summaryrefslogtreecommitdiff
path: root/Makefile.in
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2008-05-12 23:33:01 +0000
committerColin Watson <cjwatson@debian.org>2008-05-12 23:33:01 +0000
commit47608c17e64138f8d16aa2bdc49a0eb00e1c3549 (patch)
tree92572d90b9aa8f45c0d9e6dbb185065667fdcea0 /Makefile.in
parent19ccea525446d5a3c2a176d813c505be81b91cbf (diff)
* Mitigate OpenSSL security vulnerability:
- Add key blacklisting support. Keys listed in /etc/ssh/blacklist.TYPE-LENGTH will be rejected for authentication by sshd, unless "PermitBlacklistedKeys yes" is set in /etc/ssh/sshd_config. - Add a new program, ssh-vulnkey, which can be used to check keys against these blacklists. - Depend on openssh-blacklist. - Force dependencies on libssl0.9.8 / libcrypto0.9.8-udeb to at least 0.9.8g-9. - Automatically regenerate known-compromised host keys, with a critical-priority debconf note. (I regret that there was no time to gather translations.)
Diffstat (limited to 'Makefile.in')
-rw-r--r--Makefile.in13
1 files changed, 10 insertions, 3 deletions
diff --git a/Makefile.in b/Makefile.in
index 3ac9aaf45..0c6f7e550 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -60,7 +60,7 @@ EXEEXT=@EXEEXT@
60INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ 60INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@
61INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ 61INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@
62 62
63TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) 63TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-agent$(EXEEXT) scp$(EXEEXT) ssh-rand-helper${EXEEXT} sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-vulnkey$(EXEEXT)
64 64
65LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ 65LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
66 canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ 66 canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
@@ -88,8 +88,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \
88 loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \ 88 loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
89 audit.o audit-bsm.o platform.o 89 audit.o audit-bsm.o platform.o
90 90
91MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out 91MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
92MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 92MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
93MANTYPE = @MANTYPE@ 93MANTYPE = @MANTYPE@
94 94
95CONFIGFILES=sshd_config.out ssh_config.out moduli.out 95CONFIGFILES=sshd_config.out ssh_config.out moduli.out
@@ -165,6 +165,9 @@ sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glo
165ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o 165ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o
166 $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) 166 $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
167 167
168ssh-vulnkey$(EXEEXT): $(LIBCOMPAT) libssh.a ssh-vulnkey.o
169 $(LD) -o $@ ssh-vulnkey.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS)
170
168# test driver for the loginrec code - not built by default 171# test driver for the loginrec code - not built by default
169logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o 172logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
170 $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) 173 $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
@@ -264,6 +267,7 @@ install-files: scard-install
264 $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN) 267 $(INSTALL) -m 4711 $(STRIP_OPT) ssh-keysign $(DESTDIR)$(SSH_KEYSIGN)
265 $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp 268 $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp
266 $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER) 269 $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER)
270 $(INSTALL) -m 0755 $(STRIP_OPT) ssh-vulnkey $(DESTDIR)$(bindir)/ssh-vulnkey
267 $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 271 $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
268 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 272 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
269 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 273 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
@@ -280,6 +284,7 @@ install-files: scard-install
280 $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 284 $(INSTALL) -m 644 sftp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
281 $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 285 $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
282 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 286 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
287 $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
283 -rm -f $(DESTDIR)$(bindir)/slogin 288 -rm -f $(DESTDIR)$(bindir)/slogin
284 ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin 289 ln -s ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
285 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 290 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
@@ -361,6 +366,7 @@ uninstall:
361 -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) 366 -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
362 -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) 367 -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
363 -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) 368 -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
369 -rm -f $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT)
364 -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) 370 -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
365 -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) 371 -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
366 -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) 372 -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
@@ -373,6 +379,7 @@ uninstall:
373 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 379 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
374 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 380 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
375 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 381 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
382 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
376 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 383 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
377 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8 384 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-rand-helper.8
378 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 385 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-18 06:36:25 +0000