diff --git a/openssh-6.7p1-fips.patch b/openssh-6.7p1-fips.patch index 0aafdcc..e2931f2 100644 --- a/openssh-6.7p1-fips.patch +++ b/openssh-6.7p1-fips.patch @@ -661,7 +661,7 @@ diff -up openssh-6.8p1/servconf.c.fips openssh-6.8p1/servconf.c + ? KEX_FIPS_ENCRYPT : KEX_SERVER_ENCRYPT); + dump_cfg_string(sMacs, o->macs ? o->macs : FIPS_mode() + ? KEX_FIPS_MAC : KEX_SERVER_MAC); - dump_cfg_string(sBanner, o->banner); + dump_cfg_string(sBanner, o->banner != NULL ? o->banner : "none"); dump_cfg_string(sForceCommand, o->adm_forced_command); dump_cfg_string(sChrootDirectory, o->chroot_directory); @@ -2240,8 +2242,8 @@ dump_config(ServerOptions *o) diff --git a/openssh-6.7p1-sshdT-output.patch b/openssh-6.7p1-sshdT-output.patch deleted file mode 100644 index aa09346..0000000 --- a/openssh-6.7p1-sshdT-output.patch +++ /dev/null @@ -1,56 +0,0 @@ -diff -up openssh-6.8p1/servconf.c.sshdt openssh-6.8p1/servconf.c ---- openssh-6.8p1/servconf.c.sshdt 2015-03-18 13:07:24.457858235 +0100 -+++ openssh-6.8p1/servconf.c 2015-03-18 13:09:27.253557396 +0100 -@@ -2118,6 +2118,8 @@ dump_cfg_strarray_oneline(ServerOpCodes - { - u_int i; - -+ if (count <= 0) -+ return; - printf("%s", lookup_opcode_name(code)); - for (i = 0; i < count; i++) - printf(" %s", vals[i]); -@@ -2156,7 +2158,7 @@ dump_config(ServerOptions *o) - - /* integer arguments */ - #ifdef USE_PAM -- dump_cfg_int(sUsePAM, o->use_pam); -+ dump_cfg_fmtint(sUsePAM, o->use_pam); - #endif - dump_cfg_int(sServerKeyBits, o->server_key_bits); - dump_cfg_int(sLoginGraceTime, o->login_grace_time); -@@ -2166,6 +2168,7 @@ dump_config(ServerOptions *o) - dump_cfg_int(sMaxSessions, o->max_sessions); - dump_cfg_int(sClientAliveInterval, o->client_alive_interval); - dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); -+ dump_cfg_int(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); - - /* formatted integer arguments */ - dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); -@@ -2213,6 +2216,7 @@ dump_config(ServerOptions *o) - dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel); - dump_cfg_fmtint(sUseDNS, o->use_dns); - dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); -+ dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); - dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); - dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); - dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); -@@ -2231,7 +2235,8 @@ dump_config(ServerOptions *o) - dump_cfg_string(sRevokedKeys, o->revoked_keys_file); - dump_cfg_string(sAuthorizedPrincipalsFile, - o->authorized_principals_file); -- dump_cfg_string(sVersionAddendum, o->version_addendum); -+ dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' -+ ? "none" : o->version_addendum); - dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); - dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); - dump_cfg_string(sHostKeyAgent, o->host_key_agent); -@@ -2251,7 +2256,7 @@ dump_config(ServerOptions *o) - o->authorized_keys_files); - dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, - o->host_key_files); -- dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, -+ dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, - o->host_cert_files); - dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); - dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); diff --git a/openssh-6.8p1-sshdT-output.patch b/openssh-6.8p1-sshdT-output.patch new file mode 100644 index 0000000..30685ed --- /dev/null +++ b/openssh-6.8p1-sshdT-output.patch @@ -0,0 +1,64 @@ +diff -up openssh-6.8p1/servconf.c.sshdt openssh-6.8p1/servconf.c +--- openssh-6.8p1/servconf.c.sshdt 2015-05-28 13:32:55.728821389 +0200 ++++ openssh-6.8p1/servconf.c 2015-05-28 13:34:01.937750270 +0200 +@@ -2118,6 +2118,8 @@ dump_cfg_strarray_oneline(ServerOpCodes + { + u_int i; + ++ if (count <= 0) ++ return; + printf("%s", lookup_opcode_name(code)); + for (i = 0; i < count; i++) + printf(" %s", vals[i]); +@@ -2156,7 +2158,7 @@ dump_config(ServerOptions *o) + + /* integer arguments */ + #ifdef USE_PAM +- dump_cfg_int(sUsePAM, o->use_pam); ++ dump_cfg_fmtint(sUsePAM, o->use_pam); + #endif + dump_cfg_int(sServerKeyBits, o->server_key_bits); + dump_cfg_int(sLoginGraceTime, o->login_grace_time); +@@ -2166,6 +2168,7 @@ dump_config(ServerOptions *o) + dump_cfg_int(sMaxSessions, o->max_sessions); + dump_cfg_int(sClientAliveInterval, o->client_alive_interval); + dump_cfg_int(sClientAliveCountMax, o->client_alive_count_max); ++ dump_cfg_int(sStreamLocalBindMask, o->fwd_opts.streamlocal_bind_mask); + + /* formatted integer arguments */ + dump_cfg_fmtint(sPermitRootLogin, o->permit_root_login); +@@ -2213,6 +2216,7 @@ dump_config(ServerOptions *o) + dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel); + dump_cfg_fmtint(sUseDNS, o->use_dns); + dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); ++ dump_cfg_fmtint(sAllowAgentForwarding, o->allow_agent_forwarding); + dump_cfg_fmtint(sAllowStreamLocalForwarding, o->allow_streamlocal_forwarding); + dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); + dump_cfg_fmtint(sFingerprintHash, o->fingerprint_hash); +@@ -2224,14 +2228,15 @@ dump_config(ServerOptions *o) + dump_cfg_string(sXAuthLocation, o->xauth_location); + dump_cfg_string(sCiphers, o->ciphers ? o->ciphers : KEX_SERVER_ENCRYPT); + dump_cfg_string(sMacs, o->macs ? o->macs : KEX_SERVER_MAC); +- dump_cfg_string(sBanner, o->banner); ++ dump_cfg_string(sBanner, o->banner != NULL ? o->banner : "none"); + dump_cfg_string(sForceCommand, o->adm_forced_command); + dump_cfg_string(sChrootDirectory, o->chroot_directory); + dump_cfg_string(sTrustedUserCAKeys, o->trusted_user_ca_keys); + dump_cfg_string(sRevokedKeys, o->revoked_keys_file); + dump_cfg_string(sAuthorizedPrincipalsFile, + o->authorized_principals_file); +- dump_cfg_string(sVersionAddendum, o->version_addendum); ++ dump_cfg_string(sVersionAddendum, *o->version_addendum == '\0' ++ ? "none" : o->version_addendum); + dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); + dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); + dump_cfg_string(sHostKeyAgent, o->host_key_agent); +@@ -2251,7 +2256,7 @@ dump_config(ServerOptions *o) + o->authorized_keys_files); + dump_cfg_strarray(sHostKeyFile, o->num_host_key_files, + o->host_key_files); +- dump_cfg_strarray(sHostKeyFile, o->num_host_cert_files, ++ dump_cfg_strarray(sHostCertificate, o->num_host_cert_files, + o->host_cert_files); + dump_cfg_strarray(sAllowUsers, o->num_allow_users, o->allow_users); + dump_cfg_strarray(sDenyUsers, o->num_deny_users, o->deny_users); diff --git a/openssh.spec b/openssh.spec index d694951..c5c769e 100644 --- a/openssh.spec +++ b/openssh.spec @@ -209,7 +209,7 @@ Patch920: openssh-6.6.1p1-ip-port-config-parser.patch # https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html Patch921: openssh-6.7p1-debian-restore-tcp-wrappers.patch # apply upstream patch and make sshd -T more consistent (#1187521) -Patch922: openssh-6.7p1-sshdT-output.patch +Patch922: openssh-6.8p1-sshdT-output.patch # fix ssh-copy-id on non-sh shells (#1045191) Patch923: openssh-6.8p1-fix-ssh-copy-id-on-non-sh-shell.patch # AArch64 has seccomp support since 3.19 kernel (#1195065)