1 |
vapier 09/08/23 10:37:48 |
2 |
|
3 |
Added: openssh-5.2_p1-x509-hpn-glue.patch |
4 |
openssh-5.2_p1-gsskex-fix.patch |
5 |
Log: |
6 |
Update x509 patch, update gsskex patch #279488 by Harald Barth, and update x509/hpn glue #270508 by BedOS_Gui. |
7 |
(Portage version: 2.2_rc38/cvs/Linux x86_64) |
8 |
|
9 |
Revision Changes Path |
10 |
1.1 net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch?rev=1.1&view=markup |
13 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch?rev=1.1&content-type=text/plain |
14 |
|
15 |
Index: openssh-5.2_p1-x509-hpn-glue.patch |
16 |
=================================================================== |
17 |
Move things around so hpn applies cleanly when using X509. |
18 |
|
19 |
--- openssh-5.2p1+x509/Makefile.in |
20 |
+++ openssh-5.2p1+x509/Makefile.in |
21 |
@@ -44,11 +44,12 @@ |
22 |
CC=@CC@ |
23 |
LD=@LD@ |
24 |
CFLAGS=@CFLAGS@ |
25 |
-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ |
26 |
+CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ |
27 |
LIBS=@LIBS@ |
28 |
SSHDLIBS=@SSHDLIBS@ |
29 |
LIBEDIT=@LIBEDIT@ |
30 |
LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ |
31 |
+CPPFLAGS += @LDAP_CPPFLAGS@ |
32 |
AR=@AR@ |
33 |
AWK=@AWK@ |
34 |
RANLIB=@RANLIB@ |
35 |
--- openssh-5.2p1+x509/servconf.c |
36 |
+++ openssh-5.2p1+x509/servconf.c |
37 |
@@ -108,6 +108,17 @@ |
38 |
options->log_level = SYSLOG_LEVEL_NOT_SET; |
39 |
options->rhosts_rsa_authentication = -1; |
40 |
options->hostbased_authentication = -1; |
41 |
+ options->hostbased_algorithms = NULL; |
42 |
+ options->pubkey_algorithms = NULL; |
43 |
+ ssh_x509flags_initialize(&options->x509flags, 1); |
44 |
+#ifndef SSH_X509STORE_DISABLED |
45 |
+ ssh_x509store_initialize(&options->ca); |
46 |
+#endif /*ndef SSH_X509STORE_DISABLED*/ |
47 |
+#ifdef SSH_OCSP_ENABLED |
48 |
+ options->va.type = -1; |
49 |
+ options->va.certificate_file = NULL; |
50 |
+ options->va.responder_url = NULL; |
51 |
+#endif /*def SSH_OCSP_ENABLED*/ |
52 |
options->hostbased_uses_name_from_packet_only = -1; |
53 |
options->rsa_authentication = -1; |
54 |
options->pubkey_authentication = -1; |
55 |
@@ -152,18 +163,6 @@ |
56 |
options->adm_forced_command = NULL; |
57 |
options->chroot_directory = NULL; |
58 |
options->zero_knowledge_password_authentication = -1; |
59 |
- |
60 |
- options->hostbased_algorithms = NULL; |
61 |
- options->pubkey_algorithms = NULL; |
62 |
- ssh_x509flags_initialize(&options->x509flags, 1); |
63 |
-#ifndef SSH_X509STORE_DISABLED |
64 |
- ssh_x509store_initialize(&options->ca); |
65 |
-#endif /*ndef SSH_X509STORE_DISABLED*/ |
66 |
-#ifdef SSH_OCSP_ENABLED |
67 |
- options->va.type = -1; |
68 |
- options->va.certificate_file = NULL; |
69 |
- options->va.responder_url = NULL; |
70 |
-#endif /*def SSH_OCSP_ENABLED*/ |
71 |
} |
72 |
|
73 |
void |
74 |
@@ -341,6 +340,16 @@ |
75 |
/* Portable-specific options */ |
76 |
sUsePAM, |
77 |
/* Standard Options */ |
78 |
+ sHostbasedAlgorithms, |
79 |
+ sPubkeyAlgorithms, |
80 |
+ sX509KeyAlgorithm, |
81 |
+ sAllowedClientCertPurpose, |
82 |
+ sKeyAllowSelfIssued, sMandatoryCRL, |
83 |
+ sCACertificateFile, sCACertificatePath, |
84 |
+ sCARevocationFile, sCARevocationPath, |
85 |
+ sCAldapVersion, sCAldapURL, |
86 |
+ sVAType, sVACertificateFile, |
87 |
+ sVAOCSPResponderURL, |
88 |
sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, |
89 |
sPermitRootLogin, sLogFacility, sLogLevel, |
90 |
sRhostsRSAAuthentication, sRSAAuthentication, |
91 |
@@ -364,16 +373,6 @@ |
92 |
sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
93 |
sUsePrivilegeSeparation, sAllowAgentForwarding, |
94 |
sZeroKnowledgePasswordAuthentication, |
95 |
- sHostbasedAlgorithms, |
96 |
- sPubkeyAlgorithms, |
97 |
- sX509KeyAlgorithm, |
98 |
- sAllowedClientCertPurpose, |
99 |
- sKeyAllowSelfIssued, sMandatoryCRL, |
100 |
- sCACertificateFile, sCACertificatePath, |
101 |
- sCARevocationFile, sCARevocationPath, |
102 |
- sCAldapVersion, sCAldapURL, |
103 |
- sVAType, sVACertificateFile, |
104 |
- sVAOCSPResponderURL, |
105 |
sDeprecated, sUnsupported |
106 |
} ServerOpCodes; |
107 |
|
108 |
|
109 |
|
110 |
|
111 |
1.1 net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch |
112 |
|
113 |
file : http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch?rev=1.1&view=markup |
114 |
plain: http://sources.gentoo.org/viewcvs.py/gentoo-x86/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch?rev=1.1&content-type=text/plain |
115 |
|
116 |
Index: openssh-5.2_p1-gsskex-fix.patch |
117 |
=================================================================== |
118 |
--- clientloop.c |
119 |
+++ clientloop.c |
120 |
@@ -1434,11 +1434,13 @@ |
121 |
if (!rekeying) { |
122 |
channel_after_select(readset, writeset); |
123 |
|
124 |
+#ifdef GSSAPI |
125 |
if (options.gss_renewal_rekey && |
126 |
ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { |
127 |
debug("credentials updated - forcing rekey"); |
128 |
need_rekeying = 1; |
129 |
} |
130 |
+#endif |
131 |
|
132 |
if (need_rekeying || packet_need_rekeying()) { |
133 |
debug("need rekeying"); |