| 1 |
vapier 09/08/23 10:37:48 |
| 2 |
|
| 3 |
Added: openssh-5.2_p1-x509-hpn-glue.patch |
| 4 |
openssh-5.2_p1-gsskex-fix.patch |
| 5 |
Log: |
| 6 |
Update x509 patch, update gsskex patch #279488 by Harald Barth, and update x509/hpn glue #270508 by BedOS_Gui. |
| 7 |
(Portage version: 2.2_rc38/cvs/Linux x86_64) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.1 net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch?rev=1.1&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch?rev=1.1&content-type=text/plain |
| 14 |
|
| 15 |
Index: openssh-5.2_p1-x509-hpn-glue.patch |
| 16 |
=================================================================== |
| 17 |
Move things around so hpn applies cleanly when using X509. |
| 18 |
|
| 19 |
--- openssh-5.2p1+x509/Makefile.in |
| 20 |
+++ openssh-5.2p1+x509/Makefile.in |
| 21 |
@@ -44,11 +44,12 @@ |
| 22 |
CC=@CC@ |
| 23 |
LD=@LD@ |
| 24 |
CFLAGS=@CFLAGS@ |
| 25 |
-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ |
| 26 |
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ |
| 27 |
LIBS=@LIBS@ |
| 28 |
SSHDLIBS=@SSHDLIBS@ |
| 29 |
LIBEDIT=@LIBEDIT@ |
| 30 |
LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ |
| 31 |
+CPPFLAGS += @LDAP_CPPFLAGS@ |
| 32 |
AR=@AR@ |
| 33 |
AWK=@AWK@ |
| 34 |
RANLIB=@RANLIB@ |
| 35 |
--- openssh-5.2p1+x509/servconf.c |
| 36 |
+++ openssh-5.2p1+x509/servconf.c |
| 37 |
@@ -108,6 +108,17 @@ |
| 38 |
options->log_level = SYSLOG_LEVEL_NOT_SET; |
| 39 |
options->rhosts_rsa_authentication = -1; |
| 40 |
options->hostbased_authentication = -1; |
| 41 |
+ options->hostbased_algorithms = NULL; |
| 42 |
+ options->pubkey_algorithms = NULL; |
| 43 |
+ ssh_x509flags_initialize(&options->x509flags, 1); |
| 44 |
+#ifndef SSH_X509STORE_DISABLED |
| 45 |
+ ssh_x509store_initialize(&options->ca); |
| 46 |
+#endif /*ndef SSH_X509STORE_DISABLED*/ |
| 47 |
+#ifdef SSH_OCSP_ENABLED |
| 48 |
+ options->va.type = -1; |
| 49 |
+ options->va.certificate_file = NULL; |
| 50 |
+ options->va.responder_url = NULL; |
| 51 |
+#endif /*def SSH_OCSP_ENABLED*/ |
| 52 |
options->hostbased_uses_name_from_packet_only = -1; |
| 53 |
options->rsa_authentication = -1; |
| 54 |
options->pubkey_authentication = -1; |
| 55 |
@@ -152,18 +163,6 @@ |
| 56 |
options->adm_forced_command = NULL; |
| 57 |
options->chroot_directory = NULL; |
| 58 |
options->zero_knowledge_password_authentication = -1; |
| 59 |
- |
| 60 |
- options->hostbased_algorithms = NULL; |
| 61 |
- options->pubkey_algorithms = NULL; |
| 62 |
- ssh_x509flags_initialize(&options->x509flags, 1); |
| 63 |
-#ifndef SSH_X509STORE_DISABLED |
| 64 |
- ssh_x509store_initialize(&options->ca); |
| 65 |
-#endif /*ndef SSH_X509STORE_DISABLED*/ |
| 66 |
-#ifdef SSH_OCSP_ENABLED |
| 67 |
- options->va.type = -1; |
| 68 |
- options->va.certificate_file = NULL; |
| 69 |
- options->va.responder_url = NULL; |
| 70 |
-#endif /*def SSH_OCSP_ENABLED*/ |
| 71 |
} |
| 72 |
|
| 73 |
void |
| 74 |
@@ -341,6 +340,16 @@ |
| 75 |
/* Portable-specific options */ |
| 76 |
sUsePAM, |
| 77 |
/* Standard Options */ |
| 78 |
+ sHostbasedAlgorithms, |
| 79 |
+ sPubkeyAlgorithms, |
| 80 |
+ sX509KeyAlgorithm, |
| 81 |
+ sAllowedClientCertPurpose, |
| 82 |
+ sKeyAllowSelfIssued, sMandatoryCRL, |
| 83 |
+ sCACertificateFile, sCACertificatePath, |
| 84 |
+ sCARevocationFile, sCARevocationPath, |
| 85 |
+ sCAldapVersion, sCAldapURL, |
| 86 |
+ sVAType, sVACertificateFile, |
| 87 |
+ sVAOCSPResponderURL, |
| 88 |
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, |
| 89 |
sPermitRootLogin, sLogFacility, sLogLevel, |
| 90 |
sRhostsRSAAuthentication, sRSAAuthentication, |
| 91 |
@@ -364,16 +373,6 @@ |
| 92 |
sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 93 |
sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 94 |
sZeroKnowledgePasswordAuthentication, |
| 95 |
- sHostbasedAlgorithms, |
| 96 |
- sPubkeyAlgorithms, |
| 97 |
- sX509KeyAlgorithm, |
| 98 |
- sAllowedClientCertPurpose, |
| 99 |
- sKeyAllowSelfIssued, sMandatoryCRL, |
| 100 |
- sCACertificateFile, sCACertificatePath, |
| 101 |
- sCARevocationFile, sCARevocationPath, |
| 102 |
- sCAldapVersion, sCAldapURL, |
| 103 |
- sVAType, sVACertificateFile, |
| 104 |
- sVAOCSPResponderURL, |
| 105 |
sDeprecated, sUnsupported |
| 106 |
} ServerOpCodes; |
| 107 |
|
| 108 |
|
| 109 |
|
| 110 |
|
| 111 |
1.1 net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch |
| 112 |
|
| 113 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch?rev=1.1&view=markup |
| 114 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch?rev=1.1&content-type=text/plain |
| 115 |
|
| 116 |
Index: openssh-5.2_p1-gsskex-fix.patch |
| 117 |
=================================================================== |
| 118 |
--- clientloop.c |
| 119 |
+++ clientloop.c |
| 120 |
@@ -1434,11 +1434,13 @@ |
| 121 |
if (!rekeying) { |
| 122 |
channel_after_select(readset, writeset); |
| 123 |
|
| 124 |
+#ifdef GSSAPI |
| 125 |
if (options.gss_renewal_rekey && |
| 126 |
ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { |
| 127 |
debug("credentials updated - forcing rekey"); |
| 128 |
need_rekeying = 1; |
| 129 |
} |
| 130 |
+#endif |
| 131 |
|
| 132 |
if (need_rekeying || packet_need_rekeying()) { |
| 133 |
debug("need rekeying"); |
Archives