Drop ssh-vulnkey

Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration code, leaving only basic configuration file compatibility, since it has been nearly six years since the original vulnerability and this code is not likely to be of much value any more. See https://lists.debian.org/debian-devel/2013/09/msg00240.html for my full reasoning.
author: Colin Watson <cjwatson@debian.org> 2014-02-09 23:45:24 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-09 23:47:26 +0000
commit: d62fa90d496ae9532d8c1426b177e12d3c5ac03b (patch)
tree: 3179fea9631a318c8a0782dedc7cd690f201af69 /debian/patches/debian-banner.patch
parent: d26565af8589d88f824b26f31da493f1056efcf4 (diff)
parent: b65a0ded7a8cfe7d351e28266d7851216d679e05 (diff)
1 files changed, 11 insertions, 11 deletions
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index d02e8ffcb..8edc27f70 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
-From 8a75df792931443e868e574408ed1666208a28c2 Mon Sep 17 00:00:00 2001
+From e1e1e23ca98c59a031217da0ea50b70de5427683 Mon Sep 17 00:00:00 2001
 From: Kees Cook <kees@debian.org>
 Date: Sun, 9 Feb 2014 16:10:06 +0000
 Subject: Add DebianBanner server configuration option
@@ -19,10 +19,10 @@ Patch-Name: debian-banner.patch
 4 files changed, 18 insertions(+), 1 deletion(-)
 diff --git a/servconf.c b/servconf.c
-index 9155a8b..a2928ff 100644
+index dcb8caf..802db1d 100644
 --- a/servconf.c
 +++ b/servconf.c
-@@ -157,6 +157,7 @@ initialize_server_options(ServerOptions *options)
+@@ -156,6 +156,7 @@ initialize_server_options(ServerOptions *options)
        options->ip_qos_interactive = -1;
        options->ip_qos_bulk = -1;
        options->version_addendum = NULL;
@@ -30,7 +30,7 @@ index 9155a8b..a2928ff 100644
 }
 
 void
-@@ -310,6 +311,8 @@ fill_default_server_options(ServerOptions *options)
+@@ -307,6 +308,8 @@ fill_default_server_options(ServerOptions *options)
                options->ip_qos_bulk = IPTOS_THROUGHPUT;
        if (options->version_addendum == NULL)
                options->version_addendum = xstrdup("");
@@ -39,7 +39,7 @@ index 9155a8b..a2928ff 100644
        /* Turn privilege separation on by default */
        if (use_privsep == -1)
                use_privsep = PRIVSEP_NOSANDBOX;
-@@ -360,6 +363,7 @@ typedef enum {
+@@ -357,6 +360,7 @@ typedef enum {
        sKexAlgorithms, sIPQoS, sVersionAddendum,
        sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
        sAuthenticationMethods, sHostKeyAgent,
@@ -47,7 +47,7 @@ index 9155a8b..a2928ff 100644
        sDeprecated, sUnsupported
 } ServerOpCodes;
 
-@@ -501,6 +505,7 @@ static struct {
+@@ -498,6 +502,7 @@ static struct {
        { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
        { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
        { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
@@ -55,7 +55,7 @@ index 9155a8b..a2928ff 100644
        { NULL, sBadOption, 0 }
 };
 
-@@ -1648,6 +1653,10 @@ process_server_config_line(ServerOptions *options, char *line,
+@@ -1641,6 +1646,10 @@ process_server_config_line(ServerOptions *options, char *line,
                }
                return 0;
 
@@ -67,10 +67,10 @@ index 9155a8b..a2928ff 100644
                logit("%s line %d: Deprecated option %s",
                    filename, linenum, arg);
 diff --git a/servconf.h b/servconf.h
-index f655c5b..fd72ce2 100644
+index ab6e346..1891a95 100644
 --- a/servconf.h
 +++ b/servconf.h
-@@ -188,6 +188,8 @@ typedef struct {
+@@ -187,6 +187,8 @@ typedef struct {
 
        u_int   num_auth_methods;
        char   *auth_methods[MAX_AUTH_METHODS];
@@ -80,7 +80,7 @@ index f655c5b..fd72ce2 100644
 
 /* Information about the incoming connection as used by Match */
 diff --git a/sshd.c b/sshd.c
-index 7efa7ef..6b988fe 100644
+index 46ec1a7..63b9357 100644
 --- a/sshd.c
 +++ b/sshd.c
 @@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
@@ -94,7 +94,7 @@ index 7efa7ef..6b988fe 100644
            options.version_addendum, newline);
 
 diff --git a/sshd_config.5 b/sshd_config.5
-index 510cc7c..eaf8d01 100644
+index e29604a..50eec53 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
 @@ -404,6 +404,11 @@ or
author	Colin Watson <cjwatson@debian.org>	2014-02-09 23:45:24 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-09 23:47:26 +0000
commit	d62fa90d496ae9532d8c1426b177e12d3c5ac03b (patch)
tree	3179fea9631a318c8a0782dedc7cd690f201af69 /debian/patches/debian-banner.patch
parent	d26565af8589d88f824b26f31da493f1056efcf4 (diff)
parent	b65a0ded7a8cfe7d351e28266d7851216d679e05 (diff)

diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index d02e8ffcb..8edc27f70 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch
@@ -1,4 +1,4 @@
1	From 8a75df792931443e868e574408ed1666208a28c2 Mon Sep 17 00:00:00 2001	1	From e1e1e23ca98c59a031217da0ea50b70de5427683 Mon Sep 17 00:00:00 2001
2	From: Kees Cook <kees@debian.org>	2	From: Kees Cook <kees@debian.org>
3	Date: Sun, 9 Feb 2014 16:10:06 +0000	3	Date: Sun, 9 Feb 2014 16:10:06 +0000
4	Subject: Add DebianBanner server configuration option	4	Subject: Add DebianBanner server configuration option
@@ -19,10 +19,10 @@ Patch-Name: debian-banner.patch
19	4 files changed, 18 insertions(+), 1 deletion(-)	19	4 files changed, 18 insertions(+), 1 deletion(-)
20		20
21	diff --git a/servconf.c b/servconf.c	21	diff --git a/servconf.c b/servconf.c
22	index 9155a8b..a2928ff 100644	22	index dcb8caf..802db1d 100644
23	--- a/servconf.c	23	--- a/servconf.c
24	+++ b/servconf.c	24	+++ b/servconf.c
25	@@ -157,6 +157,7 @@ initialize_server_options(ServerOptions *options)	25	@@ -156,6 +156,7 @@ initialize_server_options(ServerOptions *options)
26	options->ip_qos_interactive = -1;	26	options->ip_qos_interactive = -1;
27	options->ip_qos_bulk = -1;	27	options->ip_qos_bulk = -1;
28	options->version_addendum = NULL;	28	options->version_addendum = NULL;
@@ -30,7 +30,7 @@ index 9155a8b..a2928ff 100644
30	}	30	}
31		31
32	void	32	void
33	@@ -310,6 +311,8 @@ fill_default_server_options(ServerOptions *options)	33	@@ -307,6 +308,8 @@ fill_default_server_options(ServerOptions *options)
34	options->ip_qos_bulk = IPTOS_THROUGHPUT;	34	options->ip_qos_bulk = IPTOS_THROUGHPUT;
35	if (options->version_addendum == NULL)	35	if (options->version_addendum == NULL)
36	options->version_addendum = xstrdup("");	36	options->version_addendum = xstrdup("");
@@ -39,7 +39,7 @@ index 9155a8b..a2928ff 100644
39	/* Turn privilege separation on by default */	39	/* Turn privilege separation on by default */
40	if (use_privsep == -1)	40	if (use_privsep == -1)
41	use_privsep = PRIVSEP_NOSANDBOX;	41	use_privsep = PRIVSEP_NOSANDBOX;
42	@@ -360,6 +363,7 @@ typedef enum {	42	@@ -357,6 +360,7 @@ typedef enum {
43	sKexAlgorithms, sIPQoS, sVersionAddendum,	43	sKexAlgorithms, sIPQoS, sVersionAddendum,
44	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,	44	sAuthorizedKeysCommand, sAuthorizedKeysCommandUser,
45	sAuthenticationMethods, sHostKeyAgent,	45	sAuthenticationMethods, sHostKeyAgent,
@@ -47,7 +47,7 @@ index 9155a8b..a2928ff 100644
47	sDeprecated, sUnsupported	47	sDeprecated, sUnsupported
48	} ServerOpCodes;	48	} ServerOpCodes;
49		49
50	@@ -501,6 +505,7 @@ static struct {	50	@@ -498,6 +502,7 @@ static struct {
51	{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },	51	{ "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL },
52	{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },	52	{ "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL },
53	{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },	53	{ "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL },
@@ -55,7 +55,7 @@ index 9155a8b..a2928ff 100644
55	{ NULL, sBadOption, 0 }	55	{ NULL, sBadOption, 0 }
56	};	56	};
57		57
58	@@ -1648,6 +1653,10 @@ process_server_config_line(ServerOptions options, char line,	58	@@ -1641,6 +1646,10 @@ process_server_config_line(ServerOptions options, char line,
59	}	59	}
60	return 0;	60	return 0;
61		61
@@ -67,10 +67,10 @@ index 9155a8b..a2928ff 100644
67	logit("%s line %d: Deprecated option %s",	67	logit("%s line %d: Deprecated option %s",
68	filename, linenum, arg);	68	filename, linenum, arg);
69	diff --git a/servconf.h b/servconf.h	69	diff --git a/servconf.h b/servconf.h
70	index f655c5b..fd72ce2 100644	70	index ab6e346..1891a95 100644
71	--- a/servconf.h	71	--- a/servconf.h
72	+++ b/servconf.h	72	+++ b/servconf.h
73	@@ -188,6 +188,8 @@ typedef struct {	73	@@ -187,6 +187,8 @@ typedef struct {
74		74
75	u_int num_auth_methods;	75	u_int num_auth_methods;
76	char *auth_methods[MAX_AUTH_METHODS];	76	char *auth_methods[MAX_AUTH_METHODS];
@@ -80,7 +80,7 @@ index f655c5b..fd72ce2 100644
80		80
81	/* Information about the incoming connection as used by Match */	81	/* Information about the incoming connection as used by Match */
82	diff --git a/sshd.c b/sshd.c	82	diff --git a/sshd.c b/sshd.c
83	index 7efa7ef..6b988fe 100644	83	index 46ec1a7..63b9357 100644
84	--- a/sshd.c	84	--- a/sshd.c
85	+++ b/sshd.c	85	+++ b/sshd.c
86	@@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out)	86	@@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out)
@@ -94,7 +94,7 @@ index 7efa7ef..6b988fe 100644
94	options.version_addendum, newline);	94	options.version_addendum, newline);
95		95
96	diff --git a/sshd_config.5 b/sshd_config.5	96	diff --git a/sshd_config.5 b/sshd_config.5
97	index 510cc7c..eaf8d01 100644	97	index e29604a..50eec53 100644
98	--- a/sshd_config.5	98	--- a/sshd_config.5
99	+++ b/sshd_config.5	99	+++ b/sshd_config.5
100	@@ -404,6 +404,11 @@ or	100	@@ -404,6 +404,11 @@ or