From bd929b4662bd3e5a5a072b4f07f91b70b24f4e7d Mon Sep 17 00:00:00 2001
From: Jan F. Chadima <jfch2222@fedoraproject.org>
Date: May 04 2010 07:50:13 +0000
Subject: - Comment spec.file

- Sync patches from upstream

---

diff --git a/openssh-5.1p1-cloexec.patch b/openssh-5.1p1-cloexec.patch
deleted file mode 100644
index 3d88be5..0000000
--- a/openssh-5.1p1-cloexec.patch
+++ /dev/null
@@ -1,87 +0,0 @@
-diff -up openssh-5.3p1/channels.c.cloexec openssh-5.3p1/channels.c
---- openssh-5.3p1/channels.c.cloexec	2010-01-25 17:25:58.000000000 +0100
-+++ openssh-5.3p1/channels.c	2010-01-25 17:26:01.000000000 +0100
-@@ -60,6 +60,7 @@
- #include <termios.h>
- #include <unistd.h>
- #include <stdarg.h>
-+#include <fcntl.h>
- 
- #include "openbsd-compat/sys-queue.h"
- #include "xmalloc.h"
-@@ -230,6 +231,18 @@ channel_register_fds(Channel *c, int rfd
- 
- 	/* XXX set close-on-exec -markus */
- 
-+	if (rfd != -1) {
-+		fcntl(rfd, F_SETFD, FD_CLOEXEC);
-+	}
-+
-+	if (wfd != -1 && wfd != rfd) {
-+		fcntl(wfd, F_SETFD, FD_CLOEXEC);
-+	}
-+
-+	if (efd != -1 && efd != rfd && efd != wfd) {
-+		fcntl(efd, F_SETFD, FD_CLOEXEC);
-+	}
-+
- 	c->rfd = rfd;
- 	c->wfd = wfd;
- 	c->sock = (rfd == wfd) ? rfd : -1;
-diff -up openssh-5.3p1/sshconnect2.c.cloexec openssh-5.3p1/sshconnect2.c
---- openssh-5.3p1/sshconnect2.c.cloexec	2010-01-25 17:25:58.000000000 +0100
-+++ openssh-5.3p1/sshconnect2.c	2010-01-25 17:26:01.000000000 +0100
-@@ -39,6 +39,7 @@
- #include <stdio.h>
- #include <string.h>
- #include <unistd.h>
-+#include <fcntl.h>
- #if defined(HAVE_STRNVIS) && defined(HAVE_VIS_H)
- #include <vis.h>
- #endif
-@@ -1512,6 +1513,7 @@ ssh_keysign(Key *key, u_char **sigp, u_i
- 		return -1;
- 	}
- 	if (pid == 0) {
-+		fcntl(packet_get_connection_in(), F_SETFD, 0); /* keep the socket on exec */
- 		permanently_drop_suid(getuid());
- 		close(from[0]);
- 		if (dup2(from[1], STDOUT_FILENO) < 0)
-diff -up openssh-5.3p1/sshconnect.c.cloexec openssh-5.3p1/sshconnect.c
---- openssh-5.3p1/sshconnect.c.cloexec	2009-06-21 10:53:53.000000000 +0200
-+++ openssh-5.3p1/sshconnect.c	2010-01-25 17:26:01.000000000 +0100
-@@ -38,6 +38,7 @@
- #include <stdlib.h>
- #include <string.h>
- #include <unistd.h>
-+#include <fcntl.h>
- 
- #include "xmalloc.h"
- #include "key.h"
-@@ -191,8 +192,11 @@ ssh_create_socket(int privileged, struct
- 		return sock;
- 	}
- 	sock = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
--	if (sock < 0)
-+	if (sock < 0) {
- 		error("socket: %.100s", strerror(errno));
-+		return -1;
-+	}
-+	fcntl(sock, F_SETFD, FD_CLOEXEC);
- 
- 	/* Bind the socket to an alternative local IP address */
- 	if (options.bind_address == NULL)
-diff -up openssh-5.3p1/sshd.c.cloexec openssh-5.3p1/sshd.c
---- openssh-5.3p1/sshd.c.cloexec	2010-01-25 17:25:55.000000000 +0100
-+++ openssh-5.3p1/sshd.c	2010-01-25 18:29:23.000000000 +0100
-@@ -1756,6 +1756,10 @@ main(int ac, char **av)
- 		    sock_in, sock_out, newsock, startup_pipe, config_s[0]);
- 	}
- 
-+	/* set fd cloexec on io/sockets to avoid to forward them to childern */
-+	fcntl(sock_out, F_SETFD, FD_CLOEXEC);
-+	fcntl(sock_in, F_SETFD, FD_CLOEXEC);
-+
- 	/*
- 	 * Disable the key regeneration alarm.  We will not regenerate the
- 	 * key since we are no longer in a position to give it to anyone. We
diff --git a/openssh-5.4p1-staterr.patch b/openssh-5.4p1-staterr.patch
deleted file mode 100644
index cc96026..0000000
--- a/openssh-5.4p1-staterr.patch
+++ /dev/null
@@ -1,14 +0,0 @@
-diff -up openssh-5.4p1/ssh-keygen.c.staterr openssh-5.4p1/ssh-keygen.c
---- openssh-5.4p1/ssh-keygen.c.staterr	2010-03-19 20:56:12.000000000 +0100
-+++ openssh-5.4p1/ssh-keygen.c	2010-03-19 20:59:41.000000000 +0100
-@@ -1829,7 +1829,9 @@ main(int argc, char **argv)
- 	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
- 	if (strstr(identity_file, dotsshdir) != NULL &&
- 	    stat(dotsshdir, &st) < 0) {
--		if (mkdir(dotsshdir, 0700) < 0)
-+		if (errno == EPERM)
-+			error("Do not have permisions to stat directory '%s'.", dotsshdir);
-+		else if (mkdir(dotsshdir, 0700) < 0)
- 			error("Could not create directory '%s'.", dotsshdir);
- 		else if (!quiet)
- 			printf("Created directory '%s'.\n", dotsshdir);
diff --git a/openssh-5.5p1-keygen.patch b/openssh-5.5p1-keygen.patch
new file mode 100644
index 0000000..c7a8fb4
--- /dev/null
+++ b/openssh-5.5p1-keygen.patch
@@ -0,0 +1,80 @@
+diff -up openssh-5.5p1/ssh-keygen.0.keygen openssh-5.5p1/ssh-keygen.0
+--- openssh-5.5p1/ssh-keygen.0.keygen	2010-04-16 02:17:11.000000000 +0200
++++ openssh-5.5p1/ssh-keygen.0	2010-05-04 08:19:22.000000000 +0200
+@@ -4,7 +4,7 @@ NAME
+      ssh-keygen - authentication key generation, management and conversion
+ 
+ SYNOPSIS
+-     ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment]
++     ssh-keygen [-q] [-o] [-b bits] -t type [-N new_passphrase] [-C comment]
+                 [-f output_keyfile]
+      ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile]
+      ssh-keygen -i [-f input_keyfile]
+@@ -222,6 +222,8 @@ DESCRIPTION
+ 
+      -q      Silence ssh-keygen.  Used by /etc/rc when creating a new key.
+ 
++     -o      Overwrite the key without prompting user.
++
+      -R hostname
+              Removes all keys belonging to hostname from a known_hosts file.
+              This option is useful to delete hashed hosts (see the -H option
+diff -up openssh-5.5p1/ssh-keygen.1.keygen openssh-5.5p1/ssh-keygen.1
+--- openssh-5.5p1/ssh-keygen.1.keygen	2010-03-21 19:57:49.000000000 +0100
++++ openssh-5.5p1/ssh-keygen.1	2010-05-04 08:19:22.000000000 +0200
+@@ -47,6 +47,7 @@
+ .Nm ssh-keygen
+ .Bk -words
+ .Op Fl q
++.Op Fl o
+ .Op Fl b Ar bits
+ .Fl t Ar type
+ .Op Fl N Ar new_passphrase
+@@ -370,6 +371,8 @@ Silence
+ Used by
+ .Pa /etc/rc
+ when creating a new key.
++.It Fl o
++Overwrite the key without prompting user.
+ .It Fl R Ar hostname
+ Removes all keys belonging to
+ .Ar hostname
+diff -up openssh-5.5p1/ssh-keygen.c.keygen openssh-5.5p1/ssh-keygen.c
+--- openssh-5.5p1/ssh-keygen.c.keygen	2010-03-21 19:58:24.000000000 +0100
++++ openssh-5.5p1/ssh-keygen.c	2010-05-04 08:22:22.000000000 +0200
+@@ -72,6 +72,7 @@ int change_passphrase = 0;
+ int change_comment = 0;
+ 
+ int quiet = 0;
++int overwrite = 0;
+ 
+ int log_level = SYSLOG_LEVEL_INFO;
+ 
+@@ -1540,7 +1541,7 @@ main(int argc, char **argv)
+ 		exit(1);
+ 	}
+ 
+-	while ((opt = getopt(argc, argv, "degiqpclBHLhvxXyF:b:f:t:D:I:P:N:n:"
++	while ((opt = getopt(argc, argv, "degiqopclBHLhvxXyF:b:f:t:D:I:P:N:n:"
+ 	    "O:C:r:g:R:T:G:M:S:s:a:V:W:")) != -1) {
+ 		switch (opt) {
+ 		case 'b':
+@@ -1605,6 +1606,9 @@ main(int argc, char **argv)
+ 		case 'q':
+ 			quiet = 1;
+ 			break;
++		case 'o':
++			overwrite = 1;
++			break;
+ 		case 'e':
+ 		case 'x':
+ 			/* export key */
+@@ -1835,7 +1839,7 @@ main(int argc, char **argv)
+ 			printf("Created directory '%s'.\n", dotsshdir);
+ 	}
+ 	/* If the file already exists, ask the user to confirm. */
+-	if (stat(identity_file, &st) >= 0) {
++	if (!overwrite && stat(identity_file, &st) >= 0) {
+ 		char yesno[3];
+ 		printf("%s already exists.\n", identity_file);
+ 		printf("Overwrite (y/n)? ");
diff --git a/openssh-5.5p1-staterr.patch b/openssh-5.5p1-staterr.patch
new file mode 100644
index 0000000..ecabf2d
--- /dev/null
+++ b/openssh-5.5p1-staterr.patch
@@ -0,0 +1,30 @@
+diff -up openssh-5.5p1/ssh-keygen.c.staterr openssh-5.5p1/ssh-keygen.c
+--- openssh-5.5p1/ssh-keygen.c.staterr	2010-05-04 09:01:14.000000000 +0200
++++ openssh-5.5p1/ssh-keygen.c	2010-05-04 09:03:32.000000000 +0200
+@@ -1831,13 +1831,19 @@ main(int argc, char **argv)
+ 		ask_filename(pw, "Enter file in which to save the key");
+ 
+ 	/* Create ~/.ssh directory if it doesn't already exist. */
+-	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s", pw->pw_dir, _PATH_SSH_USER_DIR);
+-	if (strstr(identity_file, dotsshdir) != NULL &&
+-	    stat(dotsshdir, &st) < 0) {
+-		if (mkdir(dotsshdir, 0700) < 0)
+-			error("Could not create directory '%s'.", dotsshdir);
+-		else if (!quiet)
+-			printf("Created directory '%s'.\n", dotsshdir);
++	snprintf(dotsshdir, sizeof dotsshdir, "%s/%s",
++	    pw->pw_dir, _PATH_SSH_USER_DIR);
++	if (strstr(identity_file, dotsshdir) != NULL) {
++		if (stat(dotsshdir, &st) < 0) {
++			if (errno != ENOENT) {
++				error("Could not stat %s: %s", dotsshdir,
++				    strerror(errno));
++			} else if (mkdir(dotsshdir, 0700) < 0) {
++				error("Could not create directory '%s': %s",
++				    dotsshdir, strerror(errno));
++			} else if (!quiet)
++				printf("Created directory '%s'.\n", dotsshdir);
++		}
+ 	}
+ 	/* If the file already exists, ask the user to confirm. */
+ 	if (!overwrite && stat(identity_file, &st) >= 0) {
diff --git a/openssh.spec b/openssh.spec
index de45fde..7ddf940 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -120,6 +120,7 @@ Patch44: openssh-5.2p1-allow-ip-opts.patch
 Patch49: openssh-4.3p2-gssapi-canohost.patch
 Patch62: openssh-5.1p1-scp-manpage.patch
 Patch65: openssh-5.5p1-fips.patch
+#https://bugzilla.mindrot.org/show_bug.cgi?id=1614
 Patch69: openssh-5.3p1-selabel.patch
 Patch71: openssh-5.2p1-edns.patch
 Patch73: openssh-5.5p1-gsskex.patch