This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 3.x development tree".
The branch, master has been updated via 3e1e53dcee807856590c044adad1be2500650005 (commit) via e00a152a3468eaf5bc06cd68a51876b75eeb469f (commit) via 4867767487993c225b3aa13e70e166aeb3bb38ef (commit) via c86a4ece986f5be1f6fa6ef1206e2025ccaeda1b (commit) via 4c2c8052ee4f967acab5aaeef7ffae1ccb2ae1b6 (commit) via 4ca9f4aceed8dcd94a7a806d958b50b47816cab3 (commit) via 57aabcb728e351ad4b924f32b22533f5ec9e6ad2 (commit) via af5ec5a2cca9632f857d6b5313319ee2c38de10a (commit) via 105300e757bcf9a2e5855ed7113ff1c210f5deb8 (commit) via 44f64d91164057667bea5ef590cb784b1875538d (commit) via 17d728c8b5030bc68123daf2a95ccd2cf691ab2c (commit) via 9b61cbcaee8c324abfebdcd2da1344c3f5150d6f (commit) via 544adb5dc86db813856dbdabbd17c3077319f0fb (commit) via 02d98b9ffa9496948ab3e23e1ed20dd113f24b62 (commit) via d8cdb822a901412e55f5fb2bf8a3d7bce21c2bd8 (commit) via 4eb534e83fbe2f9c5917efd1d4a81426620623f8 (commit) via d3caa69ababbf4e1d673fb015a60c282e00c8acf (commit) via b182eef02677363ed6cbc614d1685c020b43b0ec (commit) via a5a2c5e4803c2dcbc33589d625a887fb5d72db0c (commit) via 09905e81af742114baecc6b34109acccd9901248 (commit) via 6b368e6bc24878618b9d584fb058af7698c74667 (commit) via dccff8384ca3b67a0afc7b8d1ea42c07681491e9 (commit) via cfd520d3722bd8f4b51b28b0c0464f8bd264bd44 (commit) via 3a0de3c5b8e25c82f6f63d4add2a71872fd33a25 (commit) via ded3d4afef7f144e1f10cd80459999cea99b3a03 (commit) via cd2c8ff1ce0c9c29ce2c0fd2275cc18298adf47b (commit) via 9443512a13efa04fbe9378a297807c92b8974e49 (commit) via 14baf7920f834c47bba6a3ffcf2a94723ac3c5a1 (commit) via e92d6ba073acd2860d58ef901ad8c2628d58c96f (commit) from 289c5516e3248154e1a9f9cf330f8917e4103bbf (commit)
Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below.
- Log ----------------------------------------------------------------- commit 3e1e53dcee807856590c044adad1be2500650005 Merge: e00a152 4ca9f4a Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 7 00:48:30 2015 +0200
Merge remote-tracking branch 'stevee/shadow-manpages'
commit e00a152a3468eaf5bc06cd68a51876b75eeb469f Merge: 4867767 af5ec5a Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 7 00:47:59 2015 +0200
Merge remote-tracking branch 'stevee/net-tools'
commit 4867767487993c225b3aa13e70e166aeb3bb38ef Merge: c86a4ec 17d728c Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 7 00:47:27 2015 +0200
Merge remote-tracking branch 'stevee/openssh-update'
commit c86a4ece986f5be1f6fa6ef1206e2025ccaeda1b Merge: 4c2c805 544adb5 Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 7 00:46:56 2015 +0200
Merge remote-tracking branch 'stevee/perl-module-updates'
commit 4c2c8052ee4f967acab5aaeef7ffae1ccb2ae1b6 Merge: 289c551 9b61cbc Author: Michael Tremer michael.tremer@ipfire.org Date: Tue Apr 7 00:46:24 2015 +0200
Merge remote-tracking branch 'stevee/perl-fix'
commit 4ca9f4aceed8dcd94a7a806d958b50b47816cab3 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 6 10:20:34 2015 +0200
shadow-utils: Reenable manpages.
As we now have the gnome-doc-utils, we are able to generate the manpages again.
Fixes #10752.
commit 57aabcb728e351ad4b924f32b22533f5ec9e6ad2 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Mon Apr 6 10:18:35 2015 +0200
gnome-doc-utils: New package.
This package is required in order to build manpages for shadow-utils.
Reference: #10752.
commit af5ec5a2cca9632f857d6b5313319ee2c38de10a Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Apr 5 14:46:47 2015 +0200
etherwake: Fix compiling and add manpage.
commit 105300e757bcf9a2e5855ed7113ff1c210f5deb8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sun Apr 5 12:31:34 2015 +0200
hostname: New package.
commit 44f64d91164057667bea5ef590cb784b1875538d Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 22:21:44 2015 +0200
net-tools: Update to 2.0 git-rev e5f1be13.
* Drop ether-wake and hostname stuff (They have their own packages).
commit 17d728c8b5030bc68123daf2a95ccd2cf691ab2c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 22:58:32 2015 +0200
openssh: Update to 6.8p1.
Fixes #10534.
commit 9b61cbcaee8c324abfebdcd2da1344c3f5150d6f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 18:55:41 2015 +0200
perl: perl-Extutils-MakeMaker subpacke requires xsubpp binary.
commit 544adb5dc86db813856dbdabbd17c3077319f0fb Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 18:52:25 2015 +0200
perl-XML-Parser: Update to 2.44.
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit 02d98b9ffa9496948ab3e23e1ed20dd113f24b62 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 18:49:40 2015 +0200
perl-WWW-Curl: Update to 4.17.
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit d8cdb822a901412e55f5fb2bf8a3d7bce21c2bd8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 18:45:26 2015 +0200
perl-URI: Update to 1.67.
commit 4eb534e83fbe2f9c5917efd1d4a81426620623f8 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 18:43:09 2015 +0200
perl-Tk: Update to 804.033.
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit d3caa69ababbf4e1d673fb015a60c282e00c8acf Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 18:37:42 2015 +0200
perl-TermReadKey: Update to 2.32.
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit b182eef02677363ed6cbc614d1685c020b43b0ec Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 17:01:09 2015 +0200
perl-libintl-perl: Update runtime and build dependencies.
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit a5a2c5e4803c2dcbc33589d625a887fb5d72db0c Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 16:45:23 2015 +0200
perl-IO-AIO: Update to 4.32.
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit 09905e81af742114baecc6b34109acccd9901248 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 16:42:59 2015 +0200
perl-HTML-Tagset: Add update URL.
commit 6b368e6bc24878618b9d584fb058af7698c74667 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 16:41:45 2015 +0200
perl-HTML-Parser: Updte to 3.71.
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit dccff8384ca3b67a0afc7b8d1ea42c07681491e9 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 16:25:53 2015 +0200
perl-FCGI: Update to 0.77.
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit cfd520d3722bd8f4b51b28b0c0464f8bd264bd44 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 16:21:22 2015 +0200
perl-Digest-SHA1: Add runtime dependency to perl(:MODULE_COMPAT).
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit 3a0de3c5b8e25c82f6f63d4add2a71872fd33a25 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 16:17:05 2015 +0200
perl-DBI: Update to 1.633.
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit ded3d4afef7f144e1f10cd80459999cea99b3a03 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 16:06:30 2015 +0200
perl-Crypt-PasswdMD5: Update to 1.40.
Drop debuginfo paket and generic runtime dependency to perl.
commit cd2c8ff1ce0c9c29ce2c0fd2275cc18298adf47b Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 15:59:53 2015 +0200
perl-Coro: Update to 6.42.
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit 9443512a13efa04fbe9378a297807c92b8974e49 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 15:57:21 2015 +0200
perl-common-sense: Update to 3.73.
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit 14baf7920f834c47bba6a3ffcf2a94723ac3c5a1 Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Apr 4 15:48:59 2015 +0200
perl-BDB: Update to 1.91.
From now we require a perl(:MODULE_COMPAT_xyz), where xyz contains the perl version and perl API the module has been linked against. This will prevent us in the future to install old perl modules which cannot be executed on more modern API's.
commit e92d6ba073acd2860d58ef901ad8c2628d58c96f Author: Stefan Schantl stefan.schantl@ipfire.org Date: Sat Mar 21 12:51:04 2015 +0100
perl: Fix provides of main package.
The mainpage still has provided some perl modules which have been moved into own sub-packages.
-----------------------------------------------------------------------
Summary of changes: net-tools/ether-wake.8 => etherwake/etherwake.8 | 4 +- etherwake/etherwake.nm | 16 +- etherwake/patches/etherwake-1.09-hardening.patch | 30 + gnome-doc-utils/gnome-doc-utils.nm | 47 + hostname/hostname.nm | 46 + net-tools/config.h | 4 +- net-tools/config.make | 4 +- net-tools/ether-wake.c | 392 ---- net-tools/ipmaddr.8 | 34 - net-tools/iptunnel.8 | 42 - net-tools/mii-diag.c | 23 +- net-tools/net-tools.nm | 115 +- net-tools/patches/001-net-tools-cycle.patch | 375 ++++ net-tools/patches/002-net-tools-ipx.patch | 31 + net-tools/patches/003-net-tools-man.patch | 149 ++ net-tools/patches/004-net-tools-interface.patch | 102 + ...tcp.patch => 005-net-tools-duplicate-tcp.patch} | 78 +- net-tools/patches/006-net-tools-statalias.patch | 16 + ...k.patch => 007-net-tools-interface_stack.patch} | 70 +- .../patches/008-net-tools-sctp-statistics.patch | 534 +++++ ...009-net-tools-ifconfig-long-iface-crasher.patch | 36 + net-tools/patches/net-tools-1.57-bug22040.patch | 50 - net-tools/patches/net-tools-1.60-IA64.patch | 33 - net-tools/patches/net-tools-1.60-a-option.patch | 44 - .../net-tools-1.60-arp-unaligned-access.patch | 116 - net-tools/patches/net-tools-1.60-arp_man.patch | 13 - .../patches/net-tools-1.60-arp_overflow.patch | 11 - .../net-tools-1.60-avoid-name-resolution.patch | 31 - net-tools/patches/net-tools-1.60-bcast.patch | 99 - net-tools/patches/net-tools-1.60-clear-flag.patch | 38 - .../net-tools-1.60-continous-flush-stdout.patch | 61 - net-tools/patches/net-tools-1.60-cycle.patch | 311 --- net-tools/patches/net-tools-1.60-de.patch | 11 - net-tools/patches/net-tools-1.60-debug-fix.patch | 61 - net-tools/patches/net-tools-1.60-ec_hw_null.patch | 12 - net-tools/patches/net-tools-1.60-fgets.patch | 41 - net-tools/patches/net-tools-1.60-gcc33.patch | 31 - net-tools/patches/net-tools-1.60-gcc34.patch | 36 - net-tools/patches/net-tools-1.60-hfi.patch | 183 -- .../patches/net-tools-1.60-hostname-short.patch | 38 - .../patches/net-tools-1.60-hostname_man.patch | 36 - net-tools/patches/net-tools-1.60-i-option.patch | 57 - net-tools/patches/net-tools-1.60-ib-warning.patch | 15 - net-tools/patches/net-tools-1.60-ifaceopt.patch | 52 - ...et-tools-1.60-ifconfig-long-iface-crasher.patch | 36 - net-tools/patches/net-tools-1.60-ifconfig.patch | 107 - net-tools/patches/net-tools-1.60-ifconfig_ib.patch | 202 -- .../patches/net-tools-1.60-ifconfig_man.patch | 14 - .../patches/net-tools-1.60-inet6-lookup.patch | 81 - net-tools/patches/net-tools-1.60-interface.patch | 110 - net-tools/patches/net-tools-1.60-ipx.patch | 36 - net-tools/patches/net-tools-1.60-isofix.patch | 33 - .../patches/net-tools-1.60-large-indexes.patch | 12 - .../patches/net-tools-1.60-makefile-berlios.patch | 69 - .../patches/net-tools-1.60-man-RHEL-bugs.patch | 18 - .../patches/net-tools-1.60-man-obsolete.patch | 267 --- net-tools/patches/net-tools-1.60-man.patch | 132 -- net-tools/patches/net-tools-1.60-manydevs.patch | 13 - .../patches/net-tools-1.60-masqinfo-raw-ip.patch | 14 - .../patches/net-tools-1.60-metric-tunnel-man.patch | 21 - net-tools/patches/net-tools-1.60-mii-gigabit.patch | 240 -- .../patches/net-tools-1.60-mii-refactor.patch | 224 -- .../patches/net-tools-1.60-mii-tool-obsolete.patch | 25 - net-tools/patches/net-tools-1.60-miiioctl.patch | 17 - net-tools/patches/net-tools-1.60-nameif.patch | 67 - .../patches/net-tools-1.60-nameif_strncpy.patch | 13 - net-tools/patches/net-tools-1.60-netdevice.patch | 22 - net-tools/patches/net-tools-1.60-netmask.patch | 61 - .../patches/net-tools-1.60-netstat-I-fix.patch | 10 - .../net-tools-1.60-netstat-interfaces-crash.patch | 25 - .../patches/net-tools-1.60-netstat-leak.patch | 11 - .../patches/net-tools-1.60-netstat-probe.patch | 15 - .../patches/net-tools-1.60-netstat_inode.patch | 186 -- .../patches/net-tools-1.60-netstat_stop_trim.patch | 91 - .../patches/net-tools-1.60-netstat_ulong.patch | 11 - net-tools/patches/net-tools-1.60-note.patch | 13 - net-tools/patches/net-tools-1.60-num-ports.patch | 78 - net-tools/patches/net-tools-1.60-overflow.patch | 57 - net-tools/patches/net-tools-1.60-parse.patch | 70 - net-tools/patches/net-tools-1.60-pie.patch | 13 - net-tools/patches/net-tools-1.60-remove_node.patch | 24 - net-tools/patches/net-tools-1.60-return.patch | 28 - .../patches/net-tools-1.60-scanf-format.patch | 140 -- net-tools/patches/net-tools-1.60-sctp-addrs.patch | 346 --- net-tools/patches/net-tools-1.60-sctp-quiet.patch | 11 - net-tools/patches/net-tools-1.60-sctp.patch | 617 ------ net-tools/patches/net-tools-1.60-selinux.patch | 225 -- net-tools/patches/net-tools-1.60-siunits.patch | 80 - net-tools/patches/net-tools-1.60-skip.patch | 13 - .../patches/net-tools-1.60-slattach-fchown.patch | 24 - net-tools/patches/net-tools-1.60-statalias.patch | 15 - .../net-tools-1.60-statistics-doubleword.patch | 366 --- net-tools/patches/net-tools-1.60-statistics.patch | 65 - .../patches/net-tools-1.60-statistics_buffer.patch | 12 - net-tools/patches/net-tools-1.60-stdo.patch | 11 - .../patches/net-tools-1.60-trailingblank.patch | 26 - net-tools/patches/net-tools-1.60-trim_iface.patch | 31 - net-tools/patches/net-tools-1.60-trunc.patch | 42 - net-tools/patches/net-tools-1.60-ulong.patch | 215 -- net-tools/patches/net-tools-1.60-virtualname.patch | 36 - net-tools/patches/net-tools-1.60-x25-proc.patch | 13 - openssh/openssh.nm | 41 +- .../patches/openssh-4.3p2-askpass-grab-info.patch | 18 - .../patches/openssh-5.1p1-askpass-progress.patch | 79 - openssh/patches/openssh-5.1p1-scp-manpage.patch | 18 - openssh/patches/openssh-5.2p1-allow-ip-opts.patch | 37 - openssh/patches/openssh-5.5p1-x11.patch | 54 - openssh/patches/openssh-5.6p1-exit-deadlock.patch | 14 - openssh/patches/openssh-5.6p1-redhat.patch | 101 - openssh/patches/openssh-5.8p1-fingerprint.patch | 421 ---- openssh/patches/openssh-5.8p1-getaddrinfo.patch | 11 - openssh/patches/openssh-5.8p1-localdomain.patch | 14 - openssh/patches/openssh-5.8p1-packet.patch | 12 - openssh/patches/openssh-5.8p2-force_krb.patch | 288 --- ...openssh-5.8p2-remove-stale-control-socket.patch | 13 - openssh/patches/openssh-5.8p2-sigpipe.patch | 12 - openssh/patches/openssh-5.9p1-akc.patch | 452 ---- openssh/patches/openssh-5.9p1-edns.patch | 72 - openssh/patches/openssh-5.9p1-ipfire.patch | 108 - openssh/patches/openssh-5.9p1-ipv6man.patch | 24 - openssh/patches/openssh-5.9p1-keygen.patch | 80 - openssh/patches/openssh-5.9p1-randclean.patch | 13 - openssh/patches/openssh-5.9p1-sftp-chroot.patch | 63 - openssh/patches/openssh-6.0p1-entropy.patch | 272 --- openssh/patches/openssh-6.1p1-akc.patch | 565 ----- openssh/patches/openssh-6.1p1-askpass-ld.patch | 18 - .../openssh-6.1p1-authenticationmethods.patch | 841 ------- openssh/patches/openssh-6.1p1-coverity.patch | 806 ------- openssh/patches/openssh-6.1p1-kuserok.patch | 167 -- .../openssh-6.1p1-required-authentications.patch | 22 - openssh/patches/openssh-6.1p1-role-mls.patch | 934 -------- openssh/patches/openssh-6.1p1-vendor.patch | 158 -- ...1-keyperm.patch => openssh-6.6p1-keyperm.patch} | 23 +- openssh/patches/openssh-6.7p1-audit.patch | 2332 ++++++++++++++++++++ .../patches/openssh-6.7p1-seccomp-aarch64.patch | 66 + .../openssh-6.7p1-sftp-force-permission.patch | 81 + perl-BDB/perl-BDB.nm | 7 +- perl-Coro/perl-Coro.nm | 7 +- perl-Crypt-PasswdMD5/perl-Crypt-PasswdMD5.nm | 18 +- perl-DBI/perl-DBI.nm | 7 +- perl-Digest-SHA1/perl-Digest-SHA1.nm | 9 +- perl-FCGI/perl-FCGI.nm | 11 +- perl-HTML-Parser/perl-HTML-Parser.nm | 8 +- perl-HTML-Tagset/perl-HTML-Tagset.nm | 2 +- perl-IO-AIO/perl-IO-AIO.nm | 7 +- perl-TermReadKey/perl-TermReadKey.nm | 7 +- perl-Tk/perl-Tk.nm | 8 +- perl-URI/perl-URI.nm | 4 +- perl-WWW-Curl/perl-WWW-Curl.nm | 6 +- perl-XML-Parser/perl-XML-Parser.nm | 10 +- perl-common-sense/perl-common-sense.nm | 7 +- perl-libintl-perl/perl-libintl-perl.nm | 10 +- perl/perl.nm | 5 +- shadow-utils/shadow-utils.nm | 6 +- 154 files changed, 4042 insertions(+), 12609 deletions(-) rename net-tools/ether-wake.8 => etherwake/etherwake.8 (95%) create mode 100644 etherwake/patches/etherwake-1.09-hardening.patch create mode 100644 gnome-doc-utils/gnome-doc-utils.nm create mode 100644 hostname/hostname.nm delete mode 100644 net-tools/ether-wake.c delete mode 100644 net-tools/ipmaddr.8 delete mode 100644 net-tools/iptunnel.8 create mode 100644 net-tools/patches/001-net-tools-cycle.patch create mode 100644 net-tools/patches/002-net-tools-ipx.patch create mode 100644 net-tools/patches/003-net-tools-man.patch create mode 100644 net-tools/patches/004-net-tools-interface.patch rename net-tools/patches/{net-tools-1.60-duplicate-tcp.patch => 005-net-tools-duplicate-tcp.patch} (70%) create mode 100644 net-tools/patches/006-net-tools-statalias.patch rename net-tools/patches/{net-tools-1.60-interface_stack.patch => 007-net-tools-interface_stack.patch} (53%) create mode 100644 net-tools/patches/008-net-tools-sctp-statistics.patch create mode 100644 net-tools/patches/009-net-tools-ifconfig-long-iface-crasher.patch delete mode 100644 net-tools/patches/net-tools-1.57-bug22040.patch delete mode 100644 net-tools/patches/net-tools-1.60-IA64.patch delete mode 100644 net-tools/patches/net-tools-1.60-a-option.patch delete mode 100644 net-tools/patches/net-tools-1.60-arp-unaligned-access.patch delete mode 100644 net-tools/patches/net-tools-1.60-arp_man.patch delete mode 100644 net-tools/patches/net-tools-1.60-arp_overflow.patch delete mode 100644 net-tools/patches/net-tools-1.60-avoid-name-resolution.patch delete mode 100644 net-tools/patches/net-tools-1.60-bcast.patch delete mode 100644 net-tools/patches/net-tools-1.60-clear-flag.patch delete mode 100644 net-tools/patches/net-tools-1.60-continous-flush-stdout.patch delete mode 100644 net-tools/patches/net-tools-1.60-cycle.patch delete mode 100644 net-tools/patches/net-tools-1.60-de.patch delete mode 100644 net-tools/patches/net-tools-1.60-debug-fix.patch delete mode 100644 net-tools/patches/net-tools-1.60-ec_hw_null.patch delete mode 100644 net-tools/patches/net-tools-1.60-fgets.patch delete mode 100644 net-tools/patches/net-tools-1.60-gcc33.patch delete mode 100644 net-tools/patches/net-tools-1.60-gcc34.patch delete mode 100644 net-tools/patches/net-tools-1.60-hfi.patch delete mode 100644 net-tools/patches/net-tools-1.60-hostname-short.patch delete mode 100644 net-tools/patches/net-tools-1.60-hostname_man.patch delete mode 100644 net-tools/patches/net-tools-1.60-i-option.patch delete mode 100644 net-tools/patches/net-tools-1.60-ib-warning.patch delete mode 100644 net-tools/patches/net-tools-1.60-ifaceopt.patch delete mode 100644 net-tools/patches/net-tools-1.60-ifconfig-long-iface-crasher.patch delete mode 100644 net-tools/patches/net-tools-1.60-ifconfig.patch delete mode 100644 net-tools/patches/net-tools-1.60-ifconfig_ib.patch delete mode 100644 net-tools/patches/net-tools-1.60-ifconfig_man.patch delete mode 100644 net-tools/patches/net-tools-1.60-inet6-lookup.patch delete mode 100644 net-tools/patches/net-tools-1.60-interface.patch delete mode 100644 net-tools/patches/net-tools-1.60-ipx.patch delete mode 100644 net-tools/patches/net-tools-1.60-isofix.patch delete mode 100644 net-tools/patches/net-tools-1.60-large-indexes.patch delete mode 100644 net-tools/patches/net-tools-1.60-makefile-berlios.patch delete mode 100644 net-tools/patches/net-tools-1.60-man-RHEL-bugs.patch delete mode 100644 net-tools/patches/net-tools-1.60-man-obsolete.patch delete mode 100644 net-tools/patches/net-tools-1.60-man.patch delete mode 100644 net-tools/patches/net-tools-1.60-manydevs.patch delete mode 100644 net-tools/patches/net-tools-1.60-masqinfo-raw-ip.patch delete mode 100644 net-tools/patches/net-tools-1.60-metric-tunnel-man.patch delete mode 100644 net-tools/patches/net-tools-1.60-mii-gigabit.patch delete mode 100644 net-tools/patches/net-tools-1.60-mii-refactor.patch delete mode 100644 net-tools/patches/net-tools-1.60-mii-tool-obsolete.patch delete mode 100644 net-tools/patches/net-tools-1.60-miiioctl.patch delete mode 100644 net-tools/patches/net-tools-1.60-nameif.patch delete mode 100644 net-tools/patches/net-tools-1.60-nameif_strncpy.patch delete mode 100644 net-tools/patches/net-tools-1.60-netdevice.patch delete mode 100644 net-tools/patches/net-tools-1.60-netmask.patch delete mode 100644 net-tools/patches/net-tools-1.60-netstat-I-fix.patch delete mode 100644 net-tools/patches/net-tools-1.60-netstat-interfaces-crash.patch delete mode 100644 net-tools/patches/net-tools-1.60-netstat-leak.patch delete mode 100644 net-tools/patches/net-tools-1.60-netstat-probe.patch delete mode 100644 net-tools/patches/net-tools-1.60-netstat_inode.patch delete mode 100644 net-tools/patches/net-tools-1.60-netstat_stop_trim.patch delete mode 100644 net-tools/patches/net-tools-1.60-netstat_ulong.patch delete mode 100644 net-tools/patches/net-tools-1.60-note.patch delete mode 100644 net-tools/patches/net-tools-1.60-num-ports.patch delete mode 100644 net-tools/patches/net-tools-1.60-overflow.patch delete mode 100644 net-tools/patches/net-tools-1.60-parse.patch delete mode 100644 net-tools/patches/net-tools-1.60-pie.patch delete mode 100644 net-tools/patches/net-tools-1.60-remove_node.patch delete mode 100644 net-tools/patches/net-tools-1.60-return.patch delete mode 100644 net-tools/patches/net-tools-1.60-scanf-format.patch delete mode 100644 net-tools/patches/net-tools-1.60-sctp-addrs.patch delete mode 100644 net-tools/patches/net-tools-1.60-sctp-quiet.patch delete mode 100644 net-tools/patches/net-tools-1.60-sctp.patch delete mode 100644 net-tools/patches/net-tools-1.60-selinux.patch delete mode 100644 net-tools/patches/net-tools-1.60-siunits.patch delete mode 100644 net-tools/patches/net-tools-1.60-skip.patch delete mode 100644 net-tools/patches/net-tools-1.60-slattach-fchown.patch delete mode 100644 net-tools/patches/net-tools-1.60-statalias.patch delete mode 100644 net-tools/patches/net-tools-1.60-statistics-doubleword.patch delete mode 100644 net-tools/patches/net-tools-1.60-statistics.patch delete mode 100644 net-tools/patches/net-tools-1.60-statistics_buffer.patch delete mode 100644 net-tools/patches/net-tools-1.60-stdo.patch delete mode 100644 net-tools/patches/net-tools-1.60-trailingblank.patch delete mode 100644 net-tools/patches/net-tools-1.60-trim_iface.patch delete mode 100644 net-tools/patches/net-tools-1.60-trunc.patch delete mode 100644 net-tools/patches/net-tools-1.60-ulong.patch delete mode 100644 net-tools/patches/net-tools-1.60-virtualname.patch delete mode 100644 net-tools/patches/net-tools-1.60-x25-proc.patch delete mode 100644 openssh/patches/openssh-4.3p2-askpass-grab-info.patch delete mode 100644 openssh/patches/openssh-5.1p1-askpass-progress.patch delete mode 100644 openssh/patches/openssh-5.1p1-scp-manpage.patch delete mode 100644 openssh/patches/openssh-5.2p1-allow-ip-opts.patch delete mode 100644 openssh/patches/openssh-5.5p1-x11.patch delete mode 100644 openssh/patches/openssh-5.6p1-exit-deadlock.patch delete mode 100644 openssh/patches/openssh-5.6p1-redhat.patch delete mode 100644 openssh/patches/openssh-5.8p1-fingerprint.patch delete mode 100644 openssh/patches/openssh-5.8p1-getaddrinfo.patch delete mode 100644 openssh/patches/openssh-5.8p1-localdomain.patch delete mode 100644 openssh/patches/openssh-5.8p1-packet.patch delete mode 100644 openssh/patches/openssh-5.8p2-force_krb.patch delete mode 100644 openssh/patches/openssh-5.8p2-remove-stale-control-socket.patch delete mode 100644 openssh/patches/openssh-5.8p2-sigpipe.patch delete mode 100644 openssh/patches/openssh-5.9p1-akc.patch delete mode 100644 openssh/patches/openssh-5.9p1-edns.patch delete mode 100644 openssh/patches/openssh-5.9p1-ipfire.patch delete mode 100644 openssh/patches/openssh-5.9p1-ipv6man.patch delete mode 100644 openssh/patches/openssh-5.9p1-keygen.patch delete mode 100644 openssh/patches/openssh-5.9p1-randclean.patch delete mode 100644 openssh/patches/openssh-5.9p1-sftp-chroot.patch delete mode 100644 openssh/patches/openssh-6.0p1-entropy.patch delete mode 100644 openssh/patches/openssh-6.1p1-akc.patch delete mode 100644 openssh/patches/openssh-6.1p1-askpass-ld.patch delete mode 100644 openssh/patches/openssh-6.1p1-authenticationmethods.patch delete mode 100644 openssh/patches/openssh-6.1p1-coverity.patch delete mode 100644 openssh/patches/openssh-6.1p1-kuserok.patch delete mode 100644 openssh/patches/openssh-6.1p1-required-authentications.patch delete mode 100644 openssh/patches/openssh-6.1p1-role-mls.patch delete mode 100644 openssh/patches/openssh-6.1p1-vendor.patch rename openssh/patches/{openssh-5.8p1-keyperm.patch => openssh-6.6p1-keyperm.patch} (54%) create mode 100644 openssh/patches/openssh-6.7p1-audit.patch create mode 100644 openssh/patches/openssh-6.7p1-seccomp-aarch64.patch create mode 100644 openssh/patches/openssh-6.7p1-sftp-force-permission.patch
Difference in files: diff --git a/etherwake/etherwake.8 b/etherwake/etherwake.8 new file mode 100644 index 0000000..f51ec44 --- /dev/null +++ b/etherwake/etherwake.8 @@ -0,0 +1,81 @@ +." Hey, EMACS: -*- nroff -*- +." First parameter, NAME, should be all caps +." Second parameter, SECTION, should be 1-8, maybe w/ subsection +." other parameters are allowed: see man(7), man(1) +.TH ETHER-WAKE 8 "March 31, 2003" "Scyld" +." Please adjust this date whenever revising the manpage. +." +." Some roff macros, for reference: +." .nh disable hyphenation +." .hy enable hyphenation +." .ad l left justify +." .ad b justify to both left and right margins +." .nf disable filling +." .fi enable filling +." .br insert line break +." .sp <n> insert n+1 empty lines +." for manpage-specific macros, see man(7) +.SH NAME +ether-wake - A tool to send a Wake-On-LAN "Magic Packet" +.SH SYNOPSIS +.B ether-wake +.RI [ options ] " Host-ID" +.SH DESCRIPTION +This manual page documents the usage of the +.B ether-wake +command. +.PP +." TeX users may be more comfortable with the \fB<whatever>\fP and +." \fI<whatever>\fP escape sequences to invoke bold face and italics, +." respectively. +\fBether-wake\fP is a program that generates and transmits a Wake-On-LAN +(WOL) "Magic Packet", used for restarting machines that have been +soft-powered-down (ACPI D3-warm state). It generates the standard +AMD Magic Packet format, optionally with a password included. The +single required parameter is a station (MAC) address or a host ID that can +be translated to a MAC address by an +.BR ethers (5) +database specified in +.BR nsswitch.conf (5) +. +.SH OPTIONS +\fBether-wake\fP needs a single dash (ÂŽ-ÂŽ) in front of options. +A summary of options is included below. +.TP +.B -b +Send the wake-up packet to the broadcast address. +.TP +.B -D +Increase the Debug Level. +.TP +.B -i ifname +Use interface ifname instead of the default "eth0". +.TP +.B -p passwd +Append a four or six byte password to the packet. Only a few adapters +need or support this. A six byte password may be specified in Ethernet hex +format (00:22:44:66:88:aa) or four byte dotted decimal (192.168.1.1) format. +A four byte password must use the dotted decimal format. + +.TP +.B -V +Show the program version information. + +.SH EXIT STATUS +This program returns 0 on success. +A permission failures (e.g. run as a non-root user) results in an exit +status of 2. Unrecognized or invalid parameters result in an exit +status of 3. Failure to retrieve network interface information or send +a packet will result in an exit status of 1. + +.SH SEE ALSO +.BR arp (8). +.br +.SH SECURITY +On some non-Linux systems dropping root capability allows the process to be +dumped, traced or debugged. +If someone traces this program, they get control of a raw socket. +Linux handles this safely, but beware when porting this program. +.SH AUTHOR +The ether-wake program was written by Donald Becker at Scyld Computing +Corporation for use with the Scyld(*(Tm) Beowulf System. diff --git a/etherwake/etherwake.nm b/etherwake/etherwake.nm index 57728b7..f6d44e3 100644 --- a/etherwake/etherwake.nm +++ b/etherwake/etherwake.nm @@ -5,16 +5,16 @@
name = etherwake version = 1.09 -release = 2 +release = 3
groups = Networking/Tools -url = -license = +url = http://www.scyld.com +license = GPL summary = Can wake up sleeping PCs by WOL.
description - A little tool to send magic Wake-on-LAN packets You can wake up WOL \ - compliant Computers which have been powered down to sleep mode or start \ + A little tool to send magic Wake-on-LAN packets You can wake up WOL + compliant Computers which have been powered down to sleep mode or start WOL compliant Computers with a BIOS feature. end
@@ -28,12 +28,16 @@ build install mkdir -pv %{BUILDROOT}/usr/sbin make install DESTDIR=%{BUILDROOT} + + # Install man-page. + mkdir -pv %{BUILDROOT}%{mandir}/man8 + install -m 644 %{DIR_SOURCE}/etherwake.8 \ + %{BUILDROOT}%{mandir}/man8 end end
packages package %{name} - end
package %{name}-debuginfo template DEBUGINFO diff --git a/etherwake/patches/etherwake-1.09-hardening.patch b/etherwake/patches/etherwake-1.09-hardening.patch new file mode 100644 index 0000000..238b740 --- /dev/null +++ b/etherwake/patches/etherwake-1.09-hardening.patch @@ -0,0 +1,30 @@ +diff -Nur etherwake-1.09/ether-wake.c etherwake-1.09_new/ether-wake.c +--- etherwake-1.09/ether-wake.c 2005-07-10 18:44:25.000000000 +0000 ++++ etherwake-1.09_new/ether-wake.c 2015-04-05 12:22:20.157004547 +0000 +@@ -131,7 +131,7 @@ + case 'D': debug++; break; + case 'i': ifname = optarg; break; + case 'p': get_wol_pw(optarg); break; +- case 'u': printf(usage_msg); return 0; ++ case 'u': printf("%s",usage_msg); return 0; + case 'v': verbose++; break; + case 'V': do_version++; break; + case '?': +@@ -140,7 +140,7 @@ + if (verbose || do_version) + printf("%s\n", version_msg); + if (errflag) { +- fprintf(stderr, brief_usage_msg); ++ fprintf(stderr,"%s", brief_usage_msg); + return 3; + } + +@@ -181,7 +181,7 @@ + The code to retrieve the local station address is Linux specific. */ + if (! opt_no_src_addr) { + struct ifreq if_hwaddr; +- unsigned char *hwaddr = if_hwaddr.ifr_hwaddr.sa_data; ++ const char *hwaddr = if_hwaddr.ifr_hwaddr.sa_data; + + strcpy(if_hwaddr.ifr_name, ifname); + if (ioctl(s, SIOCGIFHWADDR, &if_hwaddr) < 0) { diff --git a/gnome-doc-utils/gnome-doc-utils.nm b/gnome-doc-utils/gnome-doc-utils.nm new file mode 100644 index 0000000..4246ce1 --- /dev/null +++ b/gnome-doc-utils/gnome-doc-utils.nm @@ -0,0 +1,47 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = gnome-doc-utils +ver_major = 0.20 +ver_minor = 10 +version = %{ver_major}.%{ver_minor} +release = 1 + +groups = Development/Tools +url = http://www.gnome.org/ +license = GPLv2+ and LGPLv2+ and GFDL +summary = Documentation utilities for GNOME. + +description + gnome-doc-utils is a collection of documentation utilities for the GNOME + project. Notably, it contains utilities for building documentation and + all auxiliary files in your source tree. +end + +source_dl = http://download.gnome.org/sources/gnome-doc-utils/%%7Bver_major%7D/ +sources = %{thisapp}.tar.xz + +build + requires + perl(XML::Parser) + intltool >= 0.35.0 + libxml2-devel >= 2.6.12 + libxslt-devel >= 1.1.8 + end +end + +packages + package %{name} + requires + docbook-dtds + libxml2 >= 2.6.12 + libxslt >= 1.1.8 + end + end + + package %{name}-devel + template DEVEL + end +end diff --git a/hostname/hostname.nm b/hostname/hostname.nm new file mode 100644 index 0000000..c23a4d6 --- /dev/null +++ b/hostname/hostname.nm @@ -0,0 +1,46 @@ +############################################################################### +# IPFire.org - An Open Source Firewall Solution # +# Copyright (C) - IPFire Development Team info@ipfire.org # +############################################################################### + +name = hostname +version = 3.15 +release = 1 + +groups = System Environment/Base +url = http://packages.qa.debian.org/h/hostname.html +license = GPLv2+ +summary = Utility to set/show the host name or domain name. + +description + This package provides commands which can be used to display the system's + DNS name, and to display or set its hostname or NIS domain name. +end + +source_dl = http://ftp.de.debian.org/debian/pool/main/h/hostname/ +sources = %{name}_%{version}.tar.gz + +build + DIR_APP = %{DIR_SRC}/%{name} + + make_build_targets += \ + CFLAGS="%{CFLAGS}" + + make_install_targets += \ + BASEDIR=%{BUILDROOT} \ + BINDIR=%{bindir} +end + +packages + package %{name} + groups += Base + end + + conflicts + net-tools < 2.0 + end + + package %{name}-debuginfo + template DEBUGINFO + end +end diff --git a/net-tools/config.h b/net-tools/config.h index 7bb954a..f63aecb 100644 --- a/net-tools/config.h +++ b/net-tools/config.h @@ -49,8 +49,8 @@ #define HAVE_HWSLIP 0 #define HAVE_HWPPP 1 #define HAVE_HWTUNNEL 1 -#define HAVE_HWSTRIP 1 -#define HAVE_HWTR 1 +#define HAVE_HWSTRIP 0 +#define HAVE_HWTR 0 #define HAVE_HWAX25 1 #define HAVE_HWROSE 1 #define HAVE_HWNETROM 1 diff --git a/net-tools/config.make b/net-tools/config.make index e7cfc99..5cde36b 100644 --- a/net-tools/config.make +++ b/net-tools/config.make @@ -16,8 +16,8 @@ HAVE_HWARC=1 HAVE_HWSLIP=1 HAVE_HWPPP=1 HAVE_HWTUNNEL=1 -HAVE_HWSTRIP=1 -HAVE_HWTR=1 +HAVE_HWSTRIP=0 +HAVE_HWTR=0 HAVE_HWAX25=1 HAVE_HWROSE=1 HAVE_HWNETROM=1 diff --git a/net-tools/ether-wake.8 b/net-tools/ether-wake.8 deleted file mode 100644 index 26b4f85..0000000 --- a/net-tools/ether-wake.8 +++ /dev/null @@ -1,81 +0,0 @@ -." Hey, EMACS: -*- nroff -*- -." First parameter, NAME, should be all caps -." Second parameter, SECTION, should be 1-8, maybe w/ subsection -." other parameters are allowed: see man(7), man(1) -.TH ETHER-WAKE 8 "March 31, 2003" "Scyld" -." Please adjust this date whenever revising the manpage. -." -." Some roff macros, for reference: -." .nh disable hyphenation -." .hy enable hyphenation -." .ad l left justify -." .ad b justify to both left and right margins -." .nf disable filling -." .fi enable filling -." .br insert line break -." .sp <n> insert n+1 empty lines -." for manpage-specific macros, see man(7) -.SH NAME -ether-wake - A tool to send a Wake-On-LAN "Magic Packet" -.SH SYNOPSIS -.B ether-wake -.RI [ options ] " Host-ID" -.SH DESCRIPTION -This manual page documents the usage of the -.B ether-wake -command. -.PP -." TeX users may be more comfortable with the \fB<whatever>\fP and -." \fI<whatever>\fP escape sequences to invode bold face and italics, -." respectively. -\fBether-wake\fP is a program that generates and transmits a Wake-On-LAN -(WOL) "Magic Packet", used for restarting machines that have been -soft-powered-down (ACPI D3-warm state). It generates the standard -AMD Magic Packet format, optionally with a password included. The -single required parameter is a station (MAC) address or a host ID that can -be translated to a MAC address by an -.BR ethers (5) -database specified in -.BR nsswitch.conf (5) -. -.SH OPTIONS -\fBether-wake\fP needs a single dash (ÂŽ-ÂŽ) in front of options. -A summary of options is included below. -.TP -.B -b -Send the wake-up packet to the broadcast address. -.TP -.B -D -Increase the Debug Level. -.TP -.B -i ifname -Use interface ifname instead of the default "eth0". -.TP -.B -p passwd -Append a four or six byte password to the packet. Only a few adapters -need or support this. A six byte password may be specified in Ethernet hex -format (00:22:44:66:88:aa) or four byte dotted decimal (192.168.1.1) format. -A four byte password must use the dotted decimal format. - -.TP -.B -V -Show the program version information. - -.SH EXIT STATUS -This program returns 0 on success. -A permission failures (e.g. run as a non-root user) results in an exit -status of 2. Unrecognized or invalid parameters result in an exit -status of 3. Failure to retrieve network interface information or send -a packet will result in an exit status of 1. - -.SH SEE ALSO -.BR arp (8). -.br -.SH SECURITY -On some non-Linux systems dropping root capability allows the process to be -dumped, traced or debugged. -If someone traces this program, they get control of a raw socket. -Linux handles this safely, but beware when porting this program. -.SH AUTHOR -The etherwake program was written by Donald Becker at Scyld Computing -Corporation for use with the Scyld(*(Tm) Beowulf System. diff --git a/net-tools/ether-wake.c b/net-tools/ether-wake.c deleted file mode 100644 index eef22a7..0000000 --- a/net-tools/ether-wake.c +++ /dev/null @@ -1,392 +0,0 @@ -/* ether-wake.c: Send a magic packet to wake up sleeping machines. */ - -static char version_msg[] = -"ether-wake.c: v1.09 11/12/2003 Donald Becker, http://www.scyld.com/"; -static char brief_usage_msg[] = -"usage: ether-wake [-i <ifname>] [-p aa:bb:cc:dd[:ee:ff]] 00:11:22:33:44:55\n" -" Use '-u' to see the complete set of options.\n"; -static char usage_msg[] = -"usage: ether-wake [-i <ifname>] [-p aa:bb:cc:dd[:ee:ff]] 00:11:22:33:44:55\n" -"\n" -" This program generates and transmits a Wake-On-LAN (WOL)\n" -" "Magic Packet", used for restarting machines that have been\n" -" soft-powered-down (ACPI D3-warm state).\n" -" It currently generates the standard AMD Magic Packet format, with\n" -" an optional password appended.\n" -"\n" -" The single required parameter is the Ethernet MAC (station) address\n" -" of the machine to wake or a host ID with known NSS 'ethers' entry.\n" -" The MAC address may be found with the 'arp' program while the target\n" -" machine is awake.\n" -"\n" -" Options:\n" -" -b Send wake-up packet to the broadcast address.\n" -" -D Increase the debug level.\n" -" -i ifname Use interface IFNAME instead of the default 'eth0'.\n" -" -p <pw> Append the four or six byte password PW to the packet.\n" -" A password is only required for a few adapter types.\n" -" The password may be specified in ethernet hex format\n" -" or dotted decimal (Internet address)\n" -" -p 00:22:44:66:88:aa\n" -" -p 192.168.1.1\n"; - -/* - This program generates and transmits a Wake-On-LAN (WOL) "Magic Packet", - used for restarting machines that have been soft-powered-down - (ACPI D3-warm state). It currently generates the standard AMD Magic Packet - format, with an optional password appended. - - This software may be used and distributed according to the terms - of the GNU Public License, incorporated herein by reference. - Contact the author for use under other terms. - - This source file was originally part of the network tricks package, and - is now distributed to support the Scyld Beowulf system. - Copyright 1999-2003 Donald Becker and Scyld Computing Corporation. - - The author may be reached as becker@scyld, or C/O - Scyld Computing Corporation - 914 Bay Ridge Road, Suite 220 - Annapolis MD 21403 - - Notes: - On some systems dropping root capability allows the process to be - dumped, traced or debugged. - If someone traces this program, they get control of a raw socket. - Linux handles this safely, but beware when porting this program. - - An alternative to needing 'root' is using a UDP broadcast socket, however - doing so only works with adapters configured for unicast+broadcast Rx - filter. That configuration consumes more power. -*/ - -#include <unistd.h> -#include <stdlib.h> -#include <stdio.h> -#include <errno.h> -#include <ctype.h> -#include <string.h> - -#if 0 /* Only exists on some versions. */ -#include <ioctls.h> -#endif - -#include <sys/socket.h> - -#include <sys/types.h> -#include <sys/ioctl.h> -#include <linux/if.h> - -#include <features.h> -#if __GLIBC__ >= 2 && __GLIBC_MINOR >= 1 -#include <netpacket/packet.h> -#include <net/ethernet.h> -#else -#include <asm/types.h> -#include <linux/if_packet.h> -#include <linux/if_ether.h> -#endif -#include <netdb.h> -#include <netinet/ether.h> - -/* Grrr, no consistency between include versions. - Enable this if setsockopt() isn't declared with your library. */ -#if 0 -extern int setsockopt __P ((int __fd, int __level, int __optname, - __ptr_t __optval, int __optlen)); -#else /* New, correct head files. */ -#include <sys/socket.h> -#endif - -u_char outpack[1000]; -int outpack_sz = 0; -int debug = 0; -u_char wol_passwd[6]; -int wol_passwd_sz = 0; - -static int opt_no_src_addr = 0, opt_broadcast = 0; - -static int get_dest_addr(const char *arg, struct ether_addr *eaddr); -static int get_fill(unsigned char *pkt, struct ether_addr *eaddr); -static int get_wol_pw(const char *optarg); - -int main(int argc, char *argv[]) -{ - char *ifname = "eth0"; - int one = 1; /* True, for socket options. */ - int s; /* Raw socket */ - int errflag = 0, verbose = 0, do_version = 0; - int perm_failure = 0; - int i, c, pktsize; -#if defined(PF_PACKET) - struct sockaddr_ll whereto; -#else - struct sockaddr whereto; /* who to wake up */ -#endif - struct ether_addr eaddr; - - while ((c = getopt(argc, argv, "bDi:p:uvV")) != -1) - switch (c) { - case 'b': opt_broadcast++; break; - case 'D': debug++; break; - case 'i': ifname = optarg; break; - case 'p': get_wol_pw(optarg); break; - case 'u': printf(usage_msg); return 0; - case 'v': verbose++; break; - case 'V': do_version++; break; - case '?': - errflag++; - } - if (verbose || do_version) - printf("%s\n", version_msg); - if (errflag) { - fprintf(stderr, brief_usage_msg); - return 3; - } - - if (optind == argc) { - fprintf(stderr, "Specify the Ethernet address as 00:11:22:33:44:55.\n"); - return 3; - } - - /* Note: PF_INET, SOCK_DGRAM, IPPROTO_UDP would allow SIOCGIFHWADDR to - work as non-root, but we need SOCK_PACKET to specify the Ethernet - destination address. */ -#if defined(PF_PACKET) - s = socket(PF_PACKET, SOCK_RAW, 0); -#else - s = socket(AF_INET, SOCK_PACKET, SOCK_PACKET); -#endif - if (s < 0) { - if (errno == EPERM) - fprintf(stderr, "ether-wake: This program must be run as root.\n"); - else - perror("ether-wake: socket"); - perm_failure++; - } - /* Don't revert if debugging allows a normal user to get the raw socket. */ - setuid(getuid()); - - /* We look up the station address before reporting failure so that - errors may be reported even when run as a normal user. - */ - if (get_dest_addr(argv[optind], &eaddr) != 0) - return 3; - if (perm_failure && ! debug) - return 2; - - pktsize = get_fill(outpack, &eaddr); - - /* Fill in the source address, if possible. - The code to retrieve the local station address is Linux specific. */ - if (! opt_no_src_addr) { - struct ifreq if_hwaddr; - unsigned char *hwaddr = if_hwaddr.ifr_hwaddr.sa_data; - - strcpy(if_hwaddr.ifr_name, ifname); - if (ioctl(s, SIOCGIFHWADDR, &if_hwaddr) < 0) { - fprintf(stderr, "SIOCGIFHWADDR on %s failed: %s\n", ifname, - strerror(errno)); - /* Magic packets still work if our source address is bogus, but - we fail just to be anal. */ - return 1; - } - memcpy(outpack+6, if_hwaddr.ifr_hwaddr.sa_data, 6); - - if (verbose) { - printf("The hardware address (SIOCGIFHWADDR) of %s is type %d " - "%2.2x:%2.2x:%2.2x:%2.2x:%2.2x:%2.2x.\n", ifname, - if_hwaddr.ifr_hwaddr.sa_family, hwaddr[0], hwaddr[1], - hwaddr[2], hwaddr[3], hwaddr[4], hwaddr[5]); - } - } - - if (wol_passwd_sz > 0) { - memcpy(outpack+pktsize, wol_passwd, wol_passwd_sz); - pktsize += wol_passwd_sz; - } - - if (verbose > 1) { - printf("The final packet is: "); - for (i = 0; i < pktsize; i++) - printf(" %2.2x", outpack[i]); - printf(".\n"); - } - - /* This is necessary for broadcasts to work */ - if (setsockopt(s, SOL_SOCKET, SO_BROADCAST, (char *)&one, sizeof(one)) < 0) - perror("setsockopt: SO_BROADCAST"); - -#if defined(PF_PACKET) - { - struct ifreq ifr; - strncpy(ifr.ifr_name, ifname, sizeof(ifr.ifr_name)); - if (ioctl(s, SIOCGIFINDEX, &ifr) == -1) { - fprintf(stderr, "SIOCGIFINDEX on %s failed: %s\n", ifname, - strerror(errno)); - return 1; - } - memset(&whereto, 0, sizeof(whereto)); - whereto.sll_family = AF_PACKET; - whereto.sll_ifindex = ifr.ifr_ifindex; - /* The manual page incorrectly claims the address must be filled. - We do so because the code may change to match the docs. */ - whereto.sll_halen = ETH_ALEN; - memcpy(whereto.sll_addr, outpack, ETH_ALEN); - - } -#else - whereto.sa_family = 0; - strcpy(whereto.sa_data, ifname); -#endif - - if ((i = sendto(s, outpack, pktsize, 0, (struct sockaddr *)&whereto, - sizeof(whereto))) < 0) - perror("sendto"); - else if (debug) - printf("Sendto worked ! %d.\n", i); - -#ifdef USE_SEND - if (bind(s, (struct sockaddr *)&whereto, sizeof(whereto)) < 0) - perror("bind"); - else if (send(s, outpack, 100, 0) < 0) - perror("send"); -#endif -#ifdef USE_SENDMSG - { - struct msghdr msghdr = { 0,}; - struct iovec iovector[1]; - msghdr.msg_name = &whereto; - msghdr.msg_namelen = sizeof(whereto); - msghdr.msg_iov = iovector; - msghdr.msg_iovlen = 1; - iovector[0].iov_base = outpack; - iovector[0].iov_len = pktsize; - if ((i = sendmsg(s, &msghdr, 0)) < 0) - perror("sendmsg"); - else if (debug) - printf("sendmsg worked, %d (%d).\n", i, errno); - } -#endif - - return 0; -} - -/* Convert the host ID string to a MAC address. - The string may be a - Host name - IP address string - MAC address string -*/ - -static int get_dest_addr(const char *hostid, struct ether_addr *eaddr) -{ - struct ether_addr *eap; - - eap = ether_aton(hostid); - if (eap) { - *eaddr = *eap; - if (debug) - fprintf(stderr, "The target station address is %s.\n", - ether_ntoa(eaddr)); - } else if (ether_hostton(hostid, eaddr) == 0) { - if (debug) - fprintf(stderr, "Station address for hostname %s is %s.\n", - hostid, ether_ntoa(eaddr)); - } else { - (void)fprintf(stderr, - "ether-wake: The Magic Packet host address must be " - "specified as\n" - " - a station address, 00:11:22:33:44:55, or\n" - " - a hostname with a known 'ethers' entry.\n"); - return -1; - } - return 0; -} - - -static int get_fill(unsigned char *pkt, struct ether_addr *eaddr) -{ - int offset, i; - unsigned char *station_addr = eaddr->ether_addr_octet; - - if (opt_broadcast) - memset(pkt+0, 0xff, 6); - else - memcpy(pkt, station_addr, 6); - memcpy(pkt+6, station_addr, 6); - pkt[12] = 0x08; /* Or 0x0806 for ARP, 0x8035 for RARP */ - pkt[13] = 0x42; - offset = 14; - - memset(pkt+offset, 0xff, 6); - offset += 6; - - for (i = 0; i < 16; i++) { - memcpy(pkt+offset, station_addr, 6); - offset += 6; - } - if (debug) { - fprintf(stderr, "Packet is "); - for (i = 0; i < offset; i++) - fprintf(stderr, " %2.2x", pkt[i]); - fprintf(stderr, ".\n"); - } - return offset; -} - -static int get_wol_pw(const char *optarg) -{ - int passwd[6]; - int byte_cnt; - int i; - - byte_cnt = sscanf(optarg, "%2x:%2x:%2x:%2x:%2x:%2x", - &passwd[0], &passwd[1], &passwd[2], - &passwd[3], &passwd[4], &passwd[5]); - if (byte_cnt < 4) - byte_cnt = sscanf(optarg, "%d.%d.%d.%d", - &passwd[0], &passwd[1], &passwd[2], &passwd[3]); - if (byte_cnt < 4) { - fprintf(stderr, "Unable to read the Wake-On-LAN password.\n"); - return 0; - } - printf(" The Magic packet password is %2.2x %2.2x %2.2x %2.2x (%d).\n", - passwd[0], passwd[1], passwd[2], passwd[3], byte_cnt); - for (i = 0; i < byte_cnt; i++) - wol_passwd[i] = passwd[i]; - return wol_passwd_sz = byte_cnt; -} - -#if 0 -{ - to = (struct sockaddr_in *)&whereto; - to->sin_family = AF_INET; - if (inet_aton(target, &to->sin_addr)) { - hostname = target; - } - memset (&sa, 0, sizeof sa); - sa.sa_family = AF_INET; - strncpy (sa.sa_data, interface, sizeof sa.sa_data); - sendto (sock, buf, bufix + len, 0, &sa, sizeof sa); - strncpy (sa.sa_data, interface, sizeof sa.sa_data); -#if 1 - sendto (sock, buf, bufix + len, 0, &sa, sizeof sa); -#else - bind (sock, &sa, sizeof sa); - connect(); - send (sock, buf, bufix + len, 0); -#endif -} -#endif - - -/* - * Local variables: - * compile-command: "gcc -O -Wall -o ether-wake ether-wake.c" - * c-indent-level: 4 - * c-basic-offset: 4 - * c-indent-level: 4 - * tab-width: 4 - * End: - */ diff --git a/net-tools/ipmaddr.8 b/net-tools/ipmaddr.8 deleted file mode 100644 index d2b0046..0000000 --- a/net-tools/ipmaddr.8 +++ /dev/null @@ -1,34 +0,0 @@ -." Process this file with -." groff -man -Tascii iptstate.8 -." -.TH IPMADDR 8 "SEPTEMBER 2009" "" "" -." -." Man page written by Jiri Popelka <jpopelka AT redhat DOT com> -." -.SH NAME -.B ipmaddr -- adds, deletes, and displays multicast addresses - -.SH SYNOPSIS -.B /usr/sbin/ipmaddr -.RB [< operation >] -.RB [< args >] - -.SH NOTE -.P -This program is obsolete. For replacement check \fBip maddress\fR. - -.SH DESCRIPTION -The \fBipmaddr\fR command can perform one of the following operations: - -.B add -- add a multicast address - -.B del -- delete a multicast address - -.B show -- list multicast addresses - -.SH SEE ALSO -.BR ip (8). diff --git a/net-tools/iptunnel.8 b/net-tools/iptunnel.8 deleted file mode 100644 index 2dacd40..0000000 --- a/net-tools/iptunnel.8 +++ /dev/null @@ -1,42 +0,0 @@ -." Process this file with -." groff -man -Tascii iptstate.8 -." -.TH IPTUNNEL 8 "SEPTEMBER 2009" "" "" -." -." Man page written by Jiri Popelka <jpopelka AT redhat DOT com> -." -.SH NAME - -.B iptunnel -- creates, deletes, and displays configured tunnels - -.SH SYNOPSIS -.B /usr/sbin/iptunnel -.RB [< operation >] -.RB [< args >] - -.SH NOTE -.P -This program is obsolete. For replacement check \fBip tunnel\fR. - -.SH DESCRIPTION -The \fBiptunnel\fR -command creates configured tunnels for sending and receiving -IPV6 or IPV4 packets that are encapsulated as the payload of an IPV4 -datagram. - -The -.B iptunnel -command can perform one of the following operations: - -.B create -- create a tunnel interface, which you must subsequently configure. - -.B delete -- delete a tunnel interface. You must disable the tunnel before you can delete it. - -.B show -- show the tunnel attributes (name, tunnel end points, next hop for tunneled packets). - -.SH SEE ALSO -.BR ip (8). diff --git a/net-tools/mii-diag.c b/net-tools/mii-diag.c index 17d8bef..69ebd0b 100644 --- a/net-tools/mii-diag.c +++ b/net-tools/mii-diag.c @@ -35,9 +35,9 @@ static char version[] = " http://www.scyld.com/diag/index.html%5Cn";
static const char usage_msg[] = -"Usage: %s [--help] [-aDfrRvVw] [-AF <speed+duplex>] [--watch] <interface>.\n"; +"Usage: %s [--help] [-aDfrRvVw] [-AF <speed+duplex>] [--watch] <interface>\n"; static const char long_usage_msg[] = -"Usage: %s [-aDfrRvVw] [-AF <speed+duplex>] [--watch] <interface>.\n\ +"Usage: %s [-aDfrRvVw] [-AF <speed+duplex>] [--watch] <interface>\n\ \n\ This program configures and monitors the transceiver management registers\n\ for network interfaces. It uses the Media Independent Interface (MII)\n\ @@ -50,7 +50,6 @@ static const char long_usage_msg[] = The common usage is\n\ mii-diag eth0\n\ \n\ - The default interface is "eth0".\n\ Frequently used options are\n\ -A --advertise <speed|setting>\n\ -F --fixed-speed <speed>\n\ @@ -210,7 +209,7 @@ main(int argc, char **argv) }
if (verbose || opt_version) - printf(version); + printf("%s", version);
/* Open a basic socket. */ if ((skfd = socket(AF_INET, SOCK_DGRAM,0)) < 0) { @@ -222,10 +221,12 @@ main(int argc, char **argv) fprintf(stderr, "DEBUG: argc=%d, optind=%d and argv[optind] is %s.\n", argc, optind, argv[optind]);
- /* No remaining args means show all interfaces. */ + /* No remaining args means interface wasn't specified. */ if (optind == argc) { - ifname = "eth0"; - fprintf(stderr, "Using the default interface 'eth0'.\n"); + fprintf(stderr, "No interface specified.\n"); + fprintf(stderr, usage_msg, progname); + (void) close(skfd); + return 2; } else { /* Copy the interface name. */ spp = argv + optind; @@ -233,8 +234,9 @@ main(int argc, char **argv) }
if (ifname == NULL) { - ifname = "eth0"; - fprintf(stderr, "Using the default interface 'eth0'.\n"); + fprintf(stderr, "No ifname.\n"); + (void) close(skfd); + return -1; }
/* Verify that the interface supports the ioctl(), and if @@ -244,6 +246,7 @@ main(int argc, char **argv) u16 *data = (u16 *)(&ifr.ifr_data);
strncpy(ifr.ifr_name, ifname, IFNAMSIZ); + ifr.ifr_name[IFNAMSIZ-1] = '\0'; data[0] = 0;
if (ioctl(skfd, 0x8947, &ifr) >= 0) { @@ -538,7 +541,7 @@ int show_basic_mii(long ioaddr, int phy_id) bmcr & 0x0100 ? "full":"half"); for (i = 0; i < 9; i++) if (bmcr & (0x0080<<i)) - printf(bmcr_bits[i]); + printf("%s", bmcr_bits[i]);
new_bmsr = mdio_read(ioaddr, phy_id, 1); if ((bmsr & 0x0016) == 0x0004) diff --git a/net-tools/net-tools.nm b/net-tools/net-tools.nm index 1ae43ff..fa61d05 100644 --- a/net-tools/net-tools.nm +++ b/net-tools/net-tools.nm @@ -4,8 +4,9 @@ ###############################################################################
name = net-tools -version = 1.60 -release = 3 +version = 2.0 +git_rev = e5f1be13 +release = 1.%{git_rev}
groups = System/Base url = http://net-tools.berlios.de/ @@ -18,89 +19,7 @@ description end
source_dl = -sources = %{thisapp}.tar.bz2 - -# Manual list patches because they need to be applied in speical order -patches = net-tools-1.57-bug22040.patch -patches += %{thisapp}-miiioctl.patch -patches += %{thisapp}-virtualname.patch -patches += %{thisapp}-cycle.patch -patches += %{thisapp}-nameif.patch -patches += %{thisapp}-ipx.patch -patches += %{thisapp}-inet6-lookup.patch -patches += %{thisapp}-man.patch -patches += %{thisapp}-gcc33.patch -patches += %{thisapp}-trailingblank.patch -patches += %{thisapp}-interface.patch -patches += %{thisapp}-gcc34.patch -patches += %{thisapp}-overflow.patch -patches += %{thisapp}-siunits.patch -patches += %{thisapp}-trunc.patch -patches += %{thisapp}-return.patch -patches += %{thisapp}-parse.patch -patches += %{thisapp}-netmask.patch -patches += %{thisapp}-ulong.patch -patches += %{thisapp}-bcast.patch -patches += %{thisapp}-mii-tool-obsolete.patch -patches += %{thisapp}-netstat_ulong.patch -patches += %{thisapp}-note.patch -patches += %{thisapp}-num-ports.patch -patches += %{thisapp}-duplicate-tcp.patch -patches += %{thisapp}-statalias.patch -patches += %{thisapp}-isofix.patch -patches += %{thisapp}-ifconfig_ib.patch -patches += %{thisapp}-de.patch -patches += %{thisapp}-pie.patch -patches += %{thisapp}-ifaceopt.patch -patches += %{thisapp}-trim_iface.patch -patches += %{thisapp}-stdo.patch -patches += %{thisapp}-statistics.patch -patches += %{thisapp}-ifconfig.patch -patches += %{thisapp}-arp_overflow.patch -patches += %{thisapp}-hostname_man.patch -patches += %{thisapp}-interface_stack.patch -patches += %{thisapp}-selinux.patch -patches += %{thisapp}-netstat_stop_trim.patch -patches += %{thisapp}-netstat_inode.patch -patches += %{thisapp}-fgets.patch -patches += %{thisapp}-ifconfig_man.patch -patches += %{thisapp}-x25-proc.patch -patches += %{thisapp}-sctp.patch -patches += %{thisapp}-arp_man.patch -patches += %{thisapp}-ifconfig-long-iface-crasher.patch -patches += %{thisapp}-netdevice.patch -patches += %{thisapp}-skip.patch -patches += %{thisapp}-netstat-I-fix.patch -patches += %{thisapp}-nameif_strncpy.patch -patches += %{thisapp}-arp-unaligned-access.patch -patches += %{thisapp}-sctp-quiet.patch -patches += %{thisapp}-remove_node.patch -patches += %{thisapp}-netstat-interfaces-crash.patch -patches += %{thisapp}-ec_hw_null.patch -patches += %{thisapp}-statistics_buffer.patch -patches += %{thisapp}-sctp-addrs.patch -patches += %{thisapp}-i-option.patch -patches += %{thisapp}-a-option.patch -patches += %{thisapp}-clear-flag.patch -patches += %{thisapp}-metric-tunnel-man.patch -patches += %{thisapp}-netstat-probe.patch -patches += %{thisapp}-scanf-format.patch -patches += %{thisapp}-avoid-name-resolution.patch -patches += %{thisapp}-continous-flush-stdout.patch -patches += %{thisapp}-debug-fix.patch -patches += %{thisapp}-ib-warning.patch -patches += %{thisapp}-man-obsolete.patch -patches += %{thisapp}-man-RHEL-bugs.patch -patches += %{thisapp}-masqinfo-raw-ip.patch -patches += %{thisapp}-makefile-berlios.patch -patches += %{thisapp}-slattach-fchown.patch -patches += %{thisapp}-hostname-short.patch -patches += %{thisapp}-mii-refactor.patch -patches += %{thisapp}-IA64.patch -patches += %{thisapp}-large-indexes.patch -patches += %{thisapp}-statistics-doubleword.patch -patches += %{thisapp}-mii-gigabit.patch -patches += %{thisapp}-netstat-leak.patch +sources = %{thisapp}-%{git_rev}.tar.xz
build requires @@ -114,10 +33,10 @@ build cp %{DIR_SOURCE}/config.make %{DIR_APP}
# Copy additional man pages + mkdir -pv %{DIR_APP}/man/en_US cp %{DIR_SOURCE}/*.8 %{DIR_APP}/man/en_US
- # Copy source for ether-wake and mii-diag - cp %{DIR_SOURCE}/ether-wake.c %{DIR_APP} + # Copy source for mii-diag cp %{DIR_SOURCE}/mii-diag.c %{DIR_APP} end
@@ -128,11 +47,8 @@ build PARALLELISMFLAGS =
build_cmds - # Compile ether-wake - gcc %{CFLAGS} -o ether-wake ether-wake.c - # Compile mii-diag - gcc %{CFLAGS} -o mii-diag mii-diag.c + make mii-diag end
install @@ -140,16 +56,21 @@ build mv man/fr_FR man/fr mv man/pt_BR man/pt
- make BASEDIR=%{BUILDROOT} mandir=/usr/share/man install + make BASEDIR=%{BUILDROOT} BINDIR=%{bindir} \ + SBINDIR=%{sbindir} mandir=%{mandir} install
- # Install ether-wake and mii-diag - install -m 755 %{DIR_APP}/ether-wake %{BUILDROOT}/sbin - install -m 755 %{DIR_APP}/mii-diag %{BUILDROOT}/sbin + # Install mii-diag + install -m 755 %{DIR_APP}/mii-diag %{BUILDROOT}%{sbindir}
# Remove tools we do not want rm -rvf \ - %{BUILDROOT}/sbin/{arp,ifconfig,ip,nameif,plipconfig,rarp,route,slattach}* \ - %{BUILDROOT}/usr/share/man/{,*}/man*/{arp,ifconfig,ip,nameif,plipconfig,rarp,route,slattach}* + %{BUILDROOT}%{prefix}/{,*}/{arp,ifconfig,ip,nameif,plipconfig,rarp,route,slattach}* \ + %{BUILDROOT}%{mandir}/{,*}/man*/{arp,ifconfig,ip,nameif,plipconfig,rarp,route,slattach}* + + # Remove hostname (has its own package) + rm -rvf \ + %{BUILDROOT}%{bindir}/{dnsdomainname,domainname,hostname,nisdomainname,ypdomainname}* \ + %{BUILDROOT}%{mandir}/{,*}/man*/{dnsdomainname,domainname,hostname,nisdomainname,ypdomainname}* end end
diff --git a/net-tools/patches/001-net-tools-cycle.patch b/net-tools/patches/001-net-tools-cycle.patch new file mode 100644 index 0000000..7d58dbb --- /dev/null +++ b/net-tools/patches/001-net-tools-cycle.patch @@ -0,0 +1,375 @@ +diff -up net-tools-2.0/lib/interface.c.cycle net-tools-2.0/lib/interface.c +--- net-tools-2.0/lib/interface.c.cycle 2014-11-11 14:38:03.000000000 +0100 ++++ net-tools-2.0/lib/interface.c 2014-11-24 14:45:46.128480980 +0100 +@@ -93,6 +93,7 @@ int if_list_all = 0; /* do we have reque + static struct interface *int_list, *int_last; + + static int if_readlist_proc(const char *); ++static int if_readlist_rep(const char *, struct interface *); + + static struct interface *if_cache_add(const char *name) + { +@@ -138,11 +139,14 @@ struct interface *lookup_interface(const + int for_all_interfaces(int (*doit) (struct interface *, void *), void *cookie) + { + struct interface *ife; ++ int err; + + if (!if_list_all && (if_readlist() < 0)) + return -1; + for (ife = int_list; ife; ife = ife->next) { +- int err = doit(ife, cookie); ++ if_readlist_rep(ife->name, ife); ++ err = doit(ife, cookie); ++ + if (err) + return err; + } +@@ -379,6 +383,41 @@ static int if_readlist_proc(const char * + fclose(fh); + return err; + } ++ ++static int if_readlist_rep(const char *target, struct interface *ife) ++{ ++ FILE *fh; ++ char buf[512]; ++ int err; ++ ++ fh = fopen(_PATH_PROCNET_DEV, "r"); ++ if (!fh) { ++ fprintf(stderr, _("Warning: cannot open %s (%s). Limited output.\n"), ++ _PATH_PROCNET_DEV, strerror(errno)); ++ return if_readconf(); ++ } ++ fgets(buf, sizeof buf, fh); /* eat line */ ++ fgets(buf, sizeof buf, fh); ++ ++ procnetdev_vsn = procnetdev_version(buf); ++ ++ err = 0; ++ while (fgets(buf, sizeof buf, fh)) { ++ char *s, name[IFNAMSIZ]; ++ s = get_name(name, buf); ++ get_dev_fields(s, ife); ++ ife->statistics_valid = 1; ++ if (target && !strcmp(target,name)) ++ break; ++ } ++ if (ferror(fh)) { ++ perror(_PATH_PROCNET_DEV); ++ err = -1; ++ } ++ ++ fclose(fh); ++ return err; ++} + + int if_readlist(void) + { +diff -up net-tools-2.0/man/en_US/netstat.8.cycle net-tools-2.0/man/en_US/netstat.8 +--- net-tools-2.0/man/en_US/netstat.8.cycle 2014-11-11 14:38:03.000000000 +0100 ++++ net-tools-2.0/man/en_US/netstat.8 2014-11-24 14:47:36.140944944 +0100 +@@ -36,6 +36,7 @@ netstat - Print network connections, ro + .RB [ --verbose | -v ] + .RB [ --continuous | -c] + .RB [ --wide | -W ] ++.RB [delay] + .P + .B netstat + .RB { --route | -r } +@@ -45,6 +46,7 @@ netstat - Print network connections, ro + .RB [ --numeric | -n ] + .RB [ --numeric-hosts "] [" --numeric-ports "] [" --numeric-users ] + .RB [ --continuous | -c ] ++.RB [delay] + .P + .B netstat + .RB { --interfaces | -i } +@@ -55,12 +57,14 @@ netstat - Print network connections, ro + .RB [ --numeric | -n ] + .RB [ --numeric-hosts "] [" --numeric-ports "] [" --numeric-users ] + .RB [ --continuous | -c ] ++.RB [delay] + .P + .B netstat + .RB { --groups | -g } + .RB [ --numeric | -n ] + .RB [ --numeric-hosts "] [" --numeric-ports "] [" --numeric-users ] + .RB [ --continuous | -c ] ++.RB [delay] + .P + .B netstat + .RB { --masquerade | -M } +@@ -68,6 +72,7 @@ netstat - Print network connections, ro + .RB [ --numeric | -n ] + .RB [ --numeric-hosts "] [" --numeric-ports "] [" --numeric-users ] + .RB [ --continuous | -c ] ++.RB [delay] + .P + .B netstat + .RB { --statistics | -s } +@@ -76,6 +81,7 @@ netstat - Print network connections, ro + .RB [ --udplite | -U ] + .RB [ --sctp | -S ] + .RB [ --raw | -w ] ++.RB [delay] + .P + .B netstat + .RB { --version | -V } +@@ -208,6 +214,10 @@ option, show interfaces that are not up + Print routing information from the FIB. (This is the default.) + .SS "-C" + Print routing information from the route cache. ++.SS delay ++Netstat will cycle printing through statistics every ++.B delay ++seconds. + .P + .SH OUTPUT + .P +diff -up net-tools-2.0/netstat.c.cycle net-tools-2.0/netstat.c +--- net-tools-2.0/netstat.c.cycle 2014-11-11 14:38:03.000000000 +0100 ++++ net-tools-2.0/netstat.c 2014-11-24 14:44:24.948614445 +0100 +@@ -115,9 +115,9 @@ + #endif + + /* prototypes for statistics.c */ +-void parsesnmp(int, int, int); ++int parsesnmp(int, int, int); + void inittab(void); +-void parsesnmp6(int, int, int); ++int parsesnmp6(int, int, int); + void inittab6(void); + + typedef enum { +@@ -342,10 +342,10 @@ static void prg_cache_clear(void) + prg_cache_loaded = 0; + } + +-static void wait_continous(void) ++static void wait_continous(int reptimer) + { + fflush(stdout); +- sleep(1); ++ sleep(reptimer); + } + + static int extract_type_1_socket_inode(const char lname[], unsigned long * inode_p) { +@@ -1787,6 +1787,8 @@ static int rfcomm_info(void) + + static int iface_info(void) + { ++ static int count=0; ++ + if (skfd < 0) { + if ((skfd = sockets_open(0)) < 0) { + perror("socket"); +@@ -1796,20 +1798,21 @@ static int iface_info(void) + } + if (flag_exp < 2) { + ife_short = 1; +- printf(_("Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg\n")); ++ if(!(count % 8)) ++ printf(_("Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg\n")); + } + + if (for_all_interfaces(do_if_print, &flag_all) < 0) { + perror(_("missing interface information")); + exit(1); + } +- if (flag_cnt) ++ if (!flag_cnt) { + if_cache_free(); +- else { + close(skfd); + skfd = -1; + } + ++ count++; + return 0; + } + +@@ -1825,7 +1828,7 @@ static void usage(void) + { + fprintf(stderr, _("usage: netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}\n")); + fprintf(stderr, _(" netstat [-vWnNcaeol] [<Socket> ...]\n")); +- fprintf(stderr, _(" netstat { [-vWeenNac] -i | [-cnNe] -M | -s [-6tuw] }\n\n")); ++ fprintf(stderr, _(" netstat { [-vWeenNac] -i | [-cnNe] -M | -s [-6tuw] } [delay]\n\n")); + + fprintf(stderr, _(" -r, --route display routing table\n")); + fprintf(stderr, _(" -i, --interfaces display interface table\n")); +@@ -1867,6 +1870,7 @@ int main + (int argc, char *argv[]) { + int i; + int lop; ++ int reptimer = 1; + static struct option longopts[] = + { + AFTRANS_OPTS, +@@ -2049,6 +2053,12 @@ int main + flag_sta++; + } + ++ if(argc == optind + 1) { ++ if((reptimer = atoi(argv[optind])) <= 0) ++ usage(); ++ flag_cnt++; ++ } ++ + if (flag_int + flag_rou + flag_mas + flag_sta > 1) + usage(); + +@@ -2078,7 +2088,7 @@ int main + flag_not & FLAG_NUM_PORT, flag_exp); + if (i || !flag_cnt) + break; +- wait_continous(); ++ wait_continous(reptimer); + } + #else + ENOSUPP("netstat", "FW_MASQUERADE"); +@@ -2091,17 +2101,18 @@ int main + if (!afname[0]) + safe_strncpy(afname, DFLT_AF, sizeof(afname)); + ++ for (;;) { + if (!strcmp(afname, "inet")) { + #if HAVE_AFINET + inittab(); +- parsesnmp(flag_raw, flag_tcp, flag_udp); ++ i = parsesnmp(flag_raw, flag_tcp, flag_udp); + #else + ENOSUPP("netstat", "AF INET"); + #endif + } else if(!strcmp(afname, "inet6")) { + #if HAVE_AFINET6 + inittab6(); +- parsesnmp6(flag_raw, flag_tcp, flag_udp); ++ i = parsesnmp6(flag_raw, flag_tcp, flag_udp); + #else + ENOSUPP("netstat", "AF INET6"); + #endif +@@ -2109,7 +2120,11 @@ int main + printf(_("netstat: No statistics support for specified address family: %s\n"), afname); + exit(1); + } +- exit(0); ++ if(i || !flag_cnt) ++ break; ++ sleep(reptimer); ++ } ++ return (i); + } + + if (flag_rou) { +@@ -2131,7 +2146,7 @@ int main + i = route_info(afname, options); + if (i || !flag_cnt) + break; +- wait_continous(); ++ wait_continous(reptimer); + } + return (i); + } +@@ -2140,7 +2155,7 @@ int main + i = iface_info(); + if (!flag_cnt || i) + break; +- wait_continous(); ++ wait_continous(reptimer); + } + return (i); + } +@@ -2327,7 +2342,7 @@ int main + + if (!flag_cnt || i) + break; +- wait_continous(); ++ wait_continous(reptimer); + prg_cache_clear(); + } + return (i); +diff -up net-tools-2.0/statistics.c.cycle net-tools-2.0/statistics.c +--- net-tools-2.0/statistics.c.cycle 2014-11-11 14:38:03.000000000 +0100 ++++ net-tools-2.0/statistics.c 2014-11-24 14:44:24.949614431 +0100 +@@ -502,7 +502,7 @@ void process6_fd(FILE *f) + + } + +-void parsesnmp(int flag_raw, int flag_tcp, int flag_udp) ++int parsesnmp(int flag_raw, int flag_tcp, int flag_udp) + { + FILE *f; + +@@ -511,14 +511,17 @@ void parsesnmp(int flag_raw, int flag_tc + f = proc_fopen("/proc/net/snmp"); + if (!f) { + perror(_("cannot open /proc/net/snmp")); +- return; ++ return(1); + } + + if (process_fd(f, 1, NULL) < 0) + fprintf(stderr, _("Problem while parsing /proc/net/snmp\n")); + +- if (ferror(f)) ++ if (ferror(f)) { + perror("/proc/net/snmp"); ++ fclose(f); ++ return(1); ++ } + + fclose(f); + +@@ -528,15 +531,18 @@ void parsesnmp(int flag_raw, int flag_tc + if (process_fd(f, 1, NULL) <0) + fprintf(stderr, _("Problem while parsing /proc/net/netstat\n")); + +- if (ferror(f)) +- perror("/proc/net/netstat"); ++ if (ferror(f)) { ++ perror("/proc/net/netstat"); ++ fclose(f); ++ return(1); ++ } + + fclose(f); + } +- return; ++ return(0); + } + +-void parsesnmp6(int flag_raw, int flag_tcp, int flag_udp) ++int parsesnmp6(int flag_raw, int flag_tcp, int flag_udp) + { + FILE *f; + +@@ -545,7 +551,7 @@ void parsesnmp6(int flag_raw, int flag_t + f = fopen("/proc/net/snmp6", "r"); + if (!f) { + perror(_("cannot open /proc/net/snmp6")); +- return; ++ return(1); + } + process6_fd(f); + if (ferror(f)) +@@ -555,13 +561,16 @@ void parsesnmp6(int flag_raw, int flag_t + f = fopen("/proc/net/snmp", "r"); + if (!f) { + perror(_("cannot open /proc/net/snmp")); +- return; ++ return(1); + } + process_fd(f, 0, "Tcp"); +- if (ferror(f)) ++ if (ferror(f)) { + perror("/proc/net/snmp"); ++ return(1); ++ } + + fclose(f); ++ return(0); + } + + void inittab(void) diff --git a/net-tools/patches/002-net-tools-ipx.patch b/net-tools/patches/002-net-tools-ipx.patch new file mode 100644 index 0000000..ec78145 --- /dev/null +++ b/net-tools/patches/002-net-tools-ipx.patch @@ -0,0 +1,31 @@ +diff -up net-tools-2.0/lib/ipx_gr.c.ipx net-tools-2.0/lib/ipx_gr.c +--- net-tools-2.0/lib/ipx_gr.c.ipx 2013-09-10 12:33:52.494047907 +0200 ++++ net-tools-2.0/lib/ipx_gr.c 2013-09-10 12:34:28.531561603 +0200 +@@ -72,7 +72,7 @@ int IPX_rprint(int options) + continue; + + /* Fetch and resolve the Destination */ +- (void) ap->input(5, net, &sa); ++ (void) ap->input(1, net, &sa); + safe_strncpy(net, ap->sprint(&sa, numeric), sizeof(net)); + + /* Fetch and resolve the Router Net */ +diff -up net-tools-2.0/netstat.c.ipx net-tools-2.0/netstat.c +--- net-tools-2.0/netstat.c.ipx 2013-09-10 12:33:52.491047948 +0200 ++++ net-tools-2.0/netstat.c 2013-09-10 12:33:52.495047894 +0200 +@@ -1643,13 +1643,13 @@ static int ipx_info(void) + } + + /* Fetch and resolve the Source */ +- (void) ap->input(4, sad, &sa); ++ (void) ap->input(0, sad, &sa); + safe_strncpy(buf, ap->sprint(&sa, flag_not & FLAG_NUM_HOST), sizeof(buf)); + snprintf(sad, sizeof(sad), "%s:%04X", buf, sport); + + if (!nc) { + /* Fetch and resolve the Destination */ +- (void) ap->input(4, dad, &sa); ++ (void) ap->input(0, dad, &sa); + safe_strncpy(buf, ap->sprint(&sa, flag_not & FLAG_NUM_HOST), sizeof(buf)); + snprintf(dad, sizeof(dad), "%s:%04X", buf, dport); + } else diff --git a/net-tools/patches/003-net-tools-man.patch b/net-tools/patches/003-net-tools-man.patch new file mode 100644 index 0000000..1a33a1e --- /dev/null +++ b/net-tools/patches/003-net-tools-man.patch @@ -0,0 +1,149 @@ +diff -up net-tools-2.0/man/en_US/arp.8.man net-tools-2.0/man/en_US/arp.8 +--- net-tools-2.0/man/en_US/arp.8.man 2014-04-26 02:45:16.000000000 +0200 ++++ net-tools-2.0/man/en_US/arp.8 2014-07-07 14:51:31.378459439 +0200 +@@ -63,6 +63,10 @@ arp - manipulate the system ARP cache + .B -f + .RI [ filename ] + ++.SH NOTE ++.P ++This program is obsolete. For replacement check \fBip neigh\fR. ++ + .SH DESCRIPTION + .B Arp + manipulates or displays the kernel's IPv4 network neighbour cache. It can add +@@ -219,6 +223,6 @@ published proxy ARP entries and permanen + .br + .I /etc/ethers + .SH SEE ALSO +-rarp(8), route(8), ifconfig(8), netstat(8) ++.BR ip(8) + .SH AUTHORS + Fred N. van Kempen waltje@uwalt.nl.mugnet.org, Bernd Eckenfels <net-tools@lina.inka.de>. +diff -up net-tools-2.0/man/en_US/ethers.5.man net-tools-2.0/man/en_US/ethers.5 +--- net-tools-2.0/man/en_US/ethers.5.man 2014-04-26 02:45:16.000000000 +0200 ++++ net-tools-2.0/man/en_US/ethers.5 2014-07-07 14:51:31.378459439 +0200 +@@ -26,6 +26,3 @@ can be resolved by DNS or a dot separate + .SH FILES "{{{ + /etc/ethers + ."}}} +-.SH "SEE ALSO" "{{{ +-rarp(8) +-."}}} +diff -up net-tools-2.0/man/en_US/ifconfig.8.man net-tools-2.0/man/en_US/ifconfig.8 +--- net-tools-2.0/man/en_US/ifconfig.8.man 2014-04-26 02:45:16.000000000 +0200 ++++ net-tools-2.0/man/en_US/ifconfig.8 2014-07-07 14:51:31.379459422 +0200 +@@ -5,6 +5,13 @@ ifconfig - configure a network interfac + .B "ifconfig [-v] [-a] [-s] [interface]" + .br + .B "ifconfig [-v] interface [aftype] options | address ..." ++ ++.SH NOTE ++.P ++This program is obsolete! ++For replacement check \fBip addr\fR and \fBip link\fR. ++For statistics use \fBip -s link\fR. ++ + .SH DESCRIPTION + .B Ifconfig + is used to configure the kernel-resident network interfaces. It is +@@ -222,7 +229,8 @@ package to display link layer informatio + While appletalk DDP and IPX addresses will be displayed they cannot be + altered by this command. + .SH SEE ALSO +-route(8), netstat(8), arp(8), rarp(8), iptables(8), ifup(8), interfaces(5). ++.BR ip(8), ++.BR iptables(8) + .br + http://physics.nist.gov/cuu/Units/binary.html - Prefixes for binary multiples + .SH AUTHORS +diff -up net-tools-2.0/man/en_US/mii-tool.8.man net-tools-2.0/man/en_US/mii-tool.8 +--- net-tools-2.0/man/en_US/mii-tool.8.man 2014-04-26 02:45:16.000000000 +0200 ++++ net-tools-2.0/man/en_US/mii-tool.8 2014-07-07 14:51:31.379459422 +0200 +@@ -18,6 +18,10 @@ mii-tool - view, manipulate media-inde + [\fB-p\fR, \fB--phy=\fIaddr\fR] + .RI "interface\ ..." + ++.SH NOTE ++.P ++This program is obsolete. For replacement check \fBethtool\fB. ++ + .SH DESCRIPTION + This utility checks or sets the status of a network interface's Media + Independent Interface (MII) unit. Most fast ethernet adapters use an +@@ -93,6 +97,9 @@ SIOCGMIIPHY on 'eth?' failed: Operation + The interface in question does not support MII queries. Most likely, it does not have + MII transceivers, at all. + ++.SH SEE ALSO ++ethtool(8) ++ + .SH AUTHORS + David Hinds - dhinds@pcmcia.sourceforge.org + .br +diff -up net-tools-2.0/man/en_US/nameif.8.man net-tools-2.0/man/en_US/nameif.8 +--- net-tools-2.0/man/en_US/nameif.8.man 2014-04-26 02:45:16.000000000 +0200 ++++ net-tools-2.0/man/en_US/nameif.8 2014-07-07 14:51:31.379459422 +0200 +@@ -5,6 +5,12 @@ nameif - name network interfaces based + .B "nameif [-c configfile] [-s]" + .br + .B "nameif [-c configfile] [-s] {interface macaddress}" ++ ++.SH NOTE ++.P ++This program is obsolete. For replacement check \fBip link\fR. ++This functionality is also much better provided by udev methods. ++ + .SH DESCRIPTION + .B nameif + renames network interfaces based on mac addresses. When no arguments are +@@ -31,5 +37,10 @@ should be run before the interface is up + + .SH FILES + /etc/mactab ++ ++.SH SEE ALSO ++.BR ip(8), ++.BR udev(7) ++ + .SH BUGS + Only works for Ethernet currently. +diff -up net-tools-2.0/man/en_US/netstat.8.man net-tools-2.0/man/en_US/netstat.8 +--- net-tools-2.0/man/en_US/netstat.8.man 2014-07-07 14:51:31.370459575 +0200 ++++ net-tools-2.0/man/en_US/netstat.8 2014-07-07 14:51:31.380459405 +0200 +@@ -198,7 +198,8 @@ Show the PID and name of the program to + .SS "-l, --listening" + Show only listening sockets. (These are omitted by default.) + .SS "-a, --all" +-Show both listening and non-listening sockets. With the ++Show both listening and non-listening (for TCP this means established ++connections) sockets. With the + .B --interfaces + option, show interfaces that are not up + .SS "-F" +diff -up net-tools-2.0/man/en_US/route.8.man net-tools-2.0/man/en_US/route.8 +--- net-tools-2.0/man/en_US/route.8.man 2014-04-26 02:45:16.000000000 +0200 ++++ net-tools-2.0/man/en_US/route.8 2014-07-07 14:52:58.766977905 +0200 +@@ -57,6 +57,11 @@ family + .RB [ --version ] + .RB [ -h ] + .RB [ --help ] ++ ++.SH NOTE ++.P ++This program is obsolete. For replacement check \fBip route\fR. ++ + .SH DESCRIPTION + .B Route + manipulates the kernel's IP routing tables. Its primary use is to set +@@ -330,10 +335,6 @@ Whether or not the hardware address for + .I /proc/net/rt_cache + .LP + .SH "SEE ALSO" +-.IR ifconfig (8), +-.IR netstat (8), +-.IR arp (8), +-.IR rarp (8), + .IR ip (8) + .LP + .SH HISTORY diff --git a/net-tools/patches/004-net-tools-interface.patch b/net-tools/patches/004-net-tools-interface.patch new file mode 100644 index 0000000..abbc0ba --- /dev/null +++ b/net-tools/patches/004-net-tools-interface.patch @@ -0,0 +1,102 @@ +diff -up net-tools-2.0/man/en_US/netstat.8.interface net-tools-2.0/man/en_US/netstat.8 +--- net-tools-2.0/man/en_US/netstat.8.interface 2014-11-24 14:52:45.648623478 +0100 ++++ net-tools-2.0/man/en_US/netstat.8 2014-11-24 14:53:32.294972184 +0100 +@@ -49,9 +49,9 @@ netstat - Print network connections, ro + .RB [delay] + .P + .B netstat +-.RB { --interfaces | -i } ++.RB { --interfaces | -I | -i } + .RB [ --all | -a ] +-.RB [ --extend | -e [ --extend | -e] ] ++.RB [ --extend | -e ] + .RB [ --verbose | -v ] + .RB [ --program | -p ] + .RB [ --numeric | -n ] +@@ -134,8 +134,8 @@ and + produce the same output. + .SS "--groups, -g" + Display multicast group membership information for IPv4 and IPv6. +-.SS "--interfaces, -i" +-Display a table of all network interfaces. ++.SS "--interfaces=\fIiface \fR, \fB-I=\fIiface \fR, \fB-i" ++Display a table of all network interfaces, or the specified \fIiface\fR. + .SS "--masquerade, -M" + Display a list of masqueraded connections. + .SS "--statistics, -s" +diff -up net-tools-2.0/netstat.c.interface net-tools-2.0/netstat.c +--- net-tools-2.0/netstat.c.interface 2014-11-24 14:52:45.644623534 +0100 ++++ net-tools-2.0/netstat.c 2014-11-24 14:52:45.652623422 +0100 +@@ -144,6 +144,7 @@ static char *Release = RELEASE, *Signatu + #define E_IOCTL -3 + + int flag_int = 0; ++char *flag_int_name = NULL; + int flag_rou = 0; + int flag_mas = 0; + int flag_sta = 0; +@@ -1788,6 +1789,7 @@ static int rfcomm_info(void) + static int iface_info(void) + { + static int count=0; ++ struct interface *ife = NULL; + + if (skfd < 0) { + if ((skfd = sockets_open(0)) < 0) { +@@ -1802,7 +1804,11 @@ static int iface_info(void) + printf(_("Iface MTU RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg\n")); + } + +- if (for_all_interfaces(do_if_print, &flag_all) < 0) { ++ if (flag_int_name) { ++ ife = lookup_interface(flag_int_name); ++ do_if_print(ife, &flag_all); ++ } ++ else if (for_all_interfaces(do_if_print, &flag_all) < 0) { + perror(_("missing interface information")); + exit(1); + } +@@ -1828,9 +1834,10 @@ static void usage(void) + { + fprintf(stderr, _("usage: netstat [-vWeenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}\n")); + fprintf(stderr, _(" netstat [-vWnNcaeol] [<Socket> ...]\n")); +- fprintf(stderr, _(" netstat { [-vWeenNac] -i | [-cnNe] -M | -s [-6tuw] } [delay]\n\n")); ++ fprintf(stderr, _(" netstat { [-vWeenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s [-6tuw] } [delay]\n\n")); + + fprintf(stderr, _(" -r, --route display routing table\n")); ++ fprintf(stderr, _(" -I, --interfaces=<Iface> display interface table for <Iface>\n")); + fprintf(stderr, _(" -i, --interfaces display interface table\n")); + fprintf(stderr, _(" -g, --groups display multicast group memberships\n")); + fprintf(stderr, _(" -s, --statistics display networking statistics (like SNMP)\n")); +@@ -1875,7 +1882,7 @@ int main + { + AFTRANS_OPTS, + {"version", 0, 0, 'V'}, +- {"interfaces", 0, 0, 'i'}, ++ {"interfaces", 2, 0, 'I'}, + {"help", 0, 0, 'h'}, + {"route", 0, 0, 'r'}, + #if HAVE_FW_MASQUERADE +@@ -1919,7 +1926,7 @@ int main + getroute_init(); /* Set up AF routing support */ + + afname[0] = '\0'; +- while ((i = getopt_long(argc, argv, "A:CFMacdeghilnNoprsStuUvVWw2fx64?Z", longopts, &lop)) != EOF) ++ while ((i = getopt_long(argc, argv, "A:CFMacdeghiI::lnNoprsStuUvVWw2fx64?Z", longopts, &lop)) != EOF) + switch (i) { + case -1: + break; +@@ -1960,6 +1967,13 @@ int main + case 'p': + flag_prg++; + break; ++ case 'I': ++ if (optarg && strcmp(optarg, "(null)")) ++ if (optarg[0] == '=') optarg++; ++ if (optarg && strcmp(optarg, "(null)")) ++ flag_int_name = strdup(optarg); ++ flag_int++; ++ break; + case 'i': + flag_int++; + break; diff --git a/net-tools/patches/005-net-tools-duplicate-tcp.patch b/net-tools/patches/005-net-tools-duplicate-tcp.patch new file mode 100644 index 0000000..393d272 --- /dev/null +++ b/net-tools/patches/005-net-tools-duplicate-tcp.patch @@ -0,0 +1,146 @@ +diff -up net-tools-2.0/netstat.c.dup-tcp net-tools-2.0/netstat.c +--- net-tools-2.0/netstat.c.dup-tcp 2012-10-04 11:32:01.437729086 +0200 ++++ net-tools-2.0/netstat.c 2012-10-04 11:32:01.441729032 +0200 +@@ -502,6 +502,121 @@ static void prg_cache_load(void) + " will not be shown, you would have to be root to see it all.)\n")); + } + ++#define TCP_HASH_SIZE 1009 ++ ++static struct tcp_node { ++ struct tcp_node *next; ++ char *socket_pair; ++} *tcp_node_hash[TCP_HASH_SIZE]; ++ ++static unsigned int tcp_node_compute_string_hash(const char *p) ++{ ++ unsigned int h = *p; ++ ++ if (h) ++ for (p += 1; *p != '\0'; p++) ++ h = (h << 5) - h + *p; ++ ++ return h; ++} ++ ++#define TCP_NODE_HASH_STRING(x) \ ++ (tcp_node_compute_string_hash(x) % TCP_HASH_SIZE) ++ ++static void tcp_node_hash_clear(void) ++{ ++ int i; ++ struct tcp_node *next_node; ++ struct tcp_node *tmp_node; ++ for (i=0; i < TCP_HASH_SIZE; i++) { ++ if (tcp_node_hash[i]) { ++ /* free the children of this hash bucket */ ++ next_node = tcp_node_hash[i]->next; ++ while (next_node) { ++ tmp_node = next_node; ++ next_node = next_node->next; ++ free(tmp_node->socket_pair); ++ free(tmp_node); ++ } ++ ++ /* free the bucket itself */ ++ free(tcp_node_hash[i]->socket_pair); ++ free(tcp_node_hash[i]); ++ tcp_node_hash[i] = NULL; ++ } ++ } ++} ++ ++/* This function takes a socket pair string. If it already exists in ++ the hash it returns -1, otherwise it returns 0. */ ++ ++static int tcp_node_hash_check_and_append(const char *local_addr, ++ int local_port, ++ const char *rem_addr, ++ int rem_port) ++{ ++ unsigned int hash_val; ++ struct tcp_node *tmp_node; ++ int tmp_string_len; ++ char *tmp_string;; ++ ++ /* Size of the string is the size of the two lengths of the address ++ strings plus enough sizes for the colons and the ports. */ ++ tmp_string_len = strlen(local_addr) + strlen(rem_addr) + 32; ++ tmp_string = malloc(tmp_string_len); ++ if (!tmp_string) ++ return 0; ++ ++ if (snprintf(tmp_string, tmp_string_len - 1, "%s:%d:%s:%d", ++ local_addr, local_port, rem_addr, rem_port) < 0) { ++ free(tmp_string); ++ return 0; ++ } ++ ++ hash_val = TCP_NODE_HASH_STRING(tmp_string); ++ ++ /* See if we have to allocate this node */ ++ if (!tcp_node_hash[hash_val]) { ++ tcp_node_hash[hash_val] = malloc(sizeof(struct tcp_node)); ++ if (!tcp_node_hash[hash_val]) { ++ free(tmp_string); ++ return 0; ++ } ++ ++ memset(tcp_node_hash[hash_val], 0, sizeof(struct tcp_node)); ++ ++ /* Stuff this new value into the hash bucket and return early */ ++ tcp_node_hash[hash_val]->socket_pair = tmp_string; ++ return 0; ++ } ++ ++ /* Try to find the value in the hash bucket. */ ++ tmp_node = tcp_node_hash[hash_val]; ++ while (tmp_node) { ++ if (!strcmp(tmp_node->socket_pair, tmp_string)) { ++ free(tmp_string); ++ return -1; ++ } ++ tmp_node = tmp_node->next; ++ } ++ ++ /* If we got this far it means that it isn't in the hash bucket. ++ Add it to the front since it's faster that way. */ ++ tmp_node = tcp_node_hash[hash_val]; ++ ++ tcp_node_hash[hash_val] = malloc(sizeof(struct tcp_node)); ++ if (!tcp_node_hash[hash_val]) { ++ free(tmp_string); ++ tcp_node_hash[hash_val] = tmp_node; ++ return 0; ++ } ++ ++ tcp_node_hash[hash_val]->socket_pair = tmp_string; ++ tcp_node_hash[hash_val]->next = tmp_node; ++ ++ return 0; ++} ++ + #if HAVE_AFNETROM + static const char *netrom_state[] = + { +@@ -1018,6 +1133,12 @@ static void tcp_do_one(int lnr, const ch + return; + } + ++ /* make sure that we haven't seen this socket pair before */ ++ if (tcp_node_hash_check_and_append(local_addr, local_port, rem_addr, rem_port) < 0) { ++ /* fprintf(stderr, _("warning, got duplicate tcp line.\n")); */ ++ return; ++ } ++ + addr_do_one(local_addr, sizeof(local_addr), 22, ap, &localaddr, local_port, "tcp"); + addr_do_one(rem_addr, sizeof(rem_addr), 22, ap, &remaddr, rem_port, "tcp"); + +@@ -2355,6 +2476,7 @@ int main + break; + wait_continous(reptimer); + prg_cache_clear(); ++ tcp_node_hash_clear(); + } + return (i); + } diff --git a/net-tools/patches/006-net-tools-statalias.patch b/net-tools/patches/006-net-tools-statalias.patch new file mode 100644 index 0000000..b544ff4 --- /dev/null +++ b/net-tools/patches/006-net-tools-statalias.patch @@ -0,0 +1,16 @@ +diff -up net-tools-2.0/lib/interface.c.statalias net-tools-2.0/lib/interface.c +--- net-tools-2.0/lib/interface.c.statalias 2012-10-04 11:33:05.490889090 +0200 ++++ net-tools-2.0/lib/interface.c 2012-10-04 11:33:05.513888785 +0200 +@@ -405,9 +405,11 @@ static int if_readlist_rep(char *target, + char *s, name[IFNAMSIZ]; + s = get_name(name, buf); + get_dev_fields(s, ife); +- ife->statistics_valid = 1; + if (target && !strcmp(target,name)) ++ { ++ ife->statistics_valid = 1; + break; ++ } + } + if (ferror(fh)) { + perror(_PATH_PROCNET_DEV); diff --git a/net-tools/patches/007-net-tools-interface_stack.patch b/net-tools/patches/007-net-tools-interface_stack.patch new file mode 100644 index 0000000..6a93e67 --- /dev/null +++ b/net-tools/patches/007-net-tools-interface_stack.patch @@ -0,0 +1,119 @@ +diff -up net-tools-2.0/include/interface.h.stack net-tools-2.0/include/interface.h +diff -up net-tools-2.0/lib/interface.c.stack net-tools-2.0/lib/interface.c +--- net-tools-2.0/lib/interface.c.stack 2014-11-24 14:54:32.293134466 +0100 ++++ net-tools-2.0/lib/interface.c 2014-11-24 15:07:58.434764441 +0100 +@@ -214,10 +214,11 @@ out: + return err; + } + +-static const char *get_name(char *name, const char *p) ++static const char *get_name(char **namep, const char *p) + { + while (isspace(*p)) + p++; ++ char *name = *namep = p; + while (*p) { + if (isspace(*p)) + break; +@@ -320,9 +321,10 @@ static int get_dev_fields(const char *bp + static int if_readlist_proc(const char *target) + { + FILE *fh; +- char buf[512]; + struct interface *ife; + int err; ++ char *line = NULL; ++ size_t linelen = 0; + + fh = fopen(_PATH_PROCNET_DEV, "r"); + if (!fh) { +@@ -330,10 +332,11 @@ static int if_readlist_proc(const char * + _PATH_PROCNET_DEV, strerror(errno)); + return -2; + } +- if (fgets(buf, sizeof buf, fh)) +- /* eat line */; +- if (fgets(buf, sizeof buf, fh)) +- /* eat line */; ++ if (getline(&line, &linelen, fh) == -1 /* eat line */ ++ || getline(&line, &linelen, fh) == -1) { /* eat line */ ++ err = -1; ++ goto out; ++ } + + #if 0 /* pretty, but can't cope with missing fields */ + fmt = proc_gen_fmt(_PATH_PROCNET_DEV, 1, fh, +@@ -358,14 +361,14 @@ static int if_readlist_proc(const char * + if (!fmt) + return -1; + #else +- procnetdev_vsn = procnetdev_version(buf); ++ procnetdev_vsn = procnetdev_version(line); + #endif + + err = 0; +- while (fgets(buf, sizeof buf, fh)) { ++ while (getline(&line, &linelen, fh) != -1) { + const char *s; +- char name[IFNAMSIZ]; +- s = get_name(name, buf); ++ char *name; ++ s = get_name(&name, line); + ife = if_cache_add(name); + get_dev_fields(s, ife); + ife->statistics_valid = 1; +@@ -380,6 +383,8 @@ static int if_readlist_proc(const char * + #if 0 + free(fmt); + #endif ++ out: ++ free(line); + fclose(fh); + return err; + } +@@ -387,24 +392,28 @@ static int if_readlist_proc(const char * + static int if_readlist_rep(const char *target, struct interface *ife) + { + FILE *fh; +- char buf[512]; + int err; ++ char *line = NULL; ++ size_t linelen = 0; + + fh = fopen(_PATH_PROCNET_DEV, "r"); + if (!fh) { + fprintf(stderr, _("Warning: cannot open %s (%s). Limited output.\n"), + _PATH_PROCNET_DEV, strerror(errno)); + return if_readconf(); +- } +- fgets(buf, sizeof buf, fh); /* eat line */ +- fgets(buf, sizeof buf, fh); ++ } ++ if (getline(&line, &linelen, fh) == -1 /* eat line */ ++ || getline(&line, &linelen, fh) == -1) { /* eat line */ ++ err = -1; ++ goto out; ++ } + +- procnetdev_vsn = procnetdev_version(buf); ++ procnetdev_vsn = procnetdev_version(line); + + err = 0; +- while (fgets(buf, sizeof buf, fh)) { +- char *s, name[IFNAMSIZ]; +- s = get_name(name, buf); ++ while (getline(&line, &linelen, fh) != -1) { ++ char *s, *name; ++ s = get_name(&name, line); + get_dev_fields(s, ife); + if (target && !strcmp(target,name)) + { +@@ -417,6 +426,8 @@ static int if_readlist_rep(const char *t + err = -1; + } + ++ out: ++ free(line); + fclose(fh); + return err; + } diff --git a/net-tools/patches/008-net-tools-sctp-statistics.patch b/net-tools/patches/008-net-tools-sctp-statistics.patch new file mode 100644 index 0000000..b84b8aa --- /dev/null +++ b/net-tools/patches/008-net-tools-sctp-statistics.patch @@ -0,0 +1,534 @@ +diff -up net-tools-2.0/netstat.c.sctp net-tools-2.0/netstat.c +--- net-tools-2.0/netstat.c.sctp 2013-09-23 15:14:59.524866201 +0200 ++++ net-tools-2.0/netstat.c 2013-09-23 15:24:20.259143969 +0200 +@@ -115,7 +115,7 @@ + #endif + + /* prototypes for statistics.c */ +-int parsesnmp(int, int, int); ++int parsesnmp(int, int, int, int); + void inittab(void); + int parsesnmp6(int, int, int); + void inittab6(void); +@@ -888,159 +888,269 @@ static int igmp_info(void) + igmp_do_one, "igmp", "igmp6"); + } + +-static int ip_parse_dots(uint32_t *addr, char const *src) { +- unsigned a, b, c, d; +- unsigned ret = 4-sscanf(src, "%u.%u.%u.%u", &a, &b, &c, &d); +- *addr = htonl((a << 24)|(b << 16)|(c << 8)|d); +- return ret; +-} +- +-static void print_ip_service(struct sockaddr_in *addr, char const *protname, +- char *buf, unsigned size) { +- struct aftype *ap; +- +- if(size == 0) return; +- +- /* print host */ +- if((ap = get_afntype(addr->sin_family)) == NULL) { +- fprintf(stderr, _("netstat: unsupported address family %d !\n"), +- addr->sin_family); +- return; +- } +- safe_strncpy(buf, ap->sprint((struct sockaddr*)addr, flag_not), size); +- +- /* print service */ +- if(flag_all || (flag_lst && !addr->sin_port) || (!flag_lst && addr->sin_port)) { +- char bfs[32]; +- +- snprintf(bfs, sizeof(bfs), "%s", +- get_sname(addr->sin_port, (char*)protname, flag_not & FLAG_NUM_PORT)); +- +- /* check if we must cut on host and/or service name */ +- { +- unsigned const bufl = strlen(buf); +- unsigned const bfsl = strlen(bfs); +- +- if(bufl+bfsl+2 > size) { +- unsigned const half = (size-2)>>1; +- if(bufl > half) { +- if(bfsl > half) { +- buf[size-2-half] = '\0'; +- bfs[half+1] = '\0'; +- } +- else buf[size-2-bfsl] = '\0'; +- } +- else bfs[size-2-bufl] = '\0'; +- } ++static const char *sctp_socket_state_str(int state) ++{ ++ if(state>=0 && state<=10) ++ return tcp_state[state]; ++ else { ++ static char state_str_buf[64]; ++ sprintf(state_str_buf,"UNKNOWN(%d)",state); ++ return state_str_buf; + } +- strcat(buf, ":"); +- strcat(buf, bfs); +- } + } + +-/* process single SCTP endpoint */ +-static void sctp_do_ept(int lnr, char const *line, const char *prot) ++static struct aftype *process_sctp_addr_str(const char *addr_str, struct sockaddr *sa) + { +- struct sockaddr_in laddr, raddr; +- unsigned uid, inode; +- +- char l_addr[23], r_addr[23]; +- +- /* fill sockaddr_in structures */ +- { +- unsigned lport; +- unsigned ate; +- +- if(lnr == 0) return; +- if(sscanf(line, "%*X %*X %*u %*u %*u %u %u %u %n", +- &lport, &uid, &inode, &ate) < 3) goto err; +- +- /* decode IP address */ +- if(ip_parse_dots(&laddr.sin_addr.s_addr, line+ate)) goto err; +- raddr.sin_addr.s_addr = htonl(0); +- laddr.sin_family = raddr.sin_family = AF_INET; +- laddr.sin_port = htons(lport); +- raddr.sin_port = htons(0); +- } ++ if (strchr(addr_str,':')) { ++#if HAVE_AFINET6 ++ extern struct aftype inet6_aftype; ++ /* Demangle what the kernel gives us */ ++ struct in6_addr in6; ++ char addr6_str[INET6_ADDRSTRLEN]; ++ unsigned u0,u1,u2,u3,u4,u5,u6,u7; ++ sscanf(addr_str, "%04X:%04X:%04X:%04X:%04X:%04X:%04X:%04X", ++ &u0, &u1, &u2, &u3, &u4, &u5, &u6, &u7); ++ in6.s6_addr16[0] = htons(u0); ++ in6.s6_addr16[1] = htons(u1); ++ in6.s6_addr16[2] = htons(u2); ++ in6.s6_addr16[3] = htons(u3); ++ in6.s6_addr16[4] = htons(u4); ++ in6.s6_addr16[5] = htons(u5); ++ in6.s6_addr16[6] = htons(u6); ++ in6.s6_addr16[7] = htons(u7); ++ ++ inet_ntop(AF_INET6, &in6, addr6_str, sizeof(addr6_str)); ++ inet6_aftype.input(1, addr6_str, sa); ++ sa->sa_family = AF_INET6; ++#endif ++ } else { ++ ((struct sockaddr_in*)sa)->sin_addr.s_addr = inet_addr(addr_str); ++ sa->sa_family = AF_INET; ++ } ++ return get_afntype(sa->sa_family); ++} + +- /* print IP:service to l_addr and r_addr */ +- print_ip_service(&laddr, prot, l_addr, sizeof(l_addr)); +- print_ip_service(&raddr, prot, r_addr, sizeof(r_addr)); +- +- /* Print line */ +- printf("%-4s %6d %6d %-*s %-*s %-11s", +- prot, 0, 0, +- (int)netmax(23,strlen(l_addr)), l_addr, +- (int)netmax(23,strlen(r_addr)), r_addr, +- _(tcp_state[TCP_LISTEN])); +- finish_this_one(uid, inode, ""); +- return; +- err: +- fprintf(stderr, "SCTP error in line: %d\n", lnr); +-} +- +-/* process single SCTP association */ +-static void sctp_do_assoc(int lnr, char const *line, const char *prot) +-{ +- struct sockaddr_in laddr, raddr; +- unsigned long rxq, txq; +- unsigned uid, inode; +- +- char l_addr[23], r_addr[23]; +- +- /* fill sockaddr_in structures */ +- { +- unsigned lport, rport; +- unsigned ate; +- char const *addr; +- +- if(lnr == 0) return; +- if(sscanf(line, "%*X %*X %*u %*u %*u %*u %*u %lu %lu %u %u %u %u %n", +- &txq, &rxq, &uid, &inode, &lport, &rport, &ate) < 6) goto err; +- +- /* decode IP addresses */ +- addr = strchr(line+ate, '*'); +- if(addr == 0) goto err; +- if(ip_parse_dots(&laddr.sin_addr.s_addr, ++addr)) goto err; +- addr = strchr(addr, '*'); +- if(addr == 0) goto err; +- if(ip_parse_dots(&raddr.sin_addr.s_addr, ++addr)) goto err; +- +- /* complete sockaddr_in structures */ +- laddr.sin_family = raddr.sin_family = AF_INET; +- laddr.sin_port = htons(lport); +- raddr.sin_port = htons(rport); +- } ++static void sctp_eps_do_one(int lnr, char *line, const char *proto) ++{ ++ char buffer[1024]; ++ int state, port; ++ int uid; ++ unsigned long inode; ++ struct aftype *ap; ++#if HAVE_AFINET6 ++ struct sockaddr_in6 localaddr; ++#else ++ struct sockaddr_in localaddr; ++#endif ++ const char *sst_str; ++ const char *lport_str; ++ const char *uid_str; ++ const char *inode_str; ++ char *laddrs_str; ++ ++ if(lnr == 0) { ++ /* ENDPT SOCK STY SST HBKT LPORT UID INODE LADDRS */ ++ return; ++ } ++ strtok(line," \t\n"); /*skip endpt*/ ++ strtok(0," \t\n"); /*skip sock*/ ++ strtok(0," \t\n"); /*skp sty*/ ++ sst_str = strtok(0," \t\n"); ++ strtok(0," \t\n"); /*skip hash bucket*/ ++ lport_str=strtok(0," \t\n"); ++ uid_str = strtok(0," \t\n"); ++ inode_str = strtok(0," \t\n"); ++ laddrs_str=strtok(0,"\t\n"); ++ ++ if (!sst_str || !lport_str || !uid_str || !inode_str) { ++ fprintf(stderr, _("warning, got bogus sctp eps line.\n")); ++ return; ++ } ++ state = atoi(sst_str); ++ port = atoi(lport_str); ++ uid = atoi(uid_str); ++ inode = strtoul(inode_str,0,0); ++ ++ const char *this_local_addr; ++ int first=1; ++ char local_port[16]; ++ snprintf(local_port, sizeof(local_port), "%s", ++ get_sname(htons(port), proto, flag_not & FLAG_NUM_PORT)); ++ for(this_local_addr=strtok(laddrs_str," \t\n"); ++ this_local_addr; ++ this_local_addr=strtok(0," \t\n")) ++ { ++ char local_addr[64]; ++ ap = process_sctp_addr_str(this_local_addr, (struct sockaddr*)&localaddr); ++ if(ap) ++ safe_strncpy(local_addr, ++ ap->sprint((struct sockaddr *) &localaddr, flag_not), ++ sizeof(local_addr)); ++ else ++ sprintf(local_addr,_("unsupported address family %d"), ((struct sockaddr*)&localaddr)->sa_family); ++ ++ if(!first) printf("\n"); ++ if(first) ++ printf("sctp "); ++ else ++ printf(" "); ++ sprintf(buffer,"%s:%s", local_addr, local_port); ++ printf("%-47s", buffer); ++ printf(" %-11s", first?sctp_socket_state_str(state):""); ++ first = 0; ++ } ++ finish_this_one(uid,inode,""); ++} ++ ++static void sctp_assoc_do_one(int lnr, char *line, const char *proto) ++{ ++ char buffer[1024]; ++ int state, lport,rport; ++ int uid; ++ unsigned rxqueue,txqueue; ++ unsigned long inode; ++ ++ struct aftype *ap; ++#if HAVE_AFINET6 ++ struct sockaddr_in6 localaddr,remoteaddr; ++#else ++ struct sockaddr_in localaddr,remoteaddr; ++#endif ++ const char *sst_str; ++ const char *txqueue_str; ++ const char *rxqueue_str; ++ const char *lport_str,*rport_str; ++ const char *uid_str; ++ const char *inode_str; ++ char *laddrs_str; ++ char *raddrs_str; ++ ++ if(lnr == 0) { ++ /* ASSOC SOCK STY SST ST HBKT ASSOC-ID TX_QUEUE RX_QUEUE UID INODE LPORT RPORT LADDRS <-> RADDRS */ ++ return; ++ } ++ ++ strtok(line," \t\n"); /*skip assoc*/ ++ strtok(0," \t\n"); /*skip sock*/ ++ strtok(0," \t\n"); /*skp sty*/ ++ sst_str = strtok(0," \t\n"); ++ strtok(0," \t\n"); ++ strtok(0," \t\n"); /*skip hash bucket*/ ++ strtok(0," \t\n"); /*skip hash assoc-id*/ ++ txqueue_str = strtok(0," \t\n"); ++ rxqueue_str = strtok(0," \t\n"); ++ uid_str = strtok(0," \t\n"); ++ inode_str = strtok(0," \t\n"); ++ lport_str=strtok(0," \t\n"); ++ rport_str=strtok(0," \t\n"); ++ laddrs_str = strtok(0,"<->\t\n"); ++ raddrs_str = strtok(0,"<->\t\n"); ++ ++ if (!sst_str || !txqueue_str || !rxqueue_str || !uid_str || ++ !inode_str || !lport_str || !rport_str) { ++ fprintf(stderr, _("warning, got bogus sctp assoc line.\n")); ++ return; ++ } ++ ++ state = atoi(sst_str); ++ txqueue = atoi(txqueue_str); ++ rxqueue = atoi(rxqueue_str); ++ uid = atoi(uid_str); ++ inode = strtoul(inode_str,0,0); ++ lport = atoi(lport_str); ++ rport = atoi(rport_str); ++ ++ /*print all addresses*/ ++ const char *this_local_addr; ++ const char *this_remote_addr; ++ char *ss1,*ss2; ++ int first=1; ++ char local_port[16]; ++ char remote_port[16]; ++ snprintf(local_port, sizeof(local_port), "%s", ++ get_sname(htons(lport), proto, ++ flag_not & FLAG_NUM_PORT)); ++ snprintf(remote_port, sizeof(remote_port), "%s", ++ get_sname(htons(rport), proto, ++ flag_not & FLAG_NUM_PORT)); ++ ++ this_local_addr=strtok_r(laddrs_str," \t\n",&ss1); ++ this_remote_addr=strtok_r(raddrs_str," \t\n",&ss2); ++ while(this_local_addr || this_remote_addr) { ++ char local_addr[64]; ++ char remote_addr[64]; ++ ++ if(this_local_addr) { ++ if (this_local_addr[0] == '*') { ++ /* skip * */ ++ this_local_addr++; ++ } ++ ap = process_sctp_addr_str(this_local_addr, (struct sockaddr*)&localaddr); ++ if(ap) ++ safe_strncpy(local_addr, ++ ap->sprint((struct sockaddr *) &localaddr, flag_not), sizeof(local_addr)); ++ else ++ sprintf(local_addr,_("unsupported address family %d"), ((struct sockaddr*)&localaddr)->sa_family); ++ } ++ if(this_remote_addr) { ++ if (this_remote_addr[0] == '*') { ++ /* skip * */ ++ this_remote_addr++; ++ } ++ ap = process_sctp_addr_str(this_remote_addr, (struct sockaddr*)&remoteaddr); ++ if(ap) ++ safe_strncpy(remote_addr, ++ ap->sprint((struct sockaddr *) &remoteaddr, flag_not), sizeof(remote_addr)); ++ else ++ sprintf(remote_addr,_("unsupported address family %d"), ((struct sockaddr*)&remoteaddr)->sa_family); ++ } + +- /* print IP:service to l_addr and r_addr */ +- print_ip_service(&laddr, prot, l_addr, sizeof(l_addr)); +- print_ip_service(&raddr, prot, r_addr, sizeof(r_addr)); +- +- /* Print line */ +- printf("%-4s %6ld %6ld %-*s %-*s %-11s", +- prot, rxq, txq, +- (int)netmax(23,strlen(l_addr)), l_addr, +- (int)netmax(23,strlen(r_addr)), r_addr, +- _(tcp_state[TCP_ESTABLISHED])); +- finish_this_one(uid, inode, ""); +- return; +- err: +- fprintf(stderr, "SCTP error in line: %d\n", lnr); ++ if(!first) printf("\n"); ++ if(first) ++ printf("sctp %6u %6u ", rxqueue, txqueue); ++ else ++ printf(" "); ++ if(this_local_addr) { ++ if(first) ++ sprintf(buffer,"%s:%s", local_addr, local_port); ++ else ++ sprintf(buffer,"%s", local_addr); ++ printf("%-23s", buffer); ++ } else ++ printf("%-23s", ""); ++ printf(" "); ++ if(this_remote_addr) { ++ if(first) ++ sprintf(buffer,"%s:%s", remote_addr, remote_port); ++ else ++ sprintf(buffer,"%s", remote_addr); ++ printf("%-23s", buffer); ++ } else ++ printf("%-23s", ""); ++ ++ printf(" %-11s", first?sctp_socket_state_str(state):""); ++ ++ first = 0; ++ this_local_addr=strtok_r(0," \t\n",&ss1); ++ this_remote_addr=strtok_r(0," \t\n",&ss2); ++ } ++ finish_this_one(uid,inode,""); + } + +-static int sctp_info_epts(void) { ++static int sctp_info_eps(void) ++{ + INFO_GUTS6(_PATH_PROCNET_SCTPEPTS, _PATH_PROCNET_SCTP6EPTS, "AF INET (sctp)", +- sctp_do_ept, "sctp", "sctp6"); ++ sctp_eps_do_one, "sctp", "sctp6"); + } + + static int sctp_info_assocs(void) { + INFO_GUTS6(_PATH_PROCNET_SCTPASSOCS, _PATH_PROCNET_SCTP6ASSOCS, "AF INET (sctp)", +- sctp_do_assoc, "sctp", "sctp6"); ++ sctp_assoc_do_one, "sctp", "sctp6"); + } + + static int sctp_info(void) { + int res; +- res = sctp_info_epts(); ++ res = sctp_info_eps(); + if(res) return res; + return sctp_info_assocs(); + } +@@ -2234,7 +2344,7 @@ int main + if (!strcmp(afname, "inet")) { + #if HAVE_AFINET + inittab(); +- i = parsesnmp(flag_raw, flag_tcp, flag_udp); ++ i = parsesnmp(flag_raw, flag_tcp, flag_udp, flag_sctp); + #else + ENOSUPP("netstat", "AF INET"); + #endif +diff -up net-tools-2.0/statistics.c.sctp net-tools-2.0/statistics.c +--- net-tools-2.0/statistics.c.sctp 2013-09-23 15:14:59.501866518 +0200 ++++ net-tools-2.0/statistics.c 2013-09-23 15:14:59.534866063 +0200 +@@ -21,7 +21,7 @@ + #define UFWARN(x) + #endif + +-int print_static,f_raw,f_tcp,f_udp,f_unknown = 1; ++int print_static,f_raw,f_tcp,f_udp,f_sctp,f_unknown = 1; + + enum State { + number = 0, opt_number, i_forward, i_inp_icmp, i_outp_icmp, i_rto_alg, +@@ -299,6 +299,27 @@ struct entry Tcpexttab[] = + { "TCPRenoRecoveryFail", N_("%llu classic Reno fast retransmits failed"), opt_number }, + }; + ++struct entry Sctptab[] = ++{ ++ {"SctpCurrEstab", N_("%llu Current Associations"), number}, ++ {"SctpActiveEstabs", N_("%llu Active Associations"), number}, ++ {"SctpPassiveEstabs", N_("%llu Passive Associations"), number}, ++ {"SctpAborteds", N_("%llu Number of Aborteds "), number}, ++ {"SctpShutdowns", N_("%llu Number of Graceful Terminations"), number}, ++ {"SctpOutOfBlues", N_("%llu Number of Out of Blue packets"), number}, ++ {"SctpChecksumErrors", N_("%llu Number of Packets with invalid Checksum"), number}, ++ {"SctpOutCtrlChunks", N_("%llu Number of control chunks sent"), number}, ++ {"SctpOutOrderChunks", N_("%llu Number of ordered chunks sent"), number}, ++ {"SctpOutUnorderChunks", N_("%llu Number of Unordered chunks sent"), number}, ++ {"SctpInCtrlChunks", N_("%llu Number of control chunks received"), number}, ++ {"SctpInOrderChunks", N_("%llu Number of ordered chunks received"), number}, ++ {"SctpInUnorderChunks", N_("%llu Number of Unordered chunks received"), number}, ++ {"SctpFragUsrMsgs", N_("%llu Number of messages fragmented"), number}, ++ {"SctpReasmUsrMsgs", N_("%llu Number of messages reassembled "), number}, ++ {"SctpOutSCTPPacks", N_("%llu Number of SCTP packets sent"), number}, ++ {"SctpInSCTPPacks", N_("%llu Number of SCTP packets received"), number}, ++}; ++ + struct tabtab { + char *title; + struct entry *tab; +@@ -312,6 +333,7 @@ struct tabtab snmptabs[] = + {"Icmp", Icmptab, sizeof(Icmptab), &f_raw}, + {"Tcp", Tcptab, sizeof(Tcptab), &f_tcp}, + {"Udp", Udptab, sizeof(Udptab), &f_udp}, ++ {"Sctp", Sctptab, sizeof(Sctptab), &f_sctp}, + {"TcpExt", Tcpexttab, sizeof(Tcpexttab), &f_tcp}, + {NULL} + }; +@@ -502,11 +524,38 @@ void process6_fd(FILE *f) + + } + +-int parsesnmp(int flag_raw, int flag_tcp, int flag_udp) ++/* Process a file with name-value lines (like /proc/net/sctp/snmp) */ ++void process_fd2(FILE *f, const char *filename) ++{ ++ char buf1[1024]; ++ char *sp; ++ struct tabtab *tab; ++ ++ tab = newtable(snmptabs, "Sctp"); ++ ++ while (fgets(buf1, sizeof buf1, f)) { ++ sp = buf1 + strcspn(buf1, " \t\n"); ++ if (!sp) { ++ fprintf(stderr,_("error parsing %s\n"), filename); ++ return; ++ } ++ *sp = '\0'; ++ sp++; ++ ++ sp += strspn(sp, " \t\n"); ++ ++ if (*sp != '\0' && *(tab->flag)) ++ printval(tab, buf1, strtoul(sp, 0, 10)); ++ } ++ return; ++} ++ ++int parsesnmp(int flag_raw, int flag_tcp, int flag_udp, int flag_sctp) ++ + { + FILE *f; + +- f_raw = flag_raw; f_tcp = flag_tcp; f_udp = flag_udp; ++ f_raw = flag_raw; f_tcp = flag_tcp; f_udp = flag_udp; f_sctp = flag_sctp; + + f = proc_fopen("/proc/net/snmp"); + if (!f) { +@@ -539,6 +588,17 @@ int parsesnmp(int flag_raw, int flag_tcp + + fclose(f); + } ++ ++ f = proc_fopen("/proc/net/sctp/snmp"); ++ if (f) { ++ process_fd2(f,"/proc/net/sctp/snmp"); ++ if (ferror(f)) { ++ perror("/proc/net/sctp/snmp"); ++ fclose(f); ++ return(1); ++ } ++ } ++ + return(0); + } + diff --git a/net-tools/patches/009-net-tools-ifconfig-long-iface-crasher.patch b/net-tools/patches/009-net-tools-ifconfig-long-iface-crasher.patch new file mode 100644 index 0000000..d1ba077 --- /dev/null +++ b/net-tools/patches/009-net-tools-ifconfig-long-iface-crasher.patch @@ -0,0 +1,36 @@ +diff -up net-tools-2.0/lib/interface.c.long_iface net-tools-2.0/lib/interface.c +--- net-tools-2.0/lib/interface.c.long_iface 2014-11-24 15:09:45.130254503 +0100 ++++ net-tools-2.0/lib/interface.c 2014-11-24 15:10:54.662270496 +0100 +@@ -216,6 +216,7 @@ out: + + static const char *get_name(char **namep, const char *p) + { ++ int count = 0; + while (isspace(*p)) + p++; + char *name = *namep = p; +@@ -224,7 +225,13 @@ static const char *get_name(char **namep + break; + if (*p == ':') { /* could be an alias */ + const char *dot = p++; +- while (*p && isdigit(*p)) p++; ++ count++; ++ while (*p && isdigit(*p)) { ++ p++; ++ count++; ++ if (count == (IFNAMSIZ-1)) ++ break; ++ } + if (*p == ':') { + /* Yes it is, backup and copy it. */ + p = dot; +@@ -240,6 +247,9 @@ static const char *get_name(char **namep + break; + } + *name++ = *p++; ++ count++; ++ if (count == (IFNAMSIZ-1)) ++ break; + } + *name++ = '\0'; + return p; diff --git a/net-tools/patches/net-tools-1.57-bug22040.patch b/net-tools/patches/net-tools-1.57-bug22040.patch deleted file mode 100644 index 76f04d5..0000000 --- a/net-tools/patches/net-tools-1.57-bug22040.patch +++ /dev/null @@ -1,50 +0,0 @@ ---- net-tools-1.57/arp.c.orig Sun May 14 17:57:41 2000 -+++ net-tools-1.57/arp.c Sat Nov 25 15:05:27 2000 -@@ -618,6 +618,7 @@ - fprintf(stderr, _(" arp [-v] [<HW>] [-i <if>] -Ds <hostname> <if> [netmask <nm>] pub <-''-\n\n")); - - fprintf(stderr, _(" -a display (all) hosts in alternative (BSD) style\n")); -+ fprintf(stderr, _(" -e display (all) hosts in default (Linux) style\n")); - fprintf(stderr, _(" -s, --set set a new ARP entry\n")); - fprintf(stderr, _(" -d, --delete delete a specified entry\n")); - fprintf(stderr, _(" -v, --verbose be verbose\n")); ---- net-tools-1.57/man/en_US/arp.8.orig Sat Nov 25 15:13:26 2000 -+++ net-tools-1.57/man/en_US/arp.8 Sat Nov 25 15:15:12 2000 -@@ -3,7 +3,7 @@ - arp - manipulate the system ARP cache - .SH SYNOPSIS - .B arp --.RB [ -vn ] -+.RB [ -evn ] - .RB [ "-H type" ] - .RB [ "-i if" ] - .B -a -@@ -60,7 +60,7 @@ - shows numerical addresses instead of trying to determine symbolic host, port - or user names. - .TP --.B "-H type, --hw-type type" -+.B "-H type, --hw-type type, -t type" - When setting or reading the ARP cache, this optional parameter tells - .B arp - which class of entries it should check for. The default value of -@@ -81,7 +81,8 @@ - .B hostname - parameter is not used, - .B all --entries will be displayed. -+entries will be displayed. -+The entries will be displayed in alternate (BSD) style. - .TP - .B "-d hostname, --delete hostname" - Remove any entry for the specified host. This can be used if the -@@ -91,6 +92,9 @@ - Use the interface - .BR ifa "'s" - hardware address. -+.TP -+.B "-e" -+Shows the entries in default (Linux) style. - .TP - .B "-i If, --device If" - Select an interface. When dumping the ARP cache only entries matching diff --git a/net-tools/patches/net-tools-1.60-IA64.patch b/net-tools/patches/net-tools-1.60-IA64.patch deleted file mode 100644 index 0e59c3f..0000000 --- a/net-tools/patches/net-tools-1.60-IA64.patch +++ /dev/null @@ -1,33 +0,0 @@ -diff -up net-tools-1.60/ifconfig.c.IA64 net-tools-1.60/ifconfig.c ---- net-tools-1.60/ifconfig.c.IA64 2010-01-02 11:35:39.000000000 +0100 -+++ net-tools-1.60/ifconfig.c 2010-01-02 11:35:39.000000000 +0100 -@@ -894,7 +894,8 @@ int main(int argc, char **argv) - continue; - } - -- memcpy(&ip, &sin.sin_addr.s_addr, sizeof(unsigned long)); -+ memset(&ip, 0, sizeof(unsigned long)); -+ memcpy(&ip, &sin.sin_addr.s_addr, sizeof(sin.sin_addr.s_addr)); - - if (get_nmbc_parent(ifr.ifr_name, &nm, &bc) < 0) { - fprintf(stderr, _("Interface %s not initialized\n"), -diff -up net-tools-1.60/lib/interface.c.IA64 net-tools-1.60/lib/interface.c ---- net-tools-1.60/lib/interface.c.IA64 2010-01-02 11:35:39.000000000 +0100 -+++ net-tools-1.60/lib/interface.c 2010-01-02 12:03:05.000000000 +0100 -@@ -491,14 +491,14 @@ int if_fetch(struct interface *ife) - if (ioctl(skfd, SIOCGOUTFILL, &ifr) < 0) - ife->outfill = 0; - else -- ife->outfill = (unsigned int) ifr.ifr_data; -+ ife->outfill = (unsigned long) ifr.ifr_data; - #endif - #ifdef SIOCGKEEPALIVE - strcpy(ifr.ifr_name, ifname); - if (ioctl(skfd, SIOCGKEEPALIVE, &ifr) < 0) - ife->keepalive = 0; - else -- ife->keepalive = (unsigned int) ifr.ifr_data; -+ ife->keepalive = (unsigned long) ifr.ifr_data; - #endif - } - #endif diff --git a/net-tools/patches/net-tools-1.60-a-option.patch b/net-tools/patches/net-tools-1.60-a-option.patch deleted file mode 100644 index b17db8d..0000000 --- a/net-tools/patches/net-tools-1.60-a-option.patch +++ /dev/null @@ -1,44 +0,0 @@ ---- net-tools-1.60/man/de_DE/arp.8.a-option 2008-07-08 16:35:08.000000000 +0200 -+++ net-tools-1.60/man/de_DE/arp.8 2008-07-08 16:35:35.000000000 +0200 -@@ -77,7 +77,7 @@ Andere m(:ogliche Werte sind Netzwerkst - and - .RB "NET/ROM (" netrom ")." - .TP --.B "-a [Rechnername], --display [Rechnername]" -+.B "-a [Rechnername], --all [Rechnername]" - Zeigt die Eintr(:age der angegebenen Rechner an. Wird kein - .B hostname - Argument verwendet, so werden alle Eintr(:age aufgelistet. ---- net-tools-1.60/man/en_US/arp.8.a-option 2008-07-08 16:35:41.000000000 +0200 -+++ net-tools-1.60/man/en_US/arp.8 2008-07-08 16:35:48.000000000 +0200 -@@ -76,7 +76,7 @@ Other values might include network techn - and - .RB "NET/ROM (" netrom ")." - .TP --.B "-a [hostname], --display [hostname]" -+.B "-a [hostname], --all [hostname]" - Shows the entries of the specified hosts. If the - .B hostname - parameter is not used, ---- net-tools-1.60/man/fr_FR/arp.8.a-option 2008-07-08 16:35:53.000000000 +0200 -+++ net-tools-1.60/man/fr_FR/arp.8 2008-07-08 16:36:03.000000000 +0200 -@@ -81,7 +81,7 @@ D'autres valeurs doivent correspondre à - and - .RB "NET/ROM (" netrom ")." - .TP --.B "-a [nom_d_hôte], --display [nom_d_hôte]" -+.B "-a [nom_d_hôte], --all [nom_d_hôte]" - Affiche les entrées concernant l'hôte spécifié. Si le paramètre - .B nom_d_hôte - n'est pas utilisé, ---- net-tools-1.60/man/pt_BR/arp.8.a-option 2008-07-08 16:38:13.000000000 +0200 -+++ net-tools-1.60/man/pt_BR/arp.8 2008-07-08 16:38:20.000000000 +0200 -@@ -77,7 +77,7 @@ Outros valores podem incluir tecnologias - e - .RB "NET/ROM (" netrom ")." - .TP --.B "-a [máquina], --display [máquina]" -+.B "-a [máquina], --all [máquina]" - Mostra as entradas das máquinas especificadas. Se o parâmetro - .B máquina - não for usado, diff --git a/net-tools/patches/net-tools-1.60-arp-unaligned-access.patch b/net-tools/patches/net-tools-1.60-arp-unaligned-access.patch deleted file mode 100644 index ed0c99a..0000000 --- a/net-tools/patches/net-tools-1.60-arp-unaligned-access.patch +++ /dev/null @@ -1,116 +0,0 @@ ---- net-tools-1.60/arp.c 2001-04-08 10:05:05.000000000 -0700 -+++ net-tools-1.60.new/arp.c 2006-01-31 13:10:01.479716750 -0800 -@@ -100,7 +100,7 @@ static int arp_del(char **args) - { - char host[128]; - struct arpreq req; -- struct sockaddr sa; -+ struct sockaddr_storage ss; - int flags = 0; - int err; - -@@ -112,12 +112,12 @@ static int arp_del(char **args) - return (-1); - } - safe_strncpy(host, *args, (sizeof host)); -- if (ap->input(0, host, &sa) < 0) { -+ if (ap->input(0, host, (struct sockaddr*)&ss) < 0) { - ap->herror(host); - return (-1); - } - /* If a host has more than one address, use the correct one! */ -- memcpy((char *) &req.arp_pa, (char *) &sa, sizeof(struct sockaddr)); -+ memcpy((char *) &req.arp_pa, (char *) &ss, sizeof(struct sockaddr)); - - if (hw_set) - req.arp_ha.sa_family = hw->type; -@@ -177,11 +177,11 @@ static int arp_del(char **args) - usage(); - if (strcmp(*args, "255.255.255.255") != 0) { - strcpy(host, *args); -- if (ap->input(0, host, &sa) < 0) { -+ if (ap->input(0, host, (struct sockaddr*)&ss) < 0) { - ap->herror(host); - return (-1); - } -- memcpy((char *) &req.arp_netmask, (char *) &sa, -+ memcpy((char *) &req.arp_netmask, (char *) &ss, - sizeof(struct sockaddr)); - req.arp_flags |= ATF_NETMASK; - } -@@ -260,7 +260,7 @@ static int arp_set(char **args) - { - char host[128]; - struct arpreq req; -- struct sockaddr sa; -+ struct sockaddr_storage ss; - int flags; - - memset((char *) &req, 0, sizeof(req)); -@@ -271,12 +271,12 @@ static int arp_set(char **args) - return (-1); - } - safe_strncpy(host, *args++, (sizeof host)); -- if (ap->input(0, host, &sa) < 0) { -+ if (ap->input(0, host, (struct sockaddr*)&ss) < 0) { - ap->herror(host); - return (-1); - } - /* If a host has more than one address, use the correct one! */ -- memcpy((char *) &req.arp_pa, (char *) &sa, sizeof(struct sockaddr)); -+ memcpy((char *) &req.arp_pa, (char *) &ss, sizeof(struct sockaddr)); - - /* Fetch the hardware address. */ - if (*args == NULL) { -@@ -346,11 +346,11 @@ static int arp_set(char **args) - usage(); - if (strcmp(*args, "255.255.255.255") != 0) { - strcpy(host, *args); -- if (ap->input(0, host, &sa) < 0) { -+ if (ap->input(0, host, (struct sockaddr*)&ss) < 0) { - ap->herror(host); - return (-1); - } -- memcpy((char *) &req.arp_netmask, (char *) &sa, -+ memcpy((char *) &req.arp_netmask, (char *) &ss, - sizeof(struct sockaddr)); - flags |= ATF_NETMASK; - } -@@ -519,7 +519,7 @@ static void arp_disp(char *name, char *i - static int arp_show(char *name) - { - char host[100]; -- struct sockaddr sa; -+ struct sockaddr_storage ss; - char ip[100]; - char hwa[100]; - char mask[100]; -@@ -535,11 +535,11 @@ static int arp_show(char *name) - if (name != NULL) { - /* Resolve the host name. */ - safe_strncpy(host, name, (sizeof host)); -- if (ap->input(0, host, &sa) < 0) { -+ if (ap->input(0, host, (struct sockaddr*)&ss) < 0) { - ap->herror(host); - return (-1); - } -- safe_strncpy(host, ap->sprint(&sa, 1), sizeof(host)); -+ safe_strncpy(host, ap->sprint((struct sockaddr*)&ss, 1), sizeof(host)); - } - /* Open the PROCps kernel table. */ - if ((fp = fopen(_PATH_PROCNET_ARP, "r")) == NULL) { -@@ -575,10 +575,11 @@ static int arp_show(char *name) - if (opt_n) - hostname = "?"; - else { -- if (ap->input(0, ip, &sa) < 0) -+ if (ap->input(0, ip, (struct sockaddr*)&ss) < 0) - hostname = ip; - else -- hostname = ap->sprint(&sa, opt_n | 0x8000); -+ hostname = ap->sprint((struct sockaddr*)&ss, -+ opt_n | 0x8000); - if (strcmp(hostname, ip) == 0) - hostname = "?"; - } - diff --git a/net-tools/patches/net-tools-1.60-arp_man.patch b/net-tools/patches/net-tools-1.60-arp_man.patch deleted file mode 100644 index 7175ddc..0000000 --- a/net-tools/patches/net-tools-1.60-arp_man.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- net-tools-1.60/man/en_US/arp.8.old 2006-05-02 14:38:10.000000000 +0200 -+++ net-tools-1.60/man/en_US/arp.8 2006-05-02 14:44:23.000000000 +0200 -@@ -150,8 +150,8 @@ - is used as default. - .sp 1 - The format of the file is simple; it --only contains ASCII text lines with a hostname, and a hardware --address separated by whitespace. Additionally the -+only contains ASCII text lines with a hardware -+address and a hostname separated by whitespace. Additionally the - .BR "pub" , " temp" " and" " netmask" - flags can be used. - .LP diff --git a/net-tools/patches/net-tools-1.60-arp_overflow.patch b/net-tools/patches/net-tools-1.60-arp_overflow.patch deleted file mode 100644 index 4679a51..0000000 --- a/net-tools/patches/net-tools-1.60-arp_overflow.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- net-tools-1.60/arp.c.old 2005-08-03 08:23:46.000000000 +0200 -+++ net-tools-1.60/arp.c 2005-08-03 11:02:10.000000000 +0200 -@@ -235,7 +235,7 @@ - struct ifreq ifr; - struct hwtype *xhw; - -- strcpy(ifr.ifr_name, ifname); -+ strncpy(ifr.ifr_name, ifname, IFNAMSIZ); - if (ioctl(sockfd, SIOCGIFHWADDR, &ifr) < 0) { - fprintf(stderr, _("arp: cant get HW-Address for `%s': %s.\n"), ifname, strerror(errno)); - return (-1); diff --git a/net-tools/patches/net-tools-1.60-avoid-name-resolution.patch b/net-tools/patches/net-tools-1.60-avoid-name-resolution.patch deleted file mode 100644 index 365fcd2..0000000 --- a/net-tools/patches/net-tools-1.60-avoid-name-resolution.patch +++ /dev/null @@ -1,31 +0,0 @@ -diff -up net-tools-1.60/netstat.c.avoid-name-resolution net-tools-1.60/netstat.c ---- net-tools-1.60/netstat.c.avoid-name-resolution 2009-08-28 10:48:40.000000000 +0200 -+++ net-tools-1.60/netstat.c 2009-08-14 12:36:56.000000000 +0200 -@@ -961,6 +961,10 @@ static void tcp_do_one(int lnr, const ch - &d, local_addr, &local_port, rem_addr, &rem_port, &state, - &txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more); - -+ if (!flag_all && -+ ((flag_lst && rem_port) || (!flag_lst && !rem_port))) -+ return; -+ - if (strlen(local_addr) > 8) { - #if HAVE_AFINET6 - /* Demangle what the kernel gives us */ -@@ -1014,7 +1018,7 @@ static void tcp_do_one(int lnr, const ch - flag_not & FLAG_NUM_HOST), sizeof(local_addr)); - safe_strncpy(rem_addr, ap->sprint((struct sockaddr *) &remaddr, flag_not & FLAG_NUM_HOST), - sizeof(rem_addr)); -- if (flag_all || (flag_lst && !rem_port) || (!flag_lst && rem_port)) { -+ - snprintf(buffer, sizeof(buffer), "%s", - get_sname(htons(local_port), "tcp", - flag_not & FLAG_NUM_PORT)); -@@ -1075,7 +1079,6 @@ static void tcp_do_one(int lnr, const ch - rxq, txq, local_addr, rem_addr, _(tcp_state[state])); - - finish_this_one(uid,inode,timers); -- } - } - - static int tcp_info(void) diff --git a/net-tools/patches/net-tools-1.60-bcast.patch b/net-tools/patches/net-tools-1.60-bcast.patch deleted file mode 100644 index 9489e26..0000000 --- a/net-tools/patches/net-tools-1.60-bcast.patch +++ /dev/null @@ -1,99 +0,0 @@ ---- net-tools-1.60/ifconfig.c.broadcast 2004-11-03 12:05:30.000000000 +0100 -+++ net-tools-1.60/ifconfig.c 2004-11-04 15:39:32.817077232 +0100 -@@ -36,6 +36,7 @@ - #include <sys/ioctl.h> - #include <netinet/in.h> - #include <net/if.h> -+#include <netinet/ip.h> - #include <net/if_arp.h> - #include <stdio.h> - #include <errno.h> -@@ -138,6 +139,7 @@ - perror("SIOCSIFFLAGS"); - return -1; - } -+ - return (0); - } - -@@ -212,17 +214,41 @@ - exit(0); - } - --static int set_netmask(int skfd, struct ifreq *ifr, struct sockaddr *sa) -+static int set_netmask(int skfd, struct ifreq *ifr, struct sockaddr *sa, int new_bcast) - { - int err = 0; -- -- memcpy((char *) &ifr->ifr_netmask, (char *) sa, -- sizeof(struct sockaddr)); -+ struct sockaddr_in * ip_addr, * netmask, *bcast; -+ struct ifreq ifraddr; -+ struct ifreq ifrbcast; -+ -+ memcpy((char *) &ifr->ifr_netmask, (char *) sa, -+ sizeof(struct sockaddr)); - if (ioctl(skfd, SIOCSIFNETMASK, ifr) < 0) { - fprintf(stderr, "SIOCSIFNETMASK: %s\n", - strerror(errno)); - err = 1; - } -+ -+ if (new_bcast) { -+ memcpy(&ifraddr,ifr,sizeof(struct ifreq)); -+ memcpy(&ifrbcast,ifr,sizeof(struct ifreq)); -+ -+ if (ioctl(skfd, SIOCGIFADDR, &ifraddr) < 0) { -+ fprintf(stderr, "SIOCGIFADDR: %s\n", strerror(errno)); -+ err = 1; -+ } -+ -+ ip_addr = (struct sockaddr_in *)&ifraddr.ifr_addr; -+ netmask = (struct sockaddr_in *)&ifr->ifr_netmask; -+ bcast = (struct sockaddr_in *)&ifrbcast.ifr_broadaddr; -+ /* calculate new broadcast adress */ -+ bcast->sin_addr.s_addr = ip_addr->sin_addr.s_addr | ~netmask->sin_addr.s_addr; -+ /* set new broadcast adress */ -+ if (ioctl(skfd, SIOCSIFBRDADDR, &ifrbcast) < 0) { -+ fprintf(stderr, "SIOCSIFBROADCAST: %s\n", strerror(errno)); -+ err = 1; -+ } -+ } - return 0; - } - -@@ -234,7 +260,7 @@ - struct aftype *ap; - struct hwtype *hw; - struct ifreq ifr; -- int goterr = 0, didnetmask = 0, donetmask = 0; -+ int goterr = 0, didnetmask = 0, donetmask = 0, dobcast = 1; - char **spp; - int fd; - #if HAVE_AFINET6 -@@ -506,6 +532,7 @@ - strerror(errno)); - goterr = 1; - } -+ dobcast = 0; - spp++; - } - goterr |= set_flag(ifr.ifr_name, IFF_BROADCAST); -@@ -542,7 +569,7 @@ - continue; - } - didnetmask++; -- goterr = set_netmask(ap->fd, &ifr, &sa); -+ goterr = set_netmask(ap->fd, &ifr, &sa, dobcast); - spp++; - continue; - } -@@ -964,7 +991,7 @@ - /* set CIDR netmask */ - if (donetmask) { - donetmask = 0; -- goterr = set_netmask(skfd, &ifr, &sa_netmask); -+ goterr = set_netmask(skfd, &ifr, &sa_netmask, dobcast); - didnetmask++; - } - diff --git a/net-tools/patches/net-tools-1.60-clear-flag.patch b/net-tools/patches/net-tools-1.60-clear-flag.patch deleted file mode 100644 index b8f3c59..0000000 --- a/net-tools/patches/net-tools-1.60-clear-flag.patch +++ /dev/null @@ -1,38 +0,0 @@ ---- net-tools-1.60/ifconfig.c.clear-flag 2008-07-08 11:21:33.000000000 +0200 -+++ net-tools-1.60/ifconfig.c 2008-07-08 11:22:55.000000000 +0200 -@@ -465,7 +465,7 @@ int main(int argc, char **argv) - } - if (!strcmp(*spp, "-allmulti")) { - goterr |= clr_flag(ifr.ifr_name, IFF_ALLMULTI); -- if (test_flag(ifr.ifr_name, IFF_MULTICAST) > 0) -+ if (test_flag(ifr.ifr_name, IFF_ALLMULTI) > 0) - fprintf(stderr, _("Warning: Interface %s still in ALLMULTI mode.\n"), ifr.ifr_name); - spp++; - continue; -@@ -488,7 +488,7 @@ int main(int argc, char **argv) - } - if (!strcmp(*spp, "-dynamic")) { - goterr |= clr_flag(ifr.ifr_name, IFF_DYNAMIC); -- if (test_flag(ifr.ifr_name, IFF_MULTICAST) > 0) -+ if (test_flag(ifr.ifr_name, IFF_DYNAMIC) > 0) - fprintf(stderr, _("Warning: Interface %s still in DYNAMIC mode.\n"), ifr.ifr_name); - spp++; - continue; -@@ -547,7 +547,7 @@ int main(int argc, char **argv) - - if (!strcmp(*spp, "-broadcast")) { - goterr |= clr_flag(ifr.ifr_name, IFF_BROADCAST); -- if (test_flag(ifr.ifr_name, IFF_MULTICAST) > 0) -+ if (test_flag(ifr.ifr_name, IFF_BROADCAST) > 0) - fprintf(stderr, _("Warning: Interface %s still in BROADCAST mode.\n"), ifr.ifr_name); - spp++; - continue; -@@ -676,7 +676,7 @@ int main(int argc, char **argv) - } - if (!strcmp(*spp, "-pointopoint")) { - goterr |= clr_flag(ifr.ifr_name, IFF_POINTOPOINT); -- if (test_flag(ifr.ifr_name, IFF_MULTICAST) > 0) -+ if (test_flag(ifr.ifr_name, IFF_POINTOPOINT) > 0) - fprintf(stderr, _("Warning: Interface %s still in POINTOPOINT mode.\n"), ifr.ifr_name); - spp++; - continue; diff --git a/net-tools/patches/net-tools-1.60-continous-flush-stdout.patch b/net-tools/patches/net-tools-1.60-continous-flush-stdout.patch deleted file mode 100644 index 57e9d66..0000000 --- a/net-tools/patches/net-tools-1.60-continous-flush-stdout.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff -up net-tools-1.60/netstat.c.continous-flush-stdout net-tools-1.60/netstat.c ---- net-tools-1.60/netstat.c.continous-flush-stdout 2009-08-28 10:57:12.000000000 +0200 -+++ net-tools-1.60/netstat.c 2009-08-28 10:58:48.000000000 +0200 -@@ -357,6 +357,12 @@ static void prg_cache_clear(void) - prg_cache_loaded=0; - } - -+static void wait_continous(const int reptimer) -+{ -+ fflush(stdout); -+ sleep(reptimer); -+} -+ - static void extract_type_1_socket_inode(const char lname[], unsigned long * inode_p, int * status) { - - /* If lname is of the form "socket:[12345]", extract the "12345" -@@ -2289,7 +2295,7 @@ int main - flag_not & FLAG_NUM_PORT, flag_exp); - if (i || !flag_cnt) - break; -- sleep(reptimer); -+ wait_continous(reptimer); - } - #else - ENOSUPP("netstat.c", "FW_MASQUERADE"); -@@ -2305,7 +2311,7 @@ int main - - if(i || !flag_cnt) - break; -- sleep(reptimer); -+ wait_continous(reptimer); - } - return(i); - } -@@ -2329,7 +2335,7 @@ int main - i = route_info(afname, options); - if (i || !flag_cnt) - break; -- sleep(reptimer); -+ wait_continous(reptimer); - } - return (i); - } -@@ -2338,7 +2344,7 @@ int main - i = iface_info(); - if (!flag_cnt || i) - break; -- sleep(reptimer); -+ wait_continous(reptimer); - } - return (i); - } -@@ -2470,7 +2476,7 @@ int main - } - if (!flag_cnt || i) - break; -- sleep(reptimer); -+ wait_continous(reptimer); - prg_cache_clear(); - tcp_node_hash_clear(); - } diff --git a/net-tools/patches/net-tools-1.60-cycle.patch b/net-tools/patches/net-tools-1.60-cycle.patch deleted file mode 100644 index ce659ec..0000000 --- a/net-tools/patches/net-tools-1.60-cycle.patch +++ /dev/null @@ -1,311 +0,0 @@ ---- net-tools-1.60/lib/interface.c.cycle 2003-02-11 14:29:29.000000000 +0100 -+++ net-tools-1.60/lib/interface.c 2003-02-11 14:29:29.000000000 +0100 -@@ -90,6 +90,7 @@ - static struct interface *int_list, *int_last; - - static int if_readlist_proc(char *); -+static int if_readlist_rep(char *, struct interface *); - - static struct interface *add_interface(char *name) - { -@@ -128,11 +129,13 @@ - int for_all_interfaces(int (*doit) (struct interface *, void *), void *cookie) - { - struct interface *ife; -+ int err; - - if (!int_list && (if_readlist() < 0)) - return -1; - for (ife = int_list; ife; ife = ife->next) { -- int err = doit(ife, cookie); -+ if_readlist_rep(ife->name, ife); -+ err = doit(ife, cookie); - if (err) - return err; - } -@@ -369,6 +372,42 @@ - return err; - } - -+ -+static int if_readlist_rep(char *target, struct interface *ife) -+{ -+ FILE *fh; -+ char buf[512]; -+ int err; -+ -+ fh = fopen(_PATH_PROCNET_DEV, "r"); -+ if (!fh) { -+ fprintf(stderr, _("Warning: cannot open %s (%s). Limited output.\n"), -+ _PATH_PROCNET_DEV, strerror(errno)); -+ return if_readconf(); -+ } -+ fgets(buf, sizeof buf, fh); /* eat line */ -+ fgets(buf, sizeof buf, fh); -+ -+ procnetdev_vsn = procnetdev_version(buf); -+ -+ err = 0; -+ while (fgets(buf, sizeof buf, fh)) { -+ char *s, name[IFNAMSIZ]; -+ s = get_name(name, buf); -+ get_dev_fields(s, ife); -+ ife->statistics_valid = 1; -+ if (target && !strcmp(target,name)) -+ break; -+ } -+ if (ferror(fh)) { -+ perror(_PATH_PROCNET_DEV); -+ err = -1; -+ } -+ -+ fclose(fh); -+ return err; -+} -+ - int if_readlist(void) - { - int err = if_readlist_proc(NULL); ---- net-tools-1.60/man/en_US/netstat.8.cycle 2001-01-07 13:43:57.000000000 +0100 -+++ net-tools-1.60/man/en_US/netstat.8 2003-02-11 14:29:29.000000000 +0100 -@@ -30,6 +30,7 @@ - .RB [ --program | -p ] - .RB [ --verbose | -v ] - .RB [ --continuous | -c] -+.RB [delay] - .P - .B netstat - .RB { --route | -r } -@@ -39,6 +40,7 @@ - .RB [ --numeric | -n ] - .RB [ --numeric-hosts ] [ --numeric-ports ] [ --numeric-ports ] - .RB [ --continuous | -c] -+.RB [delay] - .P - .B netstat - .RB { --interfaces | -i } -@@ -50,12 +52,14 @@ - .RB [ --numeric | -n ] - .RB [ --numeric-hosts ] [ --numeric-ports ] [ --numeric-ports ] - .RB [ --continuous | -c] -+.RB [delay] - .P - .B netstat - .RB { --groups | -g } - .RB [ --numeric | -n ] - .RB [ --numeric-hosts ] [ --numeric-ports ] [ --numeric-ports ] - .RB [ --continuous | -c] -+.RB [delay] - .P - .B netstat - .RB { --masquerade | -M } -@@ -63,12 +67,14 @@ - .RB [ --numeric | -n ] - .RB [ --numeric-hosts ] [ --numeric-ports ] [ --numeric-ports ] - .RB [ --continuous | -c] -+.RB [delay] - .P - .B netstat - .RB { --statistics | -s } - .RB [ --tcp | -t ] - .RB [ --udp | -u ] - .RB [ --raw | -w ] -+.RB [delay] - .P - .B netstat - .RB { --version | -V } -@@ -170,6 +176,10 @@ - Print routing information from the FIB. (This is the default.) - .SS "-C" - Print routing information from the route cache. -+.SS delay -+Netstat will cycle printing through statistics every -+.B delay -+seconds. - .IR UP . - .P - .SH OUTPUT ---- net-tools-1.60/netstat.c.cycle 2003-02-11 14:29:29.000000000 +0100 -+++ net-tools-1.60/netstat.c 2003-02-11 15:07:26.000000000 +0100 -@@ -102,7 +102,7 @@ - #endif - - /* prototypes for statistics.c */ --void parsesnmp(int, int, int); -+int parsesnmp(int, int, int); - void inittab(void); - - typedef enum { -@@ -1440,6 +1440,8 @@ - - static int iface_info(void) - { -+ static int count=0; -+ - if (skfd < 0) { - if ((skfd = sockets_open(0)) < 0) { - perror("socket"); -@@ -1449,20 +1451,21 @@ - } - if (flag_exp < 2) { - ife_short = 1; -- printf(_("Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg\n")); -+ if(!(count % 8)) -+ printf(_("Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg\n")); - } - - if (for_all_interfaces(do_if_print, &flag_all) < 0) { - perror(_("missing interface information")); - exit(1); - } -- if (flag_cnt) -+ if (!flag_cnt) { - free_interface_list(); -- else { - close(skfd); - skfd = -1; - } - -+ count++; - return 0; - } - -@@ -1478,7 +1481,7 @@ - { - fprintf(stderr, _("usage: netstat [-veenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}\n")); - fprintf(stderr, _(" netstat [-vnNcaeol] [<Socket> ...]\n")); -- fprintf(stderr, _(" netstat { [-veenNac] -i | [-cnNe] -M | -s }\n\n")); -+ fprintf(stderr, _(" netstat { [-veenNac] -i | [-cnNe] -M | -s } [delay]\n\n")); - - fprintf(stderr, _(" -r, --route display routing table\n")); - fprintf(stderr, _(" -i, --interfaces display interface table\n")); -@@ -1514,6 +1517,7 @@ - (int argc, char *argv[]) { - int i; - int lop; -+ int reptimer = 1; - struct option longopts[] = - { - AFTRANS_OPTS, -@@ -1655,6 +1659,12 @@ - flag_sta++; - } - -+ if(argc == optind + 1) { -+ if((reptimer = atoi(argv[optind])) <= 0) -+ usage(); -+ flag_cnt++; -+ } -+ - if (flag_int + flag_rou + flag_mas + flag_sta > 1) - usage(); - -@@ -1666,7 +1676,7 @@ - - flag_arg = flag_tcp + flag_udp + flag_raw + flag_unx + flag_ipx - + flag_ax25 + flag_netrom + flag_igmp + flag_x25; -- -+ - if (flag_mas) { - #if HAVE_FW_MASQUERADE && HAVE_AFINET - #if MORE_THAN_ONE_MASQ_AF -@@ -1678,7 +1688,7 @@ - flag_not & FLAG_NUM_PORT, flag_exp); - if (i || !flag_cnt) - break; -- sleep(1); -+ sleep(reptimer); - } - #else - ENOSUPP("netstat.c", "FW_MASQUERADE"); -@@ -1688,9 +1698,15 @@ - } - - if (flag_sta) { -+ for(;;) { - inittab(); -- parsesnmp(flag_raw, flag_tcp, flag_udp); -- exit(0); -+ i = parsesnmp(flag_raw, flag_tcp, flag_udp); -+ -+ if(i || !flag_cnt) -+ break; -+ sleep(reptimer); -+ } -+ return(i); - } - - if (flag_rou) { -@@ -1712,7 +1728,7 @@ - i = route_info(afname, options); - if (i || !flag_cnt) - break; -- sleep(1); -+ sleep(reptimer); - } - return (i); - } -@@ -1721,7 +1737,7 @@ - i = iface_info(); - if (!flag_cnt || i) - break; -- sleep(1); -+ sleep(reptimer); - } - return (i); - } -@@ -1847,7 +1863,7 @@ - } - if (!flag_cnt || i) - break; -- sleep(1); -+ sleep(reptimer); - prg_cache_clear(); - } - return (i); ---- net-tools-1.60/statistics.c.cycle 2001-02-02 19:01:23.000000000 +0100 -+++ net-tools-1.60/statistics.c 2003-02-11 14:29:29.000000000 +0100 -@@ -338,7 +338,7 @@ - } - - --void parsesnmp(int flag_raw, int flag_tcp, int flag_udp) -+int parsesnmp(int flag_raw, int flag_tcp, int flag_udp) - { - FILE *f; - -@@ -347,12 +347,14 @@ - f = fopen("/proc/net/snmp", "r"); - if (!f) { - perror(_("cannot open /proc/net/snmp")); -- return; -+ return(1); - } - process_fd(f); - -- if (ferror(f)) -+ if (ferror(f)) { - perror("/proc/net/snmp"); -+ return(1); -+ } - - fclose(f); - -@@ -361,12 +363,14 @@ - if (f) { - process_fd(f); - -- if (ferror(f)) -- perror("/proc/net/netstat"); -+ if (ferror(f)) { -+ perror("/proc/net/netstat"); -+ return(1); -+ } - - fclose(f); - } -- return; -+ return(0); - } - - diff --git a/net-tools/patches/net-tools-1.60-de.patch b/net-tools/patches/net-tools-1.60-de.patch deleted file mode 100644 index f015f13..0000000 --- a/net-tools/patches/net-tools-1.60-de.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- net-tools-1.60/po/de.po.old 2005-02-16 16:46:02.000000000 +0100 -+++ net-tools-1.60/po/de.po 2005-02-16 16:54:07.886323928 +0100 -@@ -64,7 +64,7 @@ - - #: ../arp.c:467 - msgid "(incomplete)" --msgstr "(unvollsändig)" -+msgstr "(unvollständig)" - - #: ../arp.c:484 - #, c-format diff --git a/net-tools/patches/net-tools-1.60-debug-fix.patch b/net-tools/patches/net-tools-1.60-debug-fix.patch deleted file mode 100644 index ae5fd33..0000000 --- a/net-tools/patches/net-tools-1.60-debug-fix.patch +++ /dev/null @@ -1,61 +0,0 @@ -diff -up net-tools-1.60/lib/rose.c.debug-fix net-tools-1.60/lib/rose.c ---- net-tools-1.60/lib/rose.c.debug-fix 2000-03-05 12:26:03.000000000 +0100 -+++ net-tools-1.60/lib/rose.c 2009-09-01 13:02:20.000000000 +0200 -@@ -86,7 +86,7 @@ static int ROSE_input(int type, char *bu - if (strlen(bufp) != 10) { - strcpy(ROSE_errmsg, _("Node address must be ten digits")); - #ifdef DEBUG -- fprintf(stderr, "rose_input(%s): %s !\n", ROSE_errmsg, orig); -+ fprintf(stderr, "rose_input(%s): %s !\n", bufp, ROSE_errmsg); - #endif - errno = EINVAL; - return (-1); -@@ -99,7 +99,7 @@ static int ROSE_input(int type, char *bu - - /* All done. */ - #ifdef DEBUG -- fprintf(stderr, "rose_input(%s): ", orig); -+ fprintf(stderr, "rose_input(%s): ", bufp); - for (i = 0; i < sizeof(rose_address); i++) - fprintf(stderr, "%02X ", sap->sa_data[i] & 0377); - fprintf(stderr, "\n"); -diff -up net-tools-1.60/lib/x25.c.debug-fix net-tools-1.60/lib/x25.c ---- net-tools-1.60/lib/x25.c.debug-fix 2000-05-20 20:53:25.000000000 +0200 -+++ net-tools-1.60/lib/x25.c 2009-09-01 13:06:05.000000000 +0200 -@@ -81,6 +81,7 @@ X25_input(int type, char *bufp, struct s - unsigned char *ptr; - char *p; - unsigned int sigdigits; -+ int i; - - sap->sa_family = x25_aftype.af; - ptr = ((struct sockaddr_x25 *)sap)->sx25_addr.x25_addr; -@@ -90,7 +91,7 @@ X25_input(int type, char *bufp, struct s - if (strlen(bufp)>18) { - strcpy(X25_errmsg, _("Address can't exceed eighteen digits with sigdigits")); - #ifdef DEBUG -- fprintf(stderr, "x25_input(%s): %s !\n", X25_errmsg, orig); -+ fprintf(stderr, "x25_input(%s): %s !\n", bufp, X25_errmsg); - #endif - errno = EINVAL; - return(-1); -@@ -108,7 +109,7 @@ X25_input(int type, char *bufp, struct s - *p = '/'; - strcpy(X25_errmsg, _("Invalid address")); - #ifdef DEBUG -- fprintf(stderr, "x25_input(%s): %s !\n", X25_errmsg, orig); -+ fprintf(stderr, "x25_input(%s): %s !\n", bufp, X25_errmsg); - #endif - errno = EINVAL; - return(-1); -@@ -118,8 +119,8 @@ X25_input(int type, char *bufp, struct s - - /* All done. */ - #ifdef DEBUG -- fprintf(stderr, "x25_input(%s): ", orig); -- for (i = 0; i < sizeof(x25_address); i++) -+ fprintf(stderr, "x25_input(%s): ", bufp); -+ for (i = 0; i < sizeof(sap->sa_data); i++) - fprintf(stderr, "%02X ", sap->sa_data[i] & 0377); - fprintf(stderr, "\n"); - #endif diff --git a/net-tools/patches/net-tools-1.60-duplicate-tcp.patch b/net-tools/patches/net-tools-1.60-duplicate-tcp.patch deleted file mode 100644 index 1b6f3b0..0000000 --- a/net-tools/patches/net-tools-1.60-duplicate-tcp.patch +++ /dev/null @@ -1,194 +0,0 @@ ---- net-tools-1.60/netstat.c.foo Mon Apr 22 14:25:20 2002 -+++ net-tools-1.60/netstat.c Mon Apr 22 14:25:22 2002 -@@ -435,6 +435,162 @@ - " will not be shown, you would have to be root to see it all.)\n")); - } - -+#define TCP_HASH_SIZE 1009 -+ -+static struct tcp_node { -+ struct tcp_node *next; -+ char *socket_pair; -+} *tcp_node_hash[TCP_HASH_SIZE]; -+ -+static unsigned int tcp_node_compute_string_hash(const char *p) -+{ -+ unsigned int h = *p; -+ -+ if (h) -+ for (p += 1; *p != '\0'; p++) -+ h = (h << 5) - h + *p; -+ -+ return h; -+} -+ -+#define TCP_NODE_HASH_STRING(x) \ -+ (tcp_node_compute_string_hash(x) % TCP_HASH_SIZE) -+ -+static void tcp_node_hash_clear(void) -+{ -+ int i; -+ struct tcp_node *next_node; -+ struct tcp_node *tmp_node; -+ for (i=0; i < TCP_HASH_SIZE; i++) { -+ if (tcp_node_hash[i]) { -+ /* free the children of this hash bucket */ -+ next_node = tcp_node_hash[i]->next; -+ while (next_node) { -+ tmp_node = next_node; -+ next_node = next_node->next; -+ free(tmp_node->socket_pair); -+ free(tmp_node); -+ } -+ -+ /* free the bucket itself */ -+ free(tcp_node_hash[i]); -+ tcp_node_hash[i] = NULL; -+ } -+ } -+} -+ -+/* This function takes a socket pair string. If it already exists in -+ the hash it returns -1, otherwise it returns 0. */ -+ -+static int tcp_node_hash_check_and_append(const char *local_addr, -+ int local_port, -+ const char *rem_addr, -+ int rem_port) -+{ -+ unsigned int hash_val; -+ struct tcp_node *tmp_node; -+ int tmp_string_len; -+ char *tmp_string;; -+ -+ /* Size of the string is the size of the two lengths of the address -+ strings plus enough sizes for the colons and the ports. */ -+ tmp_string_len = strlen(local_addr) + strlen(rem_addr) + 32; -+ tmp_string = malloc(tmp_string_len); -+ if (!tmp_string) -+ return 0; -+ -+ if (snprintf(tmp_string, tmp_string_len - 1, "%s:%d:%s:%d", -+ local_addr, local_port, rem_addr, rem_port) < 0) { -+ free(tmp_string); -+ return 0; -+ } -+ -+ hash_val = TCP_NODE_HASH_STRING(tmp_string); -+ -+ /* See if we have to allocate this node */ -+ if (!tcp_node_hash[hash_val]) { -+ tcp_node_hash[hash_val] = malloc(sizeof(struct tcp_node)); -+ if (!tcp_node_hash[hash_val]) { -+ free(tmp_string); -+ return 0; -+ } -+ -+ memset(tcp_node_hash[hash_val], 0, sizeof(struct tcp_node)); -+ -+ /* Stuff this new value into the hash bucket and return early */ -+ tcp_node_hash[hash_val]->socket_pair = tmp_string; -+ return 0; -+ } -+ -+ /* Try to find the value in the hash bucket. */ -+ tmp_node = tcp_node_hash[hash_val]; -+ while (tmp_node) { -+ if (!strcmp(tmp_node->socket_pair, tmp_string)) { -+ free(tmp_string); -+ return -1; -+ } -+ tmp_node = tmp_node->next; -+ } -+ -+ /* If we got this far it means that it isn't in the hash bucket. -+ Add it to the front since it's faster that way. */ -+ tmp_node = tcp_node_hash[hash_val]; -+ -+ tcp_node_hash[hash_val] = malloc(sizeof(struct tcp_node)); -+ if (!tcp_node_hash[hash_val]) { -+ free(tmp_string); -+ tcp_node_hash[hash_val] = tmp_node; -+ return 0; -+ } -+ -+ tcp_node_hash[hash_val]->socket_pair = tmp_string; -+ tcp_node_hash[hash_val]->next = tmp_node; -+ -+ return 0; -+} -+ -+#if 0 -+static void tcp_node_hash_report_bucket_size(void) -+{ -+ int max = 0; -+ int min = 0; -+ int num = 0; -+ int total = 0; -+ struct tcp_node *tmp_node; -+ int tmp, i; -+ float avg; -+ -+ for (i=0; i < TCP_HASH_SIZE; i++) { -+ tmp_node = tcp_node_hash[i]; -+ if (!tmp_node) -+ continue; -+ -+ tmp = 0; -+ -+ num++; -+ tmp = 1; -+ -+ while (tmp_node) { -+ tmp++; -+ tmp_node = tmp_node->next; -+ } -+ -+ total += tmp; -+ if (tmp > max) -+ max = tmp; -+ -+ if (min == 0 || tmp < min) -+ min = tmp; -+ } -+ -+ avg = (float)total/(float)num; -+ -+ printf("%d nodes in %d buckets min/max/avg %d/%d/%.2f\n", -+ total, num, min, max, avg); -+ -+} -+#endif -+ - #if HAVE_AFNETROM - static const char *netrom_state[] = - { -@@ -752,11 +908,20 @@ - fprintf(stderr, _("warning, got bogus tcp line.\n")); - return; - } -+ - if ((ap = get_afntype(((struct sockaddr *) &localaddr)->sa_family)) == NULL) { - fprintf(stderr, _("netstat: unsupported address family %d !\n"), - ((struct sockaddr *) &localaddr)->sa_family); - return; - } -+ -+ /* make sure that we haven't seen this socket pair before */ -+ if (tcp_node_hash_check_and_append(local_addr, local_port, -+ rem_addr, rem_port) < 0) { -+ /* fprintf(stderr, _("warning, got duplicate tcp line.\n")); */ -+ return; -+ } -+ - if (state == TCP_LISTEN) { - time_len = 0; - retr = 0L; -@@ -1880,6 +2045,7 @@ - break; - sleep(reptimer); - prg_cache_clear(); -+ tcp_node_hash_clear(); - } - return (i); - } diff --git a/net-tools/patches/net-tools-1.60-ec_hw_null.patch b/net-tools/patches/net-tools-1.60-ec_hw_null.patch deleted file mode 100644 index be4028d..0000000 --- a/net-tools/patches/net-tools-1.60-ec_hw_null.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up net-tools-1.60/lib/ec_hw.c.ec_hw_null net-tools-1.60/lib/ec_hw.c ---- net-tools-1.60/lib/ec_hw.c.ec_hw_null 1999-11-20 22:02:53.000000000 +0100 -+++ net-tools-1.60/lib/ec_hw.c 2009-09-15 16:33:27.000000000 +0200 -@@ -15,7 +15,7 @@ - #include "config.h" - - #if HAVE_HWEC -- -+#include <stdlib.h> - #include <net/if_arp.h> - #include "net-support.h" - diff --git a/net-tools/patches/net-tools-1.60-fgets.patch b/net-tools/patches/net-tools-1.60-fgets.patch deleted file mode 100644 index 27641da..0000000 --- a/net-tools/patches/net-tools-1.60-fgets.patch +++ /dev/null @@ -1,41 +0,0 @@ -Fix for when arp_disp_2() is called without opt_n set. If there is a DNS lookup, an -entry is added to /proc/net/arp after fopen(), resulting in a duplicate entry. - ---- net-tools-1.60/arp.c.fgets 2005-12-10 14:52:04.000000000 -0500 -+++ net-tools-1.60/arp.c 2005-12-11 00:15:59.000000000 -0500 -@@ -528,7 +528,7 @@ static int arp_show(char *name) - int type, flags; - FILE *fp; - char *hostname; -- int num, entries = 0, showed = 0; -+ int num, entries, showed = 0; - - host[0] = '\0'; - -@@ -546,18 +546,21 @@ static int arp_show(char *name) - perror(_PATH_PROCNET_ARP); - return (-1); - } -+ /* Count number of entries, in case file changes */ -+ for (entries = 0; fgets(line, sizeof(line), fp); entries++); -+ entries--; -+ fseek (fp, 0L, SEEK_SET); - /* Bypass header -- read until newline */ - if (fgets(line, sizeof(line), fp) != (char *) NULL) { - strcpy(mask, "-"); - strcpy(dev, "-"); - /* Read the ARP cache entries. */ -- for (; fgets(line, sizeof(line), fp);) { -- num = sscanf(line, "%s 0x%x 0x%x %100s %100s %100s\n", -- ip, &type, &flags, hwa, mask, dev); -- if (num < 4) -+ for (num = 0; num < entries; num++) { -+ fgets(line, sizeof(line), fp); -+ if (sscanf(line, "%s 0x%x 0x%x %100s %100s %100s\n", -+ ip, &type, &flags, hwa, mask, dev) < 4) - break; - -- entries++; - /* if the user specified hw-type differs, skip it */ - if (hw_set && (type != hw->type)) - continue; diff --git a/net-tools/patches/net-tools-1.60-gcc33.patch b/net-tools/patches/net-tools-1.60-gcc33.patch deleted file mode 100644 index a6ae422..0000000 --- a/net-tools/patches/net-tools-1.60-gcc33.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- net-tools-1.60/mii-tool.c.gcc33 2003-05-22 23:34:06.000000000 -0400 -+++ net-tools-1.60/mii-tool.c 2003-05-22 23:34:57.000000000 -0400 -@@ -378,17 +378,17 @@ - - /*--------------------------------------------------------------------*/ - --const char *usage = --"usage: %s [-VvRrwl] [-A media,... | -F media] [interface ...] -- -V, --version display version information -- -v, --verbose more verbose output -- -R, --reset reset MII to poweron state -- -r, --restart restart autonegotiation -- -w, --watch monitor for link status changes -- -l, --log with -w, write events to syslog -- -A, --advertise=media,... advertise only specified media -- -F, --force=media force specified media technology --media: 100baseT4, 100baseTx-FD, 100baseTx-HD, 10baseT-FD, 10baseT-HD, -+const char *usage = "\ -+usage: %s [-VvRrwl] [-A media,... | -F media] [interface ...]\n\ -+ -V, --version display version information\n\ -+ -v, --verbose more verbose output\n\ -+ -R, --reset reset MII to poweron state\n\ -+ -r, --restart restart autonegotiation\n\ -+ -w, --watch monitor for link status changes\n\ -+ -l, --log with -w, write events to syslog\n\ -+ -A, --advertise=media,... advertise only specified media\n\ -+ -F, --force=media force specified media technology\n\ -+media: 100baseT4, 100baseTx-FD, 100baseTx-HD, 10baseT-FD, 10baseT-HD,\n\ - (to advertise both HD and FD) 100baseTx, 10baseT\n"; - - int main(int argc, char **argv) diff --git a/net-tools/patches/net-tools-1.60-gcc34.patch b/net-tools/patches/net-tools-1.60-gcc34.patch deleted file mode 100644 index 5f700c1..0000000 --- a/net-tools/patches/net-tools-1.60-gcc34.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- net-tools-1.60/lib/inet_sr.c.gcc34 2000-02-20 22:46:45.000000000 +0100 -+++ net-tools-1.60/lib/inet_sr.c 2004-03-30 15:57:25.276049571 +0200 -@@ -105,6 +105,7 @@ - case 2: - isnet = 0; break; - default: -+ ; - } - - /* Fill in the other fields. */ ---- net-tools-1.60/hostname.c.gcc34 2004-03-30 15:58:12.979830341 +0200 -+++ net-tools-1.60/hostname.c 2004-03-30 15:58:47.110380585 +0200 -@@ -98,6 +98,7 @@ - fprintf(stderr, _("%s: name too long\n"), program_name); - break; - default: -+ ; - } - exit(1); - }; -@@ -117,6 +118,7 @@ - fprintf(stderr, _("%s: name too long\n"), program_name); - break; - default: -+ ; - } - exit(1); - }; -@@ -180,6 +182,7 @@ - printf("%s\n", hp->h_name); - break; - default: -+ ; - } - } - diff --git a/net-tools/patches/net-tools-1.60-hfi.patch b/net-tools/patches/net-tools-1.60-hfi.patch deleted file mode 100644 index bce9832..0000000 --- a/net-tools/patches/net-tools-1.60-hfi.patch +++ /dev/null @@ -1,183 +0,0 @@ -diff -up net-tools-1.60/config.in.hfi net-tools-1.60/config.in ---- net-tools-1.60/config.in.hfi 2010-09-16 17:20:04.000000000 +0200 -+++ net-tools-1.60/config.in 2010-09-16 19:17:35.000000000 +0200 -@@ -83,6 +83,7 @@ bool '(Cisco)-HDLC/LAPB support' HAVE_HW - bool 'IrDA support' HAVE_HWIRDA y - bool 'Econet hardware support' HAVE_HWEC n - bool 'InfiniBand hardware support' HAVE_HWIB y -+bool 'HFI support' HAVE_HWHFI y - * - * - * Other Features. -diff -up net-tools-1.60/lib/hfi.c.hfi net-tools-1.60/lib/hfi.c ---- net-tools-1.60/lib/hfi.c.hfi 2010-09-16 19:17:58.000000000 +0200 -+++ net-tools-1.60/lib/hfi.c 2010-09-16 19:19:49.000000000 +0200 -@@ -0,0 +1,125 @@ -+#include "config.h" -+ -+#if HAVE_HWHFI -+#include <sys/types.h> -+#include <sys/socket.h> -+#include <net/if_arp.h> -+#include <stdlib.h> -+#include <stdio.h> -+#include <errno.h> -+#include <ctype.h> -+#include <string.h> -+#include <unistd.h> -+#include "net-support.h" -+#include "pathnames.h" -+#include "intl.h" -+#include "util.h" -+ -+extern struct hwtype hfi_hwtype; -+ -+#define HF_ALEN 6 /* from hf_if.h */ -+ -+/* Display an HFI address in readable format. */ -+static char *pr_hfi(unsigned char *ptr) -+{ -+ static char buff[64]; -+ -+ snprintf(buff, sizeof(buff), "%02X:%02X:%02X:%02X:%02X:%02X", -+ (ptr[0] & 0377), (ptr[1] & 0377), (ptr[2] & 0377), -+ (ptr[3] & 0377), (ptr[4] & 0377), (ptr[5] & 0377) -+ ); -+ return (buff); -+} -+ -+ -+/* Input an HFI address and convert to binary. */ -+static int in_hfi(char *bufp, struct sockaddr *sap) -+{ -+ unsigned char *ptr; -+ char c, *orig; -+ int i; -+ unsigned val; -+ -+ sap->sa_family = hfi_hwtype.type; -+ ptr = sap->sa_data; -+ -+ i = 0; -+ orig = bufp; -+ while ((*bufp != '\0') && (i < HF_ALEN)) { -+ val = 0; -+ c = *bufp++; -+ if (isdigit(c)) -+ val = c - '0'; -+ else if (c >= 'a' && c <= 'f') -+ val = c - 'a' + 10; -+ else if (c >= 'A' && c <= 'F') -+ val = c - 'A' + 10; -+ else { -+#ifdef DEBUG -+ fprintf(stderr, _("in_hfi(%s): invalid hfi address!\n"), orig); -+#endif -+ errno = EINVAL; -+ return (-1); -+ } -+ val <<= 4; -+ c = *bufp; -+ if (isdigit(c)) -+ val |= c - '0'; -+ else if (c >= 'a' && c <= 'f') -+ val |= c - 'a' + 10; -+ else if (c >= 'A' && c <= 'F') -+ val |= c - 'A' + 10; -+ else if (c == ':' || c == 0) -+ val >>= 4; -+ else { -+#ifdef DEBUG -+ fprintf(stderr, _("in_hfi(%s): invalid hfi address!\n"), orig); -+#endif -+ errno = EINVAL; -+ return (-1); -+ } -+ if (c != 0) -+ bufp++; -+ *ptr++ = (unsigned char) (val & 0377); -+ i++; -+ -+ /* We might get a semicolon here - not required. */ -+ if (*bufp == ':') { -+ if (i == HF_ALEN) { -+#ifdef DEBUG -+ fprintf(stderr, _("in_hfi(%s): trailing : ignored!\n"), -+ orig) -+#endif -+ ; /* nothing */ -+ } -+ bufp++; -+ } -+ } -+ -+ /* That's it. Any trailing junk? */ -+ if ((i == HF_ALEN) && (*bufp != '\0')) { -+#ifdef DEBUG -+ fprintf(stderr, _("in_hfi(%s): trailing junk!\n"), orig); -+ errno = EINVAL; -+ return (-1); -+#endif -+ } -+#ifdef DEBUG -+ fprintf(stderr, "in_hfi(%s): %s\n", orig, pr_hfi(sap->sa_data)); -+#endif -+ -+ return (0); -+} -+ -+#if !defined(ARPHRD_HFI) -+#define ARPHRD_HFI 37 /* goes into if_arp.h */ -+#endif -+ -+struct hwtype hfi_hwtype = -+{ -+ "hfi", NULL, /*"HFI", */ ARPHRD_HFI, HF_ALEN, -+ pr_hfi, in_hfi, NULL -+}; -+ -+ -+#endif /* HAVE_HWHFI */ -diff -up net-tools-1.60/lib/hw.c.hfi net-tools-1.60/lib/hw.c ---- net-tools-1.60/lib/hw.c.hfi 2010-09-16 17:20:04.000000000 +0200 -+++ net-tools-1.60/lib/hw.c 2010-09-16 19:21:28.000000000 +0200 -@@ -42,6 +42,7 @@ extern struct hwtype adaptive_hwtype; - extern struct hwtype strip_hwtype; - - extern struct hwtype ether_hwtype; -+extern struct hwtype hfi_hwtype; - extern struct hwtype fddi_hwtype; - extern struct hwtype hippi_hwtype; - extern struct hwtype tr_hwtype; -@@ -146,6 +147,9 @@ static struct hwtype *hwtypes[] = - #if HAVE_HWX25 - &x25_hwtype, - #endif -+#if HAVE_HWHFI -+ &hfi_hwtype, -+#endif - #if HAVE_HWIB - &ib_hwtype, - #endif -@@ -222,6 +226,9 @@ void hwinit() - #if HAVE_HWEC - ec_hwtype.title = _("Econet"); - #endif -+#if HAVE_HWHFI -+ hfi_hwtype.title = _("HFI"); -+#endif - #if HAVE_HWIB - ib_hwtype.title = _("InfiniBand"); - #endif -diff -up net-tools-1.60/lib/Makefile.hfi net-tools-1.60/lib/Makefile ---- net-tools-1.60/lib/Makefile.hfi 2010-09-16 17:20:04.000000000 +0200 -+++ net-tools-1.60/lib/Makefile 2010-09-16 19:22:34.000000000 +0200 -@@ -16,7 +16,7 @@ - # - - --HWOBJS = hw.o loopback.o slip.o ether.o ax25.o ppp.o arcnet.o tr.o tunnel.o frame.o sit.o rose.o ash.o fddi.o hippi.o hdlclapb.o strip.o irda.o ec_hw.o x25.o ib.o -+HWOBJS = hw.o loopback.o slip.o ether.o ax25.o ppp.o arcnet.o tr.o tunnel.o frame.o sit.o rose.o ash.o fddi.o hippi.o hdlclapb.o strip.o irda.o ec_hw.o x25.o ib.o hfi.o - AFOBJS = unix.o inet.o inet6.o ax25.o ipx.o ddp.o ipx.o netrom.o af.o rose.o econet.o x25.o - AFGROBJS = inet_gr.o inet6_gr.o ipx_gr.o ddp_gr.o netrom_gr.o ax25_gr.o rose_gr.o getroute.o x25_gr.o - AFSROBJS = inet_sr.o inet6_sr.o netrom_sr.o ipx_sr.o setroute.o x25_sr.o diff --git a/net-tools/patches/net-tools-1.60-hostname-short.patch b/net-tools/patches/net-tools-1.60-hostname-short.patch deleted file mode 100644 index d9772e6..0000000 --- a/net-tools/patches/net-tools-1.60-hostname-short.patch +++ /dev/null @@ -1,38 +0,0 @@ -diff -up net-tools-1.60/hostname.c.hostname-short net-tools-1.60/hostname.c ---- net-tools-1.60/hostname.c.hostname-short 2009-09-30 17:44:21.000000000 +0200 -+++ net-tools-1.60/hostname.c 2009-09-08 11:55:03.000000000 +0200 -@@ -176,11 +176,6 @@ static void showhname(char *hname, int c - case 'f': - printf("%s\n", hp->h_name); - break; -- case 's': -- if (p != NULL) -- *p = '\0'; -- printf("%s\n", hp->h_name); -- break; - default: - ; - } -@@ -270,6 +265,7 @@ int main(int argc, char **argv) - char myname[MAXHOSTNAMELEN + 1] = - {0}; - char *file = NULL; -+ char *p; - - static const struct option long_options[] = - { -@@ -370,7 +366,13 @@ int main(int argc, char **argv) - if (!type) - printf("%s\n", myname); - else -- showhname(myname, type); -+ if (type == 's') { -+ if (p = strchr(myname, '.')) -+ *p = '\0'; -+ printf("%s\n", myname); -+ } -+ else -+ showhname(myname, type); - break; - case 3: - if (file) { diff --git a/net-tools/patches/net-tools-1.60-hostname_man.patch b/net-tools/patches/net-tools-1.60-hostname_man.patch deleted file mode 100644 index 6ce8b8a..0000000 --- a/net-tools/patches/net-tools-1.60-hostname_man.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- net-tools-1.60/man/en_US/hostname.1.gethostbyname 2005-10-14 11:33:41.000000000 +0200 -+++ net-tools-1.60/man/en_US/hostname.1 2005-10-15 11:46:14.646697600 +0200 -@@ -99,6 +99,33 @@ - complete FQDN of the system is returned with - .BR "hostname --fqdn" . - -+.LP -+The function -+.BR gethostname(2) -+is used to get the hostname. When the -+.BR "hostname -a, -d, -f or -i" -+is called will -+.BR gethostbyname(3) -+be called. The difference in -+.BR gethostname(2) -+and -+.BR gethostbyname(3) -+is that -+.BR gethostbyname(3) -+is network aware, so it consults -+.IR /etc/nsswitch.conf -+and -+.IR /etc/host.conf -+to decide whether to read information in -+.IR /etc/sysconfig/network -+or -+.IR /etc/hosts -+ -+To add another dimension to this, -+the -+.B hostname -+is also set when the network interface is brought up. -+ - .SS "SET NAME" - When called with one argument or with the - .B --file diff --git a/net-tools/patches/net-tools-1.60-i-option.patch b/net-tools/patches/net-tools-1.60-i-option.patch deleted file mode 100644 index 3534202..0000000 --- a/net-tools/patches/net-tools-1.60-i-option.patch +++ /dev/null @@ -1,57 +0,0 @@ ---- net-tools-1.60/netstat.c.i-option 2008-07-10 10:56:29.000000000 +0200 -+++ net-tools-1.60/netstat.c 2008-07-10 13:46:27.000000000 +0200 -@@ -2042,7 +2042,7 @@ static void usage(void) - fprintf(stderr, _(" netstat { [-veenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s } [delay]\n\n")); - - fprintf(stderr, _(" -r, --route display routing table\n")); -- fprintf(stderr, _(" -I, --interface=[<Iface>] display interface table for <Iface>\n")); -+ fprintf(stderr, _(" -I, --interfaces=<Iface> display interface table for <Iface>\n")); - fprintf(stderr, _(" -i, --interfaces display interface table\n")); - fprintf(stderr, _(" -g, --groups display multicast group memberships\n")); - fprintf(stderr, _(" -s, --statistics display networking statistics (like SNMP)\n")); -@@ -2085,7 +2085,6 @@ int main - AFTRANS_OPTS, - {"version", 0, 0, 'V'}, - {"interfaces", 2, 0, 'I'}, -- {"interfaces", 0, 0, 'i'}, - {"help", 0, 0, 'h'}, - {"route", 0, 0, 'r'}, - #if HAVE_FW_MASQUERADE -@@ -2173,10 +2172,6 @@ int main - if (optarg[0] == '=') optarg++; - if (optarg && strcmp(optarg, "(null)")) - flag_int_name = strdup(optarg); -- else { -- usage(); -- exit(1); -- } - flag_int++; - break; - case 'i': ---- net-tools-1.60/man/en_US/netstat.8.i-option 2008-07-10 13:55:04.000000000 +0200 -+++ net-tools-1.60/man/en_US/netstat.8 2008-07-15 12:21:51.000000000 +0200 -@@ -43,10 +43,10 @@ netstat - Print network connections, ro - .RB [delay] - .P - .B netstat --.RB { --interfaces | -i } -+.RB { --interfaces | -I | -i } - .RI [ iface ] - .RB [ --all | -a ] --.RB [ --extend | -e [ --extend | -e] ] -+.RB [ --extend | -e ] - .RB [ --verbose | -v ] - .RB [ --program | -p ] - .RB [ --numeric | -n ] -@@ -107,9 +107,8 @@ families will be printed. - Display the kernel routing tables. - .SS "--groups , -g" - Display multicast group membership information for IPv4 and IPv6. --.SS "--interface=\fIiface \fR, \fB-i" --Display a table of all network interfaces, or the specified --.IR iface ) . -+.SS "--interfaces=\fIiface \fR, \fB-I=\fIiface \fR, \fB-i" -+Display a table of all network interfaces, or the specified \fIiface\fR. - .SS "--masquerade , -M" - Display a list of masqueraded connections. - .SS "--statistics , -s" diff --git a/net-tools/patches/net-tools-1.60-ib-warning.patch b/net-tools/patches/net-tools-1.60-ib-warning.patch deleted file mode 100644 index 3b0c9c6..0000000 --- a/net-tools/patches/net-tools-1.60-ib-warning.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up net-tools-1.60/lib/ib.c.ib-warning net-tools-1.60/lib/ib.c ---- net-tools-1.60/lib/ib.c.ib-warning 2009-09-01 13:45:55.000000000 +0200 -+++ net-tools-1.60/lib/ib.c 2009-09-01 13:47:43.000000000 +0200 -@@ -48,7 +48,10 @@ static char *pr_ib(unsigned char *ptr) - pos += sprintf(pos, "%02X:", (*ptr++ & 0377)); - } - buff[strlen(buff) - 1] = '\0'; -- -+ char *ib_warning = "Ifconfig uses the ioctl access method to get the full address information, which limits hardware addresses to 8 bytes.\n" -+ "Because Infiniband address has 20 bytes, only the first 8 bytes are displayed correctly.\n" -+ "Ifconfig is obsolete! For replacement check ip.\n"; -+ fprintf(stderr, _(ib_warning)); - /* snprintf(buff, sizeof(buff), "%02X:%02X:%02X:%02X:%02X:%02X", - (ptr[0] & 0377), (ptr[1] & 0377), (ptr[2] & 0377), - (ptr[3] & 0377), (ptr[4] & 0377), (ptr[5] & 0377) diff --git a/net-tools/patches/net-tools-1.60-ifaceopt.patch b/net-tools/patches/net-tools-1.60-ifaceopt.patch deleted file mode 100644 index a561d07..0000000 --- a/net-tools/patches/net-tools-1.60-ifaceopt.patch +++ /dev/null @@ -1,52 +0,0 @@ ---- net-tools-1.60/netstat.c.ifaceopt 2005-03-01 12:11:43.695661632 +0100 -+++ net-tools-1.60/netstat.c 2005-03-01 12:16:37.601981080 +0100 -@@ -1658,10 +1658,11 @@ - { - fprintf(stderr, _("usage: netstat [-veenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}\n")); - fprintf(stderr, _(" netstat [-vnNcaeol] [<Socket> ...]\n")); -- fprintf(stderr, _(" netstat { [-veenNac] -i[<Iface>] | [-cnNe] -M | -s } [delay]\n\n")); -+ fprintf(stderr, _(" netstat { [-veenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s } [delay]\n\n")); - - fprintf(stderr, _(" -r, --route display routing table\n")); -- fprintf(stderr, _(" -i, --interfaces=[<Iface>] display interface table\n")); -+ fprintf(stderr, _(" -I, --interfaces=[<Iface>] display interface table for <Iface>\n")); -+ fprintf(stderr, _(" -i, --interfaces display interface table\n")); - fprintf(stderr, _(" -g, --groups display multicast group memberships\n")); - fprintf(stderr, _(" -s, --statistics display networking statistics (like SNMP)\n")); - #if HAVE_FW_MASQUERADE -@@ -1700,7 +1701,8 @@ - { - AFTRANS_OPTS, - {"version", 0, 0, 'V'}, -- {"interfaces", 2, 0, 'i'}, -+ {"interfaces", 2, 0, 'I'}, -+ {"interfaces", 0, 0, 'i'}, - {"help", 0, 0, 'h'}, - {"route", 0, 0, 'r'}, - #if HAVE_FW_MASQUERADE -@@ -1738,7 +1740,8 @@ - getroute_init(); /* Set up AF routing support */ - - afname[0] = '\0'; -- while ((i = getopt_long(argc, argv, "MCFA:acdegphi::nNorstuVv?wxl", longopts, &lop)) != EOF) -+ -+ while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxl", longopts, &lop)) != EOF) - switch (i) { - case -1: - break; -@@ -1779,11 +1782,14 @@ - case 'p': - flag_prg++; - break; -- case 'i': -+ case 'I': - if (optarg && strcmp(optarg, "(null)")) - flag_int_name = strdup(optarg); - flag_int++; - break; -+ case 'i': -+ flag_int++; -+ break; - case 'n': - flag_not |= FLAG_NUM; - break; diff --git a/net-tools/patches/net-tools-1.60-ifconfig-long-iface-crasher.patch b/net-tools/patches/net-tools-1.60-ifconfig-long-iface-crasher.patch deleted file mode 100644 index 87fcc5d..0000000 --- a/net-tools/patches/net-tools-1.60-ifconfig-long-iface-crasher.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -Naurp net-tools-1.60-ifconfig-new/lib/interface.c net-tools-1.60-ifconfig/lib/interface.c ---- net-tools-1.60-ifconfig-new/lib/interface.c 2006-03-23 07:02:48.000000000 +0100 -+++ net-tools-1.60-ifconfig/lib/interface.c 2006-03-23 09:58:45.000000000 +0100 -@@ -203,6 +203,7 @@ out: - - static char *get_name(char **namep, char *p) - { -+ int count = 0; - while (isspace(*p)) - p++; - char *name = *namep = p; -@@ -211,8 +212,13 @@ static char *get_name(char **namep, char - if (*p == ':') { /* could be an alias */ - char *dot = p, *dotname = name; - *name++ = *p++; -- while (isdigit(*p)) -+ count++; -+ while (isdigit(*p)){ - *name++ = *p++; -+ count++; -+ if (count == (IFNAMSIZ-1)) -+ break; -+ } - if (*p != ':') { /* it wasn't, backup */ - p = dot; - name = dotname; -@@ -223,6 +229,9 @@ static char *get_name(char **namep, char - break; - } - *name++ = *p++; -+ count++; -+ if (count == (IFNAMSIZ-1)) -+ break; - } - *name++ = '\0'; - return p; diff --git a/net-tools/patches/net-tools-1.60-ifconfig.patch b/net-tools/patches/net-tools-1.60-ifconfig.patch deleted file mode 100644 index a209bd4..0000000 --- a/net-tools/patches/net-tools-1.60-ifconfig.patch +++ /dev/null @@ -1,107 +0,0 @@ ---- net-tools-1.60/ifconfig.c.new 2005-07-20 12:47:29.000000000 +0200 -+++ net-tools-1.60/ifconfig.c 2005-07-20 12:54:57.000000000 +0200 -@@ -175,6 +175,32 @@ - return (0); - } - -+/** test is a specified flag is set */ -+static int test_flag(char *ifname, short flags) -+{ -+ struct ifreq ifr; -+ int fd; -+ -+ if (strchr(ifname, ':')) { -+ /* This is a v4 alias interface. Downing it via a socket for -+ another AF may have bad consequences. */ -+ fd = get_socket_for_af(AF_INET); -+ if (fd < 0) { -+ fprintf(stderr, _("No support for INET on this system.\n")); -+ return -1; -+ } -+ } else -+ fd = skfd; -+ -+ safe_strncpy(ifr.ifr_name, ifname, IFNAMSIZ); -+ if (ioctl(fd, SIOCGIFFLAGS, &ifr) < 0) { -+ fprintf(stderr, _("%s: ERROR while testing interface flags: %s\n"), -+ ifname, strerror(errno)); -+ return -1; -+ } -+ return (ifr.ifr_flags & flags); -+} -+ - static void usage(void) - { - fprintf(stderr, _("Usage:\n ifconfig [-a] [-v] [-s] <interface> [[<AF>] <address>]\n")); -@@ -249,7 +275,7 @@ - err = 1; - } - } -- return 0; -+ return err; - } - - int main(int argc, char **argv) -@@ -415,6 +441,8 @@ - } - if (!strcmp(*spp, "-promisc")) { - goterr |= clr_flag(ifr.ifr_name, IFF_PROMISC); -+ if (test_flag(ifr.ifr_name, IFF_PROMISC) > 0) -+ fprintf(stderr, _("Warning: Interface %s still in promisc mode... maybe other application is running?\n"), ifr.ifr_name); - spp++; - continue; - } -@@ -425,6 +453,8 @@ - } - if (!strcmp(*spp, "-multicast")) { - goterr |= clr_flag(ifr.ifr_name, IFF_MULTICAST); -+ if (test_flag(ifr.ifr_name, IFF_MULTICAST) > 0) -+ fprintf(stderr, _("Warning: Interface %s still in MULTICAST mode.\n"), ifr.ifr_name); - spp++; - continue; - } -@@ -435,6 +465,8 @@ - } - if (!strcmp(*spp, "-allmulti")) { - goterr |= clr_flag(ifr.ifr_name, IFF_ALLMULTI); -+ if (test_flag(ifr.ifr_name, IFF_MULTICAST) > 0) -+ fprintf(stderr, _("Warning: Interface %s still in ALLMULTI mode.\n"), ifr.ifr_name); - spp++; - continue; - } -@@ -456,6 +488,8 @@ - } - if (!strcmp(*spp, "-dynamic")) { - goterr |= clr_flag(ifr.ifr_name, IFF_DYNAMIC); -+ if (test_flag(ifr.ifr_name, IFF_MULTICAST) > 0) -+ fprintf(stderr, _("Warning: Interface %s still in DYNAMIC mode.\n"), ifr.ifr_name); - spp++; - continue; - } -@@ -513,6 +547,8 @@ - - if (!strcmp(*spp, "-broadcast")) { - goterr |= clr_flag(ifr.ifr_name, IFF_BROADCAST); -+ if (test_flag(ifr.ifr_name, IFF_MULTICAST) > 0) -+ fprintf(stderr, _("Warning: Interface %s still in BROADCAST mode.\n"), ifr.ifr_name); - spp++; - continue; - } -@@ -569,7 +605,7 @@ - continue; - } - didnetmask++; -- goterr = set_netmask(ap->fd, &ifr, &sa, dobcast); -+ goterr |= set_netmask(ap->fd, &ifr, &sa, dobcast); - spp++; - continue; - } -@@ -640,6 +676,8 @@ - } - if (!strcmp(*spp, "-pointopoint")) { - goterr |= clr_flag(ifr.ifr_name, IFF_POINTOPOINT); -+ if (test_flag(ifr.ifr_name, IFF_MULTICAST) > 0) -+ fprintf(stderr, _("Warning: Interface %s still in POINTOPOINT mode.\n"), ifr.ifr_name); - spp++; - continue; - } diff --git a/net-tools/patches/net-tools-1.60-ifconfig_ib.patch b/net-tools/patches/net-tools-1.60-ifconfig_ib.patch deleted file mode 100644 index b5a234f..0000000 --- a/net-tools/patches/net-tools-1.60-ifconfig_ib.patch +++ /dev/null @@ -1,202 +0,0 @@ ---- net-tools-1.60/config.in.ifconfig_ib 2000-05-21 16:32:12.000000000 +0200 -+++ net-tools-1.60/config.in 2005-02-09 10:36:26.000000000 +0100 -@@ -82,6 +82,7 @@ - bool '(Cisco)-HDLC/LAPB support' HAVE_HWHDLCLAPB n - bool 'IrDA support' HAVE_HWIRDA y - bool 'Econet hardware support' HAVE_HWEC n -+bool 'InfiniBand hardware support' HAVE_HWIB y - * - * - * Other Features. ---- net-tools-1.60/lib/hw.c.ifconfig_ib 2000-05-20 20:27:25.000000000 +0200 -+++ net-tools-1.60/lib/hw.c 2005-02-09 10:36:26.000000000 +0100 -@@ -73,6 +73,8 @@ - - extern struct hwtype ec_hwtype; - -+extern struct hwtype ib_hwtype; -+ - static struct hwtype *hwtypes[] = - { - -@@ -144,6 +146,9 @@ - #if HAVE_HWX25 - &x25_hwtype, - #endif -+#if HAVE_HWIB -+ &ib_hwtype, -+#endif - &unspec_hwtype, - NULL - }; -@@ -217,6 +222,9 @@ - #if HAVE_HWEC - ec_hwtype.title = _("Econet"); - #endif -+#if HAVE_HWIB -+ ib_hwtype.title = _("InfiniBand"); -+#endif - sVhwinit = 1; - } - ---- net-tools-1.60/lib/ib.c.ifconfig_ib 2005-02-09 10:36:26.000000000 +0100 -+++ net-tools-1.60/lib/ib.c 2005-02-09 10:42:21.000000000 +0100 -@@ -0,0 +1,147 @@ -+/* -+ * lib/ib.c This file contains an implementation of the "Infiniband" -+ * support functions. -+ * -+ * Version: $Id: ib.c,v 1.1 2005/02/06 11:00:47 tduffy Exp $ -+ * -+ * Author: Fred N. van Kempen, waltje@uwalt.nl.mugnet.org -+ * Copyright 1993 MicroWalt Corporation -+ * Tom Duffy tduffy@sun.com -+ * -+ * This program is free software; you can redistribute it -+ * and/or modify it under the terms of the GNU General -+ * Public License as published by the Free Software -+ * Foundation; either version 2 of the License, or (at -+ * your option) any later version. -+ */ -+#include "config.h" -+ -+#if HAVE_HWIB -+#include <sys/types.h> -+#include <sys/socket.h> -+#include <net/if_arp.h> -+/*#include <linux/if_infiniband.h> - not in gcc-kernheaders*/ -+#include <stdlib.h> -+#include <stdio.h> -+#include <errno.h> -+#include <ctype.h> -+#include <string.h> -+#include <unistd.h> -+#include "net-support.h" -+#include "pathnames.h" -+#include "intl.h" -+#include "util.h" -+ -+extern struct hwtype ib_hwtype; -+ -+#define INFINIBAND_ALEN 20 -+ -+/* Display an InfiniBand address in readable format. */ -+static char *pr_ib(unsigned char *ptr) -+{ -+ static char buff[128]; -+ char *pos; -+ unsigned int i; -+ -+ pos = buff; -+ for (i = 0; i < INFINIBAND_ALEN; i++) { -+ pos += sprintf(pos, "%02X:", (*ptr++ & 0377)); -+ } -+ buff[strlen(buff) - 1] = '\0'; -+ -+ /* snprintf(buff, sizeof(buff), "%02X:%02X:%02X:%02X:%02X:%02X", -+ (ptr[0] & 0377), (ptr[1] & 0377), (ptr[2] & 0377), -+ (ptr[3] & 0377), (ptr[4] & 0377), (ptr[5] & 0377) -+ ); -+ */ -+ return (buff); -+} -+ -+ -+/* Input an Infiniband address and convert to binary. */ -+static int in_ib(char *bufp, struct sockaddr *sap) -+{ -+ unsigned char *ptr; -+ char c, *orig; -+ int i; -+ unsigned val; -+ -+ sap->sa_family = ib_hwtype.type; -+ ptr = sap->sa_data; -+ -+ i = 0; -+ orig = bufp; -+ while ((*bufp != '\0') && (i < INFINIBAND_ALEN)) { -+ val = 0; -+ c = *bufp++; -+ if (isdigit(c)) -+ val = c - '0'; -+ else if (c >= 'a' && c <= 'f') -+ val = c - 'a' + 10; -+ else if (c >= 'A' && c <= 'F') -+ val = c - 'A' + 10; -+ else { -+#ifdef DEBUG -+ fprintf(stderr, _("in_ib(%s): invalid infiniband address!\n"), orig); -+#endif -+ errno = EINVAL; -+ return (-1); -+ } -+ val <<= 4; -+ c = *bufp; -+ if (isdigit(c)) -+ val |= c - '0'; -+ else if (c >= 'a' && c <= 'f') -+ val |= c - 'a' + 10; -+ else if (c >= 'A' && c <= 'F') -+ val |= c - 'A' + 10; -+ else if (c == ':' || c == 0) -+ val >>= 4; -+ else { -+#ifdef DEBUG -+ fprintf(stderr, _("in_ib(%s): invalid infiniband address!\n"), orig); -+#endif -+ errno = EINVAL; -+ return (-1); -+ } -+ if (c != 0) -+ bufp++; -+ *ptr++ = (unsigned char) (val & 0377); -+ i++; -+ -+ /* We might get a semicolon here - not required. */ -+ if (*bufp == ':') { -+ if (i == INFINIBAND_ALEN) { -+#ifdef DEBUG -+ fprintf(stderr, _("in_ib(%s): trailing : ignored!\n"), -+ orig) -+#endif -+ ; /* nothing */ -+ } -+ bufp++; -+ } -+ } -+ -+ /* That's it. Any trailing junk? */ -+ if ((i == INFINIBAND_ALEN) && (*bufp != '\0')) { -+#ifdef DEBUG -+ fprintf(stderr, _("in_ib(%s): trailing junk!\n"), orig); -+ errno = EINVAL; -+ return (-1); -+#endif -+ } -+#ifdef DEBUG -+ fprintf(stderr, "in_ib(%s): %s\n", orig, pr_ib(sap->sa_data)); -+#endif -+ -+ return (0); -+} -+ -+ -+struct hwtype ib_hwtype = -+{ -+ "infiniband", NULL, ARPHRD_INFINIBAND, INFINIBAND_ALEN, -+ pr_ib, in_ib, NULL -+}; -+ -+#endif /* HAVE_HWIB */ ---- net-tools-1.60/lib/Makefile.ifconfig_ib 2000-10-28 12:59:42.000000000 +0200 -+++ net-tools-1.60/lib/Makefile 2005-02-09 10:36:26.000000000 +0100 -@@ -16,7 +16,7 @@ - # - - --HWOBJS = hw.o loopback.o slip.o ether.o ax25.o ppp.o arcnet.o tr.o tunnel.o frame.o sit.o rose.o ash.o fddi.o hippi.o hdlclapb.o strip.o irda.o ec_hw.o x25.o -+HWOBJS = hw.o loopback.o slip.o ether.o ax25.o ppp.o arcnet.o tr.o tunnel.o frame.o sit.o rose.o ash.o fddi.o hippi.o hdlclapb.o strip.o irda.o ec_hw.o x25.o ib.o - AFOBJS = unix.o inet.o inet6.o ax25.o ipx.o ddp.o ipx.o netrom.o af.o rose.o econet.o x25.o - AFGROBJS = inet_gr.o inet6_gr.o ipx_gr.o ddp_gr.o netrom_gr.o ax25_gr.o rose_gr.o getroute.o x25_gr.o - AFSROBJS = inet_sr.o inet6_sr.o netrom_sr.o ipx_sr.o setroute.o x25_sr.o diff --git a/net-tools/patches/net-tools-1.60-ifconfig_man.patch b/net-tools/patches/net-tools-1.60-ifconfig_man.patch deleted file mode 100644 index f3509da..0000000 --- a/net-tools/patches/net-tools-1.60-ifconfig_man.patch +++ /dev/null @@ -1,14 +0,0 @@ ---- net-tools-1.60/man/en_US/ifconfig.8.addr_man 2006-03-30 12:32:56.000000000 +0200 -+++ net-tools-1.60/man/en_US/ifconfig.8 2006-03-30 12:38:43.000000000 +0200 -@@ -39,6 +39,11 @@ - (Novell IPX) and - .B netrom - (AMPR Packet radio). -+All numbers supplied as parts in IPv4 dotted decimal notation may be decimal, -+octal, or hexadecimal, as specified in the ISO C standard (that is, a leading 0x -+or 0X implies hexadecimal; otherwise, a leading '0' implies octal; otherwise, -+the number is interpreted as decimal). Use of hexamedial and octal numbers -+is not RFC-compliant and therefore its use is discouraged and may go away. - .SH OPTIONS - .TP - .B interface diff --git a/net-tools/patches/net-tools-1.60-inet6-lookup.patch b/net-tools/patches/net-tools-1.60-inet6-lookup.patch deleted file mode 100644 index 3d4854a..0000000 --- a/net-tools/patches/net-tools-1.60-inet6-lookup.patch +++ /dev/null @@ -1,81 +0,0 @@ ---- net-tools-1.60/lib/inet6.c.inet6-lookup 2000-10-28 13:04:00.000000000 +0200 -+++ net-tools-1.60/lib/inet6.c 2003-05-21 15:28:50.000000000 +0200 -@@ -133,28 +133,9 @@ - } - - --static int INET6_getsock(char *bufp, struct sockaddr *sap) --{ -- struct sockaddr_in6 *sin6; -- -- sin6 = (struct sockaddr_in6 *) sap; -- sin6->sin6_family = AF_INET6; -- sin6->sin6_port = 0; -- -- if (inet_pton(AF_INET6, bufp, sin6->sin6_addr.s6_addr) <= 0) -- return (-1); -- -- return 16; /* ?;) */ --} -- - static int INET6_input(int type, char *bufp, struct sockaddr *sap) - { -- switch (type) { -- case 1: -- return (INET6_getsock(bufp, sap)); -- default: -- return (INET6_resolve(bufp, (struct sockaddr_in6 *) sap)); -- } -+ return (INET6_resolve(bufp, (struct sockaddr_in6 *) sap)); - } - - ---- net-tools-1.60/lib/inet6_gr.c.inet6-lookup 2001-04-01 16:48:06.000000000 +0200 -+++ net-tools-1.60/lib/inet6_gr.c 2003-05-21 15:28:50.000000000 +0200 -@@ -100,7 +100,7 @@ - addr6p[4], addr6p[5], addr6p[6], addr6p[7]); - inet6_aftype.input(1, addr6, (struct sockaddr *) &saddr6); - snprintf(addr6, sizeof(addr6), "%s/%d", -- inet6_aftype.sprint((struct sockaddr *) &saddr6, 1), -+ inet6_aftype.sprint((struct sockaddr *) &saddr6, numeric), - prefix_len); - - /* Fetch and resolve the nexthop address. */ -@@ -109,7 +109,7 @@ - naddr6p[4], naddr6p[5], naddr6p[6], naddr6p[7]); - inet6_aftype.input(1, naddr6, (struct sockaddr *) &snaddr6); - snprintf(naddr6, sizeof(naddr6), "%s", -- inet6_aftype.sprint((struct sockaddr *) &snaddr6, 1)); -+ inet6_aftype.sprint((struct sockaddr *) &snaddr6, numeric)); - - /* Decode the flags. */ - strcpy(flags, "U"); ---- net-tools-1.60/lib/inet6_sr.c.inet6-lookup 2000-05-22 23:18:37.000000000 +0200 -+++ net-tools-1.60/lib/inet6_sr.c 2003-05-21 15:28:50.000000000 +0200 -@@ -63,7 +63,7 @@ - if (*args == NULL) - return (usage()); - -- strcpy(target, *args++); -+ safe_strncpy(target, *args++, sizeof(target)); - if (!strcmp(target, "default")) { - prefix_len = 0; - memset(&sa6, 0, sizeof(sa6)); -@@ -112,7 +112,7 @@ - return (usage()); - if (rt.rtmsg_flags & RTF_GATEWAY) - return (usage()); -- strcpy(gateway, *args); -+ safe_strncpy(gateway, *args, sizeof(gateway)); - if (inet6_aftype.input(1, gateway, - (struct sockaddr *) &sa6) < 0) { - inet6_aftype.herror(gateway); -@@ -152,7 +152,7 @@ - } - if (devname) { - memset(&ifr, 0, sizeof(ifr)); -- strcpy(ifr.ifr_name, devname); -+ safe_strncpy(ifr.ifr_name, devname, sizeof(ifr.ifr_name)); - - if (ioctl(skfd, SIOGIFINDEX, &ifr) < 0) { - perror("SIOGIFINDEX"); diff --git a/net-tools/patches/net-tools-1.60-interface.patch b/net-tools/patches/net-tools-1.60-interface.patch deleted file mode 100644 index 3a1bc91..0000000 --- a/net-tools/patches/net-tools-1.60-interface.patch +++ /dev/null @@ -1,110 +0,0 @@ ---- net-tools-1.60/netstat.c.interface 2003-08-25 17:06:30.000000000 +0200 -+++ net-tools-1.60/netstat.c 2003-08-25 17:08:41.000000000 +0200 -@@ -129,6 +129,7 @@ - #define E_IOCTL -3 - - int flag_int = 0; -+char *flag_int_name = NULL; - int flag_rou = 0; - int flag_mas = 0; - int flag_sta = 0; -@@ -1441,6 +1442,7 @@ - static int iface_info(void) - { - static int count=0; -+ struct interface *ife = NULL; - - if (skfd < 0) { - if ((skfd = sockets_open(0)) < 0) { -@@ -1455,7 +1457,11 @@ - printf(_("Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg\n")); - } - -- if (for_all_interfaces(do_if_print, &flag_all) < 0) { -+ if (flag_int_name) { -+ ife = lookup_interface(flag_int_name); -+ do_if_print(ife, &flag_all); -+ } -+ else if (for_all_interfaces(do_if_print, &flag_all) < 0) { - perror(_("missing interface information")); - exit(1); - } -@@ -1481,30 +1487,31 @@ - { - fprintf(stderr, _("usage: netstat [-veenNcCF] [<Af>] -r netstat {-V|--version|-h|--help}\n")); - fprintf(stderr, _(" netstat [-vnNcaeol] [<Socket> ...]\n")); -- fprintf(stderr, _(" netstat { [-veenNac] -i | [-cnNe] -M | -s } [delay]\n\n")); -+ fprintf(stderr, _(" netstat { [-veenNac] -i[<Iface>] | [-cnNe] -M | -s } [delay]\n\n")); - -- fprintf(stderr, _(" -r, --route display routing table\n")); -- fprintf(stderr, _(" -i, --interfaces display interface table\n")); -- fprintf(stderr, _(" -g, --groups display multicast group memberships\n")); -- fprintf(stderr, _(" -s, --statistics display networking statistics (like SNMP)\n")); -+ fprintf(stderr, _(" -r, --route display routing table\n")); -+ fprintf(stderr, _(" -i, --interfaces=[<Iface>] display interface table\n")); -+ fprintf(stderr, _(" -g, --groups display multicast group memberships\n")); -+ fprintf(stderr, _(" -s, --statistics display networking statistics (like SNMP)\n")); - #if HAVE_FW_MASQUERADE -- fprintf(stderr, _(" -M, --masquerade display masqueraded connections\n\n")); -+ fprintf(stderr, _(" -M, --masquerade display masqueraded connections\n\n")); - #endif -- fprintf(stderr, _(" -v, --verbose be verbose\n")); -- fprintf(stderr, _(" -n, --numeric don't resolve names\n")); -- fprintf(stderr, _(" --numeric-hosts don't resolve host names\n")); -- fprintf(stderr, _(" --numeric-ports don't resolve port names\n")); -- fprintf(stderr, _(" --numeric-users don't resolve user names\n")); -- fprintf(stderr, _(" -N, --symbolic resolve hardware names\n")); -- fprintf(stderr, _(" -e, --extend display other/more information\n")); -- fprintf(stderr, _(" -p, --programs display PID/Program name for sockets\n")); -- fprintf(stderr, _(" -c, --continuous continuous listing\n\n")); -- fprintf(stderr, _(" -l, --listening display listening server sockets\n")); -- fprintf(stderr, _(" -a, --all, --listening display all sockets (default: connected)\n")); -- fprintf(stderr, _(" -o, --timers display timers\n")); -- fprintf(stderr, _(" -F, --fib display Forwarding Information Base (default)\n")); -- fprintf(stderr, _(" -C, --cache display routing cache instead of FIB\n\n")); -+ fprintf(stderr, _(" -v, --verbose be verbose\n")); -+ fprintf(stderr, _(" -n, --numeric don't resolve names\n")); -+ fprintf(stderr, _(" --numeric-hosts don't resolve host names\n")); -+ fprintf(stderr, _(" --numeric-ports don't resolve port names\n")); -+ fprintf(stderr, _(" --numeric-users don't resolve user names\n")); -+ fprintf(stderr, _(" -N, --symbolic resolve hardware names\n")); -+ fprintf(stderr, _(" -e, --extend display other/more information\n")); -+ fprintf(stderr, _(" -p, --programs display PID/Program name for sockets\n")); -+ fprintf(stderr, _(" -c, --continuous continuous listing\n\n")); -+ fprintf(stderr, _(" -l, --listening display listening server sockets\n")); -+ fprintf(stderr, _(" -a, --all, --listening display all sockets (default: connected)\n")); -+ fprintf(stderr, _(" -o, --timers display timers\n")); -+ fprintf(stderr, _(" -F, --fib display Forwarding Information Base (default)\n")); -+ fprintf(stderr, _(" -C, --cache display routing cache instead of FIB\n\n")); - -+ fprintf(stderr, _(" <Iface>: Name of interface to monitor/list.\n")); - fprintf(stderr, _(" <Socket>={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom\n")); - fprintf(stderr, _(" <AF>=Use '-A <af>' or '--<af>'; default: %s\n"), DFLT_AF); - fprintf(stderr, _(" List of possible address families (which support routing):\n")); -@@ -1522,7 +1529,7 @@ - { - AFTRANS_OPTS, - {"version", 0, 0, 'V'}, -- {"interfaces", 0, 0, 'i'}, -+ {"interfaces", 2, 0, 'i'}, - {"help", 0, 0, 'h'}, - {"route", 0, 0, 'r'}, - #if HAVE_FW_MASQUERADE -@@ -1560,7 +1567,7 @@ - getroute_init(); /* Set up AF routing support */ - - afname[0] = '\0'; -- while ((i = getopt_long(argc, argv, "MCFA:acdegphinNorstuVv?wxl", longopts, &lop)) != EOF) -+ while ((i = getopt_long(argc, argv, "MCFA:acdegphi::nNorstuVv?wxl", longopts, &lop)) != EOF) - switch (i) { - case -1: - break; -@@ -1602,6 +1609,8 @@ - flag_prg++; - break; - case 'i': -+ if (optarg && strcmp(optarg, "(null)")) -+ flag_int_name = strdup(optarg); - flag_int++; - break; - case 'n': diff --git a/net-tools/patches/net-tools-1.60-interface_stack.patch b/net-tools/patches/net-tools-1.60-interface_stack.patch deleted file mode 100644 index 10bbe6d..0000000 --- a/net-tools/patches/net-tools-1.60-interface_stack.patch +++ /dev/null @@ -1,115 +0,0 @@ -Bugzilla Bug 176714 â *** stack smashing detected ***: /sbin/ifconfig terminated - ---- a/lib/interface.c-old 2005-12-30 11:08:15.000000000 -0800 -+++ b/lib/interface.c 2005-12-30 11:17:02.000000000 -0800 -@@ -201,10 +201,11 @@ - return err; - } - --static char *get_name(char *name, char *p) -+static char *get_name(char **namep, char *p) - { - while (isspace(*p)) - p++; -+ char *name = *namep = p; - while (*p) { - if (isspace(*p)) - break; -@@ -305,9 +306,10 @@ - { - static int proc_read; - FILE *fh; -- char buf[512]; - struct interface *ife; - int err; -+ char *line = NULL; -+ size_t linelen = 0; - - if (proc_read) - return 0; -@@ -320,8 +322,11 @@ - _PATH_PROCNET_DEV, strerror(errno)); - return if_readconf(); - } -- fgets(buf, sizeof buf, fh); /* eat line */ -- fgets(buf, sizeof buf, fh); -+ if (getline(&line, &linelen, fh) == -1 /* eat line */ -+ || getline(&line, &linelen, fh) == -1) { -+ err = -1; -+ goto out; -+ } - - #if 0 /* pretty, but can't cope with missing fields */ - fmt = proc_gen_fmt(_PATH_PROCNET_DEV, 1, fh, -@@ -346,13 +351,13 @@ - if (!fmt) - return -1; - #else -- procnetdev_vsn = procnetdev_version(buf); -+ procnetdev_vsn = procnetdev_version(line); - #endif - - err = 0; -- while (fgets(buf, sizeof buf, fh)) { -- char *s, name[IFNAMSIZ]; -- s = get_name(name, buf); -+ while (getline(&line, &linelen, fh) != -1) { -+ char *s, *name; -+ s = get_name(&name, line); - ife = add_interface(name); - get_dev_fields(s, ife); - ife->statistics_valid = 1; -@@ -368,6 +373,8 @@ - #if 0 - free(fmt); - #endif -+ out: -+ free(line); - fclose(fh); - return err; - } -@@ -376,8 +383,9 @@ - static int if_readlist_rep(char *target, struct interface *ife) - { - FILE *fh; -- char buf[512]; - int err; -+ char *line = NULL; -+ size_t linelen = 0; - - fh = fopen(_PATH_PROCNET_DEV, "r"); - if (!fh) { -@@ -385,15 +393,18 @@ - _PATH_PROCNET_DEV, strerror(errno)); - return if_readconf(); - } -- fgets(buf, sizeof buf, fh); /* eat line */ -- fgets(buf, sizeof buf, fh); -+ if (getline(&line, &linelen, fh) == -1 /* eat line */ -+ || getline(&line, &linelen, fh) == -1) { -+ err = -1; -+ goto out; -+ } - -- procnetdev_vsn = procnetdev_version(buf); -+ procnetdev_vsn = procnetdev_version(line); - - err = 0; -- while (fgets(buf, sizeof buf, fh)) { -- char *s, name[IFNAMSIZ]; -- s = get_name(name, buf); -+ while (getline(&line, &linelen, fh) != -1) { -+ char *s, *name; -+ s = get_name(&name, line); - get_dev_fields(s, ife); - if (target && !strcmp(target,name)) - { -@@ -406,6 +417,8 @@ - err = -1; - } - -+ out: -+ free(line); - fclose(fh); - return err; - } diff --git a/net-tools/patches/net-tools-1.60-ipx.patch b/net-tools/patches/net-tools-1.60-ipx.patch deleted file mode 100644 index d4458b9..0000000 --- a/net-tools/patches/net-tools-1.60-ipx.patch +++ /dev/null @@ -1,36 +0,0 @@ -diff -urN net-tools-1.60/lib/ipx_gr.c net-tools-1.60.new/lib/ipx_gr.c ---- net-tools-1.60/lib/ipx_gr.c 2000-10-28 12:59:42.000000000 +0200 -+++ net-tools-1.60.new/lib/ipx_gr.c 2003-05-20 10:54:37.000000000 +0200 -@@ -64,7 +64,7 @@ - continue; - - /* Fetch and resolve the Destination */ -- (void) ap->input(5, net, &sa); -+ (void) ap->input(1, net, &sa); - strcpy(net, ap->sprint(&sa, numeric)); - - /* Fetch and resolve the Router Net */ -diff -urN net-tools-1.60/netstat.c net-tools-1.60.new/netstat.c ---- net-tools-1.60/netstat.c 2003-05-20 11:00:57.000000000 +0200 -+++ net-tools-1.60.new/netstat.c 2003-05-20 10:58:25.000000000 +0200 -@@ -1412,13 +1412,13 @@ - } - - /* Fetch and resolve the Source */ -- (void) ap->input(4, sad, &sa); -+ (void) ap->input(0, sad, &sa); - safe_strncpy(buf, ap->sprint(&sa, flag_not), sizeof(buf)); - snprintf(sad, sizeof(sad), "%s:%04X", buf, sport); - - if (!nc) { - /* Fetch and resolve the Destination */ -- (void) ap->input(4, dad, &sa); -+ (void) ap->input(0, dad, &sa); - safe_strncpy(buf, ap->sprint(&sa, flag_not), sizeof(buf)); - snprintf(dad, sizeof(dad), "%s:%04X", buf, dport); - } else -diff -urN net-tools-1.60/version.h net-tools-1.60.new/version.h ---- net-tools-1.60/version.h 1970-01-01 01:00:00.000000000 +0100 -+++ net-tools-1.60.new/version.h 2003-05-19 16:07:49.000000000 +0200 -@@ -0,0 +1 @@ -+#define RELEASE "net-tools 1.60" diff --git a/net-tools/patches/net-tools-1.60-isofix.patch b/net-tools/patches/net-tools-1.60-isofix.patch deleted file mode 100644 index 4bbaff1..0000000 --- a/net-tools/patches/net-tools-1.60-isofix.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- net-tools-1.60/po/de.po.isofix 2000-10-28 12:59:43.000000000 +0200 -+++ net-tools-1.60/po/de.po 2005-01-10 11:29:29.407639208 +0100 -@@ -9,7 +9,7 @@ - "Last-Translator: Ralf Bächle ralf@gnu.org\n" - "Language-Team:\n" - "MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=iso8859-1\n" -+"Content-Type: text/plain; charset=iso-8859-1\n" - "Content-Transfer-Encoding: 8bit\n" - - #: ../arp.c:110 ../arp.c:269 ---- net-tools-1.60/po/fr.po.isofix 2000-02-20 22:47:00.000000000 +0100 -+++ net-tools-1.60/po/fr.po 2005-01-10 11:29:23.613520048 +0100 -@@ -9,7 +9,7 @@ - "Last-Translator: J.M.Vansteene vanstee@worldnet.fr\n" - "Language-Team:\n" - "MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=iso8859-1\n" -+"Content-Type: text/plain; charset=iso-8859-1\n" - "Content-Transfer-Encoding: 8bit\n" - - #: ../arp.c:110 ../arp.c:269 ---- net-tools-1.60/po/pt_BR.po.isofix 2000-02-20 22:47:06.000000000 +0100 -+++ net-tools-1.60/po/pt_BR.po 2005-01-10 11:29:16.294632688 +0100 -@@ -14,7 +14,7 @@ - "PO-Revision-Date: 1999-03-01 02:38+0100\n" - "Last-Translator: Arnaldo Carvalho de Melo acme@conectiva.com.br\n" - "MIME-Version: 1.0\n" --"Content-Type: text/plain; charset=ISO8859-9\n" -+"Content-Type: text/plain; charset=iso-8859-9\n" - "Content-Transfer-Encoding: 8bit\n" - - #: ../arp.c:110 ../arp.c:269 diff --git a/net-tools/patches/net-tools-1.60-large-indexes.patch b/net-tools/patches/net-tools-1.60-large-indexes.patch deleted file mode 100644 index 3585dbb..0000000 --- a/net-tools/patches/net-tools-1.60-large-indexes.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up net-tools-1.60/lib/interface.c.large-indexes net-tools-1.60/lib/interface.c ---- net-tools-1.60/lib/interface.c.large-indexes 2010-01-02 12:05:13.000000000 +0100 -+++ net-tools-1.60/lib/interface.c 2010-01-02 12:34:24.000000000 +0100 -@@ -766,7 +766,7 @@ void ife_print_long(struct interface *pt - /* FIXME: should be integrated into interface.c. */ - - if ((f = fopen(_PATH_PROCNET_IFINET6, "r")) != NULL) { -- while (fscanf(f, "%4s%4s%4s%4s%4s%4s%4s%4s %02x %02x %02x %02x %20s\n", -+ while (fscanf(f, "%4s%4s%4s%4s%4s%4s%4s%4s %08x %02x %02x %02x %20s\n", - addr6p[0], addr6p[1], addr6p[2], addr6p[3], - addr6p[4], addr6p[5], addr6p[6], addr6p[7], - &if_idx, &plen, &scope, &dad_status, devname) != EOF) { diff --git a/net-tools/patches/net-tools-1.60-makefile-berlios.patch b/net-tools/patches/net-tools-1.60-makefile-berlios.patch deleted file mode 100644 index 7b9b007..0000000 --- a/net-tools/patches/net-tools-1.60-makefile-berlios.patch +++ /dev/null @@ -1,69 +0,0 @@ -diff -up net-tools-1.60/lib/Makefile.makefile-berlios net-tools-1.60/lib/Makefile ---- net-tools-1.60/lib/Makefile.makefile-berlios 2009-09-15 18:07:12.000000000 +0200 -+++ net-tools-1.60/lib/Makefile 2009-09-15 18:07:12.000000000 +0200 -@@ -36,7 +36,7 @@ OBJS = $(sort $(VARIA) $(AFOBJS) $(HWOBJ - - # This can be overwritten by the TOPLEVEL Makefile - TOPDIR=.. --CFLAGS += -I$(TOPDIR) -idirafter $(TOPDIR)/include # -fPIC -+CFLAGS += -I$(TOPDIR) -I$(TOPDIR)/include # -fPIC - SONAME=libnet-tools.so.0 - - .SUFFIXES: .a .so -diff -up net-tools-1.60/Makefile.makefile-berlios net-tools-1.60/Makefile ---- net-tools-1.60/Makefile.makefile-berlios 2009-09-15 18:07:12.000000000 +0200 -+++ net-tools-1.60/Makefile 2009-09-15 18:08:25.000000000 +0200 -@@ -88,10 +88,9 @@ endif - - # Compiler and Linker Options - # You may need to uncomment and edit these if you are using libc5 and IPv6. --COPTS = -D_GNU_SOURCE -O2 -Wall -g # -I/usr/inet6/include --ifeq ($(origin LOPTS), undefined) --LOPTS = --endif -+CFLAGS ?= -O2 -g -+CFLAGS += -fno-strict-aliasing # code needs a lot of work before strict aliasing is safe -+CPPFLAGS += -D_GNU_SOURCE - RESLIB = # -L/usr/inet6/lib -linet6 - - ifeq ($(HAVE_AFDECnet),1) -@@ -119,8 +118,9 @@ CFLAGS += -DHAVE_SELINUX - else - endif - --CFLAGS += $(COPTS) -I. -idirafter ./include/ -I$(NET_LIB_PATH) --LDFLAGS += $(LOPTS) -L$(NET_LIB_PATH) -+CPPFLAGS += -I. -I$(TOPDIR)/include -I$(NET_LIB_PATH) -+LDFLAGS += -L$(NET_LIB_PATH) -+ - - SUBDIRS = man/ $(NET_LIB_PATH)/ - -@@ -131,8 +131,6 @@ LD = $(CC) - - NLIB = -l$(NET_LIB_NAME) - --MDEFINES = COPTS='$(COPTS)' LOPTS='$(LOPTS)' TOPDIR='$(TOPDIR)' -- - %.o: %.c config.h version.h intl.h net-features.h $< - $(CC) $(CFLAGS) -c $< - -@@ -181,14 +179,15 @@ $(NET_LIB): config.h version.h intl.h li - - i18n.h: i18ndir - --libdir: -- @$(MAKE) -C $(NET_LIB_PATH) $(MDEFINES) -+libdir: version.h -+ @$(MAKE) -C $(NET_LIB_PATH) - - i18ndir: - @$(MAKE) -C po - - subdirs: -- @for i in $(SUBDIRS); do $(MAKE) -C $$i $(MDEFINES) ; done -+ @for i in $(SUBDIRS); do $(MAKE) -C $$i || exit $$? ; done -+ - - ifconfig: $(NET_LIB) ifconfig.o - $(CC) $(LDFLAGS) -o ifconfig ifconfig.o $(NLIB) $(RESLIB) diff --git a/net-tools/patches/net-tools-1.60-man-RHEL-bugs.patch b/net-tools/patches/net-tools-1.60-man-RHEL-bugs.patch deleted file mode 100644 index 03d68de..0000000 --- a/net-tools/patches/net-tools-1.60-man-RHEL-bugs.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up net-tools-1.60/man/de_DE/arp.8.man-RHEL-bugs net-tools-1.60/man/de/arp.8 ---- net-tools-1.60/man/de_DE/arp.8.man-RHEL-bugs 2009-09-09 15:52:27.000000000 +0200 -+++ net-tools-1.60/man/de_DE/arp.8 2009-09-09 15:59:33.000000000 +0200 -@@ -120,11 +120,9 @@ Flagge) kann - .B Netmaske - f(:ur ARP-Eintr(:age f(:ur ganze Subnetze angegeben werde. Von dieser - Praxis wird abgeraten. Sie wird von (:alteren Kerneln unterst(:utzt, da --sie gelegentlich n(:utzlich ist. Wird die --If the --.B temp --Flagge nicht angegeben, so werden die erzeugten Eintr(:age nicht dauerhaft --in den ARP-Cache eingetragen. -+sie gelegentlich n(:utzlich ist. -+Der Eintrag wird permanent im ARP-Cache gespeichert, -+wenn das \fBtemp\fR-Flag nicht angegeben wird. - .br - .B ANMERKUNG: - Ab der Kernelversion 2.2.0 ist es nicht mehr m(:oglich ARP-Eintr(:age f(:ur diff --git a/net-tools/patches/net-tools-1.60-man-obsolete.patch b/net-tools/patches/net-tools-1.60-man-obsolete.patch deleted file mode 100644 index 5d4bc02..0000000 --- a/net-tools/patches/net-tools-1.60-man-obsolete.patch +++ /dev/null @@ -1,267 +0,0 @@ -diff -up net-tools-1.60/man/en_US/arp.8.man-obsolete net-tools-1.60/man/en_US/arp.8 ---- net-tools-1.60/man/en_US/arp.8.man-obsolete 2009-09-01 11:28:22.000000000 +0200 -+++ net-tools-1.60/man/en_US/arp.8 2009-09-01 11:28:22.000000000 +0200 -@@ -1,6 +1,8 @@ - .TH ARP 8 "5 Jan 1999" "net-tools" "Linux Programmer's Manual" -+ - .SH NAME - arp - manipulate the system ARP cache -+ - .SH SYNOPSIS - .B arp - .RB [ -evn ] -@@ -44,6 +46,10 @@ arp - manipulate the system ARP cache - .RB [ "-i if" ] - .B -f [filename] - -+.SH NOTE -+.P -+This program is obsolete. For replacement check \fBip neighbor\fR. -+ - .SH DESCRIPTION - .B Arp - manipulates the kernel's ARP cache in various ways. The primary options -@@ -51,6 +57,7 @@ are clearing an address mapping entry an - debugging purposes, the - .B arp - program also allows a complete dump of the ARP cache. -+ - .SH OPTIONS - .TP - .B "-v, --verbose" -@@ -107,6 +114,7 @@ table. For - entries the specified interface is the interface on which ARP requests will - be answered. - .br -+ - .B NOTE: - This has to be different from the interface to which the IP - datagrams will be routed. -@@ -171,6 +179,7 @@ flag. Permanent entries are marked with - and published entries have the - .B P - flag. -+ - .SH FILES - .I /proc/net/arp, - .br -@@ -179,8 +188,10 @@ flag. - .I /etc/hosts - .br - .I /etc/ethers -+ - .SH SEE ALSO --rarp(8), route(8), ifconfig(8), netstat(8) -+ip(8) -+ - .SH AUTHORS - Fred N. van Kempen, waltje@uwalt.nl.mugnet.org with a lot of improvements - from net-tools Maintainer Bernd Eckenfels net-tools@lina.inka.de. -diff -up net-tools-1.60/man/en_US/ethers.5.man-obsolete net-tools-1.60/man/en_US/ethers.5 ---- net-tools-1.60/man/en_US/ethers.5.man-obsolete 1999-01-09 16:55:31.000000000 +0100 -+++ net-tools-1.60/man/en_US/ethers.5 2009-09-01 11:28:22.000000000 +0200 -@@ -1,7 +1,9 @@ - .TH ETHERS 5 "April 26th, 1996" "" "File formats" -+ - .SH NAME "{{{roff}}}"{{{ - ethers - Ethernet address to IP number database - ."}}} -+ - .SH DESCRIPTION "{{{ - \fB/etc/ethers\fP contains 48 bit Ethernet addresses and their corresponding - IP numbers, one line for each IP number: -@@ -20,12 +22,11 @@ which represents one byte of the address - order (big-endian). The \fIIP-number\fP may be a hostname which - can be resolved by DNS or a dot separated number. - ."}}} -+ - .SH EXAMPLES "{{{ - 08:00:20:00:61:CA pal - ."}}} -+ - .SH FILES "{{{ - /etc/ethers - ."}}} --.SH "SEE ALSO" "{{{ --rarp(8) --."}}} -diff -up net-tools-1.60/man/en_US/ifconfig.8.man-obsolete net-tools-1.60/man/en_US/ifconfig.8 ---- net-tools-1.60/man/en_US/ifconfig.8.man-obsolete 2009-09-01 11:28:22.000000000 +0200 -+++ net-tools-1.60/man/en_US/ifconfig.8 2009-09-01 11:28:22.000000000 +0200 -@@ -1,10 +1,19 @@ - .TH IFCONFIG 8 "14 August 2000" "net-tools" "Linux Programmer's Manual" -+ - .SH NAME - ifconfig - configure a network interface -+ - .SH SYNOPSIS - .B "ifconfig [interface]" - .br - .B "ifconfig interface [aftype] options | address ..." -+ -+.SH NOTE -+.P -+This program is obsolete! -+For replacement check \fBip addr\fR and \fBip link\fR. -+For statistics use \fBip -s link\fR. -+ - .SH DESCRIPTION - .B Ifconfig - is used to configure the kernel-resident network interfaces. It is -@@ -44,6 +53,7 @@ octal, or hexadecimal, as specified in t - or 0X implies hexadecimal; otherwise, a leading '0' implies octal; otherwise, - the number is interpreted as decimal). Use of hexamedial and octal numbers - is not RFC-compliant and therefore its use is discouraged and may go away. -+ - .SH OPTIONS - .TP - .B interface -@@ -172,6 +182,7 @@ Set the length of the transmit queue of - to small values for slower devices with a high latency (modem links, ISDN) - to prevent fast bulk transfers from disturbing interactive traffic like - telnet too much. -+ - .SH NOTES - Since kernel release 2.2 there are no explicit interface statistics for - alias interfaces anymore. The statistics printed for the original address -@@ -184,17 +195,27 @@ command. - Interrupt problems with Ethernet device drivers fail with EAGAIN. See - .I http://www.scyld.com/expert/irq-conflict.html - for more information. -+ - .SH FILES - .I /proc/net/socket - .br - .I /proc/net/dev - .br - .I /proc/net/if_inet6 -+ - .SH BUGS -+Ifconfig uses obsolete kernel interface. -+It uses the ioctl access method to get the full address information, -+which limits hardware addresses to 8 bytes. -+Since an Infiniband address is 20 bytes, -+only the first 8 bytes of Infiniband address are displayed. -+.LP - While appletalk DDP and IPX addresses will be displayed they cannot be - altered by this command. -+ - .SH SEE ALSO --route(8), netstat(8), arp(8), rarp(8), ipchains(8) -+ip(8) -+ - .SH AUTHORS - Fred N. van Kempen, waltje@uwalt.nl.mugnet.org - .br -diff -up net-tools-1.60/man/en_US/nameif.8.man-obsolete net-tools-1.60/man/en_US/nameif.8 ---- net-tools-1.60/man/en_US/nameif.8.man-obsolete 2000-10-18 19:26:29.000000000 +0200 -+++ net-tools-1.60/man/en_US/nameif.8 2009-09-01 12:15:24.000000000 +0200 -@@ -1,10 +1,18 @@ - .TH NAMEIF 8 "18 Oct 2000" "net-tools" "Linux's Administrator's Manual" -+ - .SH NAME - nameif - name network interfaces based on MAC addresses -+ - .SH SYNOPSIS - .B "nameif [-c configfile] [-s]" - .br - .B "nameif [-c configfile] [-s] {interface macaddress}" -+ -+.SH NOTE -+.P -+This program is obsolete. For replacement check \fBip link\fR. -+This functionality is also much better provided by udev methods. -+ - .SH DESCRIPTION - .B nameif - renames network interfaces based on mac addresses. When no arguments are -@@ -31,5 +39,9 @@ should be run before the interface is up - - .SH FILES - /etc/mactab -+ -+.SH SEE ALSO -+ip(8), udev(7) -+ - .SH BUGS - Only works for Ethernet currently. -diff -up net-tools-1.60/man/en_US/netstat.8.man-obsolete net-tools-1.60/man/en_US/netstat.8 ---- net-tools-1.60/man/en_US/netstat.8.man-obsolete 2009-09-01 11:28:22.000000000 +0200 -+++ net-tools-1.60/man/en_US/netstat.8 2009-09-01 11:28:22.000000000 +0200 -@@ -92,6 +92,14 @@ netstat - Print network connections, ro - .RB [ --netrom ] - .RB [ --ddp ] - -+.SH NOTE -+.P -+This program is obsolete. -+Replacement for \fBnetstat\fR is \fBss\fR. -+Replacement for \fBnetstat -r\fR is \fBip route\fR. -+Replacement for \fBnetstat -i\fR is \fBip -s link\fR. -+Replacement for \fBnetstat -g\fR is \fBip maddr\fR. -+ - .SH DESCRIPTION - .B Netstat - prints information about the Linux networking subsystem. The type of -@@ -438,13 +446,11 @@ status information via the following fil - -- statistics - .fi - .P -+ - .SH SEE ALSO --.BR route (8), --.BR ifconfig (8), --.BR ipchains (8), --.BR iptables (8), --.BR proc (5) -+.BR ss (8), ip(8) - .P -+ - .SH BUGS - Occasionally strange information may appear if a socket changes - as it is viewed. This is unlikely to occur. -diff -up net-tools-1.60/man/en_US/route.8.man-obsolete net-tools-1.60/man/en_US/route.8 ---- net-tools-1.60/man/en_US/route.8.man-obsolete 2000-05-21 20:59:03.000000000 +0200 -+++ net-tools-1.60/man/en_US/route.8 2009-09-01 11:28:22.000000000 +0200 -@@ -1,6 +1,8 @@ - .TH ROUTE 8 "2 January 2000" "net-tools" "Linux Programmer's Manual" -+ - .SH NAME - route - show / manipulate the IP routing table -+ - .SH SYNOPSIS - .B route - .RB [ -CFvnee ] -@@ -52,6 +54,11 @@ If] - .RB [ --version ] - .RB [ -h ] - .RB [ --help ] -+ -+.SH NOTE -+.P -+This program is obsolete. For replacement check \fBip route\fR. -+ - .SH DESCRIPTION - .B Route - manipulates the kernel's IP routing tables. Its primary use is to set -@@ -306,6 +313,7 @@ address is not needed for the interface - .B Arp (cached only) - Whether or not the hardware address for the cached route is up to date. - .LP -+ - .SH FILES - .I /proc/net/ipv6_route - .br -@@ -313,9 +321,11 @@ Whether or not the hardware address for - .br - .I /proc/net/rt_cache - .LP -+ - .SH SEE ALSO --.I ifconfig(8), netstat(8), arp(8), rarp(8) -+.I ip(8) - .LP -+ - .SH HISTORY - .B Route - for Linux was originally written by Fred N. van Kempen, diff --git a/net-tools/patches/net-tools-1.60-man.patch b/net-tools/patches/net-tools-1.60-man.patch deleted file mode 100644 index 2deac4a..0000000 --- a/net-tools/patches/net-tools-1.60-man.patch +++ /dev/null @@ -1,132 +0,0 @@ ---- net-tools-1.60/man/en_US/ifconfig.8.man 2000-10-28 12:59:42.000000000 +0200 -+++ net-tools-1.60/man/en_US/ifconfig.8 2003-05-22 16:58:41.000000000 +0200 -@@ -177,7 +177,7 @@ - command. - .LP - Interrupt problems with Ethernet device drivers fail with EAGAIN. See --.I http://cesdis.gsfc.nasa.gov/linux/misc/irq-conflict.html -+.I http://www.scyld.com/expert/irq-conflict.html - for more information. - .SH FILES - .I /proc/net/socket ---- net-tools-1.60/man/en_US/hostname.1.man 1999-02-27 13:11:14.000000000 +0100 -+++ net-tools-1.60/man/en_US/hostname.1 2003-05-22 17:04:30.000000000 +0200 -@@ -10,8 +10,6 @@ - nisdomainname - show or set system's NIS/YP domain name - .br - ypdomainname - show or set the system's NIS/YP domain name --.br --nodename - show or set the system's DECnet node name - - .SH SYNOPSIS - .B hostname -@@ -96,12 +94,6 @@ - function. This is also known as the YP/NIS domain name of the system. - - .LP --.B nodename --will print the DECnet node name of the system as returned by the --.BR getnodename (2) --function. -- --.LP - .B dnsdomainname - will print the domain part of the FQDN (Fully Qualified Domain Name). The - complete FQDN of the system is returned with -@@ -184,11 +176,6 @@ - .I "-i, --ip-address" - Display the IP address(es) of the host. - .TP --.I "-n, --node" --Display the DECnet node name. If a parameter is given (or --.B --file name --) the root can also set a new node name. --.TP - .I "-s, --short" - Display the short host name. This is the host name cut at the first dot. - .TP ---- net-tools-1.60/man/fr_FR/hostname.1.man 1999-04-18 21:23:46.000000000 +0200 -+++ net-tools-1.60/man/fr_FR/hostname.1 2003-05-22 17:05:04.000000000 +0200 -@@ -9,8 +9,6 @@ - nisdomainname - affiche ou définit le nom de domaine NIS/YP du système - .br - ypdomainname - affiche ou définit le nom de domaine NIS/YP du système --.br --nodename - affiche ou définit le nom de domaine DECnet du système - - .SH SYNOPSIS - .B hostname -@@ -87,14 +85,6 @@ - .BR getdomainname (2) - . Ceci est connu comme nom de domaine YP/NIS du système. - -- --.LP --.B nodename --fournit le nom de noeud DECnet du système tel qu'il est retourné par la --fonction --.BR getnodename (2) --. -- - .LP - .B dnsdomainname - fournit la partie domaine du nom complètement qualifié - FQDN (Fully -@@ -180,11 +170,6 @@ - .I "-i, --ip-address" - Affiche la (les) adresse(s) IP de l'hôte. - .TP --.I "-n, --node" --Affiche le nom de noeud DECnet. Si un paramètre est fourni (ou --.B --file nom_fichier --) le super-utilisateur peut également définir un nouveau nom de neud. --.TP - .I "-s, --short" - Affiche le nom d'hôte en format court. Il s'agit du nom d'hôte coupé au - premier point. ---- net-tools-1.60/man/de_DE/hostname.1.man 1999-03-15 21:31:16.000000000 +0100 -+++ net-tools-1.60/man/de_DE/hostname.1 2003-05-22 17:06:01.000000000 +0200 -@@ -15,8 +15,6 @@ - nisdomainname - den NIS/YP Domainnamen anzeigen oder setzen - .br - ypdomainname - den NIS/YP Domainnamen anzeigen oder setzen --.br --nodename - den DECnet-Knotennamen anzeigen oder setzen - - .SH SYNOPSIS - .B hostname -@@ -101,12 +99,6 @@ - des Systems genannt. - - .LP --.B nodename --druckt den DECnet-Knotennamen des Systems, wie er von der --.BR getnodename (2) --Function ermittelt wird, aus. -- --.LP - .B dnsdomainname - druckt den Domainteil des FQDN (Fully Qualified Domain Name oder zu deutsch - vollst(:andig spezifizierter Domainname) aus. Der vollst(:andige FQDN -@@ -117,8 +109,8 @@ - .SS "NAME SETZEN" - Wenn mit nur einem Argument oder mit der - .B --file --Option aufgerufen, dann setzen diese Kommandos den Rechnernamen, den NIS/YP --Domainnamen oder den DECnet-Knotennamen. -+Option aufgerufen, dann setzen diese Kommandos den Rechnernamen oder den NIS/YP -+Domainnamen. - - .LP - Nur der Superuser darf den Namen (:andern. -@@ -198,11 +190,6 @@ - .I "-i, --ip-address" - Die IP-Adresse(n) des Rechners anzeigen und beenden. - .TP --.I "-n, --node" --Den DECnet-Knotennamen anzeigen. Wenn ein Argument oder die --.B --file name --Option angegeben wird, dann kann Root auch einen neuen Knotennamen setzen. --.TP - .I "-s, --short" - Den Kurznamen anzeigen. Dies ist der ab dem ersten Punkt abgeschnittene - Rechnername. diff --git a/net-tools/patches/net-tools-1.60-manydevs.patch b/net-tools/patches/net-tools-1.60-manydevs.patch deleted file mode 100644 index d07ffba..0000000 --- a/net-tools/patches/net-tools-1.60-manydevs.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- lib/nstrcmp.c.bak Fri Apr 12 00:15:01 2002 -+++ lib/nstrcmp.c Fri Apr 12 00:15:29 2002 -@@ -16,8 +16,8 @@ - b++; - } - if (isdigit(*a)) { -- if (!isdigit(*b)) -- return -1; -+ if (!isdigit(*b)) -+ return 1; - while (a > astr) { - a--; - if (!isdigit(*a)) { diff --git a/net-tools/patches/net-tools-1.60-masqinfo-raw-ip.patch b/net-tools/patches/net-tools-1.60-masqinfo-raw-ip.patch deleted file mode 100644 index 492e08f..0000000 --- a/net-tools/patches/net-tools-1.60-masqinfo-raw-ip.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up net-tools-1.60/lib/masq_info.c.masqinfo-raw-ip net-tools-1.60/lib/masq_info.c ---- net-tools-1.60/lib/masq_info.c.masqinfo-raw-ip 2000-10-28 12:59:42.000000000 +0200 -+++ net-tools-1.60/lib/masq_info.c 2009-09-15 17:05:24.000000000 +0200 -@@ -119,7 +119,9 @@ static int read_masqinfo(FILE * f, struc - ms->src.sin_family = AF_INET; - ms->dst.sin_family = AF_INET; - -- if (strcmp("TCP", buf) == 0) -+ if (strcmp("IP", buf) == 0) -+ ms->proto = "ip"; -+ else if (strcmp("TCP", buf) == 0) - ms->proto = "tcp"; - else if (strcmp("UDP", buf) == 0) - ms->proto = "udp"; diff --git a/net-tools/patches/net-tools-1.60-metric-tunnel-man.patch b/net-tools/patches/net-tools-1.60-metric-tunnel-man.patch deleted file mode 100644 index b949f87..0000000 --- a/net-tools/patches/net-tools-1.60-metric-tunnel-man.patch +++ /dev/null @@ -1,21 +0,0 @@ -diff -up net-tools-1.60/man/en_US/ifconfig.8.metric-tunnel-man net-tools-1.60/man/en_US/ifconfig.8 ---- net-tools-1.60/man/en_US/ifconfig.8.metric-tunnel-man 2008-09-18 09:20:49.000000000 +0200 -+++ net-tools-1.60/man/en_US/ifconfig.8 2008-09-18 09:26:41.000000000 +0200 -@@ -70,7 +70,7 @@ mode. If selected, all multicast packet - received by the interface. - .TP - .B "metric N" --This parameter sets the interface metric. -+This parameter sets the interface metric. It is not available under GNU/Linux. - .TP - .B "mtu N" - This parameter sets the Maximum Transfer Unit (MTU) of an interface. -@@ -92,7 +92,7 @@ Add an IPv6 address to an interface. - .B "del addr/prefixlen" - Remove an IPv6 address from an interface. - .TP --.B "tunnel aa.bb.cc.dd" -+.B "tunnel ::aa.bb.cc.dd" - Create a new SIT (IPv6-in-IPv4) device, tunnelling to the given destination. - .TP - .B "irq addr" diff --git a/net-tools/patches/net-tools-1.60-mii-gigabit.patch b/net-tools/patches/net-tools-1.60-mii-gigabit.patch deleted file mode 100644 index 4c98cf3..0000000 --- a/net-tools/patches/net-tools-1.60-mii-gigabit.patch +++ /dev/null @@ -1,240 +0,0 @@ -diff -up net-tools-1.60/mii-tool.c.mii-gigabit net-tools-1.60/mii-tool.c ---- net-tools-1.60/mii-tool.c.mii-gigabit 2010-06-14 15:51:23.000000000 +0200 -+++ net-tools-1.60/mii-tool.c 2010-06-14 16:10:34.000000000 +0200 -@@ -57,7 +57,7 @@ static char version[] = - #define LPA_ABILITY_MASK 0x07e0 - - /* Table of known MII's */ --static struct { -+static const struct { - u_short id1, id2; - char *name; - } mii_id[] = { -@@ -76,6 +76,9 @@ static struct { - { 0x0181, 0x4410, "Quality QS6612" }, - { 0x0282, 0x1c50, "SMSC 83C180" }, - { 0x0300, 0xe540, "TDK 78Q2120" }, -+ { 0x0141, 0x0c20, "Yukon 88E1011" }, -+ { 0x0141, 0x0cc0, "Yukon-EC 88E1111" }, -+ { 0x0141, 0x0c90, "Yukon-2 88E1112" }, - }; - #define NMII (sizeof(mii_id)/sizeof(mii_id[0])) - -@@ -139,40 +142,47 @@ static void mdio_write(int skfd, int loc - - const struct { - char *name; -- u_short value; -+ u_short value[2]; - } media[] = { - /* The order through 100baseT4 matches bits in the BMSR */ -- { "10baseT-HD", LPA_10HALF }, -- { "10baseT-FD", LPA_10FULL }, -- { "100baseTx-HD", LPA_100HALF }, -- { "100baseTx-FD", LPA_100FULL }, -- { "100baseT4", LPA_100BASE4 }, -- { "100baseTx", LPA_100FULL | LPA_100HALF }, -- { "10baseT", LPA_10FULL | LPA_10HALF }, -+ { "10baseT-HD", {LPA_10HALF} }, -+ { "10baseT-FD", {LPA_10FULL} }, -+ { "100baseTx-HD", {LPA_100HALF} }, -+ { "100baseTx-FD", {LPA_100FULL} }, -+ { "100baseT4", {LPA_100BASE4} }, -+ { "100baseTx", {LPA_100FULL | LPA_100HALF} }, -+ { "10baseT", {LPA_10FULL | LPA_10HALF} }, -+ { "1000baseT-HD", {0, ADVERTISE_1000HALF} }, -+ { "1000baseT-FD", {0, ADVERTISE_1000FULL} }, -+ { "1000baseT", {0, ADVERTISE_1000HALF|ADVERTISE_1000FULL} }, - }; - #define NMEDIA (sizeof(media)/sizeof(media[0])) - - /* Parse an argument list of media types */ --static int parse_media(char *arg) -+static int parse_media(char *arg, unsigned *bmcr2) - { - int mask, i; - char *s; - mask = strtoul(arg, &s, 16); - if ((*arg != '\0') && (*s == '\0')) { -- if ((mask & LPA_ABILITY_MASK) && -- !(mask & ~LPA_ABILITY_MASK)) -- return mask; -- goto failed; -- } else { -- mask = 0; -- s = strtok(arg, ", "); -- do { -- for (i = 0; i < NMEDIA; i++) -- if (strcasecmp(media[i].name, s) == 0) break; -- if (i == NMEDIA) goto failed; -- mask |= media[i].value; -- } while ((s = strtok(NULL, ", ")) != NULL); -- } -+ if ((mask & LPA_ABILITY_MASK) && -+ !(mask & ~LPA_ABILITY_MASK)) { -+ *bmcr2 = 0; -+ return mask; -+ } -+ goto failed; -+ } -+ mask = 0; -+ *bmcr2 = 0; -+ s = strtok(arg, ", "); -+ do { -+ for (i = 0; i < NMEDIA; i++) -+ if (s && strcasecmp(media[i].name, s) == 0) break; -+ if (i == NMEDIA) goto failed; -+ mask |= media[i].value[0]; -+ *bmcr2 |= media[i].value[1]; -+ } while ((s = strtok(NULL, ", ")) != NULL); -+ - return mask; - failed: - fprintf(stderr, "Invalid media specification '%s'.\n", arg); -@@ -181,11 +191,25 @@ failed: - - /*--------------------------------------------------------------------*/ - --static char *media_list(int mask, int best) -+static const char *media_list(unsigned mask, unsigned mask2, int best) - { - static char buf[100]; - int i; - *buf = '\0'; -+ -+ if (mask & BMCR_SPEED1000) { -+ if (mask2 & ADVERTISE_1000HALF) { -+ strcat(buf, " "); -+ strcat(buf, "1000baseT-HD"); -+ if (best) goto out; -+ } -+ if (mask2 & ADVERTISE_1000FULL) { -+ strcat(buf, " "); -+ strcat(buf, "1000baseT-FD"); -+ if (best) goto out; -+ } -+ } -+ - mask >>= 5; - for (i = 4; i >= 0; i--) { - if (mask & (1<<i)) { -@@ -194,6 +218,7 @@ static char *media_list(int mask, int be - if (best) break; - } - } -+out: - if (mask & (1<<5)) - strcat(buf, " flow-control"); - return buf; -@@ -203,11 +228,11 @@ int show_basic_mii(int sock, int phy_id) - { - char buf[100]; - int i, mii_val[32]; -- int bmcr, bmsr, advert, lkpar; -+ unsigned bmcr, bmsr, advert, lkpar, bmcr2, lpa2; - /* Some bits in the BMSR are latched, but we can't rely on being - the only reader, so only the current values are meaningful */ - mdio_read(sock, MII_BMSR); -- for (i = 0; i < ((verbose > 1) ? 32 : 8); i++) { -+ for (i = 0; i < ((verbose > 1) ? 32 : (MII_STAT1000+1)); i++) { - if ((i == MII_BMCR) || (i == MII_BMSR) || (i == MII_PHYSID1) || - (i == MII_PHYSID2) || (i == MII_ADVERTISE) || (i == MII_LPA) || - (i == MII_EXPANSION) || (i == MII_CTRL1000) || (i == MII_STAT1000) || -@@ -220,7 +245,7 @@ int show_basic_mii(int sock, int phy_id) - else - mii_val[i] = 0; - } -- if (mii_val[MII_BMCR] == 0xffff) { -+ if (mii_val[MII_BMCR] == 0xffff || mii_val[MII_BMSR] == 0x0000) { - fprintf(stderr, " No MII transceiver present!.\n"); - return -1; - } -@@ -228,6 +253,7 @@ int show_basic_mii(int sock, int phy_id) - /* Descriptive rename. */ - bmcr = mii_val[MII_BMCR]; bmsr = mii_val[MII_BMSR]; - advert = mii_val[MII_ADVERTISE]; lkpar = mii_val[MII_LPA]; -+ bmcr2 = mii_val[MII_CTRL1000]; lpa2 = mii_val[MII_STAT1000]; - - sprintf(buf, "%s: ", ifr.ifr_name); - if (bmcr & BMCR_ANENABLE) { -@@ -235,7 +261,7 @@ int show_basic_mii(int sock, int phy_id) - if (advert & lkpar) { - strcat(buf, (lkpar & LPA_LPACK) ? - "negotiated" : "no autonegotiation,"); -- strcat(buf, media_list(advert & lkpar, 1)); -+ strcat(buf, media_list(advert & lkpar, bmcr2 & lpa2>>2, 1)); - strcat(buf, ", "); - } else { - strcat(buf, "autonegotiation failed, "); -@@ -245,8 +271,10 @@ int show_basic_mii(int sock, int phy_id) - } - } else { - sprintf(buf+strlen(buf), "%s Mbit, %s duplex, ", -- (bmcr & BMCR_SPEED100) ? "100" : "10", -- (bmcr & BMCR_FULLDPLX) ? "full" : "half"); -+ ((bmcr2 & (ADVERTISE_1000HALF | ADVERTISE_1000FULL)) & lpa2 >> 2) -+ ? "1000" -+ : (bmcr & BMCR_SPEED100) ? "100" : "10", -+ (bmcr & BMCR_FULLDPLX) ? "full" : "half"); - } - strcat(buf, (bmsr & BMSR_LSTATUS) ? "link ok" : "no link"); - -@@ -307,10 +335,10 @@ int show_basic_mii(int sock, int phy_id) - if (bmsr & BMSR_RFAULT) - printf("remote fault, "); - printf((bmsr & BMSR_LSTATUS) ? "link ok" : "no link"); -- printf("\n capabilities:%s", media_list(bmsr >> 6, 0)); -- printf("\n advertising: %s", media_list(advert, 0)); -+ printf("\n capabilities:%s", media_list(bmsr >> 6, bmcr2, 0)); -+ printf("\n advertising: %s", media_list(advert, lpa2 >> 2, 0)); - if (lkpar & LPA_ABILITY_MASK) -- printf("\n link partner:%s", media_list(lkpar, 0)); -+ printf("\n link partner:%s", media_list(lkpar, bmcr2, 0)); - printf("\n"); - } - fflush(stdout); -@@ -341,7 +369,7 @@ static int do_one_xcvr(int skfd, char *i - printf("resetting the transceiver...\n"); - mdio_write(skfd, MII_BMCR, BMCR_RESET); - } -- if (nway_advertise) { -+ if (nway_advertise > 0) { - mdio_write(skfd, MII_ADVERTISE, nway_advertise | 1); - opt_restart = 1; - } -@@ -400,18 +428,20 @@ usage: %s [-VvRrwl] [-A media,... | -F m - -l, --log with -w, write events to syslog\n\ - -A, --advertise=media,... advertise only specified media\n\ - -F, --force=media force specified media technology\n\ --media: 100baseT4, 100baseTx-FD, 100baseTx-HD, 10baseT-FD, 10baseT-HD,\n\ -+media: 1000baseTx-HD, 1000baseTx-FD,\n\ -+ 100baseT4, 100baseTx-FD, 100baseTx-HD, 10baseT-FD, 10baseT-HD,\n\ - (to advertise both HD and FD) 100baseTx, 10baseT\n"; - - int main(int argc, char **argv) - { - int i, c, ret, errflag = 0; - char s[6]; -- -+ unsigned ctrl1000 = 0; -+ - while ((c = getopt_long(argc, argv, "A:F:p:lrRvVw?", longopts, 0)) != EOF) - switch (c) { -- case 'A': nway_advertise = parse_media(optarg); break; -- case 'F': fixed_speed = parse_media(optarg); break; -+ case 'A': nway_advertise = parse_media(optarg, &ctrl1000); break; -+ case 'F': fixed_speed = parse_media(optarg, &ctrl1000); break; - case 'p': override_phy = atoi(optarg); break; - case 'r': opt_restart++; break; - case 'R': opt_reset++; break; -@@ -423,6 +453,10 @@ int main(int argc, char **argv) - } - /* Check for a few inappropriate option combinations */ - if (opt_watch) verbose = 0; -+ -+ if ((nway_advertise < 0) || (fixed_speed < 0)) -+ return 2; -+ - if (errflag || (fixed_speed & (fixed_speed-1)) || - (fixed_speed && (opt_restart || nway_advertise))) { - fprintf(stderr, usage, argv[0]); diff --git a/net-tools/patches/net-tools-1.60-mii-refactor.patch b/net-tools/patches/net-tools-1.60-mii-refactor.patch deleted file mode 100644 index 8f5a582..0000000 --- a/net-tools/patches/net-tools-1.60-mii-refactor.patch +++ /dev/null @@ -1,224 +0,0 @@ -diff -up net-tools-1.60/mii-tool.c.mii-refactor net-tools-1.60/mii-tool.c ---- net-tools-1.60/mii-tool.c.mii-refactor 2009-10-30 16:25:23.000000000 +0100 -+++ net-tools-1.60/mii-tool.c 2009-10-30 16:45:01.000000000 +0100 -@@ -50,9 +50,11 @@ static char version[] = - #include <linux/if_arp.h> - #include <linux/if_ether.h> - #endif --#include "mii.h" -+#include <linux/mii.h> -+#include <linux/sockios.h> - - #define MAX_ETH 8 /* Maximum # of interfaces */ -+#define LPA_ABILITY_MASK 0x07e0 - - /* Table of known MII's */ - static struct { -@@ -112,7 +114,7 @@ static struct ifreq ifr; - - static int mdio_read(int skfd, int location) - { -- struct mii_data *mii = (struct mii_data *)&ifr.ifr_data; -+ struct mii_ioctl_data *mii = (struct mii_ioctl_data *)&ifr.ifr_data; - mii->reg_num = location; - if (ioctl(skfd, SIOCGMIIREG, &ifr) < 0) { - fprintf(stderr, "SIOCGMIIREG on %s failed: %s\n", ifr.ifr_name, -@@ -124,7 +126,7 @@ static int mdio_read(int skfd, int locat - - static void mdio_write(int skfd, int location, int value) - { -- struct mii_data *mii = (struct mii_data *)&ifr.ifr_data; -+ struct mii_ioctl_data *mii = (struct mii_ioctl_data *)&ifr.ifr_data; - mii->reg_num = location; - mii->val_in = value; - if (ioctl(skfd, SIOCSMIIREG, &ifr) < 0) { -@@ -140,13 +142,13 @@ const struct { - u_short value; - } media[] = { - /* The order through 100baseT4 matches bits in the BMSR */ -- { "10baseT-HD", MII_AN_10BASET_HD }, -- { "10baseT-FD", MII_AN_10BASET_FD }, -- { "100baseTx-HD", MII_AN_100BASETX_HD }, -- { "100baseTx-FD", MII_AN_100BASETX_FD }, -- { "100baseT4", MII_AN_100BASET4 }, -- { "100baseTx", MII_AN_100BASETX_FD | MII_AN_100BASETX_HD }, -- { "10baseT", MII_AN_10BASET_FD | MII_AN_10BASET_HD }, -+ { "10baseT-HD", LPA_10HALF }, -+ { "10baseT-FD", LPA_10FULL }, -+ { "100baseTx-HD", LPA_100HALF }, -+ { "100baseTx-FD", LPA_100FULL }, -+ { "100baseT4", LPA_100BASE4 }, -+ { "100baseTx", LPA_100FULL | LPA_100HALF }, -+ { "10baseT", LPA_10FULL | LPA_10HALF }, - }; - #define NMEDIA (sizeof(media)/sizeof(media[0])) - -@@ -157,8 +159,8 @@ static int parse_media(char *arg) - char *s; - mask = strtoul(arg, &s, 16); - if ((*arg != '\0') && (*s == '\0')) { -- if ((mask & MII_AN_ABILITY_MASK) && -- !(mask & ~MII_AN_ABILITY_MASK)) -+ if ((mask & LPA_ABILITY_MASK) && -+ !(mask & ~LPA_ABILITY_MASK)) - return mask; - goto failed; - } else { -@@ -202,13 +204,22 @@ int show_basic_mii(int sock, int phy_id) - char buf[100]; - int i, mii_val[32]; - int bmcr, bmsr, advert, lkpar; -- - /* Some bits in the BMSR are latched, but we can't rely on being - the only reader, so only the current values are meaningful */ - mdio_read(sock, MII_BMSR); -- for (i = 0; i < ((verbose > 1) ? 32 : 8); i++) -- mii_val[i] = mdio_read(sock, i); -- -+ for (i = 0; i < ((verbose > 1) ? 32 : 8); i++) { -+ if ((i == MII_BMCR) || (i == MII_BMSR) || (i == MII_PHYSID1) || -+ (i == MII_PHYSID2) || (i == MII_ADVERTISE) || (i == MII_LPA) || -+ (i == MII_EXPANSION) || (i == MII_CTRL1000) || (i == MII_STAT1000) || -+ (i == MII_ESTATUS) || (i == MII_DCOUNTER) || (i == MII_FCSCOUNTER) || -+ (i == MII_NWAYTEST) || (i == MII_RERRCOUNTER) || -+ (i == MII_SREVISION) || (i == MII_RESV1) || (i == MII_LBRERROR) || -+ (i == MII_PHYADDR) || (i == MII_RESV2) || -+ (i == MII_TPISTATUS) || (i == MII_NCONFIG)) -+ mii_val[i] = mdio_read(sock, i); -+ else -+ mii_val[i] = 0; -+ } - if (mii_val[MII_BMCR] == 0xffff) { - fprintf(stderr, " No MII transceiver present!.\n"); - return -1; -@@ -216,28 +227,28 @@ int show_basic_mii(int sock, int phy_id) - - /* Descriptive rename. */ - bmcr = mii_val[MII_BMCR]; bmsr = mii_val[MII_BMSR]; -- advert = mii_val[MII_ANAR]; lkpar = mii_val[MII_ANLPAR]; -+ advert = mii_val[MII_ADVERTISE]; lkpar = mii_val[MII_LPA]; - - sprintf(buf, "%s: ", ifr.ifr_name); -- if (bmcr & MII_BMCR_AN_ENA) { -- if (bmsr & MII_BMSR_AN_COMPLETE) { -+ if (bmcr & BMCR_ANENABLE) { -+ if (bmsr & BMSR_ANEGCOMPLETE) { - if (advert & lkpar) { -- strcat(buf, (lkpar & MII_AN_ACK) ? -+ strcat(buf, (lkpar & LPA_LPACK) ? - "negotiated" : "no autonegotiation,"); - strcat(buf, media_list(advert & lkpar, 1)); - strcat(buf, ", "); - } else { - strcat(buf, "autonegotiation failed, "); - } -- } else if (bmcr & MII_BMCR_RESTART) { -+ } else if (bmcr & BMCR_ANRESTART) { - strcat(buf, "autonegotiation restarted, "); - } - } else { - sprintf(buf+strlen(buf), "%s Mbit, %s duplex, ", -- (bmcr & MII_BMCR_100MBIT) ? "100" : "10", -- (bmcr & MII_BMCR_DUPLEX) ? "full" : "half"); -+ (bmcr & BMCR_SPEED100) ? "100" : "10", -+ (bmcr & BMCR_FULLDPLX) ? "full" : "half"); - } -- strcat(buf, (bmsr & MII_BMSR_LINK_VALID) ? "link ok" : "no link"); -+ strcat(buf, (bmsr & BMSR_LSTATUS) ? "link ok" : "no link"); - - if (opt_watch) { - if (opt_log) { -@@ -273,32 +284,32 @@ int show_basic_mii(int sock, int phy_id) - ((mii_val[2]<<6)|(mii_val[3]>>10))&0xff, - (mii_val[3]>>4)&0x3f, mii_val[3]&0x0f); - printf(" basic mode: "); -- if (bmcr & MII_BMCR_RESET) -+ if (bmcr & BMCR_RESET) - printf("software reset, "); -- if (bmcr & MII_BMCR_LOOPBACK) -+ if (bmcr & BMCR_LOOPBACK) - printf("loopback, "); -- if (bmcr & MII_BMCR_ISOLATE) -+ if (bmcr & BMCR_ISOLATE) - printf("isolate, "); -- if (bmcr & MII_BMCR_COLTEST) -+ if (bmcr & BMCR_CTST) - printf("collision test, "); -- if (bmcr & MII_BMCR_AN_ENA) { -+ if (bmcr & BMCR_ANENABLE) { - printf("autonegotiation enabled\n"); - } else { - printf("%s Mbit, %s duplex\n", -- (bmcr & MII_BMCR_100MBIT) ? "100" : "10", -- (bmcr & MII_BMCR_DUPLEX) ? "full" : "half"); -+ (bmcr & BMCR_SPEED100) ? "100" : "10", -+ (bmcr & BMCR_FULLDPLX) ? "full" : "half"); - } - printf(" basic status: "); -- if (bmsr & MII_BMSR_AN_COMPLETE) -+ if (bmsr & BMSR_ANEGCOMPLETE) - printf("autonegotiation complete, "); -- else if (bmcr & MII_BMCR_RESTART) -+ else if (bmcr & BMCR_ANRESTART) - printf("autonegotiation restarted, "); -- if (bmsr & MII_BMSR_REMOTE_FAULT) -+ if (bmsr & BMSR_RFAULT) - printf("remote fault, "); -- printf((bmsr & MII_BMSR_LINK_VALID) ? "link ok" : "no link"); -+ printf((bmsr & BMSR_LSTATUS) ? "link ok" : "no link"); - printf("\n capabilities:%s", media_list(bmsr >> 6, 0)); - printf("\n advertising: %s", media_list(advert, 0)); -- if (lkpar & MII_AN_ABILITY_MASK) -+ if (lkpar & LPA_ABILITY_MASK) - printf("\n link partner:%s", media_list(lkpar, 0)); - printf("\n"); - } -@@ -310,7 +321,7 @@ int show_basic_mii(int sock, int phy_id) - - static int do_one_xcvr(int skfd, char *ifname, int maybe) - { -- struct mii_data *mii = (struct mii_data *)&ifr.ifr_data; -+ struct mii_ioctl_data *mii = (struct mii_ioctl_data *)&ifr.ifr_data; - - /* Get the vitals from the interface. */ - strncpy(ifr.ifr_name, ifname, IFNAMSIZ); -@@ -328,23 +339,23 @@ static int do_one_xcvr(int skfd, char *i - - if (opt_reset) { - printf("resetting the transceiver...\n"); -- mdio_write(skfd, MII_BMCR, MII_BMCR_RESET); -+ mdio_write(skfd, MII_BMCR, BMCR_RESET); - } - if (nway_advertise) { -- mdio_write(skfd, MII_ANAR, nway_advertise | 1); -+ mdio_write(skfd, MII_ADVERTISE, nway_advertise | 1); - opt_restart = 1; - } - if (opt_restart) { - printf("restarting autonegotiation...\n"); - mdio_write(skfd, MII_BMCR, 0x0000); -- mdio_write(skfd, MII_BMCR, MII_BMCR_AN_ENA|MII_BMCR_RESTART); -+ mdio_write(skfd, MII_BMCR, BMCR_ANENABLE|BMCR_ANRESTART); - } - if (fixed_speed) { - int bmcr = 0; -- if (fixed_speed & (MII_AN_100BASETX_FD|MII_AN_100BASETX_HD)) -- bmcr |= MII_BMCR_100MBIT; -- if (fixed_speed & (MII_AN_100BASETX_FD|MII_AN_10BASET_FD)) -- bmcr |= MII_BMCR_DUPLEX; -+ if (fixed_speed & (LPA_100FULL|LPA_100HALF)) -+ bmcr |= BMCR_SPEED100; -+ if (fixed_speed & (LPA_100FULL|LPA_10FULL)) -+ bmcr |= BMCR_FULLDPLX; - mdio_write(skfd, MII_BMCR, bmcr); - } - -@@ -358,7 +369,7 @@ static int do_one_xcvr(int skfd, char *i - - static void watch_one_xcvr(int skfd, char *ifname, int index) - { -- struct mii_data *mii = (struct mii_data *)&ifr.ifr_data; -+ struct mii_ioctl_data *mii = (struct mii_ioctl_data *)&ifr.ifr_data; - static int status[MAX_ETH] = { 0, /* ... */ }; - int now; - diff --git a/net-tools/patches/net-tools-1.60-mii-tool-obsolete.patch b/net-tools/patches/net-tools-1.60-mii-tool-obsolete.patch deleted file mode 100644 index efb7f27..0000000 --- a/net-tools/patches/net-tools-1.60-mii-tool-obsolete.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- net-tools-1.60/man/en_US/mii-tool.8.obsolete 2000-05-21 16:21:38.000000000 +0200 -+++ net-tools-1.60/man/en_US/mii-tool.8 2004-11-11 10:45:51.155113000 +0100 -@@ -18,6 +18,12 @@ - [\fB-F\fR, \fB--force=\fImedia\fR] - .RI [ "interface\ ..." ] - -+.SH NOTE -+.P -+This program is obsolete. Valid media are only \fB100baseT4\fR, -+\fB100baseTx-FD\fR,\fB100baseTx-HD\fR, \fB10baseT-FD\fR and -+\fB10baseT-HD\fR ethernet cards. For replacement check \fBethtool\fB. -+ - .SH DESCRIPTION - This utility checks or sets the status of a network interface's Media - Independent Interface (MII) unit. Most fast ethernet adapters use an -@@ -72,6 +78,9 @@ - commas. Valid media are \fB100baseT4\fR, \fB100baseTx-FD\fR, - \fB100baseTx-HD\fR, \fB10baseT-FD\fR, and \fB10baseT-HD\fR. - -+.SH SEE ALSO -+ethtool(8) -+ - .SH AUTHORS - David Hinds - dhinds@pcmcia.sourceforge.org - .br diff --git a/net-tools/patches/net-tools-1.60-miiioctl.patch b/net-tools/patches/net-tools-1.60-miiioctl.patch deleted file mode 100644 index 4859273..0000000 --- a/net-tools/patches/net-tools-1.60-miiioctl.patch +++ /dev/null @@ -1,17 +0,0 @@ ---- net-tools-1.60/include/mii.h.bar Tue Jul 31 11:49:39 2001 -+++ net-tools-1.60/include/mii.h Tue Jul 31 11:49:33 2001 -@@ -11,11 +11,9 @@ - - /* network interface ioctl's for MII commands */ - #ifndef SIOCGMIIPHY --#define SIOCGMIIPHY (SIOCDEVPRIVATE) /* Read from current PHY */ --#define SIOCGMIIREG (SIOCDEVPRIVATE+1) /* Read any PHY register */ --#define SIOCSMIIREG (SIOCDEVPRIVATE+2) /* Write any PHY register */ --#define SIOCGPARAMS (SIOCDEVPRIVATE+3) /* Read operational parameters */ --#define SIOCSPARAMS (SIOCDEVPRIVATE+4) /* Set operational parameters */ -+#define SIOCGMIIPHY 0x8947 /* Read from current PHY */ -+#define SIOCGMIIREG 0x8948 /* Read any PHY register */ -+#define SIOCSMIIREG 0x8949 /* Write any PHY register */ - #endif - - #include <linux/types.h> diff --git a/net-tools/patches/net-tools-1.60-nameif.patch b/net-tools/patches/net-tools-1.60-nameif.patch deleted file mode 100644 index 7ba1f00..0000000 --- a/net-tools/patches/net-tools-1.60-nameif.patch +++ /dev/null @@ -1,67 +0,0 @@ ---- net-tools-1.60/nameif.c.nameif 2000-10-18 19:26:29.000000000 +0200 -+++ net-tools-1.60/nameif.c 2003-03-19 11:02:01.000000000 +0100 -@@ -3,7 +3,7 @@ - * Writen 2000 by Andi Kleen. - * Subject to the Gnu Public License, version 2. - * TODO: make it support token ring etc. -- * $Id: nameif.c,v 1.1 2000/10/18 17:26:29 ak Exp $ -+ * $Id: nameif.c,v 1.3 2003/03/06 23:26:52 ecki Exp $ - */ - #ifndef _GNU_SOURCE - #define _GNU_SOURCE -@@ -117,7 +117,8 @@ - } - - struct change { -- struct change *next,**pprev; -+ struct change *next; -+ int found; - char ifname[IFNAMSIZ+1]; - unsigned char mac[6]; - }; -@@ -139,10 +140,7 @@ - ch->ifname, pos); - if (parsemac(p,ch->mac) < 0) - complain(_("cannot parse MAC `%s' at %s"), p, pos); -- if (clist) -- clist->pprev = &ch->next; - ch->next = clist; -- ch->pprev = &clist; - clist = ch; - return 0; - } -@@ -200,7 +198,7 @@ - - void usage(void) - { -- fprintf(stderr, _("usage: nameif [-c configurationfile] [-s] {ifname macaddress}")); -+ fprintf(stderr, _("usage: nameif [-c configurationfile] [-s] {ifname macaddress}\n")); - exit(1); - } - -@@ -277,21 +275,21 @@ - ch = lookupmac(mac); - if (!ch) - continue; -- -- *ch->pprev = ch->next; -+ -+ ch->found = 1; - if (strcmp(p, ch->ifname)) { - if (setname(p, ch->ifname) < 0) - complain(_("cannot change name of %s to %s: %s"), - p, ch->ifname, strerror(errno)); - } -- free(ch); - } - fclose(ifh); - - while (clist) { - struct change *ch = clist; - clist = clist->next; -- warning(_("interface '%s' not found"), ch->ifname); -+ if (!ch->found) -+ warning(_("interface '%s' not found"), ch->ifname); - free(ch); - } - diff --git a/net-tools/patches/net-tools-1.60-nameif_strncpy.patch b/net-tools/patches/net-tools-1.60-nameif_strncpy.patch deleted file mode 100644 index 7568e21..0000000 --- a/net-tools/patches/net-tools-1.60-nameif_strncpy.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- net-tools-1.60/nameif.c.ncpy 2006-10-03 14:24:21.000000000 +0200 -+++ net-tools-1.60/nameif.c 2006-10-03 14:22:43.000000000 +0200 -@@ -100,8 +100,8 @@ - struct ifreq ifr; - opensock(); - memset(&ifr,0,sizeof(struct ifreq)); -- strcpy(ifr.ifr_name, oldname); -- strcpy(ifr.ifr_newname, newname); -+ strncpy(ifr.ifr_name, oldname, IF_NAMESIZE); -+ strncpy(ifr.ifr_newname, newname, IF_NAMESIZE); - return ioctl(ctl_sk, SIOCSIFNAME, &ifr); - } - diff --git a/net-tools/patches/net-tools-1.60-netdevice.patch b/net-tools/patches/net-tools-1.60-netdevice.patch deleted file mode 100644 index 08bdb58..0000000 --- a/net-tools/patches/net-tools-1.60-netdevice.patch +++ /dev/null @@ -1,22 +0,0 @@ ---- net-tools-1.60/lib/fddi.c.netdevice 2000-03-05 12:26:02.000000000 +0100 -+++ net-tools-1.60/lib/fddi.c 2006-05-09 11:19:51.000000000 +0200 -@@ -26,6 +26,8 @@ - #error "No FDDI Support in your current Kernelsource Tree." - #error "Disable HW Type FDDI" - #endif -+#include <linux/netdevice.h> -+#include <asm/byteorder.h> - #if __GLIBC__ >= 2 - #include <netinet/if_fddi.h> - #else ---- net-tools-1.60/lib/x25_sr.c.netdevice 2000-05-20 15:38:10.000000000 +0200 -+++ net-tools-1.60/lib/x25_sr.c 2006-05-09 11:20:15.000000000 +0200 -@@ -77,7 +77,7 @@ - rt.sigdigits=sigdigits; - - /* x25_route_struct.address isn't type struct sockaddr_x25, Why? */ -- memcpy(&rt.address, &sx25.sx25_addr, sizeof(x25_address)); -+ memcpy(&rt.address, &sx25.sx25_addr, sizeof(struct x25_address)); - - while (*args) { - if (!strcmp(*args,"device") || !strcmp(*args,"dev")) { diff --git a/net-tools/patches/net-tools-1.60-netmask.patch b/net-tools/patches/net-tools-1.60-netmask.patch deleted file mode 100644 index 532898a..0000000 --- a/net-tools/patches/net-tools-1.60-netmask.patch +++ /dev/null @@ -1,61 +0,0 @@ ---- net-tools-1.60/ifconfig.c.netmask 2001-04-13 20:25:18.000000000 +0200 -+++ net-tools-1.60/ifconfig.c 2004-11-02 15:31:56.454594456 +0100 -@@ -23,6 +23,7 @@ - * 20001008 - Bernd Eckenfels, Patch from RH for setting mtu - * (default AF was wrong) - * 20010404 - Arnaldo Carvalho de Melo, use setlocale -+ * 20040831 - Florin Malita fmalita@glenayre.com delayed CIDR netmask - */ - - #define DFLT_AF "inet" -@@ -227,13 +228,13 @@ - - int main(int argc, char **argv) - { -- struct sockaddr sa; -+ struct sockaddr sa, sa_netmask; - struct sockaddr_in sin; - char host[128]; - struct aftype *ap; - struct hwtype *hw; - struct ifreq ifr; -- int goterr = 0, didnetmask = 0; -+ int goterr = 0, didnetmask = 0, donetmask = 0; - char **spp; - int fd; - #if HAVE_AFINET6 -@@ -903,16 +904,16 @@ - /* FIXME: sa is too small for INET6 addresses, inet6 should use that too, - broadcast is unexpected */ - if (ap->getmask) { -- switch (ap->getmask(host, &sa, NULL)) { -+ switch (ap->getmask(host, &sa_netmask, NULL)) { - case -1: - usage(); - break; - case 1: - if (didnetmask) - usage(); -- -- goterr = set_netmask(skfd, &ifr, &sa); -- didnetmask++; -+ -+ /* delay setting the CIDR netmask till after setting the addr */ -+ donetmask = 1; - break; - } - } -@@ -960,6 +961,13 @@ - } - } - -+ /* set CIDR netmask */ -+ if (donetmask) { -+ donetmask = 0; -+ goterr = set_netmask(skfd, &ifr, &sa_netmask); -+ didnetmask++; -+ } -+ - /* - * Don't do the set_flag() if the address is an alias with a - at the - * end, since it's deleted already! - Roman diff --git a/net-tools/patches/net-tools-1.60-netstat-I-fix.patch b/net-tools/patches/net-tools-1.60-netstat-I-fix.patch deleted file mode 100644 index ab89201..0000000 --- a/net-tools/patches/net-tools-1.60-netstat-I-fix.patch +++ /dev/null @@ -1,10 +0,0 @@ ---- net-tools-1.60/netstat.c.old 2006-10-02 12:03:49.000000000 +0200 -+++ net-tools-1.60/netstat.c 2006-10-02 12:02:12.000000000 +0200 -@@ -2233,6 +2233,7 @@ int main - break; - case 'I': - if (optarg && strcmp(optarg, "(null)")) -+ if (optarg[0] == '=') optarg++; - flag_int_name = strdup(optarg); - flag_int++; - break; diff --git a/net-tools/patches/net-tools-1.60-netstat-interfaces-crash.patch b/net-tools/patches/net-tools-1.60-netstat-interfaces-crash.patch deleted file mode 100644 index bb99932..0000000 --- a/net-tools/patches/net-tools-1.60-netstat-interfaces-crash.patch +++ /dev/null @@ -1,25 +0,0 @@ ---- net-tools-1.60/netstat.c.old 2007-03-27 09:28:28.000000000 +0200 -+++ net-tools-1.60/netstat.c 2007-03-27 09:26:39.000000000 +0200 -@@ -2105,7 +2105,7 @@ - fprintf(stderr, _(" netstat { [-veenNac] -I[<Iface>] | [-veenNac] -i | [-cnNe] -M | -s } [delay]\n\n")); - - fprintf(stderr, _(" -r, --route display routing table\n")); -- fprintf(stderr, _(" -I, --interfaces=[<Iface>] display interface table for <Iface>\n")); -+ fprintf(stderr, _(" -I, --interface=[<Iface>] display interface table for <Iface>\n")); - fprintf(stderr, _(" -i, --interfaces display interface table\n")); - fprintf(stderr, _(" -g, --groups display multicast group memberships\n")); - fprintf(stderr, _(" -s, --statistics display networking statistics (like SNMP)\n")); -@@ -2234,7 +2234,12 @@ - case 'I': - if (optarg && strcmp(optarg, "(null)")) - if (optarg[0] == '=') optarg++; -- flag_int_name = strdup(optarg); -+ if (optarg && strcmp(optarg, "(null)")) -+ flag_int_name = strdup(optarg); -+ else { -+ usage(); -+ exit(1); -+ } - flag_int++; - break; - case 'i': diff --git a/net-tools/patches/net-tools-1.60-netstat-leak.patch b/net-tools/patches/net-tools-1.60-netstat-leak.patch deleted file mode 100644 index 6417f76..0000000 --- a/net-tools/patches/net-tools-1.60-netstat-leak.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up net-tools-1.60/netstat.c.netstat-leak net-tools-1.60/netstat.c ---- net-tools-1.60/netstat.c.netstat-leak 2010-09-16 10:49:49.000000000 +0200 -+++ net-tools-1.60/netstat.c 2010-09-16 10:53:47.000000000 +0200 -@@ -558,6 +558,7 @@ static void tcp_node_hash_clear(void) - } - - /* free the bucket itself */ -+ free(tcp_node_hash[i]->socket_pair); - free(tcp_node_hash[i]); - tcp_node_hash[i] = NULL; - } diff --git a/net-tools/patches/net-tools-1.60-netstat-probe.patch b/net-tools/patches/net-tools-1.60-netstat-probe.patch deleted file mode 100644 index d6d7342..0000000 --- a/net-tools/patches/net-tools-1.60-netstat-probe.patch +++ /dev/null @@ -1,15 +0,0 @@ -diff -up net-tools-1.60/netstat.c.probe net-tools-1.60/netstat.c ---- net-tools-1.60/netstat.c.probe 2008-10-15 12:47:41.000000000 +0200 -+++ net-tools-1.60/netstat.c 2008-10-15 12:49:48.000000000 +0200 -@@ -1061,6 +1061,11 @@ static void tcp_do_one(int lnr, const ch - (double) time_len / HZ, retr, timeout); - break; - -+ case 4: -+ snprintf(timers, sizeof(timers), _("probe (%2.2f/%ld/%d)"), -+ (double) time_len / HZ, retr, timeout); -+ break; -+ - default: - snprintf(timers, sizeof(timers), _("unkn-%d (%2.2f/%ld/%d)"), - timer_run, (double) time_len / HZ, retr, timeout); diff --git a/net-tools/patches/net-tools-1.60-netstat_inode.patch b/net-tools/patches/net-tools-1.60-netstat_inode.patch deleted file mode 100644 index 4bce9a8..0000000 --- a/net-tools/patches/net-tools-1.60-netstat_inode.patch +++ /dev/null @@ -1,186 +0,0 @@ ---- net-tools-1.60/netstat.c.inode 2006-02-23 09:28:23.000000000 +0100 -+++ net-tools-1.60/netstat.c 2006-02-23 09:33:57.000000000 +0100 -@@ -231,7 +231,7 @@ - - static struct prg_node { - struct prg_node *next; -- int inode; -+ unsigned long inode; - char name[PROGNAME_WIDTH]; - char scon[SELINUX_WIDTH]; - } *prg_hash[PRG_HASH_SIZE]; -@@ -268,7 +268,7 @@ - /* NOT working as of glibc-2.0.7: */ - #undef DIRENT_HAVE_D_TYPE_WORKS - --static void prg_cache_add(int inode, char *name, char *scon) -+static void prg_cache_add(unsigned long inode, char *name, char *scon) - { - unsigned hi = PRG_HASHIT(inode); - struct prg_node **pnp,*pn; -@@ -332,15 +332,16 @@ - prg_cache_loaded=0; - } - --static void extract_type_1_socket_inode(const char lname[], long * inode_p) { -+static void extract_type_1_socket_inode(const char lname[], unsigned long * inode_p, int * status) { - - /* If lname is of the form "socket:[12345]", extract the "12345" -- as *inode_p. Otherwise, return -1 as *inode_p. -+ as *inode_p. Otherwise, return -1 as *status. - */ - -- if (strlen(lname) < PRG_SOCKET_PFXl+3) *inode_p = -1; -- else if (memcmp(lname, PRG_SOCKET_PFX, PRG_SOCKET_PFXl)) *inode_p = -1; -- else if (lname[strlen(lname)-1] != ']') *inode_p = -1; -+ *status = 0; -+ if (strlen(lname) < PRG_SOCKET_PFXl+3) *status = -1; -+ else if (memcmp(lname, PRG_SOCKET_PFX, PRG_SOCKET_PFXl)) *status = -1; -+ else if (lname[strlen(lname)-1] != ']') *status = -1; - else { - char inode_str[strlen(lname + 1)]; /* e.g. "12345" */ - const int inode_str_len = strlen(lname) - PRG_SOCKET_PFXl - 1; -@@ -348,28 +349,30 @@ - - strncpy(inode_str, lname+PRG_SOCKET_PFXl, inode_str_len); - inode_str[inode_str_len] = '\0'; -- *inode_p = strtol(inode_str,&serr,0); -- if (!serr || *serr || *inode_p < 0 || *inode_p >= INT_MAX) -- *inode_p = -1; -+ errno = 0; -+ *inode_p = strtoul(inode_str,&serr,0); -+ if (!serr || *serr || errno) -+ *status = -1; - } - } - - - --static void extract_type_2_socket_inode(const char lname[], long * inode_p) { -+static void extract_type_2_socket_inode(const char lname[], unsigned long * inode_p, int * status) { - - /* If lname is of the form "[0000]:12345", extract the "12345" -- as *inode_p. Otherwise, return -1 as *inode_p. -+ as *inode_p. Otherwise, return -1 as *status. - */ - -- if (strlen(lname) < PRG_SOCKET_PFX2l+1) *inode_p = -1; -- else if (memcmp(lname, PRG_SOCKET_PFX2, PRG_SOCKET_PFX2l)) *inode_p = -1; -+ if (strlen(lname) < PRG_SOCKET_PFX2l+1) *status = -1; -+ else if (memcmp(lname, PRG_SOCKET_PFX2, PRG_SOCKET_PFX2l)) *status = -1; - else { - char *serr; - -- *inode_p=strtol(lname + PRG_SOCKET_PFX2l,&serr,0); -- if (!serr || *serr || *inode_p < 0 || *inode_p >= INT_MAX) -- *inode_p = -1; -+ errno = 0; -+ *inode_p=strtoul(lname + PRG_SOCKET_PFX2l,&serr,0); -+ if (!serr || *serr || errno) -+ *status = -1; - } - } - -@@ -380,11 +383,12 @@ - char line[LINE_MAX],eacces=0; - int procfdlen,fd,cmdllen,lnamelen; - char lname[30],cmdlbuf[512],finbuf[PROGNAME_WIDTH]; -- long inode; -+ unsigned long inode; - const char *cs,*cmdlp; - DIR *dirproc=NULL,*dirfd=NULL; - struct dirent *direproc,*direfd; - security_context_t scon=NULL; -+ int status; - - if (prg_cache_loaded || !flag_prg) return; - prg_cache_loaded=1; -@@ -424,11 +428,11 @@ - lnamelen=readlink(line,lname,sizeof(lname)-1); - lname[lnamelen] = '\0'; /*make it a null-terminated string*/ - -- extract_type_1_socket_inode(lname, &inode); -+ extract_type_1_socket_inode(lname, &inode, &status); - -- if (inode < 0) extract_type_2_socket_inode(lname, &inode); -+ if (status < 0) extract_type_2_socket_inode(lname, &inode, &status); - -- if (inode < 0) continue; -+ if (status < 0) continue; - - if (!cmdlp) { - if (procfdlen - PATH_FD_SUFFl + PATH_CMDLINEl >= -@@ -732,7 +736,7 @@ - printf("%-10s ", pw->pw_name); - else - printf("%-10d ", uid); -- printf("%-10ld ",inode); -+ printf("%-10lu ",inode); - } - if (flag_prg) - printf("%-" PROGNAME_WIDTHs "s",prg_cache_get(inode)); -@@ -921,7 +925,7 @@ - return; - - num = sscanf(line, -- "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %ld %512s\n", -+ "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %512s\n", - &d, local_addr, &local_port, rem_addr, &rem_port, &state, - &txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more); - -@@ -1064,7 +1068,7 @@ - - more[0] = '\0'; - num = sscanf(line, -- "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %ld %512s\n", -+ "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %512s\n", - &d, local_addr, &local_port, - rem_addr, &rem_port, &state, - &txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more); -@@ -1206,7 +1210,7 @@ - - more[0] = '\0'; - num = sscanf(line, -- "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %ld %512s\n", -+ "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %512s\n", - &d, local_addr, &local_port, rem_addr, &rem_port, &state, - &txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more); - -@@ -1320,9 +1324,9 @@ - static int has = 0; - char path[MAXPATHLEN], ss_flags[32]; - char *ss_proto, *ss_state, *ss_type; -- int num, state, type, inode; -+ int num, state, type; - void *d; -- unsigned long refcnt, proto, flags; -+ unsigned long refcnt, proto, flags, inode; - - if (nr == 0) { - if (strstr(line, "Inode")) -@@ -1330,14 +1334,14 @@ - return; - } - path[0] = '\0'; -- num = sscanf(line, "%p: %lX %lX %lX %X %X %d %s", -+ num = sscanf(line, "%p: %lX %lX %lX %X %X %lu %s", - &d, &refcnt, &proto, &flags, &type, &state, &inode, path); - if (num < 6) { - fprintf(stderr, _("warning, got bogus unix line.\n")); - return; - } - if (!(has & HAS_INODE)) -- snprintf(path,sizeof(path),"%d",inode); -+ snprintf(path,sizeof(path),"%lu",inode); - - if (!flag_all) { - if ((state == SS_UNCONNECTED) && (flags & SO_ACCEPTCON)) { -@@ -1429,7 +1433,7 @@ - printf("%-5s %-6ld %-11s %-10s %-13s ", - ss_proto, refcnt, ss_flags, ss_type, ss_state); - if (has & HAS_INODE) -- printf("%-6d ",inode); -+ printf("%-6lu ",inode); - else - printf("- "); - if (flag_prg) diff --git a/net-tools/patches/net-tools-1.60-netstat_stop_trim.patch b/net-tools/patches/net-tools-1.60-netstat_stop_trim.patch deleted file mode 100644 index fcffcaa..0000000 --- a/net-tools/patches/net-tools-1.60-netstat_stop_trim.patch +++ /dev/null @@ -1,91 +0,0 @@ ---- net-tools-1.60/man/en_US/netstat.8.old 2006-02-10 11:18:11.000000000 +0100 -+++ net-tools-1.60/man/en_US/netstat.8 2006-02-10 11:22:19.000000000 +0100 -@@ -176,6 +176,10 @@ - Print routing information from the FIB. (This is the default.) - .SS "-C" - Print routing information from the route cache. -+.SS "-Z --context" -+If SELinux enabled print SELinux context. -+.SS "-T --notrim" -+Stop trimming long addresses. - .SS delay - Netstat will cycle printing through statistics every - .B delay ---- net-tools-1.60/netstat.c.old 2006-02-10 11:18:12.000000000 +0100 -+++ net-tools-1.60/netstat.c 2006-02-10 11:13:50.000000000 +0100 -@@ -157,6 +157,9 @@ - int flag_arg = 0; - int flag_ver = 0; - int flag_selinux = 0; -+int flag_trim = 0; -+ -+ - - FILE *procinfo; - -@@ -980,16 +983,20 @@ - get_sname(htons(local_port), "tcp", - flag_not & FLAG_NUM_PORT)); - -- if ((strlen(local_addr) + strlen(buffer)) >= 27) -- local_addr[27 - strlen(buffer) - 1] = '\0'; -+ if (!flag_trim) { -+ if ((strlen(local_addr) + strlen(buffer)) >= 27) -+ local_addr[27 - strlen(buffer) - 1] = '\0'; -+ } - - strcat(local_addr, ":"); - strncat(local_addr, buffer, sizeof(local_addr)-strlen(local_addr)-1); - snprintf(buffer, sizeof(buffer), "%s", - get_sname(htons(rem_port), "tcp", flag_not & FLAG_NUM_PORT)); -- -- if ((strlen(rem_addr) + strlen(buffer)) >= 27) -- rem_addr[27 - strlen(buffer) - 1] = '\0'; -+ -+ if (!flag_trim) { -+ if ((strlen(rem_addr) + strlen(buffer)) >= 27) -+ rem_addr[27 - strlen(buffer) - 1] = '\0'; -+ } - - strcat(rem_addr, ":"); - strncat(rem_addr, buffer, sizeof(rem_addr)-strlen(rem_addr)-1); -@@ -1776,6 +1783,7 @@ - {"fib", 0, 0, 'F'}, - {"groups", 0, 0, 'g'}, - {"context", 0, 0, 'Z'}, -+ {"notrim", 0, 0, 'T'}, - {NULL, 0, 0, 0} - }; - -@@ -1788,7 +1796,7 @@ - - afname[0] = '\0'; - -- while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxlZ", longopts, &lop)) != EOF) -+ while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxlZT", longopts, &lop)) != EOF) - switch (i) { - case -1: - break; -@@ -1904,6 +1912,10 @@ - usage(); - case 's': - flag_sta++; -+ break; -+ case 'T': -+ flag_trim++; -+ break; - } - - if(argc == optind + 1) { ---- net-tools-1.60/netstat.c.trim2 2006-04-06 16:12:02.000000000 +0200 -+++ net-tools-1.60/netstat.c 2006-04-06 16:18:09.000000000 +0200 -@@ -1737,7 +1737,8 @@ - fprintf(stderr, _(" -a, --all, --listening display all sockets (default: connected)\n")); - fprintf(stderr, _(" -o, --timers display timers\n")); - fprintf(stderr, _(" -F, --fib display Forwarding Information Base (default)\n")); -- fprintf(stderr, _(" -C, --cache display routing cache instead of FIB\n\n")); -+ fprintf(stderr, _(" -C, --cache display routing cache instead of FIB\n")); -+ fprintf(stderr, _(" -T, --notrim stop trimming long addresses\n")); - fprintf(stderr, _(" -Z, --context display SELinux security context for sockets\n\n")); - - fprintf(stderr, _(" <Iface>: Name of interface to monitor/list.\n")); diff --git a/net-tools/patches/net-tools-1.60-netstat_ulong.patch b/net-tools/patches/net-tools-1.60-netstat_ulong.patch deleted file mode 100644 index 56869dc..0000000 --- a/net-tools/patches/net-tools-1.60-netstat_ulong.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- net-tools-1.60/netstat.c.netstat_ulong 2004-11-11 14:28:44.000000000 +0100 -+++ net-tools-1.60/netstat.c 2004-11-11 14:31:14.099313000 +0100 -@@ -273,7 +273,7 @@ - strcpy(pn->name,name); - } - --static const char *prg_cache_get(int inode) -+static const char *prg_cache_get(unsigned long inode) - { - unsigned hi=PRG_HASHIT(inode); - struct prg_node *pn; diff --git a/net-tools/patches/net-tools-1.60-note.patch b/net-tools/patches/net-tools-1.60-note.patch deleted file mode 100644 index 4853ccd..0000000 --- a/net-tools/patches/net-tools-1.60-note.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- net-tools-1.60/man/en_US/hostname.1.note 2004-11-24 12:09:28.000000000 +0100 -+++ net-tools-1.60/man/en_US/hostname.1 2004-11-24 12:16:41.121050760 +0100 -@@ -191,6 +191,10 @@ - ) then root can also set a new NIS domain. - .SH FILES - .B /etc/hosts -+.B /etc/sysconfig/network -+.SH NOTE -+Note that hostname doesn't change anything permanently. After reboot -+original names from \fI/etc/hosts\fR are used again. - .SH AUTHOR - Peter Tobias, tobias@et-inf.fho-emden.de - .br diff --git a/net-tools/patches/net-tools-1.60-num-ports.patch b/net-tools/patches/net-tools-1.60-num-ports.patch deleted file mode 100644 index d83cfc5..0000000 --- a/net-tools/patches/net-tools-1.60-num-ports.patch +++ /dev/null @@ -1,78 +0,0 @@ ---- net-tools-1.60/netstat.c.num-ports 2004-11-24 12:19:24.000000000 +0100 -+++ net-tools-1.60/netstat.c 2004-11-25 16:00:45.208367104 +0100 -@@ -765,8 +765,8 @@ - txq = 0L; - } - safe_strncpy(local_addr, ap->sprint((struct sockaddr *) &localaddr, -- flag_not), sizeof(local_addr)); -- safe_strncpy(rem_addr, ap->sprint((struct sockaddr *) &remaddr, flag_not), -+ flag_not & FLAG_NUM_HOST), sizeof(local_addr)); -+ safe_strncpy(rem_addr, ap->sprint((struct sockaddr *) &remaddr, flag_not & FLAG_NUM_HOST), - sizeof(rem_addr)); - if (flag_all || (flag_lst && !rem_port) || (!flag_lst && rem_port)) { - snprintf(buffer, sizeof(buffer), "%s", -@@ -921,11 +921,11 @@ - if (flag_all || (notnull(remaddr) && !flag_lst) || (!notnull(remaddr) && flag_lst)) - { - safe_strncpy(local_addr, ap->sprint((struct sockaddr *) &localaddr, -- flag_not), sizeof(local_addr)); -+ flag_not & FLAG_NUM_HOST), sizeof(local_addr)); - snprintf(buffer, sizeof(buffer), "%s", - get_sname(htons(local_port), "udp", - flag_not & FLAG_NUM_PORT)); -- if ((strlen(local_addr) + strlen(buffer)) > 22) -+ if ((strlen(local_addr) + strlen(buffer)) >= 27) - local_addr[22 - strlen(buffer)] = '\0'; - strcat(local_addr, ":"); - strncat(local_addr, buffer, sizeof(local_addr)-strlen(local_addr)-1); -@@ -934,8 +934,8 @@ - snprintf(buffer, sizeof(buffer), "%s", - get_sname(htons(rem_port), "udp", flag_not & FLAG_NUM_PORT)); - safe_strncpy(rem_addr, ap->sprint((struct sockaddr *) &remaddr, -- flag_not), sizeof(rem_addr)); -- if ((strlen(rem_addr) + strlen(buffer)) > 22) -+ flag_not & FLAG_NUM_HOST), sizeof(rem_addr)); -+ if ((strlen(rem_addr) + strlen(buffer)) >= 27) - rem_addr[22 - strlen(buffer)] = '\0'; - strcat(rem_addr, ":"); - strncat(rem_addr, buffer, sizeof(rem_addr)-strlen(rem_addr)-1); -@@ -958,7 +958,7 @@ - retr, timeout); - break; - } -- printf("udp %6ld %6ld %-23s %-23s %-12s", -+ printf("udp %6ld %6ld %-27s %-27s %-12s", - rxq, txq, local_addr, rem_addr, udp_state); - - finish_this_one(uid,inode,timers); -@@ -1045,8 +1045,8 @@ - get_sname(htons(local_port), "raw", - flag_not & FLAG_NUM_PORT)); - safe_strncpy(local_addr, ap->sprint((struct sockaddr *) &localaddr, -- flag_not), sizeof(local_addr)); -- if ((strlen(local_addr) + strlen(buffer)) > 22) -+ flag_not & FLAG_NUM_HOST), sizeof(local_addr)); -+ if ((strlen(local_addr) + strlen(buffer)) >= 27) - local_addr[22 - strlen(buffer)] = '\0'; - strcat(local_addr, ":"); - strncat(local_addr, buffer, sizeof(local_addr)-strlen(local_addr)-1); -@@ -1055,8 +1055,8 @@ - snprintf(buffer, sizeof(buffer), "%s", - get_sname(htons(rem_port), "raw", flag_not & FLAG_NUM_PORT)); - safe_strncpy(rem_addr, ap->sprint((struct sockaddr *) &remaddr, -- flag_not), sizeof(rem_addr)); -- if ((strlen(rem_addr) + strlen(buffer)) > 22) -+ flag_not & FLAG_NUM_HOST), sizeof(rem_addr)); -+ if ((strlen(rem_addr) + strlen(buffer)) >= 27) - rem_addr[22 - strlen(buffer)] = '\0'; - strcat(rem_addr, ":"); - strncat(rem_addr, buffer, sizeof(rem_addr)-strlen(rem_addr)-1); -@@ -1081,7 +1081,7 @@ - retr, timeout); - break; - } -- printf("raw %6ld %6ld %-23s %-23s %-12d", -+ printf("raw %6ld %6ld %-27s %-27s %-12d", - rxq, txq, local_addr, rem_addr, state); - - finish_this_one(uid,inode,timers); diff --git a/net-tools/patches/net-tools-1.60-overflow.patch b/net-tools/patches/net-tools-1.60-overflow.patch deleted file mode 100644 index d7b82b1..0000000 --- a/net-tools/patches/net-tools-1.60-overflow.patch +++ /dev/null @@ -1,57 +0,0 @@ -diff -up net-tools-1.60/netstat.c.overflow net-tools-1.60/netstat.c ---- net-tools-1.60/netstat.c.overflow 2010-01-02 10:45:45.000000000 +0100 -+++ net-tools-1.60/netstat.c 2010-01-02 10:50:50.000000000 +0100 -@@ -777,7 +777,7 @@ static void tcp_do_one(int lnr, const ch - local_addr[22 - strlen(buffer)] = '\0'; - - strcat(local_addr, ":"); -- strcat(local_addr, buffer); -+ strncat(local_addr, buffer, sizeof(local_addr)-strlen(local_addr)-1); - snprintf(buffer, sizeof(buffer), "%s", - get_sname(htons(rem_port), "tcp", flag_not & FLAG_NUM_PORT)); - -@@ -785,7 +785,7 @@ static void tcp_do_one(int lnr, const ch - rem_addr[22 - strlen(buffer)] = '\0'; - - strcat(rem_addr, ":"); -- strcat(rem_addr, buffer); -+ strncat(rem_addr, buffer, sizeof(rem_addr)-strlen(rem_addr)-1); - timers[0] = '\0'; - - if (flag_opt) -@@ -926,7 +926,7 @@ static void udp_do_one(int lnr, const ch - if ((strlen(local_addr) + strlen(buffer)) > 22) - local_addr[22 - strlen(buffer)] = '\0'; - strcat(local_addr, ":"); -- strcat(local_addr, buffer); -+ strncat(local_addr, buffer, sizeof(local_addr)-strlen(local_addr)-1); - - snprintf(buffer, sizeof(buffer), "%s", - get_sname(htons(rem_port), "udp", flag_not & FLAG_NUM_PORT)); -@@ -935,7 +935,7 @@ static void udp_do_one(int lnr, const ch - if ((strlen(rem_addr) + strlen(buffer)) > 22) - rem_addr[22 - strlen(buffer)] = '\0'; - strcat(rem_addr, ":"); -- strcat(rem_addr, buffer); -+ strncat(rem_addr, buffer, sizeof(rem_addr)-strlen(rem_addr)-1); - - timers[0] = '\0'; - if (flag_opt) -@@ -1045,7 +1045,7 @@ static void raw_do_one(int lnr, const ch - if ((strlen(local_addr) + strlen(buffer)) > 22) - local_addr[22 - strlen(buffer)] = '\0'; - strcat(local_addr, ":"); -- strcat(local_addr, buffer); -+ strncat(local_addr, buffer, sizeof(local_addr)-strlen(local_addr)-1); - - snprintf(buffer, sizeof(buffer), "%s", - get_sname(htons(rem_port), "raw", flag_not & FLAG_NUM_PORT)); -@@ -1054,7 +1054,7 @@ static void raw_do_one(int lnr, const ch - if ((strlen(rem_addr) + strlen(buffer)) > 22) - rem_addr[22 - strlen(buffer)] = '\0'; - strcat(rem_addr, ":"); -- strcat(rem_addr, buffer); -+ strncat(rem_addr, buffer, sizeof(rem_addr)-strlen(rem_addr)-1); - - timers[0] = '\0'; - if (flag_opt) diff --git a/net-tools/patches/net-tools-1.60-parse.patch b/net-tools/patches/net-tools-1.60-parse.patch deleted file mode 100644 index 25890f1..0000000 --- a/net-tools/patches/net-tools-1.60-parse.patch +++ /dev/null @@ -1,70 +0,0 @@ ---- net-tools-1.60/statistics.c.parse 2004-09-06 10:45:35.595130240 +0200 -+++ net-tools-1.60/statistics.c 2004-09-06 10:43:11.000000000 +0200 -@@ -289,7 +289,7 @@ - return &dummytab; - } - --void process_fd(FILE *f) -+void process_fd(FILE *f,int file_desc) // added file_desc to show propriate error mesg - { - char buf1[1024], buf2[1024]; - char *sp, *np, *p; -@@ -297,12 +297,16 @@ - int endflag; - struct tabtab *tab; - -+ if (strcmp(buf1,"\n") == 0) // cut leading break -+ if (!fgets(buf1, sizeof buf1, f)) -+ break; - if (!fgets(buf2, sizeof buf2, f)) - break; -+ - sp = strchr(buf1, ':'); -- np = strchr(buf2, ':'); -- if (!np || !sp) -- goto formaterr; -+ np = strchr(buf2, ':'); -+ if (!np || !sp) -+ goto formaterr; - *sp = '\0'; - - tab = newtable(snmptabs, buf1); -@@ -333,7 +337,12 @@ - return; - - formaterr: -- perror(_("error parsing /proc/net/snmp")); -+ switch(file_desc) { -+ case 0: perror(_("error parsing /proc/net/snmp")); -+ break; -+ case 1: perror(_("error parsing /proc/net/netstat")); -+ break; -+ } - return; - } - -@@ -343,13 +352,13 @@ - FILE *f; - - f_raw = flag_raw; f_tcp = flag_tcp; f_udp = flag_udp; -- -+ - f = fopen("/proc/net/snmp", "r"); - if (!f) { - perror(_("cannot open /proc/net/snmp")); - return(1); - } -- process_fd(f); -+ process_fd(f,0); - - if (ferror(f)) { - perror("/proc/net/snmp"); -@@ -361,7 +370,7 @@ - f = fopen("/proc/net/netstat", "r"); - - if (f) { -- process_fd(f); -+ process_fd(f,1); - - if (ferror(f)) { - perror("/proc/net/netstat"); diff --git a/net-tools/patches/net-tools-1.60-pie.patch b/net-tools/patches/net-tools-1.60-pie.patch deleted file mode 100644 index d4496ff..0000000 --- a/net-tools/patches/net-tools-1.60-pie.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- net-tools-1.60/Makefile.pie 2001-04-15 16:34:31.000000000 +0200 -+++ net-tools-1.60/Makefile 2005-02-28 12:41:15.337127680 +0100 -@@ -113,8 +113,8 @@ - - NET_LIB = $(NET_LIB_PATH)/lib$(NET_LIB_NAME).a - --CFLAGS = $(COPTS) -I. -idirafter ./include/ -I$(NET_LIB_PATH) --LDFLAGS = $(LOPTS) -L$(NET_LIB_PATH) -+CFLAGS += $(COPTS) -I. -idirafter ./include/ -I$(NET_LIB_PATH) -+LDFLAGS += $(LOPTS) -L$(NET_LIB_PATH) - - SUBDIRS = man/ $(NET_LIB_PATH)/ - diff --git a/net-tools/patches/net-tools-1.60-remove_node.patch b/net-tools/patches/net-tools-1.60-remove_node.patch deleted file mode 100644 index 8fbfe65..0000000 --- a/net-tools/patches/net-tools-1.60-remove_node.patch +++ /dev/null @@ -1,24 +0,0 @@ ---- net-tools-1.60/man/en_US/hostname.1.old 2007-03-15 13:45:55.000000000 +0100 -+++ net-tools-1.60/man/en_US/hostname.1 2007-03-15 13:49:12.000000000 +0100 -@@ -28,8 +28,6 @@ - .RB [ -y ] - .RB [ --yp ] - .RB [ --nis ] --.RB [ -n ] --.RB [ --node ] - - .PP - .B hostname ---- net-tools-1.60/hostname.c.old 2007-03-15 13:45:55.000000000 +0100 -+++ net-tools-1.60/hostname.c 2007-03-15 13:47:27.000000000 +0100 -@@ -234,8 +234,9 @@ - fprintf(stderr, _(" domainname [-v] {nisdomain|-F file} set NIS domainname (from file)\n")); - #if HAVE_AFDECnet - fprintf(stderr, _(" nodename [-v] {nodename|-F file} set DECnet node name (from file)\n")); -+ fprintf(stderr, _(" hostname [-n] DECnet domain name\n")); - #endif -- fprintf(stderr, _(" hostname [-v] [-d|-f|-s|-a|-i|-y|-n] display formatted name\n")); -+ fprintf(stderr, _(" hostname [-v] [-d|-f|-s|-a|-i|-y] display formatted name\n")); - fprintf(stderr, _(" hostname [-v] display hostname\n\n")); - fprintf(stderr, _(" hostname -V|--version|-h|--help print info and exit\n\n")); - fprintf(stderr, _(" dnsdomainname=hostname -d, {yp,nis,}domainname=hostname -y\n\n")); diff --git a/net-tools/patches/net-tools-1.60-return.patch b/net-tools/patches/net-tools-1.60-return.patch deleted file mode 100644 index 8ef10f5..0000000 --- a/net-tools/patches/net-tools-1.60-return.patch +++ /dev/null @@ -1,28 +0,0 @@ ---- net-tools-1.60/nameif.c.return 2004-08-03 18:01:37.000000000 +0900 -+++ net-tools-1.60/nameif.c 2004-08-03 18:03:37.000000000 +0900 -@@ -27,6 +27,7 @@ - const char *fname = default_conf; - int use_syslog; - int ctl_sk = -1; -+int frag = 0; - - void err(char *msg) - { -@@ -288,13 +289,15 @@ - while (clist) { - struct change *ch = clist; - clist = clist->next; -- if (!ch->found) -+ if (!ch->found){ - warning(_("interface '%s' not found"), ch->ifname); -+ frag = 1; -+ } - free(ch); - } - - if (use_syslog) - closelog(); -- return 0; -+ return frag; - } - diff --git a/net-tools/patches/net-tools-1.60-scanf-format.patch b/net-tools/patches/net-tools-1.60-scanf-format.patch deleted file mode 100644 index 79d917b..0000000 --- a/net-tools/patches/net-tools-1.60-scanf-format.patch +++ /dev/null @@ -1,140 +0,0 @@ -diff -up net-tools-1.60/arp.c.scanf-format net-tools-1.60/arp.c ---- net-tools-1.60/arp.c.scanf-format 2009-07-08 11:17:09.000000000 +0200 -+++ net-tools-1.60/arp.c 2009-07-08 11:43:39.000000000 +0200 -@@ -557,7 +557,7 @@ static int arp_show(char *name) - /* Read the ARP cache entries. */ - for (num = 0; num < entries; num++) { - fgets(line, sizeof(line), fp); -- if (sscanf(line, "%s 0x%x 0x%x %100s %100s %100s\n", -+ if (sscanf(line, "%s 0x%x 0x%x %99s %99s %99s\n", - ip, &type, &flags, hwa, mask, dev) < 4) - break; - -diff -up net-tools-1.60/lib/inet_gr.c.scanf-format net-tools-1.60/lib/inet_gr.c ---- net-tools-1.60/lib/inet_gr.c.scanf-format 2000-10-28 12:59:42.000000000 +0200 -+++ net-tools-1.60/lib/inet_gr.c 2009-07-08 11:49:59.000000000 +0200 -@@ -38,7 +38,7 @@ extern char *INET_sprintmask(struct sock - - int rprint_fib(int ext, int numeric) - { -- char buff[1024], iface[16], flags[64]; -+ char buff[1024], iface[17], flags[64]; - char gate_addr[128], net_addr[128]; - char mask_addr[128]; - int num, iflags, metric, refcnt, use, mss, window, irtt; -@@ -69,18 +69,18 @@ int rprint_fib(int ext, int numeric) - - fmt = proc_gen_fmt(_PATH_PROCNET_ROUTE, 0, fp, - "Iface", "%16s", -- "Destination", "%128s", -- "Gateway", "%128s", -+ "Destination", "%127s", -+ "Gateway", "%127s", - "Flags", "%X", - "RefCnt", "%d", - "Use", "%d", - "Metric", "%d", -- "Mask", "%128s", -+ "Mask", "%127s", - "MTU", "%d", - "Window", "%d", - "IRTT", "%d", - NULL); -- /* "%16s %128s %128s %X %d %d %d %128s %d %d %d\n" */ -+ /* "%16s %127s %127s %X %d %d %d %127s %d %d %d\n" */ - - if (!fmt) - return 1; -@@ -205,7 +205,7 @@ int rprint_fib(int ext, int numeric) - - int rprint_cache(int ext, int numeric) - { -- char buff[1024], iface[16], flags[64]; -+ char buff[1024], iface[17], flags[64]; - char gate_addr[128], dest_addr[128], specdst[128]; - char src_addr[128]; - struct sockaddr snet; -@@ -269,20 +269,20 @@ int rprint_cache(int ext, int numeric) - - fmt = proc_gen_fmt(_PATH_PROCNET_RTCACHE, 0, fp, - "Iface", "%16s", -- "Destination", "%128s", -- "Gateway", "%128s", -+ "Destination", "%127s", -+ "Gateway", "%127s", - "Flags", "%X", - "RefCnt", "%d", - "Use", "%d", - "Metric", "%d", -- "Source", "%128s", -+ "Source", "%127s", - "MTU", "%d", - "Window", "%d", - "IRTT", "%d", - "HH", "%d", - "ARP", "%d", - NULL); -- /* "%16s %128s %128s %X %d %d %d %128s %d %d %d %d %d\n" */ -+ /* "%16s %127s %127s %X %d %d %d %127s %d %d %d %d %d\n" */ - } - - if (format == 2) { -@@ -292,13 +292,13 @@ int rprint_cache(int ext, int numeric) - "MSS Window irtt TOS HHRef HHUptod SpecDst\n")); - fmt = proc_gen_fmt(_PATH_PROCNET_RTCACHE, 0, fp, - "Iface", "%16s", -- "Destination", "%128s", -- "Gateway", "%128s", -+ "Destination", "%127s", -+ "Gateway", "%127s", - "Flags", "%X", - "RefCnt", "%d", - "Use", "%d", - "Metric", "%d", -- "Source", "%128s", -+ "Source", "%127s", - "MTU", "%d", - "Window", "%d", - "IRTT", "%d", -@@ -307,7 +307,7 @@ int rprint_cache(int ext, int numeric) - "HHUptod", "%d", - "SpecDst", "%128s", - NULL); -- /* "%16s %128s %128s %X %d %d %d %128s %d %d %d %d %d %128s\n" */ -+ /* "%16s %127s %127s %X %d %d %d %127s %d %d %d %d %d %128s\n" */ - } - - -diff -up net-tools-1.60/lib/interface.c.scanf-format net-tools-1.60/lib/interface.c ---- net-tools-1.60/lib/interface.c.scanf-format 2009-07-08 11:17:09.000000000 +0200 -+++ net-tools-1.60/lib/interface.c 2009-07-08 11:45:44.000000000 +0200 -@@ -713,7 +713,7 @@ void ife_print_long(struct interface *pt - #endif - #if HAVE_AFINET6 - FILE *f; -- char addr6[40], devname[20]; -+ char addr6[40], devname[21]; - struct sockaddr_in6 sap; - int plen, scope, dad_status, if_idx; - extern struct aftype inet6_aftype; -diff -up net-tools-1.60/netstat.c.scanf-format net-tools-1.60/netstat.c ---- net-tools-1.60/netstat.c.scanf-format 2009-07-08 11:17:09.000000000 +0200 -+++ net-tools-1.60/netstat.c 2009-07-08 11:42:12.000000000 +0200 -@@ -1105,7 +1105,7 @@ static void udp_do_one(int lnr, const ch - - more[0] = '\0'; - num = sscanf(line, -- "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %512s\n", -+ "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %511s\n", - &d, local_addr, &local_port, - rem_addr, &rem_port, &state, - &txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more); -@@ -1540,7 +1540,7 @@ static void raw_do_one(int lnr, const ch - - more[0] = '\0'; - num = sscanf(line, -- "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %512s\n", -+ "%d: %64[0-9A-Fa-f]:%X %64[0-9A-Fa-f]:%X %X %lX:%lX %X:%lX %lX %d %d %lu %511s\n", - &d, local_addr, &local_port, rem_addr, &rem_port, &state, - &txq, &rxq, &timer_run, &time_len, &retr, &uid, &timeout, &inode, more); - diff --git a/net-tools/patches/net-tools-1.60-sctp-addrs.patch b/net-tools/patches/net-tools-1.60-sctp-addrs.patch deleted file mode 100644 index ff1c062..0000000 --- a/net-tools/patches/net-tools-1.60-sctp-addrs.patch +++ /dev/null @@ -1,346 +0,0 @@ ---- net-tools-1.60/netstat.c.sctp-addrs 2008-06-18 14:41:29.000000000 +0200 -+++ net-tools-1.60/netstat.c 2008-06-18 14:12:03.000000000 +0200 -@@ -1299,23 +1299,21 @@ static void sctp_eps_do_one(int lnr, cha - const char *lport_str; - const char *uid_str; - const char *inode_str; -- const char *pladdr_str; - char *laddrs_str; - - if(lnr == 0) { -- /* ENDPT SOCK STY SST HBKT LPORT uid inode pladdr LADDRS*/ -+ /* ENDPT SOCK STY SST HBKT LPORT UID INODE LADDRS */ - return; - } - -- strtok(line," \t\n"); /*skip ptr*/ -- strtok(0," \t\n"); /*skip ptr*/ -+ strtok(line," \t\n"); /*skip endpt*/ -+ strtok(0," \t\n"); /*skip sock*/ - sty_str = strtok(0," \t\n"); - sst_str = strtok(0," \t\n"); - strtok(0," \t\n"); /*skip hash bucket*/ - lport_str=strtok(0," \t\n"); - uid_str = strtok(0," \t\n"); - inode_str = strtok(0," \t\n"); -- pladdr_str = strtok(0," \t\n"); - laddrs_str=strtok(0,"\t\n"); - - type = atoi(sty_str); -@@ -1323,61 +1321,35 @@ static void sctp_eps_do_one(int lnr, cha - port = atoi(lport_str); - uid = atoi(uid_str); - inode = strtoul(inode_str,0,0); -- -- if(flag_sctp<=1) { -- /* only print the primary address */ -- char local_addr[64]; -- char local_port[16]; -- -- ap = process_sctp_addr_str(pladdr_str, (struct sockaddr*)&localaddr); -- if(ap) -- safe_strncpy(local_addr, -- ap->sprint((struct sockaddr *) &localaddr, flag_not), -- sizeof(local_addr)); -- else -- sprintf(local_addr,_("unsupported address family %d"), ((struct sockaddr*)&localaddr)->sa_family); -- -- snprintf(local_port, sizeof(local_port), "%s", -- get_sname(htons(port), "sctp", -- flag_not & FLAG_NUM_PORT)); -- -- printf("sctp "); -- sprintf(buffer,"%s:%s", local_addr, local_port); -- printf("%-47s", buffer); -- printf(" %-12s", sctp_socket_state_str(state)); -- } else { -- /*print all addresses*/ -- const char *this_local_addr; -- int first=1; -- char local_port[16]; -- snprintf(local_port, sizeof(local_port), "%s", -- get_sname(htons(port), "sctp", -- flag_not & FLAG_NUM_PORT)); -- for(this_local_addr=strtok(laddrs_str," \t\n"); -- this_local_addr; -- this_local_addr=strtok(0," \t\n")) -- { -- char local_addr[64]; -- ap = process_sctp_addr_str(this_local_addr, (struct sockaddr*)&localaddr); -- if(ap) -- safe_strncpy(local_addr, -- ap->sprint((struct sockaddr *) &localaddr, flag_not), -- sizeof(local_addr)); -- else -- sprintf(local_addr,_("unsupported address family %d"), ((struct sockaddr*)&localaddr)->sa_family); - -- if(!first) printf("\n"); -- if(first) -- printf("sctp "); -- else -- printf(" "); -- sprintf(buffer,"%s:%s", local_addr, local_port); -- printf("%-47s", buffer); -- printf(" %-12s", first?sctp_socket_state_str(state):""); -- first = 0; -- } -+ const char *this_local_addr; -+ int first=1; -+ char local_port[16]; -+ snprintf(local_port, sizeof(local_port), "%s", -+ get_sname(htons(port), "sctp", flag_not & FLAG_NUM_PORT)); -+ for(this_local_addr=strtok(laddrs_str," \t\n"); -+ this_local_addr; -+ this_local_addr=strtok(0," \t\n")) -+ { -+ char local_addr[64]; -+ ap = process_sctp_addr_str(this_local_addr, (struct sockaddr*)&localaddr); -+ if(ap) -+ safe_strncpy(local_addr, -+ ap->sprint((struct sockaddr *) &localaddr, flag_not), -+ sizeof(local_addr)); -+ else -+ sprintf(local_addr,_("unsupported address family %d"), ((struct sockaddr*)&localaddr)->sa_family); -+ -+ if(!first) printf("\n"); -+ if(first) -+ printf("sctp "); -+ else -+ printf(" "); -+ sprintf(buffer,"%s:%s", local_addr, local_port); -+ printf("%-55s", buffer); -+ printf(" %-12s", first?sctp_socket_state_str(state):""); -+ first = 0; - } -- - finish_this_one(uid,inode,""); - } - -@@ -1403,32 +1375,29 @@ static void sctp_assoc_do_one(int lnr, c - const char *lport_str,*rport_str; - const char *uid_str; - const char *inode_str; -- const char *pladdr_str; - char *laddrs_str; -- const char *praddr_str; - char *raddrs_str; -- -+ - if(lnr == 0) { -- /* ASSOC SOCK STY SST ST HBKT tx_queue rx_queue uid inode LPORT RPORT pladdr praddr LADDRS <-> RADDRS*/ -+ /* ASSOC SOCK STY SST ST HBKT ASSOC-ID TX_QUEUE RX_QUEUE UID INODE LPORT RPORT LADDRS <-> RADDRS */ - return; - } -- -- strtok(line," \t\n"); /*skip ptr*/ -- strtok(0," \t\n"); /*skip ptr*/ -+ -+ strtok(line," \t\n"); /*skip assoc*/ -+ strtok(0," \t\n"); /*skip sock*/ - sty_str = strtok(0," \t\n"); - sst_str = strtok(0," \t\n"); - st_str = strtok(0," \t\n"); - strtok(0," \t\n"); /*skip hash bucket*/ -+ strtok(0," \t\n"); /*skip hash assoc-id*/ - txqueue_str = strtok(0," \t\n"); - rxqueue_str = strtok(0," \t\n"); - uid_str = strtok(0," \t\n"); - inode_str = strtok(0," \t\n"); - lport_str=strtok(0," \t\n"); - rport_str=strtok(0," \t\n"); -- pladdr_str = strtok(0," \t\n"); -- praddr_str = strtok(0," \t\n"); -- laddrs_str=strtok(0,"<->\t\n"); -- raddrs_str=strtok(0,"<->\t\n"); -+ laddrs_str = strtok(0,"<->\t\n"); -+ raddrs_str = strtok(0,"<->\t\n"); - - type = atoi(sty_str); - state = atoi(sst_str); -@@ -1439,116 +1408,81 @@ static void sctp_assoc_do_one(int lnr, c - inode = strtoul(inode_str,0,0); - lport = atoi(lport_str); - rport = atoi(rport_str); -- -- if(flag_sctp<=1) { -- /* only print the primary addresses */ -- char local_addr[64]; -- char local_port[16]; -- char remote_addr[64]; -- char remote_port[16]; -- -- ap = process_sctp_addr_str(pladdr_str, (struct sockaddr*)&localaddr); -- if(ap) -- safe_strncpy(local_addr, -- ap->sprint((struct sockaddr *) &localaddr, flag_not), -- sizeof(local_addr)); -- else -- sprintf(local_addr,_("unsupported address family %d"), ((struct sockaddr*)&localaddr)->sa_family); -- -- snprintf(local_port, sizeof(local_port), "%s", -- get_sname(htons(lport), "sctp", -- flag_not & FLAG_NUM_PORT)); -- -- ap = process_sctp_addr_str(praddr_str, (struct sockaddr*)&remoteaddr); -- if(ap) -- safe_strncpy(remote_addr, -- ap->sprint((struct sockaddr *) &remoteaddr, flag_not), -- sizeof(remote_addr)); -- else -- sprintf(remote_addr,_("unsupported address family %d"), ((struct sockaddr*)&remoteaddr)->sa_family); -- -- snprintf(remote_port, sizeof(remote_port), "%s", -- get_sname(htons(rport), "sctp", -- flag_not & FLAG_NUM_PORT)); -- -- printf("sctp"); -- printf(" %6u %6u ", rxqueue, txqueue); -- sprintf(buffer,"%s:%s", local_addr, local_port); -- printf("%-23s", buffer); -- printf(" "); -- sprintf(buffer,"%s:%s", remote_addr, remote_port); -- printf("%-23s", buffer); -- printf(" %-12s", sctp_socket_state_str(state)); -- } else { -- /*print all addresses*/ -- const char *this_local_addr; -- const char *this_remote_addr; -- char *ss1,*ss2; -- int first=1; -- char local_port[16]; -- char remote_port[16]; -- snprintf(local_port, sizeof(local_port), "%s", -- get_sname(htons(lport), "sctp", -- flag_not & FLAG_NUM_PORT)); -- snprintf(remote_port, sizeof(remote_port), "%s", -- get_sname(htons(rport), "sctp", -- flag_not & FLAG_NUM_PORT)); -- -- this_local_addr=strtok_r(laddrs_str," \t\n",&ss1); -- this_remote_addr=strtok_r(raddrs_str," \t\n",&ss2); -- while(this_local_addr || this_remote_addr) { -- char local_addr[64]; -- char remote_addr[64]; -- if(this_local_addr) { -- ap = process_sctp_addr_str(this_local_addr, (struct sockaddr*)&localaddr); -- if(ap) -- safe_strncpy(local_addr, -- ap->sprint((struct sockaddr *) &localaddr, flag_not), -- sizeof(local_addr)); -- else -- sprintf(local_addr,_("unsupported address family %d"), ((struct sockaddr*)&localaddr)->sa_family); -- } -- if(this_remote_addr) { -- ap = process_sctp_addr_str(this_remote_addr, (struct sockaddr*)&remoteaddr); -- if(ap) -- safe_strncpy(remote_addr, -- ap->sprint((struct sockaddr *) &remoteaddr, flag_not), -- sizeof(remote_addr)); -- else -- sprintf(remote_addr,_("unsupported address family %d"), ((struct sockaddr*)&remoteaddr)->sa_family); -- } - -- if(!first) printf("\n"); -- if(first) -- printf("sctp %6u %6u ", rxqueue, txqueue); -- else -- printf(" "); -- if(this_local_addr) { -- if(first) -- sprintf(buffer,"%s:%s", local_addr, local_port); -+ /*print all addresses*/ -+ const char *this_local_addr; -+ const char *this_remote_addr; -+ char *ss1,*ss2; -+ int first=1; -+ char local_port[16]; -+ char remote_port[16]; -+ snprintf(local_port, sizeof(local_port), "%s", -+ get_sname(htons(lport), "sctp", -+ flag_not & FLAG_NUM_PORT)); -+ snprintf(remote_port, sizeof(remote_port), "%s", -+ get_sname(htons(rport), "sctp", -+ flag_not & FLAG_NUM_PORT)); -+ -+ this_local_addr=strtok_r(laddrs_str," \t\n",&ss1); -+ this_remote_addr=strtok_r(raddrs_str," \t\n",&ss2); -+ while(this_local_addr || this_remote_addr) { -+ char local_addr[64]; -+ char remote_addr[64]; -+ -+ if(this_local_addr) { -+ if (this_local_addr[0] == '*') { -+ /* skip * */ -+ this_local_addr++; -+ } -+ ap = process_sctp_addr_str(this_local_addr, (struct sockaddr*)&localaddr); -+ if(ap) -+ safe_strncpy(local_addr, -+ ap->sprint((struct sockaddr *) &localaddr, flag_not), sizeof(local_addr)); - else -- sprintf(buffer,"%s", local_addr); -- printf("%-23s", buffer); -- } else -- printf("%-23s", ""); -- printf(" "); -- if(this_remote_addr) { -- if(first) -- sprintf(buffer,"%s:%s", remote_addr, remote_port); -+ sprintf(local_addr,_("unsupported address family %d"), ((struct sockaddr*)&localaddr)->sa_family); -+ } -+ if(this_remote_addr) { -+ if (this_remote_addr[0] == '*') { -+ /* skip * */ -+ this_remote_addr++; -+ } -+ ap = process_sctp_addr_str(this_remote_addr, (struct sockaddr*)&remoteaddr); -+ if(ap) -+ safe_strncpy(remote_addr, -+ ap->sprint((struct sockaddr *) &remoteaddr, flag_not), sizeof(remote_addr)); - else -- sprintf(buffer,"%s", remote_addr); -- printf("%-23s", buffer); -- } else -- printf("%-23s", ""); -- -- printf(" %-12s", first?sctp_socket_state_str(state):""); -+ sprintf(remote_addr,_("unsupported address family %d"), ((struct sockaddr*)&remoteaddr)->sa_family); -+ } - -- first = 0; -- this_local_addr=strtok_r(0," \t\n",&ss1); -- this_remote_addr=strtok_r(0," \t\n",&ss2); -- } -+ if(!first) printf("\n"); -+ if(first) -+ printf("sctp %6u %6u ", rxqueue, txqueue); -+ else -+ printf(" "); -+ if(this_local_addr) { -+ if(first) -+ sprintf(buffer,"%s:%s", local_addr, local_port); -+ else -+ sprintf(buffer,"%s", local_addr); -+ printf("%-27s", buffer); -+ } else -+ printf("%-27s", ""); -+ printf(" "); -+ if(this_remote_addr) { -+ if(first) -+ sprintf(buffer,"%s:%s", remote_addr, remote_port); -+ else -+ sprintf(buffer,"%s", remote_addr); -+ printf("%-27s", buffer); -+ } else -+ printf("%-27s", ""); -+ -+ printf(" %-12s", first?sctp_socket_state_str(state):""); -+ -+ first = 0; -+ this_local_addr=strtok_r(0," \t\n",&ss1); -+ this_remote_addr=strtok_r(0," \t\n",&ss2); - } -- - finish_this_one(uid,inode,""); - } - diff --git a/net-tools/patches/net-tools-1.60-sctp-quiet.patch b/net-tools/patches/net-tools-1.60-sctp-quiet.patch deleted file mode 100644 index f04c4ca..0000000 --- a/net-tools/patches/net-tools-1.60-sctp-quiet.patch +++ /dev/null @@ -1,11 +0,0 @@ ---- net-tools-1.60/netstat.c.old 2007-02-22 14:39:39.000000000 +0100 -+++ net-tools-1.60/netstat.c 2007-02-22 14:44:22.000000000 +0100 -@@ -2325,7 +2325,7 @@ - usage(); - - if ((flag_inet || flag_inet6 || flag_sta) && !(flag_tcp || flag_udp || flag_sctp || flag_raw)) -- flag_tcp = flag_udp = flag_sctp = flag_raw = 1; -+ flag_tcp = flag_udp = flag_raw = 1; - - if ((flag_tcp || flag_udp || flag_sctp || flag_raw || flag_igmp) && !(flag_inet || flag_inet6)) - flag_inet = flag_inet6 = 1; diff --git a/net-tools/patches/net-tools-1.60-sctp.patch b/net-tools/patches/net-tools-1.60-sctp.patch deleted file mode 100644 index 6292999..0000000 --- a/net-tools/patches/net-tools-1.60-sctp.patch +++ /dev/null @@ -1,617 +0,0 @@ ---- net-tools-1.60/statistics.c.sctp 2006-04-13 10:06:45.000000000 -0400 -+++ net-tools-1.60/statistics.c 2006-04-13 10:06:45.000000000 -0400 -@@ -20,7 +20,7 @@ - #define UFWARN(x) - #endif - --int print_static,f_raw,f_tcp,f_udp,f_unknown = 1; -+int print_static,f_raw,f_tcp,f_udp,f_sctp,f_unknown = 1; - - enum State { - number = 0, opt_number, i_forward, i_inp_icmp, i_outp_icmp, i_rto_alg, -@@ -225,6 +225,27 @@ - { "TCPLoss", N_("%u TCP data loss events") }, - }; - -+struct entry Sctptab[] = -+{ -+ {"SctpCurrEstab", N_("%u Current Associations"), number}, -+ {"SctpActiveEstabs", N_("%u Active Associations"), number}, -+ {"SctpPassiveEstabs", N_("%u Passive Associations"), number}, -+ {"SctpAborteds", N_("%u Number of Aborteds "), number}, -+ {"SctpShutdowns", N_("%u Number of Graceful Terminations"), number}, -+ {"SctpOutOfBlues", N_("%u Number of Out of Blue packets"), number}, -+ {"SctpChecksumErrors", N_("%u Number of Packets with invalid Checksum"), number}, -+ {"SctpOutCtrlChunks", N_("%u Number of control chunks sent"), number}, -+ {"SctpOutOrderChunks", N_("%u Number of ordered chunks sent"), number}, -+ {"SctpOutUnorderChunks", N_("%u Number of Unordered chunks sent"), number}, -+ {"SctpInCtrlChunks", N_("%u Number of control chunks received"), number}, -+ {"SctpInOrderChunks", N_("%u Number of ordered chunks received"), number}, -+ {"SctpInUnorderChunks", N_("%u Number of Unordered chunks received"), number}, -+ {"SctpFragUsrMsgs", N_("%u Number of messages fragmented"), number}, -+ {"SctpReasmUsrMsgs", N_("%u Number of messages reassembled "), number}, -+ {"SctpOutSCTPPacks", N_("%u Number of SCTP packets sent"), number}, -+ {"SctpInSCTPPacks", N_("%u Number of SCTP packets received"), number}, -+}; -+ - struct tabtab { - char *title; - struct entry *tab; -@@ -238,6 +259,7 @@ - {"Icmp", Icmptab, sizeof(Icmptab), &f_raw}, - {"Tcp", Tcptab, sizeof(Tcptab), &f_tcp}, - {"Udp", Udptab, sizeof(Udptab), &f_udp}, -+ {"Sctp", Sctptab, sizeof(Sctptab), &f_sctp}, - {"TcpExt", Tcpexttab, sizeof(Tcpexttab), &f_tcp}, - {NULL} - }; -@@ -385,12 +407,39 @@ - return; - } - -+/* Process a file with name-value lines (like /proc/net/sctp/snmp) */ -+void process_fd2(FILE *f, const char *filename) -+{ -+ char buf1[1024]; -+ char *sp; -+ struct tabtab *tab; -+ -+ tab = newtable(snmptabs, "Sctp"); -+ -+ while (fgets(buf1, sizeof buf1, f)) { -+ sp = buf1 + strcspn(buf1, " \t\n"); -+ if (!sp) -+ goto formaterr; -+ *sp = '\0'; -+ sp++; -+ -+ sp += strspn(sp, " \t\n"); - --int parsesnmp(int flag_raw, int flag_tcp, int flag_udp) -+ if (*sp != '\0' && *(tab->flag)) -+ printval(tab, buf1, strtoul(sp, 0, 10)); -+ } -+ return; -+ -+formaterr: -+ fprintf(stderr,_("error parsing %s\n"), filename); -+ return; -+} -+ -+int parsesnmp(int flag_raw, int flag_tcp, int flag_udp, int flag_sctp) - { - FILE *f; - -- f_raw = flag_raw; f_tcp = flag_tcp; f_udp = flag_udp; -+ f_raw = flag_raw; f_tcp = flag_tcp; f_udp = flag_udp; f_sctp = flag_sctp; - - f = fopen("/proc/net/snmp", "r"); - if (!f) { -@@ -418,6 +467,16 @@ - - fclose(f); - } -+ -+ f = fopen("/proc/net/sctp/snmp", "r"); -+ if (f) { -+ process_fd2(f,"/proc/net/sctp/snmp"); -+ if (ferror(f)) -+ perror("/proc/net/sctp/snmp"); -+ -+ fclose(f); -+ } -+ - return(0); - } - ---- net-tools-1.60/netstat.c.sctp 2006-04-13 10:06:45.000000000 -0400 -+++ net-tools-1.60/netstat.c 2006-04-13 10:10:23.000000000 -0400 -@@ -58,6 +58,7 @@ - * - *990420 {1.38} Tuan Hoang removed a useless assignment from igmp_do_one() - *20010404 {1.39} Arnaldo Carvalho de Melo - use setlocale -+ *20050516 {1.40} Ivan Skytte Joergensen:Added SCTP support - * - * This program is free software; you can redistribute it - * and/or modify it under the terms of the GNU General -@@ -108,7 +109,7 @@ - #endif - - /* prototypes for statistics.c */ --int parsesnmp(int, int, int); -+int parsesnmp(int, int, int, int); - void inittab(void); - - typedef enum { -@@ -119,6 +120,29 @@ - SS_DISCONNECTING /* in process of disconnecting */ - } socket_state; - -+ -+#define SCTP_NSTATES 9 /* The number of states in array*/ -+ -+static const char *sctp_state[] = { -+ N_("EMPTY"), -+ N_("CLOSED"), -+ N_("COOKIE_WAIT"), -+ N_("COOKIE_ECHOED"), -+ N_("ESTABLISHED"), -+ N_("SHUTDOWN_PENDING"), -+ N_("SHUTDOWN_SENT"), -+ N_("SHUTDOWN_RECEIVED"), -+ N_("SHUTDOWN_ACK_SENT") -+}; -+ -+#define SCTP_NTYPES 3 /* The number of types in array */ -+ -+static const char *sctp_type[] = { -+ N_("udp"), -+ N_("udp-high-bw"), -+ N_("tcp") -+}; -+ - #define SO_ACCEPTCON (1<<16) /* performed a listen */ - #define SO_WAITDATA (1<<17) /* wait data to read */ - #define SO_NOSPACE (1<<18) /* no space to write */ -@@ -150,6 +174,7 @@ - int flag_raw = 0; - int flag_tcp = 0; - int flag_udp = 0; -+int flag_sctp= 0; - int flag_igmp= 0; - int flag_rom = 0; - int flag_exp = 1; -@@ -1189,6 +1214,365 @@ - udp_do_one); - } - -+static const char *sctp_socket_type_str(int type) { -+ if(type>=0 && type<SCTP_NTYPES) -+ return sctp_type[type]; -+ else { -+ static char type_str_buf[64]; -+ sprintf(type_str_buf,"UNKNOWN(%d)",type); -+ return type_str_buf; -+ } -+} -+ -+static const char *sctp_state_str(int state) -+{ -+ if(state>=0 && state<SCTP_NSTATES) -+ return sctp_state[state]; -+ else { -+ static char state_str_buf[64]; -+ sprintf(state_str_buf,"UNKNOWN(%d)",state); -+ return state_str_buf; -+ } -+} -+ -+static const char *sctp_socket_state_str(int state) -+{ -+ if(state>=0 && state<=10) -+ return tcp_state[state]; -+ else { -+ static char state_str_buf[64]; -+ sprintf(state_str_buf,"UNKNOWN(%d)",state); -+ return state_str_buf; -+ } -+} -+ -+static struct aftype *process_sctp_addr_str(const char *addr_str, struct sockaddr *sa) -+{ -+ if (strchr(addr_str,':')) { -+#if HAVE_AFINET6 -+ extern struct aftype inet6_aftype; -+ /* Demangle what the kernel gives us */ -+ struct in6_addr in6; -+ char addr6_str[INET6_ADDRSTRLEN]; -+ unsigned u0,u1,u2,u3,u4,u5,u6,u7; -+ sscanf(addr_str, "%04X:%04X:%04X:%04X:%04X:%04X:%04X:%04X", -+ &u0, &u1, &u2, &u3, &u4, &u5, &u6, &u7); -+ in6.s6_addr16[0] = htons(u0); -+ in6.s6_addr16[1] = htons(u1); -+ in6.s6_addr16[2] = htons(u2); -+ in6.s6_addr16[3] = htons(u3); -+ in6.s6_addr16[4] = htons(u4); -+ in6.s6_addr16[5] = htons(u5); -+ in6.s6_addr16[6] = htons(u6); -+ in6.s6_addr16[7] = htons(u7); -+ -+ inet_ntop(AF_INET6, &in6, addr6_str, sizeof(addr6_str)); -+ inet6_aftype.input(1, addr6_str, sa); -+ sa->sa_family = AF_INET6; -+#endif -+ } else { -+ ((struct sockaddr_in*)sa)->sin_addr.s_addr = inet_addr(addr_str); -+ sa->sa_family = AF_INET; -+ } -+ return get_afntype(sa->sa_family); -+} -+ -+static void sctp_eps_do_one(int lnr, char *line) -+{ -+ char buffer[1024]; -+ int type, state, port; -+ int uid; -+ unsigned long inode; -+ -+ struct aftype *ap; -+#if HAVE_AFINET6 -+ struct sockaddr_in6 localaddr; -+#else -+ struct sockaddr_in localaddr; -+#endif -+ const char *sty_str; -+ const char *sst_str; -+ const char *lport_str; -+ const char *uid_str; -+ const char *inode_str; -+ const char *pladdr_str; -+ char *laddrs_str; -+ -+ if(lnr == 0) { -+ /* ENDPT SOCK STY SST HBKT LPORT uid inode pladdr LADDRS*/ -+ return; -+ } -+ -+ strtok(line," \t\n"); /*skip ptr*/ -+ strtok(0," \t\n"); /*skip ptr*/ -+ sty_str = strtok(0," \t\n"); -+ sst_str = strtok(0," \t\n"); -+ strtok(0," \t\n"); /*skip hash bucket*/ -+ lport_str=strtok(0," \t\n"); -+ uid_str = strtok(0," \t\n"); -+ inode_str = strtok(0," \t\n"); -+ pladdr_str = strtok(0," \t\n"); -+ laddrs_str=strtok(0,"\t\n"); -+ -+ type = atoi(sty_str); -+ state = atoi(sst_str); -+ port = atoi(lport_str); -+ uid = atoi(uid_str); -+ inode = strtoul(inode_str,0,0); -+ -+ if(flag_sctp<=1) { -+ /* only print the primary address */ -+ char local_addr[64]; -+ char local_port[16]; -+ -+ ap = process_sctp_addr_str(pladdr_str, (struct sockaddr*)&localaddr); -+ if(ap) -+ safe_strncpy(local_addr, -+ ap->sprint((struct sockaddr *) &localaddr, flag_not), -+ sizeof(local_addr)); -+ else -+ sprintf(local_addr,_("unsupported address family %d"), ((struct sockaddr*)&localaddr)->sa_family); -+ -+ snprintf(local_port, sizeof(local_port), "%s", -+ get_sname(htons(port), "sctp", -+ flag_not & FLAG_NUM_PORT)); -+ -+ printf("sctp "); -+ sprintf(buffer,"%s:%s", local_addr, local_port); -+ printf("%-47s", buffer); -+ printf(" %-12s", sctp_socket_state_str(state)); -+ } else { -+ /*print all addresses*/ -+ const char *this_local_addr; -+ int first=1; -+ char local_port[16]; -+ snprintf(local_port, sizeof(local_port), "%s", -+ get_sname(htons(port), "sctp", -+ flag_not & FLAG_NUM_PORT)); -+ for(this_local_addr=strtok(laddrs_str," \t\n"); -+ this_local_addr; -+ this_local_addr=strtok(0," \t\n")) -+ { -+ char local_addr[64]; -+ ap = process_sctp_addr_str(this_local_addr, (struct sockaddr*)&localaddr); -+ if(ap) -+ safe_strncpy(local_addr, -+ ap->sprint((struct sockaddr *) &localaddr, flag_not), -+ sizeof(local_addr)); -+ else -+ sprintf(local_addr,_("unsupported address family %d"), ((struct sockaddr*)&localaddr)->sa_family); -+ -+ if(!first) printf("\n"); -+ if(first) -+ printf("sctp "); -+ else -+ printf(" "); -+ sprintf(buffer,"%s:%s", local_addr, local_port); -+ printf("%-47s", buffer); -+ printf(" %-12s", first?sctp_socket_state_str(state):""); -+ first = 0; -+ } -+ } -+ -+ finish_this_one(uid,inode,""); -+} -+ -+static void sctp_assoc_do_one(int lnr, char *line) -+{ -+ char buffer[1024]; -+ int type, state, state2, lport,rport; -+ int uid; -+ unsigned rxqueue,txqueue; -+ unsigned long inode; -+ -+ struct aftype *ap; -+#if HAVE_AFINET6 -+ struct sockaddr_in6 localaddr,remoteaddr; -+#else -+ struct sockaddr_in localaddr,remoteaddr; -+#endif -+ const char *sty_str; -+ const char *sst_str; -+ const char *st_str; -+ const char *txqueue_str; -+ const char *rxqueue_str; -+ const char *lport_str,*rport_str; -+ const char *uid_str; -+ const char *inode_str; -+ const char *pladdr_str; -+ char *laddrs_str; -+ const char *praddr_str; -+ char *raddrs_str; -+ -+ if(lnr == 0) { -+ /* ASSOC SOCK STY SST ST HBKT tx_queue rx_queue uid inode LPORT RPORT pladdr praddr LADDRS <-> RADDRS*/ -+ return; -+ } -+ -+ strtok(line," \t\n"); /*skip ptr*/ -+ strtok(0," \t\n"); /*skip ptr*/ -+ sty_str = strtok(0," \t\n"); -+ sst_str = strtok(0," \t\n"); -+ st_str = strtok(0," \t\n"); -+ strtok(0," \t\n"); /*skip hash bucket*/ -+ txqueue_str = strtok(0," \t\n"); -+ rxqueue_str = strtok(0," \t\n"); -+ uid_str = strtok(0," \t\n"); -+ inode_str = strtok(0," \t\n"); -+ lport_str=strtok(0," \t\n"); -+ rport_str=strtok(0," \t\n"); -+ pladdr_str = strtok(0," \t\n"); -+ praddr_str = strtok(0," \t\n"); -+ laddrs_str=strtok(0,"<->\t\n"); -+ raddrs_str=strtok(0,"<->\t\n"); -+ -+ type = atoi(sty_str); -+ state = atoi(sst_str); -+ state2 = atoi(st_str); -+ txqueue = atoi(txqueue_str); -+ rxqueue = atoi(rxqueue_str); -+ uid = atoi(uid_str); -+ inode = strtoul(inode_str,0,0); -+ lport = atoi(lport_str); -+ rport = atoi(rport_str); -+ -+ if(flag_sctp<=1) { -+ /* only print the primary addresses */ -+ char local_addr[64]; -+ char local_port[16]; -+ char remote_addr[64]; -+ char remote_port[16]; -+ -+ ap = process_sctp_addr_str(pladdr_str, (struct sockaddr*)&localaddr); -+ if(ap) -+ safe_strncpy(local_addr, -+ ap->sprint((struct sockaddr *) &localaddr, flag_not), -+ sizeof(local_addr)); -+ else -+ sprintf(local_addr,_("unsupported address family %d"), ((struct sockaddr*)&localaddr)->sa_family); -+ -+ snprintf(local_port, sizeof(local_port), "%s", -+ get_sname(htons(lport), "sctp", -+ flag_not & FLAG_NUM_PORT)); -+ -+ ap = process_sctp_addr_str(praddr_str, (struct sockaddr*)&remoteaddr); -+ if(ap) -+ safe_strncpy(remote_addr, -+ ap->sprint((struct sockaddr *) &remoteaddr, flag_not), -+ sizeof(remote_addr)); -+ else -+ sprintf(remote_addr,_("unsupported address family %d"), ((struct sockaddr*)&remoteaddr)->sa_family); -+ -+ snprintf(remote_port, sizeof(remote_port), "%s", -+ get_sname(htons(rport), "sctp", -+ flag_not & FLAG_NUM_PORT)); -+ -+ printf("sctp"); -+ printf(" %6u %6u ", rxqueue, txqueue); -+ sprintf(buffer,"%s:%s", local_addr, local_port); -+ printf("%-23s", buffer); -+ printf(" "); -+ sprintf(buffer,"%s:%s", remote_addr, remote_port); -+ printf("%-23s", buffer); -+ printf(" %-12s", sctp_socket_state_str(state)); -+ } else { -+ /*print all addresses*/ -+ const char *this_local_addr; -+ const char *this_remote_addr; -+ char *ss1,*ss2; -+ int first=1; -+ char local_port[16]; -+ char remote_port[16]; -+ snprintf(local_port, sizeof(local_port), "%s", -+ get_sname(htons(lport), "sctp", -+ flag_not & FLAG_NUM_PORT)); -+ snprintf(remote_port, sizeof(remote_port), "%s", -+ get_sname(htons(rport), "sctp", -+ flag_not & FLAG_NUM_PORT)); -+ -+ this_local_addr=strtok_r(laddrs_str," \t\n",&ss1); -+ this_remote_addr=strtok_r(raddrs_str," \t\n",&ss2); -+ while(this_local_addr || this_remote_addr) { -+ char local_addr[64]; -+ char remote_addr[64]; -+ if(this_local_addr) { -+ ap = process_sctp_addr_str(this_local_addr, (struct sockaddr*)&localaddr); -+ if(ap) -+ safe_strncpy(local_addr, -+ ap->sprint((struct sockaddr *) &localaddr, flag_not), -+ sizeof(local_addr)); -+ else -+ sprintf(local_addr,_("unsupported address family %d"), ((struct sockaddr*)&localaddr)->sa_family); -+ } -+ if(this_remote_addr) { -+ ap = process_sctp_addr_str(this_remote_addr, (struct sockaddr*)&remoteaddr); -+ if(ap) -+ safe_strncpy(remote_addr, -+ ap->sprint((struct sockaddr *) &remoteaddr, flag_not), -+ sizeof(remote_addr)); -+ else -+ sprintf(remote_addr,_("unsupported address family %d"), ((struct sockaddr*)&remoteaddr)->sa_family); -+ } -+ -+ if(!first) printf("\n"); -+ if(first) -+ printf("sctp %6u %6u ", rxqueue, txqueue); -+ else -+ printf(" "); -+ if(this_local_addr) { -+ if(first) -+ sprintf(buffer,"%s:%s", local_addr, local_port); -+ else -+ sprintf(buffer,"%s", local_addr); -+ printf("%-23s", buffer); -+ } else -+ printf("%-23s", ""); -+ printf(" "); -+ if(this_remote_addr) { -+ if(first) -+ sprintf(buffer,"%s:%s", remote_addr, remote_port); -+ else -+ sprintf(buffer,"%s", remote_addr); -+ printf("%-23s", buffer); -+ } else -+ printf("%-23s", ""); -+ -+ printf(" %-12s", first?sctp_socket_state_str(state):""); -+ -+ first = 0; -+ this_local_addr=strtok_r(0," \t\n",&ss1); -+ this_remote_addr=strtok_r(0," \t\n",&ss2); -+ } -+ } -+ -+ finish_this_one(uid,inode,""); -+} -+ -+static int sctp_info_eps(void) -+{ -+#if !defined(_PATH_PROCNET_SCTP_EPS) -+#define _PATH_PROCNET_SCTP_EPS "/proc/net/sctp/eps" -+#endif -+ INFO_GUTS(_PATH_PROCNET_SCTP_EPS, "AF INET (sctp)", -+ sctp_eps_do_one); -+} -+ -+static int sctp_info_assocs(void) -+{ -+#if !defined(_PATH_PROCNET_SCTP_ASSOCS) -+#define _PATH_PROCNET_SCTP_ASSOCS "/proc/net/sctp/assocs" -+#endif -+ INFO_GUTS(_PATH_PROCNET_SCTP_ASSOCS, "AF INET (sctp)", -+ sctp_assoc_do_one); -+} -+ -+static int sctp_info(void) -+{ -+ if(flag_all) -+ sctp_info_eps(); -+ return sctp_info_assocs(); -+} -+ - static void raw_do_one(int lnr, const char *line) - { - char buffer[8192], local_addr[64], rem_addr[64]; -@@ -1742,7 +2126,7 @@ - fprintf(stderr, _(" -Z, --context display SELinux security context for sockets\n\n")); - - fprintf(stderr, _(" <Iface>: Name of interface to monitor/list.\n")); -- fprintf(stderr, _(" <Socket>={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom\n")); -+ fprintf(stderr, _(" <Socket>={-t|--tcp} {-u|--udp} {-S|--sctp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom\n")); - fprintf(stderr, _(" <AF>=Use '-A <af>' or '--<af>'; default: %s\n"), DFLT_AF); - fprintf(stderr, _(" List of possible address families (which support routing):\n")); - print_aflist(1); /* 1 = routeable */ -@@ -1769,6 +2153,7 @@ - {"protocol", 1, 0, 'A'}, - {"tcp", 0, 0, 't'}, - {"udp", 0, 0, 'u'}, -+ {"sctp", 0, 0, 'S' }, - {"raw", 0, 0, 'w'}, - {"unix", 0, 0, 'x'}, - {"listening", 0, 0, 'l'}, -@@ -1801,7 +2186,7 @@ - - afname[0] = '\0'; - -- while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxlZT", longopts, &lop)) != EOF) -+ while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuSVv?wxlZT", longopts, &lop)) != EOF) - switch (i) { - case -1: - break; -@@ -1887,10 +2272,12 @@ - case 't': - flag_tcp++; - break; -- - case 'u': - flag_udp++; - break; -+ case 'S': -+ flag_sctp++; -+ break; - case 'w': - flag_raw++; - break; -@@ -1932,13 +2319,13 @@ - if (flag_int + flag_rou + flag_mas + flag_sta > 1) - usage(); - -- if ((flag_inet || flag_inet6 || flag_sta) && !(flag_tcp || flag_udp || flag_raw)) -- flag_tcp = flag_udp = flag_raw = 1; -+ if ((flag_inet || flag_inet6 || flag_sta) && !(flag_tcp || flag_udp || flag_sctp || flag_raw)) -+ flag_tcp = flag_udp = flag_sctp = flag_raw = 1; - -- if ((flag_tcp || flag_udp || flag_raw || flag_igmp) && !(flag_inet || flag_inet6)) -+ if ((flag_tcp || flag_udp || flag_sctp || flag_raw || flag_igmp) && !(flag_inet || flag_inet6)) - flag_inet = flag_inet6 = 1; - -- flag_arg = flag_tcp + flag_udp + flag_raw + flag_unx + flag_ipx -+ flag_arg = flag_tcp + flag_udp + flag_sctp + flag_raw + flag_unx + flag_ipx - + flag_ax25 + flag_netrom + flag_igmp + flag_x25; - - if (flag_mas) { -@@ -1964,7 +2351,7 @@ - if (flag_sta) { - for(;;) { - inittab(); -- i = parsesnmp(flag_raw, flag_tcp, flag_udp); -+ i = parsesnmp(flag_raw, flag_tcp, flag_udp, flag_sctp); - - if(i || !flag_cnt) - break; -@@ -2006,7 +2393,7 @@ - return (i); - } - for (;;) { -- if (!flag_arg || flag_tcp || flag_udp || flag_raw) { -+ if (!flag_arg || flag_tcp || flag_udp || flag_sctp || flag_raw) { - #if HAVE_AFINET - prg_cache_load(); - printf(_("Active Internet connections ")); /* xxx */ -@@ -2044,6 +2431,11 @@ - if (i) - return (i); - } -+ if (!flag_arg || flag_sctp) { -+ i = sctp_info(); -+ if (i) -+ return (i); -+ } - if (!flag_arg || flag_raw) { - i = raw_info(); - if (i) diff --git a/net-tools/patches/net-tools-1.60-selinux.patch b/net-tools/patches/net-tools-1.60-selinux.patch deleted file mode 100644 index 811893a..0000000 --- a/net-tools/patches/net-tools-1.60-selinux.patch +++ /dev/null @@ -1,225 +0,0 @@ ---- net-tools-1.60/Makefile~ 2005-12-24 06:56:57.000000000 -0500 -+++ net-tools-1.60/Makefile 2005-12-29 16:54:06.000000000 -0500 -@@ -113,6 +113,12 @@ - - NET_LIB = $(NET_LIB_PATH)/lib$(NET_LIB_NAME).a - -+ifeq ($(HAVE_SELINUX),1) -+LDFLAGS += -lselinux -+CFLAGS += -DHAVE_SELINUX -+else -+endif -+ - CFLAGS += $(COPTS) -I. -idirafter ./include/ -I$(NET_LIB_PATH) - LDFLAGS += $(LOPTS) -L$(NET_LIB_PATH) - ---- net-tools-1.60/netstat.c~ 2005-12-24 06:56:57.000000000 -0500 -+++ net-tools-1.60/netstat.c 2005-12-29 16:54:07.000000000 -0500 -@@ -86,6 +86,11 @@ - #include <net/if.h> - #include <dirent.h> - -+#if HAVE_SELINUX -+#include <selinux/selinux.h> -+#else -+#define security_context_t char* -+#endif - #include "net-support.h" - #include "pathnames.h" - #include "version.h" -@@ -96,6 +101,7 @@ - #include "util.h" - - #define PROGNAME_WIDTH 20 -+#define SELINUX_WIDTH 50 - - #if !defined(s6_addr32) && defined(in6a_words) - #define s6_addr32 in6a_words /* libinet6 */ -@@ -150,6 +156,7 @@ - int flag_prg = 0; - int flag_arg = 0; - int flag_ver = 0; -+int flag_selinux = 0; - - FILE *procinfo; - -@@ -213,12 +220,17 @@ - #define PROGNAME_WIDTH1(s) PROGNAME_WIDTH2(s) - #define PROGNAME_WIDTH2(s) #s - -+#define SELINUX_WIDTHs SELINUX_WIDTH1(SELINUX_WIDTH) -+#define SELINUX_WIDTH1(s) SELINUX_WIDTH2(s) -+#define SELINUX_WIDTH2(s) #s -+ - #define PRG_HASH_SIZE 211 - - static struct prg_node { - struct prg_node *next; - int inode; - char name[PROGNAME_WIDTH]; -+ char scon[SELINUX_WIDTH]; - } *prg_hash[PRG_HASH_SIZE]; - - static char prg_cache_loaded = 0; -@@ -226,9 +238,12 @@ - #define PRG_HASHIT(x) ((x) % PRG_HASH_SIZE) - - #define PROGNAME_BANNER "PID/Program name" -+#define SELINUX_BANNER "Security Context" - - #define print_progname_banner() do { if (flag_prg) printf("%-" PROGNAME_WIDTHs "s"," " PROGNAME_BANNER); } while (0) - -+#define print_selinux_banner() do { if (flag_selinux) printf("%-" SELINUX_WIDTHs "s"," " SELINUX_BANNER); } while (0) -+ - #define PRG_LOCAL_ADDRESS "local_address" - #define PRG_INODE "inode" - #define PRG_SOCKET_PFX "socket:[" -@@ -250,7 +265,7 @@ - /* NOT working as of glibc-2.0.7: */ - #undef DIRENT_HAVE_D_TYPE_WORKS - --static void prg_cache_add(int inode, char *name) -+static void prg_cache_add(int inode, char *name, char *scon) - { - unsigned hi = PRG_HASHIT(inode); - struct prg_node **pnp,*pn; -@@ -271,6 +286,14 @@ - if (strlen(name)>sizeof(pn->name)-1) - name[sizeof(pn->name)-1]='\0'; - strcpy(pn->name,name); -+ -+ { -+ int len=(strlen(scon)-sizeof(pn->scon))+1; -+ if (len > 0) -+ strcpy(pn->scon,&scon[len+1]); -+ else -+ strcpy(pn->scon,scon); -+ } - } - - static const char *prg_cache_get(unsigned long inode) -@@ -283,6 +306,16 @@ - return("-"); - } - -+static const char *prg_cache_get_con(unsigned long inode) -+{ -+ unsigned hi=PRG_HASHIT(inode); -+ struct prg_node *pn; -+ -+ for (pn=prg_hash[hi];pn;pn=pn->next) -+ if (pn->inode==inode) return(pn->scon); -+ return("-"); -+} -+ - static void prg_cache_clear(void) - { - struct prg_node **pnp,*pn; -@@ -348,6 +381,7 @@ - const char *cs,*cmdlp; - DIR *dirproc=NULL,*dirfd=NULL; - struct dirent *direproc,*direfd; -+ security_context_t scon=NULL; - - if (prg_cache_loaded || !flag_prg) return; - prg_cache_loaded=1; -@@ -415,7 +449,15 @@ - } - - snprintf(finbuf, sizeof(finbuf), "%s/%s", direproc->d_name, cmdlp); -- prg_cache_add(inode, finbuf); -+#if HAVE_SELINUX -+ if (getpidcon(atoi(direproc->d_name), &scon) == -1) { -+ scon=strdup("-"); -+ } -+ prg_cache_add(inode, finbuf, scon); -+ freecon(scon); -+#else -+ prg_cache_add(inode, finbuf, "-"); -+#endif - } - closedir(dirfd); - dirfd = NULL; -@@ -1385,6 +1428,8 @@ - printf("- "); - if (flag_prg) - printf("%-" PROGNAME_WIDTHs "s",(has & HAS_INODE?prg_cache_get(inode):"-")); -+ if (flag_selinux) -+ printf("%-" SELINUX_WIDTHs "s",(has & HAS_INODE?prg_cache_get_con(inode):"-")); - puts(path); - } - -@@ -1403,6 +1448,7 @@ - - printf(_("\nProto RefCnt Flags Type State I-Node")); - print_progname_banner(); -+ print_selinux_banner(); - printf(_(" Path\n")); /* xxx */ - - { -@@ -1682,6 +1728,7 @@ - fprintf(stderr, _(" -o, --timers display timers\n")); - fprintf(stderr, _(" -F, --fib display Forwarding Information Base (default)\n")); - fprintf(stderr, _(" -C, --cache display routing cache instead of FIB\n\n")); -+ fprintf(stderr, _(" -Z, --context display SELinux security context for sockets\n\n")); - - fprintf(stderr, _(" <Iface>: Name of interface to monitor/list.\n")); - fprintf(stderr, _(" <Socket>={-t|--tcp} {-u|--udp} {-w|--raw} {-x|--unix} --ax25 --ipx --netrom\n")); -@@ -1729,6 +1776,7 @@ - {"cache", 0, 0, 'C'}, - {"fib", 0, 0, 'F'}, - {"groups", 0, 0, 'g'}, -+ {"context", 0, 0, 'Z'}, - {NULL, 0, 0, 0} - }; - -@@ -1741,7 +1789,7 @@ - - afname[0] = '\0'; - -- while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxl", longopts, &lop)) != EOF) -+ while ((i = getopt_long(argc, argv, "MCFA:acdegphiI::nNorstuVv?wxlZ", longopts, &lop)) != EOF) - switch (i) { - case -1: - break; -@@ -1838,6 +1886,20 @@ - if (aftrans_opt("unix")) - exit(1); - break; -+ case 'Z': -+#if HAVE_SELINUX -+ if (is_selinux_enabled() <= 0) { -+ fprintf(stderr, _("SELinux is not enabled on this machine.\n")); -+ exit(1); -+ } -+ flag_prg++; -+ flag_selinux++; -+#else -+ fprintf(stderr, _("SELinux is not enabled for this application.\n")); -+ exit(1); -+#endif -+ -+ break; - case '?': - case 'h': - usage(); ---- net-tools-1.60/netstat.c.sel 2007-05-21 14:02:08.000000000 -0400 -+++ net-tools-1.60/netstat.c 2007-05-21 14:03:23.000000000 -0400 -@@ -769,6 +769,9 @@ static void finish_this_one(int uid, uns - } - if (flag_prg) - printf("%-" PROGNAME_WIDTHs "s",prg_cache_get(inode)); -+ if (flag_selinux) -+ printf("%-" SELINUX_WIDTHs "s",prg_cache_get_con(inode)); -+ - if (flag_opt) - printf("%s", timers); - putchar('\n'); -@@ -2420,6 +2423,7 @@ int main - if (flag_exp > 1) - printf(_(" User Inode ")); - print_progname_banner(); -+ print_selinux_banner(); - if (flag_opt) - printf(_(" Timer")); /* xxx */ - printf("\n"); diff --git a/net-tools/patches/net-tools-1.60-siunits.patch b/net-tools/patches/net-tools-1.60-siunits.patch deleted file mode 100644 index cf6d89c..0000000 --- a/net-tools/patches/net-tools-1.60-siunits.patch +++ /dev/null @@ -1,80 +0,0 @@ ---- net-tools-1.60/lib/interface.c.siunits 2004-03-14 12:11:22.000000000 -0600 -+++ net-tools-1.60/lib/interface.c 2004-03-14 12:27:31.990679464 -0600 -@@ -262,7 +262,7 @@ - &ife->stats.tx_compressed); - break; - case 2: -- sscanf(bp, "%llu %llu %lu %lu %lu %lu %llu %llu %lu %lu %lu %lu %lu", -+ sscanf(bp, "%Lu %llu %lu %lu %lu %lu %Lu %Lu %lu %lu %lu %lu %lu", - &ife->stats.rx_bytes, - &ife->stats.rx_packets, - &ife->stats.rx_errors, -@@ -280,7 +280,7 @@ - ife->stats.rx_multicast = 0; - break; - case 1: -- sscanf(bp, "%llu %lu %lu %lu %lu %llu %lu %lu %lu %lu %lu", -+ sscanf(bp, "%Lu %lu %lu %lu %lu %Lu %lu %lu %lu %lu %lu", - &ife->stats.rx_packets, - &ife->stats.rx_errors, - &ife->stats.rx_dropped, -@@ -675,8 +675,8 @@ - int hf; - int can_compress = 0; - unsigned long long rx, tx, short_rx, short_tx; -- char Rext[5]="b"; -- char Text[5]="b"; -+ const char *Rext = "b"; -+ const char *Text = "b"; - - #if HAVE_AFIPX - static struct aftype *ipxtype = NULL; -@@ -882,10 +882,44 @@ - tx = ptr->stats.tx_bytes; - short_rx = rx * 10; - short_tx = tx * 10; -- if (rx > 1048576) { short_rx /= 1048576; strcpy(Rext, "Mb"); } -- else if (rx > 1024) { short_rx /= 1024; strcpy(Rext, "Kb"); } -- if (tx > 1048576) { short_tx /= 1048576; strcpy(Text, "Mb"); } -- else if (tx > 1024) { short_tx /= 1024; strcpy(Text, "Kb"); } -+ if (rx > 1152921504606846976ull) { -+ short_rx /= 1152921504606846976ull; -+ Rext = "EiB"; -+ } else if (rx > 1125899906842624ull) { -+ short_rx /= 1125899906842624ull; -+ Rext = "PiB"; -+ } else if (rx > 1099511627776ull) { -+ short_rx /= 1099511627776ull; -+ Rext = "TiB"; -+ } else if (rx > 1073741824ull) { -+ short_rx /= 1073741824ull; -+ Rext = "GiB"; -+ } else if (rx > 1048576) { -+ short_rx /= 1048576; -+ Rext = "MiB"; -+ } else if (rx > 1024) { -+ short_rx /= 1024; -+ Rext = "KiB"; -+ } -+ if (tx > 1152921504606846976ull) { -+ short_tx /= 1152921504606846976ull; -+ Text = "EiB"; -+ } else if (tx > 1125899906842624ull) { -+ short_tx /= 1125899906842624ull; -+ Text = "PiB"; -+ } else if (tx > 1099511627776ull) { -+ short_tx /= 1099511627776ull; -+ Text = "TiB"; -+ } else if (tx > 1073741824ull) { -+ short_tx /= 1073741824ull; -+ Text = "GiB"; -+ } else if (tx > 1048576) { -+ short_tx /= 1048576; -+ Text = "MiB"; -+ } else if (tx > 1024) { -+ short_tx /= 1024; -+ Text = "KiB"; -+ } - - printf(" "); - printf(_("TX packets:%llu errors:%lu dropped:%lu overruns:%lu carrier:%lu\n"), diff --git a/net-tools/patches/net-tools-1.60-skip.patch b/net-tools/patches/net-tools-1.60-skip.patch deleted file mode 100644 index a634f43..0000000 --- a/net-tools/patches/net-tools-1.60-skip.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- net-tools-1.60/netstat.c.skip 2006-08-07 10:45:25.000000000 +0200 -+++ net-tools-1.60/netstat.c 2006-08-07 11:17:37.000000000 +0200 -@@ -444,6 +444,10 @@ - #ifdef DIRENT_HAVE_D_TYPE_WORKS - if (direfd->d_type!=DT_LNK) - continue; -+#else -+ /* Skip . and .. */ -+ if (!isdigit(direfd->d_name[0])) -+ continue; - #endif - if (procfdlen+1+strlen(direfd->d_name)+1>sizeof(line)) - continue; diff --git a/net-tools/patches/net-tools-1.60-slattach-fchown.patch b/net-tools/patches/net-tools-1.60-slattach-fchown.patch deleted file mode 100644 index 50edf85..0000000 --- a/net-tools/patches/net-tools-1.60-slattach-fchown.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up net-tools-1.60/slattach.c.slattach-fchown net-tools-1.60/slattach.c ---- net-tools-1.60/slattach.c.slattach-fchown 2000-10-28 12:59:41.000000000 +0200 -+++ net-tools-1.60/slattach.c 2009-09-15 18:17:01.000000000 +0200 -@@ -195,15 +195,17 @@ tty_lock(char *path, int mode) - return(-1); - } - -- (void) close(fd); -- - /* Make sure UUCP owns the lockfile. Required by some packages. */ - if ((pw = getpwnam(_UID_UUCP)) == NULL) { - if (opt_q == 0) fprintf(stderr, _("slattach: tty_lock: UUCP user %s unknown!\n"), - _UID_UUCP); -+ (void) close(fd); - return(0); /* keep the lock anyway */ - } -- (void) chown(saved_path, pw->pw_uid, pw->pw_gid); -+ (void) fchown(fd, pw->pw_uid, pw->pw_gid); -+ -+ (void) close(fd); -+ - saved_lock = 1; - } else { /* unlock */ - if (saved_lock != 1) return(0); diff --git a/net-tools/patches/net-tools-1.60-statalias.patch b/net-tools/patches/net-tools-1.60-statalias.patch deleted file mode 100644 index 7c74f74..0000000 --- a/net-tools/patches/net-tools-1.60-statalias.patch +++ /dev/null @@ -1,15 +0,0 @@ ---- net-tools-1.60/lib/interface.c.statalias 2005-01-07 12:49:14.084104032 +0100 -+++ net-tools-1.60/lib/interface.c 2005-01-07 12:49:38.527388088 +0100 -@@ -395,9 +395,11 @@ - char *s, name[IFNAMSIZ]; - s = get_name(name, buf); - get_dev_fields(s, ife); -- ife->statistics_valid = 1; - if (target && !strcmp(target,name)) -+ { -+ ife->statistics_valid = 1; - break; -+ } - } - if (ferror(fh)) { - perror(_PATH_PROCNET_DEV); diff --git a/net-tools/patches/net-tools-1.60-statistics-doubleword.patch b/net-tools/patches/net-tools-1.60-statistics-doubleword.patch deleted file mode 100644 index a6b2b29..0000000 --- a/net-tools/patches/net-tools-1.60-statistics-doubleword.patch +++ /dev/null @@ -1,366 +0,0 @@ -diff -up net-tools-1.60/statistics.c.doubleword net-tools-1.60/statistics.c ---- net-tools-1.60/statistics.c.doubleword 2010-08-10 15:20:11.000000000 +0200 -+++ net-tools-1.60/statistics.c 2010-08-10 15:21:24.000000000 +0200 -@@ -63,54 +63,54 @@ static enum State state; - struct entry Iptab[] = - { - {"Forwarding", N_("Forwarding is %s"), i_forward | I_STATIC}, -- {"DefaultTTL", N_("Default TTL is %lu"), number | I_STATIC}, -- {"InReceives", N_("%lu total packets received"), number}, -- {"InHdrErrors", N_("%lu with invalid headers"), opt_number}, -- {"InAddrErrors", N_("%lu with invalid addresses"), opt_number}, -- {"ForwDatagrams", N_("%lu forwarded"), number}, -- {"InUnknownProtos", N_("%lu with unknown protocol"), opt_number}, -- {"InDiscards", N_("%lu incoming packets discarded"), number}, -- {"InDelivers", N_("%lu incoming packets delivered"), number}, -- {"OutRequests", N_("%lu requests sent out"), number}, /*? */ -- {"OutDiscards", N_("%lu outgoing packets dropped"), opt_number}, -- {"OutNoRoutes", N_("%lu dropped because of missing route"), opt_number}, -- {"ReasmTimeout", N_("%lu fragments dropped after timeout"), opt_number}, -- {"ReasmReqds", N_("%lu reassemblies required"), opt_number}, /* ? */ -- {"ReasmOKs", N_("%lu packets reassembled ok"), opt_number}, -- {"ReasmFails", N_("%lu packet reassembles failed"), opt_number}, -- {"FragOKs", N_("%lu fragments received ok"), opt_number}, -- {"FragFails", N_("%lu fragments failed"), opt_number}, -- {"FragCreates", N_("%lu fragments created"), opt_number} -+ {"DefaultTTL", N_("Default TTL is %llu"), number | I_STATIC}, -+ {"InReceives", N_("%llu total packets received"), number}, -+ {"InHdrErrors", N_("%llu with invalid headers"), opt_number}, -+ {"InAddrErrors", N_("%llu with invalid addresses"), opt_number}, -+ {"ForwDatagrams", N_("%llu forwarded"), number}, -+ {"InUnknownProtos", N_("%llu with unknown protocol"), opt_number}, -+ {"InDiscards", N_("%llu incoming packets discarded"), number}, -+ {"InDelivers", N_("%llu incoming packets delivered"), number}, -+ {"OutRequests", N_("%llu requests sent out"), number}, /*? */ -+ {"OutDiscards", N_("%llu outgoing packets dropped"), opt_number}, -+ {"OutNoRoutes", N_("%llu dropped because of missing route"), opt_number}, -+ {"ReasmTimeout", N_("%llu fragments dropped after timeout"), opt_number}, -+ {"ReasmReqds", N_("%llu reassemblies required"), opt_number}, /* ? */ -+ {"ReasmOKs", N_("%llu packets reassembled ok"), opt_number}, -+ {"ReasmFails", N_("%llu packet reassembles failed"), opt_number}, -+ {"FragOKs", N_("%llu fragments received ok"), opt_number}, -+ {"FragFails", N_("%llu fragments failed"), opt_number}, -+ {"FragCreates", N_("%llu fragments created"), opt_number} - }; - - struct entry Icmptab[] = - { -- {"InMsgs", N_("%lu ICMP messages received"), number}, -- {"InErrors", N_("%lu input ICMP message failed."), number}, -- {"InDestUnreachs", N_("destination unreachable: %lu"), i_inp_icmp | I_TITLE}, -- {"InTimeExcds", N_("timeout in transit: %lu"), i_inp_icmp | I_TITLE}, -- {"InParmProbs", N_("wrong parameters: %lu"), i_inp_icmp | I_TITLE}, /*? */ -- {"InSrcQuenchs", N_("source quenches: %lu"), i_inp_icmp | I_TITLE}, -- {"InRedirects", N_("redirects: %lu"), i_inp_icmp | I_TITLE}, -- {"InEchos", N_("echo requests: %lu"), i_inp_icmp | I_TITLE}, -- {"InEchoReps", N_("echo replies: %lu"), i_inp_icmp | I_TITLE}, -- {"InTimestamps", N_("timestamp request: %lu"), i_inp_icmp | I_TITLE}, -- {"InTimestampReps", N_("timestamp reply: %lu"), i_inp_icmp | I_TITLE}, -- {"InAddrMasks", N_("address mask request: %lu"), i_inp_icmp | I_TITLE}, /*? */ -- {"InAddrMaskReps", N_("address mask replies: %lu"), i_inp_icmp | I_TITLE}, /*? */ -- {"OutMsgs", N_("%lu ICMP messages sent"), number}, -- {"OutErrors", N_("%lu ICMP messages failed"), number}, -- {"OutDestUnreachs", N_("destination unreachable: %lu"), i_outp_icmp | I_TITLE}, -- {"OutTimeExcds", N_("time exceeded: %lu"), i_outp_icmp | I_TITLE}, -- {"OutParmProbs", N_("wrong parameters: %lu"), i_outp_icmp | I_TITLE}, /*? */ -- {"OutSrcQuenchs", N_("source quench: %lu"), i_outp_icmp | I_TITLE}, -- {"OutRedirects", N_("redirect: %lu"), i_outp_icmp | I_TITLE}, -- {"OutEchos", N_("echo request: %lu"), i_outp_icmp | I_TITLE}, -- {"OutEchoReps", N_("echo replies: %lu"), i_outp_icmp | I_TITLE}, -- {"OutTimestamps", N_("timestamp requests: %lu"), i_outp_icmp | I_TITLE}, -- {"OutTimestampReps", N_("timestamp replies: %lu"), i_outp_icmp | I_TITLE}, -- {"OutAddrMasks", N_("address mask requests: %lu"), i_outp_icmp | I_TITLE}, -- {"OutAddrMaskReps", N_("address mask replies: %lu"), i_outp_icmp | I_TITLE}, -+ {"InMsgs", N_("%llu ICMP messages received"), number}, -+ {"InErrors", N_("%llu input ICMP message failed."), number}, -+ {"InDestUnreachs", N_("destination unreachable: %llu"), i_inp_icmp | I_TITLE}, -+ {"InTimeExcds", N_("timeout in transit: %llu"), i_inp_icmp | I_TITLE}, -+ {"InParmProbs", N_("wrong parameters: %llu"), i_inp_icmp | I_TITLE}, /*? */ -+ {"InSrcQuenchs", N_("source quenches: %llu"), i_inp_icmp | I_TITLE}, -+ {"InRedirects", N_("redirects: %llu"), i_inp_icmp | I_TITLE}, -+ {"InEchos", N_("echo requests: %llu"), i_inp_icmp | I_TITLE}, -+ {"InEchoReps", N_("echo replies: %llu"), i_inp_icmp | I_TITLE}, -+ {"InTimestamps", N_("timestamp request: %llu"), i_inp_icmp | I_TITLE}, -+ {"InTimestampReps", N_("timestamp reply: %llu"), i_inp_icmp | I_TITLE}, -+ {"InAddrMasks", N_("address mask request: %llu"), i_inp_icmp | I_TITLE}, /*? */ -+ {"InAddrMaskReps", N_("address mask replies: %llu"), i_inp_icmp | I_TITLE}, /*? */ -+ {"OutMsgs", N_("%llu ICMP messages sent"), number}, -+ {"OutErrors", N_("%llu ICMP messages failed"), number}, -+ {"OutDestUnreachs", N_("destination unreachable: %llu"), i_outp_icmp | I_TITLE}, -+ {"OutTimeExcds", N_("time exceeded: %llu"), i_outp_icmp | I_TITLE}, -+ {"OutParmProbs", N_("wrong parameters: %llu"), i_outp_icmp | I_TITLE}, /*? */ -+ {"OutSrcQuenchs", N_("source quench: %llu"), i_outp_icmp | I_TITLE}, -+ {"OutRedirects", N_("redirect: %llu"), i_outp_icmp | I_TITLE}, -+ {"OutEchos", N_("echo request: %llu"), i_outp_icmp | I_TITLE}, -+ {"OutEchoReps", N_("echo replies: %llu"), i_outp_icmp | I_TITLE}, -+ {"OutTimestamps", N_("timestamp requests: %llu"), i_outp_icmp | I_TITLE}, -+ {"OutTimestampReps", N_("timestamp replies: %llu"), i_outp_icmp | I_TITLE}, -+ {"OutAddrMasks", N_("address mask requests: %llu"), i_outp_icmp | I_TITLE}, -+ {"OutAddrMaskReps", N_("address mask replies: %llu"), i_outp_icmp | I_TITLE}, - }; - - struct entry Tcptab[] = -@@ -119,131 +119,131 @@ struct entry Tcptab[] = - {"RtoMin", "", number}, - {"RtoMax", "", number}, - {"MaxConn", "", number}, -- {"ActiveOpens", N_("%lu active connections openings"), number}, -- {"PassiveOpens", N_("%lu passive connection openings"), number}, -- {"AttemptFails", N_("%lu failed connection attempts"), number}, -- {"EstabResets", N_("%lu connection resets received"), number}, -- {"CurrEstab", N_("%lu connections established"), number}, -- {"InSegs", N_("%lu segments received"), number}, -- {"OutSegs", N_("%lu segments send out"), number}, -- {"RetransSegs", N_("%lu segments retransmited"), number}, -- {"InErrs", N_("%lu bad segments received."), number}, -- {"OutRsts", N_("%lu resets sent"), number}, -+ {"ActiveOpens", N_("%llu active connections openings"), number}, -+ {"PassiveOpens", N_("%llu passive connection openings"), number}, -+ {"AttemptFails", N_("%llu failed connection attempts"), number}, -+ {"EstabResets", N_("%llu connection resets received"), number}, -+ {"CurrEstab", N_("%llu connections established"), number}, -+ {"InSegs", N_("%llu segments received"), number}, -+ {"OutSegs", N_("%llu segments send out"), number}, -+ {"RetransSegs", N_("%llu segments retransmited"), number}, -+ {"InErrs", N_("%llu bad segments received."), number}, -+ {"OutRsts", N_("%llu resets sent"), number}, - }; - - struct entry Udptab[] = - { -- {"InDatagrams", N_("%lu packets received"), number}, -- {"NoPorts", N_("%lu packets to unknown port received."), number}, -- {"InErrors", N_("%lu packet receive errors"), number}, -- {"OutDatagrams", N_("%lu packets sent"), number}, -+ {"InDatagrams", N_("%llu packets received"), number}, -+ {"NoPorts", N_("%llu packets to unknown port received."), number}, -+ {"InErrors", N_("%llu packet receive errors"), number}, -+ {"OutDatagrams", N_("%llu packets sent"), number}, - }; - - struct entry Tcpexttab[] = - { -- {"SyncookiesSent", N_("%lu SYN cookies sent"), opt_number}, -- {"SyncookiesRecv", N_("%lu SYN cookies received"), opt_number}, -- {"SyncookiesFailed", N_("%lu invalid SYN cookies received"), opt_number}, -+ {"SyncookiesSent", N_("%llu SYN cookies sent"), opt_number}, -+ {"SyncookiesRecv", N_("%llu SYN cookies received"), opt_number}, -+ {"SyncookiesFailed", N_("%llu invalid SYN cookies received"), opt_number}, - -- { "EmbryonicRsts", N_("%lu resets received for embryonic SYN_RECV sockets"), -+ { "EmbryonicRsts", N_("%llu resets received for embryonic SYN_RECV sockets"), - opt_number }, -- { "PruneCalled", N_("%lu packets pruned from receive queue because of socket" -+ { "PruneCalled", N_("%llu packets pruned from receive queue because of socket" - " buffer overrun"), opt_number }, - /* obsolete: 2.2.0 doesn't do that anymore */ -- { "RcvPruned", N_("%lu packets pruned from receive queue"), opt_number }, -- { "OfoPruned", N_("%lu packets dropped from out-of-order queue because of" -+ { "RcvPruned", N_("%llu packets pruned from receive queue"), opt_number }, -+ { "OfoPruned", N_("%llu packets dropped from out-of-order queue because of" - " socket buffer overrun"), opt_number }, -- { "OutOfWindowIcmps", N_("%lu ICMP packets dropped because they were " -+ { "OutOfWindowIcmps", N_("%llu ICMP packets dropped because they were " - "out-of-window"), opt_number }, -- { "LockDroppedIcmps", N_("%lu ICMP packets dropped because" -+ { "LockDroppedIcmps", N_("%llu ICMP packets dropped because" - " socket was locked"), opt_number }, -- { "TW", N_("%lu TCP sockets finished time wait in fast timer"), opt_number }, -- { "TWRecycled", N_("%lu time wait sockets recycled by time stamp"), opt_number }, -- { "TWKilled", N_("%lu TCP sockets finished time wait in slow timer"), opt_number }, -- { "PAWSPassive", N_("%lu passive connections rejected because of" -+ { "TW", N_("%llu TCP sockets finished time wait in fast timer"), opt_number }, -+ { "TWRecycled", N_("%llu time wait sockets recycled by time stamp"), opt_number }, -+ { "TWKilled", N_("%llu TCP sockets finished time wait in slow timer"), opt_number }, -+ { "PAWSPassive", N_("%llu passive connections rejected because of" - " time stamp"), opt_number }, -- { "PAWSActive", N_("%lu active connections rejected because of " -+ { "PAWSActive", N_("%llu active connections rejected because of " - "time stamp"), opt_number }, -- { "PAWSEstab", N_("%lu packets rejects in established connections because of" -+ { "PAWSEstab", N_("%llu packets rejects in established connections because of" - " timestamp"), opt_number }, -- { "DelayedACKs", N_("%lu delayed acks sent"), opt_number }, -- { "DelayedACKLocked", N_("%lu delayed acks further delayed because of" -+ { "DelayedACKs", N_("%llu delayed acks sent"), opt_number }, -+ { "DelayedACKLocked", N_("%llu delayed acks further delayed because of" - " locked socket"), opt_number }, -- { "DelayedACKLost", N_("Quick ack mode was activated %lu times"), opt_number }, -- { "ListenOverflows", N_("%lu times the listen queue of a socket overflowed"), -+ { "DelayedACKLost", N_("Quick ack mode was activated %llu times"), opt_number }, -+ { "ListenOverflows", N_("%llu times the listen queue of a socket overflowed"), - opt_number }, -- { "ListenDrops", N_("%lu SYNs to LISTEN sockets ignored"), opt_number }, -- { "TCPPrequeued", N_("%lu packets directly queued to recvmsg prequeue."), -+ { "ListenDrops", N_("%llu SYNs to LISTEN sockets ignored"), opt_number }, -+ { "TCPPrequeued", N_("%llu packets directly queued to recvmsg prequeue."), - opt_number }, -- { "TCPDirectCopyFromBacklog", N_("%lu packets directly received" -+ { "TCPDirectCopyFromBacklog", N_("%llu packets directly received" - " from backlog"), opt_number }, -- { "TCPDirectCopyFromPrequeue", N_("%lu packets directly received" -+ { "TCPDirectCopyFromPrequeue", N_("%llu packets directly received" - " from prequeue"), opt_number }, -- { "TCPPrequeueDropped", N_("%lu packets dropped from prequeue"), opt_number }, -- { "TCPHPHits", N_("%lu packets header predicted"), number }, -- { "TCPHPHitsToUser", N_("%lu packets header predicted and " -+ { "TCPPrequeueDropped", N_("%llu packets dropped from prequeue"), opt_number }, -+ { "TCPHPHits", N_("%llu packets header predicted"), number }, -+ { "TCPHPHitsToUser", N_("%llu packets header predicted and " - "directly queued to user"), opt_number }, -- { "SockMallocOOM", N_("Ran %lu times out of system memory during " -+ { "SockMallocOOM", N_("Ran %llu times out of system memory during " - "packet sending"), opt_number }, -- { "TCPPureAcks", N_("%u acknowledgments not containing data received"), opt_number }, -- { "TCPHPAcks", N_("%u predicted acknowledgments"), opt_number }, -- { "TCPRenoRecovery", N_("%u times recovered from packet loss due to fast retransmit"), opt_number }, -- { "TCPSackRecovery", N_("%u times recovered from packet loss due to SACK data"), opt_number }, -- { "TCPSACKReneging", N_("%u bad SACKs received"), opt_number }, -- { "TCPFACKReorder", N_("Detected reordering %u times using FACK"), opt_number }, -- { "TCPSACKReorder", N_("Detected reordering %u times using SACK"), opt_number }, -- { "TCPTSReorder", N_("Detected reordering %u times using time stamp"), opt_number }, -- { "TCPRenoReorder", N_("Detected reordering %u times using reno fast retransmit"), opt_number }, -- { "TCPFullUndo", N_("%u congestion windows fully recovered"), opt_number }, -- { "TCPPartialUndo", N_("%u congestion windows partially recovered using Hoe heuristic"), opt_number }, -- { "TCPDSackUndo", N_("%u congestion window recovered using DSACK"), opt_number }, -- { "TCPLossUndo", N_("%u congestion windows recovered after partial ack"), opt_number }, -- { "TCPLostRetransmits", N_("%u retransmits lost"), opt_number }, -- { "TCPRenoFailures", N_("%u timeouts after reno fast retransmit"), opt_number }, -- { "TCPSackFailures", N_("%u timeouts after SACK recovery"), opt_number }, -- { "TCPLossFailures", N_("%u timeouts in loss state"), opt_number }, -- { "TCPFastRetrans", N_("%u fast retransmits"), opt_number }, -- { "TCPForwardRetrans", N_("%u forward retransmits"), opt_number }, -- { "TCPSlowStartRetrans", N_("%u retransmits in slow start"), opt_number }, -- { "TCPTimeouts", N_("%u other TCP timeouts"), opt_number }, -- { "TCPRenoRecoveryFailed", N_("%u reno fast retransmits failed"), opt_number }, -- { "TCPSackRecoveryFail", N_("%u sack retransmits failed"), opt_number }, -- { "TCPSchedulerFailed", N_("%u times receiver scheduled too late for direct processing"), opt_number }, -- { "TCPRcvCollapsed", N_("%u packets collapsed in receive queue due to low socket buffer"), opt_number }, -- { "TCPDSACKOldSent", N_("%u DSACKs sent for old packets"), opt_number }, -- { "TCPDSACKOfoSent", N_("%u DSACKs sent for out of order packets"), opt_number }, -- { "TCPDSACKRecv", N_("%u DSACKs received"), opt_number }, -- { "TCPDSACKOfoRecv", N_("%u DSACKs for out of order packets received"), opt_number }, -- { "TCPAbortOnSyn", N_("%u connections reset due to unexpected SYN"), opt_number }, -- { "TCPAbortOnData", N_("%u connections reset due to unexpected data"), opt_number }, -- { "TCPAbortOnClose", N_("%u connections reset due to early user close"), opt_number }, -- { "TCPAbortOnMemory", N_("%u connections aborted due to memory pressure"), opt_number }, -- { "TCPAbortOnTimeout", N_("%u connections aborted due to timeout"), opt_number }, -- { "TCPAbortOnLinger", N_("%u connections aborted after user close in linger timeout"), opt_number }, -- { "TCPAbortFailed", N_("%u times unable to send RST due to no memory"), opt_number }, -- { "TCPMemoryPressures", N_("TCP ran low on memory %u times"), opt_number }, -- { "TCPLoss", N_("%u TCP data loss events") }, -+ { "TCPPureAcks", N_("%llu acknowledgments not containing data received"), opt_number }, -+ { "TCPHPAcks", N_("%llu predicted acknowledgments"), opt_number }, -+ { "TCPRenoRecovery", N_("%llu times recovered from packet loss due to fast retransmit"), opt_number }, -+ { "TCPSackRecovery", N_("%llu times recovered from packet loss due to SACK data"), opt_number }, -+ { "TCPSACKReneging", N_("%llu bad SACKs received"), opt_number }, -+ { "TCPFACKReorder", N_("Detected reordering %llu times using FACK"), opt_number }, -+ { "TCPSACKReorder", N_("Detected reordering %llu times using SACK"), opt_number }, -+ { "TCPTSReorder", N_("Detected reordering %llu times using time stamp"), opt_number }, -+ { "TCPRenoReorder", N_("Detected reordering %llu times using reno fast retransmit"), opt_number }, -+ { "TCPFullUndo", N_("%llu congestion windows fully recovered"), opt_number }, -+ { "TCPPartialUndo", N_("%llu congestion windows partially recovered using Hoe heuristic"), opt_number }, -+ { "TCPDSackUndo", N_("%llu congestion window recovered using DSACK"), opt_number }, -+ { "TCPLossUndo", N_("%llu congestion windows recovered after partial ack"), opt_number }, -+ { "TCPLostRetransmits", N_("%llu retransmits lost"), opt_number }, -+ { "TCPRenoFailures", N_("%llu timeouts after reno fast retransmit"), opt_number }, -+ { "TCPSackFailures", N_("%llu timeouts after SACK recovery"), opt_number }, -+ { "TCPLossFailures", N_("%llu timeouts in loss state"), opt_number }, -+ { "TCPFastRetrans", N_("%llu fast retransmits"), opt_number }, -+ { "TCPForwardRetrans", N_("%llu forward retransmits"), opt_number }, -+ { "TCPSlowStartRetrans", N_("%llu retransmits in slow start"), opt_number }, -+ { "TCPTimeouts", N_("%llu other TCP timeouts"), opt_number }, -+ { "TCPRenoRecoveryFailed", N_("%llu reno fast retransmits failed"), opt_number }, -+ { "TCPSackRecoveryFail", N_("%llu sack retransmits failed"), opt_number }, -+ { "TCPSchedulerFailed", N_("%llu times receiver scheduled too late for direct processing"), opt_number }, -+ { "TCPRcvCollapsed", N_("%llu packets collapsed in receive queue due to low socket buffer"), opt_number }, -+ { "TCPDSACKOldSent", N_("%llu DSACKs sent for old packets"), opt_number }, -+ { "TCPDSACKOfoSent", N_("%llu DSACKs sent for out of order packets"), opt_number }, -+ { "TCPDSACKRecv", N_("%llu DSACKs received"), opt_number }, -+ { "TCPDSACKOfoRecv", N_("%llu DSACKs for out of order packets received"), opt_number }, -+ { "TCPAbortOnSyn", N_("%llu connections reset due to unexpected SYN"), opt_number }, -+ { "TCPAbortOnData", N_("%llu connections reset due to unexpected data"), opt_number }, -+ { "TCPAbortOnClose", N_("%llu connections reset due to early user close"), opt_number }, -+ { "TCPAbortOnMemory", N_("%llu connections aborted due to memory pressure"), opt_number }, -+ { "TCPAbortOnTimeout", N_("%llu connections aborted due to timeout"), opt_number }, -+ { "TCPAbortOnLinger", N_("%llu connections aborted after user close in linger timeout"), opt_number }, -+ { "TCPAbortFailed", N_("%llu times unable to send RST due to no memory"), opt_number }, -+ { "TCPMemoryPressures", N_("TCP ran low on memory %llu times"), opt_number }, -+ { "TCPLoss", N_("%llu TCP data loss events") }, - }; - - struct entry Sctptab[] = - { -- {"SctpCurrEstab", N_("%u Current Associations"), number}, -- {"SctpActiveEstabs", N_("%u Active Associations"), number}, -- {"SctpPassiveEstabs", N_("%u Passive Associations"), number}, -- {"SctpAborteds", N_("%u Number of Aborteds "), number}, -- {"SctpShutdowns", N_("%u Number of Graceful Terminations"), number}, -- {"SctpOutOfBlues", N_("%u Number of Out of Blue packets"), number}, -- {"SctpChecksumErrors", N_("%u Number of Packets with invalid Checksum"), number}, -- {"SctpOutCtrlChunks", N_("%u Number of control chunks sent"), number}, -- {"SctpOutOrderChunks", N_("%u Number of ordered chunks sent"), number}, -- {"SctpOutUnorderChunks", N_("%u Number of Unordered chunks sent"), number}, -- {"SctpInCtrlChunks", N_("%u Number of control chunks received"), number}, -- {"SctpInOrderChunks", N_("%u Number of ordered chunks received"), number}, -- {"SctpInUnorderChunks", N_("%u Number of Unordered chunks received"), number}, -- {"SctpFragUsrMsgs", N_("%u Number of messages fragmented"), number}, -- {"SctpReasmUsrMsgs", N_("%u Number of messages reassembled "), number}, -- {"SctpOutSCTPPacks", N_("%u Number of SCTP packets sent"), number}, -- {"SctpInSCTPPacks", N_("%u Number of SCTP packets received"), number}, -+ {"SctpCurrEstab", N_("%llu Current Associations"), number}, -+ {"SctpActiveEstabs", N_("%llu Active Associations"), number}, -+ {"SctpPassiveEstabs", N_("%llu Passive Associations"), number}, -+ {"SctpAborteds", N_("%llu Number of Aborteds "), number}, -+ {"SctpShutdowns", N_("%llu Number of Graceful Terminations"), number}, -+ {"SctpOutOfBlues", N_("%llu Number of Out of Blue packets"), number}, -+ {"SctpChecksumErrors", N_("%llu Number of Packets with invalid Checksum"), number}, -+ {"SctpOutCtrlChunks", N_("%llu Number of control chunks sent"), number}, -+ {"SctpOutOrderChunks", N_("%llu Number of ordered chunks sent"), number}, -+ {"SctpOutUnorderChunks", N_("%llu Number of Unordered chunks sent"), number}, -+ {"SctpInCtrlChunks", N_("%llu Number of control chunks received"), number}, -+ {"SctpInOrderChunks", N_("%llu Number of ordered chunks received"), number}, -+ {"SctpInUnorderChunks", N_("%llu Number of Unordered chunks received"), number}, -+ {"SctpFragUsrMsgs", N_("%llu Number of messages fragmented"), number}, -+ {"SctpReasmUsrMsgs", N_("%llu Number of messages reassembled "), number}, -+ {"SctpOutSCTPPacks", N_("%llu Number of SCTP packets sent"), number}, -+ {"SctpInSCTPPacks", N_("%llu Number of SCTP packets received"), number}, - }; - - struct tabtab { -@@ -271,7 +271,7 @@ int cmpentries(const void *a, const void - return strcmp(((struct entry *) a)->title, ((struct entry *) b)->title); - } - --void printval(struct tabtab *tab, char *title, int val) -+void printval(struct tabtab *tab, char *title, unsigned long long val) - { - struct entry *ent = NULL, key; - int type; -@@ -283,7 +283,7 @@ void printval(struct tabtab *tab, char * - sizeof(struct entry), cmpentries); - if (!ent) { /* try our best */ - if (val) -- printf("%*s%s: %d\n", states[state].indent, "", title, val); -+ printf("%*s%s: %llu\n", states[state].indent, "", title, val); - return; - } - type = ent->type; -@@ -390,7 +390,7 @@ void process_fd(FILE *f,int file_desc) - *p = '\0'; - - if (*sp != '\0' && *(tab->flag)) -- printval(tab, sp, strtoul(np, &np, 10)); -+ printval(tab, sp, strtoull(np, &np, 10)); - - sp = p + 1; - } -@@ -426,7 +426,7 @@ void process_fd2(FILE *f, const char *fi - sp += strspn(sp, " \t\n"); - - if (*sp != '\0' && *(tab->flag)) -- printval(tab, buf1, strtoul(sp, 0, 10)); -+ printval(tab, buf1, strtoull(sp, 0, 10)); - } - return; - diff --git a/net-tools/patches/net-tools-1.60-statistics.patch b/net-tools/patches/net-tools-1.60-statistics.patch deleted file mode 100644 index 3972e37..0000000 --- a/net-tools/patches/net-tools-1.60-statistics.patch +++ /dev/null @@ -1,65 +0,0 @@ ---- net-tools-1.60/statistics.c.tcpdata 2005-04-26 10:38:10.000000000 +0200 -+++ net-tools-1.60/statistics.c 2005-04-26 10:36:19.000000000 +0200 -@@ -1,6 +1,6 @@ - /* - * Copyright 1997,1999,2000 Andi Kleen. Subject to the GPL. -- * $Id: statistics.c,v 1.14 2001/02/02 18:01:23 pb Exp $ -+ * $Id: statistics.c,v 1.17 2002/04/28 15:41:01 ak Exp $ - * 19980630 - i18n - Arnaldo Carvalho de Melo acme@conectiva.com.br - * 19981113 - i18n fixes - Arnaldo Carvalho de Melo acme@conectiva.com.br - * 19990101 - added net/netstat, -t, -u, -w supprt - Bernd Eckenfels -@@ -185,6 +185,44 @@ - "directly queued to user"), opt_number }, - { "SockMallocOOM", N_("Ran %lu times out of system memory during " - "packet sending"), opt_number }, -+ { "TCPPureAcks", N_("%u acknowledgments not containing data received"), opt_number }, -+ { "TCPHPAcks", N_("%u predicted acknowledgments"), opt_number }, -+ { "TCPRenoRecovery", N_("%u times recovered from packet loss due to fast retransmit"), opt_number }, -+ { "TCPSackRecovery", N_("%u times recovered from packet loss due to SACK data"), opt_number }, -+ { "TCPSACKReneging", N_("%u bad SACKs received"), opt_number }, -+ { "TCPFACKReorder", N_("Detected reordering %u times using FACK"), opt_number }, -+ { "TCPSACKReorder", N_("Detected reordering %u times using SACK"), opt_number }, -+ { "TCPTSReorder", N_("Detected reordering %u times using time stamp"), opt_number }, -+ { "TCPRenoReorder", N_("Detected reordering %u times using reno fast retransmit"), opt_number }, -+ { "TCPFullUndo", N_("%u congestion windows fully recovered"), opt_number }, -+ { "TCPPartialUndo", N_("%u congestion windows partially recovered using Hoe heuristic"), opt_number }, -+ { "TCPDSackUndo", N_("%u congestion window recovered using DSACK"), opt_number }, -+ { "TCPLossUndo", N_("%u congestion windows recovered after partial ack"), opt_number }, -+ { "TCPLostRetransmits", N_("%u retransmits lost"), opt_number }, -+ { "TCPRenoFailures", N_("%u timeouts after reno fast retransmit"), opt_number }, -+ { "TCPSackFailures", N_("%u timeouts after SACK recovery"), opt_number }, -+ { "TCPLossFailures", N_("%u timeouts in loss state"), opt_number }, -+ { "TCPFastRetrans", N_("%u fast retransmits"), opt_number }, -+ { "TCPForwardRetrans", N_("%u forward retransmits"), opt_number }, -+ { "TCPSlowStartRetrans", N_("%u retransmits in slow start"), opt_number }, -+ { "TCPTimeouts", N_("%u other TCP timeouts"), opt_number }, -+ { "TCPRenoRecoveryFailed", N_("%u reno fast retransmits failed"), opt_number }, -+ { "TCPSackRecoveryFail", N_("%u sack retransmits failed"), opt_number }, -+ { "TCPSchedulerFailed", N_("%u times receiver scheduled too late for direct processing"), opt_number }, -+ { "TCPRcvCollapsed", N_("%u packets collapsed in receive queue due to low socket buffer"), opt_number }, -+ { "TCPDSACKOldSent", N_("%u DSACKs sent for old packets"), opt_number }, -+ { "TCPDSACKOfoSent", N_("%u DSACKs sent for out of order packets"), opt_number }, -+ { "TCPDSACKRecv", N_("%u DSACKs received"), opt_number }, -+ { "TCPDSACKOfoRecv", N_("%u DSACKs for out of order packets received"), opt_number }, -+ { "TCPAbortOnSyn", N_("%u connections reset due to unexpected SYN"), opt_number }, -+ { "TCPAbortOnData", N_("%u connections reset due to unexpected data"), opt_number }, -+ { "TCPAbortOnClose", N_("%u connections reset due to early user close"), opt_number }, -+ { "TCPAbortOnMemory", N_("%u connections aborted due to memory pressure"), opt_number }, -+ { "TCPAbortOnTimeout", N_("%u connections aborted due to timeout"), opt_number }, -+ { "TCPAbortOnLinger", N_("%u connections aborted after user close in linger timeout"), opt_number }, -+ { "TCPAbortFailed", N_("%u times unable to send RST due to no memory"), opt_number }, -+ { "TCPMemoryPressures", N_("TCP ran low on memory %u times"), opt_number }, -+ { "TCPLoss", N_("%u TCP data loss events") }, - }; - - struct tabtab { -@@ -222,7 +260,8 @@ - ent = bsearch(&key, tab->tab, tab->size / sizeof(struct entry), - sizeof(struct entry), cmpentries); - if (!ent) { /* try our best */ -- printf("%*s%s: %d\n", states[state].indent, "", title, val); -+ if (val) -+ printf("%*s%s: %d\n", states[state].indent, "", title, val); - return; - } - type = ent->type; diff --git a/net-tools/patches/net-tools-1.60-statistics_buffer.patch b/net-tools/patches/net-tools-1.60-statistics_buffer.patch deleted file mode 100644 index 526c490..0000000 --- a/net-tools/patches/net-tools-1.60-statistics_buffer.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up net-tools-1.60/statistics.c.old net-tools-1.60/statistics.c ---- net-tools-1.60/statistics.c.old 2008-03-04 10:44:41.000000000 +0100 -+++ net-tools-1.60/statistics.c 2008-03-04 10:44:11.000000000 +0100 -@@ -352,7 +352,7 @@ struct tabtab *newtable(struct tabtab *t - - void process_fd(FILE *f,int file_desc) // added file_desc to show propriate error mesg - { -- char buf1[1024], buf2[1024]; -+ char buf1[2048], buf2[2048]; - char *sp, *np, *p; - while (fgets(buf1, sizeof buf1, f)) { - int endflag; diff --git a/net-tools/patches/net-tools-1.60-stdo.patch b/net-tools/patches/net-tools-1.60-stdo.patch deleted file mode 100644 index 4c9d93e..0000000 --- a/net-tools/patches/net-tools-1.60-stdo.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -urN net-tools-1.60/mii-tool.c net-tools-1.60.new/mii-tool.c ---- net-tools-1.60/mii-tool.c 2000-05-21 16:31:17.000000000 +0200 -+++ net-tools-1.60.new/mii-tool.c 2005-03-29 13:00:18.000000000 +0200 -@@ -302,6 +302,7 @@ - printf("\n link partner:%s", media_list(lkpar, 0)); - printf("\n"); - } -+ fflush(stdout); - return 0; - } - diff --git a/net-tools/patches/net-tools-1.60-trailingblank.patch b/net-tools/patches/net-tools-1.60-trailingblank.patch deleted file mode 100644 index 8c75228..0000000 --- a/net-tools/patches/net-tools-1.60-trailingblank.patch +++ /dev/null @@ -1,26 +0,0 @@ ---- net-tools-1.60/hostname.c.trailingblank 2001-04-08 19:04:23.000000000 +0200 -+++ net-tools-1.60/hostname.c 2003-08-19 14:21:17.000000000 +0200 -@@ -153,13 +153,19 @@ - - switch (c) { - case 'a': -- while (hp->h_aliases[0]) -- printf("%s ", *hp->h_aliases++); -+ while (hp->h_aliases[0]) { -+ printf("%s", *hp->h_aliases++); -+ if (hp->h_aliases[0]) -+ printf(" "); -+ } - printf("\n"); - break; - case 'i': -- while (hp->h_addr_list[0]) -- printf("%s ", inet_ntoa(*(struct in_addr *) *hp->h_addr_list++)); -+ while (hp->h_addr_list[0]) { -+ printf("%s", inet_ntoa(*(struct in_addr *) *hp->h_addr_list++)); -+ if (hp->h_addr_list[0]) -+ printf(" "); -+ } - printf("\n"); - break; - case 'd': diff --git a/net-tools/patches/net-tools-1.60-trim_iface.patch b/net-tools/patches/net-tools-1.60-trim_iface.patch deleted file mode 100644 index 150722c..0000000 --- a/net-tools/patches/net-tools-1.60-trim_iface.patch +++ /dev/null @@ -1,31 +0,0 @@ ---- net-tools-1.60/ifconfig.c.old 2005-03-30 10:14:03.000000000 +0200 -+++ net-tools-1.60/ifconfig.c 2005-03-30 10:40:50.000000000 +0200 -@@ -177,7 +177,7 @@ - - static void usage(void) - { -- fprintf(stderr, _("Usage:\n ifconfig [-a] [-i] [-v] [-s] <interface> [[<AF>] <address>]\n")); -+ fprintf(stderr, _("Usage:\n ifconfig [-a] [-v] [-s] <interface> [[<AF>] <address>]\n")); - #if HAVE_AFINET - fprintf(stderr, _(" [add <address>[/<prefixlen>]]\n")); - fprintf(stderr, _(" [del <address>[/<prefixlen>]]\n")); ---- net-tools-1.60/lib/interface.c.old 2005-03-30 10:14:03.000000000 +0200 -+++ net-tools-1.60/lib/interface.c 2005-03-30 11:05:38.000000000 +0200 -@@ -620,7 +620,7 @@ - - void ife_print_short(struct interface *ptr) - { -- printf("%-9.9s ", ptr->name); -+ printf("%-9s ", ptr->name); - printf("%5d %3d ", ptr->mtu, ptr->metric); - /* If needed, display the interface statistics. */ - if (ptr->statistics_valid) { -@@ -711,7 +711,7 @@ - if (hw == NULL) - hw = get_hwntype(-1); - -- printf(_("%-9.9s Link encap:%s "), ptr->name, hw->title); -+ printf(_("%-9s Link encap:%s "), ptr->name, hw->title); - /* For some hardware types (eg Ash, ATM) we don't print the - hardware address if it's null. */ - if (hw->print != NULL && (! (hw_null_address(hw, ptr->hwaddr) && diff --git a/net-tools/patches/net-tools-1.60-trunc.patch b/net-tools/patches/net-tools-1.60-trunc.patch deleted file mode 100644 index 8076089..0000000 --- a/net-tools/patches/net-tools-1.60-trunc.patch +++ /dev/null @@ -1,42 +0,0 @@ ---- net-tools-1.60/netstat.c.trunc 2004-08-31 12:42:08.595426960 +0200 -+++ net-tools-1.60/netstat.c 2004-08-31 12:59:55.766192344 +0200 -@@ -773,8 +773,8 @@ - get_sname(htons(local_port), "tcp", - flag_not & FLAG_NUM_PORT)); - -- if ((strlen(local_addr) + strlen(buffer)) > 22) -- local_addr[22 - strlen(buffer)] = '\0'; -+ if ((strlen(local_addr) + strlen(buffer)) >= 27) -+ local_addr[27 - strlen(buffer) - 1] = '\0'; - - strcat(local_addr, ":"); - strncat(local_addr, buffer, sizeof(local_addr)-strlen(local_addr)-1); -@@ -782,8 +782,8 @@ - snprintf(buffer, sizeof(buffer), "%s", - get_sname(htons(rem_port), "tcp", flag_not & FLAG_NUM_PORT)); - -- if ((strlen(rem_addr) + strlen(buffer)) > 22) -- rem_addr[22 - strlen(buffer)] = '\0'; -+ if ((strlen(rem_addr) + strlen(buffer)) >= 27) -+ rem_addr[27 - strlen(buffer) - 1] = '\0'; - - strcat(rem_addr, ":"); - strncat(rem_addr, buffer, sizeof(rem_addr)-strlen(rem_addr)-1); -@@ -816,7 +816,7 @@ - timer_run, (double) time_len / HZ, retr, timeout); - break; - } -- printf("tcp %6ld %6ld %-23s %-23s %-12s", -+ printf("tcp %6ld %6ld %-27s %-27s %-12s", - rxq, txq, local_addr, rem_addr, _(tcp_state[state])); - - finish_this_one(uid,inode,timers); -@@ -1770,7 +1770,7 @@ - else - printf(_("(w/o servers)")); - } -- printf(_("\nProto Recv-Q Send-Q Local Address Foreign Address State ")); /* xxx */ -+ printf(_("\nProto Recv-Q Send-Q Local Address Foreign Address State ")); /* xxx */ - if (flag_exp > 1) - printf(_(" User Inode ")); - print_progname_banner(); diff --git a/net-tools/patches/net-tools-1.60-ulong.patch b/net-tools/patches/net-tools-1.60-ulong.patch deleted file mode 100644 index bc7df29..0000000 --- a/net-tools/patches/net-tools-1.60-ulong.patch +++ /dev/null @@ -1,215 +0,0 @@ -diff -urN net-tools-1.60/statistics.c net-tools-1.60-patch/statistics.c ---- net-tools-1.60/statistics.c 2001-02-02 10:01:23.000000000 -0800 -+++ net-tools-1.60-patch/statistics.c 2004-06-15 11:09:44.000000000 -0700 -@@ -63,54 +63,54 @@ - struct entry Iptab[] = - { - {"Forwarding", N_("Forwarding is %s"), i_forward | I_STATIC}, -- {"DefaultTTL", N_("Default TTL is %u"), number | I_STATIC}, -- {"InReceives", N_("%u total packets received"), number}, -- {"InHdrErrors", N_("%u with invalid headers"), opt_number}, -- {"InAddrErrors", N_("%u with invalid addresses"), opt_number}, -- {"ForwDatagrams", N_("%u forwarded"), number}, -- {"InUnknownProtos", N_("%u with unknown protocol"), opt_number}, -- {"InDiscards", N_("%u incoming packets discarded"), number}, -- {"InDelivers", N_("%u incoming packets delivered"), number}, -- {"OutRequests", N_("%u requests sent out"), number}, /*? */ -- {"OutDiscards", N_("%u outgoing packets dropped"), opt_number}, -- {"OutNoRoutes", N_("%u dropped because of missing route"), opt_number}, -- {"ReasmTimeout", N_("%u fragments dropped after timeout"), opt_number}, -- {"ReasmReqds", N_("%u reassemblies required"), opt_number}, /* ? */ -- {"ReasmOKs", N_("%u packets reassembled ok"), opt_number}, -- {"ReasmFails", N_("%u packet reassembles failed"), opt_number}, -- {"FragOKs", N_("%u fragments received ok"), opt_number}, -- {"FragFails", N_("%u fragments failed"), opt_number}, -- {"FragCreates", N_("%u fragments created"), opt_number} -+ {"DefaultTTL", N_("Default TTL is %lu"), number | I_STATIC}, -+ {"InReceives", N_("%lu total packets received"), number}, -+ {"InHdrErrors", N_("%lu with invalid headers"), opt_number}, -+ {"InAddrErrors", N_("%lu with invalid addresses"), opt_number}, -+ {"ForwDatagrams", N_("%lu forwarded"), number}, -+ {"InUnknownProtos", N_("%lu with unknown protocol"), opt_number}, -+ {"InDiscards", N_("%lu incoming packets discarded"), number}, -+ {"InDelivers", N_("%lu incoming packets delivered"), number}, -+ {"OutRequests", N_("%lu requests sent out"), number}, /*? */ -+ {"OutDiscards", N_("%lu outgoing packets dropped"), opt_number}, -+ {"OutNoRoutes", N_("%lu dropped because of missing route"), opt_number}, -+ {"ReasmTimeout", N_("%lu fragments dropped after timeout"), opt_number}, -+ {"ReasmReqds", N_("%lu reassemblies required"), opt_number}, /* ? */ -+ {"ReasmOKs", N_("%lu packets reassembled ok"), opt_number}, -+ {"ReasmFails", N_("%lu packet reassembles failed"), opt_number}, -+ {"FragOKs", N_("%lu fragments received ok"), opt_number}, -+ {"FragFails", N_("%lu fragments failed"), opt_number}, -+ {"FragCreates", N_("%lu fragments created"), opt_number} - }; - - struct entry Icmptab[] = - { -- {"InMsgs", N_("%u ICMP messages received"), number}, -- {"InErrors", N_("%u input ICMP message failed."), number}, -- {"InDestUnreachs", N_("destination unreachable: %u"), i_inp_icmp | I_TITLE}, -- {"InTimeExcds", N_("timeout in transit: %u"), i_inp_icmp | I_TITLE}, -- {"InParmProbs", N_("wrong parameters: %u"), i_inp_icmp | I_TITLE}, /*? */ -- {"InSrcQuenchs", N_("source quenches: %u"), i_inp_icmp | I_TITLE}, -- {"InRedirects", N_("redirects: %u"), i_inp_icmp | I_TITLE}, -- {"InEchos", N_("echo requests: %u"), i_inp_icmp | I_TITLE}, -- {"InEchoReps", N_("echo replies: %u"), i_inp_icmp | I_TITLE}, -- {"InTimestamps", N_("timestamp request: %u"), i_inp_icmp | I_TITLE}, -- {"InTimestampReps", N_("timestamp reply: %u"), i_inp_icmp | I_TITLE}, -- {"InAddrMasks", N_("address mask request: %u"), i_inp_icmp | I_TITLE}, /*? */ -- {"InAddrMaskReps", N_("address mask replies: %u"), i_inp_icmp | I_TITLE}, /*? */ -- {"OutMsgs", N_("%u ICMP messages sent"), number}, -- {"OutErrors", N_("%u ICMP messages failed"), number}, -- {"OutDestUnreachs", N_("destination unreachable: %u"), i_outp_icmp | I_TITLE}, -- {"OutTimeExcds", N_("time exceeded: %u"), i_outp_icmp | I_TITLE}, -- {"OutParmProbs", N_("wrong parameters: %u"), i_outp_icmp | I_TITLE}, /*? */ -- {"OutSrcQuenchs", N_("source quench: %u"), i_outp_icmp | I_TITLE}, -- {"OutRedirects", N_("redirect: %u"), i_outp_icmp | I_TITLE}, -- {"OutEchos", N_("echo request: %u"), i_outp_icmp | I_TITLE}, -- {"OutEchoReps", N_("echo replies: %u"), i_outp_icmp | I_TITLE}, -- {"OutTimestamps", N_("timestamp requests: %u"), i_outp_icmp | I_TITLE}, -- {"OutTimestampReps", N_("timestamp replies: %u"), i_outp_icmp | I_TITLE}, -- {"OutAddrMasks", N_("address mask requests: %u"), i_outp_icmp | I_TITLE}, -- {"OutAddrMaskReps", N_("address mask replies: %u"), i_outp_icmp | I_TITLE}, -+ {"InMsgs", N_("%lu ICMP messages received"), number}, -+ {"InErrors", N_("%lu input ICMP message failed."), number}, -+ {"InDestUnreachs", N_("destination unreachable: %lu"), i_inp_icmp | I_TITLE}, -+ {"InTimeExcds", N_("timeout in transit: %lu"), i_inp_icmp | I_TITLE}, -+ {"InParmProbs", N_("wrong parameters: %lu"), i_inp_icmp | I_TITLE}, /*? */ -+ {"InSrcQuenchs", N_("source quenches: %lu"), i_inp_icmp | I_TITLE}, -+ {"InRedirects", N_("redirects: %lu"), i_inp_icmp | I_TITLE}, -+ {"InEchos", N_("echo requests: %lu"), i_inp_icmp | I_TITLE}, -+ {"InEchoReps", N_("echo replies: %lu"), i_inp_icmp | I_TITLE}, -+ {"InTimestamps", N_("timestamp request: %lu"), i_inp_icmp | I_TITLE}, -+ {"InTimestampReps", N_("timestamp reply: %lu"), i_inp_icmp | I_TITLE}, -+ {"InAddrMasks", N_("address mask request: %lu"), i_inp_icmp | I_TITLE}, /*? */ -+ {"InAddrMaskReps", N_("address mask replies: %lu"), i_inp_icmp | I_TITLE}, /*? */ -+ {"OutMsgs", N_("%lu ICMP messages sent"), number}, -+ {"OutErrors", N_("%lu ICMP messages failed"), number}, -+ {"OutDestUnreachs", N_("destination unreachable: %lu"), i_outp_icmp | I_TITLE}, -+ {"OutTimeExcds", N_("time exceeded: %lu"), i_outp_icmp | I_TITLE}, -+ {"OutParmProbs", N_("wrong parameters: %lu"), i_outp_icmp | I_TITLE}, /*? */ -+ {"OutSrcQuenchs", N_("source quench: %lu"), i_outp_icmp | I_TITLE}, -+ {"OutRedirects", N_("redirect: %lu"), i_outp_icmp | I_TITLE}, -+ {"OutEchos", N_("echo request: %lu"), i_outp_icmp | I_TITLE}, -+ {"OutEchoReps", N_("echo replies: %lu"), i_outp_icmp | I_TITLE}, -+ {"OutTimestamps", N_("timestamp requests: %lu"), i_outp_icmp | I_TITLE}, -+ {"OutTimestampReps", N_("timestamp replies: %lu"), i_outp_icmp | I_TITLE}, -+ {"OutAddrMasks", N_("address mask requests: %lu"), i_outp_icmp | I_TITLE}, -+ {"OutAddrMaskReps", N_("address mask replies: %lu"), i_outp_icmp | I_TITLE}, - }; - - struct entry Tcptab[] = -@@ -119,71 +119,71 @@ - {"RtoMin", "", number}, - {"RtoMax", "", number}, - {"MaxConn", "", number}, -- {"ActiveOpens", N_("%u active connections openings"), number}, -- {"PassiveOpens", N_("%u passive connection openings"), number}, -- {"AttemptFails", N_("%u failed connection attempts"), number}, -- {"EstabResets", N_("%u connection resets received"), number}, -- {"CurrEstab", N_("%u connections established"), number}, -- {"InSegs", N_("%u segments received"), number}, -- {"OutSegs", N_("%u segments send out"), number}, -- {"RetransSegs", N_("%u segments retransmited"), number}, -- {"InErrs", N_("%u bad segments received."), number}, -- {"OutRsts", N_("%u resets sent"), number}, -+ {"ActiveOpens", N_("%lu active connections openings"), number}, -+ {"PassiveOpens", N_("%lu passive connection openings"), number}, -+ {"AttemptFails", N_("%lu failed connection attempts"), number}, -+ {"EstabResets", N_("%lu connection resets received"), number}, -+ {"CurrEstab", N_("%lu connections established"), number}, -+ {"InSegs", N_("%lu segments received"), number}, -+ {"OutSegs", N_("%lu segments send out"), number}, -+ {"RetransSegs", N_("%lu segments retransmited"), number}, -+ {"InErrs", N_("%lu bad segments received."), number}, -+ {"OutRsts", N_("%lu resets sent"), number}, - }; - - struct entry Udptab[] = - { -- {"InDatagrams", N_("%u packets received"), number}, -- {"NoPorts", N_("%u packets to unknown port received."), number}, -- {"InErrors", N_("%u packet receive errors"), number}, -- {"OutDatagrams", N_("%u packets sent"), number}, -+ {"InDatagrams", N_("%lu packets received"), number}, -+ {"NoPorts", N_("%lu packets to unknown port received."), number}, -+ {"InErrors", N_("%lu packet receive errors"), number}, -+ {"OutDatagrams", N_("%lu packets sent"), number}, - }; - - struct entry Tcpexttab[] = - { -- {"SyncookiesSent", N_("%u SYN cookies sent"), opt_number}, -- {"SyncookiesRecv", N_("%u SYN cookies received"), opt_number}, -- {"SyncookiesFailed", N_("%u invalid SYN cookies received"), opt_number}, -+ {"SyncookiesSent", N_("%lu SYN cookies sent"), opt_number}, -+ {"SyncookiesRecv", N_("%lu SYN cookies received"), opt_number}, -+ {"SyncookiesFailed", N_("%lu invalid SYN cookies received"), opt_number}, - -- { "EmbryonicRsts", N_("%u resets received for embryonic SYN_RECV sockets"), -+ { "EmbryonicRsts", N_("%lu resets received for embryonic SYN_RECV sockets"), - opt_number }, -- { "PruneCalled", N_("%u packets pruned from receive queue because of socket" -+ { "PruneCalled", N_("%lu packets pruned from receive queue because of socket" - " buffer overrun"), opt_number }, - /* obsolete: 2.2.0 doesn't do that anymore */ -- { "RcvPruned", N_("%u packets pruned from receive queue"), opt_number }, -- { "OfoPruned", N_("%u packets dropped from out-of-order queue because of" -+ { "RcvPruned", N_("%lu packets pruned from receive queue"), opt_number }, -+ { "OfoPruned", N_("%lu packets dropped from out-of-order queue because of" - " socket buffer overrun"), opt_number }, -- { "OutOfWindowIcmps", N_("%u ICMP packets dropped because they were " -+ { "OutOfWindowIcmps", N_("%lu ICMP packets dropped because they were " - "out-of-window"), opt_number }, -- { "LockDroppedIcmps", N_("%u ICMP packets dropped because" -+ { "LockDroppedIcmps", N_("%lu ICMP packets dropped because" - " socket was locked"), opt_number }, -- { "TW", N_("%u TCP sockets finished time wait in fast timer"), opt_number }, -- { "TWRecycled", N_("%u time wait sockets recycled by time stamp"), opt_number }, -- { "TWKilled", N_("%u TCP sockets finished time wait in slow timer"), opt_number }, -- { "PAWSPassive", N_("%u passive connections rejected because of" -+ { "TW", N_("%lu TCP sockets finished time wait in fast timer"), opt_number }, -+ { "TWRecycled", N_("%lu time wait sockets recycled by time stamp"), opt_number }, -+ { "TWKilled", N_("%lu TCP sockets finished time wait in slow timer"), opt_number }, -+ { "PAWSPassive", N_("%lu passive connections rejected because of" - " time stamp"), opt_number }, -- { "PAWSActive", N_("%u active connections rejected because of " -+ { "PAWSActive", N_("%lu active connections rejected because of " - "time stamp"), opt_number }, -- { "PAWSEstab", N_("%u packets rejects in established connections because of" -+ { "PAWSEstab", N_("%lu packets rejects in established connections because of" - " timestamp"), opt_number }, -- { "DelayedACKs", N_("%u delayed acks sent"), opt_number }, -- { "DelayedACKLocked", N_("%u delayed acks further delayed because of" -+ { "DelayedACKs", N_("%lu delayed acks sent"), opt_number }, -+ { "DelayedACKLocked", N_("%lu delayed acks further delayed because of" - " locked socket"), opt_number }, -- { "DelayedACKLost", N_("Quick ack mode was activated %u times"), opt_number }, -- { "ListenOverflows", N_("%u times the listen queue of a socket overflowed"), -+ { "DelayedACKLost", N_("Quick ack mode was activated %lu times"), opt_number }, -+ { "ListenOverflows", N_("%lu times the listen queue of a socket overflowed"), - opt_number }, -- { "ListenDrops", N_("%u SYNs to LISTEN sockets ignored"), opt_number }, -- { "TCPPrequeued", N_("%u packets directly queued to recvmsg prequeue."), -+ { "ListenDrops", N_("%lu SYNs to LISTEN sockets ignored"), opt_number }, -+ { "TCPPrequeued", N_("%lu packets directly queued to recvmsg prequeue."), - opt_number }, -- { "TCPDirectCopyFromBacklog", N_("%u packets directly received" -+ { "TCPDirectCopyFromBacklog", N_("%lu packets directly received" - " from backlog"), opt_number }, -- { "TCPDirectCopyFromPrequeue", N_("%u packets directly received" -+ { "TCPDirectCopyFromPrequeue", N_("%lu packets directly received" - " from prequeue"), opt_number }, -- { "TCPPrequeueDropped", N_("%u packets dropped from prequeue"), opt_number }, -- { "TCPHPHits", N_("%u packets header predicted"), number }, -- { "TCPHPHitsToUser", N_("%u packets header predicted and " -+ { "TCPPrequeueDropped", N_("%lu packets dropped from prequeue"), opt_number }, -+ { "TCPHPHits", N_("%lu packets header predicted"), number }, -+ { "TCPHPHitsToUser", N_("%lu packets header predicted and " - "directly queued to user"), opt_number }, -- { "SockMallocOOM", N_("Ran %u times out of system memory during " -+ { "SockMallocOOM", N_("Ran %lu times out of system memory during " - "packet sending"), opt_number }, - }; - diff --git a/net-tools/patches/net-tools-1.60-virtualname.patch b/net-tools/patches/net-tools-1.60-virtualname.patch deleted file mode 100644 index 326df1d..0000000 --- a/net-tools/patches/net-tools-1.60-virtualname.patch +++ /dev/null @@ -1,36 +0,0 @@ ---- net-tools-1.60/lib/interface.c.virtualname 2001-02-10 20:31:15.000000000 +0100 -+++ net-tools-1.60/lib/interface.c 2003-08-19 13:18:01.000000000 +0200 -@@ -579,18 +579,18 @@ - - void ife_print_short(struct interface *ptr) - { -- printf("%-5.5s ", ptr->name); -- printf("%5d %3d", ptr->mtu, ptr->metric); -+ printf("%-9.9s ", ptr->name); -+ printf("%5d %3d ", ptr->mtu, ptr->metric); - /* If needed, display the interface statistics. */ - if (ptr->statistics_valid) { -- printf("%8llu %6lu %6lu %6lu", -+ printf("%8llu %6lu %6lu %6lu ", - ptr->stats.rx_packets, ptr->stats.rx_errors, - ptr->stats.rx_dropped, ptr->stats.rx_fifo_errors); - printf("%8llu %6lu %6lu %6lu ", - ptr->stats.tx_packets, ptr->stats.tx_errors, - ptr->stats.tx_dropped, ptr->stats.tx_fifo_errors); - } else { -- printf("%-56s", _(" - no statistics available -")); -+ printf("%-60s", _(" - no statistics available -")); - } - /* DONT FORGET TO ADD THE FLAGS IN ife_print_long, too */ - if (ptr->flags == 0) ---- net-tools-1.60/netstat.c.virtualname 2001-04-15 16:41:17.000000000 +0200 -+++ net-tools-1.60/netstat.c 2003-08-19 13:18:34.000000000 +0200 -@@ -1449,7 +1449,7 @@ - } - if (flag_exp < 2) { - ife_short = 1; -- printf(_("Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg\n")); -+ printf(_("Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg\n")); - } - - if (for_all_interfaces(do_if_print, &flag_all) < 0) { diff --git a/net-tools/patches/net-tools-1.60-x25-proc.patch b/net-tools/patches/net-tools-1.60-x25-proc.patch deleted file mode 100644 index 0495caa..0000000 --- a/net-tools/patches/net-tools-1.60-x25-proc.patch +++ /dev/null @@ -1,13 +0,0 @@ ---- net-tools-1.60/lib/pathnames.h.orig 2006-04-12 22:14:07.943885000 -0400 -+++ net-tools-1.60/lib/pathnames.h 2006-04-12 22:19:34.072430000 -0400 -@@ -42,8 +42,8 @@ - #define _PATH_PROCNET_RARP "/proc/net/rarp" - #define _PATH_ETHERS "/etc/ethers" - #define _PATH_PROCNET_ROSE_ROUTE "/proc/net/rose_routes" --#define _PATH_PROCNET_X25 "/proc/net/x25" --#define _PATH_PROCNET_X25_ROUTE "/proc/net/x25_routes" -+#define _PATH_PROCNET_X25 "/proc/net/x25" -+#define _PATH_PROCNET_X25_ROUTE "/proc/net/x25/route" - #define _PATH_PROCNET_DEV_MCAST "/proc/net/dev_mcast" - - /* pathname for the netlink device */ diff --git a/openssh/openssh.nm b/openssh/openssh.nm index 10d43f4..59491fd 100644 --- a/openssh/openssh.nm +++ b/openssh/openssh.nm @@ -4,7 +4,7 @@ ###############################################################################
name = openssh -version = 6.1p1 +version = 6.8p1 release = 1
groups = Application/Internet @@ -37,38 +37,6 @@ build zlib-devel end
- # Apply patches in a special order - patches - openssh-6.1p1-coverity.patch - openssh-5.8p1-fingerprint.patch - openssh-5.8p1-getaddrinfo.patch - openssh-5.8p1-packet.patch - openssh-6.1p1-authenticationmethods.patch - openssh-6.1p1-role-mls.patch - openssh-5.9p1-sftp-chroot.patch - openssh-6.1p1-akc.patch - openssh-5.2p1-allow-ip-opts.patch - openssh-5.9p1-randclean.patch - openssh-5.8p1-keyperm.patch - openssh-5.8p2-remove-stale-control-socket.patch - openssh-5.9p1-ipv6man.patch - openssh-5.8p2-sigpipe.patch - openssh-6.1p1-askpass-ld.patch - openssh-5.5p1-x11.patch - openssh-5.6p1-exit-deadlock.patch - openssh-5.1p1-askpass-progress.patch - openssh-4.3p2-askpass-grab-info.patch - openssh-5.9p1-edns.patch - openssh-5.1p1-scp-manpage.patch - openssh-5.8p1-localdomain.patch - openssh-5.9p1-ipfire.patch - openssh-6.0p1-entropy.patch - openssh-6.1p1-vendor.patch - openssh-5.8p2-force_krb.patch - openssh-6.1p1-kuserok.patch - openssh-6.1p1-required-authentications.patch - end - configure_options += \ --sysconfdir=%{sysconfdir}/ssh \ --datadir=%{datadir}/sshd \ @@ -94,6 +62,13 @@ build # Disable GSS API authentication because KRB5 is required for that. sed -e "s/^.*GSSAPIAuthentication/#&/" -i %{BUILDROOT}/etc/ssh/ssh_config
+ # Enable PAM usage, disable ChallengeResponseAuthentication and disable Motd. + sed \ + -e '/^#ChallengeResponseAuthentication yes$/c ChallengeResponseAuthentication no' \ + -e '/^#PrintMotd yes$/c PrintMotd no' \ + -e '/^#UsePAM no$/c UsePAM yes' \ + -i %{BUILDROOT}/etc/ssh/sshd_config + # Install scriptfile for key generation mkdir -pv %{BUILDROOT}%{sbindir} install -m 754 %{DIR_SOURCE}/sshd-keygen %{BUILDROOT}%{sbindir} diff --git a/openssh/patches/openssh-4.3p2-askpass-grab-info.patch b/openssh/patches/openssh-4.3p2-askpass-grab-info.patch deleted file mode 100644 index e9dc835..0000000 --- a/openssh/patches/openssh-4.3p2-askpass-grab-info.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- openssh-4.3p2/contrib/gnome-ssh-askpass2.c.grab-info 2006-07-17 15:10:11.000000000 +0200 -+++ openssh-4.3p2/contrib/gnome-ssh-askpass2.c 2006-07-17 15:25:04.000000000 +0200 -@@ -65,9 +65,12 @@ - err = gtk_message_dialog_new(NULL, 0, - GTK_MESSAGE_ERROR, - GTK_BUTTONS_CLOSE, -- "Could not grab %s. " -- "A malicious client may be eavesdropping " -- "on your session.", what); -+ "SSH password dialog could not grab the %s input.\n" -+ "This might be caused by application such as screensaver, " -+ "however it could also mean that someone may be eavesdropping " -+ "on your session.\n" -+ "Either close the application which grabs the %s or " -+ "log out and log in again to prevent this from happening.", what, what); - gtk_window_set_position(GTK_WINDOW(err), GTK_WIN_POS_CENTER); - gtk_label_set_line_wrap(GTK_LABEL((GTK_MESSAGE_DIALOG(err))->label), - TRUE); diff --git a/openssh/patches/openssh-5.1p1-askpass-progress.patch b/openssh/patches/openssh-5.1p1-askpass-progress.patch deleted file mode 100644 index ec93b87..0000000 --- a/openssh/patches/openssh-5.1p1-askpass-progress.patch +++ /dev/null @@ -1,79 +0,0 @@ -diff -up openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress openssh-5.1p1/contrib/gnome-ssh-askpass2.c ---- openssh-5.1p1/contrib/gnome-ssh-askpass2.c.progress 2008-07-23 19:05:26.000000000 +0200 -+++ openssh-5.1p1/contrib/gnome-ssh-askpass2.c 2008-07-23 19:05:26.000000000 +0200 -@@ -53,6 +53,7 @@ - #include <string.h> - #include <unistd.h> - #include <X11/Xlib.h> -+#include <glib.h> - #include <gtk/gtk.h> - #include <gdk/gdkx.h> - -@@ -83,13 +84,24 @@ ok_dialog(GtkWidget *entry, gpointer dia - gtk_dialog_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); - } - -+static void -+move_progress(GtkWidget *entry, gpointer progress) -+{ -+ gdouble step; -+ g_return_if_fail(GTK_IS_PROGRESS_BAR(progress)); -+ -+ step = g_random_double_range(0.03, 0.1); -+ gtk_progress_bar_set_pulse_step(GTK_PROGRESS_BAR(progress), step); -+ gtk_progress_bar_pulse(GTK_PROGRESS_BAR(progress)); -+} -+ - static int - passphrase_dialog(char *message) - { - const char *failed; - char *passphrase, *local; - int result, grab_tries, grab_server, grab_pointer; -- GtkWidget *dialog, *entry; -+ GtkWidget *dialog, *entry, *progress, *hbox; - GdkGrabStatus status; - - grab_server = (getenv("GNOME_SSH_ASKPASS_GRAB_SERVER") != NULL); -@@ -102,13 +114,31 @@ passphrase_dialog(char *message) - "%s", - message); - -+ hbox = gtk_hbox_new(FALSE, 0); -+ gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), hbox, FALSE, -+ FALSE, 0); -+ gtk_widget_show(hbox); -+ - entry = gtk_entry_new(); -- gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), entry, FALSE, -+ gtk_box_pack_start(GTK_BOX(hbox), entry, TRUE, - FALSE, 0); -+ gtk_entry_set_width_chars(GTK_ENTRY(entry), 2); - gtk_entry_set_visibility(GTK_ENTRY(entry), FALSE); - gtk_widget_grab_focus(entry); - gtk_widget_show(entry); - -+ hbox = gtk_hbox_new(FALSE, 0); -+ gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), hbox, FALSE, -+ FALSE, 8); -+ gtk_widget_show(hbox); -+ -+ progress = gtk_progress_bar_new(); -+ -+ gtk_progress_bar_set_text(GTK_PROGRESS_BAR(progress), "Passphrase length hidden intentionally"); -+ gtk_box_pack_start(GTK_BOX(hbox), progress, TRUE, -+ TRUE, 5); -+ gtk_widget_show(progress); -+ - gtk_window_set_title(GTK_WINDOW(dialog), "OpenSSH"); - gtk_window_set_position (GTK_WINDOW(dialog), GTK_WIN_POS_CENTER); - gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE); -@@ -119,6 +149,8 @@ passphrase_dialog(char *message) - gtk_dialog_set_default_response(GTK_DIALOG(dialog), GTK_RESPONSE_OK); - g_signal_connect(G_OBJECT(entry), "activate", - G_CALLBACK(ok_dialog), dialog); -+ g_signal_connect(G_OBJECT(entry), "changed", -+ G_CALLBACK(move_progress), progress); - - gtk_window_set_keep_above(GTK_WINDOW(dialog), TRUE); - diff --git a/openssh/patches/openssh-5.1p1-scp-manpage.patch b/openssh/patches/openssh-5.1p1-scp-manpage.patch deleted file mode 100644 index e314a05..0000000 --- a/openssh/patches/openssh-5.1p1-scp-manpage.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up openssh-5.1p1/scp.1.manpage openssh-5.1p1/scp.1 ---- openssh-5.1p1/scp.1.manpage 2008-07-12 09:12:49.000000000 +0200 -+++ openssh-5.1p1/scp.1 2008-07-23 19:18:15.000000000 +0200 -@@ -66,6 +66,14 @@ treating file names containing - as host specifiers. - Copies between two remote hosts are also permitted. - .Pp -+When copying a source file to a target file which already exists, -+.Nm -+will replace the contents of the target file (keeping the inode). -+.Pp -+If the target file does not yet exist, an empty file with the target -+file name is created, then filled with the source file contents. -+No attempt is made at "near-atomic" transfer using temporary files. -+.Pp - The options are as follows: - .Bl -tag -width Ds - .It Fl 1 diff --git a/openssh/patches/openssh-5.2p1-allow-ip-opts.patch b/openssh/patches/openssh-5.2p1-allow-ip-opts.patch deleted file mode 100644 index 96aaab1..0000000 --- a/openssh/patches/openssh-5.2p1-allow-ip-opts.patch +++ /dev/null @@ -1,37 +0,0 @@ -diff -up openssh-5.2p1/canohost.c.ip-opts openssh-5.2p1/canohost.c ---- openssh-5.2p1/canohost.c.ip-opts 2009-02-14 06:28:21.000000000 +0100 -+++ openssh-5.2p1/canohost.c 2009-09-01 15:31:29.000000000 +0200 -@@ -169,12 +169,27 @@ check_ip_options(int sock, char *ipaddr) - option_size = sizeof(options); - if (getsockopt(sock, ipproto, IP_OPTIONS, options, - &option_size) >= 0 && option_size != 0) { -- text[0] = '\0'; -- for (i = 0; i < option_size; i++) -- snprintf(text + i*3, sizeof(text) - i*3, -- " %2.2x", options[i]); -- fatal("Connection from %.100s with IP options:%.800s", -- ipaddr, text); -+ i = 0; -+ do { -+ switch (options[i]) { -+ case 0: -+ case 1: -+ ++i; -+ break; -+ case 131: -+ case 137: -+ /* Fail, fatally, if we detect either loose or strict -+ * source routing options. */ -+ text[0] = '\0'; -+ for (i = 0; i < option_size; i++) -+ snprintf(text + i*3, sizeof(text) - i*3, -+ " %2.2x", options[i]); -+ fatal("Connection from %.100s with IP options:%.800s", -+ ipaddr, text); -+ default: -+ i += options[i + 1]; -+ } -+ } while (i < option_size); - } - #endif /* IP_OPTIONS */ - } diff --git a/openssh/patches/openssh-5.5p1-x11.patch b/openssh/patches/openssh-5.5p1-x11.patch deleted file mode 100644 index cac5d5e..0000000 --- a/openssh/patches/openssh-5.5p1-x11.patch +++ /dev/null @@ -1,54 +0,0 @@ -diff -up openssh-5.3p1/channels.c.bz595935 openssh-5.3p1/channels.c ---- openssh-5.3p1/channels.c.bz595935 2010-08-12 14:19:28.000000000 +0200 -+++ openssh-5.3p1/channels.c 2010-08-12 14:33:51.000000000 +0200 -@@ -3185,7 +3185,7 @@ x11_create_display_inet(int x11_display_ - } - - static int --connect_local_xsocket_path(const char *pathname) -+connect_local_xsocket_path(const char *pathname, int len) - { - int sock; - struct sockaddr_un addr; -@@ -3195,11 +3195,14 @@ connect_local_xsocket_path(const char *p - error("socket: %.100s", strerror(errno)); - memset(&addr, 0, sizeof(addr)); - addr.sun_family = AF_UNIX; -- strlcpy(addr.sun_path, pathname, sizeof addr.sun_path); -- if (connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == 0) -+ if (len <= 0) -+ return -1; -+ if (len > sizeof addr.sun_path) -+ len = sizeof addr.sun_path; -+ memcpy(addr.sun_path, pathname, len); -+ if (connect(sock, (struct sockaddr *)&addr, sizeof addr - (sizeof addr.sun_path - len) ) == 0) - return sock; - close(sock); -- error("connect %.100s: %.100s", addr.sun_path, strerror(errno)); - return -1; - } - -@@ -3207,8 +3210,21 @@ static int - connect_local_xsocket(u_int dnr) - { - char buf[1024]; -- snprintf(buf, sizeof buf, _PATH_UNIX_X, dnr); -- return connect_local_xsocket_path(buf); -+ int len; -+#ifdef linux -+ int ret; -+#endif -+ len = snprintf(buf + 1, sizeof (buf) - 1, _PATH_UNIX_X, dnr); -+#ifdef linux -+ /* try abstract socket first */ -+ buf[0] = '\0'; -+ if ((ret = connect_local_xsocket_path(buf, len + 1)) >= 0) -+ return ret; -+#endif -+ if ((ret = connect_local_xsocket_path(buf + 1, len)) >= 0) -+ return ret; -+ error("connect %.100s: %.100s", buf + 1, strerror(errno)); -+ return -1; - } - - int diff --git a/openssh/patches/openssh-5.6p1-exit-deadlock.patch b/openssh/patches/openssh-5.6p1-exit-deadlock.patch deleted file mode 100644 index 278dfa1..0000000 --- a/openssh/patches/openssh-5.6p1-exit-deadlock.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up openssh-5.6p1/channels.c.exit-deadlock openssh-5.6p1/channels.c ---- openssh-5.6p1/channels.c.exit-deadlock 2010-08-05 15:09:48.000000000 +0200 -+++ openssh-5.6p1/channels.c 2010-08-23 12:41:43.000000000 +0200 -@@ -1647,6 +1647,10 @@ channel_handle_wfd(Channel *c, fd_set *r - u_int dlen, olen = 0; - int len; - -+ if(c->wfd != -1 && buffer_len(&c->output) > 0 && c->ostate == CHAN_OUTPUT_WAIT_DRAIN) { -+ debug("channel %d: forcing write", c->self); -+ FD_SET(c->wfd, writeset); -+ } - /* Send buffered output data to the socket. */ - if (c->wfd != -1 && - FD_ISSET(c->wfd, writeset) && diff --git a/openssh/patches/openssh-5.6p1-redhat.patch b/openssh/patches/openssh-5.6p1-redhat.patch deleted file mode 100644 index d1df8c1..0000000 --- a/openssh/patches/openssh-5.6p1-redhat.patch +++ /dev/null @@ -1,101 +0,0 @@ -diff -up openssh-5.6p1/ssh_config.redhat openssh-5.6p1/ssh_config ---- openssh-5.6p1/ssh_config.redhat 2010-01-12 09:40:27.000000000 +0100 -+++ openssh-5.6p1/ssh_config 2010-09-03 15:21:17.000000000 +0200 -@@ -45,3 +45,16 @@ - # PermitLocalCommand no - # VisualHostKey no - # ProxyCommand ssh -q -W %h:%p gateway.example.com -+Host * -+ GSSAPIAuthentication yes -+# If this option is set to yes then remote X11 clients will have full access -+# to the original X11 display. As virtually no X11 client supports the untrusted -+# mode correctly we set this to yes. -+ ForwardX11Trusted yes -+# Look up the host key SSHFP records -+ VerifyHostKeyDNS ask -+# Send locale-related environment variables -+ SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES -+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT -+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE -+ SendEnv XMODIFIERS -diff -up openssh-5.6p1/sshd_config.0.redhat openssh-5.6p1/sshd_config.0 ---- openssh-5.6p1/sshd_config.0.redhat 2010-08-23 05:24:16.000000000 +0200 -+++ openssh-5.6p1/sshd_config.0 2010-09-03 15:23:20.000000000 +0200 -@@ -537,9 +537,9 @@ DESCRIPTION - - SyslogFacility - Gives the facility code that is used when logging messages from -- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, -- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The -- default is AUTH. -+ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV, -+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. -+ The default is AUTH. - - TCPKeepAlive - Specifies whether the system should send TCP keepalive messages -diff -up openssh-5.6p1/sshd_config.5.redhat openssh-5.6p1/sshd_config.5 ---- openssh-5.6p1/sshd_config.5.redhat 2010-07-02 05:37:17.000000000 +0200 -+++ openssh-5.6p1/sshd_config.5 2010-09-03 15:21:17.000000000 +0200 -@@ -919,7 +919,7 @@ Note that this option applies to protoco - .It Cm SyslogFacility - Gives the facility code that is used when logging messages from - .Xr sshd 8 . --The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, -+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2, - LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. - The default is AUTH. - .It Cm TCPKeepAlive -diff -up openssh-5.6p1/sshd_config.redhat openssh-5.6p1/sshd_config ---- openssh-5.6p1/sshd_config.redhat 2009-10-11 12:51:09.000000000 +0200 -+++ openssh-5.6p1/sshd_config 2010-09-03 15:21:17.000000000 +0200 -@@ -31,6 +31,7 @@ - # Logging - # obsoletes QuietMode and FascistLogging - #SyslogFacility AUTH -+SyslogFacility AUTHPRIV - #LogLevel INFO - - # Authentication: -@@ -58,9 +59,11 @@ - # To disable tunneled clear text passwords, change to no here! - #PasswordAuthentication yes - #PermitEmptyPasswords no -+PasswordAuthentication yes - - # Change to no to disable s/key passwords - #ChallengeResponseAuthentication yes -+ChallengeResponseAuthentication no - - # Kerberos options - #KerberosAuthentication no -@@ -70,7 +73,9 @@ - - # GSSAPI options - #GSSAPIAuthentication no -+GSSAPIAuthentication yes - #GSSAPICleanupCredentials yes -+GSSAPICleanupCredentials yes - - # Set this to 'yes' to enable PAM authentication, account processing, - # and session processing. If this is enabled, PAM authentication will -@@ -82,11 +87,19 @@ - # PAM authentication, then enable this but set PasswordAuthentication - # and ChallengeResponseAuthentication to 'no'. - #UsePAM no -+UsePAM yes -+ -+# Accept locale-related environment variables -+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES -+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT -+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE -+AcceptEnv XMODIFIERS - - #AllowAgentForwarding yes - #AllowTcpForwarding yes - #GatewayPorts no - #X11Forwarding no -+X11Forwarding yes - #X11DisplayOffset 10 - #X11UseLocalhost yes - #PrintMotd yes diff --git a/openssh/patches/openssh-5.8p1-fingerprint.patch b/openssh/patches/openssh-5.8p1-fingerprint.patch deleted file mode 100644 index a0438ff..0000000 --- a/openssh/patches/openssh-5.8p1-fingerprint.patch +++ /dev/null @@ -1,421 +0,0 @@ -diff -up openssh-5.8p1/auth2-hostbased.c.fingerprint openssh-5.8p1/auth2-hostbased.c ---- openssh-5.8p1/auth2-hostbased.c.fingerprint 2010-08-05 05:04:50.000000000 +0200 -+++ openssh-5.8p1/auth2-hostbased.c 2011-02-25 09:17:18.000000000 +0100 -@@ -196,16 +196,18 @@ hostbased_key_allowed(struct passwd *pw, - - if (host_status == HOST_OK) { - if (key_is_cert(key)) { -- fp = key_fingerprint(key->cert->signature_key, -- SSH_FP_MD5, SSH_FP_HEX); -+ fp = key_selected_fingerprint(key->cert->signature_key, -+ SSH_FP_HEX); - verbose("Accepted certificate ID "%s" signed by " -- "%s CA %s from %s@%s", key->cert->key_id, -- key_type(key->cert->signature_key), fp, -+ "%s CA %s%s from %s@%s", key->cert->key_id, -+ key_type(key->cert->signature_key), -+ key_fingerprint_prefix(), fp, - cuser, lookup); - } else { -- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); -- verbose("Accepted %s public key %s from %s@%s", -- key_type(key), fp, cuser, lookup); -+ fp = key_selected_fingerprint(key, SSH_FP_HEX); -+ verbose("Accepted %s public key %s%s from %s@%s", -+ key_type(key), key_fingerprint_prefix(), -+ fp, cuser, lookup); - } - xfree(fp); - } -diff -up openssh-5.8p1/auth2-pubkey.c.fingerprint openssh-5.8p1/auth2-pubkey.c ---- openssh-5.8p1/auth2-pubkey.c.fingerprint 2010-12-01 01:50:14.000000000 +0100 -+++ openssh-5.8p1/auth2-pubkey.c 2011-02-25 09:17:18.000000000 +0100 -@@ -319,10 +319,10 @@ user_key_allowed2(struct passwd *pw, Key - continue; - if (!key_is_cert_authority) - continue; -- fp = key_fingerprint(found, SSH_FP_MD5, -- SSH_FP_HEX); -- debug("matching CA found: file %s, line %lu, %s %s", -- file, linenum, key_type(found), fp); -+ fp = key_selected_fingerprint(found, SSH_FP_HEX); -+ debug("matching CA found: file %s, line %lu, %s %s%s", -+ file, linenum, key_type(found), -+ key_fingerprint_prefix(), fp); - /* - * If the user has specified a list of principals as - * a key option, then prefer that list to matching -@@ -362,9 +362,9 @@ user_key_allowed2(struct passwd *pw, Key - found_key = 1; - debug("matching key found: file %s, line %lu", - file, linenum); -- fp = key_fingerprint(found, SSH_FP_MD5, SSH_FP_HEX); -- verbose("Found matching %s key: %s", -- key_type(found), fp); -+ fp = key_selected_fingerprint(found, SSH_FP_HEX); -+ verbose("Found matching %s key: %s%s", -+ key_type(found), key_fingerprint_prefix(), fp); - xfree(fp); - break; - } -@@ -388,13 +388,13 @@ user_cert_trusted_ca(struct passwd *pw, - if (!key_is_cert(key) || options.trusted_user_ca_keys == NULL) - return 0; - -- ca_fp = key_fingerprint(key->cert->signature_key, -- SSH_FP_MD5, SSH_FP_HEX); -+ ca_fp = key_selected_fingerprint(key->cert->signature_key, SSH_FP_HEX); - - if (key_in_file(key->cert->signature_key, - options.trusted_user_ca_keys, 1) != 1) { -- debug2("%s: CA %s %s is not listed in %s", __func__, -- key_type(key->cert->signature_key), ca_fp, -+ debug2("%s: CA %s%s %s is not listed in %s", __func__, -+ key_type(key->cert->signature_key), -+ key_fingerprint_prefix(), ca_fp, - options.trusted_user_ca_keys); - goto out; - } -diff -up openssh-5.8p1/auth.c.fingerprint openssh-5.8p1/auth.c ---- openssh-5.8p1/auth.c.fingerprint 2010-12-01 02:21:51.000000000 +0100 -+++ openssh-5.8p1/auth.c 2011-02-25 09:17:18.000000000 +0100 -@@ -639,9 +639,10 @@ auth_key_is_revoked(Key *key) - return 1; - case 1: - /* Key revoked */ -- key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); -+ key_fp = key_selected_fingerprint(key, SSH_FP_HEX); - error("WARNING: authentication attempt with a revoked " -- "%s key %s ", key_type(key), key_fp); -+ "%s key %s%s ", key_type(key), -+ key_fingerprint_prefix(), key_fp); - xfree(key_fp); - return 1; - } -diff -up openssh-5.8p1/auth-rsa.c.fingerprint openssh-5.8p1/auth-rsa.c ---- openssh-5.8p1/auth-rsa.c.fingerprint 2010-12-04 23:01:47.000000000 +0100 -+++ openssh-5.8p1/auth-rsa.c 2011-02-25 09:17:18.000000000 +0100 -@@ -318,9 +318,9 @@ auth_rsa(Authctxt *authctxt, BIGNUM *cli - * options; this will be reset if the options cause the - * authentication to be rejected. - */ -- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); -- verbose("Found matching %s key: %s", -- key_type(key), fp); -+ fp = key_selected_fingerprint(key, SSH_FP_HEX); -+ verbose("Found matching %s key: %s%s", -+ key_type(key), key_fingerprint_prefix(), fp); - xfree(fp); - key_free(key); - -diff -up openssh-5.8p1/key.c.fingerprint openssh-5.8p1/key.c ---- openssh-5.8p1/key.c.fingerprint 2011-02-04 01:48:34.000000000 +0100 -+++ openssh-5.8p1/key.c 2011-02-25 09:18:16.000000000 +0100 -@@ -594,6 +594,34 @@ key_fingerprint(Key *k, enum fp_type dgs - return retval; - } - -+enum fp_type -+key_fingerprint_selection(void) -+{ -+ static enum fp_type rv; -+ static char rv_defined = 0; -+ char *env; -+ -+ if (!rv_defined) { -+ env = getenv("SSH_FINGERPRINT_TYPE"); -+ rv = (env && !strcmp (env, "sha")) ? -+ SSH_FP_SHA1 : SSH_FP_MD5; -+ rv_defined = 1; -+ } -+ return rv; -+} -+ -+char * -+key_selected_fingerprint(Key *k, enum fp_rep dgst_rep) -+{ -+ return key_fingerprint(k, key_fingerprint_selection(), dgst_rep); -+} -+ -+char * -+key_fingerprint_prefix(void) -+{ -+ return key_fingerprint_selection() == SSH_FP_SHA1 ? "sha1:" : ""; -+} -+ - /* - * Reads a multiple-precision integer in decimal from the buffer, and advances - * the pointer. The integer must already be initialized. This function is -diff -up openssh-5.8p1/key.h.fingerprint openssh-5.8p1/key.h ---- openssh-5.8p1/key.h.fingerprint 2010-11-05 00:19:49.000000000 +0100 -+++ openssh-5.8p1/key.h 2011-02-25 09:17:18.000000000 +0100 -@@ -96,6 +96,9 @@ int key_equal_public(const Key *, cons - int key_equal(const Key *, const Key *); - char *key_fingerprint(Key *, enum fp_type, enum fp_rep); - u_char *key_fingerprint_raw(Key *, enum fp_type, u_int *); -+enum fp_type key_fingerprint_selection(void); -+char *key_selected_fingerprint(Key *, enum fp_rep); -+char *key_fingerprint_prefix(void); - const char *key_type(const Key *); - const char *key_cert_type(const Key *); - int key_write(const Key *, FILE *); -diff -up openssh-5.8p1/ssh-add.c.fingerprint openssh-5.8p1/ssh-add.c ---- openssh-5.8p1/ssh-add.c.fingerprint 2010-11-11 04:17:02.000000000 +0100 -+++ openssh-5.8p1/ssh-add.c 2011-02-25 09:17:18.000000000 +0100 -@@ -280,10 +280,10 @@ list_identities(AuthenticationConnection - key = ssh_get_next_identity(ac, &comment, version)) { - had_identities = 1; - if (do_fp) { -- fp = key_fingerprint(key, SSH_FP_MD5, -- SSH_FP_HEX); -- printf("%d %s %s (%s)\n", -- key_size(key), fp, comment, key_type(key)); -+ fp = key_selected_fingerprint(key, SSH_FP_HEX); -+ printf("%d %s%s %s (%s)\n", -+ key_size(key), key_fingerprint_prefix(), -+ fp, comment, key_type(key)); - xfree(fp); - } else { - if (!key_write(key, stdout)) -diff -up openssh-5.8p1/ssh-agent.c.fingerprint openssh-5.8p1/ssh-agent.c ---- openssh-5.8p1/ssh-agent.c.fingerprint 2010-12-01 01:50:35.000000000 +0100 -+++ openssh-5.8p1/ssh-agent.c 2011-02-25 09:17:18.000000000 +0100 -@@ -199,9 +199,9 @@ confirm_key(Identity *id) - char *p; - int ret = -1; - -- p = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); -- if (ask_permission("Allow use of key %s?\nKey fingerprint %s.", -- id->comment, p)) -+ p = key_selected_fingerprint(id->key, SSH_FP_HEX); -+ if (ask_permission("Allow use of key %s?\nKey fingerprint %s%s.", -+ id->comment, key_fingerprint_prefix(), p)) - ret = 0; - xfree(p); - -diff -up openssh-5.8p1/sshconnect2.c.fingerprint openssh-5.8p1/sshconnect2.c ---- openssh-5.8p1/sshconnect2.c.fingerprint 2010-12-01 02:21:51.000000000 +0100 -+++ openssh-5.8p1/sshconnect2.c 2011-02-25 09:17:18.000000000 +0100 -@@ -590,8 +590,9 @@ input_userauth_pk_ok(int type, u_int32_t - key->type, pktype); - goto done; - } -- fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); -- debug2("input_userauth_pk_ok: fp %s", fp); -+ fp = key_selected_fingerprint(key, SSH_FP_HEX); -+ debug2("input_userauth_pk_ok: fp %s%s", -+ key_fingerprint_prefix(), fp); - xfree(fp); - - /* -@@ -1203,8 +1204,9 @@ sign_and_send_pubkey(Authctxt *authctxt, - int have_sig = 1; - char *fp; - -- fp = key_fingerprint(id->key, SSH_FP_MD5, SSH_FP_HEX); -- debug3("sign_and_send_pubkey: %s %s", key_type(id->key), fp); -+ fp = key_selected_fingerprint(id->key, SSH_FP_HEX); -+ debug3("sign_and_send_pubkey: %s %s%s", key_type(id->key), -+ key_fingerprint_prefix(), fp); - xfree(fp); - - if (key_to_blob(id->key, &blob, &bloblen) == 0) { -diff -up openssh-5.8p1/sshconnect.c.fingerprint openssh-5.8p1/sshconnect.c ---- openssh-5.8p1/sshconnect.c.fingerprint 2011-01-16 13:17:59.000000000 +0100 -+++ openssh-5.8p1/sshconnect.c 2011-02-25 09:17:18.000000000 +0100 -@@ -798,10 +798,10 @@ check_host_key(char *hostname, struct so - "key for IP address '%.128s' to the list " - "of known hosts.", type, ip); - } else if (options.visual_host_key) { -- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); -- ra = key_fingerprint(host_key, SSH_FP_MD5, -- SSH_FP_RANDOMART); -- logit("Host key fingerprint is %s\n%s\n", fp, ra); -+ fp = key_selected_fingerprint(host_key, SSH_FP_HEX); -+ ra = key_selected_fingerprint(host_key, SSH_FP_RANDOMART); -+ logit("Host key fingerprint is %s%s\n%s\n", -+ key_fingerprint_prefix(), fp, ra); - xfree(ra); - xfree(fp); - } -@@ -838,9 +838,8 @@ check_host_key(char *hostname, struct so - else - snprintf(msg1, sizeof(msg1), "."); - /* The default */ -- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); -- ra = key_fingerprint(host_key, SSH_FP_MD5, -- SSH_FP_RANDOMART); -+ fp = key_selected_fingerprint(host_key, SSH_FP_HEX); -+ ra = key_selected_fingerprint(host_key, SSH_FP_RANDOMART); - msg2[0] = '\0'; - if (options.verify_host_key_dns) { - if (matching_host_key_dns) -@@ -855,10 +854,11 @@ check_host_key(char *hostname, struct so - snprintf(msg, sizeof(msg), - "The authenticity of host '%.200s (%s)' can't be " - "established%s\n" -- "%s key fingerprint is %s.%s%s\n%s" -+ "%s key fingerprint is %s%s.%s%s\n%s" - "Are you sure you want to continue connecting " - "(yes/no)? ", -- host, ip, msg1, type, fp, -+ host, ip, msg1, type, -+ key_fingerprint_prefix(), fp, - options.visual_host_key ? "\n" : "", - options.visual_host_key ? ra : "", - msg2); -@@ -1104,8 +1104,9 @@ verify_host_key(char *host, struct socka - int flags = 0; - char *fp; - -- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); -- debug("Server host key: %s %s", key_type(host_key), fp); -+ fp = key_selected_fingerprint(host_key, SSH_FP_HEX); -+ debug("Server host key: %s %s%s", key_type(host_key), -+ key_fingerprint_prefix(), fp); - xfree(fp); - - /* XXX certs are not yet supported for DNS */ -@@ -1214,14 +1215,15 @@ show_other_keys(struct hostkeys *hostkey - continue; - if (!lookup_key_in_hostkeys_by_type(hostkeys, type[i], &found)) - continue; -- fp = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_HEX); -- ra = key_fingerprint(found->key, SSH_FP_MD5, SSH_FP_RANDOMART); -+ fp = key_selected_fingerprint(found->key, SSH_FP_HEX); -+ ra = key_selected_fingerprint(found->key, SSH_FP_RANDOMART); - logit("WARNING: %s key found for host %s\n" - "in %s:%lu\n" -- "%s key fingerprint %s.", -+ "%s key fingerprint %s%s.", - key_type(found->key), - found->host, found->file, found->line, -- key_type(found->key), fp); -+ key_type(found->key), -+ key_fingerprint_prefix(), fp); - if (options.visual_host_key) - logit("%s", ra); - xfree(ra); -@@ -1236,7 +1238,7 @@ warn_changed_key(Key *host_key) - { - char *fp; - -- fp = key_fingerprint(host_key, SSH_FP_MD5, SSH_FP_HEX); -+ fp = key_selected_fingerprint(host_key, SSH_FP_HEX); - - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @"); -@@ -1244,8 +1246,8 @@ warn_changed_key(Key *host_key) - error("IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!"); - error("Someone could be eavesdropping on you right now (man-in-the-middle attack)!"); - error("It is also possible that a host key has just been changed."); -- error("The fingerprint for the %s key sent by the remote host is\n%s.", -- key_type(host_key), fp); -+ error("The fingerprint for the %s key sent by the remote host is\n%s%s.", -+ key_type(host_key),key_fingerprint_prefix(), fp); - error("Please contact your system administrator."); - - xfree(fp); -diff -up openssh-5.8p1/ssh-keygen.c.fingerprint openssh-5.8p1/ssh-keygen.c ---- openssh-5.8p1/ssh-keygen.c.fingerprint 2011-01-11 07:20:31.000000000 +0100 -+++ openssh-5.8p1/ssh-keygen.c 2011-02-25 09:17:18.000000000 +0100 -@@ -714,13 +714,14 @@ do_fingerprint(struct passwd *pw) - { - FILE *f; - Key *public; -- char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra; -+ char *comment = NULL, *cp, *ep, line[16*1024], *fp, *ra, *pfx; - int i, skip = 0, num = 0, invalid = 1; - enum fp_rep rep; - enum fp_type fptype; - struct stat st; - -- fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; -+ fptype = print_bubblebabble ? SSH_FP_SHA1 : key_fingerprint_selection(); -+ pfx = print_bubblebabble ? "" : key_fingerprint_prefix(); - rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; - - if (!have_identity) -@@ -732,8 +733,8 @@ do_fingerprint(struct passwd *pw) - public = key_load_public(identity_file, &comment); - if (public != NULL) { - fp = key_fingerprint(public, fptype, rep); -- ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); -- printf("%u %s %s (%s)\n", key_size(public), fp, comment, -+ ra = key_selected_fingerprint(public, SSH_FP_RANDOMART); -+ printf("%u %s%s %s (%s)\n", key_size(public), pfx, fp, comment, - key_type(public)); - if (log_level >= SYSLOG_LEVEL_VERBOSE) - printf("%s\n", ra); -@@ -798,8 +799,8 @@ do_fingerprint(struct passwd *pw) - } - comment = *cp ? cp : comment; - fp = key_fingerprint(public, fptype, rep); -- ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); -- printf("%u %s %s (%s)\n", key_size(public), fp, -+ ra = key_selected_fingerprint(public, SSH_FP_RANDOMART); -+ printf("%u %s%s %s (%s)\n", key_size(public), pfx, fp, - comment ? comment : "no comment", key_type(public)); - if (log_level >= SYSLOG_LEVEL_VERBOSE) - printf("%s\n", ra); -@@ -823,13 +824,15 @@ printhost(FILE *f, const char *name, Key - if (print_fingerprint) { - enum fp_rep rep; - enum fp_type fptype; -- char *fp, *ra; -+ char *fp, *ra, *pfx; - -- fptype = print_bubblebabble ? SSH_FP_SHA1 : SSH_FP_MD5; -+ fptype = print_bubblebabble ? SSH_FP_SHA1 : key_fingerprint_selection(); -+ pfx = print_bubblebabble ? "" : key_fingerprint_prefix(); - rep = print_bubblebabble ? SSH_FP_BUBBLEBABBLE : SSH_FP_HEX; -+ - fp = key_fingerprint(public, fptype, rep); -- ra = key_fingerprint(public, SSH_FP_MD5, SSH_FP_RANDOMART); -- printf("%u %s %s (%s)\n", key_size(public), fp, name, -+ ra = key_selected_fingerprint(public, SSH_FP_RANDOMART); -+ printf("%u %s%s %s (%s)\n", key_size(public), pfx, fp, name, - key_type(public)); - if (log_level >= SYSLOG_LEVEL_VERBOSE) - printf("%s\n", ra); -@@ -1695,16 +1698,17 @@ do_show_cert(struct passwd *pw) - fatal("%s is not a certificate", identity_file); - v00 = key->type == KEY_RSA_CERT_V00 || key->type == KEY_DSA_CERT_V00; - -- key_fp = key_fingerprint(key, SSH_FP_MD5, SSH_FP_HEX); -- ca_fp = key_fingerprint(key->cert->signature_key, -- SSH_FP_MD5, SSH_FP_HEX); -+ key_fp = key_selected_fingerprint(key, SSH_FP_HEX); -+ ca_fp = key_selected_fingerprint(key->cert->signature_key, SSH_FP_HEX); - - printf("%s:\n", identity_file); - printf(" Type: %s %s certificate\n", key_ssh_name(key), - key_cert_type(key)); -- printf(" Public key: %s %s\n", key_type(key), key_fp); -- printf(" Signing CA: %s %s\n", -- key_type(key->cert->signature_key), ca_fp); -+ printf(" Public key: %s %s%s\n", key_type(key), -+ key_fingerprint_prefix(), key_fp); -+ printf(" Signing CA: %s %s%s\n", -+ key_type(key->cert->signature_key), -+ key_fingerprint_prefix(), ca_fp); - printf(" Key ID: "%s"\n", key->cert->key_id); - if (!v00) { - printf(" Serial: %llu\n", -@@ -2249,13 +2253,12 @@ passphrase_again: - fclose(f); - - if (!quiet) { -- char *fp = key_fingerprint(public, SSH_FP_MD5, SSH_FP_HEX); -- char *ra = key_fingerprint(public, SSH_FP_MD5, -- SSH_FP_RANDOMART); -+ char *fp = key_selected_fingerprint(public, SSH_FP_HEX); -+ char *ra = key_selected_fingerprint(public, SSH_FP_RANDOMART); - printf("Your public key has been saved in %s.\n", - identity_file); - printf("The key fingerprint is:\n"); -- printf("%s %s\n", fp, comment); -+ printf("%s%s %s\n", key_fingerprint_prefix(), fp, comment); - printf("The key's randomart image is:\n"); - printf("%s\n", ra); - xfree(ra); diff --git a/openssh/patches/openssh-5.8p1-getaddrinfo.patch b/openssh/patches/openssh-5.8p1-getaddrinfo.patch deleted file mode 100644 index 6f64067..0000000 --- a/openssh/patches/openssh-5.8p1-getaddrinfo.patch +++ /dev/null @@ -1,11 +0,0 @@ -diff -up openssh-5.8p1/sshconnect.c.getaddrinfo openssh-5.8p1/sshconnect.c ---- openssh-5.8p1/sshconnect.c.getaddrinfo 2011-04-27 09:51:44.521384633 +0200 -+++ openssh-5.8p1/sshconnect.c 2011-04-27 09:53:21.224443308 +0200 -@@ -355,6 +355,7 @@ ssh_connect(const char *host, struct soc - memset(&hints, 0, sizeof(hints)); - hints.ai_family = family; - hints.ai_socktype = SOCK_STREAM; -+ hints.ai_flags = AI_V4MAPPED | AI_ADDRCONFIG; - snprintf(strport, sizeof strport, "%u", port); - if ((gaierr = getaddrinfo(host, strport, &hints, &aitop)) != 0) - fatal("%s: Could not resolve hostname %.100s: %s", __progname, diff --git a/openssh/patches/openssh-5.8p1-keyperm.patch b/openssh/patches/openssh-5.8p1-keyperm.patch deleted file mode 100644 index 6167c14..0000000 --- a/openssh/patches/openssh-5.8p1-keyperm.patch +++ /dev/null @@ -1,25 +0,0 @@ -diff -up openssh-5.8p1/authfile.c.keyperm openssh-5.8p1/authfile.c ---- openssh-5.8p1/authfile.c.keyperm 2010-12-01 02:03:39.000000000 +0100 -+++ openssh-5.8p1/authfile.c 2011-04-21 16:43:36.859648916 +0200 -@@ -57,6 +57,7 @@ - #include <stdlib.h> - #include <string.h> - #include <unistd.h> -+#include <grp.h> - - #include "xmalloc.h" - #include "cipher.h" -@@ -600,6 +612,13 @@ key_perm_ok(int fd, const char *filename - #ifdef HAVE_CYGWIN - if (check_ntsec(filename)) - #endif -+ if (st.st_mode & 040) { -+ struct group *gr; -+ -+ if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid)) -+ st.st_mode &= ~040; -+ } -+ - if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { - error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); - error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); diff --git a/openssh/patches/openssh-5.8p1-localdomain.patch b/openssh/patches/openssh-5.8p1-localdomain.patch deleted file mode 100644 index 2f21658..0000000 --- a/openssh/patches/openssh-5.8p1-localdomain.patch +++ /dev/null @@ -1,14 +0,0 @@ -diff -up openssh-5.8p1/sshd_config.localdomain openssh-5.8p1/sshd_config ---- openssh-5.8p1/sshd_config.localdomain 2011-04-22 11:37:49.273648812 +0200 -+++ openssh-5.8p1/sshd_config 2011-04-22 11:39:31.758648401 +0200 -@@ -130,6 +130,10 @@ X11Forwarding yes - # override default of no subsystems - Subsystem sftp /usr/libexec/sftp-server - -+# Uncomment this if you want to use .local domain -+#Host *.local -+# CheckHostIP no -+ - # Example of overriding settings on a per-user basis - #Match User anoncvs - # X11Forwarding no diff --git a/openssh/patches/openssh-5.8p1-packet.patch b/openssh/patches/openssh-5.8p1-packet.patch deleted file mode 100644 index 4951af6..0000000 --- a/openssh/patches/openssh-5.8p1-packet.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssh-5.8p1/packet.c.packet openssh-5.8p1/packet.c ---- openssh-5.8p1/packet.c.packet 2011-04-05 13:29:06.998648899 +0200 -+++ openssh-5.8p1/packet.c 2011-04-05 13:30:32.967648596 +0200 -@@ -294,6 +294,8 @@ packet_connection_is_on_socket(void) - struct sockaddr_storage from, to; - socklen_t fromlen, tolen; - -+ if (!active_state) -+ return 0; - /* filedescriptors in and out are the same, so it's a socket */ - if (active_state->connection_in == active_state->connection_out) - return 1; diff --git a/openssh/patches/openssh-5.8p2-force_krb.patch b/openssh/patches/openssh-5.8p2-force_krb.patch deleted file mode 100644 index 1842ce4..0000000 --- a/openssh/patches/openssh-5.8p2-force_krb.patch +++ /dev/null @@ -1,288 +0,0 @@ -diff -up openssh-5.8p2/gss-serv-krb5.c.force_krb openssh-5.8p2/gss-serv-krb5.c ---- openssh-5.8p2/gss-serv-krb5.c.force_krb 2006-09-01 07:38:36.000000000 +0200 -+++ openssh-5.8p2/gss-serv-krb5.c 2011-05-19 03:41:45.801109545 +0200 -@@ -32,7 +32,9 @@ - #include <sys/types.h> - - #include <stdarg.h> -+#include <stdio.h> - #include <string.h> -+#include <unistd.h> - - #include "xmalloc.h" - #include "key.h" -@@ -40,12 +42,11 @@ - #include "auth.h" - #include "log.h" - #include "servconf.h" -+#include "misc.h" - - #include "buffer.h" - #include "ssh-gss.h" - --extern ServerOptions options; -- - #ifdef HEIMDAL - # include <krb5.h> - #else -@@ -56,6 +57,16 @@ extern ServerOptions options; - # endif - #endif - -+extern Authctxt *the_authctxt; -+extern ServerOptions options; -+ -+/* all commands are allowed by default */ -+char **k5users_allowed_cmds = NULL; -+ -+static int ssh_gssapi_k5login_exists(); -+static int ssh_gssapi_krb5_cmdok(krb5_principal, const char *, const char *, -+ int); -+ - static krb5_context krb_context = NULL; - - /* Initialise the krb5 library, for the stuff that GSSAPI won't do */ -@@ -83,10 +94,11 @@ ssh_gssapi_krb5_init(void) - */ - - static int --ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *name) -+ssh_gssapi_krb5_userok(ssh_gssapi_client *client, char *luser) - { - krb5_principal princ; - int retval; -+ int k5login_exists; - - if (ssh_gssapi_krb5_init() == 0) - return 0; -@@ -97,10 +109,22 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client - krb5_get_err_text(krb_context, retval)); - return 0; - } -- if (krb5_kuserok(krb_context, princ, name)) { -+ /* krb5_kuserok() returns 1 if .k5login DNE and this is self-login. -+ * We have to make sure to check .k5users in that case. */ -+ k5login_exists = ssh_gssapi_k5login_exists(); -+ /* NOTE: .k5login and .k5users must opened as root, not the user, -+ * because if they are on a krb5-protected filesystem, user credentials -+ * to access these files aren't available yet. */ -+ if (krb5_kuserok(krb_context, princ, luser) && k5login_exists) { - retval = 1; - logit("Authorized to %s, krb5 principal %s (krb5_kuserok)", -- name, (char *)client->displayname.value); -+ luser, (char *)client->displayname.value); -+ } else if (ssh_gssapi_krb5_cmdok(princ, client->exportedname.value, -+ luser, k5login_exists)) { -+ retval = 1; -+ logit("Authorized to %s, krb5 principal %s " -+ "(ssh_gssapi_krb5_cmdok)", -+ luser, (char *)client->displayname.value); - } else - retval = 0; - -@@ -108,6 +132,134 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client - return retval; - } - -+/* Test for existence of .k5login. -+ * We need this as part of our .k5users check, because krb5_kuserok() -+ * returns success if .k5login DNE and user is logging in as himself. -+ * With .k5login absent and .k5users present, we don't want absence -+ * of .k5login to authorize self-login. (absence of both is required) -+ * Returns 1 if .k5login is available, 0 otherwise. -+ */ -+static int -+ssh_gssapi_k5login_exists() -+{ -+ char file[MAXPATHLEN]; -+ struct passwd *pw = the_authctxt->pw; -+ -+ snprintf(file, sizeof(file), "%s/.k5login", pw->pw_dir); -+ return access(file, F_OK) == 0; -+} -+ -+/* check .k5users for login or command authorization -+ * Returns 1 if principal is authorized, 0 otherwise. -+ * If principal is authorized, (global) k5users_allowed_cmds may be populated. -+ */ -+static int -+ssh_gssapi_krb5_cmdok(krb5_principal principal, const char *name, -+ const char *luser, int k5login_exists) -+{ -+ FILE *fp; -+ char file[MAXPATHLEN]; -+ char line[BUFSIZ]; -+ char kuser[65]; /* match krb5_kuserok() */ -+ struct stat st; -+ struct passwd *pw = the_authctxt->pw; -+ int found_principal = 0; -+ int ncommands = 0, allcommands = 0; -+ u_long linenum; -+ -+ snprintf(file, sizeof(file), "%s/.k5users", pw->pw_dir); -+ /* If both .k5login and .k5users DNE, self-login is ok. */ -+ if (!k5login_exists && (access(file, F_OK) == -1)) { -+ return (krb5_aname_to_localname(krb_context, principal, -+ sizeof(kuser), kuser) == 0) && -+ (strcmp(kuser, luser) == 0); -+ } -+ if ((fp = fopen(file, "r")) == NULL) { -+ int saved_errno = errno; -+ /* 2nd access check to ease debugging if file perms are wrong. -+ * But we don't want to report this if .k5users simply DNE. */ -+ if (access(file, F_OK) == 0) { -+ logit("User %s fopen %s failed: %s", -+ pw->pw_name, file, strerror(saved_errno)); -+ } -+ return 0; -+ } -+ /* .k5users must be owned either by the user or by root */ -+ if (fstat(fileno(fp), &st) == -1) { -+ /* can happen, but very wierd error so report it */ -+ logit("User %s fstat %s failed: %s", -+ pw->pw_name, file, strerror(errno)); -+ fclose(fp); -+ return 0; -+ } -+ if (!(st.st_uid == pw->pw_uid || st.st_uid == 0)) { -+ logit("User %s %s is not owned by root or user", -+ pw->pw_name, file); -+ fclose(fp); -+ return 0; -+ } -+ /* .k5users must be a regular file. krb5_kuserok() doesn't do this -+ * check, but we don't want to be deficient if they add a check. */ -+ if (!S_ISREG(st.st_mode)) { -+ logit("User %s %s is not a regular file", pw->pw_name, file); -+ fclose(fp); -+ return 0; -+ } -+ /* file exists; initialize k5users_allowed_cmds (to none!) */ -+ k5users_allowed_cmds = xcalloc(++ncommands, -+ sizeof(*k5users_allowed_cmds)); -+ -+ /* Check each line. ksu allows unlimited length lines. We don't. */ -+ while (!allcommands && read_keyfile_line(fp, file, line, sizeof(line), -+ &linenum) != -1) { -+ char *token; -+ -+ /* we parse just like ksu, even though we could do better */ -+ token = strtok(line, " \t\n"); -+ if (strcmp(name, token) == 0) { -+ /* we matched on client principal */ -+ found_principal = 1; -+ if ((token = strtok(NULL, " \t\n")) == NULL) { -+ /* only shell is allowed */ -+ k5users_allowed_cmds[ncommands-1] = -+ xstrdup(pw->pw_shell); -+ k5users_allowed_cmds = -+ xrealloc(k5users_allowed_cmds, ++ncommands, -+ sizeof(*k5users_allowed_cmds)); -+ break; -+ } -+ /* process the allowed commands */ -+ while (token) { -+ if (strcmp(token, "*") == 0) { -+ allcommands = 1; -+ break; -+ } -+ k5users_allowed_cmds[ncommands-1] = -+ xstrdup(token); -+ k5users_allowed_cmds = -+ xrealloc(k5users_allowed_cmds, ++ncommands, -+ sizeof(*k5users_allowed_cmds)); -+ token = strtok(NULL, " \t\n"); -+ } -+ } -+ } -+ if (k5users_allowed_cmds) { -+ /* terminate vector */ -+ k5users_allowed_cmds[ncommands-1] = NULL; -+ /* if all commands are allowed, free vector */ -+ if (allcommands) { -+ int i; -+ for (i = 0; i < ncommands; i++) { -+ free(k5users_allowed_cmds[i]); -+ } -+ free(k5users_allowed_cmds); -+ k5users_allowed_cmds = NULL; -+ } -+ } -+ fclose(fp); -+ return found_principal; -+} -+ - - /* This writes out any forwarded credentials from the structure populated - * during userauth. Called after we have setuid to the user */ -diff -up openssh-5.8p2/session.c.force_krb openssh-5.8p2/session.c ---- openssh-5.8p2/session.c.force_krb 2011-05-19 03:41:41.000000000 +0200 -+++ openssh-5.8p2/session.c 2011-05-19 03:43:32.437173662 +0200 -@@ -816,6 +816,29 @@ do_exec(Session *s, const char *command) - debug("Forced command (key option) '%.900s'", command); - } - -+#ifdef GSSAPI -+#ifdef KRB5 /* k5users_allowed_cmds only available w/ GSSAPI+KRB5 */ -+ else if (k5users_allowed_cmds) { -+ const char *match = command; -+ int allowed = 0, i = 0; -+ -+ if (!match) -+ match = s->pw->pw_shell; -+ while (k5users_allowed_cmds[i]) { -+ if (strcmp(match, k5users_allowed_cmds[i++]) == 0) { -+ debug("Allowed command '%.900s'", match); -+ allowed = 1; -+ break; -+ } -+ } -+ if (!allowed) { -+ debug("command '%.900s' not allowed", match); -+ return 1; -+ } -+ } -+#endif -+#endif -+ - #ifdef SSH_AUDIT_EVENTS - if (s->command != NULL || s->command_handle != -1) - fatal("do_exec: command already set"); -diff -up openssh-5.8p2/sshd.8.force_krb openssh-5.8p2/sshd.8 ---- openssh-5.8p2/sshd.8.force_krb 2011-05-19 03:41:30.582114401 +0200 -+++ openssh-5.8p2/sshd.8 2011-05-19 03:41:46.159106308 +0200 -@@ -320,6 +320,7 @@ Finally, the server and the client enter - The client tries to authenticate itself using - host-based authentication, - public key authentication, -+GSSAPI authentication, - challenge-response authentication, - or password authentication. - .Pp -@@ -788,6 +789,12 @@ This file is used in exactly the same wa - but allows host-based authentication without permitting login with - rlogin/rsh. - .Pp -+.It Pa ~/.k5login -+.It Pa ~/.k5users -+These files enforce GSSAPI/Kerberos authentication access control. -+Further details are described in -+.Xr ksu 1 . -+.Pp - .It Pa ~/.ssh/ - This directory is the default location for all user-specific configuration - and authentication information. -diff -up openssh-5.8p2/ssh-gss.h.force_krb openssh-5.8p2/ssh-gss.h ---- openssh-5.8p2/ssh-gss.h.force_krb 2007-06-12 15:40:39.000000000 +0200 -+++ openssh-5.8p2/ssh-gss.h 2011-05-19 03:41:46.302234118 +0200 -@@ -48,6 +48,10 @@ - #define GSS_C_NT_HOSTBASED_SERVICE gss_nt_service_name - #endif /* GSS_C_NT_... */ - #endif /* !HEIMDAL */ -+ -+/* .k5users support */ -+extern char **k5users_allowed_cmds; -+ - #endif /* KRB5 */ - - /* draft-ietf-secsh-gsskeyex-06 */ diff --git a/openssh/patches/openssh-5.8p2-remove-stale-control-socket.patch b/openssh/patches/openssh-5.8p2-remove-stale-control-socket.patch deleted file mode 100644 index 4a25d9e..0000000 --- a/openssh/patches/openssh-5.8p2-remove-stale-control-socket.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up openssh-5.8p2/mux.c.remove_stale openssh-5.8p2/mux.c ---- openssh-5.8p2/mux.c.remove_stale 2011-01-14 02:01:32.000000000 +0100 -+++ openssh-5.8p2/mux.c 2011-06-09 15:27:42.556360291 +0200 -@@ -1867,6 +1867,9 @@ muxclient(const char *path) - unlink(path); - } else if (errno == ENOENT) { - debug("Control socket "%.100s" does not exist", path); -+ } else if (errno == ECONNREFUSED) { -+ debug("Removing stale control socket "%.100s"", path); -+ unlink(path); - } else { - error("Control socket connect(%.100s): %s", path, - strerror(errno)); diff --git a/openssh/patches/openssh-5.8p2-sigpipe.patch b/openssh/patches/openssh-5.8p2-sigpipe.patch deleted file mode 100644 index 56af045..0000000 --- a/openssh/patches/openssh-5.8p2-sigpipe.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -up openssh-5.8p2/ssh-keyscan.c.sigpipe openssh-5.8p2/ssh-keyscan.c ---- openssh-5.8p2/ssh-keyscan.c.sigpipe 2011-08-23 18:30:33.873025916 +0200 -+++ openssh-5.8p2/ssh-keyscan.c 2011-08-23 18:32:24.574025362 +0200 -@@ -715,6 +715,8 @@ main(int argc, char **argv) - fdlim_set(maxfd); - fdcon = xcalloc(maxfd, sizeof(con)); - -+ signal(SIGPIPE, SIG_IGN); -+ - read_wait_nfdset = howmany(maxfd, NFDBITS); - read_wait = xcalloc(read_wait_nfdset, sizeof(fd_mask)); - diff --git a/openssh/patches/openssh-5.9p1-akc.patch b/openssh/patches/openssh-5.9p1-akc.patch deleted file mode 100644 index 62a478b..0000000 --- a/openssh/patches/openssh-5.9p1-akc.patch +++ /dev/null @@ -1,452 +0,0 @@ -diff -up openssh-5.9p1/auth2-pubkey.c.akc openssh-5.9p1/auth2-pubkey.c ---- openssh-5.9p1/auth2-pubkey.c.akc 2011-09-14 07:24:40.876512251 +0200 -+++ openssh-5.9p1/auth2-pubkey.c 2011-09-14 07:24:43.318458515 +0200 -@@ -27,6 +27,7 @@ - - #include <sys/types.h> - #include <sys/stat.h> -+#include <sys/wait.h> - - #include <fcntl.h> - #include <pwd.h> -@@ -276,27 +277,15 @@ match_principals_file(char *file, struct - - /* return 1 if user allows given key */ - static int --user_key_allowed2(struct passwd *pw, Key *key, char *file) -+user_search_key_in_file(FILE *f, char *file, Key* key, struct passwd *pw) - { - char line[SSH_MAX_PUBKEY_BYTES]; - const char *reason; - int found_key = 0; -- FILE *f; - u_long linenum = 0; - Key *found; - char *fp; - -- /* Temporarily use the user's uid. */ -- temporarily_use_uid(pw); -- -- debug("trying public key file %s", file); -- f = auth_openkeyfile(file, pw, options.strict_modes); -- -- if (!f) { -- restore_uid(); -- return 0; -- } -- - found_key = 0; - found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); - -@@ -389,8 +378,6 @@ user_key_allowed2(struct passwd *pw, Key - break; - } - } -- restore_uid(); -- fclose(f); - key_free(found); - if (!found_key) - debug2("key not found"); -@@ -452,13 +439,191 @@ user_cert_trusted_ca(struct passwd *pw, - return ret; - } - --/* check whether given key is in .ssh/authorized_keys* */ -+/* return 1 if user allows given key */ -+static int -+user_key_allowed2(struct passwd *pw, Key *key, char *file) -+{ -+ FILE *f; -+ int found_key = 0; -+ -+ /* Temporarily use the user's uid. */ -+ temporarily_use_uid(pw); -+ -+ debug("trying public key file %s", file); -+ f = auth_openkeyfile(file, pw, options.strict_modes); -+ -+ if (f) { -+ found_key = user_search_key_in_file (f, file, key, pw); -+ fclose(f); -+ } -+ -+ restore_uid(); -+ return found_key; -+} -+ -+#ifdef WITH_AUTHORIZED_KEYS_COMMAND -+ -+#define WHITESPACE " \t\r\n" -+ -+/* return 1 if user allows given key */ -+static int -+user_key_via_command_allowed2(struct passwd *pw, Key *key) -+{ -+ FILE *f; -+ int found_key = 0; -+ char *progname = NULL; -+ char *cp; -+ struct passwd *runas_pw; -+ struct stat st; -+ int childdescriptors[2], i; -+ pid_t pstat, pid, child; -+ -+ if (options.authorized_keys_command == NULL || options.authorized_keys_command[0] != '/') -+ return 0; -+ -+ /* get the run as identity from config */ -+ runas_pw = (options.authorized_keys_command_runas == NULL)? pw -+ : getpwnam (options.authorized_keys_command_runas); -+ if (!runas_pw) { -+ error("%s: getpwnam("%s"): %s", __func__, -+ options.authorized_keys_command_runas, strerror(errno)); -+ return 0; -+ } -+ -+ /* Temporarily use the specified uid. */ -+ if (runas_pw->pw_uid != 0) -+ temporarily_use_uid(runas_pw); -+ -+ progname = xstrdup(options.authorized_keys_command); -+ -+ debug3("%s: checking program '%s'", __func__, progname); -+ -+ if (stat (progname, &st) < 0) { -+ error("%s: stat("%s"): %s", __func__, -+ progname, strerror(errno)); -+ goto go_away; -+ } -+ -+ if (st.st_uid != 0 || (st.st_mode & 022) != 0) { -+ error("bad ownership or modes for AuthorizedKeysCommand "%s"", -+ progname); -+ goto go_away; -+ } -+ -+ if (!S_ISREG(st.st_mode)) { -+ error("AuthorizedKeysCommand "%s" is not a regular file", -+ progname); -+ goto go_away; -+ } -+ -+ /* -+ * Descend the path, checking that each component is a -+ * root-owned directory with strict permissions. -+ */ -+ do { -+ if ((cp = strrchr(progname, '/')) == NULL) -+ break; -+ else -+ *cp = '\0'; -+ -+ debug3("%s: checking component '%s'", __func__, (*progname == '\0' ? "/" : progname)); -+ -+ if (stat((*progname == '\0' ? "/" : progname), &st) != 0) { -+ error("%s: stat("%s"): %s", __func__, -+ progname, strerror(errno)); -+ goto go_away; -+ } -+ if (st.st_uid != 0 || (st.st_mode & 022) != 0) { -+ error("bad ownership or modes for AuthorizedKeysCommand path component "%s"", -+ progname); -+ goto go_away; -+ } -+ if (!S_ISDIR(st.st_mode)) { -+ error("AuthorizedKeysCommand path component "%s" is not a directory", -+ progname); -+ goto go_away; -+ } -+ } while (1); -+ -+ /* open the pipe and read the keys */ -+ if (pipe(childdescriptors)) { -+ error("failed to pipe(2) for AuthorizedKeysCommand: %s", -+ strerror(errno)); -+ goto go_away; -+ } -+ -+ child = fork(); -+ if (child == -1) { -+ error("failed to fork(2) for AuthorizedKeysCommand: %s", -+ strerror(errno)); -+ goto go_away; -+ } else if (child == 0) { -+ /* we're in the child process here -- we should never return from this block. */ -+ /* permanently drop privs in child process */ -+ if (runas_pw->pw_uid != 0) { -+ restore_uid(); -+ permanently_set_uid(runas_pw); -+ } -+ -+ close(childdescriptors[0]); -+ /* put the write end of the pipe on stdout (FD 1) */ -+ if (dup2(childdescriptors[1], 1) == -1) { -+ error("failed to dup2(2) from AuthorizedKeysCommand: %s", -+ strerror(errno)); -+ _exit(127); -+ } -+ -+ debug3("about to execl() AuthorizedKeysCommand: "%s" "%s"", options.authorized_keys_command, pw->pw_name); -+ /* see session.c:child_close_fds() */ -+ for (i = 3; i < 64; ++i) { -+ close(i); -+ } -+ -+ execl(options.authorized_keys_command, options.authorized_keys_command, pw->pw_name, NULL); -+ -+ /* if we got here, it didn't work */ -+ error("failed to execl AuthorizedKeysCommand: %s", strerror(errno)); /* this won't work because we closed the fds above */ -+ _exit(127); -+ } -+ -+ close(childdescriptors[1]); -+ f = fdopen(childdescriptors[0], "r"); -+ if (!f) { -+ error("%s: could not buffer FDs from AuthorizedKeysCommand ("%s", "r"): %s", __func__, -+ options.authorized_keys_command, strerror (errno)); -+ goto go_away; -+ } -+ -+ found_key = user_search_key_in_file (f, options.authorized_keys_command, key, pw); -+ fclose (f); -+ do { -+ pid = waitpid(child, &pstat, 0); -+ } while (pid == -1 && errno == EINTR); -+ -+ /* what about the return value from the child process? */ -+go_away: -+ if (progname) -+ xfree (progname); -+ -+ if (runas_pw->pw_uid != 0) -+ restore_uid(); -+ return found_key; -+} -+#endif -+ -+/* check whether given key is in <AuthorizedKeysCommand or .ssh/authorized_keys* */ - int - user_key_allowed(struct passwd *pw, Key *key) - { - u_int success, i; - char *file; - -+#ifdef WITH_AUTHORIZED_KEYS_COMMAND -+ success = user_key_via_command_allowed2(pw, key); -+ if (success > 0) -+ return success; -+#endif -+ - if (auth_key_is_revoked(key)) - return 0; - if (key_is_cert(key) && auth_key_is_revoked(key->cert->signature_key)) -diff -up openssh-5.9p1/configure.ac.akc openssh-5.9p1/configure.ac ---- openssh-5.9p1/configure.ac.akc 2011-09-14 07:24:42.863494886 +0200 -+++ openssh-5.9p1/configure.ac 2011-09-14 07:24:43.441583848 +0200 -@@ -1421,6 +1421,18 @@ AC_ARG_WITH([audit], - esac ] - ) - -+# Check whether user wants AuthorizedKeysCommand support -+AKC_MSG="no" -+AC_ARG_WITH(authorized-keys-command, -+ [ --with-authorized-keys-command Enable AuthorizedKeysCommand support], -+ [ -+ if test "x$withval" != "xno" ; then -+ AC_DEFINE([WITH_AUTHORIZED_KEYS_COMMAND], 1, [Enable AuthorizedKeysCommand support]) -+ AKC_MSG="yes" -+ fi -+ ] -+) -+ - dnl Checks for library functions. Please keep in alphabetical order - AC_CHECK_FUNCS([ \ - arc4random \ -@@ -4239,6 +4251,7 @@ echo " SELinux support - echo " Smartcard support: $SCARD_MSG" - echo " S/KEY support: $SKEY_MSG" - echo " TCP Wrappers support: $TCPW_MSG" -+echo " AuthorizedKeysCommand support: $AKC_MSG" - echo " MD5 password support: $MD5_MSG" - echo " libedit support: $LIBEDIT_MSG" - echo " Solaris process contract support: $SPC_MSG" -diff -up openssh-5.9p1/servconf.c.akc openssh-5.9p1/servconf.c ---- openssh-5.9p1/servconf.c.akc 2011-09-14 07:24:29.402475399 +0200 -+++ openssh-5.9p1/servconf.c 2011-09-14 07:56:27.158585590 +0200 -@@ -139,6 +139,8 @@ initialize_server_options(ServerOptions - options->num_permitted_opens = -1; - options->adm_forced_command = NULL; - options->chroot_directory = NULL; -+ options->authorized_keys_command = NULL; -+ options->authorized_keys_command_runas = NULL; - options->zero_knowledge_password_authentication = -1; - options->revoked_keys_file = NULL; - options->trusted_user_ca_keys = NULL; -@@ -348,6 +350,7 @@ typedef enum { - sZeroKnowledgePasswordAuthentication, sHostCertificate, - sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sKexAlgorithms, sIPQoS, -+ sAuthorizedKeysCommand, sAuthorizedKeysCommandRunAs, - sDeprecated, sUnsupported - } ServerOpCodes; - -@@ -487,6 +490,13 @@ static struct { - { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, - { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, - { "ipqos", sIPQoS, SSHCFG_ALL }, -+#ifdef WITH_AUTHORIZED_KEYS_COMMAND -+ { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, -+ { "authorizedkeyscommandrunas", sAuthorizedKeysCommandRunAs, SSHCFG_ALL }, -+#else -+ { "authorizedkeyscommand", sUnsupported, SSHCFG_ALL }, -+ { "authorizedkeyscommandrunas", sUnsupported, SSHCFG_ALL }, -+#endif - { NULL, sBadOption, 0 } - }; - -@@ -1462,6 +1472,24 @@ process_server_config_line(ServerOptions - } - break; - -+ case sAuthorizedKeysCommand: -+ len = strspn(cp, WHITESPACE); -+ if (*activep && options->authorized_keys_command == NULL) -+ options->authorized_keys_command = xstrdup(cp + len); -+ return 0; -+ -+ case sAuthorizedKeysCommandRunAs: -+ charptr = &options->authorized_keys_command_runas; -+ -+ arg = strdelim(&cp); -+ if (!arg || *arg == '\0') -+ fatal("%s line %d: missing account.", -+ filename, linenum); -+ -+ if (*activep && *charptr == NULL) -+ *charptr = xstrdup(arg); -+ break; -+ - case sDeprecated: - logit("%s line %d: Deprecated option %s", - filename, linenum, arg); -@@ -1573,6 +1601,8 @@ copy_set_server_options(ServerOptions *d - M_CP_INTOPT(zero_knowledge_password_authentication); - M_CP_INTOPT(second_zero_knowledge_password_authentication); - M_CP_INTOPT(two_factor_authentication); -+ M_CP_STROPT(authorized_keys_command); -+ M_CP_STROPT(authorized_keys_command_runas); - M_CP_INTOPT(permit_root_login); - M_CP_INTOPT(permit_empty_passwd); - -@@ -1839,6 +1869,8 @@ dump_config(ServerOptions *o) - dump_cfg_string(sRevokedKeys, o->revoked_keys_file); - dump_cfg_string(sAuthorizedPrincipalsFile, - o->authorized_principals_file); -+ dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); -+ dump_cfg_string(sAuthorizedKeysCommandRunAs, o->authorized_keys_command_runas); - - /* string arguments requiring a lookup */ - dump_cfg_string(sLogLevel, log_level_name(o->log_level)); -diff -up openssh-5.9p1/servconf.h.akc openssh-5.9p1/servconf.h ---- openssh-5.9p1/servconf.h.akc 2011-09-14 07:24:29.511480441 +0200 -+++ openssh-5.9p1/servconf.h 2011-09-14 07:24:43.678459183 +0200 -@@ -174,6 +174,8 @@ typedef struct { - char *revoked_keys_file; - char *trusted_user_ca_keys; - char *authorized_principals_file; -+ char *authorized_keys_command; -+ char *authorized_keys_command_runas; - } ServerOptions; - - /* -diff -up openssh-5.9p1/sshd_config.0.akc openssh-5.9p1/sshd_config.0 ---- openssh-5.9p1/sshd_config.0.akc 2011-09-07 01:16:30.000000000 +0200 -+++ openssh-5.9p1/sshd_config.0 2011-09-14 07:24:43.791460201 +0200 -@@ -71,6 +71,23 @@ DESCRIPTION - - See PATTERNS in ssh_config(5) for more information on patterns. - -+ AuthorizedKeysCommand -+ -+ Specifies a program to be used for lookup of the user's -+ public keys. The program will be invoked with its first -+ argument the name of the user being authorized, and should produce -+ on standard output AuthorizedKeys lines (see AUTHORIZED_KEYS -+ in sshd(8)). By default (or when set to the empty string) there is no -+ AuthorizedKeysCommand run. If the AuthorizedKeysCommand does not successfully -+ authorize the user, authorization falls through to the -+ AuthorizedKeysFile. Note that this option has an effect -+ only with PubkeyAuthentication turned on. -+ -+ AuthorizedKeysCommandRunAs -+ Specifies the user under whose account the AuthorizedKeysCommand is run. -+ Empty string (the default value) means the user being authorized -+ is used. -+ - AuthorizedKeysFile - Specifies the file that contains the public keys that can be used - for user authentication. The format is described in the -@@ -401,7 +418,8 @@ DESCRIPTION - - Only a subset of keywords may be used on the lines following a - Match keyword. Available keywords are AllowAgentForwarding, -- AllowTcpForwarding, AuthorizedKeysFile, AuthorizedPrincipalsFile, -+ AllowTcpForwarding, AuthorizedKeysFile, AuthorizedKeysCommand, -+ AuthorizedKeysCommandRunAs, AuthorizedPrincipalsFile, - Banner, ChrootDirectory, ForceCommand, GatewayPorts, - GSSAPIAuthentication, HostbasedAuthentication, - HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication, -diff -up openssh-5.9p1/sshd_config.5.akc openssh-5.9p1/sshd_config.5 ---- openssh-5.9p1/sshd_config.5.akc 2011-09-14 07:24:29.793520372 +0200 -+++ openssh-5.9p1/sshd_config.5 2011-09-14 07:24:43.912583678 +0200 -@@ -706,6 +706,8 @@ Available keywords are - .Cm AllowAgentForwarding , - .Cm AllowTcpForwarding , - .Cm AuthorizedKeysFile , -+.Cm AuthorizedKeysCommand , -+.Cm AuthorizedKeysCommandRunAs , - .Cm AuthorizedPrincipalsFile , - .Cm Banner , - .Cm ChrootDirectory , -@@ -718,6 +720,7 @@ Available keywords are - .Cm KerberosAuthentication , - .Cm MaxAuthTries , - .Cm MaxSessions , -+.Cm PubkeyAuthentication , - .Cm PasswordAuthentication , - .Cm PermitEmptyPasswords , - .Cm PermitOpen , -@@ -926,6 +929,20 @@ Specifies a list of revoked public keys. - Keys listed in this file will be refused for public key authentication. - Note that if this file is not readable, then public key authentication will - be refused for all users. -+.It Cm AuthorizedKeysCommand -+Specifies a program to be used for lookup of the user's -+public keys. The program will be invoked with its first -+argument the name of the user being authorized, and should produce -+on standard output AuthorizedKeys lines (see AUTHORIZED_KEYS -+in sshd(8)). By default (or when set to the empty string) there is no -+AuthorizedKeysCommand run. If the AuthorizedKeysCommand does not successfully -+authorize the user, authorization falls through to the -+AuthorizedKeysFile. Note that this option has an effect -+only with PubkeyAuthentication turned on. -+.It Cm AuthorizedKeysCommandRunAs -+Specifies the user under whose account the AuthorizedKeysCommand is run. Empty -+string (the default value) means the user being authorized is used. -+.Dq - .It Cm RhostsRSAAuthentication - Specifies whether rhosts or /etc/hosts.equiv authentication together - with successful RSA host authentication is allowed. -diff -up openssh-5.9p1/sshd_config.akc openssh-5.9p1/sshd_config ---- openssh-5.9p1/sshd_config.akc 2011-09-14 07:24:29.620461608 +0200 -+++ openssh-5.9p1/sshd_config 2011-09-14 07:24:44.034462546 +0200 -@@ -49,6 +49,9 @@ - # but this is overridden so installations will only check .ssh/authorized_keys - AuthorizedKeysFile .ssh/authorized_keys - -+#AuthorizedKeysCommand none -+#AuthorizedKeysCommandRunAs nobody -+ - # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts - #RhostsRSAAuthentication no - # similar for protocol version 2 diff --git a/openssh/patches/openssh-5.9p1-edns.patch b/openssh/patches/openssh-5.9p1-edns.patch deleted file mode 100644 index 34f3851..0000000 --- a/openssh/patches/openssh-5.9p1-edns.patch +++ /dev/null @@ -1,72 +0,0 @@ -diff -up openssh-5.9p1/dns.c.edns openssh-5.9p1/dns.c ---- openssh-5.9p1/dns.c.edns 2010-08-31 14:41:14.000000000 +0200 -+++ openssh-5.9p1/dns.c 2011-09-09 08:05:27.782440497 +0200 -@@ -177,6 +177,7 @@ verify_host_key_dns(const char *hostname - { - u_int counter; - int result; -+ unsigned int rrset_flags = 0; - struct rrsetinfo *fingerprints = NULL; - - u_int8_t hostkey_algorithm; -@@ -200,8 +201,19 @@ verify_host_key_dns(const char *hostname - return -1; - } - -+ /* -+ * Original getrrsetbyname function, found on OpenBSD for example, -+ * doesn't accept any flag and prerequisite for obtaining AD bit in -+ * DNS response is set by "options edns0" in resolv.conf. -+ * -+ * Our version is more clever and use RRSET_FORCE_EDNS0 flag. -+ */ -+#ifndef HAVE_GETRRSETBYNAME -+ rrset_flags |= RRSET_FORCE_EDNS0; -+#endif - result = getrrsetbyname(hostname, DNS_RDATACLASS_IN, -- DNS_RDATATYPE_SSHFP, 0, &fingerprints); -+ DNS_RDATATYPE_SSHFP, rrset_flags, &fingerprints); -+ - if (result) { - verbose("DNS lookup error: %s", dns_result_totext(result)); - return -1; -diff -up openssh-5.9p1/openbsd-compat/getrrsetbyname.c.edns openssh-5.9p1/openbsd-compat/getrrsetbyname.c ---- openssh-5.9p1/openbsd-compat/getrrsetbyname.c.edns 2009-07-13 03:38:23.000000000 +0200 -+++ openssh-5.9p1/openbsd-compat/getrrsetbyname.c 2011-09-09 15:03:39.930500801 +0200 -@@ -209,8 +209,8 @@ getrrsetbyname(const char *hostname, uns - goto fail; - } - -- /* don't allow flags yet, unimplemented */ -- if (flags) { -+ /* Allow RRSET_FORCE_EDNS0 flag only. */ -+ if ((flags & ~RRSET_FORCE_EDNS0) != 0) { - result = ERRSET_INVAL; - goto fail; - } -@@ -226,9 +226,9 @@ getrrsetbyname(const char *hostname, uns - #endif /* DEBUG */ - - #ifdef RES_USE_DNSSEC -- /* turn on DNSSEC if EDNS0 is configured */ -- if (_resp->options & RES_USE_EDNS0) -- _resp->options |= RES_USE_DNSSEC; -+ /* turn on DNSSEC if required */ -+ if (flags & RRSET_FORCE_EDNS0) -+ _resp->options |= (RES_USE_EDNS0|RES_USE_DNSSEC); - #endif /* RES_USE_DNSEC */ - - /* make query */ -diff -up openssh-5.9p1/openbsd-compat/getrrsetbyname.h.edns openssh-5.9p1/openbsd-compat/getrrsetbyname.h ---- openssh-5.9p1/openbsd-compat/getrrsetbyname.h.edns 2007-10-26 08:26:50.000000000 +0200 -+++ openssh-5.9p1/openbsd-compat/getrrsetbyname.h 2011-09-09 08:05:27.965438689 +0200 -@@ -72,6 +72,9 @@ - #ifndef RRSET_VALIDATED - # define RRSET_VALIDATED 1 - #endif -+#ifndef RRSET_FORCE_EDNS0 -+# define RRSET_FORCE_EDNS0 0x0001 -+#endif - - /* - * Return codes for getrrsetbyname() diff --git a/openssh/patches/openssh-5.9p1-ipfire.patch b/openssh/patches/openssh-5.9p1-ipfire.patch deleted file mode 100644 index cdb49c6..0000000 --- a/openssh/patches/openssh-5.9p1-ipfire.patch +++ /dev/null @@ -1,108 +0,0 @@ -diff -up openssh-5.9p0/ssh_config.redhat openssh-5.9p0/ssh_config ---- openssh-5.9p0/ssh_config.redhat 2010-01-12 09:40:27.000000000 +0100 -+++ openssh-5.9p0/ssh_config 2011-09-05 14:48:16.386439023 +0200 -@@ -45,3 +45,14 @@ - # PermitLocalCommand no - # VisualHostKey no - # ProxyCommand ssh -q -W %h:%p gateway.example.com -+Host * -+ GSSAPIAuthentication yes -+# If this option is set to yes then remote X11 clients will have full access -+# to the original X11 display. As virtually no X11 client supports the untrusted -+# mode correctly we set this to yes. -+ ForwardX11Trusted yes -+# Send locale-related environment variables -+ SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES -+ SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT -+ SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE -+ SendEnv XMODIFIERS -diff -up openssh-5.9p0/sshd_config.0.redhat openssh-5.9p0/sshd_config.0 ---- openssh-5.9p0/sshd_config.0.redhat 2011-09-05 14:48:08.522441255 +0200 -+++ openssh-5.9p0/sshd_config.0 2011-09-05 14:48:16.477443868 +0200 -@@ -581,9 +581,9 @@ DESCRIPTION - - SyslogFacility - Gives the facility code that is used when logging messages from -- sshd(8). The possible values are: DAEMON, USER, AUTH, LOCAL0, -- LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. The -- default is AUTH. -+ sshd(8). The possible values are: DAEMON, USER, AUTH, AUTHPRIV, -+ LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. -+ The default is AUTH. - - TCPKeepAlive - Specifies whether the system should send TCP keepalive messages -diff -up openssh-5.9p0/sshd_config.5.redhat openssh-5.9p0/sshd_config.5 ---- openssh-5.9p0/sshd_config.5.redhat 2011-09-05 14:48:08.657564688 +0200 -+++ openssh-5.9p0/sshd_config.5 2011-09-05 14:48:16.589501736 +0200 -@@ -1029,7 +1029,7 @@ Note that this option applies to protoco - .It Cm SyslogFacility - Gives the facility code that is used when logging messages from - .Xr sshd 8 . --The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2, -+The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2, - LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7. - The default is AUTH. - .It Cm TCPKeepAlive -diff -up openssh-5.9p0/sshd_config.redhat openssh-5.9p0/sshd_config ---- openssh-5.9p0/sshd_config.redhat 2011-09-05 14:48:16.250626793 +0200 -+++ openssh-5.9p0/sshd_config 2011-09-05 15:06:01.513443553 +0200 -@@ -32,6 +32,7 @@ - # Logging - # obsoletes QuietMode and FascistLogging - #SyslogFacility AUTH -+SyslogFacility AUTHPRIV - #LogLevel INFO - - # Authentication: -@@ -65,9 +66,11 @@ AuthorizedKeysFile .ssh/authorized_keys - # To disable tunneled clear text passwords, change to no here! - #PasswordAuthentication yes - #PermitEmptyPasswords no -+PasswordAuthentication yes - - # Change to no to disable s/key passwords - #ChallengeResponseAuthentication yes -+ChallengeResponseAuthentication no - - # Kerberos options - #KerberosAuthentication no -@@ -77,7 +80,9 @@ AuthorizedKeysFile .ssh/authorized_keys - - # GSSAPI options - #GSSAPIAuthentication no -+GSSAPIAuthentication yes - #GSSAPICleanupCredentials yes -+GSSAPICleanupCredentials yes - - # Set this to 'yes' to enable PAM authentication, account processing, - # and session processing. If this is enabled, PAM authentication will -@@ -89,6 +94,7 @@ AuthorizedKeysFile .ssh/authorized_keys - # PAM authentication, then enable this but set PasswordAuthentication - # and ChallengeResponseAuthentication to 'no'. - #UsePAM no -+UsePAM yes - - #TwoFactorAuthentication no - #SecondPubkeyAuthentication yes -@@ -101,6 +107,7 @@ AuthorizedKeysFile .ssh/authorized_keys - #AllowTcpForwarding yes - #GatewayPorts no - #X11Forwarding no -+X11Forwarding yes - #X11DisplayOffset 10 - #X11UseLocalhost yes - #PrintMotd yes -@@ -121,6 +128,12 @@ AuthorizedKeysFile .ssh/authorized_keys - # no default banner path - #Banner none - -+# Accept locale-related environment variables -+AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES -+AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT -+AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE -+AcceptEnv XMODIFIERS -+ - # override default of no subsystems - Subsystem sftp /usr/libexec/sftp-server - diff --git a/openssh/patches/openssh-5.9p1-ipv6man.patch b/openssh/patches/openssh-5.9p1-ipv6man.patch deleted file mode 100644 index ece1a73..0000000 --- a/openssh/patches/openssh-5.9p1-ipv6man.patch +++ /dev/null @@ -1,24 +0,0 @@ -diff -up openssh-5.9p0/ssh.1.ipv6man openssh-5.9p0/ssh.1 ---- openssh-5.9p0/ssh.1.ipv6man 2011-08-05 22:17:32.000000000 +0200 -+++ openssh-5.9p0/ssh.1 2011-08-31 13:08:34.880024485 +0200 -@@ -1400,6 +1400,8 @@ manual page for more information. - .Nm - exits with the exit status of the remote command or with 255 - if an error occurred. -+.Sh IPV6 -+IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell. - .Sh SEE ALSO - .Xr scp 1 , - .Xr sftp 1 , -diff -up openssh-5.9p0/sshd.8.ipv6man openssh-5.9p0/sshd.8 ---- openssh-5.9p0/sshd.8.ipv6man 2011-08-05 22:17:32.000000000 +0200 -+++ openssh-5.9p0/sshd.8 2011-08-31 13:10:34.129039094 +0200 -@@ -940,6 +940,8 @@ concurrently for different ports, this c - started last). - The content of this file is not sensitive; it can be world-readable. - .El -+.Sh IPV6 -+IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell. - .Sh SEE ALSO - .Xr scp 1 , - .Xr sftp 1 , diff --git a/openssh/patches/openssh-5.9p1-keygen.patch b/openssh/patches/openssh-5.9p1-keygen.patch deleted file mode 100644 index 69d4a6f..0000000 --- a/openssh/patches/openssh-5.9p1-keygen.patch +++ /dev/null @@ -1,80 +0,0 @@ -diff -up openssh-5.9p0/ssh-keygen.0.keygen openssh-5.9p0/ssh-keygen.0 ---- openssh-5.9p0/ssh-keygen.0.keygen 2011-08-29 16:30:02.000000000 +0200 -+++ openssh-5.9p0/ssh-keygen.0 2011-08-30 13:47:56.208087184 +0200 -@@ -4,7 +4,7 @@ NAME - ssh-keygen - authentication key generation, management and conversion - - SYNOPSIS -- ssh-keygen [-q] [-b bits] -t type [-N new_passphrase] [-C comment] -+ ssh-keygen [-q] [-o] [-b bits] -t type [-N new_passphrase] [-C comment] - [-f output_keyfile] - ssh-keygen -p [-P old_passphrase] [-N new_passphrase] [-f keyfile] - ssh-keygen -i [-m key_format] [-f input_keyfile] -@@ -181,6 +181,8 @@ DESCRIPTION - principals may be specified, separated by commas. Please see the - CERTIFICATES section for details. - -+ -o Overwrite the key without prompting user. -+ - -O option - Specify a certificate option when signing a key. This option may - be specified multiple times. Please see the CERTIFICATES section -diff -up openssh-5.9p0/ssh-keygen.1.keygen openssh-5.9p0/ssh-keygen.1 ---- openssh-5.9p0/ssh-keygen.1.keygen 2011-08-30 13:32:30.787149917 +0200 -+++ openssh-5.9p0/ssh-keygen.1 2011-08-30 13:46:42.638087171 +0200 -@@ -45,6 +45,7 @@ - .Bk -words - .Nm ssh-keygen - .Op Fl q -+.Op Fl o - .Op Fl b Ar bits - .Fl t Ar type - .Op Fl N Ar new_passphrase -@@ -339,6 +340,8 @@ Multiple principals may be specified, se - Please see the - .Sx CERTIFICATES - section for details. -+.It Fl o -+Overwrite the key without prompting user. - .It Fl O Ar option - Specify a certificate option when signing a key. - This option may be specified multiple times. -diff -up openssh-5.9p0/ssh-keygen.c.keygen openssh-5.9p0/ssh-keygen.c ---- openssh-5.9p0/ssh-keygen.c.keygen 2011-08-30 13:32:20.268149992 +0200 -+++ openssh-5.9p0/ssh-keygen.c 2011-08-30 13:39:34.550214102 +0200 -@@ -73,6 +73,7 @@ int change_passphrase = 0; - int change_comment = 0; - - int quiet = 0; -+int overwrite = 0; - - int log_level = SYSLOG_LEVEL_INFO; - -@@ -1959,7 +1960,7 @@ main(int argc, char **argv) - exit(1); - } - -- while ((opt = getopt(argc, argv, "AegiqpclBHLhvxXyF:b:f:t:D:I:P:m:N:n:" -+ while ((opt = getopt(argc, argv, "AegiqopclBHLhvxXyF:b:f:t:D:I:P:m:N:n:" - "O:C:r:g:R:T:G:M:S:s:a:V:W:z:")) != -1) { - switch (opt) { - case 'A': -@@ -2042,6 +2043,9 @@ main(int argc, char **argv) - case 'q': - quiet = 1; - break; -+ case 'o': -+ overwrite = 1; -+ break; - case 'e': - case 'x': - /* export key */ -@@ -2278,7 +2282,7 @@ main(int argc, char **argv) - } - } - /* If the file already exists, ask the user to confirm. */ -- if (stat(identity_file, &st) >= 0) { -+ if (!overwrite && stat(identity_file, &st) >= 0) { - char yesno[3]; - printf("%s already exists.\n", identity_file); - printf("Overwrite (y/n)? "); diff --git a/openssh/patches/openssh-5.9p1-randclean.patch b/openssh/patches/openssh-5.9p1-randclean.patch deleted file mode 100644 index a2c5d33..0000000 --- a/openssh/patches/openssh-5.9p1-randclean.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff -up openssh-5.9p0/entropy.c.randclean openssh-5.9p0/entropy.c ---- openssh-5.9p0/entropy.c.randclean 2011-08-30 13:52:45.000000000 +0200 -+++ openssh-5.9p0/entropy.c 2011-08-30 13:57:44.630111338 +0200 -@@ -217,6 +217,9 @@ seed_rng(void) - fatal("OpenSSL version mismatch. Built against %lx, you " - "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); - -+ /* clean the PRNG status when exiting the program */ -+ atexit(RAND_cleanup); -+ - #ifndef OPENSSL_PRNG_ONLY - if (RAND_status() == 1) { - debug3("RNG is ready, skipping seeding"); diff --git a/openssh/patches/openssh-5.9p1-sftp-chroot.patch b/openssh/patches/openssh-5.9p1-sftp-chroot.patch deleted file mode 100644 index cfe4366..0000000 --- a/openssh/patches/openssh-5.9p1-sftp-chroot.patch +++ /dev/null @@ -1,63 +0,0 @@ -diff -up openssh-5.9p0/openbsd-compat/port-linux.c.sftp-chroot openssh-5.9p0/openbsd-compat/port-linux.c ---- openssh-5.9p0/openbsd-compat/port-linux.c.sftp-chroot 2011-09-01 04:12:22.743024608 +0200 -+++ openssh-5.9p0/openbsd-compat/port-linux.c 2011-09-01 04:12:23.069088065 +0200 -@@ -503,6 +503,23 @@ ssh_selinux_change_context(const char *n - xfree(newctx); - } - -+void -+ssh_selinux_copy_context(void) -+{ -+ char *ctx; -+ -+ if (!ssh_selinux_enabled()) -+ return; -+ -+ if (getexeccon((security_context_t *)&ctx) < 0) { -+ logit("%s: getcon failed with %s", __func__, strerror (errno)); -+ return; -+ } -+ if (setcon(ctx) < 0) -+ logit("%s: setcon failed with %s", __func__, strerror (errno)); -+ xfree(ctx); -+} -+ - #endif /* WITH_SELINUX */ - - #ifdef LINUX_OOM_ADJUST -diff -up openssh-5.9p0/openbsd-compat/port-linux.h.sftp-chroot openssh-5.9p0/openbsd-compat/port-linux.h ---- openssh-5.9p0/openbsd-compat/port-linux.h.sftp-chroot 2011-01-25 02:16:18.000000000 +0100 -+++ openssh-5.9p0/openbsd-compat/port-linux.h 2011-09-01 04:12:23.163088777 +0200 -@@ -24,6 +24,7 @@ int ssh_selinux_enabled(void); - void ssh_selinux_setup_pty(char *, const char *); - void ssh_selinux_setup_exec_context(char *); - void ssh_selinux_change_context(const char *); -+void ssh_selinux_chopy_context(void); - void ssh_selinux_setfscreatecon(const char *); - #endif - -diff -up openssh-5.9p0/session.c.sftp-chroot openssh-5.9p0/session.c ---- openssh-5.9p0/session.c.sftp-chroot 2011-09-01 04:12:19.698049195 +0200 -+++ openssh-5.9p0/session.c 2011-09-01 04:40:03.598148719 +0200 -@@ -1519,6 +1519,9 @@ do_setusercontext(struct passwd *pw) - pw->pw_uid); - chroot_path = percent_expand(tmp, "h", pw->pw_dir, - "u", pw->pw_name, (char *)NULL); -+#ifdef WITH_SELINUX -+ ssh_selinux_change_context("chroot_user_t"); -+#endif - safely_chroot(chroot_path, pw->pw_uid); - free(tmp); - free(chroot_path); -@@ -1788,7 +1791,10 @@ do_child(Session *s, const char *command - optind = optreset = 1; - __progname = argv[0]; - #ifdef WITH_SELINUX -- ssh_selinux_change_context("sftpd_t"); -+ if (options.chroot_directory == NULL || -+ strcasecmp(options.chroot_directory, "none") == 0) { -+ ssh_selinux_copy_context(); -+ } - #endif - exit(sftp_server_main(i, argv, s->pw)); - } diff --git a/openssh/patches/openssh-6.0p1-entropy.patch b/openssh/patches/openssh-6.0p1-entropy.patch deleted file mode 100644 index 79f05f4..0000000 --- a/openssh/patches/openssh-6.0p1-entropy.patch +++ /dev/null @@ -1,272 +0,0 @@ -diff -up openssh-6.0p1/entropy.c.entropy openssh-6.0p1/entropy.c ---- openssh-6.0p1/entropy.c.entropy 2012-08-06 20:51:59.131033413 +0200 -+++ openssh-6.0p1/entropy.c 2012-08-06 20:51:59.171033257 +0200 -@@ -237,6 +237,9 @@ seed_rng(void) - memset(buf, '\0', sizeof(buf)); - - #endif /* OPENSSL_PRNG_ONLY */ -+#ifdef __linux__ -+ linux_seed(); -+#endif /* __linux__ */ - if (RAND_status() != 1) - fatal("PRNG is not seeded"); - } -diff -up openssh-6.0p1/openbsd-compat/Makefile.in.entropy openssh-6.0p1/openbsd-compat/Makefile.in ---- openssh-6.0p1/openbsd-compat/Makefile.in.entropy 2012-08-06 20:51:59.100033534 +0200 -+++ openssh-6.0p1/openbsd-compat/Makefile.in 2012-08-06 20:51:59.171033257 +0200 -@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport - - COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o - --PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o -+PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-linux-prng.o port-solaris.o port-tun.o port-uw.o - - .c.o: - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -diff -up openssh-6.0p1/openbsd-compat/port-linux-prng.c.entropy openssh-6.0p1/openbsd-compat/port-linux-prng.c ---- openssh-6.0p1/openbsd-compat/port-linux-prng.c.entropy 2012-08-06 20:51:59.171033257 +0200 -+++ openssh-6.0p1/openbsd-compat/port-linux-prng.c 2012-08-06 20:51:59.171033257 +0200 -@@ -0,0 +1,59 @@ -+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */ -+ -+/* -+ * Copyright (c) 2011 Jan F. Chadima jchadima@redhat.com -+ * -+ * Permission to use, copy, modify, and distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ */ -+ -+/* -+ * Linux-specific portability code - prng support -+ */ -+ -+#include "includes.h" -+ -+#include <errno.h> -+#include <stdarg.h> -+#include <string.h> -+#include <stdio.h> -+#include <openssl/rand.h> -+ -+#include "log.h" -+#include "xmalloc.h" -+#include "servconf.h" -+#include "port-linux.h" -+#include "key.h" -+#include "hostfile.h" -+#include "auth.h" -+ -+void -+linux_seed(void) -+{ -+ int len; -+ char *env = getenv("SSH_USE_STRONG_RNG"); -+ char *random = "/dev/random"; -+ size_t ienv, randlen = 6; -+ -+ if (!env || !strcmp(env, "0")) -+ random = "/dev/urandom"; -+ else if ((ienv = atoi(env)) > 6) -+ randlen = ienv; -+ -+ errno = 0; -+ if ((len = RAND_load_file(random, randlen)) != randlen) { -+ if (errno) -+ fatal ("cannot read from %s, %s", random, strerror(errno)); -+ else -+ fatal ("EOF reading %s", random); -+ } -+} -diff -up openssh-6.0p1/ssh.1.entropy openssh-6.0p1/ssh.1 ---- openssh-6.0p1/ssh.1.entropy 2012-08-06 20:51:59.139033382 +0200 -+++ openssh-6.0p1/ssh.1 2012-08-06 20:51:59.174033245 +0200 -@@ -1269,6 +1269,23 @@ For more information, see the - .Cm PermitUserEnvironment - option in - .Xr sshd_config 5 . -+.Sh ENVIRONMENT -+.Bl -tag -width Ds -compact -+.It Ev SSH_USE_STRONG_RNG -+The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . -+If the -+.Cm SSH_USE_STRONG_RNG -+environment variable is set to value other than -+.Cm 0 -+the OpenSSL random generator is reseeded from -+.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 6 bytes. -+This setting is not recommended on the computers without the hardware -+random generator because insufficient entropy causes the connection to -+be blocked until enough entropy is available. -+.El - .Sh FILES - .Bl -tag -width Ds -compact - .It Pa ~/.rhosts -diff -up openssh-6.1p1/ssh-add.0.entropy openssh-6.1p1/ssh-add.0 ---- openssh-6.1p1/ssh-add.0.entropy 2012-11-12 13:11:42.717393364 +0100 -+++ openssh-6.1p1/ssh-add.0 2012-11-12 13:12:46.288108790 +0100 -@@ -81,6 +81,16 @@ ENVIRONMENT - Identifies the path of a UNIX-domain socket used to communicate - with the agent. - -+ SSH_USE_STRONG_RNG -+ The reseeding of the OpenSSL random generator is usually done -+ from /dev/urandom. If the SSH_USE_STRONG_RNG environment vari- -+ able is set to value other than 0 the OpenSSL random generator is -+ reseeded from /dev/random. The number of bytes read is defined -+ by the SSH_USE_STRONG_RNG value. Minimum is 6 bytes. This set- -+ ting is not recommended on the computers without the hardware -+ random generator because insufficient entropy causes the connec- -+ tion to be blocked until enough entropy is available. -+ - FILES - ~/.ssh/identity - Contains the protocol version 1 RSA authentication identity of -diff -up openssh-6.1p1/ssh-add.1.entropy openssh-6.1p1/ssh-add.1 ---- openssh-6.1p1/ssh-add.1.entropy 2011-10-18 07:06:33.000000000 +0200 -+++ openssh-6.1p1/ssh-add.1 2012-11-12 13:11:24.711476108 +0100 -@@ -160,6 +160,20 @@ to make this work.) - Identifies the path of a - .Ux Ns -domain - socket used to communicate with the agent. -+.It Ev SSH_USE_STRONG_RNG -+The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . -+If the -+.Cm SSH_USE_STRONG_RNG -+environment variable is set to value other than -+.Cm 0 -+the OpenSSL random generator is reseeded from -+.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 6 bytes. -+This setting is not recommended on the computers without the hardware -+random generator because insufficient entropy causes the connection to -+be blocked until enough entropy is available. - .El - .Sh FILES - .Bl -tag -width Ds - .It Pa ~/.ssh/identity -diff -up openssh-6.0p1/ssh-agent.1.entropy openssh-6.0p1/ssh-agent.1 ---- openssh-6.0p1/ssh-agent.1.entropy 2010-12-01 01:50:35.000000000 +0100 -+++ openssh-6.0p1/ssh-agent.1 2012-08-06 20:51:59.172033253 +0200 -@@ -198,6 +198,24 @@ sockets used to contain the connection t - These sockets should only be readable by the owner. - The sockets should get automatically removed when the agent exits. - .El -+.Sh ENVIRONMENT -+.Bl -tag -width Ds -compact -+.Pp -+.It Pa SSH_USE_STRONG_RNG -+The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . -+If the -+.Cm SSH_USE_STRONG_RNG -+environment variable is set to value other than -+.Cm 0 -+the OpenSSL random generator is reseeded from -+.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 6 bytes. -+This setting is not recommended on the computers without the hardware -+random generator because insufficient entropy causes the connection to -+be blocked until enough entropy is available. -+.El - .Sh SEE ALSO - .Xr ssh 1 , - .Xr ssh-add 1 , -diff -up openssh-6.0p1/sshd.8.entropy openssh-6.0p1/sshd.8 ---- openssh-6.0p1/sshd.8.entropy 2012-08-06 20:51:59.139033382 +0200 -+++ openssh-6.0p1/sshd.8 2012-08-06 20:51:59.174033245 +0200 -@@ -943,6 +943,24 @@ concurrently for different ports, this c - started last). - The content of this file is not sensitive; it can be world-readable. - .El -+.Sh ENVIRONMENT -+.Bl -tag -width Ds -compact -+.Pp -+.It Pa SSH_USE_STRONG_RNG -+The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . -+If the -+.Cm SSH_USE_STRONG_RNG -+environment variable is set to value other than -+.Cm 0 -+the OpenSSL random generator is reseeded from -+.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 6 bytes. -+This setting is not recommended on the computers without the hardware -+random generator because insufficient entropy causes the connection to -+be blocked until enough entropy is available. -+.El - .Sh IPV6 - IPv6 address can be used everywhere where IPv4 address. In all entries must be the IPv6 address enclosed in square brackets. Note: The square brackets are metacharacters for the shell and must be escaped in shell. - .Sh SEE ALSO -diff -up openssh-6.0p1/ssh-keygen.1.entropy openssh-6.0p1/ssh-keygen.1 ---- openssh-6.0p1/ssh-keygen.1.entropy 2011-10-18 07:05:21.000000000 +0200 -+++ openssh-6.0p1/ssh-keygen.1 2012-08-06 20:51:59.173033249 +0200 -@@ -675,6 +675,24 @@ Contains Diffie-Hellman groups used for - The file format is described in - .Xr moduli 5 . - .El -+.Sh ENVIRONMENT -+.Bl -tag -width Ds -compact -+.Pp -+.It Pa SSH_USE_STRONG_RNG -+The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . -+If the -+.Cm SSH_USE_STRONG_RNG -+environment variable is set to value other than -+.Cm 0 -+the OpenSSL random generator is reseeded from -+.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 6 bytes. -+This setting is not recommended on the computers without the hardware -+random generator because insufficient entropy causes the connection to -+be blocked until enough entropy is available. -+.El - .Sh SEE ALSO - .Xr ssh 1 , - .Xr ssh-add 1 , -diff -up openssh-6.0p1/ssh-keysign.8.entropy openssh-6.0p1/ssh-keysign.8 ---- openssh-6.0p1/ssh-keysign.8.entropy 2010-08-31 14:41:14.000000000 +0200 -+++ openssh-6.0p1/ssh-keysign.8 2012-08-06 20:51:59.173033249 +0200 -@@ -78,6 +78,24 @@ must be set-uid root if host-based authe - If these files exist they are assumed to contain public certificate - information corresponding with the private keys above. - .El -+.Sh ENVIRONMENT -+.Bl -tag -width Ds -compact -+.Pp -+.It Pa SSH_USE_STRONG_RNG -+The reseeding of the OpenSSL random generator is usually done from -+.Cm /dev/urandom . -+If the -+.Cm SSH_USE_STRONG_RNG -+environment variable is set to value other than -+.Cm 0 -+the OpenSSL random generator is reseeded from -+.Cm /dev/random . -+The number of bytes read is defined by the SSH_USE_STRONG_RNG value. -+Minimum is 6 bytes. -+This setting is not recommended on the computers without the hardware -+random generator because insufficient entropy causes the connection to -+be blocked until enough entropy is available. -+.El - .Sh SEE ALSO - .Xr ssh 1 , - .Xr ssh-keygen 1 , diff --git a/openssh/patches/openssh-6.1p1-akc.patch b/openssh/patches/openssh-6.1p1-akc.patch deleted file mode 100644 index 0401ba0..0000000 --- a/openssh/patches/openssh-6.1p1-akc.patch +++ /dev/null @@ -1,565 +0,0 @@ -diff -up openssh-6.1p1/auth2-pubkey.c.akc openssh-6.1p1/auth2-pubkey.c ---- openssh-6.1p1/auth2-pubkey.c.akc 2012-11-28 17:12:43.238524384 +0100 -+++ openssh-6.1p1/auth2-pubkey.c 2012-11-28 17:12:43.263524297 +0100 -@@ -27,9 +27,13 @@ - - #include <sys/types.h> - #include <sys/stat.h> -+#include <sys/wait.h> - -+#include <errno.h> - #include <fcntl.h> -+#include <paths.h> - #include <pwd.h> -+#include <signal.h> - #include <stdio.h> - #include <stdarg.h> - #include <string.h> -@@ -260,7 +264,7 @@ match_principals_file(char *file, struct - if (strcmp(cp, cert->principals[i]) == 0) { - debug3("matched principal "%.100s" " - "from file "%s" on line %lu", -- cert->principals[i], file, linenum); -+ cert->principals[i], file, linenum); - if (auth_parse_options(pw, line_opts, - file, linenum) != 1) - continue; -@@ -273,31 +277,22 @@ match_principals_file(char *file, struct - fclose(f); - restore_uid(); - return 0; --} -+} - --/* return 1 if user allows given key */ -+/* -+ * Checks whether key is allowed in authorized_keys-format file, -+ * returns 1 if the key is allowed or 0 otherwise. -+ */ - static int --user_key_allowed2(struct passwd *pw, Key *key, char *file) -+check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw) - { - char line[SSH_MAX_PUBKEY_BYTES]; - const char *reason; - int found_key = 0; -- FILE *f; - u_long linenum = 0; - Key *found; - char *fp; - -- /* Temporarily use the user's uid. */ -- temporarily_use_uid(pw); -- -- debug("trying public key file %s", file); -- f = auth_openkeyfile(file, pw, options.strict_modes); -- -- if (!f) { -- restore_uid(); -- return 0; -- } -- - found_key = 0; - found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); - -@@ -390,8 +385,6 @@ user_key_allowed2(struct passwd *pw, Key - break; - } - } -- restore_uid(); -- fclose(f); - key_free(found); - if (!found_key) - debug2("key not found"); -@@ -453,7 +446,173 @@ user_cert_trusted_ca(struct passwd *pw, - return ret; - } - --/* check whether given key is in .ssh/authorized_keys* */ -+/* -+ * Checks whether key is allowed in file. -+ * returns 1 if the key is allowed or 0 otherwise. -+ */ -+static int -+user_key_allowed2(struct passwd *pw, Key *key, char *file) -+{ -+ FILE *f; -+ int found_key = 0; -+ -+ /* Temporarily use the user's uid. */ -+ temporarily_use_uid(pw); -+ -+ debug("trying public key file %s", file); -+ if ((f = auth_openkeyfile(file, pw, options.strict_modes)) != NULL) { -+ found_key = check_authkeys_file(f, file, key, pw); -+ fclose(f); -+ } -+ -+ restore_uid(); -+ return found_key; -+} -+ -+/* -+ * Checks whether key is allowed in output of command. -+ * returns 1 if the key is allowed or 0 otherwise. -+ */ -+static int -+user_key_command_allowed2(struct passwd *user_pw, Key *key) -+{ -+ FILE *f; -+ int ok, found_key = 0; -+ struct passwd *pw; -+ struct stat st; -+ int status, devnull, p[2], i; -+ pid_t pid; -+ char errmsg[512]; -+ -+ if (options.authorized_keys_command == NULL || -+ options.authorized_keys_command[0] != '/') -+ return 0; -+ -+ /* If no user specified to run commands the default to target user */ -+ if (options.authorized_keys_command_user == NULL) -+ pw = user_pw; -+ else { -+ pw = getpwnam(options.authorized_keys_command_user); -+ if (pw == NULL) { -+ error("AuthorizedKeyCommandUser "%s" not found: %s", -+ options.authorized_keys_command, strerror(errno)); -+ return 0; -+ } -+ } -+ -+ temporarily_use_uid(pw); -+ if (stat(options.authorized_keys_command, &st) < 0) { -+ error("Could not stat AuthorizedKeysCommand "%s": %s", -+ options.authorized_keys_command, strerror(errno)); -+ goto out; -+ } -+ -+ if (auth_secure_path(options.authorized_keys_command, &st, NULL, 0, -+ errmsg, sizeof(errmsg)) != 0) { -+ error("Unsafe AuthorizedKeysCommand: %s", errmsg); -+ goto out; -+ } -+ -+ /* open the pipe and read the keys */ -+ if (pipe(p) != 0) { -+ error("%s: pipe: %s", __func__, strerror(errno)); -+ goto out; -+ } -+ -+ debug3("Running AuthorizedKeysCommand: "%s" as "%s"", -+ options.authorized_keys_command, pw->pw_name); -+ -+ /* -+ * Don't want to call this in the child, where it can fatal() and -+ * run cleanup_exit() code. -+ */ -+ restore_uid(); -+ -+ switch ((pid = fork())) { -+ case -1: /* error */ -+ error("%s: fork: %s", __func__, strerror(errno)); -+ close(p[0]); -+ close(p[1]); -+ return 0; -+ case 0: /* child */ -+ for (i = 0; i < NSIG; i++) -+ signal(i, SIG_DFL); -+ -+ /* Don't use permanently_set_uid() here to avoid fatal() */ -+ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { -+ error("setresgid %u: %s", (u_int)pw->pw_gid, -+ strerror(errno)); -+ _exit(1); -+ } -+ if (setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid) != 0) { -+ error("setresuid %u: %s", (u_int)pw->pw_uid, -+ strerror(errno)); -+ _exit(1); -+ } -+ -+ close(p[0]); -+ if ((devnull = open(_PATH_DEVNULL, O_RDWR)) == -1) { -+ error("%s: open %s: %s", __func__, _PATH_DEVNULL, -+ strerror(errno)); -+ _exit(1); -+ } -+ if (dup2(devnull, STDIN_FILENO) == -1 || -+ dup2(p[1], STDOUT_FILENO) == -1 || -+ dup2(devnull, STDERR_FILENO) == -1) { -+ error("%s: dup2: %s", __func__, strerror(errno)); -+ _exit(1); -+ } -+ closefrom(STDERR_FILENO + 1); -+ -+ execl(options.authorized_keys_command, -+ options.authorized_keys_command, pw->pw_name, NULL); -+ -+ error("AuthorizedKeysCommand %s exec failed: %s", -+ options.authorized_keys_command, strerror(errno)); -+ _exit(127); -+ default: /* parent */ -+ break; -+ } -+ -+ temporarily_use_uid(pw); -+ -+ close(p[1]); -+ if ((f = fdopen(p[0], "r")) == NULL) { -+ error("%s: fdopen: %s", __func__, strerror(errno)); -+ close(p[0]); -+ /* Don't leave zombie child */ -+ while (waitpid(pid, NULL, 0) == -1 && errno == EINTR) -+ ; -+ goto out; -+ } -+ ok = check_authkeys_file(f, options.authorized_keys_command, key, pw); -+ fclose(f); -+ -+ while (waitpid(pid, &status, 0) == -1) { -+ if (errno != EINTR) { -+ error("%s: waitpid: %s", __func__, strerror(errno)); -+ goto out; -+ } -+ } -+ if (WIFSIGNALED(status)) { -+ error("AuthorizedKeysCommand %s exited on signal %d", -+ options.authorized_keys_command, WTERMSIG(status)); -+ goto out; -+ } else if (WEXITSTATUS(status) != 0) { -+ error("AuthorizedKeysCommand %s returned status %d", -+ options.authorized_keys_command, WEXITSTATUS(status)); -+ goto out; -+ } -+ found_key = ok; -+ out: -+ restore_uid(); -+ -+ return found_key; -+} -+ -+/* -+ * Check whether key authenticates and authorises the user. -+ */ - int - user_key_allowed(struct passwd *pw, Key *key) - { -@@ -469,6 +628,10 @@ user_key_allowed(struct passwd *pw, Key - if (success) - return success; - -+ success = user_key_command_allowed2(pw, key); -+ if (success > 0) -+ return success; -+ - for (i = 0; !success && i < options.num_authkeys_files; i++) { - file = expand_authorized_keys( - options.authorized_keys_files[i], pw); -diff -up openssh-6.1p1/auth.c.akc openssh-6.1p1/auth.c ---- openssh-6.1p1/auth.c.akc 2012-11-28 17:12:43.187524558 +0100 -+++ openssh-6.1p1/auth.c 2012-11-28 17:12:43.263524297 +0100 -@@ -411,39 +411,41 @@ check_key_in_hostfiles(struct passwd *pw - - - /* -- * Check a given file for security. This is defined as all components -+ * Check a given path for security. This is defined as all components - * of the path to the file must be owned by either the owner of - * of the file or root and no directories must be group or world writable. - * - * XXX Should any specific check be done for sym links ? - * -- * Takes an open file descriptor, the file name, a uid and and -+ * Takes an the file name, its stat information (preferably from fstat() to -+ * avoid races), the uid of the expected owner, their home directory and an - * error buffer plus max size as arguments. - * - * Returns 0 on success and -1 on failure - */ --static int --secure_filename(FILE *f, const char *file, struct passwd *pw, -- char *err, size_t errlen) -+int -+auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, -+ uid_t uid, char *err, size_t errlen) - { -- uid_t uid = pw->pw_uid; - char buf[MAXPATHLEN], homedir[MAXPATHLEN]; - char *cp; - int comparehome = 0; - struct stat st; - -- if (realpath(file, buf) == NULL) { -- snprintf(err, errlen, "realpath %s failed: %s", file, -+ if (realpath(name, buf) == NULL) { -+ snprintf(err, errlen, "realpath %s failed: %s", name, - strerror(errno)); - return -1; - } -- if (realpath(pw->pw_dir, homedir) != NULL) -+ if (pw_dir != NULL && realpath(pw_dir, homedir) != NULL) - comparehome = 1; - -- /* check the open file to avoid races */ -- if (fstat(fileno(f), &st) < 0 || -- (st.st_uid != 0 && st.st_uid != uid) || -- (st.st_mode & 022) != 0) { -+ if (!S_ISREG(stp->st_mode)) { -+ snprintf(err, errlen, "%s is not a regular file", buf); -+ return -1; -+ } -+ if ((stp->st_uid != 0 && stp->st_uid != uid) || -+ (stp->st_mode & 022) != 0) { - snprintf(err, errlen, "bad ownership or modes for file %s", - buf); - return -1; -@@ -479,6 +481,31 @@ secure_filename(FILE *f, const char *fil - return 0; - } - -+/* -+ * Version of secure_path() that accepts an open file descriptor to -+ * avoid races. -+ * -+ * Returns 0 on success and -1 on failure -+ */ -+static int -+secure_filename(FILE *f, const char *file, struct passwd *pw, -+ char *err, size_t errlen) -+{ -+ uid_t uid = pw->pw_uid; -+ char buf[MAXPATHLEN], homedir[MAXPATHLEN]; -+ char *cp; -+ int comparehome = 0; -+ struct stat st; -+ -+ /* check the open file to avoid races */ -+ if (fstat(fileno(f), &st) < 0) { -+ snprintf(err, errlen, "cannot stat file %s: %s", -+ buf, strerror(errno)); -+ return -1; -+ } -+ return auth_secure_path(file, &st, pw->pw_dir, pw->pw_uid, err, errlen); -+} -+ - static FILE * - auth_openfile(const char *file, struct passwd *pw, int strict_modes, - int log_missing, char *file_type) -diff -up openssh-6.1p1/auth.h.akc openssh-6.1p1/auth.h ---- openssh-6.1p1/auth.h.akc 2012-11-28 17:12:43.239524381 +0100 -+++ openssh-6.1p1/auth.h 2012-11-28 17:12:43.263524297 +0100 -@@ -125,6 +125,10 @@ int auth_rhosts_rsa_key_allowed(struct - int hostbased_key_allowed(struct passwd *, const char *, char *, Key *); - int user_key_allowed(struct passwd *, Key *); - -+struct stat; -+int auth_secure_path(const char *, struct stat *, const char *, uid_t, -+ char *, size_t); -+ - #ifdef KRB5 - int auth_krb5(Authctxt *authctxt, krb5_data *auth, char **client, krb5_data *); - int auth_krb5_tgt(Authctxt *authctxt, krb5_data *tgt); -diff -up openssh-6.1p1/servconf.c.akc openssh-6.1p1/servconf.c ---- openssh-6.1p1/servconf.c.akc 2012-11-28 17:12:43.198524521 +0100 -+++ openssh-6.1p1/servconf.c 2012-11-28 17:14:50.314005026 +0100 -@@ -137,6 +137,8 @@ initialize_server_options(ServerOptions - options->num_permitted_opens = -1; - options->adm_forced_command = NULL; - options->chroot_directory = NULL; -+ options->authorized_keys_command = NULL; -+ options->authorized_keys_command_user = NULL; - options->zero_knowledge_password_authentication = -1; - options->revoked_keys_file = NULL; - options->trusted_user_ca_keys = NULL; -@@ -331,6 +333,7 @@ typedef enum { - sZeroKnowledgePasswordAuthentication, sHostCertificate, - sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sKexAlgorithms, sIPQoS, sVersionAddendum, -+ sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, - sAuthenticationMethods, - sDeprecated, sUnsupported - } ServerOpCodes; -@@ -457,6 +460,9 @@ static struct { - { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, - { "ipqos", sIPQoS, SSHCFG_ALL }, - { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, -+ { "authorizedkeyscommand", sAuthorizedKeysCommand, SSHCFG_ALL }, -+ { "authorizedkeyscommandrunas", sAuthorizedKeysCommandUser, SSHCFG_ALL }, -+ { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, - { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, - { NULL, sBadOption, 0 } - }; -@@ -1520,6 +1526,26 @@ process_server_config_line(ServerOptions - } - return 0; - -+ case sAuthorizedKeysCommand: -+ len = strspn(cp, WHITESPACE); -+ if (*activep && options->authorized_keys_command == NULL) { -+ options->authorized_keys_command = xstrdup(cp + len); -+ if (*options->authorized_keys_command != '/') { -+ fatal("%.200s line %d: AuthorizedKeysCommand " -+ "must be an absolute path", -+ filename, linenum); -+ } -+ } -+ return 0; -+ -+ case sAuthorizedKeysCommandUser: -+ charptr = &options->authorized_keys_command_user; -+ -+ arg = strdelim(&cp); -+ if (*activep && *charptr == NULL) -+ *charptr = xstrdup(arg); -+ break; -+ - case sDeprecated: - logit("%s line %d: Deprecated option %s", - filename, linenum, arg); -@@ -1670,6 +1696,8 @@ copy_set_server_options(ServerOptions *d - M_CP_INTOPT(hostbased_uses_name_from_packet_only); - M_CP_INTOPT(kbd_interactive_authentication); - M_CP_INTOPT(zero_knowledge_password_authentication); -+ M_CP_STROPT(authorized_keys_command); -+ M_CP_STROPT(authorized_keys_command_user); - M_CP_INTOPT(permit_root_login); - M_CP_INTOPT(permit_empty_passwd); - -@@ -1930,6 +1958,8 @@ dump_config(ServerOptions *o) - dump_cfg_string(sAuthorizedPrincipalsFile, - o->authorized_principals_file); - dump_cfg_string(sVersionAddendum, o->version_addendum); -+ dump_cfg_string(sAuthorizedKeysCommand, o->authorized_keys_command); -+ dump_cfg_string(sAuthorizedKeysCommandUser, o->authorized_keys_command_user); - - /* string arguments requiring a lookup */ - dump_cfg_string(sLogLevel, log_level_name(o->log_level)); -diff -up openssh-6.1p1/servconf.h.akc openssh-6.1p1/servconf.h ---- openssh-6.1p1/servconf.h.akc 2012-11-28 17:12:43.000000000 +0100 -+++ openssh-6.1p1/servconf.h 2012-11-28 17:18:41.217055157 +0100 -@@ -167,6 +167,8 @@ typedef struct { - char *revoked_keys_file; - char *trusted_user_ca_keys; - char *authorized_principals_file; -+ char *authorized_keys_command; -+ char *authorized_keys_command_user; - - char *version_addendum; /* Appended to SSH banner */ - -diff -up openssh-6.1p1/sshd.c.akc openssh-6.1p1/sshd.c ---- openssh-6.1p1/sshd.c.akc 2012-11-28 17:12:43.245524360 +0100 -+++ openssh-6.1p1/sshd.c 2012-11-28 17:12:43.265524291 +0100 -@@ -366,9 +366,20 @@ main_sigchld_handler(int sig) - static void - grace_alarm_handler(int sig) - { -+ pid_t pgid; -+ - if (use_privsep && pmonitor != NULL && pmonitor->m_pid > 0) - kill(pmonitor->m_pid, SIGALRM); - -+ /* -+ * Try to kill any processes that we have spawned, E.g. authorized -+ * keys command helpers. -+ */ -+ if ((pgid = getpgid(0)) == getpid()) { -+ signal(SIGTERM, SIG_IGN); -+ killpg(pgid, SIGTERM); -+ } -+ - /* Log error and exit. */ - sigdie("Timeout before authentication for %s", get_remote_ipaddr()); - } -diff -up openssh-6.1p1/sshd_config.0.akc openssh-6.1p1/sshd_config.0 ---- openssh-6.1p1/sshd_config.0.akc 2012-08-29 02:53:04.000000000 +0200 -+++ openssh-6.1p1/sshd_config.0 2012-11-28 17:12:43.265524291 +0100 -@@ -71,6 +71,23 @@ DESCRIPTION - - See PATTERNS in ssh_config(5) for more information on patterns. - -+ AuthorizedKeysCommand -+ -+ Specifies a program to be used for lookup of the user's -+ public keys. The program will be invoked with its first -+ argument the name of the user being authorized, and should produce -+ on standard output AuthorizedKeys lines (see AUTHORIZED_KEYS -+ in sshd(8)). By default (or when set to the empty string) there is no -+ AuthorizedKeysCommand run. If the AuthorizedKeysCommand does not successfully -+ authorize the user, authorization falls through to the -+ AuthorizedKeysFile. Note that this option has an effect -+ only with PubkeyAuthentication turned on. -+ -+ AuthorizedKeysCommandRunAs -+ Specifies the user under whose account the AuthorizedKeysCommand is run. -+ Empty string (the default value) means the user being authorized -+ is used. -+ - AuthorizedKeysFile - Specifies the file that contains the public keys that can be used - for user authentication. The format is described in the -@@ -402,7 +419,8 @@ DESCRIPTION - Only a subset of keywords may be used on the lines following a - Match keyword. Available keywords are AcceptEnv, - AllowAgentForwarding, AllowGroups, AllowTcpForwarding, -- AllowUsers, AuthorizedKeysFile, AuthorizedPrincipalsFile, Banner, -+ AllowUsers, AuthorizedKeysFile, AuthorizedKeysCommand, -+ AuthorizedKeysCommandRunAs, AuthorizedPrincipalsFile, Banner, - ChrootDirectory, DenyGroups, DenyUsers, ForceCommand, - GatewayPorts, GSSAPIAuthentication, HostbasedAuthentication, - HostbasedUsesNameFromPacketOnly, KbdInteractiveAuthentication, -diff -up openssh-6.1p1/sshd_config.5.akc openssh-6.1p1/sshd_config.5 ---- openssh-6.1p1/sshd_config.5.akc 2012-11-28 17:12:43.199524517 +0100 -+++ openssh-6.1p1/sshd_config.5 2012-11-28 17:16:23.736624980 +0100 -@@ -173,6 +173,20 @@ Note that each authentication method lis - in the configuration. - The default is not to require multiple authentication; successful completion - of a single authentication method is sufficient. -+.It Cm AuthorizedKeysCommand -+Specifies a program to be used for lookup of the user's public keys. -+The program will be invoked with a single argument of the username -+being authenticated, and should produce on standard output zero or -+more lines of authorized_keys output (see AUTHORIZED_KEYS in -+.Xr sshd 8 ) -+If a key supplied by AuthorizedKeysCommand does not successfully authenticate -+and authorize the user then public key authentication continues using the usual -+.Cm AuthorizedKeysFile -+files. -+By default, no AuthorizedKeysCommand is run. -+.It Cm AuthorizedKeysCommandUser -+Specifies the user under whose account the AuthorizedKeysCommand is run. -+The default is the user being authenticated. - .It Cm AuthorizedKeysFile - Specifies the file that contains the public keys that can be used - for user authentication. -@@ -734,6 +748,8 @@ Available keywords are - .Cm AllowTcpForwarding , - .Cm AllowUsers , - .Cm AuthenticationMethods , -+.Cm AuthorizedKeysCommand , -+.Cm AuthorizedKeysCommandUser , - .Cm AuthorizedKeysFile , - .Cm AuthorizedPrincipalsFile , - .Cm Banner , -@@ -749,6 +765,7 @@ Available keywords are - .Cm KerberosAuthentication , - .Cm MaxAuthTries , - .Cm MaxSessions , -+.Cm PubkeyAuthentication , - .Cm PasswordAuthentication , - .Cm PermitEmptyPasswords , - .Cm PermitOpen , -diff -up openssh-6.1p1/sshd_config.akc openssh-6.1p1/sshd_config ---- openssh-6.1p1/sshd_config.akc 2012-07-31 04:21:34.000000000 +0200 -+++ openssh-6.1p1/sshd_config 2012-11-28 17:12:43.265524291 +0100 -@@ -49,6 +49,9 @@ - # but this is overridden so installations will only check .ssh/authorized_keys - AuthorizedKeysFile .ssh/authorized_keys - -+#AuthorizedKeysCommand none -+#AuthorizedKeysCommandUser nobody -+ - #AuthorizedPrincipalsFile none - - # For this to work you will also need host keys in /etc/ssh/ssh_known_hosts diff --git a/openssh/patches/openssh-6.1p1-askpass-ld.patch b/openssh/patches/openssh-6.1p1-askpass-ld.patch deleted file mode 100644 index f7a7fac..0000000 --- a/openssh/patches/openssh-6.1p1-askpass-ld.patch +++ /dev/null @@ -1,18 +0,0 @@ -diff -up openssh-6.1p1/contrib/Makefile.askpass-ld openssh-6.1p1/contrib/Makefile ---- openssh-6.1p1/contrib/Makefile.askpass-ld 2012-05-19 07:24:37.000000000 +0200 -+++ openssh-6.1p1/contrib/Makefile 2012-09-14 20:35:47.565704718 +0200 -@@ -4,12 +4,12 @@ all: - @echo "Valid targets: gnome-ssh-askpass1 gnome-ssh-askpass2" - - gnome-ssh-askpass1: gnome-ssh-askpass1.c -- $(CC) `gnome-config --cflags gnome gnomeui` \ -+ $(CC) ${CFLAGS} `gnome-config --cflags gnome gnomeui` \ - gnome-ssh-askpass1.c -o gnome-ssh-askpass1 \ - `gnome-config --libs gnome gnomeui` - - gnome-ssh-askpass2: gnome-ssh-askpass2.c -- $(CC) `$(PKG_CONFIG) --cflags gtk+-2.0` \ -+ $(CC) ${CFLAGS} `$(PKG_CONFIG) --cflags gtk+-2.0` \ - gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ - `$(PKG_CONFIG) --libs gtk+-2.0 x11` - diff --git a/openssh/patches/openssh-6.1p1-authenticationmethods.patch b/openssh/patches/openssh-6.1p1-authenticationmethods.patch deleted file mode 100644 index 7b5a06a..0000000 --- a/openssh/patches/openssh-6.1p1-authenticationmethods.patch +++ /dev/null @@ -1,841 +0,0 @@ -diff --git a/auth.c b/auth.c -index ee0cb05..1b2fc2b 100644 ---- a/auth.c -+++ b/auth.c -@@ -251,7 +251,8 @@ allowed_user(struct passwd * pw) - } - - void --auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) -+auth_log(Authctxt *authctxt, int authenticated, int partial, -+ const char *method, const char *submethod, const char *info) - { - void (*authlog) (const char *fmt,...) = verbose; - char *authmsg; -@@ -268,12 +269,15 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) - - if (authctxt->postponed) - authmsg = "Postponed"; -+ else if (partial) -+ authmsg = "Partial"; - else - authmsg = authenticated ? "Accepted" : "Failed"; - -- authlog("%s %s for %s%.100s from %.200s port %d%s", -+ authlog("%s %s%s%s for %s%.100s from %.200s port %d%s", - authmsg, - method, -+ submethod != NULL ? "/" : "", submethod == NULL ? "" : submethod, - authctxt->valid ? "" : "invalid user ", - authctxt->user, - get_remote_ipaddr(), -@@ -303,7 +307,7 @@ auth_log(Authctxt *authctxt, int authenticated, char *method, char *info) - * Check whether root logins are disallowed. - */ - int --auth_root_allowed(char *method) -+auth_root_allowed(const char *method) - { - switch (options.permit_root_login) { - case PERMIT_YES: -diff --git a/auth.h b/auth.h -index 0d786c4..29823bb 100644 ---- a/auth.h -+++ b/auth.h -@@ -64,6 +64,8 @@ struct Authctxt { - #ifdef BSD_AUTH - auth_session_t *as; - #endif -+ char **auth_methods; /* modified from server config */ -+ u_int num_auth_methods; - #ifdef KRB5 - krb5_context krb5_ctx; - krb5_ccache krb5_fwd_ccache; -@@ -142,12 +144,17 @@ void disable_forwarding(void); - void do_authentication(Authctxt *); - void do_authentication2(Authctxt *); - --void auth_log(Authctxt *, int, char *, char *); --void userauth_finish(Authctxt *, int, char *); -+void auth_log(Authctxt *, int, int, const char *, const char *, -+ const char *); -+void userauth_finish(Authctxt *, int, const char *, const char *); -+int auth_root_allowed(const char *); -+ - void userauth_send_banner(const char *); --int auth_root_allowed(char *); - - char *auth2_read_banner(void); -+int auth2_methods_valid(const char *, int); -+int auth2_update_methods_lists(Authctxt *, const char *); -+int auth2_setup_methods_lists(Authctxt *); - - void privsep_challenge_enable(void); - -diff --git a/auth1.c b/auth1.c -index cc85aec..458a110 100644 ---- a/auth1.c -+++ b/auth1.c -@@ -253,7 +253,8 @@ do_authloop(Authctxt *authctxt) - if (options.use_pam && (PRIVSEP(do_pam_account()))) - #endif - { -- auth_log(authctxt, 1, "without authentication", ""); -+ auth_log(authctxt, 1, 0, "without authentication", -+ NULL, ""); - return; - } - } -@@ -352,7 +353,8 @@ do_authloop(Authctxt *authctxt) - - skip: - /* Log before sending the reply */ -- auth_log(authctxt, authenticated, get_authname(type), info); -+ auth_log(authctxt, authenticated, 0, get_authname(type), -+ NULL, info); - - if (client_user != NULL) { - xfree(client_user); -@@ -406,6 +408,11 @@ do_authentication(Authctxt *authctxt) - authctxt->pw = fakepw(); - } - -+ /* Configuration may have changed as a result of Match */ -+ if (options.num_auth_methods != 0) -+ fatal("AuthenticationMethods is not supported with SSH " -+ "protocol 1"); -+ - setproctitle("%s%s", authctxt->valid ? user : "unknown", - use_privsep ? " [net]" : ""); - -diff --git a/auth2-chall.c b/auth2-chall.c -index e6dbffe..5f7ec6d 100644 ---- a/auth2-chall.c -+++ b/auth2-chall.c -@@ -283,7 +283,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) - KbdintAuthctxt *kbdintctxt; - int authenticated = 0, res; - u_int i, nresp; -- char **response = NULL, *method; -+ char *devicename = NULL, **response = NULL; - - if (authctxt == NULL) - fatal("input_userauth_info_response: no authctxt"); -@@ -329,9 +329,7 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) - /* Failure! */ - break; - } -- -- xasprintf(&method, "keyboard-interactive/%s", kbdintctxt->device->name); -- -+ devicename = kbdintctxt->device->name; - if (!authctxt->postponed) { - if (authenticated) { - auth2_challenge_stop(authctxt); -@@ -341,8 +339,8 @@ input_userauth_info_response(int type, u_int32_t seq, void *ctxt) - auth2_challenge_start(authctxt); - } - } -- userauth_finish(authctxt, authenticated, method); -- xfree(method); -+ userauth_finish(authctxt, authenticated, "keyboard-interactive", -+ devicename); - } - - void -diff --git a/auth2-gss.c b/auth2-gss.c -index 0d59b21..338c748 100644 ---- a/auth2-gss.c -+++ b/auth2-gss.c -@@ -163,7 +163,7 @@ input_gssapi_token(int type, u_int32_t plen, void *ctxt) - } - authctxt->postponed = 0; - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); -- userauth_finish(authctxt, 0, "gssapi-with-mic"); -+ userauth_finish(authctxt, 0, "gssapi-with-mic", NULL); - } else { - if (send_tok.length != 0) { - packet_start(SSH2_MSG_USERAUTH_GSSAPI_TOKEN); -@@ -251,7 +251,7 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); -- userauth_finish(authctxt, authenticated, "gssapi-with-mic"); -+ userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL); - } - - static void -@@ -291,7 +291,7 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_ERRTOK, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_MIC, NULL); - dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_EXCHANGE_COMPLETE, NULL); -- userauth_finish(authctxt, authenticated, "gssapi-with-mic"); -+ userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL); - } - - Authmethod method_gssapi = { -diff --git a/auth2-jpake.c b/auth2-jpake.c -index a460e82..e4ba9aa 100644 ---- a/auth2-jpake.c -+++ b/auth2-jpake.c -@@ -556,7 +556,7 @@ input_userauth_jpake_client_confirm(int type, u_int32_t seq, void *ctxt) - authctxt->postponed = 0; - jpake_free(authctxt->jpake_ctx); - authctxt->jpake_ctx = NULL; -- userauth_finish(authctxt, authenticated, method_jpake.name); -+ userauth_finish(authctxt, authenticated, method_jpake.name, NULL); - } - - #endif /* JPAKE */ -diff --git a/auth2.c b/auth2.c -index b66bef6..ea0fd92 100644 ---- a/auth2.c -+++ b/auth2.c -@@ -96,8 +96,10 @@ static void input_service_request(int, u_int32_t, void *); - static void input_userauth_request(int, u_int32_t, void *); - - /* helper */ --static Authmethod *authmethod_lookup(const char *); --static char *authmethods_get(void); -+static Authmethod *authmethod_lookup(Authctxt *, const char *); -+static char *authmethods_get(Authctxt *authctxt); -+static int method_allowed(Authctxt *, const char *); -+static int list_starts_with(const char *, const char *); - - char * - auth2_read_banner(void) -@@ -255,6 +257,8 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) - if (use_privsep) - mm_inform_authserv(service, style); - userauth_banner(); -+ if (auth2_setup_methods_lists(authctxt) != 0) -+ packet_disconnect("no authentication methods enabled"); - } else if (strcmp(user, authctxt->user) != 0 || - strcmp(service, authctxt->service) != 0) { - packet_disconnect("Change of username or service not allowed: " -@@ -277,12 +281,12 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) - authctxt->server_caused_failure = 0; - - /* try to authenticate user */ -- m = authmethod_lookup(method); -+ m = authmethod_lookup(authctxt, method); - if (m != NULL && authctxt->failures < options.max_authtries) { - debug2("input_userauth_request: try method %s", method); - authenticated = m->userauth(authctxt); - } -- userauth_finish(authctxt, authenticated, method); -+ userauth_finish(authctxt, authenticated, method, NULL); - - xfree(service); - xfree(user); -@@ -290,13 +294,17 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) - } - - void --userauth_finish(Authctxt *authctxt, int authenticated, char *method) -+userauth_finish(Authctxt *authctxt, int authenticated, const char *method, -+ const char *submethod) - { - char *methods; -+ int partial = 0; - - if (!authctxt->valid && authenticated) - fatal("INTERNAL ERROR: authenticated invalid user %s", - authctxt->user); -+ if (authenticated && authctxt->postponed) -+ fatal("INTERNAL ERROR: authenticated and postponed"); - - /* Special handling for root */ - if (authenticated && authctxt->pw->pw_uid == 0 && -@@ -307,6 +315,19 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) - #endif - } - -+ if (authenticated && options.num_auth_methods != 0) { -+ if (!auth2_update_methods_lists(authctxt, method)) { -+ authenticated = 0; -+ partial = 1; -+ } -+ } -+ -+ /* Log before sending the reply */ -+ auth_log(authctxt, authenticated, partial, method, submethod, " ssh2"); -+ -+ if (authctxt->postponed) -+ return; -+ - #ifdef USE_PAM - if (options.use_pam && authenticated) { - if (!PRIVSEP(do_pam_account())) { -@@ -325,17 +346,10 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) - #ifdef _UNICOS - if (authenticated && cray_access_denied(authctxt->user)) { - authenticated = 0; -- fatal("Access denied for user %s.",authctxt->user); -+ fatal("Access denied for user %s.", authctxt->user); - } - #endif /* _UNICOS */ - -- /* Log before sending the reply */ -- auth_log(authctxt, authenticated, method, " ssh2"); -- -- if (authctxt->postponed) -- return; -- -- /* XXX todo: check if multiple auth methods are needed */ - if (authenticated == 1) { - /* turn off userauth */ - dispatch_set(SSH2_MSG_USERAUTH_REQUEST, &dispatch_protocol_ignore); -@@ -348,7 +362,8 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) - - /* Allow initial try of "none" auth without failure penalty */ - if (!authctxt->server_caused_failure && -- (authctxt->attempt > 1 || strcmp(method, "none") != 0)) -+ (authctxt->attempt > 1 || strcmp(method, "none") != 0) && -+ partial == 0) - authctxt->failures++; - if (authctxt->failures >= options.max_authtries) { - #ifdef SSH_AUDIT_EVENTS -@@ -356,34 +371,61 @@ userauth_finish(Authctxt *authctxt, int authenticated, char *method) - #endif - packet_disconnect(AUTH_FAIL_MSG, authctxt->user); - } -- methods = authmethods_get(); -+ methods = authmethods_get(authctxt); -+ debug3("%s: failure partial=%d next methods="%s"", __func__, -+ partial, methods); - packet_start(SSH2_MSG_USERAUTH_FAILURE); - packet_put_cstring(methods); -- packet_put_char(0); /* XXX partial success, unused */ -+ packet_put_char(partial); - packet_send(); - packet_write_wait(); - xfree(methods); - } - } - -+/* -+ * Checks whether method is allowed by at least one AuthenticationMethods -+ * methods list. Returns 1 if allowed, or no methods lists configured. -+ * 0 otherwise. -+ */ -+static int -+method_allowed(Authctxt *authctxt, const char *method) -+{ -+ u_int i; -+ -+ /* -+ * NB. authctxt->num_auth_methods might be zero as a result of -+ * auth2_setup_methods_lists(), so check the configuration. -+ */ -+ if (options.num_auth_methods == 0) -+ return 1; -+ for (i = 0; i < authctxt->num_auth_methods; i++) { -+ if (list_starts_with(authctxt->auth_methods[i], method)) -+ return 1; -+ } -+ return 0; -+} -+ - static char * --authmethods_get(void) -+authmethods_get(Authctxt *authctxt) - { - Buffer b; - char *list; -- int i; -+ u_int i; - - buffer_init(&b); - for (i = 0; authmethods[i] != NULL; i++) { - if (strcmp(authmethods[i]->name, "none") == 0) - continue; -- if (authmethods[i]->enabled != NULL && -- *(authmethods[i]->enabled) != 0) { -- if (buffer_len(&b) > 0) -- buffer_append(&b, ",", 1); -- buffer_append(&b, authmethods[i]->name, -- strlen(authmethods[i]->name)); -- } -+ if (authmethods[i]->enabled == NULL || -+ *(authmethods[i]->enabled) == 0) -+ continue; -+ if (!method_allowed(authctxt, authmethods[i]->name)) -+ continue; -+ if (buffer_len(&b) > 0) -+ buffer_append(&b, ",", 1); -+ buffer_append(&b, authmethods[i]->name, -+ strlen(authmethods[i]->name)); - } - buffer_append(&b, "\0", 1); - list = xstrdup(buffer_ptr(&b)); -@@ -392,7 +434,7 @@ authmethods_get(void) - } - - static Authmethod * --authmethod_lookup(const char *name) -+authmethod_lookup(Authctxt *authctxt, const char *name) - { - int i; - -@@ -400,10 +442,152 @@ authmethod_lookup(const char *name) - for (i = 0; authmethods[i] != NULL; i++) - if (authmethods[i]->enabled != NULL && - *(authmethods[i]->enabled) != 0 && -- strcmp(name, authmethods[i]->name) == 0) -+ strcmp(name, authmethods[i]->name) == 0 && -+ method_allowed(authctxt, authmethods[i]->name)) - return authmethods[i]; - debug2("Unrecognized authentication method name: %s", - name ? name : "NULL"); - return NULL; - } - -+/* -+ * Check a comma-separated list of methods for validity. Is need_enable is -+ * non-zero, then also require that the methods are enabled. -+ * Returns 0 on success or -1 if the methods list is invalid. -+ */ -+int -+auth2_methods_valid(const char *_methods, int need_enable) -+{ -+ char *methods, *omethods, *method; -+ u_int i, found; -+ int ret = -1; -+ -+ if (*_methods == '\0') { -+ error("empty authentication method list"); -+ return -1; -+ } -+ omethods = methods = xstrdup(_methods); -+ while ((method = strsep(&methods, ",")) != NULL) { -+ for (found = i = 0; !found && authmethods[i] != NULL; i++) { -+ if (strcmp(method, authmethods[i]->name) != 0) -+ continue; -+ if (need_enable) { -+ if (authmethods[i]->enabled == NULL || -+ *(authmethods[i]->enabled) == 0) { -+ error("Disabled method "%s" in " -+ "AuthenticationMethods list "%s"", -+ method, _methods); -+ goto out; -+ } -+ } -+ found = 1; -+ break; -+ } -+ if (!found) { -+ error("Unknown authentication method "%s" in list", -+ method); -+ goto out; -+ } -+ } -+ ret = 0; -+ out: -+ free(omethods); -+ return ret; -+} -+ -+/* -+ * Prune the AuthenticationMethods supplied in the configuration, removing -+ * any methods lists that include disabled methods. Note that this might -+ * leave authctxt->num_auth_methods == 0, even when multiple required auth -+ * has been requested. For this reason, all tests for whether multiple is -+ * enabled should consult options.num_auth_methods directly. -+ */ -+int -+auth2_setup_methods_lists(Authctxt *authctxt) -+{ -+ u_int i; -+ -+ if (options.num_auth_methods == 0) -+ return 0; -+ debug3("%s: checking methods", __func__); -+ authctxt->auth_methods = xcalloc(options.num_auth_methods, -+ sizeof(*authctxt->auth_methods)); -+ authctxt->num_auth_methods = 0; -+ for (i = 0; i < options.num_auth_methods; i++) { -+ if (auth2_methods_valid(options.auth_methods[i], 1) != 0) { -+ logit("Authentication methods list "%s" contains " -+ "disabled method, skipping", -+ options.auth_methods[i]); -+ continue; -+ } -+ debug("authentication methods list %d: %s", -+ authctxt->num_auth_methods, options.auth_methods[i]); -+ authctxt->auth_methods[authctxt->num_auth_methods++] = -+ xstrdup(options.auth_methods[i]); -+ } -+ if (authctxt->num_auth_methods == 0) { -+ error("No AuthenticationMethods left after eliminating " -+ "disabled methods"); -+ return -1; -+ } -+ return 0; -+} -+ -+static int -+list_starts_with(const char *methods, const char *method) -+{ -+ size_t l = strlen(method); -+ -+ if (strncmp(methods, method, l) != 0) -+ return 0; -+ if (methods[l] != ',' && methods[l] != '\0') -+ return 0; -+ return 1; -+} -+ -+/* -+ * Remove method from the start of a comma-separated list of methods. -+ * Returns 0 if the list of methods did not start with that method or 1 -+ * if it did. -+ */ -+static int -+remove_method(char **methods, const char *method) -+{ -+ char *omethods = *methods; -+ size_t l = strlen(method); -+ -+ if (!list_starts_with(omethods, method)) -+ return 0; -+ *methods = xstrdup(omethods + l + (omethods[l] == ',' ? 1 : 0)); -+ free(omethods); -+ return 1; -+} -+ -+/* -+ * Called after successful authentication. Will remove the successful method -+ * from the start of each list in which it occurs. If it was the last method -+ * in any list, then authentication is deemed successful. -+ * Returns 1 if the method completed any authentication list or 0 otherwise. -+ */ -+int -+auth2_update_methods_lists(Authctxt *authctxt, const char *method) -+{ -+ u_int i, found = 0; -+ -+ debug3("%s: updating methods list after "%s"", __func__, method); -+ for (i = 0; i < authctxt->num_auth_methods; i++) { -+ if (!remove_method(&(authctxt->auth_methods[i]), method)) -+ continue; -+ found = 1; -+ if (*authctxt->auth_methods[i] == '\0') { -+ debug2("authentication methods list %d complete", i); -+ return 1; -+ } -+ debug3("authentication methods list %d remaining: "%s"", -+ i, authctxt->auth_methods[i]); -+ } -+ /* This should not happen, but would be bad if it did */ -+ if (!found) -+ fatal("%s: method not in AuthenticationMethods", __func__); -+ return 0; -+} -diff --git a/monitor.c b/monitor.c -index 1dc42f5..66f3eea 100644 ---- a/monitor.c -+++ b/monitor.c -@@ -199,6 +199,7 @@ static int key_blobtype = MM_NOKEY; - static char *hostbased_cuser = NULL; - static char *hostbased_chost = NULL; - static char *auth_method = "unknown"; -+static char *auth_submethod = NULL; - static u_int session_id2_len = 0; - static u_char *session_id2 = NULL; - static pid_t monitor_child_pid; -@@ -352,7 +353,7 @@ void - monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) - { - struct mon_table *ent; -- int authenticated = 0; -+ int authenticated = 0, partial = 0; - - debug3("preauth child monitor started"); - -@@ -379,8 +380,26 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) - - /* The first few requests do not require asynchronous access */ - while (!authenticated) { -+ partial = 0; - auth_method = "unknown"; -+ auth_submethod = NULL; - authenticated = (monitor_read(pmonitor, mon_dispatch, &ent) == 1); -+ -+ /* Special handling for multiple required authentications */ -+ if (options.num_auth_methods != 0) { -+ if (!compat20) -+ fatal("AuthenticationMethods is not supported" -+ "with SSH protocol 1"); -+ if (authenticated && -+ !auth2_update_methods_lists(authctxt, -+ auth_method)) { -+ debug3("%s: method %s: partial", __func__, -+ auth_method); -+ authenticated = 0; -+ partial = 1; -+ } -+ } -+ - if (authenticated) { - if (!(ent->flags & MON_AUTHDECIDE)) - fatal("%s: unexpected authentication from %d", -@@ -403,9 +422,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) - } - - if (ent->flags & (MON_AUTHDECIDE|MON_ALOG)) { -- auth_log(authctxt, authenticated, auth_method, -+ auth_log(authctxt, authenticated, partial, -+ auth_method, auth_submethod, - compat20 ? " ssh2" : ""); -- if (!authenticated) -+ if (!authenticated && !partial) - authctxt->failures++; - } - #ifdef JPAKE -@@ -781,7 +801,17 @@ mm_answer_pwnamallow(int sock, Buffer *m) - COPY_MATCH_STRING_OPTS(); - #undef M_CP_STROPT - #undef M_CP_STRARRAYOPT -- -+ -+ /* Create valid auth method lists */ -+ if (compat20 && auth2_setup_methods_lists(authctxt) != 0) { -+ /* -+ * The monitor will continue long enough to let the child -+ * run to it's packet_disconnect(), but it must not allow any -+ * authentication to succeed. -+ */ -+ debug("%s: no valid authentication method lists", __func__); -+ } -+ - debug3("%s: sending MONITOR_ANS_PWNAM: %d", __func__, allowed); - mm_request_send(sock, MONITOR_ANS_PWNAM, m); - -@@ -918,7 +948,11 @@ mm_answer_bsdauthrespond(int sock, Buffer *m) - debug3("%s: sending authenticated: %d", __func__, authok); - mm_request_send(sock, MONITOR_ANS_BSDAUTHRESPOND, m); - -- auth_method = "bsdauth"; -+ if (compat20) -+ auth_method = "keyboard-interactive"; /* XXX auth_submethod */ -+ else -+ auth_method = "bsdauth"; -+ - - return (authok != 0); - } -@@ -1057,7 +1091,9 @@ mm_answer_pam_query(int sock, Buffer *m) - xfree(prompts); - if (echo_on != NULL) - xfree(echo_on); -- auth_method = "keyboard-interactive/pam"; -+ auth_method = "keyboard-interactive"; -+ auth_submethod = "pam"; -+ - mm_request_send(sock, MONITOR_ANS_PAM_QUERY, m); - return (0); - } -@@ -1086,7 +1122,8 @@ mm_answer_pam_respond(int sock, Buffer *m) - buffer_clear(m); - buffer_put_int(m, ret); - mm_request_send(sock, MONITOR_ANS_PAM_RESPOND, m); -- auth_method = "keyboard-interactive/pam"; -+ auth_method = "keyboard-interactive"; -+ auth_submethod= "pam"; - if (ret == 0) - sshpam_authok = sshpam_ctxt; - return (0); -@@ -1100,7 +1137,8 @@ mm_answer_pam_free_ctx(int sock, Buffer *m) - (sshpam_device.free_ctx)(sshpam_ctxt); - buffer_clear(m); - mm_request_send(sock, MONITOR_ANS_PAM_FREE_CTX, m); -- auth_method = "keyboard-interactive/pam"; -+ auth_method = "keyboard-interactive"; -+ auth_submethod = "pam"; - return (sshpam_authok == sshpam_ctxt); - } - #endif -@@ -1178,7 +1216,8 @@ mm_answer_keyallowed(int sock, Buffer *m) - hostbased_chost = chost; - } else { - /* Log failed attempt */ -- auth_log(authctxt, 0, auth_method, compat20 ? " ssh2" : ""); -+ auth_log(authctxt, 0, 0, auth_method, NULL, -+ compat20 ? " ssh2" : ""); - xfree(blob); - xfree(cuser); - xfree(chost); -diff --git a/servconf.c b/servconf.c -index 906778f..2c84993 100644 ---- a/servconf.c -+++ b/servconf.c -@@ -48,6 +48,8 @@ - #include "groupaccess.h" - #include "canohost.h" - #include "packet.h" -+#include "hostfile.h" -+#include "auth.h" - - static void add_listen_addr(ServerOptions *, char *, int); - static void add_one_listen_addr(ServerOptions *, char *, int); -@@ -329,6 +331,7 @@ typedef enum { - sZeroKnowledgePasswordAuthentication, sHostCertificate, - sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, - sKexAlgorithms, sIPQoS, sVersionAddendum, -+ sAuthenticationMethods, - sDeprecated, sUnsupported - } ServerOpCodes; - -@@ -454,6 +457,7 @@ static struct { - { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, - { "ipqos", sIPQoS, SSHCFG_ALL }, - { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, -+ { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, - { NULL, sBadOption, 0 } - }; - -@@ -1498,6 +1502,24 @@ process_server_config_line(ServerOptions *options, char *line, - } - return 0; - -+ case sAuthenticationMethods: -+ if (*activep && options->num_auth_methods == 0) { -+ while ((arg = strdelim(&cp)) && *arg != '\0') { -+ if (options->num_auth_methods >= -+ MAX_AUTH_METHODS) -+ fatal("%s line %d: " -+ "too many authentication methods.", -+ filename, linenum); -+ if (auth2_methods_valid(arg, 0) != 0) -+ fatal("%s line %d: invalid " -+ "authentication method list.", -+ filename, linenum); -+ options->auth_methods[ -+ options->num_auth_methods++] = xstrdup(arg); -+ } -+ } -+ return 0; -+ - case sDeprecated: - logit("%s line %d: Deprecated option %s", - filename, linenum, arg); -@@ -1925,6 +1947,8 @@ dump_config(ServerOptions *o) - dump_cfg_strarray(sAllowGroups, o->num_allow_groups, o->allow_groups); - dump_cfg_strarray(sDenyGroups, o->num_deny_groups, o->deny_groups); - dump_cfg_strarray(sAcceptEnv, o->num_accept_env, o->accept_env); -+ dump_cfg_strarray_oneline(sAuthenticationMethods, -+ o->num_auth_methods, o->auth_methods); - - /* other arguments */ - for (i = 0; i < o->num_subsystems; i++) -diff --git a/servconf.h b/servconf.h -index 096d596..ef80eef 100644 ---- a/servconf.h -+++ b/servconf.h -@@ -28,6 +28,7 @@ - #define MAX_ACCEPT_ENV 256 /* Max # of env vars. */ - #define MAX_MATCH_GROUPS 256 /* Max # of groups for Match. */ - #define MAX_AUTHKEYS_FILES 256 /* Max # of authorized_keys files. */ -+#define MAX_AUTH_METHODS 256 /* Max # of AuthenticationMethods. */ - - /* permit_root_login */ - #define PERMIT_NOT_SET -1 -@@ -168,6 +169,9 @@ typedef struct { - char *authorized_principals_file; - - char *version_addendum; /* Appended to SSH banner */ -+ -+ u_int num_auth_methods; -+ char *auth_methods[MAX_AUTH_METHODS]; - } ServerOptions; - - /* Information about the incoming connection as used by Match */ -@@ -197,6 +201,7 @@ struct connection_info { - M_CP_STRARRAYOPT(allow_groups, num_allow_groups); \ - M_CP_STRARRAYOPT(deny_groups, num_deny_groups); \ - M_CP_STRARRAYOPT(accept_env, num_accept_env); \ -+ M_CP_STRARRAYOPT(auth_methods, num_auth_methods); \ - } while (0) - - struct connection_info *get_connection_info(int, int); -diff --git a/sshd.c b/sshd.c -index d5ec4e6..cb4bdd3 100644 ---- a/sshd.c -+++ b/sshd.c -@@ -1333,6 +1333,7 @@ main(int ac, char **av) - int remote_port; - char *line; - int config_s[2] = { -1 , -1 }; -+ u_int n; - u_int64_t ibytes, obytes; - mode_t new_umask; - Key *key; -@@ -1555,6 +1556,26 @@ main(int ac, char **av) - if (options.challenge_response_authentication) - options.kbd_interactive_authentication = 1; - -+ /* -+ * Check whether there is any path through configured auth methods. -+ * Unfortunately it is not possible to verify this generally before -+ * daemonisation in the presence of Match block, but this catches -+ * and warns for trivial misconfigurations that could break login. -+ */ -+ if (options.num_auth_methods != 0) { -+ if ((options.protocol & SSH_PROTO_1)) -+ fatal("AuthenticationMethods is not supported with " -+ "SSH protocol 1"); -+ for (n = 0; n < options.num_auth_methods; n++) { -+ if (auth2_methods_valid(options.auth_methods[n], -+ 1) == 0) -+ break; -+ } -+ if (n >= options.num_auth_methods) -+ fatal("AuthenticationMethods cannot be satisfied by " -+ "enabled authentication methods"); -+ } -+ - /* set default channel AF */ - channel_set_af(options.address_family); - -diff --git a/sshd_config.5 b/sshd_config.5 -index 314ecfb..ed81ac8 100644 ---- a/sshd_config.5 -+++ b/sshd_config.5 -@@ -151,6 +151,28 @@ See - in - .Xr ssh_config 5 - for more information on patterns. -+.It Cm AuthenticationMethods -+Specifies the authentication methods that must be successfully completed -+for a user to be granted access. -+This option must be followed by one or more comma-separated lists of -+authentication method names. -+Successful authentication requires completion of every method in at least -+one of these lists. -+.Pp -+For example, an argument of -+.Dq publickey,password publickey,keyboard-interactive -+would require the user to complete public key authentication, followed by -+either password or keyboard interactive authentication. -+Only methods that are next in one or more lists are offered at each stage, -+so for this example, it would not be possible to attempt password or -+keyboard-interactive authentication before public key. -+.Pp -+This option is only available for SSH protocol 2 and will yield a fatal -+error if enabled if protocol 1 is also enabled. -+Note that each authentication method listed should also be explicitly enabled -+in the configuration. -+The default is not to require multiple authentication; successful completion -+of a single authentication method is sufficient. - .It Cm AuthorizedKeysFile - Specifies the file that contains the public keys that can be used - for user authentication. -@@ -711,6 +733,7 @@ Available keywords are - .Cm AllowGroups , - .Cm AllowTcpForwarding , - .Cm AllowUsers , -+.Cm AuthenticationMethods , - .Cm AuthorizedKeysFile , - .Cm AuthorizedPrincipalsFile , - .Cm Banner , diff --git a/openssh/patches/openssh-6.1p1-coverity.patch b/openssh/patches/openssh-6.1p1-coverity.patch deleted file mode 100644 index 0c8fb23..0000000 --- a/openssh/patches/openssh-6.1p1-coverity.patch +++ /dev/null @@ -1,806 +0,0 @@ -diff -up openssh-6.1p1/auth-pam.c.coverity openssh-6.1p1/auth-pam.c ---- openssh-6.1p1/auth-pam.c.coverity 2009-07-12 14:07:21.000000000 +0200 -+++ openssh-6.1p1/auth-pam.c 2012-09-14 21:16:41.264906486 +0200 -@@ -216,7 +216,12 @@ pthread_join(sp_pthread_t thread, void * - if (sshpam_thread_status != -1) - return (sshpam_thread_status); - signal(SIGCHLD, sshpam_oldsig); -- waitpid(thread, &status, 0); -+ while (waitpid(thread, &status, 0) < 0) { -+ if (errno == EINTR) -+ continue; -+ fatal("%s: waitpid: %s", __func__, -+ strerror(errno)); -+ } - return (status); - } - #endif -diff -up openssh-6.1p1/clientloop.c.coverity openssh-6.1p1/clientloop.c ---- openssh-6.1p1/clientloop.c.coverity 2012-06-20 14:31:27.000000000 +0200 -+++ openssh-6.1p1/clientloop.c 2012-09-14 21:16:41.267906501 +0200 -@@ -2006,14 +2006,15 @@ client_input_global_request(int type, u_ - char *rtype; - int want_reply; - int success = 0; -+/* success is still 0 the packet is allways SSH2_MSG_REQUEST_FAILURE, isn't it? */ - - rtype = packet_get_string(NULL); - want_reply = packet_get_char(); - debug("client_input_global_request: rtype %s want_reply %d", - rtype, want_reply); - if (want_reply) { -- packet_start(success ? -- SSH2_MSG_REQUEST_SUCCESS : SSH2_MSG_REQUEST_FAILURE); -+ packet_start(/*success ? -+ SSH2_MSG_REQUEST_SUCCESS :*/ SSH2_MSG_REQUEST_FAILURE); - packet_send(); - packet_write_wait(); - } -diff -up openssh-6.1p1/channels.c.coverity openssh-6.1p1/channels.c ---- openssh-6.1p1/channels.c.coverity 2012-04-23 10:21:05.000000000 +0200 -+++ openssh-6.1p1/channels.c 2012-09-14 21:16:41.272906528 +0200 -@@ -232,11 +232,11 @@ channel_register_fds(Channel *c, int rfd - channel_max_fd = MAX(channel_max_fd, wfd); - channel_max_fd = MAX(channel_max_fd, efd); - -- if (rfd != -1) -+ if (rfd >= 0) - fcntl(rfd, F_SETFD, FD_CLOEXEC); -- if (wfd != -1 && wfd != rfd) -+ if (wfd >= 0 && wfd != rfd) - fcntl(wfd, F_SETFD, FD_CLOEXEC); -- if (efd != -1 && efd != rfd && efd != wfd) -+ if (efd >= 0 && efd != rfd && efd != wfd) - fcntl(efd, F_SETFD, FD_CLOEXEC); - - c->rfd = rfd; -@@ -251,11 +251,11 @@ channel_register_fds(Channel *c, int rfd - - /* enable nonblocking mode */ - if (nonblock) { -- if (rfd != -1) -+ if (rfd >= 0) - set_nonblock(rfd); -- if (wfd != -1) -+ if (wfd >= 0) - set_nonblock(wfd); -- if (efd != -1) -+ if (efd >= 0) - set_nonblock(efd); - } - } -diff -up openssh-6.1p1/key.c.coverity openssh-6.1p1/key.c ---- openssh-6.1p1/key.c.coverity 2012-06-30 12:05:02.000000000 +0200 -+++ openssh-6.1p1/key.c 2012-09-14 21:16:41.274906537 +0200 -@@ -808,8 +808,10 @@ key_read(Key *ret, char **cpp) - success = 1; - /*XXXX*/ - key_free(k); -+/*XXXX - if (success != 1) - break; -+XXXX*/ - /* advance cp: skip whitespace and data */ - while (*cp == ' ' || *cp == '\t') - cp++; -diff -up openssh-6.1p1/monitor.c.coverity openssh-6.1p1/monitor.c ---- openssh-6.1p1/monitor.c.coverity 2012-06-30 00:33:17.000000000 +0200 -+++ openssh-6.1p1/monitor.c 2012-09-14 21:16:41.277906552 +0200 -@@ -420,7 +420,7 @@ monitor_child_preauth(Authctxt *_authctx - } - - /* Drain any buffered messages from the child */ -- while (pmonitor->m_log_recvfd != -1 && monitor_read_log(pmonitor) == 0) -+ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0) - ; - - if (!authctxt->valid) -@@ -1159,6 +1159,10 @@ mm_answer_keyallowed(int sock, Buffer *m - break; - } - } -+ -+ debug3("%s: key %p is %s", -+ __func__, key, allowed ? "allowed" : "not allowed"); -+ - if (key != NULL) - key_free(key); - -@@ -1180,9 +1184,6 @@ mm_answer_keyallowed(int sock, Buffer *m - xfree(chost); - } - -- debug3("%s: key %p is %s", -- __func__, key, allowed ? "allowed" : "not allowed"); -- - buffer_clear(m); - buffer_put_int(m, allowed); - buffer_put_int(m, forced_command != NULL); -diff -up openssh-6.1p1/monitor_wrap.c.coverity openssh-6.1p1/monitor_wrap.c ---- openssh-6.1p1/monitor_wrap.c.coverity 2011-06-20 06:42:23.000000000 +0200 -+++ openssh-6.1p1/monitor_wrap.c 2012-09-14 21:16:41.280906568 +0200 -@@ -707,10 +707,10 @@ mm_pty_allocate(int *ptyfd, int *ttyfd, - if ((tmp1 = dup(pmonitor->m_recvfd)) == -1 || - (tmp2 = dup(pmonitor->m_recvfd)) == -1) { - error("%s: cannot allocate fds for pty", __func__); -- if (tmp1 > 0) -+ if (tmp1 >= 0) - close(tmp1); -- if (tmp2 > 0) -- close(tmp2); -+ /*DEAD CODE if (tmp2 >= 0) -+ close(tmp2);*/ - return 0; - } - close(tmp1); -diff -up openssh-6.1p1/openbsd-compat/bindresvport.c.coverity openssh-6.1p1/openbsd-compat/bindresvport.c ---- openssh-6.1p1/openbsd-compat/bindresvport.c.coverity 2010-12-03 00:50:26.000000000 +0100 -+++ openssh-6.1p1/openbsd-compat/bindresvport.c 2012-09-14 21:16:41.281906573 +0200 -@@ -58,7 +58,7 @@ bindresvport_sa(int sd, struct sockaddr - struct sockaddr_in6 *in6; - u_int16_t *portp; - u_int16_t port; -- socklen_t salen; -+ socklen_t salen = sizeof(struct sockaddr_storage); - int i; - - if (sa == NULL) { -diff -up openssh-6.1p1/packet.c.coverity openssh-6.1p1/packet.c ---- openssh-6.1p1/packet.c.coverity 2012-03-09 00:28:07.000000000 +0100 -+++ openssh-6.1p1/packet.c 2012-09-14 21:16:41.284906588 +0200 -@@ -1177,6 +1177,7 @@ packet_read_poll1(void) - case DEATTACK_DETECTED: - packet_disconnect("crc32 compensation attack: " - "network attack detected"); -+ break; - case DEATTACK_DOS_DETECTED: - packet_disconnect("deattack denial of " - "service detected"); -@@ -1678,7 +1679,7 @@ void - packet_write_wait(void) - { - fd_set *setp; -- int ret, ms_remain; -+ int ret, ms_remain = 0; - struct timeval start, timeout, *timeoutp = NULL; - - setp = (fd_set *)xcalloc(howmany(active_state->connection_out + 1, -diff -up openssh-6.1p1/progressmeter.c.coverity openssh-6.1p1/progressmeter.c ---- openssh-6.1p1/progressmeter.c.coverity 2006-08-05 04:39:40.000000000 +0200 -+++ openssh-6.1p1/progressmeter.c 2012-09-14 21:16:41.285906593 +0200 -@@ -65,7 +65,7 @@ static void update_progress_meter(int); - - static time_t start; /* start progress */ - static time_t last_update; /* last progress update */ --static char *file; /* name of the file being transferred */ -+static const char *file; /* name of the file being transferred */ - static off_t end_pos; /* ending position of transfer */ - static off_t cur_pos; /* transfer position as of last refresh */ - static volatile off_t *counter; /* progress counter */ -@@ -247,7 +247,7 @@ update_progress_meter(int ignore) - } - - void --start_progress_meter(char *f, off_t filesize, off_t *ctr) -+start_progress_meter(const char *f, off_t filesize, off_t *ctr) - { - start = last_update = time(NULL); - file = f; -diff -up openssh-6.1p1/progressmeter.h.coverity openssh-6.1p1/progressmeter.h ---- openssh-6.1p1/progressmeter.h.coverity 2006-03-26 05:30:02.000000000 +0200 -+++ openssh-6.1p1/progressmeter.h 2012-09-14 21:16:41.286906598 +0200 -@@ -23,5 +23,5 @@ - * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - */ - --void start_progress_meter(char *, off_t, off_t *); -+void start_progress_meter(const char *, off_t, off_t *); - void stop_progress_meter(void); -diff -up openssh-6.1p1/scp.c.coverity openssh-6.1p1/scp.c ---- openssh-6.1p1/scp.c.coverity 2011-09-22 13:38:01.000000000 +0200 -+++ openssh-6.1p1/scp.c 2012-09-14 21:16:41.288906608 +0200 -@@ -155,7 +155,7 @@ killchild(int signo) - { - if (do_cmd_pid > 1) { - kill(do_cmd_pid, signo ? signo : SIGTERM); -- waitpid(do_cmd_pid, NULL, 0); -+ (void) waitpid(do_cmd_pid, NULL, 0); - } - - if (signo) -diff -up openssh-6.1p1/servconf.c.coverity openssh-6.1p1/servconf.c ---- openssh-6.1p1/servconf.c.coverity 2012-07-31 04:22:38.000000000 +0200 -+++ openssh-6.1p1/servconf.c 2012-09-14 21:16:41.291906623 +0200 -@@ -1249,7 +1249,7 @@ process_server_config_line(ServerOptions - fatal("%s line %d: Missing subsystem name.", - filename, linenum); - if (!*activep) { -- arg = strdelim(&cp); -+ /*arg =*/ (void) strdelim(&cp); - break; - } - for (i = 0; i < options->num_subsystems; i++) -@@ -1340,8 +1340,9 @@ process_server_config_line(ServerOptions - if (*activep && *charptr == NULL) { - *charptr = tilde_expand_filename(arg, getuid()); - /* increase optional counter */ -- if (intptr != NULL) -- *intptr = *intptr + 1; -+ /* DEAD CODE intptr is still NULL ;) -+ if (intptr != NULL) -+ *intptr = *intptr + 1; */ - } - break; - -diff -up openssh-6.1p1/serverloop.c.coverity openssh-6.1p1/serverloop.c ---- openssh-6.1p1/serverloop.c.coverity 2012-06-20 14:31:27.000000000 +0200 -+++ openssh-6.1p1/serverloop.c 2012-09-14 21:16:41.294906638 +0200 -@@ -147,13 +147,13 @@ notify_setup(void) - static void - notify_parent(void) - { -- if (notify_pipe[1] != -1) -+ if (notify_pipe[1] >= 0) - write(notify_pipe[1], "", 1); - } - static void - notify_prepare(fd_set *readset) - { -- if (notify_pipe[0] != -1) -+ if (notify_pipe[0] >= 0) - FD_SET(notify_pipe[0], readset); - } - static void -@@ -161,8 +161,8 @@ notify_done(fd_set *readset) - { - char c; - -- if (notify_pipe[0] != -1 && FD_ISSET(notify_pipe[0], readset)) -- while (read(notify_pipe[0], &c, 1) != -1) -+ if (notify_pipe[0] >= 0 && FD_ISSET(notify_pipe[0], readset)) -+ while (read(notify_pipe[0], &c, 1) >= 0) - debug2("notify_done: reading"); - } - -@@ -336,7 +336,7 @@ wait_until_can_do_something(fd_set **rea - * If we have buffered data, try to write some of that data - * to the program. - */ -- if (fdin != -1 && buffer_len(&stdin_buffer) > 0) -+ if (fdin >= 0 && buffer_len(&stdin_buffer) > 0) - FD_SET(fdin, *writesetp); - } - notify_prepare(*readsetp); -@@ -476,7 +476,7 @@ process_output(fd_set *writeset) - int len; - - /* Write buffered data to program stdin. */ -- if (!compat20 && fdin != -1 && FD_ISSET(fdin, writeset)) { -+ if (!compat20 && fdin >= 0 && FD_ISSET(fdin, writeset)) { - data = buffer_ptr(&stdin_buffer); - dlen = buffer_len(&stdin_buffer); - len = write(fdin, data, dlen); -@@ -589,7 +589,7 @@ server_loop(pid_t pid, int fdin_arg, int - set_nonblock(fdin); - set_nonblock(fdout); - /* we don't have stderr for interactive terminal sessions, see below */ -- if (fderr != -1) -+ if (fderr >= 0) - set_nonblock(fderr); - - if (!(datafellows & SSH_BUG_IGNOREMSG) && isatty(fdin)) -@@ -613,7 +613,7 @@ server_loop(pid_t pid, int fdin_arg, int - max_fd = MAX(connection_in, connection_out); - max_fd = MAX(max_fd, fdin); - max_fd = MAX(max_fd, fdout); -- if (fderr != -1) -+ if (fderr >= 0) - max_fd = MAX(max_fd, fderr); - #endif - -@@ -643,7 +643,7 @@ server_loop(pid_t pid, int fdin_arg, int - * If we have received eof, and there is no more pending - * input data, cause a real eof by closing fdin. - */ -- if (stdin_eof && fdin != -1 && buffer_len(&stdin_buffer) == 0) { -+ if (stdin_eof && fdin >= 0 && buffer_len(&stdin_buffer) == 0) { - if (fdin != fdout) - close(fdin); - else -@@ -741,15 +741,15 @@ server_loop(pid_t pid, int fdin_arg, int - buffer_free(&stderr_buffer); - - /* Close the file descriptors. */ -- if (fdout != -1) -+ if (fdout >= 0) - close(fdout); - fdout = -1; - fdout_eof = 1; -- if (fderr != -1) -+ if (fderr >= 0) - close(fderr); - fderr = -1; - fderr_eof = 1; -- if (fdin != -1) -+ if (fdin >= 0) - close(fdin); - fdin = -1; - -@@ -943,7 +943,7 @@ server_input_window_size(int type, u_int - - debug("Window change received."); - packet_check_eom(); -- if (fdin != -1) -+ if (fdin >= 0) - pty_change_window_size(fdin, row, col, xpixel, ypixel); - } - -@@ -996,7 +996,7 @@ server_request_tun(void) - } - - tun = packet_get_int(); -- if (forced_tun_device != -1) { -+ if (forced_tun_device >= 0) { - if (tun != SSH_TUNID_ANY && forced_tun_device != tun) - goto done; - tun = forced_tun_device; -diff -up openssh-6.1p1/sftp.c.coverity openssh-6.1p1/sftp.c ---- openssh-6.1p1/sftp.c.coverity 2012-06-30 00:33:32.000000000 +0200 -+++ openssh-6.1p1/sftp.c 2012-09-14 21:16:41.297906653 +0200 -@@ -206,7 +206,7 @@ killchild(int signo) - { - if (sshpid > 1) { - kill(sshpid, SIGTERM); -- waitpid(sshpid, NULL, 0); -+ (void) waitpid(sshpid, NULL, 0); - } - - _exit(1); -@@ -316,7 +316,7 @@ local_do_ls(const char *args) - - /* Strip one path (usually the pwd) from the start of another */ - static char * --path_strip(char *path, char *strip) -+path_strip(const char *path, const char *strip) - { - size_t len; - -@@ -334,7 +334,7 @@ path_strip(char *path, char *strip) - } - - static char * --make_absolute(char *p, char *pwd) -+make_absolute(char *p, const char *pwd) - { - char *abs_str; - -@@ -482,7 +482,7 @@ parse_df_flags(const char *cmd, char **a - } - - static int --is_dir(char *path) -+is_dir(const char *path) - { - struct stat sb; - -@@ -494,7 +494,7 @@ is_dir(char *path) - } - - static int --remote_is_dir(struct sftp_conn *conn, char *path) -+remote_is_dir(struct sftp_conn *conn, const char *path) - { - Attrib *a; - -@@ -508,7 +508,7 @@ remote_is_dir(struct sftp_conn *conn, ch - - /* Check whether path returned from glob(..., GLOB_MARK, ...) is a directory */ - static int --pathname_is_dir(char *pathname) -+pathname_is_dir(const char *pathname) - { - size_t l = strlen(pathname); - -@@ -516,7 +516,7 @@ pathname_is_dir(char *pathname) - } - - static int --process_get(struct sftp_conn *conn, char *src, char *dst, char *pwd, -+process_get(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd, - int pflag, int rflag) - { - char *abs_src = NULL; -@@ -590,7 +590,7 @@ out: - } - - static int --process_put(struct sftp_conn *conn, char *src, char *dst, char *pwd, -+process_put(struct sftp_conn *conn, const char *src, const char *dst, const char *pwd, - int pflag, int rflag) - { - char *tmp_dst = NULL; -@@ -695,7 +695,7 @@ sdirent_comp(const void *aa, const void - - /* sftp ls.1 replacement for directories */ - static int --do_ls_dir(struct sftp_conn *conn, char *path, char *strip_path, int lflag) -+do_ls_dir(struct sftp_conn *conn, const char *path, const char *strip_path, int lflag) - { - int n; - u_int c = 1, colspace = 0, columns = 1; -@@ -780,7 +780,7 @@ do_ls_dir(struct sftp_conn *conn, char * - - /* sftp ls.1 replacement which handles path globs */ - static int --do_globbed_ls(struct sftp_conn *conn, char *path, char *strip_path, -+do_globbed_ls(struct sftp_conn *conn, const char *path, const char *strip_path, - int lflag) - { - char *fname, *lname; -@@ -861,7 +861,7 @@ do_globbed_ls(struct sftp_conn *conn, ch - } - - static int --do_df(struct sftp_conn *conn, char *path, int hflag, int iflag) -+do_df(struct sftp_conn *conn, const char *path, int hflag, int iflag) - { - struct sftp_statvfs st; - char s_used[FMT_SCALED_STRSIZE]; -diff -up openssh-6.1p1/sftp-client.c.coverity openssh-6.1p1/sftp-client.c ---- openssh-6.1p1/sftp-client.c.coverity 2012-07-02 14:15:39.000000000 +0200 -+++ openssh-6.1p1/sftp-client.c 2012-09-14 21:18:16.891332281 +0200 -@@ -149,7 +149,7 @@ get_msg(struct sftp_conn *conn, Buffer * - } - - static void --send_string_request(struct sftp_conn *conn, u_int id, u_int code, char *s, -+send_string_request(struct sftp_conn *conn, u_int id, u_int code, const char *s, - u_int len) - { - Buffer msg; -@@ -165,7 +165,7 @@ send_string_request(struct sftp_conn *co - - static void - send_string_attrs_request(struct sftp_conn *conn, u_int id, u_int code, -- char *s, u_int len, Attrib *a) -+ const char *s, u_int len, Attrib *a) - { - Buffer msg; - -@@ -422,7 +422,7 @@ sftp_proto_version(struct sftp_conn *con - } - - int --do_close(struct sftp_conn *conn, char *handle, u_int handle_len) -+do_close(struct sftp_conn *conn, const char *handle, u_int handle_len) - { - u_int id, status; - Buffer msg; -@@ -447,7 +447,7 @@ do_close(struct sftp_conn *conn, char *h - - - static int --do_lsreaddir(struct sftp_conn *conn, char *path, int printflag, -+do_lsreaddir(struct sftp_conn *conn, const char *path, int printflag, - SFTP_DIRENT ***dir) - { - Buffer msg; -@@ -572,7 +572,7 @@ do_lsreaddir(struct sftp_conn *conn, cha - } - - int --do_readdir(struct sftp_conn *conn, char *path, SFTP_DIRENT ***dir) -+do_readdir(struct sftp_conn *conn, const char *path, SFTP_DIRENT ***dir) - { - return(do_lsreaddir(conn, path, 0, dir)); - } -@@ -590,7 +590,7 @@ void free_sftp_dirents(SFTP_DIRENT **s) - } - - int --do_rm(struct sftp_conn *conn, char *path) -+do_rm(struct sftp_conn *conn, const char *path) - { - u_int status, id; - -@@ -605,7 +605,7 @@ do_rm(struct sftp_conn *conn, char *path - } - - int --do_mkdir(struct sftp_conn *conn, char *path, Attrib *a, int printflag) -+do_mkdir(struct sftp_conn *conn, const char *path, Attrib *a, int printflag) - { - u_int status, id; - -@@ -621,7 +621,7 @@ do_mkdir(struct sftp_conn *conn, char *p - } - - int --do_rmdir(struct sftp_conn *conn, char *path) -+do_rmdir(struct sftp_conn *conn, const char *path) - { - u_int status, id; - -@@ -637,7 +637,7 @@ do_rmdir(struct sftp_conn *conn, char *p - } - - Attrib * --do_stat(struct sftp_conn *conn, char *path, int quiet) -+do_stat(struct sftp_conn *conn, const char *path, int quiet) - { - u_int id; - -@@ -651,7 +651,7 @@ do_stat(struct sftp_conn *conn, char *pa - } - - Attrib * --do_lstat(struct sftp_conn *conn, char *path, int quiet) -+do_lstat(struct sftp_conn *conn, const char *path, int quiet) - { - u_int id; - -@@ -685,7 +685,7 @@ do_fstat(struct sftp_conn *conn, char *h - #endif - - int --do_setstat(struct sftp_conn *conn, char *path, Attrib *a) -+do_setstat(struct sftp_conn *conn, const char *path, Attrib *a) - { - u_int status, id; - -@@ -702,7 +702,7 @@ do_setstat(struct sftp_conn *conn, char - } - - int --do_fsetstat(struct sftp_conn *conn, char *handle, u_int handle_len, -+do_fsetstat(struct sftp_conn *conn, const char *handle, u_int handle_len, - Attrib *a) - { - u_int status, id; -@@ -719,7 +719,7 @@ do_fsetstat(struct sftp_conn *conn, char - } - - char * --do_realpath(struct sftp_conn *conn, char *path) -+do_realpath(struct sftp_conn *conn, const char *path) - { - Buffer msg; - u_int type, expected_id, count, id; -@@ -768,7 +768,7 @@ do_realpath(struct sftp_conn *conn, char - } - - int --do_rename(struct sftp_conn *conn, char *oldpath, char *newpath) -+do_rename(struct sftp_conn *conn, const char *oldpath, const char *newpath) - { - Buffer msg; - u_int status, id; -@@ -802,7 +802,7 @@ do_rename(struct sftp_conn *conn, char * - } - - int --do_hardlink(struct sftp_conn *conn, char *oldpath, char *newpath) -+do_hardlink(struct sftp_conn *conn, const char *oldpath, const char *newpath) - { - Buffer msg; - u_int status, id; -@@ -835,7 +835,7 @@ do_hardlink(struct sftp_conn *conn, char - } - - int --do_symlink(struct sftp_conn *conn, char *oldpath, char *newpath) -+do_symlink(struct sftp_conn *conn, const char *oldpath, const char *newpath) - { - Buffer msg; - u_int status, id; -@@ -987,7 +987,7 @@ send_read_request(struct sftp_conn *conn - } - - int --do_download(struct sftp_conn *conn, char *remote_path, char *local_path, -+do_download(struct sftp_conn *conn, const char *remote_path, const char *local_path, - Attrib *a, int pflag) - { - Attrib junk; -@@ -1226,7 +1226,7 @@ do_download(struct sftp_conn *conn, char - } - - static int --download_dir_internal(struct sftp_conn *conn, char *src, char *dst, -+download_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, - Attrib *dirattrib, int pflag, int printflag, int depth) - { - int i, ret = 0; -@@ -1316,7 +1316,7 @@ download_dir_internal(struct sftp_conn * - } - - int --download_dir(struct sftp_conn *conn, char *src, char *dst, -+download_dir(struct sftp_conn *conn, const char *src, const char *dst, - Attrib *dirattrib, int pflag, int printflag) - { - char *src_canon; -@@ -1334,7 +1334,7 @@ download_dir(struct sftp_conn *conn, cha - } - - int --do_upload(struct sftp_conn *conn, char *local_path, char *remote_path, -+do_upload(struct sftp_conn *conn, const char *local_path, const char *remote_path, - int pflag) - { - int local_fd; -@@ -1517,7 +1517,7 @@ do_upload(struct sftp_conn *conn, char * - } - - static int --upload_dir_internal(struct sftp_conn *conn, char *src, char *dst, -+upload_dir_internal(struct sftp_conn *conn, const char *src, const char *dst, - int pflag, int printflag, int depth) - { - int ret = 0, status; -@@ -1608,7 +1608,7 @@ upload_dir_internal(struct sftp_conn *co - } - - int --upload_dir(struct sftp_conn *conn, char *src, char *dst, int printflag, -+upload_dir(struct sftp_conn *conn, const char *src, const char *dst, int printflag, - int pflag) - { - char *dst_canon; -@@ -1625,7 +1625,7 @@ upload_dir(struct sftp_conn *conn, char - } - - char * --path_append(char *p1, char *p2) -+path_append(const char *p1, const char *p2) - { - char *ret; - size_t len = strlen(p1) + strlen(p2) + 2; -diff -up openssh-6.1p1/sftp-client.h.coverity openssh-6.1p1/sftp-client.h ---- openssh-6.1p1/sftp-client.h.coverity 2010-12-04 23:02:48.000000000 +0100 -+++ openssh-6.1p1/sftp-client.h 2012-09-14 21:16:41.301906674 +0200 -@@ -56,49 +56,49 @@ struct sftp_conn *do_init(int, int, u_in - u_int sftp_proto_version(struct sftp_conn *); - - /* Close file referred to by 'handle' */ --int do_close(struct sftp_conn *, char *, u_int); -+int do_close(struct sftp_conn *, const char *, u_int); - - /* Read contents of 'path' to NULL-terminated array 'dir' */ --int do_readdir(struct sftp_conn *, char *, SFTP_DIRENT ***); -+int do_readdir(struct sftp_conn *, const char *, SFTP_DIRENT ***); - - /* Frees a NULL-terminated array of SFTP_DIRENTs (eg. from do_readdir) */ - void free_sftp_dirents(SFTP_DIRENT **); - - /* Delete file 'path' */ --int do_rm(struct sftp_conn *, char *); -+int do_rm(struct sftp_conn *, const char *); - - /* Create directory 'path' */ --int do_mkdir(struct sftp_conn *, char *, Attrib *, int); -+int do_mkdir(struct sftp_conn *, const char *, Attrib *, int); - - /* Remove directory 'path' */ --int do_rmdir(struct sftp_conn *, char *); -+int do_rmdir(struct sftp_conn *, const char *); - - /* Get file attributes of 'path' (follows symlinks) */ --Attrib *do_stat(struct sftp_conn *, char *, int); -+Attrib *do_stat(struct sftp_conn *, const char *, int); - - /* Get file attributes of 'path' (does not follow symlinks) */ --Attrib *do_lstat(struct sftp_conn *, char *, int); -+Attrib *do_lstat(struct sftp_conn *, const char *, int); - - /* Set file attributes of 'path' */ --int do_setstat(struct sftp_conn *, char *, Attrib *); -+int do_setstat(struct sftp_conn *, const char *, Attrib *); - - /* Set file attributes of open file 'handle' */ --int do_fsetstat(struct sftp_conn *, char *, u_int, Attrib *); -+int do_fsetstat(struct sftp_conn *, const char *, u_int, Attrib *); - - /* Canonicalise 'path' - caller must free result */ --char *do_realpath(struct sftp_conn *, char *); -+char *do_realpath(struct sftp_conn *, const char *); - - /* Get statistics for filesystem hosting file at "path" */ - int do_statvfs(struct sftp_conn *, const char *, struct sftp_statvfs *, int); - - /* Rename 'oldpath' to 'newpath' */ --int do_rename(struct sftp_conn *, char *, char *); -+int do_rename(struct sftp_conn *, const char *, const char *); - - /* Link 'oldpath' to 'newpath' */ --int do_hardlink(struct sftp_conn *, char *, char *); -+int do_hardlink(struct sftp_conn *, const char *, const char *); - --/* Rename 'oldpath' to 'newpath' */ --int do_symlink(struct sftp_conn *, char *, char *); -+/* Symlink 'oldpath' to 'newpath' */ -+int do_symlink(struct sftp_conn *, const char *, const char *); - - /* XXX: add callbacks to do_download/do_upload so we can do progress meter */ - -@@ -106,27 +106,27 @@ int do_symlink(struct sftp_conn *, char - * Download 'remote_path' to 'local_path'. Preserve permissions and times - * if 'pflag' is set - */ --int do_download(struct sftp_conn *, char *, char *, Attrib *, int); -+int do_download(struct sftp_conn *, const char *, const char *, Attrib *, int); - - /* - * Recursively download 'remote_directory' to 'local_directory'. Preserve - * times if 'pflag' is set - */ --int download_dir(struct sftp_conn *, char *, char *, Attrib *, int, int); -+int download_dir(struct sftp_conn *, const char *, const char *, Attrib *, int, int); - - /* - * Upload 'local_path' to 'remote_path'. Preserve permissions and times - * if 'pflag' is set - */ --int do_upload(struct sftp_conn *, char *, char *, int); -+int do_upload(struct sftp_conn *, const char *, const char *, int); - - /* - * Recursively upload 'local_directory' to 'remote_directory'. Preserve - * times if 'pflag' is set - */ --int upload_dir(struct sftp_conn *, char *, char *, int, int); -+int upload_dir(struct sftp_conn *, const char *, const char *, int, int); - - /* Concatenate paths, taking care of slashes. Caller must free result. */ --char *path_append(char *, char *); -+char *path_append(const char *, const char *); - - #endif -diff -up openssh-6.1p1/ssh-agent.c.coverity openssh-6.1p1/ssh-agent.c ---- openssh-6.1p1/ssh-agent.c.coverity 2011-06-03 06:14:16.000000000 +0200 -+++ openssh-6.1p1/ssh-agent.c 2012-09-14 21:16:41.303906683 +0200 -@@ -1147,8 +1147,8 @@ main(int ac, char **av) - sanitise_stdfd(); - - /* drop */ -- setegid(getgid()); -- setgid(getgid()); -+ (void) setegid(getgid()); -+ (void) setgid(getgid()); - - #if defined(HAVE_PRCTL) && defined(PR_SET_DUMPABLE) - /* Disable ptrace on Linux without sgid bit */ -diff -up openssh-6.1p1/sshd.c.coverity openssh-6.1p1/sshd.c ---- openssh-6.1p1/sshd.c.coverity 2012-07-31 04:21:34.000000000 +0200 -+++ openssh-6.1p1/sshd.c 2012-09-14 21:16:41.307906705 +0200 -@@ -682,8 +682,10 @@ privsep_preauth(Authctxt *authctxt) - if (getuid() == 0 || geteuid() == 0) - privsep_preauth_child(); - setproctitle("%s", "[net]"); -- if (box != NULL) -+ if (box != NULL) { - ssh_sandbox_child(box); -+ xfree(box); -+ } - - return 0; - } -@@ -1311,6 +1313,9 @@ server_accept_loop(int *sock_in, int *so - if (num_listen_socks < 0) - break; - } -+ -+ if (fdset != NULL) -+ xfree(fdset); - } - - -@@ -1768,7 +1773,7 @@ main(int ac, char **av) - - /* Chdir to the root directory so that the current disk can be - unmounted if desired. */ -- chdir("/"); -+ (void) chdir("/"); - - /* ignore SIGPIPE */ - signal(SIGPIPE, SIG_IGN); diff --git a/openssh/patches/openssh-6.1p1-kuserok.patch b/openssh/patches/openssh-6.1p1-kuserok.patch deleted file mode 100644 index 7b695e0..0000000 --- a/openssh/patches/openssh-6.1p1-kuserok.patch +++ /dev/null @@ -1,167 +0,0 @@ -diff -up openssh-6.1p1/auth-krb5.c.kuserok openssh-6.1p1/auth-krb5.c ---- openssh-6.1p1/auth-krb5.c.kuserok 2012-09-14 21:08:16.941496194 +0200 -+++ openssh-6.1p1/auth-krb5.c 2012-09-14 21:08:17.063496896 +0200 -@@ -55,6 +55,20 @@ - - extern ServerOptions options; - -+int -+ssh_krb5_kuserok(krb5_context krb5_ctx, krb5_principal krb5_user, const char *client) -+{ -+ if (options.use_kuserok) -+ return krb5_kuserok(krb5_ctx, krb5_user, client); -+ else { -+ char kuser[65]; -+ -+ if (krb5_aname_to_localname(krb5_ctx, krb5_user, sizeof(kuser), kuser)) -+ return 0; -+ return strcmp(kuser, client) == 0; -+ } -+} -+ - static int - krb5_init(void *context) - { -@@ -147,7 +161,7 @@ auth_krb5_password(Authctxt *authctxt, c - if (problem) - goto out; - -- if (!krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) { -+ if (!ssh_krb5_kuserok(authctxt->krb5_ctx, authctxt->krb5_user, client)) { - problem = -1; - goto out; - } -diff -up openssh-6.1p1/gss-serv-krb5.c.kuserok openssh-6.1p1/gss-serv-krb5.c ---- openssh-6.1p1/gss-serv-krb5.c.kuserok 2012-09-14 21:08:17.019496642 +0200 -+++ openssh-6.1p1/gss-serv-krb5.c 2012-09-14 21:08:17.065496906 +0200 -@@ -68,6 +68,7 @@ static int ssh_gssapi_krb5_cmdok(krb5_pr - int); - - static krb5_context krb_context = NULL; -+extern int ssh_krb5_kuserok(krb5_context, krb5_principal, const char *); - - /* Initialise the krb5 library, for the stuff that GSSAPI won't do */ - -@@ -115,7 +116,7 @@ ssh_gssapi_krb5_userok(ssh_gssapi_client - /* NOTE: .k5login and .k5users must opened as root, not the user, - * because if they are on a krb5-protected filesystem, user credentials - * to access these files aren't available yet. */ -- if (krb5_kuserok(krb_context, princ, luser) && k5login_exists) { -+ if (ssh_krb5_kuserok(krb_context, princ, luser) && k5login_exists) { - retval = 1; - logit("Authorized to %s, krb5 principal %s (krb5_kuserok)", - luser, (char *)client->displayname.value); -diff -up openssh-6.1p1/servconf.c.kuserok openssh-6.1p1/servconf.c ---- openssh-6.1p1/servconf.c.kuserok 2012-09-14 21:08:16.989496471 +0200 -+++ openssh-6.1p1/servconf.c 2012-09-14 21:09:30.864868698 +0200 -@@ -152,6 +152,7 @@ initialize_server_options(ServerOptions - options->ip_qos_interactive = -1; - options->ip_qos_bulk = -1; - options->version_addendum = NULL; -+ options->use_kuserok = -1; - } - - void -@@ -301,6 +302,8 @@ fill_default_server_options(ServerOption - options->version_addendum = xstrdup(""); - if (options->show_patchlevel == -1) - options->show_patchlevel = 0; -+ if (options->use_kuserok == -1) -+ options->use_kuserok = 1; - - /* Turn privilege separation on by default */ - if (use_privsep == -1) -@@ -327,7 +330,7 @@ typedef enum { - sPermitRootLogin, sLogFacility, sLogLevel, - sRhostsRSAAuthentication, sRSAAuthentication, - sKerberosAuthentication, sKerberosOrLocalPasswd, sKerberosTicketCleanup, -- sKerberosGetAFSToken, -+ sKerberosGetAFSToken, sKerberosUseKuserok, - sKerberosTgtPassing, sChallengeResponseAuthentication, - sPasswordAuthentication, sKbdInteractiveAuthentication, - sListenAddress, sAddressFamily, -@@ -399,11 +402,13 @@ static struct { - #else - { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, - #endif -+ { "kerberosusekuserok", sKerberosUseKuserok, SSHCFG_ALL }, - #else - { "kerberosauthentication", sUnsupported, SSHCFG_ALL }, - { "kerberosorlocalpasswd", sUnsupported, SSHCFG_GLOBAL }, - { "kerberosticketcleanup", sUnsupported, SSHCFG_GLOBAL }, - { "kerberosgetafstoken", sUnsupported, SSHCFG_GLOBAL }, -+ { "kerberosusekuserok", sUnsupported, SSHCFG_ALL }, - #endif - { "kerberostgtpassing", sUnsupported, SSHCFG_GLOBAL }, - { "afstokenpassing", sUnsupported, SSHCFG_GLOBAL }, -@@ -1486,6 +1491,10 @@ process_server_config_line(ServerOptions - *activep = value; - break; - -+ case sKerberosUseKuserok: -+ intptr = &options->use_kuserok; -+ goto parse_flag; -+ - case sPermitOpen: - arg = strdelim(&cp); - if (!arg || *arg == '\0') -@@ -1769,6 +1778,7 @@ copy_set_server_options(ServerOptions *d - M_CP_INTOPT(max_authtries); - M_CP_INTOPT(ip_qos_interactive); - M_CP_INTOPT(ip_qos_bulk); -+ M_CP_INTOPT(use_kuserok); - - /* See comment in servconf.h */ - COPY_MATCH_STRING_OPTS(); -@@ -2005,6 +2015,7 @@ dump_config(ServerOptions *o) - dump_cfg_fmtint(sUseDNS, o->use_dns); - dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); - dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); -+ dump_cfg_fmtint(sKerberosUseKuserok, o->use_kuserok); - - /* string arguments */ - dump_cfg_string(sPidFile, o->pid_file); -diff -up openssh-6.1p1/servconf.h.kuserok openssh-6.1p1/servconf.h ---- openssh-6.1p1/servconf.h.kuserok 2012-09-14 21:08:16.990496476 +0200 -+++ openssh-6.1p1/servconf.h 2012-09-14 21:08:17.071496942 +0200 -@@ -169,6 +169,7 @@ typedef struct { - - int num_permitted_opens; - -+ int use_kuserok; - char *chroot_directory; - char *revoked_keys_file; - char *trusted_user_ca_keys; -diff -up openssh-6.1p1/sshd_config.kuserok openssh-6.1p1/sshd_config ---- openssh-6.1p1/sshd_config.kuserok 2012-09-14 21:08:17.002496545 +0200 -+++ openssh-6.1p1/sshd_config 2012-09-14 21:08:17.074496957 +0200 -@@ -79,6 +79,7 @@ ChallengeResponseAuthentication no - #KerberosOrLocalPasswd yes - #KerberosTicketCleanup yes - #KerberosGetAFSToken no -+#KerberosUseKuserok yes - - # GSSAPI options - #GSSAPIAuthentication no -diff -up openssh-6.1p1/sshd_config.5.kuserok openssh-6.1p1/sshd_config.5 ---- openssh-6.1p1/sshd_config.5.kuserok 2012-09-14 21:08:17.004496556 +0200 -+++ openssh-6.1p1/sshd_config.5 2012-09-14 21:08:17.073496952 +0200 -@@ -618,6 +618,10 @@ Specifies whether to automatically destr - file on logout. - The default is - .Dq yes . -+.It Cm KerberosUseKuserok -+Specifies whether to look at .k5login file for user's aliases. -+The default is -+.Dq yes . - .It Cm KexAlgorithms - Specifies the available KEX (Key Exchange) algorithms. - Multiple algorithms must be comma-separated. -@@ -767,6 +771,7 @@ Available keywords are - .Cm HostbasedUsesNameFromPacketOnly , - .Cm KbdInteractiveAuthentication , - .Cm KerberosAuthentication , -+.Cm KerberosUseKuserok , - .Cm MaxAuthTries , - .Cm MaxSessions , - .Cm PubkeyAuthentication , diff --git a/openssh/patches/openssh-6.1p1-required-authentications.patch b/openssh/patches/openssh-6.1p1-required-authentications.patch deleted file mode 100644 index bfc28ee..0000000 --- a/openssh/patches/openssh-6.1p1-required-authentications.patch +++ /dev/null @@ -1,22 +0,0 @@ -diff -up openssh-6.1p1/servconf.c.required-authentication openssh-6.1p1/servconf.c ---- openssh-6.1p1/servconf.c.required-authentication 2012-11-30 21:13:14.375382453 +0100 -+++ openssh-6.1p1/servconf.c 2012-11-30 21:33:56.972017545 +0100 -@@ -495,6 +495,8 @@ static struct { - { "authorizedkeyscommandrunas", sAuthorizedKeysCommandUser, SSHCFG_ALL }, - { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, - { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, -+ { "requiredauthentications1", sAuthenticationMethods, SSHCFG_ALL }, -+ { "requiredauthentications2", sAuthenticationMethods, SSHCFG_ALL }, - { NULL, sBadOption, 0 } - }; - -@@ -1560,6 +1562,9 @@ process_server_config_line(ServerOptions - return 0; - - case sAuthenticationMethods: -+ if (strncasecmp(arg, "requiredauthentications", 23) == 0) -+ logit("%s line %d: Option %s is obsolete. Please use AuthenticationMethods", -+ filename, linenum, arg); - if (*activep && options->num_auth_methods == 0) { - while ((arg = strdelim(&cp)) && *arg != '\0') { - if (options->num_auth_methods >= diff --git a/openssh/patches/openssh-6.1p1-role-mls.patch b/openssh/patches/openssh-6.1p1-role-mls.patch deleted file mode 100644 index 4de3dae..0000000 --- a/openssh/patches/openssh-6.1p1-role-mls.patch +++ /dev/null @@ -1,934 +0,0 @@ -diff -up openssh-6.1p1/auth1.c.role-mls openssh-6.1p1/auth1.c ---- openssh-6.1p1/auth1.c.role-mls 2012-11-28 17:06:43.657990103 +0100 -+++ openssh-6.1p1/auth1.c 2012-11-28 17:06:43.699989959 +0100 -@@ -384,6 +384,9 @@ do_authentication(Authctxt *authctxt) - { - u_int ulen; - char *user, *style = NULL; -+#ifdef WITH_SELINUX -+ char *role=NULL; -+#endif - - /* Get the name of the user that we wish to log in as. */ - packet_read_expect(SSH_CMSG_USER); -@@ -392,11 +395,24 @@ do_authentication(Authctxt *authctxt) - user = packet_get_cstring(&ulen); - packet_check_eom(); - -+#ifdef WITH_SELINUX -+ if ((role = strchr(user, '/')) != NULL) -+ *role++ = '\0'; -+#endif -+ - if ((style = strchr(user, ':')) != NULL) - *style++ = '\0'; -+#ifdef WITH_SELINUX -+ else -+ if (role && (style = strchr(role, ':')) != NULL) -+ *style++ = '\0'; -+#endif - - authctxt->user = user; - authctxt->style = style; -+#ifdef WITH_SELINUX -+ authctxt->role = role; -+#endif - - /* Verify that the user is a valid user. */ - if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) -diff -up openssh-6.1p1/auth2.c.role-mls openssh-6.1p1/auth2.c ---- openssh-6.1p1/auth2.c.role-mls 2012-11-28 17:06:43.661990089 +0100 -+++ openssh-6.1p1/auth2.c 2012-11-28 17:11:09.058916613 +0100 -@@ -218,6 +218,9 @@ input_userauth_request(int type, u_int32 - Authctxt *authctxt = ctxt; - Authmethod *m = NULL; - char *user, *service, *method, *style = NULL; -+#ifdef WITH_SELINUX -+ char *role = NULL; -+#endif - int authenticated = 0; - - if (authctxt == NULL) -@@ -229,6 +232,11 @@ input_userauth_request(int type, u_int32 - debug("userauth-request for user %s service %s method %s", user, service, method); - debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); - -+#ifdef WITH_SELINUX -+ if ((role = strchr(user, '/')) != NULL) -+ *role++ = 0; -+#endif -+ - if ((style = strchr(user, ':')) != NULL) - *style++ = 0; - -@@ -251,8 +259,15 @@ input_userauth_request(int type, u_int32 - use_privsep ? " [net]" : ""); - authctxt->service = xstrdup(service); - authctxt->style = style ? xstrdup(style) : NULL; -- if (use_privsep) -+#ifdef WITH_SELINUX -+ authctxt->role = role ? xstrdup(role) : NULL; -+#endif -+ if (use_privsep) { - mm_inform_authserv(service, style); -+#ifdef WITH_SELINUX -+ mm_inform_authrole(role); -+#endif -+ } - userauth_banner(); - if (auth2_setup_methods_lists(authctxt) != 0) - packet_disconnect("no authentication methods enabled"); -diff -up openssh-6.1p1/auth2-gss.c.role-mls openssh-6.1p1/auth2-gss.c ---- openssh-6.1p1/auth2-gss.c.role-mls 2011-05-05 06:04:11.000000000 +0200 -+++ openssh-6.1p1/auth2-gss.c 2012-11-28 17:06:43.700989956 +0100 -@@ -260,6 +260,7 @@ input_gssapi_mic(int type, u_int32_t ple - Authctxt *authctxt = ctxt; - Gssctxt *gssctxt; - int authenticated = 0; -+ char *micuser; - Buffer b; - gss_buffer_desc mic, gssbuf; - u_int len; -@@ -272,7 +273,13 @@ input_gssapi_mic(int type, u_int32_t ple - mic.value = packet_get_string(&len); - mic.length = len; - -- ssh_gssapi_buildmic(&b, authctxt->user, authctxt->service, -+#ifdef WITH_SELINUX -+ if (authctxt->role && (strlen(authctxt->role) > 0)) -+ xasprintf(&micuser, "%s/%s", authctxt->user, authctxt->role); -+ else -+#endif -+ micuser = authctxt->user; -+ ssh_gssapi_buildmic(&b, micuser, authctxt->service, - "gssapi-with-mic"); - - gssbuf.value = buffer_ptr(&b); -@@ -284,6 +291,8 @@ input_gssapi_mic(int type, u_int32_t ple - logit("GSSAPI MIC check failed"); - - buffer_free(&b); -+ if (micuser != authctxt->user) -+ xfree(micuser); - xfree(mic.value); - - authctxt->postponed = 0; -diff -up openssh-6.1p1/auth2-hostbased.c.role-mls openssh-6.1p1/auth2-hostbased.c ---- openssh-6.1p1/auth2-hostbased.c.role-mls 2012-11-28 17:06:43.669990062 +0100 -+++ openssh-6.1p1/auth2-hostbased.c 2012-11-28 17:06:43.700989956 +0100 -@@ -106,7 +106,15 @@ userauth_hostbased(Authctxt *authctxt) - buffer_put_string(&b, session_id2, session_id2_len); - /* reconstruct packet */ - buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); -- buffer_put_cstring(&b, authctxt->user); -+#ifdef WITH_SELINUX -+ if (authctxt->role) { -+ buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1); -+ buffer_append(&b, authctxt->user, strlen(authctxt->user)); -+ buffer_put_char(&b, '/'); -+ buffer_append(&b, authctxt->role, strlen(authctxt->role)); -+ } else -+#endif -+ buffer_put_cstring(&b, authctxt->user); - buffer_put_cstring(&b, service); - buffer_put_cstring(&b, "hostbased"); - buffer_put_string(&b, pkalg, alen); -diff -up openssh-6.1p1/auth2-pubkey.c.role-mls openssh-6.1p1/auth2-pubkey.c ---- openssh-6.1p1/auth2-pubkey.c.role-mls 2012-11-28 17:06:43.669990062 +0100 -+++ openssh-6.1p1/auth2-pubkey.c 2012-11-28 17:06:43.700989956 +0100 -@@ -121,7 +121,15 @@ userauth_pubkey(Authctxt *authctxt) - } - /* reconstruct packet */ - buffer_put_char(&b, SSH2_MSG_USERAUTH_REQUEST); -- buffer_put_cstring(&b, authctxt->user); -+#ifdef WITH_SELINUX -+ if (authctxt->role) { -+ buffer_put_int(&b, strlen(authctxt->user)+strlen(authctxt->role)+1); -+ buffer_append(&b, authctxt->user, strlen(authctxt->user)); -+ buffer_put_char(&b, '/'); -+ buffer_append(&b, authctxt->role, strlen(authctxt->role)); -+ } else -+#endif -+ buffer_put_cstring(&b, authctxt->user); - buffer_put_cstring(&b, - datafellows & SSH_BUG_PKSERVICE ? - "ssh-userauth" : -diff -up openssh-6.1p1/auth.h.role-mls openssh-6.1p1/auth.h ---- openssh-6.1p1/auth.h.role-mls 2012-11-28 17:06:43.669990062 +0100 -+++ openssh-6.1p1/auth.h 2012-11-28 17:06:43.699989959 +0100 -@@ -59,6 +59,9 @@ struct Authctxt { - char *service; - struct passwd *pw; /* set if 'valid' */ - char *style; -+#ifdef WITH_SELINUX -+ char *role; -+#endif - void *kbdintctxt; - void *jpake_ctx; - #ifdef BSD_AUTH -diff -up openssh-6.1p1/auth-pam.c.role-mls openssh-6.1p1/auth-pam.c ---- openssh-6.1p1/auth-pam.c.role-mls 2012-11-28 17:06:43.638990168 +0100 -+++ openssh-6.1p1/auth-pam.c 2012-11-28 17:06:43.699989959 +0100 -@@ -1074,7 +1074,7 @@ is_pam_session_open(void) - * during the ssh authentication process. - */ - int --do_pam_putenv(char *name, char *value) -+do_pam_putenv(char *name, const char *value) - { - int ret = 1; - #ifdef HAVE_PAM_PUTENV -diff -up openssh-6.1p1/auth-pam.h.role-mls openssh-6.1p1/auth-pam.h ---- openssh-6.1p1/auth-pam.h.role-mls 2004-09-11 14:17:26.000000000 +0200 -+++ openssh-6.1p1/auth-pam.h 2012-11-28 17:06:43.699989959 +0100 -@@ -38,7 +38,7 @@ void do_pam_session(void); - void do_pam_set_tty(const char *); - void do_pam_setcred(int ); - void do_pam_chauthtok(void); --int do_pam_putenv(char *, char *); -+int do_pam_putenv(char *, const char *); - char ** fetch_pam_environment(void); - char ** fetch_pam_child_environment(void); - void free_pam_environment(char **); -diff -up openssh-6.1p1/misc.c.role-mls openssh-6.1p1/misc.c ---- openssh-6.1p1/misc.c.role-mls 2011-09-22 13:34:36.000000000 +0200 -+++ openssh-6.1p1/misc.c 2012-11-28 17:06:43.701989952 +0100 -@@ -427,6 +427,7 @@ char * - colon(char *cp) - { - int flag = 0; -+ int start = 1; - - if (*cp == ':') /* Leading colon is part of file name. */ - return NULL; -@@ -442,6 +443,13 @@ colon(char *cp) - return (cp); - if (*cp == '/') - return NULL; -+ if (start) { -+ /* Slash on beginning or after dots only denotes file name. */ -+ if (*cp == '/') -+ return (0); -+ if (*cp != '.') -+ start = 0; -+ } - } - return NULL; - } -diff -up openssh-6.1p1/monitor.c.role-mls openssh-6.1p1/monitor.c ---- openssh-6.1p1/monitor.c.role-mls 2012-11-28 17:06:43.686990004 +0100 -+++ openssh-6.1p1/monitor.c 2012-11-28 17:06:43.701989952 +0100 -@@ -148,6 +148,9 @@ int mm_answer_sign(int, Buffer *); - int mm_answer_pwnamallow(int, Buffer *); - int mm_answer_auth2_read_banner(int, Buffer *); - int mm_answer_authserv(int, Buffer *); -+#ifdef WITH_SELINUX -+int mm_answer_authrole(int, Buffer *); -+#endif - int mm_answer_authpassword(int, Buffer *); - int mm_answer_bsdauthquery(int, Buffer *); - int mm_answer_bsdauthrespond(int, Buffer *); -@@ -231,6 +234,9 @@ struct mon_table mon_dispatch_proto20[] - {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, - {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, - {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, -+#ifdef WITH_SELINUX -+ {MONITOR_REQ_AUTHROLE, MON_ONCE, mm_answer_authrole}, -+#endif - {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, - {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, - #ifdef USE_PAM -@@ -838,6 +844,9 @@ mm_answer_pwnamallow(int sock, Buffer *m - else { - /* Allow service/style information on the auth context */ - monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); -+#ifdef WITH_SELINUX -+ monitor_permit(mon_dispatch, MONITOR_REQ_AUTHROLE, 1); -+#endif - monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); - } - #ifdef USE_PAM -@@ -881,6 +890,25 @@ mm_answer_authserv(int sock, Buffer *m) - return (0); - } - -+#ifdef WITH_SELINUX -+int -+mm_answer_authrole(int sock, Buffer *m) -+{ -+ monitor_permit_authentications(1); -+ -+ authctxt->role = buffer_get_string(m, NULL); -+ debug3("%s: role=%s", -+ __func__, authctxt->role); -+ -+ if (strlen(authctxt->role) == 0) { -+ xfree(authctxt->role); -+ authctxt->role = NULL; -+ } -+ -+ return (0); -+} -+#endif -+ - int - mm_answer_authpassword(int sock, Buffer *m) - { -@@ -1251,7 +1279,7 @@ static int - monitor_valid_userblob(u_char *data, u_int datalen) - { - Buffer b; -- char *p; -+ char *p, *r; - u_int len; - int fail = 0; - -@@ -1277,6 +1305,8 @@ monitor_valid_userblob(u_char *data, u_i - if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) - fail++; - p = buffer_get_string(&b, NULL); -+ if ((r = strchr(p, '/')) != NULL) -+ *r = '\0'; - if (strcmp(authctxt->user, p) != 0) { - logit("wrong user name passed to monitor: expected %s != %.100s", - authctxt->user, p); -@@ -1308,7 +1338,7 @@ monitor_valid_hostbasedblob(u_char *data - char *chost) - { - Buffer b; -- char *p; -+ char *p, *r; - u_int len; - int fail = 0; - -@@ -1325,6 +1355,8 @@ monitor_valid_hostbasedblob(u_char *data - if (buffer_get_char(&b) != SSH2_MSG_USERAUTH_REQUEST) - fail++; - p = buffer_get_string(&b, NULL); -+ if ((r = strchr(p, '/')) != NULL) -+ *r = '\0'; - if (strcmp(authctxt->user, p) != 0) { - logit("wrong user name passed to monitor: expected %s != %.100s", - authctxt->user, p); -diff -up openssh-6.1p1/monitor.h.role-mls openssh-6.1p1/monitor.h ---- openssh-6.1p1/monitor.h.role-mls 2012-11-28 17:06:43.686990004 +0100 -+++ openssh-6.1p1/monitor.h 2012-11-28 17:06:43.701989952 +0100 -@@ -31,6 +31,9 @@ - enum monitor_reqtype { - MONITOR_REQ_MODULI, MONITOR_ANS_MODULI, - MONITOR_REQ_FREE, MONITOR_REQ_AUTHSERV, -+#ifdef WITH_SELINUX -+ MONITOR_REQ_AUTHROLE, -+#endif - MONITOR_REQ_SIGN, MONITOR_ANS_SIGN, - MONITOR_REQ_PWNAM, MONITOR_ANS_PWNAM, - MONITOR_REQ_AUTH2_READ_BANNER, MONITOR_ANS_AUTH2_READ_BANNER, -diff -up openssh-6.1p1/monitor_wrap.c.role-mls openssh-6.1p1/monitor_wrap.c ---- openssh-6.1p1/monitor_wrap.c.role-mls 2012-11-28 17:06:43.686990004 +0100 -+++ openssh-6.1p1/monitor_wrap.c 2012-11-28 17:06:43.702989948 +0100 -@@ -336,6 +336,25 @@ mm_inform_authserv(char *service, char * - buffer_free(&m); - } - -+/* Inform the privileged process about role */ -+ -+#ifdef WITH_SELINUX -+void -+mm_inform_authrole(char *role) -+{ -+ Buffer m; -+ -+ debug3("%s entering", __func__); -+ -+ buffer_init(&m); -+ buffer_put_cstring(&m, role ? role : ""); -+ -+ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUTHROLE, &m); -+ -+ buffer_free(&m); -+} -+#endif -+ - /* Do the password authentication */ - int - mm_auth_password(Authctxt *authctxt, char *password) -diff -up openssh-6.1p1/monitor_wrap.h.role-mls openssh-6.1p1/monitor_wrap.h ---- openssh-6.1p1/monitor_wrap.h.role-mls 2012-11-28 17:06:43.686990004 +0100 -+++ openssh-6.1p1/monitor_wrap.h 2012-11-28 17:06:43.702989948 +0100 -@@ -42,6 +42,9 @@ int mm_is_monitor(void); - DH *mm_choose_dh(int, int, int); - int mm_key_sign(Key *, u_char **, u_int *, u_char *, u_int); - void mm_inform_authserv(char *, char *); -+#ifdef WITH_SELINUX -+void mm_inform_authrole(char *); -+#endif - struct passwd *mm_getpwnamallow(const char *); - char *mm_auth2_read_banner(void); - int mm_auth_password(struct Authctxt *, char *); -diff -up openssh-6.1p1/openbsd-compat/Makefile.in.role-mls openssh-6.1p1/openbsd-compat/Makefile.in ---- openssh-6.1p1/openbsd-compat/Makefile.in.role-mls 2011-11-04 01:25:25.000000000 +0100 -+++ openssh-6.1p1/openbsd-compat/Makefile.in 2012-11-28 17:06:43.702989948 +0100 -@@ -20,7 +20,7 @@ OPENBSD=base64.o basename.o bindresvport - - COMPAT=bsd-arc4random.o bsd-asprintf.o bsd-closefrom.o bsd-cray.o bsd-cygwin_util.o bsd-getpeereid.o getrrsetbyname-ldns.o bsd-misc.o bsd-nextstep.o bsd-openpty.o bsd-poll.o bsd-snprintf.o bsd-statvfs.o bsd-waitpid.o fake-rfc2553.o openssl-compat.o xmmap.o xcrypt.o - --PORTS=port-aix.o port-irix.o port-linux.o port-solaris.o port-tun.o port-uw.o -+PORTS=port-aix.o port-irix.o port-linux.o port-linux_part_2.o port-solaris.o port-tun.o port-uw.o - - .c.o: - $(CC) $(CFLAGS) $(CPPFLAGS) -c $< -diff -up openssh-6.1p1/openbsd-compat/port-linux.c.role-mls openssh-6.1p1/openbsd-compat/port-linux.c ---- openssh-6.1p1/openbsd-compat/port-linux.c.role-mls 2012-03-09 00:25:18.000000000 +0100 -+++ openssh-6.1p1/openbsd-compat/port-linux.c 2012-11-28 17:06:43.702989948 +0100 -@@ -31,68 +31,271 @@ - - #include "log.h" - #include "xmalloc.h" -+#include "servconf.h" - #include "port-linux.h" -+#include "key.h" -+#include "hostfile.h" -+#include "auth.h" - - #ifdef WITH_SELINUX - #include <selinux/selinux.h> - #include <selinux/flask.h> -+#include <selinux/context.h> - #include <selinux/get_context_list.h> -+#include <selinux/get_default_type.h> -+#include <selinux/av_permissions.h> -+ -+#ifdef HAVE_LINUX_AUDIT -+#include <libaudit.h> -+#include <unistd.h> -+#endif - - #ifndef SSH_SELINUX_UNCONFINED_TYPE - # define SSH_SELINUX_UNCONFINED_TYPE ":unconfined_t:" - #endif - --/* Wrapper around is_selinux_enabled() to log its return value once only */ --int --ssh_selinux_enabled(void) -+extern ServerOptions options; -+extern Authctxt *the_authctxt; -+extern int inetd_flag; -+extern int rexeced_flag; -+ -+/* Send audit message */ -+static int -+send_audit_message(int success, security_context_t default_context, -+ security_context_t selected_context) -+{ -+ int rc=0; -+#ifdef HAVE_LINUX_AUDIT -+ char *msg = NULL; -+ int audit_fd = audit_open(); -+ security_context_t default_raw=NULL; -+ security_context_t selected_raw=NULL; -+ rc = -1; -+ if (audit_fd < 0) { -+ if (errno == EINVAL || errno == EPROTONOSUPPORT || -+ errno == EAFNOSUPPORT) -+ return 0; /* No audit support in kernel */ -+ error("Error connecting to audit system."); -+ return rc; -+ } -+ if (selinux_trans_to_raw_context(default_context, &default_raw) < 0) { -+ error("Error translating default context."); -+ default_raw = NULL; -+ } -+ if (selinux_trans_to_raw_context(selected_context, &selected_raw) < 0) { -+ error("Error translating selected context."); -+ selected_raw = NULL; -+ } -+ if (asprintf(&msg, "sshd: default-context=%s selected-context=%s", -+ default_raw ? default_raw : (default_context ? default_context: "?"), -+ selected_context ? selected_raw : (selected_context ? selected_context :"?")) < 0) { -+ error("Error allocating memory."); -+ goto out; -+ } -+ if (audit_log_user_message(audit_fd, AUDIT_USER_ROLE_CHANGE, -+ msg, NULL, NULL, NULL, success) <= 0) { -+ error("Error sending audit message."); -+ goto out; -+ } -+ rc = 0; -+ out: -+ free(msg); -+ freecon(default_raw); -+ freecon(selected_raw); -+ close(audit_fd); -+#endif -+ return rc; -+} -+ -+static int -+mls_range_allowed(security_context_t src, security_context_t dst) - { -- static int enabled = -1; -+ struct av_decision avd; -+ int retval; -+ unsigned int bit = CONTEXT__CONTAINS; -+ -+ debug("%s: src:%s dst:%s", __func__, src, dst); -+ retval = security_compute_av(src, dst, SECCLASS_CONTEXT, bit, &avd); -+ if (retval || ((bit & avd.allowed) != bit)) -+ return 0; -+ -+ return 1; -+} -+ -+static int -+get_user_context(const char *sename, const char *role, const char *lvl, -+ security_context_t *sc) { -+#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL -+ if (lvl == NULL || lvl[0] == '\0' || get_default_context_with_level(sename, lvl, NULL, sc) != 0) { -+ /* User may have requested a level completely outside of his -+ allowed range. We get a context just for auditing as the -+ range check below will certainly fail for default context. */ -+#endif -+ if (get_default_context(sename, NULL, sc) != 0) { -+ *sc = NULL; -+ return -1; -+ } -+#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL -+ } -+#endif -+ if (role != NULL && role[0]) { -+ context_t con; -+ char *type=NULL; -+ if (get_default_type(role, &type) != 0) { -+ error("get_default_type: failed to get default type for '%s'", -+ role); -+ goto out; -+ } -+ con = context_new(*sc); -+ if (!con) { -+ goto out; -+ } -+ context_role_set(con, role); -+ context_type_set(con, type); -+ freecon(*sc); -+ *sc = strdup(context_str(con)); -+ context_free(con); -+ if (!*sc) -+ return -1; -+ } -+#ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL -+ if (lvl != NULL && lvl[0]) { -+ /* verify that the requested range is obtained */ -+ context_t con; -+ security_context_t obtained_raw; -+ security_context_t requested_raw; -+ con = context_new(*sc); -+ if (!con) { -+ goto out; -+ } -+ context_range_set(con, lvl); -+ if (selinux_trans_to_raw_context(*sc, &obtained_raw) < 0) { -+ context_free(con); -+ goto out; -+ } -+ if (selinux_trans_to_raw_context(context_str(con), &requested_raw) < 0) { -+ freecon(obtained_raw); -+ context_free(con); -+ goto out; -+ } - -- if (enabled == -1) { -- enabled = (is_selinux_enabled() == 1); -- debug("SELinux support %s", enabled ? "enabled" : "disabled"); -+ debug("get_user_context: obtained context '%s' requested context '%s'", -+ obtained_raw, requested_raw); -+ if (strcmp(obtained_raw, requested_raw)) { -+ /* set the context to the real requested one but fail */ -+ freecon(requested_raw); -+ freecon(obtained_raw); -+ freecon(*sc); -+ *sc = strdup(context_str(con)); -+ context_free(con); -+ return -1; -+ } -+ freecon(requested_raw); -+ freecon(obtained_raw); -+ context_free(con); - } -+#endif -+ return 0; -+ out: -+ freecon(*sc); -+ *sc = NULL; -+ return -1; -+} - -- return (enabled); -+static void -+ssh_selinux_get_role_level(char **role, const char **level) -+{ -+ *role = NULL; -+ *level = NULL; -+ if (the_authctxt) { -+ if (the_authctxt->role != NULL) { -+ char *slash; -+ *role = xstrdup(the_authctxt->role); -+ if ((slash = strchr(*role, '/')) != NULL) { -+ *slash = '\0'; -+ *level = slash + 1; -+ } -+ } -+ } - } - - /* Return the default security context for the given username */ - static security_context_t --ssh_selinux_getctxbyname(char *pwname) -+ssh_selinux_getctxbyname(char *pwname, -+ security_context_t *default_sc, security_context_t *user_sc) - { -- security_context_t sc = NULL; -- char *sename = NULL, *lvl = NULL; -- int r; -+ char *sename, *lvl; -+ char *role; -+ const char *reqlvl; -+ int r = 0; -+ context_t con = NULL; -+ -+ ssh_selinux_get_role_level(&role, &reqlvl); - - #ifdef HAVE_GETSEUSERBYNAME -- if (getseuserbyname(pwname, &sename, &lvl) != 0) -- return NULL; -+ if ((r=getseuserbyname(pwname, &sename, &lvl)) != 0) { -+ sename = NULL; -+ lvl = NULL; -+ } - #else - sename = pwname; -- lvl = NULL; -+ lvl = ""; - #endif - -+ if (r == 0) { - #ifdef HAVE_GET_DEFAULT_CONTEXT_WITH_LEVEL -- r = get_default_context_with_level(sename, lvl, NULL, &sc); -+ r = get_default_context_with_level(sename, lvl, NULL, default_sc); - #else -- r = get_default_context(sename, NULL, &sc); -+ r = get_default_context(sename, NULL, default_sc); - #endif -+ } -+ -+ if (r == 0) { -+ /* If launched from xinetd, we must use current level */ -+ if (inetd_flag && !rexeced_flag) { -+ security_context_t sshdsc=NULL; -+ -+ if (getcon_raw(&sshdsc) < 0) -+ fatal("failed to allocate security context"); -+ -+ if ((con=context_new(sshdsc)) == NULL) -+ fatal("failed to allocate selinux context"); -+ reqlvl = context_range_get(con); -+ freecon(sshdsc); -+ if (reqlvl !=NULL && lvl != NULL && strcmp(reqlvl, lvl) == 0) -+ /* we actually don't change level */ -+ reqlvl = ""; -+ -+ debug("%s: current connection level '%s'", __func__, reqlvl); - -- if (r != 0) { -- switch (security_getenforce()) { -- case -1: -- fatal("%s: ssh_selinux_getctxbyname: " -- "security_getenforce() failed", __func__); -- case 0: -- error("%s: Failed to get default SELinux security " -- "context for %s", __func__, pwname); -- sc = NULL; -- break; -- default: -- fatal("%s: Failed to get default SELinux security " -- "context for %s (in enforcing mode)", -- __func__, pwname); - } -+ -+ if ((reqlvl != NULL && reqlvl[0]) || (role != NULL && role[0])) { -+ r = get_user_context(sename, role, reqlvl, user_sc); -+ -+ if (r == 0 && reqlvl != NULL && reqlvl[0]) { -+ security_context_t default_level_sc = *default_sc; -+ if (role != NULL && role[0]) { -+ if (get_user_context(sename, role, lvl, &default_level_sc) < 0) -+ default_level_sc = *default_sc; -+ } -+ /* verify that the requested range is contained in the user range */ -+ if (mls_range_allowed(default_level_sc, *user_sc)) { -+ logit("permit MLS level %s (user range %s)", reqlvl, lvl); -+ } else { -+ r = -1; -+ error("deny MLS level %s (user range %s)", reqlvl, lvl); -+ } -+ if (default_level_sc != *default_sc) -+ freecon(default_level_sc); -+ } -+ } else { -+ *user_sc = *default_sc; -+ } -+ } -+ if (r != 0) { -+ error("%s: Failed to get default SELinux security " -+ "context for %s", __func__, pwname); - } - - #ifdef HAVE_GETSEUSERBYNAME -@@ -102,7 +305,42 @@ ssh_selinux_getctxbyname(char *pwname) - xfree(lvl); - #endif - -- return sc; -+ if (role != NULL) -+ xfree(role); -+ if (con) -+ context_free(con); -+ -+ return (r); -+} -+ -+/* Setup environment variables for pam_selinux */ -+static int -+ssh_selinux_setup_pam_variables(void) -+{ -+ const char *reqlvl; -+ char *role; -+ char *use_current; -+ int rv; -+ -+ debug3("%s: setting execution context", __func__); -+ -+ ssh_selinux_get_role_level(&role, &reqlvl); -+ -+ rv = do_pam_putenv("SELINUX_ROLE_REQUESTED", role ? role : ""); -+ -+ if (inetd_flag && !rexeced_flag) { -+ use_current = "1"; -+ } else { -+ use_current = ""; -+ rv = rv || do_pam_putenv("SELINUX_LEVEL_REQUESTED", reqlvl ? reqlvl: ""); -+ } -+ -+ rv = rv || do_pam_putenv("SELINUX_USE_CURRENT_RANGE", use_current); -+ -+ if (role != NULL) -+ xfree(role); -+ -+ return rv; - } - - /* Set the execution context to the default for the specified user */ -@@ -110,28 +348,71 @@ void - ssh_selinux_setup_exec_context(char *pwname) - { - security_context_t user_ctx = NULL; -+ int r = 0; -+ security_context_t default_ctx = NULL; - - if (!ssh_selinux_enabled()) - return; - -+ if (options.use_pam) { -+ /* do not compute context, just setup environment for pam_selinux */ -+ if (ssh_selinux_setup_pam_variables()) { -+ switch (security_getenforce()) { -+ case -1: -+ fatal("%s: security_getenforce() failed", __func__); -+ case 0: -+ error("%s: SELinux PAM variable setup failure. Continuing in permissive mode.", -+ __func__); -+ break; -+ default: -+ fatal("%s: SELinux PAM variable setup failure. Aborting connection.", -+ __func__); -+ } -+ } -+ return; -+ } -+ - debug3("%s: setting execution context", __func__); - -- user_ctx = ssh_selinux_getctxbyname(pwname); -- if (setexeccon(user_ctx) != 0) { -+ r = ssh_selinux_getctxbyname(pwname, &default_ctx, &user_ctx); -+ if (r >= 0) { -+ r = setexeccon(user_ctx); -+ if (r < 0) { -+ error("%s: Failed to set SELinux execution context %s for %s", -+ __func__, user_ctx, pwname); -+ } -+#ifdef HAVE_SETKEYCREATECON -+ else if (setkeycreatecon(user_ctx) < 0) { -+ error("%s: Failed to set SELinux keyring creation context %s for %s", -+ __func__, user_ctx, pwname); -+ } -+#endif -+ } -+ if (user_ctx == NULL) { -+ user_ctx = default_ctx; -+ } -+ if (r < 0 || user_ctx != default_ctx) { -+ /* audit just the case when user changed a role or there was -+ a failure */ -+ send_audit_message(r >= 0, default_ctx, user_ctx); -+ } -+ if (r < 0) { - switch (security_getenforce()) { - case -1: - fatal("%s: security_getenforce() failed", __func__); - case 0: -- error("%s: Failed to set SELinux execution " -- "context for %s", __func__, pwname); -+ error("%s: SELinux failure. Continuing in permissive mode.", -+ __func__); - break; - default: -- fatal("%s: Failed to set SELinux execution context " -- "for %s (in enforcing mode)", __func__, pwname); -+ fatal("%s: SELinux failure. Aborting connection.", -+ __func__); - } - } -- if (user_ctx != NULL) -+ if (user_ctx != NULL && user_ctx != default_ctx) - freecon(user_ctx); -+ if (default_ctx != NULL) -+ freecon(default_ctx); - - debug3("%s: done", __func__); - } -@@ -149,7 +430,10 @@ ssh_selinux_setup_pty(char *pwname, cons - - debug3("%s: setting TTY context on %s", __func__, tty); - -- user_ctx = ssh_selinux_getctxbyname(pwname); -+ if (getexeccon(&user_ctx) < 0) { -+ error("%s: getexeccon: %s", __func__, strerror(errno)); -+ goto out; -+ } - - /* XXX: should these calls fatal() upon failure in enforcing mode? */ - -@@ -221,21 +505,6 @@ ssh_selinux_change_context(const char *n - xfree(newctx); - } - --void --ssh_selinux_setfscreatecon(const char *path) --{ -- security_context_t context; -- -- if (!ssh_selinux_enabled()) -- return; -- if (path == NULL) { -- setfscreatecon(NULL); -- return; -- } -- if (matchpathcon(path, 0700, &context) == 0) -- setfscreatecon(context); --} -- - #endif /* WITH_SELINUX */ - - #ifdef LINUX_OOM_ADJUST -diff -up openssh-6.1p1/openbsd-compat/port-linux_part_2.c.role-mls openssh-6.1p1/openbsd-compat/port-linux_part_2.c ---- openssh-6.1p1/openbsd-compat/port-linux_part_2.c.role-mls 2012-11-28 17:06:43.703989944 +0100 -+++ openssh-6.1p1/openbsd-compat/port-linux_part_2.c 2012-11-28 17:06:43.703989944 +0100 -@@ -0,0 +1,75 @@ -+/* $Id: port-linux.c,v 1.11.4.2 2011/02/04 00:43:08 djm Exp $ */ -+ -+/* -+ * Copyright (c) 2005 Daniel Walsh dwalsh@redhat.com -+ * Copyright (c) 2006 Damien Miller djm@openbsd.org -+ * -+ * Permission to use, copy, modify, and distribute this software for any -+ * purpose with or without fee is hereby granted, provided that the above -+ * copyright notice and this permission notice appear in all copies. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES -+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF -+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR -+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES -+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN -+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF -+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -+ */ -+ -+/* -+ * Linux-specific portability code - just SELinux support at present -+ */ -+ -+#include "includes.h" -+ -+#if defined(WITH_SELINUX) || defined(LINUX_OOM_ADJUST) -+#include <errno.h> -+#include <stdarg.h> -+#include <string.h> -+#include <stdio.h> -+ -+#include "log.h" -+#include "xmalloc.h" -+#include "port-linux.h" -+#include "key.h" -+#include "hostfile.h" -+#include "auth.h" -+ -+#ifdef WITH_SELINUX -+#include <selinux/selinux.h> -+#include <selinux/flask.h> -+#include <selinux/get_context_list.h> -+ -+/* Wrapper around is_selinux_enabled() to log its return value once only */ -+int -+ssh_selinux_enabled(void) -+{ -+ static int enabled = -1; -+ -+ if (enabled == -1) { -+ enabled = (is_selinux_enabled() == 1); -+ debug("SELinux support %s", enabled ? "enabled" : "disabled"); -+ } -+ -+ return (enabled); -+} -+ -+void -+ssh_selinux_setfscreatecon(const char *path) -+{ -+ security_context_t context; -+ -+ if (!ssh_selinux_enabled()) -+ return; -+ if (path == NULL) { -+ setfscreatecon(NULL); -+ return; -+ } -+ if (matchpathcon(path, 0700, &context) == 0) -+ setfscreatecon(context); -+} -+ -+#endif /* WITH_SELINUX */ -+ -+#endif /* WITH_SELINUX || LINUX_OOM_ADJUST */ -diff -up openssh-6.1p1/sshd.c.role-mls openssh-6.1p1/sshd.c ---- openssh-6.1p1/sshd.c.role-mls 2012-11-28 17:06:43.688989996 +0100 -+++ openssh-6.1p1/sshd.c 2012-11-28 17:06:43.703989944 +0100 -@@ -2101,6 +2101,9 @@ main(int ac, char **av) - restore_uid(); - } - #endif -+#ifdef WITH_SELINUX -+ ssh_selinux_setup_exec_context(authctxt->pw->pw_name); -+#endif - #ifdef USE_PAM - if (options.use_pam) { - do_pam_setcred(1); diff --git a/openssh/patches/openssh-6.1p1-vendor.patch b/openssh/patches/openssh-6.1p1-vendor.patch deleted file mode 100644 index 9cb326d..0000000 --- a/openssh/patches/openssh-6.1p1-vendor.patch +++ /dev/null @@ -1,158 +0,0 @@ -diff -up openssh-6.1p1/configure.ac.vendor openssh-6.1p1/configure.ac ---- openssh-6.1p1/configure.ac.vendor 2012-09-14 20:36:49.153085211 +0200 -+++ openssh-6.1p1/configure.ac 2012-09-14 20:36:49.559088133 +0200 -@@ -4303,6 +4303,12 @@ AC_ARG_WITH([lastlog], - fi - ] - ) -+AC_ARG_ENABLE(vendor-patchlevel, -+ [ --enable-vendor-patchlevel=TAG specify a vendor patch level], -+ [AC_DEFINE_UNQUOTED(SSH_VENDOR_PATCHLEVEL,[SSH_RELEASE "-" "$enableval"],[Define to your vendor patch level, if it has been modified from the upstream source release.]) -+ SSH_VENDOR_PATCHLEVEL="$enableval"], -+ [AC_DEFINE(SSH_VENDOR_PATCHLEVEL,SSH_RELEASE,[Define to your vendor patch level, if it has been modified from the upstream source release.]) -+ SSH_VENDOR_PATCHLEVEL=none]) - - dnl lastlog, [uw]tmpx? detection - dnl NOTE: set the paths in the platform section to avoid the -@@ -4529,6 +4535,7 @@ echo " Translate v4 in v6 hack - echo " BSD Auth support: $BSD_AUTH_MSG" - echo " Random number source: $RAND_MSG" - echo " Privsep sandbox style: $SANDBOX_STYLE" -+echo " Vendor patch level: $SSH_VENDOR_PATCHLEVEL" - - echo "" - -diff -up openssh-6.1p1/servconf.c.vendor openssh-6.1p1/servconf.c ---- openssh-6.1p1/servconf.c.vendor 2012-09-14 20:36:49.124085002 +0200 -+++ openssh-6.1p1/servconf.c 2012-09-14 20:50:34.995972516 +0200 -@@ -128,6 +128,7 @@ initialize_server_options(ServerOptions - options->max_authtries = -1; - options->max_sessions = -1; - options->banner = NULL; -+ options->show_patchlevel = -1; - options->use_dns = -1; - options->client_alive_interval = -1; - options->client_alive_count_max = -1; -@@ -289,6 +290,9 @@ fill_default_server_options(ServerOption - options->ip_qos_bulk = IPTOS_THROUGHPUT; - if (options->version_addendum == NULL) - options->version_addendum = xstrdup(""); -+ if (options->show_patchlevel == -1) -+ options->show_patchlevel = 0; -+ - /* Turn privilege separation on by default */ - if (use_privsep == -1) - use_privsep = PRIVSEP_NOSANDBOX; -@@ -326,7 +330,7 @@ typedef enum { - sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, - sGatewayPorts, sPubkeyAuthentication, sXAuthLocation, sSubsystem, - sMaxStartups, sMaxAuthTries, sMaxSessions, -- sBanner, sUseDNS, sHostbasedAuthentication, -+ sBanner, sShowPatchLevel, sUseDNS, sHostbasedAuthentication, - sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, - sClientAliveCountMax, sAuthorizedKeysFile, - sGssAuthentication, sGssCleanupCreds, sAcceptEnv, sPermitTunnel, -@@ -441,6 +445,7 @@ static struct { - { "maxauthtries", sMaxAuthTries, SSHCFG_ALL }, - { "maxsessions", sMaxSessions, SSHCFG_ALL }, - { "banner", sBanner, SSHCFG_ALL }, -+ { "showpatchlevel", sShowPatchLevel, SSHCFG_GLOBAL }, - { "usedns", sUseDNS, SSHCFG_GLOBAL }, - { "verifyreversemapping", sDeprecated, SSHCFG_GLOBAL }, - { "reversemappingcheck", sDeprecated, SSHCFG_GLOBAL }, -@@ -1162,6 +1167,10 @@ process_server_config_line(ServerOptions - multistate_ptr = multistate_privsep; - goto parse_multistate; - -+ case sShowPatchLevel: -+ intptr = &options->show_patchlevel; -+ goto parse_flag; -+ - case sAllowUsers: - while ((arg = strdelim(&cp)) && *arg != '\0') { - if (options->num_allow_users >= MAX_ALLOW_USERS) -@@ -1956,6 +1965,7 @@ dump_config(ServerOptions *o) - dump_cfg_fmtint(sUseLogin, o->use_login); - dump_cfg_fmtint(sCompression, o->compression); - dump_cfg_fmtint(sGatewayPorts, o->gateway_ports); -+ dump_cfg_fmtint(sShowPatchLevel, o->show_patchlevel); - dump_cfg_fmtint(sUseDNS, o->use_dns); - dump_cfg_fmtint(sAllowTcpForwarding, o->allow_tcp_forwarding); - dump_cfg_fmtint(sUsePrivilegeSeparation, use_privsep); -diff -up openssh-6.1p1/servconf.h.vendor openssh-6.1p1/servconf.h ---- openssh-6.1p1/servconf.h.vendor 2012-09-14 20:36:49.125085009 +0200 -+++ openssh-6.1p1/servconf.h 2012-09-14 20:36:49.564088168 +0200 -@@ -140,6 +140,7 @@ typedef struct { - int max_authtries; - int max_sessions; - char *banner; /* SSH-2 banner message */ -+ int show_patchlevel; /* Show vendor patch level to clients */ - int use_dns; - int client_alive_interval; /* - * poke the client this often to -diff -up openssh-6.1p1/sshd_config.vendor openssh-6.1p1/sshd_config ---- openssh-6.1p1/sshd_config.vendor 2012-09-14 20:36:49.507087759 +0200 -+++ openssh-6.1p1/sshd_config 2012-09-14 20:36:49.565088175 +0200 -@@ -114,6 +114,7 @@ UsePrivilegeSeparation sandbox # Defaul - #Compression delayed - #ClientAliveInterval 0 - #ClientAliveCountMax 3 -+#ShowPatchLevel no - #UseDNS yes - #PidFile /var/run/sshd.pid - #MaxStartups 10 -diff -up openssh-6.1p1/sshd_config.0.vendor openssh-6.1p1/sshd_config.0 ---- openssh-6.1p1/sshd_config.0.vendor 2012-09-14 20:36:49.510087780 +0200 -+++ openssh-6.1p1/sshd_config.0 2012-09-14 20:36:49.567088190 +0200 -@@ -558,6 +558,11 @@ DESCRIPTION - Defines the number of bits in the ephemeral protocol version 1 - server key. The minimum value is 512, and the default is 1024. - -+ ShowPatchLevel -+ Specifies whether sshd will display the specific patch level of -+ the binary in the server identification string. The patch level -+ is set at compile-time. The default is M-bM-^@M-^\noM-bM-^@M-^]. -+ - StrictModes - Specifies whether sshd(8) should check file modes and ownership - of the user's files and home directory before accepting login. -diff -up openssh-6.1p1/sshd_config.5.vendor openssh-6.1p1/sshd_config.5 ---- openssh-6.1p1/sshd_config.5.vendor 2012-09-14 20:36:49.512087794 +0200 -+++ openssh-6.1p1/sshd_config.5 2012-09-14 20:36:49.568088198 +0200 -@@ -978,6 +978,14 @@ This option applies to protocol version - .It Cm ServerKeyBits - Defines the number of bits in the ephemeral protocol version 1 server key. - The minimum value is 512, and the default is 1024. -+.It Cm ShowPatchLevel -+Specifies whether -+.Nm sshd -+will display the patch level of the binary in the identification string. -+The patch level is set at compile-time. -+The default is -+.Dq no . -+This option applies to protocol version 1 only. - .It Cm StrictModes - Specifies whether - .Xr sshd 8 -diff -up openssh-6.1p1/sshd.c.vendor openssh-6.1p1/sshd.c ---- openssh-6.1p1/sshd.c.vendor 2012-09-14 20:36:49.399086981 +0200 -+++ openssh-6.1p1/sshd.c 2012-09-14 20:47:30.696088744 +0200 -@@ -433,7 +433,7 @@ sshd_exchange_identification(int sock_in - } - - xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", -- major, minor, SSH_VERSION, -+ major, minor, (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_VERSION, - *options.version_addendum == '\0' ? "" : " ", - options.version_addendum, newline); - -@@ -1635,7 +1635,8 @@ main(int ac, char **av) - exit(1); - } - -- debug("sshd version %.100s", SSH_RELEASE); -+ debug("sshd version %.100s", -+ (options.show_patchlevel == 1) ? SSH_VENDOR_PATCHLEVEL : SSH_RELEASE); - - /* Store privilege separation user for later use if required. */ - if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { diff --git a/openssh/patches/openssh-6.6p1-keyperm.patch b/openssh/patches/openssh-6.6p1-keyperm.patch new file mode 100644 index 0000000..fbe33b0 --- /dev/null +++ b/openssh/patches/openssh-6.6p1-keyperm.patch @@ -0,0 +1,26 @@ +diff --git a/authfile.c b/authfile.c +index e93d867..4fc5b3d 100644 +--- a/authfile.c ++++ b/authfile.c +@@ -32,6 +32,7 @@ + + #include <errno.h> + #include <fcntl.h> ++#include <grp.h> + #include <stdio.h> + #include <stdarg.h> + #include <stdlib.h> +@@ -207,6 +208,13 @@ sshkey_perm_ok(int fd, const char *filename) + #ifdef HAVE_CYGWIN + if (check_ntsec(filename)) + #endif ++ if (st.st_mode & 040) { ++ struct group *gr; ++ ++ if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid)) ++ st.st_mode &= ~040; ++ } ++ + if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); diff --git a/openssh/patches/openssh-6.7p1-audit.patch b/openssh/patches/openssh-6.7p1-audit.patch new file mode 100644 index 0000000..213ca67 --- /dev/null +++ b/openssh/patches/openssh-6.7p1-audit.patch @@ -0,0 +1,2332 @@ +diff -up openssh-6.8p1/Makefile.in.audit openssh-6.8p1/Makefile.in +--- openssh-6.8p1/Makefile.in.audit 2015-03-20 13:41:15.065883826 +0100 ++++ openssh-6.8p1/Makefile.in 2015-03-20 13:41:15.100883769 +0100 +@@ -98,7 +98,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ + sc25519.o ge25519.o fe25519.o ed25519.o verify.o hash.o blocks.o \ + kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ + kexdhc.o kexgexc.o kexecdhc.o kexc25519c.o \ +- kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o ++ kexdhs.o kexgexs.o kexecdhs.o kexc25519s.o auditstub.o + + SSHOBJS= ssh.o readconf.o clientloop.o sshtty.o \ + sshconnect.o sshconnect1.o sshconnect2.o mux.o \ +diff -up openssh-6.8p1/audit-bsm.c.audit openssh-6.8p1/audit-bsm.c +--- openssh-6.8p1/audit-bsm.c.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/audit-bsm.c 2015-03-20 13:41:15.092883782 +0100 +@@ -375,10 +375,23 @@ audit_connection_from(const char *host, + #endif + } + +-void ++int + audit_run_command(const char *command) + { + /* not implemented */ ++ return 0; ++} ++ ++void ++audit_end_command(int handle, const char *command) ++{ ++ /* not implemented */ ++} ++ ++void ++audit_count_session_open(void) ++{ ++ /* not necessary */ + } + + void +@@ -393,6 +406,12 @@ audit_session_close(struct logininfo *li) + /* not implemented */ + } + ++int ++audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) ++{ ++ /* not implemented */ ++} ++ + void + audit_event(ssh_audit_event_t event) + { +@@ -454,4 +473,40 @@ audit_event(ssh_audit_event_t event) + debug("%s: unhandled event %d", __func__, event); + } + } ++ ++void ++audit_unsupported_body(int what) ++{ ++ /* not implemented */ ++} ++ ++void ++audit_kex_body(int ctos, char *enc, char *mac, char *compress, char *pfs, pid_t pid, uid_t uid) ++{ ++ /* not implemented */ ++} ++ ++void ++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) ++{ ++ /* not implemented */ ++} ++ ++void ++audit_destroy_sensitive_data(const char *fp) ++{ ++ /* not implemented */ ++} ++ ++void ++audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) ++{ ++ /* not implemented */ ++} ++ ++void ++audit_generate_ephemeral_server_key(const char *fp) ++{ ++ /* not implemented */ ++} + #endif /* BSM */ +diff -up openssh-6.8p1/audit-linux.c.audit openssh-6.8p1/audit-linux.c +--- openssh-6.8p1/audit-linux.c.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/audit-linux.c 2015-03-20 13:41:15.093883780 +0100 +@@ -35,13 +35,25 @@ + + #include "log.h" + #include "audit.h" ++#include "key.h" ++#include "hostfile.h" ++#include "auth.h" ++#include "misc.h" /* servconf.h needs misc.h for struct ForwardOptions */ ++#include "servconf.h" + #include "canohost.h" ++#include "packet.h" ++#include "cipher.h" + ++#define AUDIT_LOG_SIZE 256 ++ ++extern ServerOptions options; ++extern Authctxt *the_authctxt; ++extern u_int utmp_len; + const char* audit_username(void); + +-int +-linux_audit_record_event(int uid, const char *username, +- const char *hostname, const char *ip, const char *ttyn, int success) ++static void ++linux_audit_user_logxxx(int uid, const char *username, ++ const char *hostname, const char *ip, const char *ttyn, int success, int event) + { + int audit_fd, rc, saved_errno; + +@@ -49,11 +61,11 @@ linux_audit_record_event(int uid, const char *username, + if (audit_fd < 0) { + if (errno == EINVAL || errno == EPROTONOSUPPORT || + errno == EAFNOSUPPORT) +- return 1; /* No audit support in kernel */ ++ return; /* No audit support in kernel */ + else +- return 0; /* Must prevent login */ ++ goto fatal_report; /* Must prevent login */ + } +- rc = audit_log_acct_message(audit_fd, AUDIT_USER_LOGIN, ++ rc = audit_log_acct_message(audit_fd, event, + NULL, "login", username ? username : "(unknown)", + username == NULL ? uid : -1, hostname, ip, ttyn, success); + saved_errno = errno; +@@ -65,35 +77,154 @@ linux_audit_record_event(int uid, const char *username, + if ((rc == -EPERM) && (geteuid() != 0)) + rc = 0; + errno = saved_errno; +- return (rc >= 0); ++ if (rc < 0) { ++fatal_report: ++ fatal("linux_audit_write_entry failed: %s", strerror(errno)); ++ } + } + ++static void ++linux_audit_user_auth(int uid, const char *username, ++ const char *hostname, const char *ip, const char *ttyn, int success, int event) ++{ ++ int audit_fd, rc, saved_errno; ++ static const char *event_name[] = { ++ "maxtries exceeded", ++ "root denied", ++ "success", ++ "none", ++ "password", ++ "challenge-response", ++ "pubkey", ++ "hostbased", ++ "gssapi", ++ "invalid user", ++ "nologin", ++ "connection closed", ++ "connection abandoned", ++ "unknown" ++ }; ++ ++ audit_fd = audit_open(); ++ if (audit_fd < 0) { ++ if (errno == EINVAL || errno == EPROTONOSUPPORT || ++ errno == EAFNOSUPPORT) ++ return; /* No audit support in kernel */ ++ else ++ goto fatal_report; /* Must prevent login */ ++ } ++ ++ if ((event < 0) || (event > SSH_AUDIT_UNKNOWN)) ++ event = SSH_AUDIT_UNKNOWN; ++ ++ rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, ++ NULL, event_name[event], username ? username : "(unknown)", ++ username == NULL ? uid : -1, hostname, ip, ttyn, success); ++ saved_errno = errno; ++ close(audit_fd); ++ /* ++ * Do not report error if the error is EPERM and sshd is run as non ++ * root user. ++ */ ++ if ((rc == -EPERM) && (geteuid() != 0)) ++ rc = 0; ++ errno = saved_errno; ++ if (rc < 0) { ++fatal_report: ++ fatal("linux_audit_write_entry failed: %s", strerror(errno)); ++ } ++} ++ ++int ++audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) ++{ ++ char buf[AUDIT_LOG_SIZE]; ++ int audit_fd, rc, saved_errno; ++ ++ audit_fd = audit_open(); ++ if (audit_fd < 0) { ++ if (errno == EINVAL || errno == EPROTONOSUPPORT || ++ errno == EAFNOSUPPORT) ++ return 1; /* No audit support in kernel */ ++ else ++ return 0; /* Must prevent login */ ++ } ++ snprintf(buf, sizeof(buf), "%s_auth rport=%d", host_user ? "pubkey" : "hostbased", get_remote_port()); ++ rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, ++ buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv); ++ if ((rc < 0) && ((rc != -1) || (getuid() == 0))) ++ goto out; ++ /* is the fingerprint_prefix() still needed? ++ snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s%s rport=%d", ++ type, bits, sshkey_fingerprint_prefix(), fp, get_remote_port()); ++ */ ++ snprintf(buf, sizeof(buf), "key algo=%s size=%d fp=%s rport=%d", ++ type, bits, fp, get_remote_port()); ++ rc = audit_log_acct_message(audit_fd, AUDIT_USER_AUTH, NULL, ++ buf, audit_username(), -1, NULL, get_remote_ipaddr(), NULL, rv); ++out: ++ saved_errno = errno; ++ audit_close(audit_fd); ++ errno = saved_errno; ++ /* do not report error if the error is EPERM and sshd is run as non root user */ ++ return (rc >= 0) || ((rc == -EPERM) && (getuid() != 0)); ++} ++ ++static int user_login_count = 0; ++ + /* Below is the sshd audit API code */ + + void + audit_connection_from(const char *host, int port) + { +-} + /* not implemented */ ++} + +-void ++int + audit_run_command(const char *command) + { +- /* not implemented */ ++ if (!user_login_count++) ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_LOGIN); ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_START); ++ return 0; ++} ++ ++void ++audit_end_command(int handle, const char *command) ++{ ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_END); ++ if (user_login_count && !--user_login_count) ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_LOGOUT); ++} ++ ++void ++audit_count_session_open(void) ++{ ++ user_login_count++; + } + + void + audit_session_open(struct logininfo *li) + { +- if (linux_audit_record_event(li->uid, NULL, li->hostname, +- NULL, li->line, 1) == 0) +- fatal("linux_audit_write_entry failed: %s", strerror(errno)); ++ if (!user_login_count++) ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_LOGIN); ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_START); + } + + void + audit_session_close(struct logininfo *li) + { +- /* not implemented */ ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_END); ++ if (user_login_count && !--user_login_count) ++ linux_audit_user_logxxx(li->uid, NULL, li->hostname, ++ NULL, li->line, 1, AUDIT_USER_LOGOUT); + } + + void +@@ -101,21 +232,43 @@ audit_event(ssh_audit_event_t event) + { + switch(event) { + case SSH_AUTH_SUCCESS: +- case SSH_CONNECTION_CLOSE: ++ linux_audit_user_auth(-1, audit_username(), NULL, ++ get_remote_ipaddr(), "ssh", 1, event); ++ break; ++ + case SSH_NOLOGIN: +- case SSH_LOGIN_EXCEED_MAXTRIES: + case SSH_LOGIN_ROOT_DENIED: ++ linux_audit_user_auth(-1, audit_username(), NULL, ++ get_remote_ipaddr(), "ssh", 0, event); ++ linux_audit_user_logxxx(-1, audit_username(), NULL, ++ get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN); + break; + ++ case SSH_LOGIN_EXCEED_MAXTRIES: + case SSH_AUTH_FAIL_NONE: + case SSH_AUTH_FAIL_PASSWD: + case SSH_AUTH_FAIL_KBDINT: + case SSH_AUTH_FAIL_PUBKEY: + case SSH_AUTH_FAIL_HOSTBASED: + case SSH_AUTH_FAIL_GSSAPI: ++ linux_audit_user_auth(-1, audit_username(), NULL, ++ get_remote_ipaddr(), "ssh", 0, event); ++ break; ++ ++ case SSH_CONNECTION_CLOSE: ++ if (user_login_count) { ++ while (user_login_count--) ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_END); ++ linux_audit_user_logxxx(the_authctxt->pw->pw_uid, NULL, get_remote_name_or_ip(utmp_len, options.use_dns), ++ NULL, "ssh", 1, AUDIT_USER_LOGOUT); ++ } ++ break; ++ ++ case SSH_CONNECTION_ABANDON: + case SSH_INVALID_USER: +- linux_audit_record_event(-1, audit_username(), NULL, +- get_remote_ipaddr(), "sshd", 0); ++ linux_audit_user_logxxx(-1, audit_username(), NULL, ++ get_remote_ipaddr(), "ssh", 0, AUDIT_USER_LOGIN); + break; + + default: +@@ -123,4 +276,135 @@ audit_event(ssh_audit_event_t event) + } + } + ++void ++audit_unsupported_body(int what) ++{ ++#ifdef AUDIT_CRYPTO_SESSION ++ char buf[AUDIT_LOG_SIZE]; ++ const static char *name[] = { "cipher", "mac", "comp" }; ++ char *s; ++ int audit_fd; ++ ++ snprintf(buf, sizeof(buf), "op=unsupported-%s direction=? cipher=? ksize=? rport=%d laddr=%s lport=%d ", ++ name[what], get_remote_port(), (s = get_local_ipaddr(packet_get_connection_in())), ++ get_local_port()); ++ free(s); ++ audit_fd = audit_open(); ++ if (audit_fd < 0) ++ /* no problem, the next instruction will be fatal() */ ++ return; ++ audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION, ++ buf, NULL, get_remote_ipaddr(), NULL, 0); ++ audit_close(audit_fd); ++#endif ++} ++ ++const static char *direction[] = { "from-server", "from-client", "both" }; ++ ++void ++audit_kex_body(int ctos, char *enc, char *mac, char *compress, char *pfs, pid_t pid, ++ uid_t uid) ++{ ++#ifdef AUDIT_CRYPTO_SESSION ++ char buf[AUDIT_LOG_SIZE]; ++ int audit_fd, audit_ok; ++ const Cipher *cipher = cipher_by_name(enc); ++ char *s; ++ ++ snprintf(buf, sizeof(buf), "op=start direction=%s cipher=%s ksize=%d mac=%s pfs=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d ", ++ direction[ctos], enc, cipher ? 8 * cipher->key_len : 0, mac, pfs, ++ (intmax_t)pid, (intmax_t)uid, ++ get_remote_port(), (s = get_local_ipaddr(packet_get_connection_in())), get_local_port()); ++ free(s); ++ audit_fd = audit_open(); ++ if (audit_fd < 0) { ++ if (errno == EINVAL || errno == EPROTONOSUPPORT || ++ errno == EAFNOSUPPORT) ++ return; /* No audit support in kernel */ ++ else ++ fatal("cannot open audit"); /* Must prevent login */ ++ } ++ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_SESSION, ++ buf, NULL, get_remote_ipaddr(), NULL, 1); ++ audit_close(audit_fd); ++ /* do not abort if the error is EPERM and sshd is run as non root user */ ++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) ++ fatal("cannot write into audit"); /* Must prevent login */ ++#endif ++} ++ ++void ++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) ++{ ++ char buf[AUDIT_LOG_SIZE]; ++ int audit_fd, audit_ok; ++ char *s; ++ ++ snprintf(buf, sizeof(buf), "op=destroy kind=session fp=? direction=%s spid=%jd suid=%jd rport=%d laddr=%s lport=%d ", ++ direction[ctos], (intmax_t)pid, (intmax_t)uid, ++ get_remote_port(), ++ (s = get_local_ipaddr(packet_get_connection_in())), ++ get_local_port()); ++ free(s); ++ audit_fd = audit_open(); ++ if (audit_fd < 0) { ++ if (errno != EINVAL && errno != EPROTONOSUPPORT && ++ errno != EAFNOSUPPORT) ++ error("cannot open audit"); ++ return; ++ } ++ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, ++ buf, NULL, get_remote_ipaddr(), NULL, 1); ++ audit_close(audit_fd); ++ /* do not abort if the error is EPERM and sshd is run as non root user */ ++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) ++ error("cannot write into audit"); ++} ++ ++void ++audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) ++{ ++ char buf[AUDIT_LOG_SIZE]; ++ int audit_fd, audit_ok; ++ ++ snprintf(buf, sizeof(buf), "op=destroy kind=server fp=%s direction=? spid=%jd suid=%jd ", ++ fp, (intmax_t)pid, (intmax_t)uid); ++ audit_fd = audit_open(); ++ if (audit_fd < 0) { ++ if (errno != EINVAL && errno != EPROTONOSUPPORT && ++ errno != EAFNOSUPPORT) ++ error("cannot open audit"); ++ return; ++ } ++ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, ++ buf, NULL, ++ listening_for_clients() ? get_remote_ipaddr() : NULL, ++ NULL, 1); ++ audit_close(audit_fd); ++ /* do not abort if the error is EPERM and sshd is run as non root user */ ++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) ++ error("cannot write into audit"); ++} ++ ++void ++audit_generate_ephemeral_server_key(const char *fp) ++{ ++ char buf[AUDIT_LOG_SIZE]; ++ int audit_fd, audit_ok; ++ ++ snprintf(buf, sizeof(buf), "op=create kind=server fp=%s direction=? ", fp); ++ audit_fd = audit_open(); ++ if (audit_fd < 0) { ++ if (errno != EINVAL && errno != EPROTONOSUPPORT && ++ errno != EAFNOSUPPORT) ++ error("cannot open audit"); ++ return; ++ } ++ audit_ok = audit_log_user_message(audit_fd, AUDIT_CRYPTO_KEY_USER, ++ buf, NULL, 0, NULL, 1); ++ audit_close(audit_fd); ++ /* do not abort if the error is EPERM and sshd is run as non root user */ ++ if ((audit_ok < 0) && ((audit_ok != -1) || (getuid() == 0))) ++ error("cannot write into audit"); ++} + #endif /* USE_LINUX_AUDIT */ +diff -up openssh-6.8p1/audit.c.audit openssh-6.8p1/audit.c +--- openssh-6.8p1/audit.c.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/audit.c 2015-03-20 13:41:15.093883780 +0100 +@@ -28,6 +28,7 @@ + + #include <stdarg.h> + #include <string.h> ++#include <unistd.h> + + #ifdef SSH_AUDIT_EVENTS + +@@ -36,6 +37,11 @@ + #include "key.h" + #include "hostfile.h" + #include "auth.h" ++#include "ssh-gss.h" ++#include "monitor_wrap.h" ++#include "xmalloc.h" ++#include "misc.h" ++#include "servconf.h" + + /* + * Care must be taken when using this since it WILL NOT be initialized when +@@ -43,6 +49,7 @@ + * audit_event(CONNECTION_ABANDON) is called. Test for NULL before using. + */ + extern Authctxt *the_authctxt; ++extern ServerOptions options; + + /* Maybe add the audit class to struct Authmethod? */ + ssh_audit_event_t +@@ -71,13 +78,10 @@ audit_classify_auth(const char *method) + const char * + audit_username(void) + { +- static const char unknownuser[] = "(unknown user)"; +- static const char invaliduser[] = "(invalid user)"; ++ static const char unknownuser[] = "(unknown)"; + +- if (the_authctxt == NULL || the_authctxt->user == NULL) ++ if (the_authctxt == NULL || the_authctxt->user == NULL || !the_authctxt->valid) + return (unknownuser); +- if (!the_authctxt->valid) +- return (invaliduser); + return (the_authctxt->user); + } + +@@ -111,6 +115,40 @@ audit_event_lookup(ssh_audit_event_t ev) + return(event_lookup[i].name); + } + ++void ++audit_key(int host_user, int *rv, const Key *key) ++{ ++ char *fp; ++ const char *crypto_name; ++ ++ fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_HEX); ++ if (key->type == KEY_RSA1) ++ crypto_name = "ssh-rsa1"; ++ else ++ crypto_name = key_ssh_name(key); ++ if (audit_keyusage(host_user, crypto_name, key_size(key), fp, *rv) == 0) ++ *rv = 0; ++ free(fp); ++} ++ ++void ++audit_unsupported(int what) ++{ ++ PRIVSEP(audit_unsupported_body(what)); ++} ++ ++void ++audit_kex(int ctos, char *enc, char *mac, char *comp, char *pfs) ++{ ++ PRIVSEP(audit_kex_body(ctos, enc, mac, comp, pfs, getpid(), getuid())); ++} ++ ++void ++audit_session_key_free(int ctos) ++{ ++ PRIVSEP(audit_session_key_free_body(ctos, getpid(), getuid())); ++} ++ + # ifndef CUSTOM_SSH_AUDIT_EVENTS + /* + * Null implementations of audit functions. +@@ -140,6 +178,17 @@ audit_event(ssh_audit_event_t event) + } + + /* ++ * Called when a child process has called, or will soon call, ++ * audit_session_open. ++ */ ++void ++audit_count_session_open(void) ++{ ++ debug("audit count session open euid %d user %s", geteuid(), ++ audit_username()); ++} ++ ++/* + * Called when a user session is started. Argument is the tty allocated to + * the session, or NULL if no tty was allocated. + * +@@ -174,13 +223,91 @@ audit_session_close(struct logininfo *li) + /* + * This will be called when a user runs a non-interactive command. Note that + * it may be called multiple times for a single connection since SSH2 allows +- * multiple sessions within a single connection. ++ * multiple sessions within a single connection. Returns a "handle" for ++ * audit_end_command. + */ +-void ++int + audit_run_command(const char *command) + { + debug("audit run command euid %d user %s command '%.200s'", geteuid(), + audit_username(), command); ++ return 0; ++} ++ ++/* ++ * This will be called when the non-interactive command finishes. Note that ++ * it may be called multiple times for a single connection since SSH2 allows ++ * multiple sessions within a single connection. "handle" should come from ++ * the corresponding audit_run_command. ++ */ ++void ++audit_end_command(int handle, const char *command) ++{ ++ debug("audit end nopty exec euid %d user %s command '%.200s'", geteuid(), ++ audit_username(), command); ++} ++ ++/* ++ * This will be called when user is successfully autherized by the RSA1/RSA/DSA key. ++ * ++ * Type is the key type, len is the key length(byte) and fp is the fingerprint of the key. ++ */ ++int ++audit_keyusage(int host_user, const char *type, unsigned bits, char *fp, int rv) ++{ ++ debug("audit %s key usage euid %d user %s key type %s key length %d fingerprint %s%s, result %d", ++ host_user ? "pubkey" : "hostbased", geteuid(), audit_username(), type, bits, ++ sshkey_fingerprint_prefix(), fp, rv); ++} ++ ++/* ++ * This will be called when the protocol negotiation fails. ++ */ ++void ++audit_unsupported_body(int what) ++{ ++ debug("audit unsupported protocol euid %d type %d", geteuid(), what); ++} ++ ++/* ++ * This will be called on succesfull protocol negotiation. ++ */ ++void ++audit_kex_body(int ctos, char *enc, char *mac, char *compress, char *pfs, pid_t pid, ++ uid_t uid) ++{ ++ debug("audit protocol negotiation euid %d direction %d cipher %s mac %s compresion %s pfs %s from pid %ld uid %u", ++ (unsigned)geteuid(), ctos, enc, mac, compress, pfs, (long)pid, ++ (unsigned)uid); ++} ++ ++/* ++ * This will be called on succesfull session key discard ++ */ ++void ++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) ++{ ++ debug("audit session key discard euid %u direction %d from pid %ld uid %u", ++ (unsigned)geteuid(), ctos, (long)pid, (unsigned)uid); ++} ++ ++/* ++ * This will be called on destroy private part of the server key ++ */ ++void ++audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) ++{ ++ debug("audit destroy sensitive data euid %d fingerprint %s from pid %ld uid %u", ++ geteuid(), fp, (long)pid, (unsigned)uid); ++} ++ ++/* ++ * This will be called on generation of the ephemeral server key ++ */ ++void ++audit_generate_ephemeral_server_key(const char *) ++{ ++ debug("audit create ephemeral server key euid %d fingerprint %s", geteuid(), fp); + } + # endif /* !defined CUSTOM_SSH_AUDIT_EVENTS */ + #endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-6.8p1/audit.h.audit openssh-6.8p1/audit.h +--- openssh-6.8p1/audit.h.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/audit.h 2015-03-20 13:41:15.093883780 +0100 +@@ -28,6 +28,7 @@ + # define _SSH_AUDIT_H + + #include "loginrec.h" ++#include "key.h" + + enum ssh_audit_event_type { + SSH_LOGIN_EXCEED_MAXTRIES, +@@ -47,11 +48,25 @@ enum ssh_audit_event_type { + }; + typedef enum ssh_audit_event_type ssh_audit_event_t; + ++int listening_for_clients(void); ++ + void audit_connection_from(const char *, int); + void audit_event(ssh_audit_event_t); ++void audit_count_session_open(void); + void audit_session_open(struct logininfo *); + void audit_session_close(struct logininfo *); +-void audit_run_command(const char *); ++int audit_run_command(const char *); ++void audit_end_command(int, const char *); + ssh_audit_event_t audit_classify_auth(const char *); ++int audit_keyusage(int, const char *, unsigned, char *, int); ++void audit_key(int, int *, const Key *); ++void audit_unsupported(int); ++void audit_kex(int, char *, char *, char *, char *); ++void audit_unsupported_body(int); ++void audit_kex_body(int, char *, char *, char *, char *, pid_t, uid_t); ++void audit_session_key_free(int ctos); ++void audit_session_key_free_body(int ctos, pid_t, uid_t); ++void audit_destroy_sensitive_data(const char *, pid_t, uid_t); ++void audit_generate_ephemeral_server_key(const char *); + + #endif /* _SSH_AUDIT_H */ +diff -up openssh-6.8p1/auditstub.c.audit openssh-6.8p1/auditstub.c +--- openssh-6.8p1/auditstub.c.audit 2015-03-20 13:41:15.093883780 +0100 ++++ openssh-6.8p1/auditstub.c 2015-03-20 13:41:15.093883780 +0100 +@@ -0,0 +1,50 @@ ++/* $Id: auditstub.c,v 1.1 jfch Exp $ */ ++ ++/* ++ * Copyright 2010 Red Hat, Inc. All rights reserved. ++ * Use is subject to license terms. ++ * ++ * Redistribution and use in source and binary forms, with or without ++ * modification, are permitted provided that the following conditions ++ * are met: ++ * 1. Redistributions of source code must retain the above copyright ++ * notice, this list of conditions and the following disclaimer. ++ * 2. Redistributions in binary form must reproduce the above copyright ++ * notice, this list of conditions and the following disclaimer in the ++ * documentation and/or other materials provided with the distribution. ++ * ++ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR ++ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES ++ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. ++ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, ++ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT ++ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, ++ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY ++ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT ++ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF ++ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. ++ * ++ * Red Hat author: Jan F. Chadima jchadima@redhat.com ++ */ ++ ++#include <sys/types.h> ++ ++void ++audit_unsupported(int n) ++{ ++} ++ ++void ++audit_kex(int ctos, char *enc, char *mac, char *comp, char *pfs) ++{ ++} ++ ++void ++audit_session_key_free(int ctos) ++{ ++} ++ ++void ++audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) ++{ ++} +diff -up openssh-6.8p1/auth-rsa.c.audit openssh-6.8p1/auth-rsa.c +--- openssh-6.8p1/auth-rsa.c.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/auth-rsa.c 2015-03-20 13:41:15.094883779 +0100 +@@ -95,7 +95,10 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) + { + u_char buf[32], mdbuf[16]; + struct ssh_digest_ctx *md; +- int len; ++ int len, rv; ++#ifdef SSH_AUDIT_EVENTS ++ char *fp; ++#endif + + /* don't allow short keys */ + if (BN_num_bits(key->rsa->n) < SSH_RSA_MINIMUM_MODULUS_SIZE) { +@@ -119,12 +122,18 @@ auth_rsa_verify_response(Key *key, BIGNUM *challenge, u_char response[16]) + ssh_digest_free(md); + + /* Verify that the response is the original challenge. */ +- if (timingsafe_bcmp(response, mdbuf, 16) != 0) { +- /* Wrong answer. */ +- return (0); ++ rv = timingsafe_bcmp(response, mdbuf, 16) == 0; ++ ++#ifdef SSH_AUDIT_EVENTS ++ fp = sshkey_fingerprint(key, options.fingerprint_hash, SSH_FP_HEX); ++ if (audit_keyusage(1, "ssh-rsa1", RSA_size(key->rsa) * 8, fp, rv) == 0) { ++ debug("unsuccessful audit"); ++ rv = 0; + } +- /* Correct answer. */ +- return (1); ++ free(fp); ++#endif ++ ++ return rv; + } + + /* +diff -up openssh-6.8p1/auth.c.audit openssh-6.8p1/auth.c +--- openssh-6.8p1/auth.c.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/auth.c 2015-03-20 13:41:15.094883779 +0100 +@@ -644,9 +644,6 @@ getpwnamallow(const char *user) + record_failed_login(user, + get_canonical_hostname(options.use_dns), "ssh"); + #endif +-#ifdef SSH_AUDIT_EVENTS +- audit_event(SSH_INVALID_USER); +-#endif /* SSH_AUDIT_EVENTS */ + return (NULL); + } + if (!allowed_user(pw)) +diff -up openssh-6.8p1/auth.h.audit openssh-6.8p1/auth.h +--- openssh-6.8p1/auth.h.audit 2015-03-20 13:41:15.002883927 +0100 ++++ openssh-6.8p1/auth.h 2015-03-20 13:41:15.094883779 +0100 +@@ -195,6 +195,7 @@ void abandon_challenge_response(Authctxt + + char *expand_authorized_keys(const char *, struct passwd *pw); + char *authorized_principals_file(struct passwd *); ++int user_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); + + FILE *auth_openkeyfile(const char *, struct passwd *, int); + FILE *auth_openprincipals(const char *, struct passwd *, int); +@@ -213,6 +214,7 @@ int get_hostkey_index(Key *, int, struc + int ssh1_session_key(BIGNUM *); + int sshd_hostkey_sign(Key *, Key *, u_char **, size_t *, + const u_char *, size_t, u_int); ++int hostbased_key_verify(const Key *, const u_char *, u_int, const u_char *, u_int); + + /* debug messages during authentication */ + void auth_debug_add(const char *fmt,...) __attribute__((format(printf, 1, 2))); +diff -up openssh-6.8p1/auth2-hostbased.c.audit openssh-6.8p1/auth2-hostbased.c +--- openssh-6.8p1/auth2-hostbased.c.audit 2015-03-20 13:41:15.002883927 +0100 ++++ openssh-6.8p1/auth2-hostbased.c 2015-03-20 13:41:15.093883780 +0100 +@@ -147,7 +147,7 @@ userauth_hostbased(Authctxt *authctxt) + /* test for allowed key and correct signature */ + authenticated = 0; + if (PRIVSEP(hostbased_key_allowed(authctxt->pw, cuser, chost, key)) && +- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), ++ PRIVSEP(hostbased_key_verify(key, sig, slen, buffer_ptr(&b), + buffer_len(&b))) == 1) + authenticated = 1; + +@@ -164,6 +164,18 @@ done: + return authenticated; + } + ++int ++hostbased_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) ++{ ++ int rv; ++ ++ rv = key_verify(key, sig, slen, data, datalen); ++#ifdef SSH_AUDIT_EVENTS ++ audit_key(0, &rv, key); ++#endif ++ return rv; ++} ++ + /* return 1 if given hostkey is allowed */ + int + hostbased_key_allowed(struct passwd *pw, const char *cuser, char *chost, +diff -up openssh-6.8p1/auth2-pubkey.c.audit openssh-6.8p1/auth2-pubkey.c +--- openssh-6.8p1/auth2-pubkey.c.audit 2015-03-20 13:41:15.013883910 +0100 ++++ openssh-6.8p1/auth2-pubkey.c 2015-03-20 13:41:15.094883779 +0100 +@@ -172,7 +172,7 @@ userauth_pubkey(Authctxt *authctxt) + /* test for correct signature */ + authenticated = 0; + if (PRIVSEP(user_key_allowed(authctxt->pw, key)) && +- PRIVSEP(key_verify(key, sig, slen, buffer_ptr(&b), ++ PRIVSEP(user_key_verify(key, sig, slen, buffer_ptr(&b), + buffer_len(&b))) == 1) { + authenticated = 1; + /* Record the successful key to prevent reuse */ +@@ -250,6 +250,18 @@ pubkey_auth_info(Authctxt *authctxt, con + free(extra); + } + ++int ++user_key_verify(const Key *key, const u_char *sig, u_int slen, const u_char *data, u_int datalen) ++{ ++ int rv; ++ ++ rv = key_verify(key, sig, slen, data, datalen); ++#ifdef SSH_AUDIT_EVENTS ++ audit_key(1, &rv, key); ++#endif ++ return rv; ++} ++ + static int + match_principals_option(const char *principal_list, struct sshkey_cert *cert) + { +diff -up openssh-6.8p1/auth2.c.audit openssh-6.8p1/auth2.c +--- openssh-6.8p1/auth2.c.audit 2015-03-20 13:41:15.044883860 +0100 ++++ openssh-6.8p1/auth2.c 2015-03-20 13:41:15.093883780 +0100 +@@ -249,9 +249,6 @@ input_userauth_request(int type, u_int32 + } else { + logit("input_userauth_request: invalid user %s", user); + authctxt->pw = fakepw(); +-#ifdef SSH_AUDIT_EVENTS +- PRIVSEP(audit_event(SSH_INVALID_USER)); +-#endif + } + #ifdef USE_PAM + if (options.use_pam) +diff -up openssh-6.8p1/cipher.c.audit openssh-6.8p1/cipher.c +--- openssh-6.8p1/cipher.c.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/cipher.c 2015-03-20 13:41:15.101883767 +0100 +@@ -57,26 +59,6 @@ extern const EVP_CIPHER *evp_ssh1_3des(v + extern int ssh1_3des_iv(EVP_CIPHER_CTX *, int, u_char *, int); + #endif + +-struct sshcipher { +- char *name; +- int number; /* for ssh1 only */ +- u_int block_size; +- u_int key_len; +- u_int iv_len; /* defaults to block_size */ +- u_int auth_len; +- u_int discard_len; +- u_int flags; +-#define CFLAG_CBC (1<<0) +-#define CFLAG_CHACHAPOLY (1<<1) +-#define CFLAG_AESCTR (1<<2) +-#define CFLAG_NONE (1<<3) +-#ifdef WITH_OPENSSL +- const EVP_CIPHER *(*evptype)(void); +-#else +- void *ignored; +-#endif +-}; +- + static const struct sshcipher ciphers[] = { + #ifdef WITH_SSH1 + { "des", SSH_CIPHER_DES, 8, 8, 0, 0, 0, 1, EVP_des_cbc }, +diff -up openssh-6.8p1/cipher.h.audit openssh-6.8p1/cipher.h +--- openssh-6.8p1/cipher.h.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/cipher.h 2015-03-20 13:41:15.094883779 +0100 +@@ -62,7 +62,26 @@ + #define CIPHER_ENCRYPT 1 + #define CIPHER_DECRYPT 0 + +-struct sshcipher; ++struct sshcipher { ++ char *name; ++ int number; /* for ssh1 only */ ++ u_int block_size; ++ u_int key_len; ++ u_int iv_len; /* defaults to block_size */ ++ u_int auth_len; ++ u_int discard_len; ++ u_int flags; ++#define CFLAG_CBC (1<<0) ++#define CFLAG_CHACHAPOLY (1<<1) ++#define CFLAG_AESCTR (1<<2) ++#define CFLAG_NONE (1<<3) ++#ifdef WITH_OPENSSL ++ const EVP_CIPHER *(*evptype)(void); ++#else ++ void *ignored; ++#endif ++}; ++ + struct sshcipher_ctx { + int plaintext; + int encrypt; +diff -up openssh-6.8p1/kex.c.audit openssh-6.8p1/kex.c +--- openssh-6.8p1/kex.c.audit 2015-03-20 13:41:15.046883856 +0100 ++++ openssh-6.8p1/kex.c 2015-03-20 13:41:15.101883767 +0100 +@@ -54,6 +55,7 @@ + #include "ssherr.h" + #include "sshbuf.h" + #include "digest.h" ++#include "audit.h" + + #ifdef GSSAPI + #include "ssh-gss.h" +@@ -484,8 +508,12 @@ choose_enc(struct sshenc *enc, char *cli + { + char *name = match_list(client, server, NULL); + +- if (name == NULL) ++ if (name == NULL) { ++#ifdef SSH_AUDIT_EVENTS ++ audit_unsupported(0); ++#endif + return SSH_ERR_NO_CIPHER_ALG_MATCH; ++ } + if ((enc->cipher = cipher_by_name(name)) == NULL) + return SSH_ERR_INTERNAL_ERROR; + enc->name = name; +@@ -503,8 +531,12 @@ choose_mac(struct ssh *ssh, struct sshma + { + char *name = match_list(client, server, NULL); + +- if (name == NULL) ++ if (name == NULL) { ++#ifdef SSH_AUDIT_EVENTS ++ audit_unsupported(1); ++#endif + return SSH_ERR_NO_MAC_ALG_MATCH; ++ } + if (mac_setup(mac, name) < 0) + return SSH_ERR_INTERNAL_ERROR; + /* truncate the key */ +@@ -521,8 +553,12 @@ choose_comp(struct sshcomp *comp, char * + { + char *name = match_list(client, server, NULL); + +- if (name == NULL) ++ if (name == NULL) { ++#ifdef SSH_AUDIT_EVENTS ++ audit_unsupported(2); ++#endif + return SSH_ERR_NO_COMPRESS_ALG_MATCH; ++ } + if (strcmp(name, "zlib@openssh.com") == 0) { + comp->type = COMP_DELAYED; + } else if (strcmp(name, "zlib") == 0) { +@@ -672,6 +708,10 @@ kex_choose_conf(struct ssh *ssh) + dh_need = MAX(dh_need, newkeys->enc.block_size); + dh_need = MAX(dh_need, newkeys->enc.iv_len); + dh_need = MAX(dh_need, newkeys->mac.key_len); ++ debug("kex: %s need=%d dh_need=%d", kex->name, need, dh_need); ++#ifdef SSH_AUDIT_EVENTS ++ audit_kex(mode, newkeys->enc.name, newkeys->mac.name, newkeys->comp.name, kex->name); ++#endif + } + /* XXX need runden? */ + kex->we_need = need; +@@ -847,3 +887,34 @@ dump_digest(char *msg, u_char *digest, i + sshbuf_dump_data(digest, len, stderr); + } + #endif ++ ++static void ++enc_destroy(struct sshenc *enc) ++{ ++ if (enc == NULL) ++ return; ++ ++ if (enc->key) { ++ memset(enc->key, 0, enc->key_len); ++ free(enc->key); ++ } ++ ++ if (enc->iv) { ++ memset(enc->iv, 0, enc->block_size); ++ free(enc->iv); ++ } ++ ++ memset(enc, 0, sizeof(*enc)); ++} ++ ++void ++newkeys_destroy(struct newkeys *newkeys) ++{ ++ if (newkeys == NULL) ++ return; ++ ++ enc_destroy(&newkeys->enc); ++ mac_destroy(&newkeys->mac); ++ memset(&newkeys->comp, 0, sizeof(newkeys->comp)); ++} ++ +diff -up openssh-6.8p1/kex.h.audit openssh-6.8p1/kex.h +--- openssh-6.8p1/kex.h.audit 2015-03-20 13:41:15.046883856 +0100 ++++ openssh-6.8p1/kex.h 2015-03-20 13:41:15.095883777 +0100 +@@ -199,6 +199,8 @@ int kexgss_client(struct ssh *); + int kexgss_server(struct ssh *); + #endif + ++void newkeys_destroy(struct newkeys *newkeys); ++ + int kex_dh_hash(const char *, const char *, + const u_char *, size_t, const u_char *, size_t, const u_char *, size_t, + const BIGNUM *, const BIGNUM *, const BIGNUM *, u_char *, size_t *); +diff -up openssh-6.8p1/key.h.audit openssh-6.8p1/key.h +--- openssh-6.8p1/key.h.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/key.h 2015-03-20 13:41:15.095883777 +0100 +@@ -50,6 +50,7 @@ typedef struct sshkey Key; + #define key_ecdsa_bits_to_nid sshkey_ecdsa_bits_to_nid + #define key_ecdsa_key_to_nid sshkey_ecdsa_key_to_nid + #define key_is_cert sshkey_is_cert ++#define key_is_private sshkey_is_private + #define key_type_plain sshkey_type_plain + #define key_cert_is_legacy sshkey_cert_is_legacy + #define key_curve_name_to_nid sshkey_curve_name_to_nid +diff -up openssh-6.8p1/mac.c.audit openssh-6.8p1/mac.c +--- openssh-6.8p1/mac.c.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/mac.c 2015-03-20 13:41:15.102883766 +0100 +@@ -226,6 +246,20 @@ mac_clear(struct sshmac *mac) + mac->umac_ctx = NULL; + } + ++void ++mac_destroy(struct sshmac *mac) ++{ ++ if (mac == NULL) ++ return; ++ ++ if (mac->key) { ++ memset(mac->key, 0, mac->key_len); ++ free(mac->key); ++ } ++ ++ memset(mac, 0, sizeof(*mac)); ++} ++ + /* XXX copied from ciphers_valid */ + #define MAC_SEP "," + int +diff -up openssh-6.8p1/mac.h.audit openssh-6.8p1/mac.h +--- openssh-6.8p1/mac.h.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/mac.h 2015-03-20 13:41:15.095883777 +0100 +@@ -47,5 +47,6 @@ int mac_init(struct sshmac *); + int mac_compute(struct sshmac *, u_int32_t, const u_char *, int, + u_char *, size_t); + void mac_clear(struct sshmac *); ++void mac_destroy(struct sshmac *); + + #endif /* SSHMAC_H */ +diff -up openssh-6.8p1/monitor.c.audit openssh-6.8p1/monitor.c +--- openssh-6.8p1/monitor.c.audit 2015-03-20 13:41:15.072883814 +0100 ++++ openssh-6.8p1/monitor.c 2015-03-20 13:41:15.107883758 +0100 +@@ -102,6 +102,7 @@ + #include "ssh2.h" + #include "roaming.h" + #include "authfd.h" ++#include "audit.h" + #include "match.h" + #include "ssherr.h" + +@@ -117,6 +118,8 @@ extern Buffer auth_debug; + extern int auth_debug_init; + extern Buffer loginmsg; + ++extern void destroy_sensitive_data(int); ++ + /* State exported from the child */ + static struct sshbuf *child_state; + +@@ -167,6 +170,11 @@ int mm_answer_gss_updatecreds(int, Buffe + #ifdef SSH_AUDIT_EVENTS + int mm_answer_audit_event(int, Buffer *); + int mm_answer_audit_command(int, Buffer *); ++int mm_answer_audit_end_command(int, Buffer *); ++int mm_answer_audit_unsupported_body(int, Buffer *); ++int mm_answer_audit_kex_body(int, Buffer *); ++int mm_answer_audit_session_key_free_body(int, Buffer *); ++int mm_answer_audit_server_key_free(int, Buffer *); + #endif + + static int monitor_read_log(struct monitor *); +@@ -226,6 +234,10 @@ struct mon_table mon_dispatch_proto20[] + #endif + #ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, ++ {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, ++ {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, ++ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, ++ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, + #endif + #ifdef BSD_AUTH + {MONITOR_REQ_BSDAUTHQUERY, MON_ISAUTH, mm_answer_bsdauthquery}, +@@ -264,6 +276,11 @@ struct mon_table mon_dispatch_postauth20 + #ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, ++ {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command}, ++ {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, ++ {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, ++ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, ++ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, + #endif + {0, 0, NULL} + }; +@@ -296,6 +313,10 @@ struct mon_table mon_dispatch_proto15[] + #endif + #ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, ++ {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, ++ {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, ++ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, ++ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, + #endif + #endif /* WITH_SSH1 */ + {0, 0, NULL} +@@ -309,6 +330,11 @@ struct mon_table mon_dispatch_postauth15 + #ifdef SSH_AUDIT_EVENTS + {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, + {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, ++ {MONITOR_REQ_AUDIT_END_COMMAND, MON_PERMIT, mm_answer_audit_end_command}, ++ {MONITOR_REQ_AUDIT_UNSUPPORTED, MON_PERMIT, mm_answer_audit_unsupported_body}, ++ {MONITOR_REQ_AUDIT_KEX, MON_PERMIT, mm_answer_audit_kex_body}, ++ {MONITOR_REQ_AUDIT_SESSION_KEY_FREE, MON_PERMIT, mm_answer_audit_session_key_free_body}, ++ {MONITOR_REQ_AUDIT_SERVER_KEY_FREE, MON_PERMIT, mm_answer_audit_server_key_free}, + #endif + #endif /* WITH_SSH1 */ + {0, 0, NULL} +@@ -1466,9 +1493,11 @@ mm_answer_keyverify(int sock, Buffer *m) + Key *key; + u_char *signature, *data, *blob; + u_int signaturelen, datalen, bloblen; ++ int type = 0; + int verified = 0; + int valid_data = 0; + ++ type = buffer_get_int(m); + blob = buffer_get_string(m, &bloblen); + signature = buffer_get_string(m, &signaturelen); + data = buffer_get_string(m, &datalen); +@@ -1476,6 +1505,8 @@ mm_answer_keyverify(int sock, Buffer *m) + if (hostbased_cuser == NULL || hostbased_chost == NULL || + !monitor_allowed_key(blob, bloblen)) + fatal("%s: bad key, not previously allowed", __func__); ++ if (type != key_blobtype) ++ fatal("%s: bad key type", __func__); + + key = key_from_blob(blob, bloblen); + if (key == NULL) +@@ -1496,7 +1527,17 @@ mm_answer_keyverify(int sock, Buffer *m) + if (!valid_data) + fatal("%s: bad signature data blob", __func__); + +- verified = key_verify(key, signature, signaturelen, data, datalen); ++ switch (key_blobtype) { ++ case MM_USERKEY: ++ verified = user_key_verify(key, signature, signaturelen, data, datalen); ++ break; ++ case MM_HOSTKEY: ++ verified = hostbased_key_verify(key, signature, signaturelen, data, datalen); ++ break; ++ default: ++ verified = 0; ++ break; ++ } + debug3("%s: key %p signature %s", + __func__, key, (verified == 1) ? "verified" : "unverified"); + +@@ -1554,6 +1595,12 @@ mm_session_close(Session *s) + debug3("%s: tty %s ptyfd %d", __func__, s->tty, s->ptyfd); + session_pty_cleanup2(s); + } ++#ifdef SSH_AUDIT_EVENTS ++ if (s->command != NULL) { ++ debug3("%s: command %d", __func__, s->command_handle); ++ session_end_command2(s); ++ } ++#endif + session_unused(s->self); + } + +@@ -1836,6 +1883,8 @@ mm_answer_term(int sock, Buffer *req) + sshpam_cleanup(); + #endif + ++ destroy_sensitive_data(0); ++ + while (waitpid(pmonitor->m_pid, &status, 0) == -1) + if (errno != EINTR) + exit(1); +@@ -1878,11 +1927,43 @@ mm_answer_audit_command(int socket, Buff + { + u_int len; + char *cmd; ++ Session *s; + + debug3("%s entering", __func__); + cmd = buffer_get_string(m, &len); ++ + /* sanity check command, if so how? */ +- audit_run_command(cmd); ++ s = session_new(); ++ if (s == NULL) ++ fatal("%s: error allocating a session", __func__); ++ s->command = cmd; ++ s->command_handle = audit_run_command(cmd); ++ ++ buffer_clear(m); ++ buffer_put_int(m, s->self); ++ ++ mm_request_send(socket, MONITOR_ANS_AUDIT_COMMAND, m); ++ ++ return (0); ++} ++ ++int ++mm_answer_audit_end_command(int socket, Buffer *m) ++{ ++ int handle; ++ u_int len; ++ char *cmd; ++ Session *s; ++ ++ debug3("%s entering", __func__); ++ handle = buffer_get_int(m); ++ cmd = buffer_get_string(m, &len); ++ ++ s = session_by_id(handle); ++ if (s == NULL || s->ttyfd != -1 || s->command == NULL || ++ strcmp(s->command, cmd) != 0) ++ fatal("%s: invalid handle", __func__); ++ mm_session_close(s); + free(cmd); + return (0); + } +@@ -1936,6 +2017,7 @@ + void + mm_get_keystate(struct monitor *pmonitor) + { ++ Buffer m; + debug3("%s: Waiting for new keys", __func__); + + if ((child_state = sshbuf_new()) == NULL) +@@ -1946,6 +2027,21 @@ mm_get_keystate(struct monitor *pmonitor + mm_request_receive_expect(pmonitor->m_sendfd, MONITOR_REQ_KEYEXPORT, + child_state); + debug3("%s: GOT new keys", __func__); ++ ++#ifdef SSH_AUDIT_EVENTS ++ if (compat20) { ++ buffer_init(&m); ++ mm_request_receive_expect(pmonitor->m_sendfd, ++ MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); ++ mm_answer_audit_session_key_free_body(pmonitor->m_sendfd, &m); ++ buffer_free(&m); ++ } ++#endif ++ ++ /* Drain any buffered messages from the child */ ++ while (pmonitor->m_log_recvfd >= 0 && monitor_read_log(pmonitor) == 0) ++ ; ++ + } + + +@@ -2212,3 +2308,87 @@ mm_answer_gss_updatecreds(int socket, Bu + + #endif /* GSSAPI */ + ++#ifdef SSH_AUDIT_EVENTS ++int ++mm_answer_audit_unsupported_body(int sock, Buffer *m) ++{ ++ int what; ++ ++ what = buffer_get_int(m); ++ ++ audit_unsupported_body(what); ++ ++ buffer_clear(m); ++ ++ mm_request_send(sock, MONITOR_ANS_AUDIT_UNSUPPORTED, m); ++ return 0; ++} ++ ++int ++mm_answer_audit_kex_body(int sock, Buffer *m) ++{ ++ int ctos, len; ++ char *cipher, *mac, *compress, *pfs; ++ pid_t pid; ++ uid_t uid; ++ ++ ctos = buffer_get_int(m); ++ cipher = buffer_get_string(m, &len); ++ mac = buffer_get_string(m, &len); ++ compress = buffer_get_string(m, &len); ++ pfs = buffer_get_string(m, &len); ++ pid = buffer_get_int64(m); ++ uid = buffer_get_int64(m); ++ ++ audit_kex_body(ctos, cipher, mac, compress, pfs, pid, uid); ++ ++ free(cipher); ++ free(mac); ++ free(compress); ++ free(pfs); ++ buffer_clear(m); ++ ++ mm_request_send(sock, MONITOR_ANS_AUDIT_KEX, m); ++ return 0; ++} ++ ++int ++mm_answer_audit_session_key_free_body(int sock, Buffer *m) ++{ ++ int ctos; ++ pid_t pid; ++ uid_t uid; ++ ++ ctos = buffer_get_int(m); ++ pid = buffer_get_int64(m); ++ uid = buffer_get_int64(m); ++ ++ audit_session_key_free_body(ctos, pid, uid); ++ ++ buffer_clear(m); ++ ++ mm_request_send(sock, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, m); ++ return 0; ++} ++ ++int ++mm_answer_audit_server_key_free(int sock, Buffer *m) ++{ ++ int len; ++ char *fp; ++ pid_t pid; ++ uid_t uid; ++ ++ fp = buffer_get_string(m, &len); ++ pid = buffer_get_int64(m); ++ uid = buffer_get_int64(m); ++ ++ audit_destroy_sensitive_data(fp, pid, uid); ++ ++ free(fp); ++ buffer_clear(m); ++ ++ mm_request_send(sock, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, m); ++ return 0; ++} ++#endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-6.8p1/monitor.h.audit openssh-6.8p1/monitor.h +--- openssh-6.8p1/monitor.h.audit 2015-03-20 13:41:15.072883814 +0100 ++++ openssh-6.8p1/monitor.h 2015-03-20 13:41:15.096883775 +0100 +@@ -69,7 +69,13 @@ enum monitor_reqtype { + MONITOR_REQ_PAM_QUERY = 106, MONITOR_ANS_PAM_QUERY = 107, + MONITOR_REQ_PAM_RESPOND = 108, MONITOR_ANS_PAM_RESPOND = 109, + MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, +- MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, ++ MONITOR_REQ_AUDIT_EVENT = 112, ++ MONITOR_REQ_AUDIT_COMMAND = 114, MONITOR_ANS_AUDIT_COMMAND = 115, ++ MONITOR_REQ_AUDIT_END_COMMAND = 116, ++ MONITOR_REQ_AUDIT_UNSUPPORTED = 118, MONITOR_ANS_AUDIT_UNSUPPORTED = 119, ++ MONITOR_REQ_AUDIT_KEX = 120, MONITOR_ANS_AUDIT_KEX = 121, ++ MONITOR_REQ_AUDIT_SESSION_KEY_FREE = 122, MONITOR_ANS_AUDIT_SESSION_KEY_FREE = 123, ++ MONITOR_REQ_AUDIT_SERVER_KEY_FREE = 124, MONITOR_ANS_AUDIT_SERVER_KEY_FREE = 125 + + }; + +diff -up openssh-6.8p1/monitor_wrap.c.audit openssh-6.8p1/monitor_wrap.c +--- openssh-6.8p1/monitor_wrap.c.audit 2015-03-20 13:41:15.047883855 +0100 ++++ openssh-6.8p1/monitor_wrap.c 2015-03-20 13:41:15.108883756 +0100 +@@ -461,7 +461,7 @@ mm_key_allowed(enum mm_keytype type, cha + */ + + int +-mm_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) ++mm_key_verify(enum mm_keytype type, Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) + { + Buffer m; + u_char *blob; +@@ -475,6 +475,7 @@ mm_key_verify(Key *key, u_char *sig, u_i + return (0); + + buffer_init(&m); ++ buffer_put_int(&m, type); + buffer_put_string(&m, blob, len); + buffer_put_string(&m, sig, siglen); + buffer_put_string(&m, data, datalen); +@@ -492,6 +493,18 @@ mm_key_verify(Key *key, u_char *sig, u_i + return (verified); + } + ++int ++mm_hostbased_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) ++{ ++ return mm_key_verify(MM_HOSTKEY, key, sig, siglen, data, datalen); ++} ++ ++int ++mm_user_key_verify(Key *key, u_char *sig, u_int siglen, u_char *data, u_int datalen) ++{ ++ return mm_key_verify(MM_USERKEY, key, sig, siglen, data, datalen); ++} ++ + void + mm_send_keystate(struct monitor *monitor) + { +@@ -1005,10 +1018,11 @@ mm_audit_event(ssh_audit_event_t event) + buffer_free(&m); + } + +-void ++int + mm_audit_run_command(const char *command) + { + Buffer m; ++ int handle; + + debug3("%s entering command %s", __func__, command); + +@@ -1016,6 +1030,26 @@ mm_audit_run_command(const char *command + buffer_put_cstring(&m, command); + + mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_COMMAND, &m); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_COMMAND, &m); ++ ++ handle = buffer_get_int(&m); ++ buffer_free(&m); ++ ++ return (handle); ++} ++ ++void ++mm_audit_end_command(int handle, const char *command) ++{ ++ Buffer m; ++ ++ debug3("%s entering command %s", __func__, command); ++ ++ buffer_init(&m); ++ buffer_put_int(&m, handle); ++ buffer_put_cstring(&m, command); ++ ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_END_COMMAND, &m); + buffer_free(&m); + } + #endif /* SSH_AUDIT_EVENTS */ +@@ -1151,3 +1185,72 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_cc + + #endif /* GSSAPI */ + ++#ifdef SSH_AUDIT_EVENTS ++void ++mm_audit_unsupported_body(int what) ++{ ++ Buffer m; ++ ++ buffer_init(&m); ++ buffer_put_int(&m, what); ++ ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_UNSUPPORTED, &m); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_UNSUPPORTED, ++ &m); ++ ++ buffer_free(&m); ++} ++ ++void ++mm_audit_kex_body(int ctos, char *cipher, char *mac, char *compress, char *fps, pid_t pid, ++ uid_t uid) ++{ ++ Buffer m; ++ ++ buffer_init(&m); ++ buffer_put_int(&m, ctos); ++ buffer_put_cstring(&m, cipher); ++ buffer_put_cstring(&m, (mac ? mac : "")); ++ buffer_put_cstring(&m, compress); ++ buffer_put_cstring(&m, fps); ++ buffer_put_int64(&m, pid); ++ buffer_put_int64(&m, uid); ++ ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_KEX, &m); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_KEX, ++ &m); ++ ++ buffer_free(&m); ++} ++ ++void ++mm_audit_session_key_free_body(int ctos, pid_t pid, uid_t uid) ++{ ++ Buffer m; ++ ++ buffer_init(&m); ++ buffer_put_int(&m, ctos); ++ buffer_put_int64(&m, pid); ++ buffer_put_int64(&m, uid); ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SESSION_KEY_FREE, &m); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SESSION_KEY_FREE, ++ &m); ++ buffer_free(&m); ++} ++ ++void ++mm_audit_destroy_sensitive_data(const char *fp, pid_t pid, uid_t uid) ++{ ++ Buffer m; ++ ++ buffer_init(&m); ++ buffer_put_cstring(&m, fp); ++ buffer_put_int64(&m, pid); ++ buffer_put_int64(&m, uid); ++ ++ mm_request_send(pmonitor->m_recvfd, MONITOR_REQ_AUDIT_SERVER_KEY_FREE, &m); ++ mm_request_receive_expect(pmonitor->m_recvfd, MONITOR_ANS_AUDIT_SERVER_KEY_FREE, ++ &m); ++ buffer_free(&m); ++} ++#endif /* SSH_AUDIT_EVENTS */ +diff -up openssh-6.8p1/monitor_wrap.h.audit openssh-6.8p1/monitor_wrap.h +--- openssh-6.8p1/monitor_wrap.h.audit 2015-03-20 13:41:15.048883853 +0100 ++++ openssh-6.8p1/monitor_wrap.h 2015-03-20 13:41:15.096883775 +0100 +@@ -52,7 +52,8 @@ int mm_key_allowed(enum mm_keytype, char + int mm_user_key_allowed(struct passwd *, Key *); + int mm_hostbased_key_allowed(struct passwd *, char *, char *, Key *); + int mm_auth_rhosts_rsa_key_allowed(struct passwd *, char *, char *, Key *); +-int mm_key_verify(Key *, u_char *, u_int, u_char *, u_int); ++int mm_hostbased_key_verify(Key *, u_char *, u_int, u_char *, u_int); ++int mm_user_key_verify(Key *, u_char *, u_int, u_char *, u_int); + int mm_auth_rsa_key_allowed(struct passwd *, BIGNUM *, Key **); + int mm_auth_rsa_verify_response(Key *, BIGNUM *, u_char *); + BIGNUM *mm_auth_rsa_generate_challenge(Key *); +@@ -79,7 +80,12 @@ void mm_sshpam_free_ctx(void *); + #ifdef SSH_AUDIT_EVENTS + #include "audit.h" + void mm_audit_event(ssh_audit_event_t); +-void mm_audit_run_command(const char *); ++int mm_audit_run_command(const char *); ++void mm_audit_end_command(int, const char *); ++void mm_audit_unsupported_body(int); ++void mm_audit_kex_body(int, char *, char *, char *, char *, pid_t, uid_t); ++void mm_audit_session_key_free_body(int, pid_t, uid_t); ++void mm_audit_destroy_sensitive_data(const char *, pid_t, uid_t); + #endif + + struct Session; +diff -up openssh-6.8p1/packet.c.audit openssh-6.8p1/packet.c +--- openssh-6.8p1/packet.c.audit 2015-03-20 13:41:14.990883947 +0100 ++++ openssh-6.8p1/packet.c 2015-03-20 13:41:15.097883774 +0100 +@@ -67,6 +67,7 @@ + #include "key.h" /* typedefs XXX */ + + #include "xmalloc.h" ++#include "audit.h" + #include "crc32.h" + #include "deattack.h" + #include "compat.h" +@@ -448,6 +449,13 @@ ssh_packet_get_connection_out(struct ssh + return ssh->state->connection_out; + } + ++static int ++packet_state_has_keys (const struct session_state *state) ++{ ++ return state != NULL && ++ (state->newkeys[MODE_IN] != NULL || state->newkeys[MODE_OUT] != NULL); ++} ++ + /* + * Returns the IP-address of the remote host as a string. The returned + * string must not be freed. +@@ -478,13 +486,6 @@ ssh_packet_close(struct ssh *ssh) + if (!state->initialized) + return; + state->initialized = 0; +- if (state->connection_in == state->connection_out) { +- shutdown(state->connection_out, SHUT_RDWR); +- close(state->connection_out); +- } else { +- close(state->connection_in); +- close(state->connection_out); +- } + sshbuf_free(state->input); + sshbuf_free(state->output); + sshbuf_free(state->outgoing_packet); +@@ -516,14 +517,24 @@ ssh_packet_close(struct ssh *ssh) + inflateEnd(stream); + } + } +- if ((r = cipher_cleanup(&state->send_context)) != 0) +- error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); +- if ((r = cipher_cleanup(&state->receive_context)) != 0) +- error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); ++ if (packet_state_has_keys(state)) { ++ if ((r = cipher_cleanup(&state->send_context)) != 0) ++ error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); ++ if ((r = cipher_cleanup(&state->receive_context)) != 0) ++ error("%s: cipher_cleanup failed: %s", __func__, ssh_err(r)); ++ audit_session_key_free(2); ++ } + if (ssh->remote_ipaddr) { + free(ssh->remote_ipaddr); + ssh->remote_ipaddr = NULL; + } ++ if (state->connection_in == state->connection_out) { ++ shutdown(state->connection_out, SHUT_RDWR); ++ close(state->connection_out); ++ } else { ++ close(state->connection_in); ++ close(state->connection_out); ++ } + free(ssh->state); + ssh->state = NULL; + } +@@ -941,6 +952,7 @@ ssh_set_newkeys(struct ssh *ssh, int mod + } + if (state->newkeys[mode] != NULL) { + debug("set_newkeys: rekeying"); ++ audit_session_key_free(mode); + if ((r = cipher_cleanup(cc)) != 0) + return r; + enc = &state->newkeys[mode]->enc; +@@ -2263,6 +2275,75 @@ ssh_packet_get_output(struct ssh *ssh) + return (void *)ssh->state->output; + } + ++static void ++newkeys_destroy_and_free(struct newkeys *newkeys) ++{ ++ if (newkeys == NULL) ++ return; ++ ++ free(newkeys->enc.name); ++ ++ if (newkeys->mac.enabled) { ++ mac_clear(&newkeys->mac); ++ free(newkeys->mac.name); ++ } ++ ++ free(newkeys->comp.name); ++ ++ newkeys_destroy(newkeys); ++ free(newkeys); ++} ++ ++static void ++packet_destroy_state(struct session_state *state) ++{ ++ if (state == NULL) ++ return; ++ ++ cipher_cleanup(&state->receive_context); ++ cipher_cleanup(&state->send_context); ++ ++ buffer_free(state->input); ++ state->input = NULL; ++ buffer_free(state->output); ++ state->output = NULL; ++ buffer_free(state->outgoing_packet); ++ state->outgoing_packet = NULL; ++ buffer_free(state->incoming_packet); ++ state->incoming_packet = NULL; ++ if( state->compression_buffer ) { ++ buffer_free(state->compression_buffer); ++ state->compression_buffer = NULL; ++ } ++ newkeys_destroy_and_free(state->newkeys[MODE_IN]); ++ state->newkeys[MODE_IN] = NULL; ++ newkeys_destroy_and_free(state->newkeys[MODE_OUT]); ++ state->newkeys[MODE_OUT] = NULL; ++ mac_destroy(state->packet_discard_mac); ++// TAILQ_HEAD(, packet) outgoing; ++// memset(state, 0, sizeof(state)); ++} ++ ++void ++packet_destroy_all(int audit_it, int privsep) ++{ ++ if (audit_it) ++ audit_it = (active_state != NULL && packet_state_has_keys(active_state->state)) ++ || (backup_state != NULL && packet_state_has_keys(backup_state->state)); ++ if (active_state != NULL) ++ packet_destroy_state(active_state->state); ++ if (backup_state != NULL) ++ packet_destroy_state(backup_state->state); ++ if (audit_it) { ++#ifdef SSH_AUDIT_EVENTS ++ if (privsep) ++ audit_session_key_free(2); ++ else ++ audit_session_key_free_body(2, getpid(), getuid()); ++#endif ++ } ++} ++ + /* XXX TODO update roaming to new API (does not work anyway) */ + /* + * Save the state for the real connection, and use a separate state when +@@ -2272,18 +2373,12 @@ void + ssh_packet_backup_state(struct ssh *ssh, + struct ssh *backup_state) + { +- struct ssh *tmp; +- + close(ssh->state->connection_in); + ssh->state->connection_in = -1; + close(ssh->state->connection_out); + ssh->state->connection_out = -1; +- if (backup_state) +- tmp = backup_state; +- else +- tmp = ssh_alloc_session_state(); + backup_state = ssh; +- ssh = tmp; ++ ssh = ssh_alloc_session_state(); + } + + /* XXX FIXME FIXME FIXME */ +@@ -2302,9 +2397,7 @@ ssh_packet_restore_state(struct ssh *ssh + backup_state = ssh; + ssh = tmp; + ssh->state->connection_in = backup_state->state->connection_in; +- backup_state->state->connection_in = -1; + ssh->state->connection_out = backup_state->state->connection_out; +- backup_state->state->connection_out = -1; + len = sshbuf_len(backup_state->state->input); + if (len > 0) { + if ((r = sshbuf_putb(ssh->state->input, +@@ -2313,6 +2406,11 @@ ssh_packet_restore_state(struct ssh *ssh + sshbuf_reset(backup_state->state->input); + add_recv_bytes(len); + } ++ backup_state->state->connection_in = -1; ++ backup_state->state->connection_out = -1; ++ packet_destroy_state(backup_state->state); ++ free(backup_state); ++ backup_state = NULL; + } + + /* Reset after_authentication and reset compression in post-auth privsep */ +diff -up openssh-6.8p1/packet.h.audit openssh-6.8p1/packet.h +--- openssh-6.8p1/packet.h.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/packet.h 2015-03-20 13:41:15.097883774 +0100 +@@ -189,7 +189,7 @@ int sshpkt_get_end(struct ssh *ssh); + const u_char *sshpkt_ptr(struct ssh *, size_t *lenp); + + /* OLD API */ +-extern struct ssh *active_state; ++extern struct ssh *active_state, *backup_state; + #include "opacket.h" + + #if !defined(WITH_OPENSSL) +@@ -203,4 +203,5 @@ extern struct ssh *active_state; + # undef EC_POINT + #endif + ++void packet_destroy_all(int, int); + #endif /* PACKET_H */ +diff -up openssh-6.8p1/session.c.audit openssh-6.8p1/session.c +--- openssh-6.8p1/session.c.audit 2015-03-20 13:41:15.073883813 +0100 ++++ openssh-6.8p1/session.c 2015-03-20 13:41:15.097883774 +0100 +@@ -139,7 +139,7 @@ extern int log_stderr; + extern int debug_flag; + extern u_int utmp_len; + extern int startup_pipe; +-extern void destroy_sensitive_data(void); ++extern void destroy_sensitive_data(int); + extern Buffer loginmsg; + + /* original command from peer. */ +@@ -731,6 +731,14 @@ do_exec_pty(Session *s, const char *comm + /* Parent. Close the slave side of the pseudo tty. */ + close(ttyfd); + ++#ifndef HAVE_OSF_SIA ++ /* do_login in the child did not affect state in this process, ++ compensate. From an architectural standpoint, this is extremely ++ ugly. */ ++ if (!(options.use_login && command == NULL)) ++ audit_count_session_open(); ++#endif ++ + /* Enter interactive session. */ + s->ptymaster = ptymaster; + packet_set_interactive(1, +@@ -853,15 +861,19 @@ do_exec(Session *s, const char *command) + get_remote_port()); + + #ifdef SSH_AUDIT_EVENTS ++ if (s->command != NULL || s->command_handle != -1) ++ fatal("do_exec: command already set"); + if (command != NULL) +- PRIVSEP(audit_run_command(command)); ++ s->command = xstrdup(command); + else if (s->ttyfd == -1) { + char *shell = s->pw->pw_shell; + + if (shell[0] == '\0') /* empty shell means /bin/sh */ + shell =_PATH_BSHELL; +- PRIVSEP(audit_run_command(shell)); ++ s->command = xstrdup(shell); + } ++ if (s->command != NULL && s->ptyfd == -1) ++ s->command_handle = PRIVSEP(audit_run_command(s->command)); + #endif + if (s->ttyfd != -1) + ret = do_exec_pty(s, command); +@@ -1704,7 +1716,10 @@ do_child(Session *s, const char *command + int r = 0; + + /* remove hostkey from the child's memory */ +- destroy_sensitive_data(); ++ destroy_sensitive_data(1); ++ /* Don't audit this - both us and the parent would be talking to the ++ monitor over a single socket, with no synchronization. */ ++ packet_destroy_all(0, 1); + + /* Force a password change */ + if (s->authctxt->force_pwchange) { +@@ -1934,6 +1949,7 @@ session_unused(int id) + sessions[id].ttyfd = -1; + sessions[id].ptymaster = -1; + sessions[id].x11_chanids = NULL; ++ sessions[id].command_handle = -1; + sessions[id].next_unused = sessions_first_unused; + sessions_first_unused = id; + } +@@ -2016,6 +2032,19 @@ session_open(Authctxt *authctxt, int cha + } + + Session * ++session_by_id(int id) ++{ ++ if (id >= 0 && id < sessions_nalloc) { ++ Session *s = &sessions[id]; ++ if (s->used) ++ return s; ++ } ++ debug("session_by_id: unknown id %d", id); ++ session_dump(); ++ return NULL; ++} ++ ++Session * + session_by_tty(char *tty) + { + int i; +@@ -2532,6 +2561,32 @@ session_exit_message(Session *s, int sta + chan_write_failed(c); + } + ++#ifdef SSH_AUDIT_EVENTS ++void ++session_end_command2(Session *s) ++{ ++ if (s->command != NULL) { ++ if (s->command_handle != -1) ++ audit_end_command(s->command_handle, s->command); ++ free(s->command); ++ s->command = NULL; ++ s->command_handle = -1; ++ } ++} ++ ++static void ++session_end_command(Session *s) ++{ ++ if (s->command != NULL) { ++ if (s->command_handle != -1) ++ PRIVSEP(audit_end_command(s->command_handle, s->command)); ++ free(s->command); ++ s->command = NULL; ++ s->command_handle = -1; ++ } ++} ++#endif ++ + void + session_close(Session *s) + { +@@ -2540,6 +2593,10 @@ session_close(Session *s) + debug("session_close: session %d pid %ld", s->self, (long)s->pid); + if (s->ttyfd != -1) + session_pty_cleanup(s); ++#ifdef SSH_AUDIT_EVENTS ++ if (s->command) ++ session_end_command(s); ++#endif + free(s->term); + free(s->display); + free(s->x11_chanids); +@@ -2754,6 +2811,15 @@ do_authenticated2(Authctxt *authctxt) + server_loop2(authctxt); + } + ++static void ++do_cleanup_one_session(Session *s) ++{ ++ session_pty_cleanup2(s); ++#ifdef SSH_AUDIT_EVENTS ++ session_end_command2(s); ++#endif ++} ++ + void + do_cleanup(Authctxt *authctxt) + { +@@ -2802,5 +2868,5 @@ do_cleanup(Authctxt *authctxt) + * or if running in monitor. + */ + if (!use_privsep || mm_is_monitor()) +- session_destroy_all(session_pty_cleanup2); ++ session_destroy_all(do_cleanup_one_session); + } +diff -up openssh-6.8p1/session.h.audit openssh-6.8p1/session.h +--- openssh-6.8p1/session.h.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/session.h 2015-03-20 13:41:15.097883774 +0100 +@@ -61,6 +61,12 @@ struct Session { + char *name; + char *val; + } *env; ++ ++ /* exec */ ++#ifdef SSH_AUDIT_EVENTS ++ int command_handle; ++ char *command; ++#endif + }; + + void do_authenticated(Authctxt *); +@@ -73,8 +79,10 @@ void session_close_by_pid(pid_t, int); + void session_close_by_channel(int, void *); + void session_destroy_all(void (*)(Session *)); + void session_pty_cleanup2(Session *); ++void session_end_command2(Session *); + + Session *session_new(void); ++Session *session_by_id(int); + Session *session_by_tty(char *); + void session_close(Session *); + void do_setusercontext(struct passwd *); +diff -up openssh-6.8p1/sshd.c.audit openssh-6.8p1/sshd.c +--- openssh-6.8p1/sshd.c.audit 2015-03-20 13:41:15.083883796 +0100 ++++ openssh-6.8p1/sshd.c 2015-03-20 13:41:15.110883753 +0100 +@@ -121,6 +124,7 @@ + #endif + #include "monitor_wrap.h" + #include "roaming.h" ++#include "audit.h" + #include "ssh-sandbox.h" + #include "version.h" + #include "ssherr.h" +@@ -260,7 +264,7 @@ Buffer loginmsg; + struct passwd *privsep_pw = NULL; + + /* Prototypes for various functions defined later in this file. */ +-void destroy_sensitive_data(void); ++void destroy_sensitive_data(int); + void demote_sensitive_data(void); + + #ifdef WITH_SSH1 +@@ -281,6 +285,15 @@ close_listen_socks(void) + num_listen_socks = -1; + } + ++/* ++ * Is this process listening for clients (i.e. not specific to any specific ++ * client connection?) ++ */ ++int listening_for_clients(void) ++{ ++ return num_listen_socks > 0; ++} ++ + static void + close_startup_pipes(void) + { +@@ -560,22 +573,45 @@ sshd_exchange_identification(int sock_in + } + } + +-/* Destroy the host and server keys. They will no longer be needed. */ ++/* ++ * Destroy the host and server keys. They will no longer be needed. Careful, ++ * this can be called from cleanup_exit() - i.e. from just about anywhere. ++ */ + void +-destroy_sensitive_data(void) ++destroy_sensitive_data(int privsep) + { + int i; ++ pid_t pid; ++ uid_t uid; + + if (sensitive_data.server_key) { + key_free(sensitive_data.server_key); + sensitive_data.server_key = NULL; + } ++ pid = getpid(); ++ uid = getuid(); + for (i = 0; i < options.num_host_key_files; i++) { + if (sensitive_data.host_keys[i]) { ++ char *fp; ++ ++ if (key_is_private(sensitive_data.host_keys[i])) ++ fp = sshkey_fingerprint(sensitive_data.host_keys[i], options.fingerprint_hash, SSH_FP_HEX); ++ else ++ fp = NULL; + key_free(sensitive_data.host_keys[i]); + sensitive_data.host_keys[i] = NULL; ++ if (fp != NULL) { ++ if (privsep) ++ PRIVSEP(audit_destroy_sensitive_data(fp, ++ pid, uid)); ++ else ++ audit_destroy_sensitive_data(fp, ++ pid, uid); ++ free(fp); ++ } + } +- if (sensitive_data.host_certificates[i]) { ++ if (sensitive_data.host_certificates ++ && sensitive_data.host_certificates[i]) { + key_free(sensitive_data.host_certificates[i]); + sensitive_data.host_certificates[i] = NULL; + } +@@ -589,6 +625,8 @@ void + demote_sensitive_data(void) + { + Key *tmp; ++ pid_t pid; ++ uid_t uid; + int i; + + if (sensitive_data.server_key) { +@@ -597,13 +635,25 @@ demote_sensitive_data(void) + sensitive_data.server_key = tmp; + } + ++ pid = getpid(); ++ uid = getuid(); + for (i = 0; i < options.num_host_key_files; i++) { + if (sensitive_data.host_keys[i]) { ++ char *fp; ++ ++ if (key_is_private(sensitive_data.host_keys[i])) ++ fp = sshkey_fingerprint(sensitive_data.host_keys[i], options.fingerprint_hash, SSH_FP_HEX); ++ else ++ fp = NULL; + tmp = key_demote(sensitive_data.host_keys[i]); + key_free(sensitive_data.host_keys[i]); + sensitive_data.host_keys[i] = tmp; + if (tmp->type == KEY_RSA1) + sensitive_data.ssh1_host_key = tmp; ++ if (fp != NULL) { ++ audit_destroy_sensitive_data(fp, pid, uid); ++ free(fp); ++ } + } + /* Certs do not need demotion */ + } +@@ -675,7 +725,7 @@ privsep_preauth(Authctxt *authctxt) + + if (use_privsep == PRIVSEP_ON) + box = ssh_sandbox_init(pmonitor); +- pid = fork(); ++ pmonitor->m_pid = pid = fork(); + if (pid == -1) { + fatal("fork of unprivileged child failed"); + } else if (pid != 0) { +@@ -759,6 +811,12 @@ privsep_postauth(Authctxt *authctxt) + else if (pmonitor->m_pid != 0) { + verbose("User child is on pid %ld", (long)pmonitor->m_pid); + buffer_clear(&loginmsg); ++ if (*pmonitor->m_pkex != NULL ){ ++ newkeys_destroy((*pmonitor->m_pkex)->newkeys[MODE_OUT]); ++ newkeys_destroy((*pmonitor->m_pkex)->newkeys[MODE_IN]); ++ audit_session_key_free_body(2, getpid(), getuid()); ++ packet_destroy_all(0, 0); ++ } + monitor_child_postauth(pmonitor); + + /* NEVERREACHED */ +@@ -1286,6 +1341,7 @@ server_accept_loop(int *sock_in, int *so + if (received_sigterm) { + logit("Received signal %d; terminating.", + (int) received_sigterm); ++ destroy_sensitive_data(0); + close_listen_socks(); + if (options.pid_file != NULL) + unlink(options.pid_file); +@@ -2242,6 +2321,7 @@ main(int ac, char **av) + */ + if (use_privsep) { + mm_send_keystate(pmonitor); ++ packet_destroy_all(1, 1); + exit(0); + } + +@@ -2287,7 +2367,7 @@ main(int ac, char **av) + privsep_postauth(authctxt); + /* the monitor process [priv] will not return */ + if (!compat20) +- destroy_sensitive_data(); ++ destroy_sensitive_data(0); + } + + packet_set_timeout(options.client_alive_interval, +@@ -2301,6 +2381,9 @@ main(int ac, char **av) + do_authenticated(authctxt); + + /* The connection has been terminated. */ ++ packet_destroy_all(1, 1); ++ destroy_sensitive_data(1); ++ + packet_get_bytes(&ibytes, &obytes); + verbose("Transferred: sent %llu, received %llu bytes", + (unsigned long long)obytes, (unsigned long long)ibytes); +@@ -2461,6 +2544,10 @@ do_ssh1_kex(void) + if (cookie[i] != packet_get_char()) + packet_disconnect("IP Spoofing check bytes do not match."); + ++#ifdef SSH_AUDIT_EVENTS ++ audit_kex(2, cipher_name(cipher_type), "crc", "none", "none"); ++#endif ++ + debug("Encryption type: %.200s", cipher_name(cipher_type)); + + /* Get the encrypted integer. */ +@@ -2520,7 +2607,7 @@ do_ssh1_kex(void) + } + + /* Destroy the private and public keys. No longer. */ +- destroy_sensitive_data(); ++ destroy_sensitive_data(1); + + if (use_privsep) + mm_ssh1_session_id(session_id); +@@ -2703,6 +2802,16 @@ do_ssh2_kex(void) + void + cleanup_exit(int i) + { ++ static int in_cleanup = 0; ++ int is_privsep_child; ++ ++ /* cleanup_exit can be called at the very least from the privsep ++ wrappers used for auditing. Make sure we don't recurse ++ indefinitely. */ ++ if (in_cleanup) ++ _exit(i); ++ in_cleanup = 1; ++ + if (the_authctxt) { + do_cleanup(the_authctxt); + if (use_privsep && privsep_is_preauth && +@@ -2714,9 +2823,14 @@ cleanup_exit(int i) + pmonitor->m_pid, strerror(errno)); + } + } ++ is_privsep_child = use_privsep && pmonitor != NULL && pmonitor->m_pid == 0; ++ if (sensitive_data.host_keys != NULL) ++ destroy_sensitive_data(is_privsep_child); ++ packet_destroy_all(1, is_privsep_child); + #ifdef SSH_AUDIT_EVENTS + /* done after do_cleanup so it can cancel the PAM auth 'thread' */ +- if (!use_privsep || mm_is_monitor()) ++ if ((the_authctxt == NULL || !the_authctxt->authenticated) && ++ (!use_privsep || mm_is_monitor())) + audit_event(SSH_CONNECTION_ABANDON); + #endif + _exit(i); +diff -up openssh-6.8p1/sshkey.c.audit openssh-6.8p1/sshkey.c +--- openssh-6.8p1/sshkey.c.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/sshkey.c 2015-03-20 13:41:15.111883751 +0100 +@@ -317,6 +319,33 @@ sshkey_type_is_valid_ca(int type) + } + + int ++sshkey_is_private(const struct sshkey *k) ++{ ++ switch (k->type) { ++ case KEY_RSA_CERT_V00: ++ case KEY_RSA_CERT: ++ case KEY_RSA1: ++ case KEY_RSA: ++ return k->rsa->d != NULL; ++ case KEY_DSA_CERT_V00: ++ case KEY_DSA_CERT: ++ case KEY_DSA: ++ return k->dsa->priv_key != NULL; ++#ifdef OPENSSL_HAS_ECC ++ case KEY_ECDSA_CERT: ++ case KEY_ECDSA: ++ return EC_KEY_get0_private_key(k->ecdsa) != NULL; ++#endif ++ case KEY_ED25519_CERT: ++ case KEY_ED25519: ++ return (k->ed25519_pk != NULL); ++ default: ++ /* fatal("key_is_private: bad key type %d", k->type); */ ++ return 0; ++ } ++} ++ ++int + sshkey_is_cert(const struct sshkey *k) + { + if (k == NULL) +diff -up openssh-6.8p1/sshkey.h.audit openssh-6.8p1/sshkey.h +--- openssh-6.8p1/sshkey.h.audit 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/sshkey.h 2015-03-20 13:41:15.098883772 +0100 +@@ -134,6 +134,7 @@ u_int sshkey_size(const struct sshkey + int sshkey_generate(int type, u_int bits, struct sshkey **keyp); + int sshkey_from_private(const struct sshkey *, struct sshkey **); + int sshkey_type_from_name(const char *); ++int sshkey_is_private(const struct sshkey *); + int sshkey_is_cert(const struct sshkey *); + int sshkey_type_is_cert(int); + int sshkey_type_plain(int); +diff -up openssh-6.8p1/sandbox-seccomp-filter.c.audit openssh-6.8p1/sandbox-seccomp-filter.c +--- openssh-6.8p1/sandbox-seccomp-filter.c.audit 2015-03-20 13:41:15.088883788 +0100 ++++ openssh-6.8p1/sandbox-seccomp-filter.c 2015-03-20 13:41:15.097883774 +0100 +@@ -110,6 +110,12 @@ static const struct sock_filter preauth_ + #ifdef __NR_time /* not defined on EABI ARM */ + SC_ALLOW(time), + #endif ++#ifdef SSH_AUDIT_EVENTS ++ SC_ALLOW(getuid), ++#ifdef __NR_getuid32 /* not defined on x86_64 */ ++ SC_ALLOW(getuid32), ++#endif ++#endif + SC_ALLOW(read), + SC_ALLOW(write), + SC_ALLOW(close), diff --git a/openssh/patches/openssh-6.7p1-seccomp-aarch64.patch b/openssh/patches/openssh-6.7p1-seccomp-aarch64.patch new file mode 100644 index 0000000..4285bd9 --- /dev/null +++ b/openssh/patches/openssh-6.7p1-seccomp-aarch64.patch @@ -0,0 +1,66 @@ +diff --git a/configure.ac b/configure.ac +index 4065d0e..d59ad44 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -764,9 +764,12 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) + i*86-*) + seccomp_audit_arch=AUDIT_ARCH_I386 + ;; +- arm*-*) ++ aarch64*-*) ++ seccomp_audit_arch=AUDIT_ARCH_AARCH64 ++ ;; ++ arm*-*) + seccomp_audit_arch=AUDIT_ARCH_ARM +- ;; ++ ;; + esac + if test "x$seccomp_audit_arch" != "x" ; then + AC_MSG_RESULT(["$seccomp_audit_arch"]) +diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c +index 095b04a..52f6810 100644 +--- a/sandbox-seccomp-filter.c ++++ b/sandbox-seccomp-filter.c +@@ -90,8 +90,20 @@ static const struct sock_filter preauth_insns[] = { + /* Load the syscall number for checking. */ + BPF_STMT(BPF_LD+BPF_W+BPF_ABS, + offsetof(struct seccomp_data, nr)), +- SC_DENY(open, EACCES), +- SC_DENY(stat, EACCES), ++ SC_DENY(openat, EACCES), ++#ifdef __NR_open ++ SC_DENY(open, EACCES), /* not on AArch64 */ ++#endif ++#ifdef __NR_fstat ++ SC_DENY(fstat, EACCES), /* x86_64, Aarch64 */ ++#endif ++#if defined(__NR_stat64) && defined(__NR_fstat64) ++ SC_DENY(stat64, EACCES), /* ix86, arm */ ++ SC_DENY(fstat64, EACCES), ++#endif ++#ifdef __NR_newfstatat ++ SC_DENY(newfstatat, EACCES), /* Aarch64 */ ++#endif + SC_ALLOW(getpid), + SC_ALLOW(gettimeofday), + SC_ALLOW(clock_gettime), +@@ -111,12 +123,19 @@ static const struct sock_filter preauth_insns[] = { + SC_ALLOW(shutdown), + #endif + SC_ALLOW(brk), ++#ifdef __NR_poll /* not on AArch64 */ + SC_ALLOW(poll), ++#endif + #ifdef __NR__newselect + SC_ALLOW(_newselect), + #else ++#ifdef __NR_select /* not on AArch64 */ + SC_ALLOW(select), + #endif ++#ifdef __NR_pselect6 /* AArch64 */ ++ SC_ALLOW(pselect6), ++#endif ++#endif + SC_ALLOW(madvise), + #ifdef __NR_mmap2 /* EABI ARM only has mmap2() */ + SC_ALLOW(mmap2), diff --git a/openssh/patches/openssh-6.7p1-sftp-force-permission.patch b/openssh/patches/openssh-6.7p1-sftp-force-permission.patch new file mode 100644 index 0000000..1a88e50 --- /dev/null +++ b/openssh/patches/openssh-6.7p1-sftp-force-permission.patch @@ -0,0 +1,81 @@ +diff -up openssh-6.8p1/sftp-server.8.sftp-force-mode openssh-6.8p1/sftp-server.8 +--- openssh-6.8p1/sftp-server.8.sftp-force-mode 2015-03-17 06:49:20.000000000 +0100 ++++ openssh-6.8p1/sftp-server.8 2015-03-18 13:18:05.898306477 +0100 +@@ -38,6 +38,7 @@ + .Op Fl P Ar blacklisted_requests + .Op Fl p Ar whitelisted_requests + .Op Fl u Ar umask ++.Op Fl m Ar force_file_perms + .Ek + .Nm + .Fl Q Ar protocol_feature +@@ -138,6 +139,10 @@ Sets an explicit + .Xr umask 2 + to be applied to newly-created files and directories, instead of the + user's default mask. ++.It Fl m Ar force_file_perms ++Sets explicit file permissions to be applied to newly-created files instead ++of the default or client requested mode. Numeric values include: ++777, 755, 750, 666, 644, 640, etc. Option -u is ineffective if -m is set. + .El + .Pp + On some systems, +diff -up openssh-6.8p1/sftp-server.c.sftp-force-mode openssh-6.8p1/sftp-server.c +--- openssh-6.8p1/sftp-server.c.sftp-force-mode 2015-03-18 13:18:05.883306513 +0100 ++++ openssh-6.8p1/sftp-server.c 2015-03-18 13:18:36.697232193 +0100 +@@ -70,6 +70,10 @@ struct sshbuf *oqueue; + /* Version of client */ + static u_int version; + ++/* Force file permissions */ ++int permforce = 0; ++long permforcemode; ++ + /* SSH2_FXP_INIT received */ + static int init_done; + +@@ -693,6 +697,10 @@ process_open(u_int32_t id) + debug3("request %u: open flags %d", id, pflags); + flags = flags_from_portable(pflags); + mode = (a.flags & SSH2_FILEXFER_ATTR_PERMISSIONS) ? a.perm : 0666; ++ if (permforce == 1) { /* Force perm if -m is set */ ++ mode = permforcemode; ++ (void)umask(0); /* so umask does not interfere */ ++ } + logit("open "%s" flags %s mode 0%o", + name, string_from_portable(pflags), mode); + if (readonly && +@@ -1495,7 +1503,7 @@ sftp_server_usage(void) + fprintf(stderr, + "usage: %s [-ehR] [-d start_directory] [-f log_facility] " + "[-l log_level]\n\t[-P blacklisted_requests] " +- "[-p whitelisted_requests] [-u umask]\n" ++ "[-p whitelisted_requests] [-u umask] [-m force_file_perms]\n" + " %s -Q protocol_feature\n", + __progname, __progname); + exit(1); +@@ -1520,7 +1528,7 @@ sftp_server_main(int argc, char **argv, + pw = pwcopy(user_pw); + + while (!skipargs && (ch = getopt(argc, argv, +- "d:f:l:P:p:Q:u:cehR")) != -1) { ++ "d:f:l:P:p:Q:u:m:cehR")) != -1) { + switch (ch) { + case 'Q': + if (strcasecmp(optarg, "requests") != 0) { +@@ -1580,6 +1588,15 @@ sftp_server_main(int argc, char **argv, + fatal("Invalid umask "%s"", optarg); + (void)umask((mode_t)mask); + break; ++ case 'm': ++ /* Force permissions on file received via sftp */ ++ permforce = 1; ++ permforcemode = strtol(optarg, &cp, 8); ++ if (permforcemode < 0 || permforcemode > 0777 || ++ *cp != '\0' || (permforcemode == 0 && ++ errno != 0)) ++ fatal("Invalid file mode "%s"", optarg); ++ break; + case 'h': + default: + sftp_server_usage(); diff --git a/perl-BDB/perl-BDB.nm b/perl-BDB/perl-BDB.nm index 508e914..507bffd 100644 --- a/perl-BDB/perl-BDB.nm +++ b/perl-BDB/perl-BDB.nm @@ -4,7 +4,7 @@ ###############################################################################
name = perl-BDB -version = 1.9 +version = 1.91 release = 1 thisapp = BDB-%{version}
@@ -36,13 +36,14 @@ build make test end
- make_install_targets = pure_install DESTDIR=%{BUILDROOT} + make_install_targets = \ + pure_install DESTDIR=%{BUILDROOT} end
packages package %{name} requires - perl + perl(:MODULE_COMPAT_%{perl_version}) end end
diff --git a/perl-Coro/perl-Coro.nm b/perl-Coro/perl-Coro.nm index e263a67..cad57d0 100644 --- a/perl-Coro/perl-Coro.nm +++ b/perl-Coro/perl-Coro.nm @@ -4,7 +4,7 @@ ###############################################################################
name = perl-Coro -version = 6.08 +version = 6.42 release = 1 thisapp = Coro-%{version}
@@ -40,7 +40,8 @@ build make %{PARALLELISMFLAGS} end
- make_install_targets = pure_install DESTDIR=%{BUILDROOT} + make_install_targets = \ + pure_install DESTDIR=%{BUILDROOT} end
packages @@ -55,7 +56,7 @@ packages end
requires - perl + perl(:MODULE_COMPAT_%{perl_version}) end end
diff --git a/perl-Crypt-PasswdMD5/perl-Crypt-PasswdMD5.nm b/perl-Crypt-PasswdMD5/perl-Crypt-PasswdMD5.nm index 9e5a596..25b9fae 100644 --- a/perl-Crypt-PasswdMD5/perl-Crypt-PasswdMD5.nm +++ b/perl-Crypt-PasswdMD5/perl-Crypt-PasswdMD5.nm @@ -4,8 +4,8 @@ ###############################################################################
name = perl-Crypt-PasswdMD5 -version = 1.3 -release = 2 +version = 1.40 +release = 1 arch = noarch thisapp = Crypt-PasswdMD5-%{version}
@@ -18,7 +18,8 @@ description This package provides MD5-based crypt() functions. end
-source_dl = http://search.cpan.org/CPAN/authors/id/L/LU/LUISMUNOZ/ +source_dl = http://search.cpan.org/CPAN/authors/id/R/RS/RSAVAGE/ +sources = %{thisapp}.tgz
build requires @@ -30,17 +31,10 @@ build make %{PARALLELISMFLAGS} end
- make_install_targets = pure_install + make_install_targets = \ + pure_install end
packages package %{name} - requires - perl - end - end - - package %{name}-debuginfo - template DEBUGINFO - end end diff --git a/perl-DBI/perl-DBI.nm b/perl-DBI/perl-DBI.nm index 84cb0e1..9e76605 100644 --- a/perl-DBI/perl-DBI.nm +++ b/perl-DBI/perl-DBI.nm @@ -4,7 +4,7 @@ ###############################################################################
name = perl-DBI -version = 1.618 +version = 1.633 release = 1 thisapp = DBI-%{version}
@@ -37,7 +37,8 @@ build make test end
- make_install_targets = pure_install DESTDIR=%{BUILDROOT} + make_install_targets = \ + pure_install DESTDIR=%{BUILDROOT} end
packages @@ -48,7 +49,7 @@ packages end
requires - perl + perl(:MODULE_COMPAT_%{perl_version}) end end
diff --git a/perl-Digest-SHA1/perl-Digest-SHA1.nm b/perl-Digest-SHA1/perl-Digest-SHA1.nm index 8c34a86..736fd9c 100644 --- a/perl-Digest-SHA1/perl-Digest-SHA1.nm +++ b/perl-Digest-SHA1/perl-Digest-SHA1.nm @@ -5,7 +5,7 @@
name = perl-Digest-SHA1 version = 2.13 -release = 3 +release = 4 thisapp = Digest-SHA1-%{version}
groups = Development/Libraries @@ -40,11 +40,16 @@ build make %{PARALLELISMFLAGS} end
- make_install_targets = pure_install + make_install_targets = \ + pure_install end
packages package %{name} + requires + perl(:MODULE_COMPAT_%{perl_version}) + end + end
package %{name}-debuginfo template DEBUGINFO diff --git a/perl-FCGI/perl-FCGI.nm b/perl-FCGI/perl-FCGI.nm index b5bce3f..a810587 100644 --- a/perl-FCGI/perl-FCGI.nm +++ b/perl-FCGI/perl-FCGI.nm @@ -4,8 +4,8 @@ ###############################################################################
name = perl-FCGI -version = 0.74 -release = 2 +version = 0.77 +release = 1 thisapp = FCGI-%{version}
groups = Development/Libraries @@ -17,7 +17,7 @@ description FastCGI perl bindings. end
-source_dl = http://search.cpan.org/CPAN/authors/id/F/FL/FLORA/ +source_dl = http://search.cpan.org/CPAN/authors/id/E/ET/ETHER/
build requires @@ -34,13 +34,14 @@ build make test end
- make_install_targets = pure_install DESTDIR=%{BUILDROOT} + make_install_targets = \ + pure_install DESTDIR=%{BUILDROOT} end
packages package %{name} requires - perl + perl(:MODULE_COMPAT_%{perl_version}) end end
diff --git a/perl-HTML-Parser/perl-HTML-Parser.nm b/perl-HTML-Parser/perl-HTML-Parser.nm index dd491b6..1d55894 100644 --- a/perl-HTML-Parser/perl-HTML-Parser.nm +++ b/perl-HTML-Parser/perl-HTML-Parser.nm @@ -4,7 +4,7 @@ ###############################################################################
name = perl-HTML-Parser -version = 3.68 +version = 3.71 release = 1
groups = Development/Libratries @@ -18,7 +18,7 @@ description HTML::LinkExtor, HTML::PullParser, and HTML::TokeParser modules. end
-source_dl = +source_dl = http://search.cpan.org/CPAN/authors/id/G/GA/GAAS/
thisapp = HTML-Parser-%{version}
@@ -42,6 +42,10 @@ end
packages package %{name} + requires + perl(:MODULE_COMPAT_%{perl_version}) + end + end
package %{name}-debuginfo template DEBUGINFO diff --git a/perl-HTML-Tagset/perl-HTML-Tagset.nm b/perl-HTML-Tagset/perl-HTML-Tagset.nm index 105196c..9a1d342 100644 --- a/perl-HTML-Tagset/perl-HTML-Tagset.nm +++ b/perl-HTML-Tagset/perl-HTML-Tagset.nm @@ -19,7 +19,7 @@ description HTML parsing operations, such as tag and entity names. end
-source_dl = +source_dl = http://search.cpan.org/CPAN/authors/id/P/PE/PETDANCE/
build requires diff --git a/perl-IO-AIO/perl-IO-AIO.nm b/perl-IO-AIO/perl-IO-AIO.nm index 2565f49..b2adec7 100644 --- a/perl-IO-AIO/perl-IO-AIO.nm +++ b/perl-IO-AIO/perl-IO-AIO.nm @@ -4,7 +4,7 @@ ###############################################################################
name = perl-IO-AIO -version = 4.15 +version = 4.32 release = 1 thisapp = IO-AIO-%{version}
@@ -37,7 +37,8 @@ build make test end
- make_install_targets = pure_install DESTDIR=%{BUILDROOT} + make_install_targets = \ + pure_install DESTDIR=%{BUILDROOT}
install_cmds # Remove script we don't want packaged @@ -48,7 +49,7 @@ end packages package %{name} requires - perl + perl(:MODULE_COMPAT_%{perl_version}) end end
diff --git a/perl-TermReadKey/perl-TermReadKey.nm b/perl-TermReadKey/perl-TermReadKey.nm index bae844b..20896ca 100644 --- a/perl-TermReadKey/perl-TermReadKey.nm +++ b/perl-TermReadKey/perl-TermReadKey.nm @@ -4,7 +4,7 @@ ###############################################################################
name = perl-TermReadKey -version = 2.30 +version = 2.32 release = 1 thisapp = TermReadKey-%{version}
@@ -38,13 +38,14 @@ build make %{PARALLELISMFLAGS} end
- make_install_targets = pure_install + make_install_targets = \ + pure_install end
packages package %{name} requires - perl + perl(:MODULE_COMPAT_%{perl_version}) end end
diff --git a/perl-Tk/perl-Tk.nm b/perl-Tk/perl-Tk.nm index 23edebd..9c7e449 100644 --- a/perl-Tk/perl-Tk.nm +++ b/perl-Tk/perl-Tk.nm @@ -4,8 +4,8 @@ ###############################################################################
name = perl-Tk -version = 804.029 -release = 2 +version = 804.033 +release = 1 thisapp = Tk-%{version}
groups = Development/Libraries @@ -57,6 +57,10 @@ packages perl(Tk::TextReindex) perl(Tk) = %{version} end + + requires + perl(:MODULE_COMPAT_%{perl_version}) + end end
package %{name}-devel diff --git a/perl-URI/perl-URI.nm b/perl-URI/perl-URI.nm index cd88c7d..060448f 100644 --- a/perl-URI/perl-URI.nm +++ b/perl-URI/perl-URI.nm @@ -4,7 +4,7 @@ ###############################################################################
name = perl-URI -version = 1.56 +version = 1.67 release = 1 arch = noarch thisapp = URI-%{version} @@ -20,7 +20,7 @@ description updated by RFC 2732). end
-source_dl = +source_dl = http://search.cpan.org/CPAN/authors/id/E/ET/ETHER/
build requires diff --git a/perl-WWW-Curl/perl-WWW-Curl.nm b/perl-WWW-Curl/perl-WWW-Curl.nm index 8a20f72..84895f8 100644 --- a/perl-WWW-Curl/perl-WWW-Curl.nm +++ b/perl-WWW-Curl/perl-WWW-Curl.nm @@ -4,8 +4,8 @@ ###############################################################################
name = perl-WWW-Curl -version = 4.15 -release = 2 +version = 4.17 +release = 1 thisapp = WWW-Curl-%{version}
groups = Development/Libraries @@ -37,7 +37,7 @@ end packages package %{name} requires - perl + perl(:MODULE_COMPAT_%{perl_version}) end end
diff --git a/perl-XML-Parser/perl-XML-Parser.nm b/perl-XML-Parser/perl-XML-Parser.nm index 6a2ce7a..7c3b249 100644 --- a/perl-XML-Parser/perl-XML-Parser.nm +++ b/perl-XML-Parser/perl-XML-Parser.nm @@ -4,7 +4,7 @@ ###############################################################################
name = perl-XML-Parser -version = 2.36 +version = 2.44 release = 1 thisapp = XML-Parser-%{version}
@@ -14,12 +14,12 @@ license = GPL+ or Artistic summary = Perl module for parsing XML files.
description - This module provides ways to parse XML documents. It is built on \ - top of XML::Parser::Expat, which is a lower level interface to \ + This module provides ways to parse XML documents. It is built on + top of XML::Parser::Expat, which is a lower level interface to James Clark's expat library. end
-source_dl = +source_dl = http://search.cpan.org/CPAN/authors/id/T/TO/TODDR/
build requires @@ -43,7 +43,7 @@ end packages package %{name} requires - perl + perl(:MODULE_COMPAT_%{perl_version}) end end
diff --git a/perl-common-sense/perl-common-sense.nm b/perl-common-sense/perl-common-sense.nm index f6dfb0e..f71a743 100644 --- a/perl-common-sense/perl-common-sense.nm +++ b/perl-common-sense/perl-common-sense.nm @@ -4,7 +4,7 @@ ###############################################################################
name = perl-common-sense -version = 3.5 +version = 3.73 release = 1 arch = noarch thisapp = common-sense-%{version} @@ -41,13 +41,14 @@ build make test end
- make_install_targets = pure_install DESTDIR=%{BUILDROOT} + make_install_targets = \ + pure_install DESTDIR=%{BUILDROOT} end
packages package %{name} requires - perl + perl(:MODULE_COMPAT_%{perl_version}) end end end diff --git a/perl-libintl-perl/perl-libintl-perl.nm b/perl-libintl-perl/perl-libintl-perl.nm index eb511b0..bb3b8c5 100644 --- a/perl-libintl-perl/perl-libintl-perl.nm +++ b/perl-libintl-perl/perl-libintl-perl.nm @@ -5,7 +5,7 @@
name = perl-libintl-perl version = 1.23 -release = 1 +release = 2 thisapp = libintl-perl-%{version}
groups = Development/Libraries @@ -23,6 +23,7 @@ source_dl = http://search.cpan.org/CPAN/authors/id/G/GU/GUIDO/
build requires + /usr/bin/xsubpp # required for perl macros pakfire-builder >= 0.9.23-6 perl(ExtUtils::MakeMaker) @@ -37,11 +38,16 @@ build make test end
- make_install_targets = pure_install DESTDIR=%{BUILDROOT} + make_install_targets = \ + pure_install DESTDIR=%{BUILDROOT} end
packages package %{name} + requires + perl(:MODULE_COMPAT_%{perl_version}) + end + end
package %{name}-debuginfo template DEBUGINFO diff --git a/perl/perl.nm b/perl/perl.nm index 36ff855..ce7fbf3 100644 --- a/perl/perl.nm +++ b/perl/perl.nm @@ -6,7 +6,7 @@ name = perl version = 5.20.2 # Never reset release in this package, just increase. -release = 12 +release = 13.1
perl_epoch = 2 thisver = %{perl_epoch}:%{version}-%{_release} @@ -198,9 +198,7 @@ packages perl(timelocal.pl) perl(utf8_heavy.pl) perl(validate.pl) - perl(Exporter) perl(File::Basename) - perl(constant) perl(strict) perl(vars) end @@ -1032,6 +1030,7 @@ packages
requires %{perl_requires} + /usr/bin/xsubpp perl-devel perl(Data::Dumper) perl(ExtUtils::Command) diff --git a/shadow-utils/shadow-utils.nm b/shadow-utils/shadow-utils.nm index f2a88f8..378121e 100644 --- a/shadow-utils/shadow-utils.nm +++ b/shadow-utils/shadow-utils.nm @@ -5,7 +5,7 @@
name = shadow-utils version = 4.2.1 -release = 2 +release = 2.1 thisapp = shadow-%{version}
maintainer = Michael Tremer michael.tremer@ipfire.org @@ -28,6 +28,7 @@ build audit-devel bison flex + gnome-doc-utils libacl-devel libattr-devel libcap-devel @@ -44,9 +45,6 @@ build --disable-static \ --with-group-name-max-length=32
- # Generating man pages requires gnome-doc-utils - configure_options += --disable-man - prepare_cmds # Do not build these files: for i in nologin chfn chgpasswd chpasswd chsh expiry gpasswd groups login \
hooks/post-receive -- IPFire 3.x development tree