diff options
author | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
commit | 978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch) | |
tree | 89400a44e42d84937deba7864e4964d6c7734da5 /debian/patches/debian-banner.patch | |
parent | 87c685b8c6a49814fd782288097b3093f975aa72 (diff) | |
parent | 3a7e89697ca363de0f64e0d5704c57219294e41c (diff) |
* New upstream release (http://www.openssh.org/txt/release-5.9).
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
Diffstat (limited to 'debian/patches/debian-banner.patch')
-rw-r--r-- | debian/patches/debian-banner.patch | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index 32251397d..57ca35e87 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch | |||
@@ -10,7 +10,7 @@ Index: b/servconf.c | |||
10 | =================================================================== | 10 | =================================================================== |
11 | --- a/servconf.c | 11 | --- a/servconf.c |
12 | +++ b/servconf.c | 12 | +++ b/servconf.c |
13 | @@ -143,6 +143,7 @@ | 13 | @@ -142,6 +142,7 @@ |
14 | options->authorized_principals_file = NULL; | 14 | options->authorized_principals_file = NULL; |
15 | options->ip_qos_interactive = -1; | 15 | options->ip_qos_interactive = -1; |
16 | options->ip_qos_bulk = -1; | 16 | options->ip_qos_bulk = -1; |
@@ -18,7 +18,7 @@ Index: b/servconf.c | |||
18 | } | 18 | } |
19 | 19 | ||
20 | void | 20 | void |
21 | @@ -293,6 +294,8 @@ | 21 | @@ -289,6 +290,8 @@ |
22 | options->ip_qos_interactive = IPTOS_LOWDELAY; | 22 | options->ip_qos_interactive = IPTOS_LOWDELAY; |
23 | if (options->ip_qos_bulk == -1) | 23 | if (options->ip_qos_bulk == -1) |
24 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | 24 | options->ip_qos_bulk = IPTOS_THROUGHPUT; |
@@ -27,7 +27,7 @@ Index: b/servconf.c | |||
27 | 27 | ||
28 | /* Turn privilege separation on by default */ | 28 | /* Turn privilege separation on by default */ |
29 | if (use_privsep == -1) | 29 | if (use_privsep == -1) |
30 | @@ -342,6 +345,7 @@ | 30 | @@ -338,6 +341,7 @@ |
31 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 31 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
32 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, | 32 | sRevokedKeys, sTrustedUserCAKeys, sAuthorizedPrincipalsFile, |
33 | sKexAlgorithms, sIPQoS, | 33 | sKexAlgorithms, sIPQoS, |
@@ -35,7 +35,7 @@ Index: b/servconf.c | |||
35 | sDeprecated, sUnsupported | 35 | sDeprecated, sUnsupported |
36 | } ServerOpCodes; | 36 | } ServerOpCodes; |
37 | 37 | ||
38 | @@ -477,6 +481,7 @@ | 38 | @@ -473,6 +477,7 @@ |
39 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, | 39 | { "authorizedprincipalsfile", sAuthorizedPrincipalsFile, SSHCFG_ALL }, |
40 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, | 40 | { "kexalgorithms", sKexAlgorithms, SSHCFG_GLOBAL }, |
41 | { "ipqos", sIPQoS, SSHCFG_ALL }, | 41 | { "ipqos", sIPQoS, SSHCFG_ALL }, |
@@ -43,7 +43,7 @@ Index: b/servconf.c | |||
43 | { NULL, sBadOption, 0 } | 43 | { NULL, sBadOption, 0 } |
44 | }; | 44 | }; |
45 | 45 | ||
46 | @@ -1439,6 +1444,10 @@ | 46 | @@ -1436,6 +1441,10 @@ |
47 | } | 47 | } |
48 | break; | 48 | break; |
49 | 49 | ||
@@ -58,7 +58,7 @@ Index: b/servconf.h | |||
58 | =================================================================== | 58 | =================================================================== |
59 | --- a/servconf.h | 59 | --- a/servconf.h |
60 | +++ b/servconf.h | 60 | +++ b/servconf.h |
61 | @@ -160,6 +160,8 @@ | 61 | @@ -166,6 +166,8 @@ |
62 | 62 | ||
63 | int num_permitted_opens; | 63 | int num_permitted_opens; |
64 | 64 | ||
@@ -71,7 +71,7 @@ Index: b/sshd.c | |||
71 | =================================================================== | 71 | =================================================================== |
72 | --- a/sshd.c | 72 | --- a/sshd.c |
73 | +++ b/sshd.c | 73 | +++ b/sshd.c |
74 | @@ -422,7 +422,8 @@ | 74 | @@ -423,7 +423,8 @@ |
75 | minor = PROTOCOL_MINOR_1; | 75 | minor = PROTOCOL_MINOR_1; |
76 | } | 76 | } |
77 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, | 77 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, |
@@ -85,7 +85,7 @@ Index: b/sshd_config.5 | |||
85 | =================================================================== | 85 | =================================================================== |
86 | --- a/sshd_config.5 | 86 | --- a/sshd_config.5 |
87 | +++ b/sshd_config.5 | 87 | +++ b/sshd_config.5 |
88 | @@ -339,6 +339,11 @@ | 88 | @@ -340,6 +340,11 @@ |
89 | .Dq no . | 89 | .Dq no . |
90 | The default is | 90 | The default is |
91 | .Dq delayed . | 91 | .Dq delayed . |