diff options
-rw-r--r-- | .SRCINFO | 8 | ||||
-rw-r--r-- | PKGBUILD | 9 | ||||
-rw-r--r-- | keyboard-interactive.patch | 52 |
3 files changed, 65 insertions, 4 deletions
@@ -1,7 +1,7 @@ pkgbase = openssh-selinux pkgdesc = Free version of the SSH connectivity tools with SELinux support pkgver = 6.9p1 - pkgrel = 1 + pkgrel = 2 url = http://www.openssh.org/portable.html install = install arch = i686 @@ -16,8 +16,8 @@ pkgbase = openssh-selinux depends = libselinux optdepends = xorg-xauth: X11 forwarding optdepends = x11-ssh-askpass: input passphrase in X - provides = openssh=6.9p1-1 - provides = selinux-openssh=6.9p1-1 + provides = openssh=6.9p1-2 + provides = selinux-openssh=6.9p1-2 conflicts = openssh conflicts = selinux-openssh backup = etc/ssh/ssh_config @@ -25,6 +25,7 @@ pkgbase = openssh-selinux backup = etc/pam.d/sshd source = ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.9p1.tar.gz source = ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-6.9p1.tar.gz.asc + source = keyboard-interactive.patch source = sshdgenkeys.service source = sshd@.service source = sshd.service @@ -33,6 +34,7 @@ pkgbase = openssh-selinux source = sshd.pam sha1sums = 86ab57f00d0fd9bf302760f2f6deac1b6e9df265 sha1sums = SKIP + sha1sums = ef9e9327a943839abb3d202783b318e9cd2bdcd5 sha1sums = cc1ceec606c98c7407e7ac21ade23aed81e31405 sha1sums = 6a0ff3305692cf83aca96e10f3bb51e1c26fccda sha1sums = ec49c6beba923e201505f5669cea48cad29014db @@ -8,7 +8,7 @@ pkgname=openssh-selinux pkgver=6.9p1 -pkgrel=1 +pkgrel=2 pkgdesc='Free version of the SSH connectivity tools with SELinux support' url='http://www.openssh.org/portable.html' license=('custom:BSD') @@ -23,6 +23,7 @@ provides=("${pkgname/-selinux}=${pkgver}-${pkgrel}" groups=('selinux') validpgpkeys=('59C2118ED206D927E667EBE3D3E5F56B6D920D30') source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname/-selinux}-${pkgver}.tar.gz"{,.asc} + 'keyboard-interactive.patch' 'sshdgenkeys.service' 'sshd@.service' 'sshd.service' @@ -30,6 +31,7 @@ source=("ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/${pkgname/-selinux}- 'sshd.conf' 'sshd.pam') sha1sums=('86ab57f00d0fd9bf302760f2f6deac1b6e9df265' 'SKIP' + 'ef9e9327a943839abb3d202783b318e9cd2bdcd5' 'cc1ceec606c98c7407e7ac21ade23aed81e31405' '6a0ff3305692cf83aca96e10f3bb51e1c26fccda' 'ec49c6beba923e201505f5669cea48cad29014db' @@ -41,6 +43,11 @@ backup=('etc/ssh/ssh_config' 'etc/ssh/sshd_config' 'etc/pam.d/sshd') install=install +prepare() { + cd "${srcdir}/${pkgname/-selinux}-${pkgver}" + patch -p1 -i ../keyboard-interactive.patch +} + build() { cd "${srcdir}/${pkgname/-selinux}-${pkgver}" diff --git a/keyboard-interactive.patch b/keyboard-interactive.patch new file mode 100644 index 000000000000..4adafebc1aa9 --- /dev/null +++ b/keyboard-interactive.patch @@ -0,0 +1,52 @@ +From 5b64f85bb811246c59ebab70aed331f26ba37b18 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Sat, 18 Jul 2015 07:57:14 +0000 +Subject: upstream commit + +only query each keyboard-interactive device once per + authentication request regardless of how many times it is listed; ok markus@ + +Upstream-ID: d73fafba6e86030436ff673656ec1f33d9ffeda1 +--- + auth2-chall.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/auth2-chall.c b/auth2-chall.c +index ddabe1a..4aff09d 100644 +--- a/auth2-chall.c ++++ b/auth2-chall.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: auth2-chall.c,v 1.42 2015/01/19 20:07:45 markus Exp $ */ ++/* $OpenBSD: auth2-chall.c,v 1.43 2015/07/18 07:57:14 djm Exp $ */ + /* + * Copyright (c) 2001 Markus Friedl. All rights reserved. + * Copyright (c) 2001 Per Allansson. All rights reserved. +@@ -83,6 +83,7 @@ struct KbdintAuthctxt + void *ctxt; + KbdintDevice *device; + u_int nreq; ++ u_int devices_done; + }; + + #ifdef USE_PAM +@@ -169,11 +170,15 @@ kbdint_next_device(Authctxt *authctxt, KbdintAuthctxt *kbdintctxt) + if (len == 0) + break; + for (i = 0; devices[i]; i++) { +- if (!auth2_method_allowed(authctxt, ++ if ((kbdintctxt->devices_done & (1 << i)) != 0 || ++ !auth2_method_allowed(authctxt, + "keyboard-interactive", devices[i]->name)) + continue; +- if (strncmp(kbdintctxt->devices, devices[i]->name, len) == 0) ++ if (strncmp(kbdintctxt->devices, devices[i]->name, ++ len) == 0) { + kbdintctxt->device = devices[i]; ++ kbdintctxt->devices_done |= 1 << i; ++ } + } + t = kbdintctxt->devices; + kbdintctxt->devices = t[len] ? xstrdup(t+len+1) : NULL; +-- +cgit v0.11.2 + |