diff options
author | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
commit | eab78da6a54225de06271d9c8da650f04a55ed88 (patch) | |
tree | aa258ca77515939f6d89317ff67fbcb0bca08b24 /debian/patches/debian-banner.patch | |
parent | a26f5de49df59322fde07f7be91b3e3969c9c238 (diff) | |
parent | c6a2c0334e45419875687d250aed9bea78480f2e (diff) |
* New upstream release (http://www.openssh.com/txt/release-6.1).
- Enable pre-auth sandboxing by default for new installs.
- Allow "PermitOpen none" to refuse all port-forwarding requests
(closes: #543683).
Diffstat (limited to 'debian/patches/debian-banner.patch')
-rw-r--r-- | debian/patches/debian-banner.patch | 55 |
1 files changed, 27 insertions, 28 deletions
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index a03ce23bb..22b1e4c14 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch | |||
@@ -4,48 +4,48 @@ Description: Add DebianBanner server configuration option | |||
4 | Author: Kees Cook <kees@debian.org> | 4 | Author: Kees Cook <kees@debian.org> |
5 | Bug-Debian: http://bugs.debian.org/562048 | 5 | Bug-Debian: http://bugs.debian.org/562048 |
6 | Forwarded: not-needed | 6 | Forwarded: not-needed |
7 | Last-Update: 2010-02-28 | 7 | Last-Update: 2012-09-07 |
8 | 8 | ||
9 | Index: b/servconf.c | 9 | Index: b/servconf.c |
10 | =================================================================== | 10 | =================================================================== |
11 | --- a/servconf.c | 11 | --- a/servconf.c |
12 | +++ b/servconf.c | 12 | +++ b/servconf.c |
13 | @@ -142,6 +142,7 @@ | 13 | @@ -146,6 +146,7 @@ |
14 | options->authorized_principals_file = NULL; | ||
15 | options->ip_qos_interactive = -1; | 14 | options->ip_qos_interactive = -1; |
16 | options->ip_qos_bulk = -1; | 15 | options->ip_qos_bulk = -1; |
16 | options->version_addendum = NULL; | ||
17 | + options->debian_banner = -1; | 17 | + options->debian_banner = -1; |
18 | } | 18 | } |
19 | 19 | ||
20 | void | 20 | void |
21 | @@ -289,6 +290,8 @@ | 21 | @@ -295,6 +296,8 @@ |
22 | options->ip_qos_interactive = IPTOS_LOWDELAY; | ||
23 | if (options->ip_qos_bulk == -1) | ||
24 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | 22 | options->ip_qos_bulk = IPTOS_THROUGHPUT; |
23 | if (options->version_addendum == NULL) | ||
24 | options->version_addendum = xstrdup(""); | ||
25 | + if (options->debian_banner == -1) | 25 | + if (options->debian_banner == -1) |
26 | + options->debian_banner = 1; | 26 | + options->debian_banner = 1; |
27 | |||
28 | /* Turn privilege separation on by default */ | 27 | /* Turn privilege separation on by default */ |
29 | if (use_privsep == -1) | 28 | if (use_privsep == -1) |
30 | @@ -338,6 +341,7 @@ | 29 | use_privsep = PRIVSEP_NOSANDBOX; |
30 | @@ -343,6 +346,7 @@ | ||
31 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 31 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
32 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 32 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
33 | sKexAlgorithms, sIPQoS, | 33 | sKexAlgorithms, sIPQoS, sVersionAddendum, |
34 | + sDebianBanner, | 34 | + sDebianBanner, |
35 | sDeprecated, sUnsupported | 35 | sDeprecated, sUnsupported |
36 | } ServerOpCodes; | 36 | } ServerOpCodes; |
37 | 37 | ||
38 | @@ -473,6 +477,7 @@ | 38 | @@ -479,6 +483,7 @@ |
39 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | ||
40 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, | 39 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, |
41 | { "ipqos", sIPQoS, SSHCFG_ALL }, | 40 | { "ipqos", sIPQoS, SSHCFG_ALL }, |
41 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, | ||
42 | + { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | 42 | + { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, |
43 | { NULL, sBadOption, 0 } | 43 | { NULL, sBadOption, 0 } |
44 | }; | 44 | }; |
45 | 45 | ||
46 | @@ -1436,6 +1441,10 @@ | 46 | @@ -1538,6 +1543,10 @@ |
47 | } | 47 | } |
48 | break; | 48 | return 0; |
49 | 49 | ||
50 | + case sDebianBanner: | 50 | + case sDebianBanner: |
51 | + intptr = &options->debian_banner; | 51 | + intptr = &options->debian_banner; |
@@ -58,34 +58,33 @@ Index: b/servconf.h | |||
58 | =================================================================== | 58 | =================================================================== |
59 | --- a/servconf.h | 59 | --- a/servconf.h |
60 | +++ b/servconf.h | 60 | +++ b/servconf.h |
61 | @@ -166,6 +166,8 @@ | 61 | @@ -172,6 +172,7 @@ |
62 | 62 | char *authorized_principals_file; | |
63 | int num_permitted_opens; | ||
64 | 63 | ||
64 | char *version_addendum; /* Appended to SSH banner */ | ||
65 | + int debian_banner; | 65 | + int debian_banner; |
66 | + | 66 | } ServerOptions; |
67 | char *chroot_directory; | 67 | |
68 | char *revoked_keys_file; | 68 | /* Information about the incoming connection as used by Match */ |
69 | char *trusted_user_ca_keys; | ||
70 | Index: b/sshd.c | 69 | Index: b/sshd.c |
71 | =================================================================== | 70 | =================================================================== |
72 | --- a/sshd.c | 71 | --- a/sshd.c |
73 | +++ b/sshd.c | 72 | +++ b/sshd.c |
74 | @@ -424,7 +424,8 @@ | 73 | @@ -425,7 +425,8 @@ |
75 | minor = PROTOCOL_MINOR_1; | ||
76 | } | 74 | } |
77 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, | 75 | |
78 | - SSH_RELEASE, newline); | 76 | xasprintf(&server_version_string, "SSH-%d.%d-%.100s%s%s%s", |
77 | - major, minor, SSH_RELEASE, | ||
78 | + major, minor, | ||
79 | + options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, | 79 | + options.debian_banner ? SSH_RELEASE : SSH_RELEASE_MINIMUM, |
80 | + newline); | 80 | *options.version_addendum == '\0' ? "" : " ", |
81 | server_version_string = xstrdup(buf); | 81 | options.version_addendum, newline); |
82 | 82 | ||
83 | /* Send our protocol version identification. */ | ||
84 | Index: b/sshd_config.5 | 83 | Index: b/sshd_config.5 |
85 | =================================================================== | 84 | =================================================================== |
86 | --- a/sshd_config.5 | 85 | --- a/sshd_config.5 |
87 | +++ b/sshd_config.5 | 86 | +++ b/sshd_config.5 |
88 | @@ -340,6 +340,11 @@ | 87 | @@ -342,6 +342,11 @@ |
89 | .Dq no . | 88 | .Dq no . |
90 | The default is | 89 | The default is |
91 | .Dq delayed . | 90 | .Dq delayed . |