diff options
author | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2010-03-31 10:46:28 +0100 |
commit | efd3d4522636ae029488c2e9730b60c88e257d2e (patch) | |
tree | 31e02ac3f16090ce8c53448677356b2b7f423683 /debian/patches/debian-banner.patch | |
parent | bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff) | |
parent | d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff) |
* New upstream release (LP: #535029).
- After a transition period of about 10 years, this release disables SSH
protocol 1 by default. Clients and servers that need to use the
legacy protocol must explicitly enable it in ssh_config / sshd_config
or on the command-line.
- Remove the libsectok/OpenSC-based smartcard code and add support for
PKCS#11 tokens. This support is enabled by default in the Debian
packaging, since it now doesn't involve additional library
dependencies (closes: #231472, LP: #16918).
- Add support for certificate authentication of users and hosts using a
new, minimal OpenSSH certificate format (closes: #482806).
- Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
- Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian
package, this overlaps with the key blacklisting facility added in
openssh 1:4.7p1-9, but with different file formats and slightly
different scopes; for the moment, I've roughly merged the two.)
- Various multiplexing improvements, including support for requesting
port-forwardings via the multiplex protocol (closes: #360151).
- Allow setting an explicit umask on the sftp-server(8) commandline to
override whatever default the user has (closes: #496843).
- Many sftp client improvements, including tab-completion, more options,
and recursive transfer support for get/put (LP: #33378). The old
mget/mput commands never worked properly and have been removed
(closes: #270399, #428082).
- Do not prompt for a passphrase if we fail to open a keyfile, and log
the reason why the open failed to debug (closes: #431538).
- Prevent sftp from crashing when given a "-" without a command. Also,
allow whitespace to follow a "-" (closes: #531561).
Diffstat (limited to 'debian/patches/debian-banner.patch')
-rw-r--r-- | debian/patches/debian-banner.patch | 36 |
1 files changed, 18 insertions, 18 deletions
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index a9b38e281..c0567f264 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch | |||
@@ -10,15 +10,15 @@ Index: b/servconf.c | |||
10 | =================================================================== | 10 | =================================================================== |
11 | --- a/servconf.c | 11 | --- a/servconf.c |
12 | +++ b/servconf.c | 12 | +++ b/servconf.c |
13 | @@ -132,6 +132,7 @@ | 13 | @@ -135,6 +135,7 @@ |
14 | options->adm_forced_command = NULL; | ||
15 | options->chroot_directory = NULL; | ||
16 | options->zero_knowledge_password_authentication = -1; | 14 | options->zero_knowledge_password_authentication = -1; |
15 | options->revoked_keys_file = NULL; | ||
16 | options->trusted_user_ca_keys = NULL; | ||
17 | + options->debian_banner = -1; | 17 | + options->debian_banner = -1; |
18 | } | 18 | } |
19 | 19 | ||
20 | void | 20 | void |
21 | @@ -273,6 +274,8 @@ | 21 | @@ -277,6 +278,8 @@ |
22 | options->permit_tun = SSH_TUNMODE_NO; | 22 | options->permit_tun = SSH_TUNMODE_NO; |
23 | if (options->zero_knowledge_password_authentication == -1) | 23 | if (options->zero_knowledge_password_authentication == -1) |
24 | options->zero_knowledge_password_authentication = 0; | 24 | options->zero_knowledge_password_authentication = 0; |
@@ -27,25 +27,25 @@ Index: b/servconf.c | |||
27 | 27 | ||
28 | /* Turn privilege separation on by default */ | 28 | /* Turn privilege separation on by default */ |
29 | if (use_privsep == -1) | 29 | if (use_privsep == -1) |
30 | @@ -320,6 +323,7 @@ | 30 | @@ -325,6 +328,7 @@ |
31 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | ||
32 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 31 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
33 | sZeroKnowledgePasswordAuthentication, | 32 | sZeroKnowledgePasswordAuthentication, sHostCertificate, |
33 | sRevokedKeys, sTrustedUserCAKeys, | ||
34 | + sDebianBanner, | 34 | + sDebianBanner, |
35 | sDeprecated, sUnsupported | 35 | sDeprecated, sUnsupported |
36 | } ServerOpCodes; | 36 | } ServerOpCodes; |
37 | 37 | ||
38 | @@ -449,6 +453,7 @@ | 38 | @@ -457,6 +461,7 @@ |
39 | { "permitopen", sPermitOpen, SSHCFG_ALL }, | 39 | { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL }, |
40 | { "forcecommand", sForceCommand, SSHCFG_ALL }, | 40 | { "revokedkeys", sRevokedKeys, SSHCFG_ALL }, |
41 | { "chrootdirectory", sChrootDirectory, SSHCFG_ALL }, | 41 | { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL }, |
42 | + { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, | 42 | + { "debianbanner", sDebianBanner, SSHCFG_GLOBAL }, |
43 | { NULL, sBadOption, 0 } | 43 | { NULL, sBadOption, 0 } |
44 | }; | 44 | }; |
45 | 45 | ||
46 | @@ -1335,6 +1340,10 @@ | 46 | @@ -1377,6 +1382,10 @@ |
47 | *charptr = xstrdup(arg); | 47 | charptr = &options->revoked_keys_file; |
48 | break; | 48 | goto parse_filename; |
49 | 49 | ||
50 | + case sDebianBanner: | 50 | + case sDebianBanner: |
51 | + intptr = &options->debian_banner; | 51 | + intptr = &options->debian_banner; |
@@ -58,20 +58,20 @@ Index: b/servconf.h | |||
58 | =================================================================== | 58 | =================================================================== |
59 | --- a/servconf.h | 59 | --- a/servconf.h |
60 | +++ b/servconf.h | 60 | +++ b/servconf.h |
61 | @@ -154,6 +154,8 @@ | 61 | @@ -157,6 +157,8 @@ |
62 | 62 | ||
63 | int num_permitted_opens; | 63 | int num_permitted_opens; |
64 | 64 | ||
65 | + int debian_banner; | 65 | + int debian_banner; |
66 | + | 66 | + |
67 | char *chroot_directory; | 67 | char *chroot_directory; |
68 | } ServerOptions; | 68 | char *revoked_keys_file; |
69 | 69 | char *trusted_user_ca_keys; | |
70 | Index: b/sshd.c | 70 | Index: b/sshd.c |
71 | =================================================================== | 71 | =================================================================== |
72 | --- a/sshd.c | 72 | --- a/sshd.c |
73 | +++ b/sshd.c | 73 | +++ b/sshd.c |
74 | @@ -426,7 +426,8 @@ | 74 | @@ -422,7 +422,8 @@ |
75 | minor = PROTOCOL_MINOR_1; | 75 | minor = PROTOCOL_MINOR_1; |
76 | } | 76 | } |
77 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, | 77 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, |