Darren Tucker's OpenSSH Page: Old Patches

On the off chance someone wants them, old patches are archived here.

OpenSSH patches for AIX

OpenSSH 3.0.2p1 AIX .bff patch Create AIX installp/SMIT installable .bff/.lpp packages of OpenSSH (updated 2002/3/4)

This patch was integrated before 3.1p1. Unfortunately other changes caused the scripts to break just before 3.1p1 shipped. The next patch fixes that and adds some sanity checks.

OpenSSH 3.1p1 AIX .bff patch Fixes errors "0503-005 inutoc: The format of the toc file is invalid." and "0503-019 inutoc: openssh 1 is an invalid level." in AIX buildbff script shipped with OpenSSH 3.1p1

OpenSSH 3.3p1 AIX .bff patch This patch is included in 3.4p1.


OpenSSH 3.4p1 AIX .bff patch

OpenSSH 3.5p1 AIX .bff patch



AIXMulti-Platform Password Expiry

These are old patches against 3.5p1 to add password expiry to sshd, based originally on patches by Pablo Sor and Mark Pitt. Includes "your password will expire on ..." warnings.

openssh-3.5p1-aixpassexpire.patch Original patch against 3.5p1. Uses /bin/passwd in session. (2002-10-13).
openssh-3.5p1-aixpassexpire2.patch Updated 2002-10-19. Invokes /usr/bin/passwd in the session to change password.
openssh-3.5p1-aixpassexpire3.patch Updated 2002-10-20. As above but with more debugging.
openssh-3.5p1-passexpire6.patch Updated 2002-10-28. Now supports SSH2_MSG_USERAUTH_PASSWD_CHANGEREQ and privsep. This patch only supports AIX (via an AIX-specific password change function) but should soon support other platforms (hence the change of name).
openssh-3.5p1-passexpire7.patch Updated 2002-10-29. Now supports /etc/shadow expiration in addition to AIX, tested on Solaris 8 and Redhat 8. (Also reported to work on UnixWare 2.1.3)
openssh-3.5p1-passexpire8.patch Updated 2002-10-30. Slightly cleaned up.
openssh-passexpire9.patch Returns to using /bin/passwd in session. Patches configure.ac so you must re-build configure with make -f Makefile.in distprep. Diff against post-3.5p1 CVS tree.
openssh-passexpire12.patch As above. Tests for case where passwd doesn't set failure code. openssh-3.5p1-passexpire12.patch is the same patch against the 3.5p1 release. (Patches 10 and 11 have fatal flaws and shouldn't be used.)
openssh-passexpire15.patch Removes invalid privsep calls and tests for the AIX password-too-expired case. openssh-3.5p1-passexpire15.patch is the same patch against the 3.5p1 release.

openssh-passexpire16.patch Only generates login message when euid == 0. This prevents a fatal error if authentication is postponed. Because configure.ac is patched, you must run autoreconf to re-build configure. openssh-3.5p1-passexpire16.patch is the same patch against the 3.5p1 release (autoreconf is not required for this patch).

openssh-passexpire17.patch Fixed problem where forced-password changes did not work when account expiry was not enabled, reported by Zdenek Tlusty. Enabled basic PAM password expiry support support. You must run autoreconf to re-build configure. openssh-3.5p1-passexpire17.patch is the same patch against the 3.5p1 release (autoreconf is not required for this patch).

openssh-passexpire18.patch Fixed a double-change bug when PAM was enabled (reported by Dan Oviatt). Removed the forward-flag resetting via the use of SIGUSR1. openssh-3.5p1-passexpire18.patch is the same patch against the 3.5p1 release, openssh-3.6.1p1-passexpire18.patch the same against 3.6.1p1.

openssh-passexpire19.patch (gpg sig). Added handling of AIX's S_MAXAGE attribute when checking for over-expired passwords. Based on report and code from Ravinder Sekhon. openssh-3.6.1p2-passexpire19.patch (gpg sig) the same against 3.6.1p2.

openssh-3.6.1p2-passexpire20.patch (gpg sig). Fixed stupid bug that prevented password expiry from working with PAM and PrivSep, reported by Scott Burch. There is currently no passexpire20 patch for the CVS tree.

openssh-3.6.1p2-passexpire21.patch (gpg sig). Fixed stupid bug that prevented correct operation of /etc/nologin. Reported and fix confirmed by Andrew Elwell. There is no passexpire21 patch for the CVS tree either.

openssh-3.6.1p2-passexpire22.patch (gpg sig). Flush expiry messages to ensure they are displayed before the password change prompt. Store expiry message before stripping newlines and logging. Add newlines to ensure expiry messages are nicely formatted. Reported by Andrew Elwell.

openssh-3.6.1p2-passexpire23.patch (gpg sig). Backported configure's loginfailed() argument detection from -current. Will now automatically detect if loginfailed() takes 4 arguments (ie should compile OK on AIX 5.2). No other changes.

openssh-3.7p1-pwexp24.patch (gpg sig). Updated patch to 3.7p1. Due to the urgency of the 3.7p1 release, this patch is not as well tested as I would have liked, however reports of problems are welcome. (Updated 2003-09-17 to correct missing PATH_PASSWD_PROGRAM define, no functional changes). There is also a patch for 3.7.1p1: openssh-3.7.1p1-pwexp24.patch (gpg sig) and 3.7.1p2: openssh-3.7.1p2-pwexp24.patch (gpg sig).

openssh-3.7.1p2-pwexp25.patch (gpg sig). Now displays messages returned by PAM modules.


OpenSSH patches for Solaris

OpenSSH 3.0.2p1 Solaris buildpkg patch Adds postinstall script to preserve original configs and restart sshd.
In OpenSSH versions 3.1p1 and above the buildpkg scripts have been overhauled.

Valid HTML 4.01!

Page last modified: $Date: 2022-05-25 $