscripts >= 5.20
 %endif
-BuildPreReq: perl, openssl-devel, sharutils, tcp_wrappers
+BuildPreReq: perl, openssl-devel, tcp_wrappers
 BuildPreReq: /bin/login
 %if ! %{build6x}
 BuildPreReq: glibc-devel, pam
 %else
-BuildPreReq: db1-devel, /usr/include/security/pam_appl.h
+BuildPreReq: /usr/include/security/pam_appl.h
 %endif
 %if ! %{no_x11_askpass}
 BuildPreReq: XFree86-devel
@@ -196,9 +188,6 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
 %if %{scard}
        --with-smartcard \
 %endif
-%if %{noip6}
-        --with-ipv4-default \
-%endif
 %if %{rescue}
        --without-pam --with-md5-passwords \
 %else
@@ -274,9 +263,11 @@ install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome
         rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
 %endif
+%if ! %{no_gnome_askpass}
 install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
 install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
 install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
+%endif
 perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/*
@@ -400,6 +391,14 @@ fi
 %endif
 %changelog
+* Mon Jun 2 2003 Damien Miller <djm@mindrot.org>
+- Remove noip6 option. This may be controlled at run-time in client config 
+  file using new AddressFamily directive
+* Mon May 12 2003 Damien Miller <djm@mindrot.org>
+- Don't install profile.d scripts when not building with GNOME/GTK askpass
+  (patch from bet@rahul.net)
 * Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
 - Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 707c3a221..ca7437bd6 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
 Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
 Name: openssh
-Version: 3.6.1p2
+Version: 3.7p1
 URL: http://www.openssh.com/
 Release: 1
 Source0: openssh-%{version}.tar.gz

diff --git a/contrib/aix/README b/contrib/aix/README index 82fd8be1b..2a299350a 100644 --- a/contrib/aix/README +++ b/contrib/aix/README
@@ -26,6 +26,7 @@ and for comparison with the output from this script, however no code
26	from lppbuild is included and it is not required for operation.	26	from lppbuild is included and it is not required for operation.
27		27
28	SRC support based on examples provided by Sandor Sklar and Maarten Kreuger.	28	SRC support based on examples provided by Sandor Sklar and Maarten Kreuger.
		29	PrivSep account handling fixes contributed by W. Earl Allen.
29		30
30		31
31	Other notes:	32	Other notes:
@@ -45,3 +46,5 @@ you get to keep both pieces.
45		46
46	- Darren Tucker (dtucker at zip dot com dot au)	47	- Darren Tucker (dtucker at zip dot com dot au)
47	2002/03/01	48	2002/03/01
		49
		50	$Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $


diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 3b3699660..727ac446d 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh
@@ -1,6 +1,7 @@
1	#!/bin/sh	1	#!/bin/sh
2	#	2	#
3	# buildbff.sh: Create AIX SMIT-installable OpenSSH packages	3	# buildbff.sh: Create AIX SMIT-installable OpenSSH packages
		4	# $Id: buildbff.sh,v 1.6 2003/08/25 05:01:04 dtucker Exp $
4	#	5	#
5	# Author: Darren Tucker (dtucker at zip dot com dot au)	6	# Author: Darren Tucker (dtucker at zip dot com dot au)
6	# This file is placed in the public domain and comes with absolutely	7	# This file is placed in the public domain and comes with absolutely
@@ -14,9 +15,9 @@
14	# create a "config.local" in your build directory or set	15	# create a "config.local" in your build directory or set
15	# environment variables to override these.	16	# environment variables to override these.
16	#	17	#
17	[ -z "$PERMIT_ROOT_LOGIN" ] \|\| PERMIT_ROOT_LOGIN=no	18	[ -z "$PERMIT_ROOT_LOGIN" ] && PERMIT_ROOT_LOGIN=no
18	[ -z "$X11_FORWARDING" ] \|\| X11_FORWARDING=no	19	[ -z "$X11_FORWARDING" ] && X11_FORWARDING=no
19	[ -z "$AIX_SRC" ] \|\| AIX_SRC=no	20	[ -z "$AIX_SRC" ] && AIX_SRC=no
20		21
21	umask 022	22	umask 022
22		23
@@ -31,7 +32,7 @@ else
31	fi	32	fi
32		33
33	#	34	#
34	# We still support running from contrib/aix, but this is depreciated	35	# We still support running from contrib/aix, but this is deprecated
35	#	36	#
36	if pwd \| egrep 'contrib/aix$'	37	if pwd \| egrep 'contrib/aix$'
37	then	38	then
@@ -121,7 +122,7 @@ cp $srcdir/README* $objdir/$PKGDIR/
121	# Extract common info requires for the 'info' part of the package.	122	# Extract common info requires for the 'info' part of the package.
122	# AIX requires 4-part version numbers	123	# AIX requires 4-part version numbers
123	#	124	#
124	VERSION=`./ssh -V 2>&1 \| sed -e 's/,.*//' \| cut -f 2 -d _`	125	VERSION=`./ssh -V 2>&1 \| cut -f 1 -d , \| cut -f 2 -d _`
125	MAJOR=`echo $VERSION \| cut -f 1 -d p \| cut -f 1 -d .`	126	MAJOR=`echo $VERSION \| cut -f 1 -d p \| cut -f 1 -d .`
126	MINOR=`echo $VERSION \| cut -f 1 -d p \| cut -f 2 -d .`	127	MINOR=`echo $VERSION \| cut -f 1 -d p \| cut -f 2 -d .`
127	PATCH=`echo $VERSION \| cut -f 1 -d p \| cut -f 3 -d .`	128	PATCH=`echo $VERSION \| cut -f 1 -d p \| cut -f 3 -d .`
@@ -218,7 +219,7 @@ else
218	fi	219	fi
219		220
220	# Create user if required	221	# Create user if required
221	if cut -f1 -d: /etc/passwd \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null	222	if lsuser ALL \| cut -f1 -d: \| egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null
222	then	223	then
223	echo "PrivSep user $SSH_PRIVSEP_USER already exists."	224	echo "PrivSep user $SSH_PRIVSEP_USER already exists."
224	else	225	else


diff --git a/contrib/aix/inventory.sh b/contrib/aix/inventory.sh index 619493ae2..4f408e678 100755 --- a/contrib/aix/inventory.sh +++ b/contrib/aix/inventory.sh
@@ -1,8 +1,10 @@
1	#!/bin/sh	1	#!/bin/sh
2	#	2	#
3	# inventory.sh	3	# inventory.sh
		4	# $Id: inventory.sh,v 1.5 2003/08/26 03:43:13 dtucker Exp $
4	#	5	#
5	# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl	6	# Originally written by Ben Lindstrom, modified by Darren Tucker to use perl
		7	# This file is placed into the public domain.
6	#	8	#
7	# This will produce an AIX package inventory file, which looks like:	9	# This will produce an AIX package inventory file, which looks like:
8	#	10	#


diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index f7fbe15e5..97d6adf51 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec
@@ -17,9 +17,9 @@
17	#old cvs stuff. please update before use. may be deprecated.	17	#old cvs stuff. please update before use. may be deprecated.
18	%define use_stable 1	18	%define use_stable 1
19	%if %{use_stable}	19	%if %{use_stable}
20	%define version 3.6.1p2	20	%define version 3.7p1
21	%define cvs %{nil}	21	%define cvs %{nil}
22	%define release 2	22	%define release 1
23	%else	23	%else
24	%define version 2.9.9p2	24	%define version 2.9.9p2
25	%define cvs cvs20011009	25	%define cvs cvs20011009
@@ -364,4 +364,4 @@ fi
364	* Mon Jan 01 1998 ...	364	* Mon Jan 01 1998 ...
365	Template Version: 1.31	365	Template Version: 1.31
366		366
367	$Id: openssh.spec,v 1.42.2.1 2003/04/29 09:12:08 djm Exp $	367	$Id: openssh.spec,v 1.43.2.2 2003/09/16 06:02:40 djm Exp $


diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config index 5a76adbaf..4da113181 100644 --- a/contrib/cygwin/ssh-user-config +++ b/contrib/cygwin/ssh-user-config
@@ -171,8 +171,8 @@ then
171	fi	171	fi
172	if request "Do you want to use this identity to login to this machine?"	172	if request "Do you want to use this identity to login to this machine?"
173	then	173	then
174	echo "Adding to ${pwdhome}/.ssh/authorized_keys2"	174	echo "Adding to ${pwdhome}/.ssh/authorized_keys"
175	cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys2"	175	cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
176	fi	176	fi
177	fi	177	fi
178	fi	178	fi
@@ -190,8 +190,8 @@ then
190	fi	190	fi
191	if request "Do you want to use this identity to login to this machine?"	191	if request "Do you want to use this identity to login to this machine?"
192	then	192	then
193	echo "Adding to ${pwdhome}/.ssh/authorized_keys2"	193	echo "Adding to ${pwdhome}/.ssh/authorized_keys"
194	cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys2"	194	cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys"
195	fi	195	fi
196	fi	196	fi
197	fi	197	fi


diff --git a/contrib/findssl.sh b/contrib/findssl.sh new file mode 100644 index 000000000..87a4abce2 --- /dev/null +++ b/contrib/findssl.sh
@@ -0,0 +1,159 @@
		1	#!/bin/sh
		2	#
		3	# findssl.sh
		4	# Search for all instances of OpenSSL headers and libraries
		5	# and print their versions.
		6	# Intended to help diagnose OpenSSH's "OpenSSL headers do not
		7	# match your library" errors.
		8	#
		9	# Written by Darren Tucker (dtucker at zip dot com dot au)
		10	# This file is placed in the public domain.
		11	#
		12	# $Id: findssl.sh,v 1.1 2003/06/24 10:22:10 dtucker Exp $
		13	# 2002-07-27: Initial release.
		14	# 2002-08-04: Added public domain notice.
		15	# 2003-06-24: Incorporated readme, set library paths. First cvs version.
		16	#
		17	# "OpenSSL headers do not match your library" are usually caused by
		18	# OpenSSH's configure picking up an older version of OpenSSL headers
		19	# or libraries. You can use the following # procedure to help identify
		20	# the cause.
		21	#
		22	# The output of configure will tell you the versions of the OpenSSL
		23	# headers and libraries that were picked up, for example:
		24	#
		25	# checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002)
		26	# checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001)
		27	# checking whether OpenSSL's headers match the library... no
		28	# configure: error: Your OpenSSL headers do not match your library
		29	#
		30	# Now run findssl.sh. This should identify the headers and libraries
		31	# present and their versions. You should be able to identify the
		32	# libraries and headers used and adjust your CFLAGS or remove incorrect
		33	# versions. The output will show OpenSSL's internal version identifier
		34	# and should look something like:
		35
		36	# $ ./findssl.sh
		37	# Searching for OpenSSL header files.
		38	# 0x0090604fL /usr/include/openssl/opensslv.h
		39	# 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h
		40	#
		41	# Searching for OpenSSL shared library files.
		42	# 0x0090602fL /lib/libcrypto.so.0.9.6b
		43	# 0x0090602fL /lib/libcrypto.so.2
		44	# 0x0090581fL /usr/lib/libcrypto.so.0
		45	# 0x0090602fL /usr/lib/libcrypto.so
		46	# 0x0090581fL /usr/lib/libcrypto.so.0.9.5a
		47	# 0x0090600fL /usr/lib/libcrypto.so.0.9.6
		48	# 0x0090600fL /usr/lib/libcrypto.so.1
		49	#
		50	# Searching for OpenSSL static library files.
		51	# 0x0090602fL /usr/lib/libcrypto.a
		52	# 0x0090604fL /usr/local/ssl/lib/libcrypto.a
		53	#
		54	# In this example, I gave configure no extra flags, so it's picking up
		55	# the OpenSSL header from /usr/include/openssl (90604f) and the library
		56	# from /usr/lib/ (90602f).
		57
		58	#
		59	# Adjust these to suit your compiler.
		60	# You may also need to set the LIBPATH environment variables if
		61	# DEFAULT_LIBPATH is not correct for your system.
		62	#
		63	CC=gcc
		64	STATIC=-static
		65
		66	#
		67	# Set up conftest C source
		68	#
		69	rm -f findssl.log
		70	cat >conftest.c <<EOD
		71	#include <stdio.h>
		72	int main(){printf("0x%08xL\n", SSLeay());}
		73	EOD
		74
		75	#
		76	# Set default library paths if not already set
		77	#
		78	DEFAULT_LIBPATH=/usr/lib:/usr/local/lib
		79	LIBPATH=${LIBPATH:=$DEFAULT_LIBPATH}
		80	LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH}
		81	LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH}
		82	export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
		83
		84	#
		85	# Search for OpenSSL headers and print versions
		86	#
		87	echo Searching for OpenSSL header files.
		88	if [ -x "`which locate`" ]
		89	then
		90	headers=`locate opensslv.h`
		91	else
		92	headers=`find / -name opensslv.h -print 2>/dev/null`
		93	fi
		94
		95	for header in $headers
		96	do
		97	ver=`awk '/OPENSSL_VERSION_NUMBER/{printf \$3}' $header`
		98	echo "$ver $header"
		99	done
		100	echo
		101
		102	#
		103	# Search for shared libraries.
		104	# Relies on shared libraries looking like "libcrypto.s*"
		105	#
		106	echo Searching for OpenSSL shared library files.
		107	if [ -x "`which locate`" ]
		108	then
		109	libraries=`locate libcrypto.s`
		110	else
		111	libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null`
		112	fi
		113
		114	for lib in $libraries
		115	do
		116	(echo "Trying libcrypto $lib" >>findssl.log
		117	dir=`dirname $lib`
		118	LIBPATH="$dir:$LIBPATH"
		119	LD_LIBRARY_PATH="$dir:$LIBPATH"
		120	LIBRARY_PATH="$dir:$LIBPATH"
		121	export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH
		122	${CC} -o conftest conftest.c $lib 2>>findssl.log
		123	if [ -x ./conftest ]
		124	then
		125	ver=`./conftest 2>/dev/null`
		126	rm -f ./conftest
		127	echo "$ver $lib"
		128	fi)
		129	done
		130	echo
		131
		132	#
		133	# Search for static OpenSSL libraries and print versions
		134	#
		135	echo Searching for OpenSSL static library files.
		136	if [ -x "`which locate`" ]
		137	then
		138	libraries=`locate libcrypto.a`
		139	else
		140	libraries=`find / -name libcrypto.a -print 2>/dev/null`
		141	fi
		142
		143	for lib in $libraries
		144	do
		145	libdir=`dirname $lib`
		146	echo "Trying libcrypto $lib" >>findssl.log
		147	${CC} ${STATIC} -o conftest conftest.c -L${libdir} -lcrypto 2>>findssl.log
		148	if [ -x ./conftest ]
		149	then
		150	ver=`./conftest 2>/dev/null`
		151	rm -f ./conftest
		152	echo "$ver $lib"
		153	fi
		154	done
		155
		156	#
		157	# Clean up
		158	#
		159	rm -f conftest.c


diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index e7c3bb121..ce7c564c3 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1	%define ver 3.6.1p2	1	%define ver 3.7p1
2	%define rel 1	2	%define rel 1
3		3
4	# OpenSSH privilege separation requires a user & group ID	4	# OpenSSH privilege separation requires a user & group ID
@@ -26,9 +26,6 @@
26	# Is this build for RHL 6.x?	26	# Is this build for RHL 6.x?
27	%define build6x 0	27	%define build6x 0
28		28
29	# Disable IPv6 (avoids DNS hangs on some glibc versions)
30	%define noip6 0
31
32	# Do we want kerberos5 support (1=yes 0=no)	29	# Do we want kerberos5 support (1=yes 0=no)
33	%define kerberos5 1	30	%define kerberos5 1
34		31
@@ -43,7 +40,6 @@
43	# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.	40	# If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc.
44	%if %{build6x}	41	%if %{build6x}
45	%define _sysconfdir /etc	42	%define _sysconfdir /etc
46	%define noip6 1
47	%endif	43	%endif
48		44
49	# Options for static OpenSSL link:	45	# Options for static OpenSSL link:
@@ -54,10 +50,6 @@
54	# rpm -ba\|--rebuild --define "smartcard 1"	50	# rpm -ba\|--rebuild --define "smartcard 1"
55	%{?smartcard:%define scard 1}	51	%{?smartcard:%define scard 1}
56		52
57	# Option to disable ipv6
58	# rpm -ba\|--rebuild --define "noipv6 1"
59	%{?noipv6:%define noip6 1}
60
61	# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)	53	# Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no)
62	%define rescue 0	54	%define rescue 0
63	%{?build_rescue:%define rescue 1}	55	%{?build_rescue:%define rescue 1}
@@ -87,12 +79,12 @@ PreReq: initscripts >= 5.00
87	%else	79	%else
88	PreReq: initscripts >= 5.20	80	PreReq: initscripts >= 5.20
89	%endif	81	%endif
90	BuildPreReq: perl, openssl-devel, sharutils, tcp_wrappers	82	BuildPreReq: perl, openssl-devel, tcp_wrappers
91	BuildPreReq: /bin/login	83	BuildPreReq: /bin/login
92	%if ! %{build6x}	84	%if ! %{build6x}
93	BuildPreReq: glibc-devel, pam	85	BuildPreReq: glibc-devel, pam
94	%else	86	%else
95	BuildPreReq: db1-devel, /usr/include/security/pam_appl.h	87	BuildPreReq: /usr/include/security/pam_appl.h
96	%endif	88	%endif
97	%if ! %{no_x11_askpass}	89	%if ! %{no_x11_askpass}
98	BuildPreReq: XFree86-devel	90	BuildPreReq: XFree86-devel
@@ -196,9 +188,6 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS
196	%if %{scard}	188	%if %{scard}
197	--with-smartcard \	189	--with-smartcard \
198	%endif	190	%endif
199	%if %{noip6}
200	--with-ipv4-default \
201	%endif
202	%if %{rescue}	191	%if %{rescue}
203	--without-pam --with-md5-passwords \	192	--without-pam --with-md5-passwords \
204	%else	193	%else
@@ -274,9 +263,11 @@ install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome
274	rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin	263	rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin
275	%endif	264	%endif
276		265
		266	%if ! %{no_gnome_askpass}
277	install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/	267	install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
278	install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/	268	install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
279	install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/	269	install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/
		270	%endif
280		271
281	perl -pi -e "s\|$RPM_BUILD_ROOT\|\|g" $RPM_BUILD_ROOT%{_mandir}/man/	272	perl -pi -e "s\|$RPM_BUILD_ROOT\|\|g" $RPM_BUILD_ROOT%{_mandir}/man/
282		273
@@ -400,6 +391,14 @@ fi
400	%endif	391	%endif
401		392
402	%changelog	393	%changelog
		394	* Mon Jun 2 2003 Damien Miller <djm@mindrot.org>
		395	- Remove noip6 option. This may be controlled at run-time in client config
		396	file using new AddressFamily directive
		397
		398	* Mon May 12 2003 Damien Miller <djm@mindrot.org>
		399	- Don't install profile.d scripts when not building with GNOME/GTK askpass
		400	(patch from bet@rahul.net)
		401
403	* Wed Oct 01 2002 Damien Miller <djm@mindrot.org>	402	* Wed Oct 01 2002 Damien Miller <djm@mindrot.org>
404	- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks	403	- Install ssh-agent setgid nobody to prevent ptrace() key theft attacks
405		404


diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 707c3a221..ca7437bd6 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec
@@ -1,6 +1,6 @@
1	Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation	1	Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
2	Name: openssh	2	Name: openssh
3	Version: 3.6.1p2	3	Version: 3.7p1
4	URL: http://www.openssh.com/	4	URL: http://www.openssh.com/
5	Release: 1	5	Release: 1
6	Source0: openssh-%{version}.tar.gz	6	Source0: openssh-%{version}.tar.gz