From e25a9bd740031a212a14f0ee82bfe0f4c5ac504c Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Sun, 18 Apr 2010 13:35:00 +1000 Subject: - (dtucker) [contrib/aix/buildbff.sh] Fix creation of ssh_prng_cmds.default file. --- contrib/aix/buildbff.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'contrib') diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 6648e8e65..ca4bf0210 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -1,7 +1,7 @@ #!/bin/sh # # buildbff.sh: Create AIX SMIT-installable OpenSSH packages -# $Id: buildbff.sh,v 1.11 2009/03/06 23:22:10 dtucker Exp $ +# $Id: buildbff.sh,v 1.12 2010/04/18 03:35:00 dtucker Exp $ # # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely @@ -159,7 +159,7 @@ done # AIX 5.3 and newer have /dev/random and don't create ssh_prng_cmds if [ -f $FAKE_ROOT/$sysconfdir/ssh_prng_cmds ] then - mv FAKE_ROOT/$sysconfdir/ssh_prng_cmds \ + mv $FAKE_ROOT/$sysconfdir/ssh_prng_cmds \ $FAKE_ROOT/$sysconfdir/ssh_prng_cmds.default fi -- cgit v1.2.3 From b9ae4ec556e6ee4cbe0c6cc7fb4ec9b9486cb8f7 Mon Sep 17 00:00:00 2001 From: Tim Rice Date: Thu, 17 Jun 2010 11:11:44 -0700 Subject: - (tim) [contrib/cygwin/README] Remove a reference to the obsolete minires-devel package, and to add the reference to the libedit-devel package since CYgwin now provides libedit. Patch from Corinna Vinschen. --- ChangeLog | 5 +++++ contrib/cygwin/README | 6 +++++- 2 files changed, 10 insertions(+), 1 deletion(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index 86c66d1a7..9d7928d34 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20100617 + - (tim) [contrib/cygwin/README] Remove a reference to the obsolete + minires-devel package, and to add the reference to the libedit-devel + package since CYgwin now provides libedit. Patch from Corinna Vinschen. + 20100521 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2010/05/07 11:31:26 diff --git a/contrib/cygwin/README b/contrib/cygwin/README index 3dd45014a..5f911e924 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README @@ -201,6 +201,7 @@ configure are used for the Cygwin binary distribution: --mandir='${datadir}/man' \ --infodir='${datadir}/info' --with-tcp-wrappers + --with-libedit If you want to create a Cygwin package, equivalent to the one in the Cygwin binary distribution, install like this: @@ -217,12 +218,15 @@ You must have installed the following packages to be able to build OpenSSH: - zlib - openssl-devel -- minires-devel If you want to build with --with-tcp-wrappers, you also need the package - tcp_wrappers +If you want to build with --with-libedit, you also need the package + +- libedit-devel + Please send requests, error reports etc. to cygwin@cygwin.com. -- cgit v1.2.3 From ea909791c5cf297aa83d32af1c9df56e77c2e84a Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Fri, 18 Jun 2010 11:09:24 +1000 Subject: - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ rather than assuming that $CWD == $HOME. bz#1500, patch from timothy AT gelter.com --- ChangeLog | 5 +++++ contrib/ssh-copy-id | 5 +++-- 2 files changed, 8 insertions(+), 2 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index 9d7928d34..e6ba2ed31 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20100618 + - (djm) [contrib/ssh-copy-id] Update key file explicitly under ~ + rather than assuming that $CWD == $HOME. bz#1500, patch from + timothy AT gelter.com + 20100617 - (tim) [contrib/cygwin/README] Remove a reference to the obsolete minires-devel package, and to add the reference to the libedit-devel diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index 65c0a8cd8..4c5493bd0 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id @@ -38,13 +38,14 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then exit 1 fi -{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d .ssh || mkdir .ssh ; cat >> .ssh/authorized_keys" || exit 1 +{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1 cat < Date: Wed, 14 Jul 2010 13:42:28 -0700 Subject: - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass (line 77) should have been for no_x11_askpass. --- ChangeLog | 4 ++++ contrib/redhat/openssh.spec | 5 ++++- 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index b67dfe78f..dc602211d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20100714 + - (tim) [contrib/redhat/openssh.spec] Bug 1796: Test for skip_x11_askpass + (line 77) should have been for no_x11_askpass. + 20100702 - (djm) OpenBSD CVS Sync - jmc@cvs.openbsd.org 2010/06/26 00:57:07 diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index c13cfe60d..a8637d954 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -74,7 +74,7 @@ Release: %{rel} %endif URL: http://www.openssh.com/portable.html Source0: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-%{version}.tar.gz -%if ! %{skip_x11_askpass} +%if ! %{no_x11_askpass} Source1: http://www.jmknoble.net/software/x11-ssh-askpass/x11-ssh-askpass-%{aversion}.tar.gz %endif License: BSD @@ -407,6 +407,9 @@ fi %endif %changelog +* Wed Jul 14 2010 Tim Rice +- test for skip_x11_askpass (line 77) should have been for no_x11_askpass + * Mon Jun 2 2003 Damien Miller - Remove noip6 option. This may be controlled at run-time in client config file using new AddressFamily directive -- cgit v1.2.3 From 12b29dbd8a439b7de6bd7c30bf9b03539ac2e105 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 19 Jul 2010 21:24:13 +1000 Subject: - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more details about its behaviour WRT existing directories. Patch from asguthrie at gmail com, ok djm. --- ChangeLog | 5 +++++ contrib/ssh-copy-id.1 | 34 +++++++++++++++++++++------------- 2 files changed, 26 insertions(+), 13 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index 322bb9d97..900999d7a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,8 @@ +20100919 + - (dtucker) [contrib/ssh-copy-ud.1] Bug #1786: update ssh-copy-id.1 with more + details about its behaviour WRT existing directories. Patch from + asguthrie at gmail com, ok djm. + 20100716 - (djm) OpenBSD CVS Sync - djm@cvs.openbsd.org 2010/07/02 04:32:44 diff --git a/contrib/ssh-copy-id.1 b/contrib/ssh-copy-id.1 index f25ed01f2..cb15ab24d 100644 --- a/contrib/ssh-copy-id.1 +++ b/contrib/ssh-copy-id.1 @@ -25,19 +25,10 @@ ssh-copy-id \- install your public key in a remote machine's authorized_keys .br .SH DESCRIPTION .BR ssh-copy-id -is a script that uses ssh to log into a remote machine (presumably -using a login password, so password authentication should be enabled, -unless you've done some clever use of multiple identities) -.PP -It also changes the permissions of the remote user's home, -.BR ~/.ssh , -and +is a script that uses ssh to log into a remote machine and +append the indicated identity file to that machine's .B ~/.ssh/authorized_keys -to remove group writability (which would otherwise prevent you from logging in, if the remote -.B sshd -has -.B StrictModes -set in its configuration). +file. .PP If the .B -i @@ -59,7 +50,24 @@ produced no output, then it uses the contents of the identity file. Once it has one or more fingerprints (by whatever means) it uses ssh to append them to .B ~/.ssh/authorized_keys -on the remote machine (creating the file, and directory, if necessary) +on the remote machine (creating the file, and directory, if necessary.) + +.SH NOTES +This program does not modify the permissions of any +pre-existing files or directories. Therefore, if the remote +.B sshd +has +.B StrictModes +set in its +configuration, then the user's home, +.B ~/.ssh +folder, and +.B ~/.ssh/authorized_keys +file may need to have group writability disabled manually, e.g. via + +.B " chmod go-w ~ ~/.ssh ~/.ssh/authorized_keys" + +on the remote machine. .SH "SEE ALSO" .BR ssh (1), -- cgit v1.2.3 From 792010bafde7f901d339039b56f648912fd54b02 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 9 Aug 2010 02:32:05 +1000 Subject: - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] [contrib/suse/openssh.spec] Crank version numbers --- ChangeLog | 2 ++ README | 4 ++-- contrib/caldera/openssh.spec | 5 ++--- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 5 files changed, 8 insertions(+), 7 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index 35144239a..3bb45baff 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ - djm@cvs.openbsd.org 2010/08/08 16:26:42 [version.h] crank to 5.6 + - (djm) [README contrib/caldera/openssh.spec contrib/redhat/openssh.spec] + [contrib/suse/openssh.spec] Crank version numbers 20100805 - OpenBSD CVS Sync diff --git a/README b/README index a29f2007d..4eaa54588 100644 --- a/README +++ b/README @@ -1,4 +1,4 @@ -See http://www.openssh.com/txt/release-5.5 for the release notes. +See http://www.openssh.com/txt/release-5.6 for the release notes. - A Japanese translation of this document and of the OpenSSH FAQ is - available at http://www.unixuser.org/~haruyama/security/openssh/index.html @@ -62,4 +62,4 @@ References - [6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 [7] http://www.openssh.com/faq.html -$Id: README,v 1.73 2010/03/21 19:11:55 djm Exp $ +$Id: README,v 1.74 2010/08/08 16:32:06 djm Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 6bea9a40f..515fe334d 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -16,12 +16,11 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 +%define version 5.6p1 %if %{use_stable} - %define version 5.5p1 %define cvs %{nil} %define release 1 %else - %define version 5.5p1 %define cvs cvs20050315 %define release 0r1 %endif @@ -360,4 +359,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.70 2010/03/21 19:11:58 djm Exp $ +$Id: openssh.spec,v 1.71 2010/08/08 16:32:09 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index a8637d954..77e66252e 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 5.5p1 +%define ver 5.6p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 52ed915dc..f099746f2 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -13,7 +13,7 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 5.5p1 +Version: 5.6p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From 02c47341a2d0bd03411f6e00c74fb7ddd9b03986 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 10 Aug 2010 13:36:09 +1000 Subject: - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. based in part on a patch from Colin Watson, ok djm@ --- ChangeLog | 2 ++ contrib/ssh-copy-id | 7 +++++-- 2 files changed, 7 insertions(+), 2 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index 184c36980..23ecb0618 100644 --- a/ChangeLog +++ b/ChangeLog @@ -2,6 +2,8 @@ - (djm) bz#1561: don't bother setting IFF_UP on tun(4) device if it is already set. Makes FreeBSD user openable tunnels useful; patch from richard.burakowski+ossh AT mrburak.net, ok dtucker@ + - (dtucker) bug #1530: strip trailing ":" from hostname in ssh-copy-id. + based in part on a patch from Colin Watson, ok djm@ 20100809 - OpenBSD CVS Sync diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id index 4c5493bd0..368645cb4 100644 --- a/contrib/ssh-copy-id +++ b/contrib/ssh-copy-id @@ -38,10 +38,13 @@ if [ "$#" -lt 1 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then exit 1 fi -{ eval "$GET_ID" ; } | ssh $1 "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1 +# strip any trailing colon +host=`echo $1 | sed 's/:$//'` + +{ eval "$GET_ID" ; } | ssh $host "umask 077; test -d ~/.ssh || mkdir ~/.ssh ; cat >> ~/.ssh/authorized_keys" || exit 1 cat <