From f9d1837d603b35c3d6c2be2fabf5a8918b725cec Mon Sep 17 00:00:00 2001 From: kircher Date: Tue, 8 Mar 2022 19:35:50 +0800 Subject: [PATCH] add sshd.tmpfiles --- openssh.spec | 125 ++++++++++++++++++++++++++++---------------------- sshd.tmpfiles | 1 + 2 files changed, 71 insertions(+), 55 deletions(-) create mode 100644 sshd.tmpfiles diff --git a/openssh.spec b/openssh.spec index 7a9bddd..ce366f3 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 1 +%global openssh_release 2 Name: openssh Version: 8.8p1 @@ -27,58 +27,59 @@ Source10: sshd.socket Source11: sshd.service Source12: sshd-keygen@.service Source13: sshd-keygen +Source14: sshd.tmpfiles Source15: sshd-keygen.target -Source16: ssh-agent.service -Patch0: backport-openssh-6.7p1-coverity.patch -Patch1: backport-openssh-7.6p1-audit.patch -Patch2: backport-openssh-7.1p2-audit-race-condition.patch -Patch3: backport-pam_ssh_agent_auth-0.9.3-build.patch -Patch4: backport-pam_ssh_agent_auth-0.10.3-seteuid.patch -Patch5: backport-pam_ssh_agent_auth-0.9.2-visibility.patch -Patch6: backport-pam_ssh_agent_auth-0.9.3-agent_structure.patch -Patch7: backport-pam_ssh_agent_auth-0.10.2-compat.patch -Patch8: backport-pam_ssh_agent_auth-0.10.2-dereference.patch -Patch9: backport-openssh-7.8p1-role-mls.patch -Patch10: backport-openssh-6.6p1-privsep-selinux.patch -Patch12: backport-openssh-6.6p1-keycat.patch -Patch13: backport-openssh-6.6p1-allow-ip-opts.patch -Patch14: backport-openssh-6.6p1-keyperm.patch -Patch15: backport-openssh-5.9p1-ipv6man.patch -Patch16: backport-openssh-5.8p2-sigpipe.patch -Patch17: backport-openssh-7.2p2-x11.patch -Patch18: backport-openssh-7.7p1-fips.patch -Patch19: backport-openssh-5.1p1-askpass-progress.patch -Patch20: backport-openssh-4.3p2-askpass-grab-info.patch -Patch21: backport-openssh-7.7p1.patch -Patch22: backport-openssh-7.8p1-UsePAM-warning.patch -Patch23: backport-openssh-6.3p1-ctr-evp-fast.patch -Patch26: backport-openssh-8.0p1-gssapi-keyex.patch -Patch27: backport-openssh-6.6p1-force_krb.patch -Patch28: backport-openssh-6.6p1-GSSAPIEnablek5users.patch -Patch29: backport-openssh-7.7p1-gssapi-new-unique.patch -Patch30: backport-openssh-7.2p2-k5login_directory.patch -Patch31: backport-openssh-6.6p1-kuserok.patch -Patch32: backport-openssh-6.4p1-fromto-remote.patch -Patch33: backport-openssh-6.6.1p1-selinux-contexts.patch -Patch34: backport-openssh-6.6.1p1-log-in-chroot.patch -Patch35: backport-openssh-6.6.1p1-scp-non-existing-directory.patch -Patch36: backport-openssh-6.8p1-sshdT-output.patch -Patch37: backport-openssh-6.7p1-sftp-force-permission.patch -Patch38: backport-openssh-7.2p2-s390-closefrom.patch -Patch39: backport-openssh-7.3p1-x11-max-displays.patch -Patch40: backport-openssh-7.4p1-systemd.patch -Patch41: backport-openssh-7.6p1-cleanup-selinux.patch -Patch42: backport-openssh-7.5p1-sandbox.patch -Patch43: backport-openssh-8.0p1-pkcs11-uri.patch -Patch44: backport-openssh-7.8p1-scp-ipv6.patch -Patch46: backport-openssh-8.0p1-crypto-policies.patch -Patch47: backport-openssh-8.0p1-openssl-evp.patch -Patch48: backport-openssh-8.0p1-openssl-kdf.patch -Patch49: backport-openssh-8.2p1-visibility.patch -Patch50: backport-openssh-8.2p1-x11-without-ipv6.patch -Patch51: backport-openssh-8.0p1-keygen-strip-doseol.patch -Patch52: backport-openssh-8.0p1-preserve-pam-errors.patch -Patch53: backport-openssh-8.7p1-scp-kill-switch.patch +Source16: ssh-agent.service +Patch0: openssh-6.7p1-coverity.patch +Patch1: openssh-7.6p1-audit.patch +Patch2: openssh-7.1p2-audit-race-condition.patch +Patch3: pam_ssh_agent_auth-0.9.3-build.patch +Patch4: pam_ssh_agent_auth-0.10.3-seteuid.patch +Patch5: pam_ssh_agent_auth-0.9.2-visibility.patch +Patch6: pam_ssh_agent_auth-0.9.3-agent_structure.patch +Patch7: pam_ssh_agent_auth-0.10.2-compat.patch +Patch8: pam_ssh_agent_auth-0.10.2-dereference.patch +Patch9: openssh-7.8p1-role-mls.patch +Patch10: openssh-6.6p1-privsep-selinux.patch +Patch12: openssh-6.6p1-keycat.patch +Patch13: openssh-6.6p1-allow-ip-opts.patch +Patch14: openssh-6.6p1-keyperm.patch +Patch15: openssh-5.9p1-ipv6man.patch +Patch16: openssh-5.8p2-sigpipe.patch +Patch17: openssh-7.2p2-x11.patch +Patch18: openssh-7.7p1-fips.patch +Patch19: openssh-5.1p1-askpass-progress.patch +Patch20: openssh-4.3p2-askpass-grab-info.patch +Patch21: openssh-7.7p1.patch +Patch22: openssh-7.8p1-UsePAM-warning.patch +Patch23: openssh-6.3p1-ctr-evp-fast.patch +Patch26: openssh-8.0p1-gssapi-keyex.patch +Patch27: openssh-6.6p1-force_krb.patch +Patch28: openssh-6.6p1-GSSAPIEnablek5users.patch +Patch29: openssh-7.7p1-gssapi-new-unique.patch +Patch30: openssh-7.2p2-k5login_directory.patch +Patch31: openssh-6.6p1-kuserok.patch +Patch32: openssh-6.4p1-fromto-remote.patch +Patch33: openssh-6.6.1p1-selinux-contexts.patch +Patch34: openssh-6.6.1p1-log-in-chroot.patch +Patch35: openssh-6.6.1p1-scp-non-existing-directory.patch +Patch36: openssh-6.8p1-sshdT-output.patch +Patch37: openssh-6.7p1-sftp-force-permission.patch +Patch38: openssh-7.2p2-s390-closefrom.patch +Patch39: openssh-7.3p1-x11-max-displays.patch +Patch40: openssh-7.4p1-systemd.patch +Patch41: openssh-7.6p1-cleanup-selinux.patch +Patch42: openssh-7.5p1-sandbox.patch +Patch43: openssh-8.0p1-pkcs11-uri.patch +Patch44: openssh-7.8p1-scp-ipv6.patch +Patch46: openssh-8.0p1-crypto-policies.patch +Patch47: openssh-8.0p1-openssl-evp.patch +Patch48: openssh-8.0p1-openssl-kdf.patch +Patch49: openssh-8.2p1-visibility.patch +Patch50: openssh-8.2p1-x11-without-ipv6.patch +Patch51: openssh-8.0p1-keygen-strip-doseol.patch +Patch52: openssh-8.0p1-preserve-pam-errors.patch +Patch53: openssh-8.7p1-scp-kill-switch.patch Patch54: bugfix-sftp-when-parse_user_host_path-empty-path-should-be-allowed.patch Patch55: bugfix-openssh-6.6p1-log-usepam-no.patch @@ -325,6 +326,7 @@ install -m644 %{SOURCE16} $RPM_BUILD_ROOT/%{_userunitdir}/ssh-agent.service install -m744 %{SOURCE13} $RPM_BUILD_ROOT/%{_libexecdir}/openssh/sshd-keygen install -m755 contrib/ssh-copy-id $RPM_BUILD_ROOT%{_bindir}/ install contrib/ssh-copy-id.1 $RPM_BUILD_ROOT%{_mandir}/man1/ +install -m644 -D %{SOURCE14} $RPM_BUILD_ROOT%{_tmpfilesdir}/%{name}.conf install contrib/gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/gnome-ssh-askpass ln -s gnome-ssh-askpass $RPM_BUILD_ROOT%{_libexecdir}/openssh/ssh-askpass @@ -392,6 +394,7 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_unitdir}/sshd.socket %attr(0644,root,root) %{_unitdir}/sshd-keygen@.service %attr(0644,root,root) %{_unitdir}/sshd-keygen.target +%attr(0644,root,root) %{_tmpfilesdir}/openssh.conf %files keycat %attr(0755,root,root) %{_libexecdir}/openssh/ssh-keycat @@ -419,18 +422,30 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog -* Wed Dec 8 2021 renmingshuai - 8.8P1-1 +* Mon Mar 07 2021 kircher - 8.8P1-2 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:add sshd.tmpfiles + +* Thu Oct 28 2021 kircher - 8.8P1-1 - Type:bugfix - CVE:NA - SUG:NA - DESC:update to openssh-8.8p1 -* Fri Oct 29 2021 kircher - 8.2P1-14 -- Type:CVE +* Fri Oct 8 2021 renmingshuai - 8.2P1-15 +- Type:cves - CVE:CVE-2021-41617 - SUG:NA - DESC:fix CVE-2021-41617 +* Sat Sep 18 2021 kircher - 8.2P1-14 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:backport patch from github to fix NULL ref + * Fri Jul 30 2021 kircher - 8.2P1-13 - Type:bugfix - CVE:NA diff --git a/sshd.tmpfiles b/sshd.tmpfiles new file mode 100644 index 0000000..c35a2b8 --- /dev/null +++ b/sshd.tmpfiles @@ -0,0 +1 @@ +d /var/empty/sshd 711 root root - -- Gitee