From eab4bae03894f07ea556db4d781795c724245af7 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 29 Apr 2003 23:22:40 +1000 Subject: - (djm) Add back radix.o (used by AFS support), after it went missing from Makefile many moons ago - (djm) Apply "owl-always-auth" patch from Openwall/Solar Designer - (djm) Fix blibpath specification for AIX/gcc - (djm) Some systems have basename in -lgen. Fix from ayamura@ayamura.org --- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 4 ++-- contrib/suse/openssh.spec | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'contrib') diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 142d30d88..8e97c3818 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 3.6.1p1 + %define version 3.6.1p2 %define cvs %{nil} %define release 2 %else @@ -364,4 +364,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.42 2003/04/01 11:46:53 djm Exp $ +$Id: openssh.spec,v 1.43 2003/04/29 13:22:40 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 11d86a83c..8809ded70 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,5 +1,5 @@ -%define ver 3.6.1p1 -%define rel 2 +%define ver 3.6.1p2 +%define rel 1 # OpenSSH privilege separation requires a user & group ID %define sshd_uid 74 diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 194dbb7d1..707c3a221 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -1,6 +1,6 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 3.6.1p1 +Version: 3.6.1p2 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From 75d3b05c57e8284389f77d6105ebc29d00875b17 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 12 May 2003 18:15:49 +1000 Subject: - (djm) Redhat spec: Don't install profile.d scripts when not building with GNOME/GTK askpass (patch from bet@rahul.net) --- ChangeLog | 6 +++++- contrib/redhat/openssh.spec | 8 +++++++- 2 files changed, 12 insertions(+), 2 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index 25492fd67..bc1fb1387 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030512 + - (djm) Redhat spec: Don't install profile.d scripts when not + building with GNOME/GTK askpass (patch from bet@rahul.net) + 20030510 - (dtucker) Bug #318: Create ssh_prng_cmds.out during "make" rather than "make install". Patch by roth@feep.net. @@ -1380,4 +1384,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2674 2003/05/10 13:42:12 djm Exp $ +$Id: ChangeLog,v 1.2675 2003/05/12 08:15:49 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 8809ded70..623cfa6d6 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,5 +1,5 @@ %define ver 3.6.1p2 -%define rel 1 +%define rel 2 # OpenSSH privilege separation requires a user & group ID %define sshd_uid 74 @@ -274,9 +274,11 @@ install -s contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome rm -f $RPM_BUILD_ROOT/usr/share/openssh/Ssh.bin %endif +%if ! %{no_gnome_askpass} install -m 755 -d $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ install -m 755 contrib/redhat/gnome-ssh-askpass.csh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ install -m 755 contrib/redhat/gnome-ssh-askpass.sh $RPM_BUILD_ROOT%{_sysconfdir}/profile.d/ +%endif perl -pi -e "s|$RPM_BUILD_ROOT||g" $RPM_BUILD_ROOT%{_mandir}/man*/* @@ -400,6 +402,10 @@ fi %endif %changelog +* Mon May 12 2003 Damien Miller +- Don't install profile.d scripts when not building with GNOME/GTK askpass + (patch from bet@rahul.net) + * Wed Oct 01 2002 Damien Miller - Install ssh-agent setgid nobody to prevent ptrace() key theft attacks -- cgit v1.2.3 From dba59508205febc2f0dbf5e1cc9c3f9268af2f70 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Mon, 2 Jun 2003 17:43:19 +1000 Subject: - (djm) Remove "noip6" option from RedHat spec file. This may now be set at runtime using AddressFamily option. --- ChangeLog | 4 +++- contrib/redhat/openssh.spec | 17 +++++------------ 2 files changed, 8 insertions(+), 13 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index 214b383cc..f17eb361f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -4,6 +4,8 @@ clobber - (tim) openbsd-compat/xmmap.[ch] License clarifications. Add missing CVS ID. + - (djm) Remove "noip6" option from RedHat spec file. This may now be + set at runtime using AddressFamily option. 20030530 - (dtucker) Add missing semicolon in md5crypt.c, patch from openssh at @@ -1630,4 +1632,4 @@ save auth method before monitor_reset_key_state(); bugzilla bug #284; ok provos@ -$Id: ChangeLog,v 1.2757 2003/06/02 02:25:27 tim Exp $ +$Id: ChangeLog,v 1.2758 2003/06/02 07:43:19 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 623cfa6d6..656e692e8 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,5 +1,5 @@ %define ver 3.6.1p2 -%define rel 2 +%define rel 3 # OpenSSH privilege separation requires a user & group ID %define sshd_uid 74 @@ -26,9 +26,6 @@ # Is this build for RHL 6.x? %define build6x 0 -# Disable IPv6 (avoids DNS hangs on some glibc versions) -%define noip6 0 - # Do we want kerberos5 support (1=yes 0=no) %define kerberos5 1 @@ -43,7 +40,6 @@ # If this is RHL 6.x, the default configuration has sysconfdir in /usr/etc. %if %{build6x} %define _sysconfdir /etc -%define noip6 1 %endif # Options for static OpenSSL link: @@ -54,10 +50,6 @@ # rpm -ba|--rebuild --define "smartcard 1" %{?smartcard:%define scard 1} -# Option to disable ipv6 -# rpm -ba|--rebuild --define "noipv6 1" -%{?noipv6:%define noip6 1} - # Is this a build for the rescue CD (without PAM, with MD5)? (1=yes 0=no) %define rescue 0 %{?build_rescue:%define rescue 1} @@ -196,9 +188,6 @@ CFLAGS="$RPM_OPT_FLAGS -Os"; export CFLAGS %if %{scard} --with-smartcard \ %endif -%if %{noip6} - --with-ipv4-default \ -%endif %if %{rescue} --without-pam --with-md5-passwords \ %else @@ -402,6 +391,10 @@ fi %endif %changelog +* Mon Jun 2 2003 Damien Miller +- Remove noip6 option. This may be controlled at run-time in client config + file using new AddressFamily directive + * Mon May 12 2003 Damien Miller - Don't install profile.d scripts when not building with GNOME/GTK askpass (patch from bet@rahul.net) -- cgit v1.2.3 From a0472e095d8c635439d036e84971fc1489863683 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 24 Jun 2003 20:22:09 +1000 Subject: - (dtucker) Have configure refer the user to config.log and contrib/findssl.sh for OpenSSL header/library mismatches. --- ChangeLog | 6 +- configure.ac | 6 +- contrib/findssl.sh | 159 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 168 insertions(+), 3 deletions(-) create mode 100644 contrib/findssl.sh (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index ede2035b4..347a876ea 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,3 +1,7 @@ +20030624 + - (dtucker) Have configure refer the user to config.log and + contrib/findssl.sh for OpenSSL header/library mismatches. + 20030622 - (dtucker) OpenBSD CVS Sync - markus@cvs.openbsd.org 2003/06/21 09:14:05 @@ -579,4 +583,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2822 2003/06/22 11:22:04 dtucker Exp $ +$Id: ChangeLog,v 1.2823 2003/06/24 10:22:09 dtucker Exp $ diff --git a/configure.ac b/configure.ac index 92f182ac0..8afa7aaf6 100644 --- a/configure.ac +++ b/configure.ac @@ -1,4 +1,4 @@ -# $Id: configure.ac,v 1.126 2003/06/04 23:53:31 djm Exp $ +# $Id: configure.ac,v 1.127 2003/06/24 10:22:10 dtucker Exp $ AC_INIT AC_CONFIG_SRCDIR([ssh.c]) @@ -957,7 +957,9 @@ int main(void) { exit(SSLeay() == OPENSSL_VERSION_NUMBER ? 0 : 1); } ], [ AC_MSG_RESULT(no) - AC_MSG_ERROR(Your OpenSSL headers do not match your library) + AC_MSG_ERROR([Your OpenSSL headers do not match your library. +Check config.log for details. +Also see contrib/findssl.sh for help identifying header/library mismatches.]) ] ) diff --git a/contrib/findssl.sh b/contrib/findssl.sh new file mode 100644 index 000000000..87a4abce2 --- /dev/null +++ b/contrib/findssl.sh @@ -0,0 +1,159 @@ +#!/bin/sh +# +# findssl.sh +# Search for all instances of OpenSSL headers and libraries +# and print their versions. +# Intended to help diagnose OpenSSH's "OpenSSL headers do not +# match your library" errors. +# +# Written by Darren Tucker (dtucker at zip dot com dot au) +# This file is placed in the public domain. +# +# $Id: findssl.sh,v 1.1 2003/06/24 10:22:10 dtucker Exp $ +# 2002-07-27: Initial release. +# 2002-08-04: Added public domain notice. +# 2003-06-24: Incorporated readme, set library paths. First cvs version. +# +# "OpenSSL headers do not match your library" are usually caused by +# OpenSSH's configure picking up an older version of OpenSSL headers +# or libraries. You can use the following # procedure to help identify +# the cause. +# +# The output of configure will tell you the versions of the OpenSSL +# headers and libraries that were picked up, for example: +# +# checking OpenSSL header version... 90604f (OpenSSL 0.9.6d 9 May 2002) +# checking OpenSSL library version... 90602f (OpenSSL 0.9.6b [engine] 9 Jul 2001) +# checking whether OpenSSL's headers match the library... no +# configure: error: Your OpenSSL headers do not match your library +# +# Now run findssl.sh. This should identify the headers and libraries +# present and their versions. You should be able to identify the +# libraries and headers used and adjust your CFLAGS or remove incorrect +# versions. The output will show OpenSSL's internal version identifier +# and should look something like: + +# $ ./findssl.sh +# Searching for OpenSSL header files. +# 0x0090604fL /usr/include/openssl/opensslv.h +# 0x0090604fL /usr/local/ssl/include/openssl/opensslv.h +# +# Searching for OpenSSL shared library files. +# 0x0090602fL /lib/libcrypto.so.0.9.6b +# 0x0090602fL /lib/libcrypto.so.2 +# 0x0090581fL /usr/lib/libcrypto.so.0 +# 0x0090602fL /usr/lib/libcrypto.so +# 0x0090581fL /usr/lib/libcrypto.so.0.9.5a +# 0x0090600fL /usr/lib/libcrypto.so.0.9.6 +# 0x0090600fL /usr/lib/libcrypto.so.1 +# +# Searching for OpenSSL static library files. +# 0x0090602fL /usr/lib/libcrypto.a +# 0x0090604fL /usr/local/ssl/lib/libcrypto.a +# +# In this example, I gave configure no extra flags, so it's picking up +# the OpenSSL header from /usr/include/openssl (90604f) and the library +# from /usr/lib/ (90602f). + +# +# Adjust these to suit your compiler. +# You may also need to set the *LIB*PATH environment variables if +# DEFAULT_LIBPATH is not correct for your system. +# +CC=gcc +STATIC=-static + +# +# Set up conftest C source +# +rm -f findssl.log +cat >conftest.c < +int main(){printf("0x%08xL\n", SSLeay());} +EOD + +# +# Set default library paths if not already set +# +DEFAULT_LIBPATH=/usr/lib:/usr/local/lib +LIBPATH=${LIBPATH:=$DEFAULT_LIBPATH} +LD_LIBRARY_PATH=${LD_LIBRARY_PATH:=$DEFAULT_LIBPATH} +LIBRARY_PATH=${LIBRARY_PATH:=$DEFAULT_LIBPATH} +export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH + +# +# Search for OpenSSL headers and print versions +# +echo Searching for OpenSSL header files. +if [ -x "`which locate`" ] +then + headers=`locate opensslv.h` +else + headers=`find / -name opensslv.h -print 2>/dev/null` +fi + +for header in $headers +do + ver=`awk '/OPENSSL_VERSION_NUMBER/{printf \$3}' $header` + echo "$ver $header" +done +echo + +# +# Search for shared libraries. +# Relies on shared libraries looking like "libcrypto.s*" +# +echo Searching for OpenSSL shared library files. +if [ -x "`which locate`" ] +then + libraries=`locate libcrypto.s` +else + libraries=`find / -name 'libcrypto.s*' -print 2>/dev/null` +fi + +for lib in $libraries +do + (echo "Trying libcrypto $lib" >>findssl.log + dir=`dirname $lib` + LIBPATH="$dir:$LIBPATH" + LD_LIBRARY_PATH="$dir:$LIBPATH" + LIBRARY_PATH="$dir:$LIBPATH" + export LIBPATH LD_LIBRARY_PATH LIBRARY_PATH + ${CC} -o conftest conftest.c $lib 2>>findssl.log + if [ -x ./conftest ] + then + ver=`./conftest 2>/dev/null` + rm -f ./conftest + echo "$ver $lib" + fi) +done +echo + +# +# Search for static OpenSSL libraries and print versions +# +echo Searching for OpenSSL static library files. +if [ -x "`which locate`" ] +then + libraries=`locate libcrypto.a` +else + libraries=`find / -name libcrypto.a -print 2>/dev/null` +fi + +for lib in $libraries +do + libdir=`dirname $lib` + echo "Trying libcrypto $lib" >>findssl.log + ${CC} ${STATIC} -o conftest conftest.c -L${libdir} -lcrypto 2>>findssl.log + if [ -x ./conftest ] + then + ver=`./conftest 2>/dev/null` + rm -f ./conftest + echo "$ver $lib" + fi +done + +# +# Clean up +# +rm -f conftest.c -- cgit v1.2.3 From 49d32566c26005364958a87b16857ec5073739bf Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Fri, 22 Aug 2003 18:43:48 +1000 Subject: - (dtucker) [contrib/cygwin/ssh-user-config] Put keys in authorized_keys rather that authorized_keys2. Patch from vinschen@redhat.com. --- ChangeLog | 4 +++- contrib/cygwin/ssh-user-config | 8 ++++---- 2 files changed, 7 insertions(+), 5 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index ded30f05a..1303acc45 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,6 +1,8 @@ 20030822 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal -lbroken; ok dtucker + - (dtucker) [contrib/cygwin/ssh-user-config] Put keys in authorized_keys + rather that authorized_keys2. Patch from vinschen@redhat.com. 20030821 - (dtucker) OpenBSD CVS Sync @@ -849,4 +851,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2897 2003/08/21 23:34:41 djm Exp $ +$Id: ChangeLog,v 1.2898 2003/08/22 08:43:48 dtucker Exp $ diff --git a/contrib/cygwin/ssh-user-config b/contrib/cygwin/ssh-user-config index 5a76adbaf..4da113181 100644 --- a/contrib/cygwin/ssh-user-config +++ b/contrib/cygwin/ssh-user-config @@ -171,8 +171,8 @@ then fi if request "Do you want to use this identity to login to this machine?" then - echo "Adding to ${pwdhome}/.ssh/authorized_keys2" - cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys2" + echo "Adding to ${pwdhome}/.ssh/authorized_keys" + cat "${pwdhome}/.ssh/id_rsa.pub" >> "${pwdhome}/.ssh/authorized_keys" fi fi fi @@ -190,8 +190,8 @@ then fi if request "Do you want to use this identity to login to this machine?" then - echo "Adding to ${pwdhome}/.ssh/authorized_keys2" - cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys2" + echo "Adding to ${pwdhome}/.ssh/authorized_keys" + cat "${pwdhome}/.ssh/id_dsa.pub" >> "${pwdhome}/.ssh/authorized_keys" fi fi fi -- cgit v1.2.3 From 36ca53a5a025114d7c55b881027294a28b7d465a Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 25 Aug 2003 15:01:04 +1000 Subject: - (dtucker) [README buildbff.sh inventory.sh] (all in contrib/aix) Update package builder: correctly handle config variables, use lsuser rather than /etc/passwd, fix typos, add Id's. --- ChangeLog | 5 ++++- contrib/aix/README | 3 +++ contrib/aix/buildbff.sh | 13 +++++++------ contrib/aix/inventory.sh | 1 + 4 files changed, 15 insertions(+), 7 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index fa13b037e..550e443dd 100644 --- a/ChangeLog +++ b/ChangeLog @@ -12,6 +12,9 @@ UsePAM=yes; ok dtucker - (dtucker) [configure.ac] Bug #533, #551: define BROKEN_GETADDRINFO on Tru64, solves getnameinfo and "bad addr or host" errors. ok djm@ + - (dtucker) [README buildbff.sh inventory.sh] (all in contrib/aix) + Update package builder: correctly handle config variables, use lsuser + rather than /etc/passwd, fix typos, add Id's. 20030822 - (djm) s/get_progname/ssh_get_progname/g to avoid conflict with Heimdal @@ -866,4 +869,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2904 2003/08/25 03:27:40 dtucker Exp $ +$Id: ChangeLog,v 1.2905 2003/08/25 05:01:04 dtucker Exp $ diff --git a/contrib/aix/README b/contrib/aix/README index 82fd8be1b..2a299350a 100644 --- a/contrib/aix/README +++ b/contrib/aix/README @@ -26,6 +26,7 @@ and for comparison with the output from this script, however no code from lppbuild is included and it is not required for operation. SRC support based on examples provided by Sandor Sklar and Maarten Kreuger. +PrivSep account handling fixes contributed by W. Earl Allen. Other notes: @@ -45,3 +46,5 @@ you get to keep both pieces. - Darren Tucker (dtucker at zip dot com dot au) 2002/03/01 + +$Id: README,v 1.4 2003/08/25 05:01:04 dtucker Exp $ diff --git a/contrib/aix/buildbff.sh b/contrib/aix/buildbff.sh index 3b3699660..727ac446d 100755 --- a/contrib/aix/buildbff.sh +++ b/contrib/aix/buildbff.sh @@ -1,6 +1,7 @@ #!/bin/sh # # buildbff.sh: Create AIX SMIT-installable OpenSSH packages +# $Id: buildbff.sh,v 1.6 2003/08/25 05:01:04 dtucker Exp $ # # Author: Darren Tucker (dtucker at zip dot com dot au) # This file is placed in the public domain and comes with absolutely @@ -14,9 +15,9 @@ # create a "config.local" in your build directory or set # environment variables to override these. # -[ -z "$PERMIT_ROOT_LOGIN" ] || PERMIT_ROOT_LOGIN=no -[ -z "$X11_FORWARDING" ] || X11_FORWARDING=no -[ -z "$AIX_SRC" ] || AIX_SRC=no +[ -z "$PERMIT_ROOT_LOGIN" ] && PERMIT_ROOT_LOGIN=no +[ -z "$X11_FORWARDING" ] && X11_FORWARDING=no +[ -z "$AIX_SRC" ] && AIX_SRC=no umask 022 @@ -31,7 +32,7 @@ else fi # -# We still support running from contrib/aix, but this is depreciated +# We still support running from contrib/aix, but this is deprecated # if pwd | egrep 'contrib/aix$' then @@ -121,7 +122,7 @@ cp $srcdir/README* $objdir/$PKGDIR/ # Extract common info requires for the 'info' part of the package. # AIX requires 4-part version numbers # -VERSION=`./ssh -V 2>&1 | sed -e 's/,.*//' | cut -f 2 -d _` +VERSION=`./ssh -V 2>&1 | cut -f 1 -d , | cut -f 2 -d _` MAJOR=`echo $VERSION | cut -f 1 -d p | cut -f 1 -d .` MINOR=`echo $VERSION | cut -f 1 -d p | cut -f 2 -d .` PATCH=`echo $VERSION | cut -f 1 -d p | cut -f 3 -d .` @@ -218,7 +219,7 @@ else fi # Create user if required - if cut -f1 -d: /etc/passwd | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null + if lsuser ALL | cut -f1 -d: | egrep '^'$SSH_PRIVSEP_USER'\$' >/dev/null then echo "PrivSep user $SSH_PRIVSEP_USER already exists." else diff --git a/contrib/aix/inventory.sh b/contrib/aix/inventory.sh index 619493ae2..6b0eaaf4e 100755 --- a/contrib/aix/inventory.sh +++ b/contrib/aix/inventory.sh @@ -1,6 +1,7 @@ #!/bin/sh # # inventory.sh +# $Id: inventory.sh,v 1.4 2003/08/25 05:01:04 dtucker Exp $ # # Originally written by Ben Lindstrom, modified by Darren Tucker to use perl # -- cgit v1.2.3 From 2fae867806fc3498be5bba343c6438068dfcf5b3 Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Tue, 26 Aug 2003 13:43:12 +1000 Subject: - (dtucker) [contrib/aix/inventory.sh] Add public domain notice. ok mouring@ (the original author) --- ChangeLog | 4 +++- contrib/aix/inventory.sh | 3 ++- 2 files changed, 5 insertions(+), 2 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index 8a606abc9..f2e790a2f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -33,6 +33,8 @@ configure.ac defines.h gss-serv-krb5.c session.c ssh-gss.h sshconnect1.c sshconnect2.c] Add Portable GSSAPI support, patch by Simon Wilkinson. - (dtucker) [Makefile.in] Remove auth2-krb5. + - (dtucker) [contrib/aix/inventory.sh] Add public domain notice. ok mouring@ + (the original author) 20030825 - (djm) Bug #621: Select OpenSC keys by usage attributes. Patch from @@ -905,4 +907,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2915 2003/08/26 02:22:04 dtucker Exp $ +$Id: ChangeLog,v 1.2916 2003/08/26 03:43:12 dtucker Exp $ diff --git a/contrib/aix/inventory.sh b/contrib/aix/inventory.sh index 6b0eaaf4e..4f408e678 100755 --- a/contrib/aix/inventory.sh +++ b/contrib/aix/inventory.sh @@ -1,9 +1,10 @@ #!/bin/sh # # inventory.sh -# $Id: inventory.sh,v 1.4 2003/08/25 05:01:04 dtucker Exp $ +# $Id: inventory.sh,v 1.5 2003/08/26 03:43:13 dtucker Exp $ # # Originally written by Ben Lindstrom, modified by Darren Tucker to use perl +# This file is placed into the public domain. # # This will produce an AIX package inventory file, which looks like: # -- cgit v1.2.3 From 42978c7f28217e4b276784f64e8cddbe4fde146d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 16 Sep 2003 13:59:42 +1000 Subject: - (djm) Crank spec versions --- ChangeLog | 3 ++- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 4 ++-- contrib/suse/openssh.spec | 2 +- 4 files changed, 7 insertions(+), 6 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index 93d88a511..cbb8a841e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -7,6 +7,7 @@ - deraadt@cvs.openbsd.org 2003/09/16 03:03:47 [buffer.c] do not expand buffer before attempting to reallocate it; markus ok + - (djm) Crank spec versions 20030914 - (dtucker) [Makefile regress/Makefile] Fix portability issues preventing @@ -1103,4 +1104,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2994 2003/09/16 03:31:03 mouring Exp $ +$Id: ChangeLog,v 1.2994.2.1 2003/09/16 03:59:42 djm Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 8e97c3818..4aaf6566f 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 3.6.1p2 + %define version 3.7p1 %define cvs %{nil} %define release 2 %else @@ -364,4 +364,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.43 2003/04/29 13:22:40 djm Exp $ +$Id: openssh.spec,v 1.43.2.1 2003/09/16 03:59:43 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 656e692e8..3fd1eef6d 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 3.6.1p2 +%define ver 3.7p1 %define rel 3 # OpenSSH privilege separation requires a user & group ID @@ -84,7 +84,7 @@ BuildPreReq: /bin/login %if ! %{build6x} BuildPreReq: glibc-devel, pam %else -BuildPreReq: db1-devel, /usr/include/security/pam_appl.h +BuildPreReq: /usr/include/security/pam_appl.h %endif %if ! %{no_x11_askpass} BuildPreReq: XFree86-devel diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index 707c3a221..ca7437bd6 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -1,6 +1,6 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 3.6.1p2 +Version: 3.7p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From 9d1471514608023cda6456f5a2e875cc5e4b9e77 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 16 Sep 2003 16:02:40 +1000 Subject: reset release numbers to 1 --- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'contrib') diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 4aaf6566f..97d6adf51 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -19,7 +19,7 @@ %if %{use_stable} %define version 3.7p1 %define cvs %{nil} - %define release 2 + %define release 1 %else %define version 2.9.9p2 %define cvs cvs20011009 @@ -364,4 +364,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.43.2.1 2003/09/16 03:59:43 djm Exp $ +$Id: openssh.spec,v 1.43.2.2 2003/09/16 06:02:40 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index 3fd1eef6d..ce7c564c3 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,5 +1,5 @@ %define ver 3.7p1 -%define rel 3 +%define rel 1 # OpenSSH privilege separation requires a user & group ID %define sshd_uid 74 -- cgit v1.2.3 From ade1cee573c0897cd08987dc14e23a555898cd12 Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Wed, 17 Sep 2003 07:35:09 +1000 Subject: rpm spec versions --- ChangeLog | 4 +++- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- 4 files changed, 7 insertions(+), 5 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index 8093c7abd..cfdafff42 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,6 +3,8 @@ - markus@cvs.openbsd.org 2003/09/16 21:02:40 [buffer.c channels.c version.h] more malloc/fatal fixes; ok millert/deraadt; ghudson at MIT.EDU + - (djm) Crank RPM spec versions + - (djm) Release 3.7.1p1 20030916 - (dtucker) [acconfig.h configure.ac defines.h session.c] Bug #252: Retrieve @@ -1113,4 +1115,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2994.2.5 2003/09/16 21:34:12 djm Exp $ +$Id: ChangeLog,v 1.2994.2.6 2003/09/16 21:35:09 djm Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 97d6adf51..7870639fe 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 3.7p1 + %define version 3.7.1p1 %define cvs %{nil} %define release 1 %else @@ -364,4 +364,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.43.2.2 2003/09/16 06:02:40 djm Exp $ +$Id: openssh.spec,v 1.43.2.3 2003/09/16 21:35:10 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index ce7c564c3..b65f37839 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 3.7p1 +%define ver 3.7.1p1 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index ca7437bd6..be6971d6e 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -1,6 +1,6 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 3.7p1 +Version: 3.7.1p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz -- cgit v1.2.3 From 7283b27e08aeed2c3c3194e7fed788ac1e8a15eb Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 22 Sep 2003 12:32:43 +1000 Subject: - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config] Update ssh-host-config to match current defaults, bump README version. Patch from vinschen at redhat.com. --- ChangeLog | 5 ++++- contrib/cygwin/README | 2 +- contrib/cygwin/ssh-host-config | 23 ++++++++++++++--------- 3 files changed, 19 insertions(+), 11 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index 933b8094d..3b389705d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -13,6 +13,9 @@ openbsd-compat/fake-rfc2553.h] Bug #659: Test for and handle systems with where gai_strerror is defined as "const char *". Part of patch supplied by bugzilla-openssh at thewrittenword.com + - (dtucker) [contrib/cygwin/README contrib/cygwin/ssh-host-config] Update + ssh-host-config to match current defaults, bump README version. Patch from + vinschen at redhat.com. 20030919 - (djm) Bug #683: Remove reference to --with-ipv4-default from INSTALL; @@ -1145,4 +1148,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2994.2.19 2003/09/22 02:09:17 dtucker Exp $ +$Id: ChangeLog,v 1.2994.2.20 2003/09/22 02:32:43 dtucker Exp $ diff --git a/contrib/cygwin/README b/contrib/cygwin/README index 71ea3455f..ec58964c9 100644 --- a/contrib/cygwin/README +++ b/contrib/cygwin/README @@ -1,4 +1,4 @@ -This package is the actual port of OpenSSH to Cygwin 1.3. +This package is the actual port of OpenSSH to Cygwin 1.5. =========================================================================== Important change since 3.4p1-2: diff --git a/contrib/cygwin/ssh-host-config b/contrib/cygwin/ssh-host-config index 2c6db51e5..e9c56aea9 100644 --- a/contrib/cygwin/ssh-host-config +++ b/contrib/cygwin/ssh-host-config @@ -279,12 +279,14 @@ then # Host * # ForwardAgent no # ForwardX11 no -# RhostsAuthentication no # RhostsRSAAuthentication no # RSAAuthentication yes # PasswordAuthentication yes +# HostbasedAuthentication no # BatchMode no # CheckHostIP yes +# AddressFamily any +# ConnectTimeout 0 # StrictHostKeyChecking ask # IdentityFile ~/.ssh/identity # IdentityFile ~/.ssh/id_dsa @@ -397,7 +399,7 @@ Port $port_number #HostKey ${SYSCONFDIR}/ssh_host_dsa_key # Lifetime and size of ephemeral version 1 server key -#KeyRegenerationInterval 3600 +#KeyRegenerationInterval 1h #ServerKeyBits 768 # Logging @@ -407,7 +409,7 @@ Port $port_number # Authentication: -#LoginGraceTime 120 +#LoginGraceTime 2m #PermitRootLogin yes # The following setting overrides permission checks on host key files # and directories. For security reasons set this to "yes" when running @@ -418,10 +420,6 @@ StrictModes no #PubkeyAuthentication yes #AuthorizedKeysFile .ssh/authorized_keys -# rhosts authentication should not be used -#RhostsAuthentication no -# Don't read the user's ~/.rhosts and ~/.shosts files -#IgnoreRhosts yes # For this to work you will also need host keys in ${SYSCONFDIR}/ssh_known_hosts #RhostsRSAAuthentication no # similar for protocol version 2 @@ -429,6 +427,8 @@ StrictModes no # Change to yes if you don't trust ~/.ssh/known_hosts for # RhostsRSAAuthentication and HostbasedAuthentication #IgnoreUserKnownHosts no +# Don't read the user's ~/.rhosts and ~/.shosts files +#IgnoreRhosts yes # To disable tunneled clear text passwords, change to no here! #PasswordAuthentication yes @@ -437,6 +437,8 @@ StrictModes no # Change to no to disable s/key passwords #ChallengeResponseAuthentication yes +#AllowTcpForwarding yes +#GatewayPorts no #X11Forwarding no #X11DisplayOffset 10 #X11UseLocalhost yes @@ -447,11 +449,14 @@ StrictModes no UsePrivilegeSeparation $privsep_used #PermitUserEnvironment no #Compression yes - +#ClientAliveInterval 0 +#ClientAliveCountMax 3 +#UseDNS yes +#PidFile /var/run/sshd.pid #MaxStartups 10 + # no default banner path #Banner /some/path -#VerifyReverseMapping no # override default of no subsystems Subsystem sftp /usr/sbin/sftp-server -- cgit v1.2.3 From d77263ea5c4f0df91bfec4ecef6e69643c9065dc Mon Sep 17 00:00:00 2001 From: Darren Tucker Date: Mon, 22 Sep 2003 20:42:16 +1000 Subject: - (dtucker) [contrib/aix/pam.conf] Include example pam.conf for AIX from article by genty at austin.ibm.com, included with the author's permission. --- ChangeLog | 4 +++- contrib/aix/pam.conf | 20 ++++++++++++++++++++ 2 files changed, 23 insertions(+), 1 deletion(-) create mode 100644 contrib/aix/pam.conf (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index a927b1d1d..643aafa92 100644 --- a/ChangeLog +++ b/ChangeLog @@ -27,6 +27,8 @@ - (tim) Fix typo. s/SETEIUD_BREAKS_SETUID/SETEUID_BREAKS_SETUID/ - (tim) [configure.ac] Bug 665: move 3 new AC_DEFINES outside of AC_TRY_RUN. Report by distler AT golem ph utexas edu. + - (dtucker) [contrib/aix/pam.conf] Include example pam.conf for AIX from + article by genty at austin.ibm.com, included with the author's permission. 20030919 - (djm) Bug #683: Remove reference to --with-ipv4-default from INSTALL; @@ -1159,4 +1161,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2994.2.25 2003/09/22 04:39:14 tim Exp $ +$Id: ChangeLog,v 1.2994.2.26 2003/09/22 10:42:16 dtucker Exp $ diff --git a/contrib/aix/pam.conf b/contrib/aix/pam.conf new file mode 100644 index 000000000..1495f43cb --- /dev/null +++ b/contrib/aix/pam.conf @@ -0,0 +1,20 @@ +# +# PAM configuration file /etc/pam.conf +# Example for OpenSSH on AIX 5.2 +# + +# Authentication Management +sshd auth required /usr/lib/security/pam_aix +OTHER auth required /usr/lib/security/pam_aix + +# Account Management +sshd account required /usr/lib/security/pam_aix +OTHER account required /usr/lib/security/pam_aix + +# Session Management +sshd password required /usr/lib/security/pam_aix +OTHER password required /usr/lib/security/pam_aix + +# Password Management +sshd session required /usr/lib/security/pam_aix +OTHER session required /usr/lib/security/pam_aix -- cgit v1.2.3 From b5f8e5d4c6e0c65e6f112bd702acd2039f9d2d4d Mon Sep 17 00:00:00 2001 From: Damien Miller Date: Tue, 23 Sep 2003 19:26:51 +1000 Subject: - (djm) Crank version.h and spec version numbers --- ChangeLog | 3 ++- contrib/caldera/openssh.spec | 4 ++-- contrib/redhat/openssh.spec | 2 +- contrib/suse/openssh.spec | 2 +- version.h | 2 +- 5 files changed, 7 insertions(+), 6 deletions(-) (limited to 'contrib') diff --git a/ChangeLog b/ChangeLog index 9b34d4a6e..756b67fd4 100644 --- a/ChangeLog +++ b/ChangeLog @@ -21,6 +21,7 @@ - (djm) Enable build with old OpenSSL again - (djm) Trim deprecated options from INSTALL. Mention UsePAM - (djm) Fix quote handling in sftp; Patch from admorten AT umich.edu + - (djm) Crank version.h and spec version numbers 20030922 - (dtucker) [Makefile.in] Bug #644: Fix "make clean" for out-of-tree @@ -1186,4 +1187,4 @@ - Fix sshd BindAddress and -b options for systems using fake-getaddrinfo. Report from murple@murple.net, diagnosis from dtucker@zip.com.au -$Id: ChangeLog,v 1.2994.2.32 2003/09/23 09:24:21 djm Exp $ +$Id: ChangeLog,v 1.2994.2.33 2003/09/23 09:26:51 djm Exp $ diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec index 7870639fe..c58b1d4ff 100644 --- a/contrib/caldera/openssh.spec +++ b/contrib/caldera/openssh.spec @@ -17,7 +17,7 @@ #old cvs stuff. please update before use. may be deprecated. %define use_stable 1 %if %{use_stable} - %define version 3.7.1p1 + %define version 3.7.1p2 %define cvs %{nil} %define release 1 %else @@ -364,4 +364,4 @@ fi * Mon Jan 01 1998 ... Template Version: 1.31 -$Id: openssh.spec,v 1.43.2.3 2003/09/16 21:35:10 djm Exp $ +$Id: openssh.spec,v 1.43.2.4 2003/09/23 09:26:52 djm Exp $ diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec index b65f37839..20ccb6fac 100644 --- a/contrib/redhat/openssh.spec +++ b/contrib/redhat/openssh.spec @@ -1,4 +1,4 @@ -%define ver 3.7.1p1 +%define ver 3.7.1p2 %define rel 1 # OpenSSH privilege separation requires a user & group ID diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec index be6971d6e..940bc4ade 100644 --- a/contrib/suse/openssh.spec +++ b/contrib/suse/openssh.spec @@ -1,6 +1,6 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 3.7.1p1 +Version: 3.7.1p2 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff --git a/version.h b/version.h index 20daac42a..0a98e4290 100644 --- a/version.h +++ b/version.h @@ -1,3 +1,3 @@ /* $OpenBSD: version.h,v 1.39 2003/09/16 21:02:40 markus Exp $ */ -#define SSH_VERSION "OpenSSH_3.7.1p1" +#define SSH_VERSION "OpenSSH_3.7.1p2" -- cgit v1.2.3