diff options
| author |   Mike Frysinger <vapier@gentoo.org> | 2009-08-23 10:37:48 +0000 |
|---|---|---|
| committer | Mike Frysinger <vapier@gentoo.org> | 2009-08-23 10:37:48 +0000 |
| commit | 0b305e31ec1ce9d46bdb815b0636c3c11565f7a6 (patch) | |
| tree | 5fa825a9c9a44039ea38bebe71e4148f28214129 /net-misc/openssh/files | |
| parent | ppc stable #278864 (diff) | |
| download | historical-0b305e31ec1ce9d46bdb815b0636c3c11565f7a6.tar.gz historical-0b305e31ec1ce9d46bdb815b0636c3c11565f7a6.tar.bz2 historical-0b305e31ec1ce9d46bdb815b0636c3c11565f7a6.zip | |
Update x509 patch, update gsskex patch #279488 by Harald Barth, and update x509/hpn glue #270508 by BedOS_Gui.
Package-Manager: portage-2.2_rc38/cvs/Linux x86_64
Diffstat (limited to 'net-misc/openssh/files')
| -rw-r--r-- | net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch | 16 | ||||
| -rw-r--r-- | net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch | 91 |
2 files changed, 107 insertions, 0 deletions
diff --git a/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch b/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch new file mode 100644 index 000000000000..8112d6252f25 --- /dev/null +++ b/net-misc/openssh/files/openssh-5.2_p1-gsskex-fix.patch @@ -0,0 +1,16 @@ +--- clientloop.c ++++ clientloop.c +@@ -1434,11 +1434,13 @@ + if (!rekeying) { + channel_after_select(readset, writeset); + ++#ifdef GSSAPI + if (options.gss_renewal_rekey && + ssh_gssapi_credentials_updated(GSS_C_NO_CONTEXT)) { + debug("credentials updated - forcing rekey"); + need_rekeying = 1; + } ++#endif + + if (need_rekeying || packet_need_rekeying()) { + debug("need rekeying"); diff --git a/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch b/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch new file mode 100644 index 000000000000..9428b74f3ca0 --- /dev/null +++ b/net-misc/openssh/files/openssh-5.2_p1-x509-hpn-glue.patch @@ -0,0 +1,91 @@ +Move things around so hpn applies cleanly when using X509. + +--- openssh-5.2p1+x509/Makefile.in ++++ openssh-5.2p1+x509/Makefile.in +@@ -44,11 +44,12 @@ + CC=@CC@ + LD=@LD@ + CFLAGS=@CFLAGS@ +-CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ @LDAP_CPPFLAGS@ $(PATHS) @DEFS@ ++CPPFLAGS=-I. -I$(srcdir) @CPPFLAGS@ $(PATHS) @DEFS@ + LIBS=@LIBS@ + SSHDLIBS=@SSHDLIBS@ + LIBEDIT=@LIBEDIT@ + LIBLDAP=@LDAP_LDFLAGS@ @LDAP_LIBS@ ++CPPFLAGS += @LDAP_CPPFLAGS@ + AR=@AR@ + AWK=@AWK@ + RANLIB=@RANLIB@ +--- openssh-5.2p1+x509/servconf.c ++++ openssh-5.2p1+x509/servconf.c +@@ -108,6 +108,17 @@ + options->log_level = SYSLOG_LEVEL_NOT_SET; + options->rhosts_rsa_authentication = -1; + options->hostbased_authentication = -1; ++ options->hostbased_algorithms = NULL; ++ options->pubkey_algorithms = NULL; ++ ssh_x509flags_initialize(&options->x509flags, 1); ++#ifndef SSH_X509STORE_DISABLED ++ ssh_x509store_initialize(&options->ca); ++#endif /*ndef SSH_X509STORE_DISABLED*/ ++#ifdef SSH_OCSP_ENABLED ++ options->va.type = -1; ++ options->va.certificate_file = NULL; ++ options->va.responder_url = NULL; ++#endif /*def SSH_OCSP_ENABLED*/ + options->hostbased_uses_name_from_packet_only = -1; + options->rsa_authentication = -1; + options->pubkey_authentication = -1; +@@ -152,18 +163,6 @@ + options->adm_forced_command = NULL; + options->chroot_directory = NULL; + options->zero_knowledge_password_authentication = -1; +- +- options->hostbased_algorithms = NULL; +- options->pubkey_algorithms = NULL; +- ssh_x509flags_initialize(&options->x509flags, 1); +-#ifndef SSH_X509STORE_DISABLED +- ssh_x509store_initialize(&options->ca); +-#endif /*ndef SSH_X509STORE_DISABLED*/ +-#ifdef SSH_OCSP_ENABLED +- options->va.type = -1; +- options->va.certificate_file = NULL; +- options->va.responder_url = NULL; +-#endif /*def SSH_OCSP_ENABLED*/ + } + + void +@@ -341,6 +340,16 @@ + /* Portable-specific options */ + sUsePAM, + /* Standard Options */ ++ sHostbasedAlgorithms, ++ sPubkeyAlgorithms, ++ sX509KeyAlgorithm, ++ sAllowedClientCertPurpose, ++ sKeyAllowSelfIssued, sMandatoryCRL, ++ sCACertificateFile, sCACertificatePath, ++ sCARevocationFile, sCARevocationPath, ++ sCAldapVersion, sCAldapURL, ++ sVAType, sVACertificateFile, ++ sVAOCSPResponderURL, + sPort, sHostKeyFile, sServerKeyBits, sLoginGraceTime, sKeyRegenerationTime, + sPermitRootLogin, sLogFacility, sLogLevel, + sRhostsRSAAuthentication, sRSAAuthentication, +@@ -364,16 +373,6 @@ + sMatch, sPermitOpen, sForceCommand, sChrootDirectory, + sUsePrivilegeSeparation, sAllowAgentForwarding, + sZeroKnowledgePasswordAuthentication, +- sHostbasedAlgorithms, +- sPubkeyAlgorithms, +- sX509KeyAlgorithm, +- sAllowedClientCertPurpose, +- sKeyAllowSelfIssued, sMandatoryCRL, +- sCACertificateFile, sCACertificatePath, +- sCARevocationFile, sCARevocationPath, +- sCAldapVersion, sCAldapURL, +- sVAType, sVACertificateFile, +- sVAOCSPResponderURL, + sDeprecated, sUnsupported + } ServerOpCodes; + |