[arch-commits] Commit in openssh/trunk (PKGBUILD authfile.c.patch sshd)
Gaetan Bisson
bisson at archlinux.org
Tue Sep 6 07:37:37 UTC 2011
Date: Tuesday, September 6, 2011 @ 03:37:37
Author: bisson
Revision: 137089
upstream update, remove obsolete patch, use bash test in rc.d script
Modified:
openssh/trunk/PKGBUILD
openssh/trunk/sshd
Deleted:
openssh/trunk/authfile.c.patch
------------------+
PKGBUILD | 18 +---
authfile.c.patch | 198 -----------------------------------------------------
sshd | 65 ++++++++---------
3 files changed, 38 insertions(+), 243 deletions(-)
Modified: PKGBUILD
===================================================================
--- PKGBUILD 2011-09-06 07:35:21 UTC (rev 137088)
+++ PKGBUILD 2011-09-06 07:37:37 UTC (rev 137089)
@@ -4,8 +4,8 @@
# Contributor: judd <jvinet at zeroflux.org>
pkgname=openssh
-pkgver=5.8p2
-pkgrel=9
+pkgver=5.9p1
+pkgrel=1
pkgdesc='Free version of the SSH connectivity tools'
arch=('i686' 'x86_64')
license=('custom:BSD')
@@ -13,21 +13,17 @@
backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd' 'etc/conf.d/sshd')
depends=('krb5' 'openssl' 'libedit')
source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname}-${pkgver}.tar.gz"
- 'authfile.c.patch'
'sshd.confd'
'sshd.pam'
'sshd')
-sha1sums=('64798328d310e4f06c9f01228107520adbc8b3e5'
- '3669cb5ca6149f69015df5ce8e60b82c540eb0a4'
+sha1sums=('be8878869bb80ce12ca79282768ffa73cc3f05fc'
'ec102deb69cad7d14f406289d2fc11fee6eddbdd'
'07fecd5880b1c4fdd8c94ddb2e89ddce88effdc1'
- '6b7f8ebf0c1cc37137a7d9a53447ac8a0ee6a2b5')
+ '038213716d553363b5469eae972f15c1c5a579db')
build() {
cd "${srcdir}/${pkgname}-${pkgver}"
- patch -p1 -i ../authfile.c.patch # fix FS#24693 using http://anoncvs.mindrot.org/index.cgi/openssh/authfile.c?revision=1.95
-
./configure \
--prefix=/usr \
--libexecdir=/usr/lib/ssh \
@@ -36,7 +32,6 @@
--with-md5-passwords \
--with-pam \
--with-mantype=man \
- --mandir=/usr/share/man \
--with-xauth=/usr/bin/xauth \
--with-kerberos5=/usr \
--with-ssl-engine \
@@ -64,7 +59,8 @@
install -Dm644 contrib/ssh-copy-id.1 "${pkgdir}"/usr/share/man/man1/ssh-copy-id.1
# PAM is a common, standard feature to have
- sed -i -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
+ sed \
+ -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \
-e '/^#UsePAM no$/c UsePAM yes' \
- "${pkgdir}"/etc/ssh/sshd_config
+ -i "${pkgdir}"/etc/ssh/sshd_config
}
Deleted: authfile.c.patch
===================================================================
--- authfile.c.patch 2011-09-06 07:35:21 UTC (rev 137088)
+++ authfile.c.patch 2011-09-06 07:37:37 UTC (rev 137089)
@@ -1,198 +0,0 @@
-diff -aur old/authfile.c new/authfile.c
---- old/authfile.c 2011-06-12 02:21:52.262338254 +0200
-+++ new/authfile.c 2011-06-12 02:13:43.051467269 +0200
-@@ -1,4 +1,4 @@
--/* $OpenBSD: authfile.c,v 1.87 2010/11/29 18:57:04 markus Exp $ */
-+/* $OpenBSD: authfile.c,v 1.95 2011/05/29 11:42:08 djm Exp $ */
- /*
- * Author: Tatu Ylonen <ylo at cs.hut.fi>
- * Copyright (c) 1995 Tatu Ylonen <ylo at cs.hut.fi>, Espoo, Finland
-@@ -69,6 +69,8 @@
- #include "misc.h"
- #include "atomicio.h"
-
-+#define MAX_KEY_FILE_SIZE (1024 * 1024)
-+
- /* Version identification string for SSH v1 identity files. */
- static const char authfile_id_string[] =
- "SSH PRIVATE KEY FILE FORMAT 1.1\n";
-@@ -312,12 +314,12 @@
- return pub;
- }
-
--/* Load the contents of a key file into a buffer */
--static int
-+/* Load a key from a fd into a buffer */
-+int
- key_load_file(int fd, const char *filename, Buffer *blob)
- {
-+ u_char buf[1024];
- size_t len;
-- u_char *cp;
- struct stat st;
-
- if (fstat(fd, &st) < 0) {
-@@ -325,30 +327,45 @@
- filename == NULL ? "" : filename,
- filename == NULL ? "" : " ",
- strerror(errno));
-- close(fd);
- return 0;
- }
-- if (st.st_size > 1*1024*1024) {
-+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
-+ st.st_size > MAX_KEY_FILE_SIZE) {
-+ toobig:
- error("%s: key file %.200s%stoo large", __func__,
- filename == NULL ? "" : filename,
- filename == NULL ? "" : " ");
-- close(fd);
- return 0;
- }
-- len = (size_t)st.st_size; /* truncated */
--
- buffer_init(blob);
-- cp = buffer_append_space(blob, len);
--
-- if (atomicio(read, fd, cp, len) != len) {
-- debug("%s: read from key file %.200s%sfailed: %.100s", __func__,
-- filename == NULL ? "" : filename,
-- filename == NULL ? "" : " ",
-- strerror(errno));
-+ for (;;) {
-+ if ((len = atomicio(read, fd, buf, sizeof(buf))) == 0) {
-+ if (errno == EPIPE)
-+ break;
-+ debug("%s: read from key file %.200s%sfailed: %.100s",
-+ __func__, filename == NULL ? "" : filename,
-+ filename == NULL ? "" : " ", strerror(errno));
-+ buffer_clear(blob);
-+ bzero(buf, sizeof(buf));
-+ return 0;
-+ }
-+ buffer_append(blob, buf, len);
-+ if (buffer_len(blob) > MAX_KEY_FILE_SIZE) {
-+ buffer_clear(blob);
-+ bzero(buf, sizeof(buf));
-+ goto toobig;
-+ }
-+ }
-+ bzero(buf, sizeof(buf));
-+ if ((st.st_mode & (S_IFSOCK|S_IFCHR|S_IFIFO)) == 0 &&
-+ st.st_size != buffer_len(blob)) {
-+ debug("%s: key file %.200s%schanged size while reading",
-+ __func__, filename == NULL ? "" : filename,
-+ filename == NULL ? "" : " ");
- buffer_clear(blob);
-- close(fd);
- return 0;
- }
-+
- return 1;
- }
-
-@@ -606,7 +623,7 @@
- error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@");
- error("Permissions 0%3.3o for '%s' are too open.",
- (u_int)st.st_mode & 0777, filename);
-- error("It is recommended that your private key files are NOT accessible by others.");
-+ error("It is required that your private key files are NOT accessible by others.");
- error("This private key will be ignored.");
- return 0;
- }
-@@ -626,6 +643,7 @@
- case KEY_UNSPEC:
- return key_parse_private_pem(blob, type, passphrase, commentp);
- default:
-+ error("%s: cannot parse key type %d", __func__, type);
- break;
- }
- return NULL;
-@@ -670,11 +688,38 @@
- }
-
- Key *
-+key_parse_private(Buffer *buffer, const char *filename,
-+ const char *passphrase, char **commentp)
-+{
-+ Key *pub, *prv;
-+ Buffer pubcopy;
-+
-+ buffer_init(&pubcopy);
-+ buffer_append(&pubcopy, buffer_ptr(buffer), buffer_len(buffer));
-+ /* it's a SSH v1 key if the public key part is readable */
-+ pub = key_parse_public_rsa1(&pubcopy, commentp);
-+ buffer_free(&pubcopy);
-+ if (pub == NULL) {
-+ prv = key_parse_private_type(buffer, KEY_UNSPEC,
-+ passphrase, NULL);
-+ /* use the filename as a comment for PEM */
-+ if (commentp && prv)
-+ *commentp = xstrdup(filename);
-+ } else {
-+ key_free(pub);
-+ /* key_parse_public_rsa1() has already loaded the comment */
-+ prv = key_parse_private_type(buffer, KEY_RSA1, passphrase,
-+ NULL);
-+ }
-+ return prv;
-+}
-+
-+Key *
- key_load_private(const char *filename, const char *passphrase,
- char **commentp)
- {
-- Key *pub, *prv;
-- Buffer buffer, pubcopy;
-+ Key *prv;
-+ Buffer buffer;
- int fd;
-
- fd = open(filename, O_RDONLY);
-@@ -697,23 +742,7 @@
- }
- close(fd);
-
-- buffer_init(&pubcopy);
-- buffer_append(&pubcopy, buffer_ptr(&buffer), buffer_len(&buffer));
-- /* it's a SSH v1 key if the public key part is readable */
-- pub = key_parse_public_rsa1(&pubcopy, commentp);
-- buffer_free(&pubcopy);
-- if (pub == NULL) {
-- prv = key_parse_private_type(&buffer, KEY_UNSPEC,
-- passphrase, NULL);
-- /* use the filename as a comment for PEM */
-- if (commentp && prv)
-- *commentp = xstrdup(filename);
-- } else {
-- key_free(pub);
-- /* key_parse_public_rsa1() has already loaded the comment */
-- prv = key_parse_private_type(&buffer, KEY_RSA1, passphrase,
-- NULL);
-- }
-+ prv = key_parse_private(&buffer, filename, passphrase, commentp);
- buffer_free(&buffer);
- return prv;
- }
-@@ -737,13 +766,19 @@
- case '\0':
- continue;
- }
-+ /* Abort loading if this looks like a private key */
-+ if (strncmp(cp, "-----BEGIN", 10) == 0)
-+ break;
- /* Skip leading whitespace. */
- for (; *cp && (*cp == ' ' || *cp == '\t'); cp++)
- ;
- if (*cp) {
- if (key_read(k, &cp) == 1) {
-- if (commentp)
-- *commentp=xstrdup(filename);
-+ cp[strcspn(cp, "\r\n")] = '\0';
-+ if (commentp) {
-+ *commentp = xstrdup(*cp ?
-+ cp : filename);
-+ }
- fclose(f);
- return 1;
- }
Modified: sshd
===================================================================
--- sshd 2011-09-06 07:35:21 UTC (rev 137088)
+++ sshd 2011-09-06 07:37:37 UTC (rev 137089)
@@ -7,42 +7,39 @@
PIDFILE=/var/run/sshd.pid
PID=$(cat $PIDFILE 2>/dev/null)
if ! readlink -q /proc/$PID/exe | grep -q '^/usr/sbin/sshd'; then
- PID=
- rm $PIDFILE 2>/dev/null
+ PID=
+ rm $PIDFILE 2>/dev/null
fi
case "$1" in
- start)
- stat_busy "Starting Secure Shell Daemon"
- [ -f /etc/ssh/ssh_host_key ] || { /usr/bin/ssh-keygen -t rsa1 -N "" -f /etc/ssh/ssh_host_key >/dev/null; }
- [ -f /etc/ssh/ssh_host_rsa_key ] || { /usr/bin/ssh-keygen -t rsa -N "" -f /etc/ssh/ssh_host_rsa_key >/dev/null; }
- [ -f /etc/ssh/ssh_host_dsa_key ] || { /usr/bin/ssh-keygen -t dsa -N "" -f /etc/ssh/ssh_host_dsa_key >/dev/null; }
- [ -f /etc/ssh/ssh_host_ecdsa_key ] || { /usr/bin/ssh-keygen -t ecdsa -N "" -f /etc/ssh/ssh_host_ecdsa_key >/dev/null; }
- [ -d /var/empty ] || mkdir -p /var/empty
- [ -z "$PID" ] && /usr/sbin/sshd $SSHD_ARGS
- if [ $? -gt 0 ]; then
- stat_fail
- else
- add_daemon sshd
- stat_done
- fi
- ;;
- stop)
- stat_busy "Stopping Secure Shell Daemon"
- [ ! -z "$PID" ] && kill $PID &> /dev/null
- if [ $? -gt 0 ]; then
- stat_fail
- else
- rm_daemon sshd
- stat_done
- fi
- ;;
- restart)
- $0 stop
- sleep 1
- $0 start
- ;;
- *)
- echo "usage: $0 {start|stop|restart}"
+ start)
+ stat_busy 'Starting Secure Shell Daemon'
+ ssh-keygen -A
+ [[ -d /var/empty ]] || mkdir -p /var/empty
+ [[ -z $PID ]] && /usr/sbin/sshd $SSHD_ARGS
+ if [[ $? -gt 0 ]]; then
+ stat_fail
+ else
+ add_daemon sshd
+ stat_done
+ fi
+ ;;
+ stop)
+ stat_busy 'Stopping Secure Shell Daemon'
+ [[ ! -z $PID ]] && kill $PID &> /dev/null
+ if [[ $? -gt 0 ]]; then
+ stat_fail
+ else
+ rm_daemon sshd
+ stat_done
+ fi
+ ;;
+ restart)
+ $0 stop
+ sleep 1
+ $0 start
+ ;;
+ *)
+ echo "usage: $0 {start|stop|restart}"
esac
exit 0
More information about the arch-commits
mailing list