* New upstream release (LP: #535029).

- After a transition period of about 10 years, this release disables SSH protocol 1 by default. Clients and servers that need to use the legacy protocol must explicitly enable it in ssh_config / sshd_config or on the command-line. - Remove the libsectok/OpenSC-based smartcard code and add support for PKCS#11 tokens. This support is enabled by default in the Debian packaging, since it now doesn't involve additional library dependencies (closes: #231472, LP: #16918). - Add support for certificate authentication of users and hosts using a new, minimal OpenSSH certificate format (closes: #482806). - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...". - Add the ability to revoke keys in sshd(8) and ssh(1). (For the Debian package, this overlaps with the key blacklisting facility added in openssh 1:4.7p1-9, but with different file formats and slightly different scopes; for the moment, I've roughly merged the two.) - Various multiplexing improvements, including support for requesting port-forwardings via the multiplex protocol (closes: #360151). - Allow setting an explicit umask on the sftp-server(8) commandline to override whatever default the user has (closes: #496843). - Many sftp client improvements, including tab-completion, more options, and recursive transfer support for get/put (LP: #33378). The old mget/mput commands never worked properly and have been removed (closes: #270399, #428082). - Do not prompt for a passphrase if we fail to open a keyfile, and log the reason why the open failed to debug (closes: #431538). - Prevent sftp from crashing when given a "-" without a command. Also, allow whitespace to follow a "-" (closes: #531561).
author: Colin Watson <cjwatson@debian.org> 2010-03-31 10:46:28 +0100
committer: Colin Watson <cjwatson@debian.org> 2010-03-31 10:46:28 +0100
commit: efd3d4522636ae029488c2e9730b60c88e257d2e (patch)
tree: 31e02ac3f16090ce8c53448677356b2b7f423683 /debian/patches/debian-banner.patch
parent: bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff)
parent: d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff)
1 files changed, 18 insertions, 18 deletions
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index a9b38e281..c0567f264 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -10,15 +10,15 @@ Index: b/servconf.c
 ===================================================================
 --- a/servconf.c
 +++ b/servconf.c
-@@ -132,6 +132,7 @@
+@@ -135,6 +135,7 @@
-        options->adm_forced_command = NULL;
-        options->chroot_directory = NULL;
        options->zero_knowledge_password_authentication = -1;
+        options->revoked_keys_file = NULL;
+        options->trusted_user_ca_keys = NULL;
 +       options->debian_banner = -1;
 }
 
 void
-@@ -273,6 +274,8 @@
+@@ -277,6 +278,8 @@
                options->permit_tun = SSH_TUNMODE_NO;
        if (options->zero_knowledge_password_authentication == -1)
                options->zero_knowledge_password_authentication = 0;
@@ -27,25 +27,25 @@ Index: b/servconf.c
 
        /* Turn privilege separation on by default */
        if (use_privsep == -1)
-@@ -320,6 +323,7 @@
+@@ -325,6 +328,7 @@
-        sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
        sUsePrivilegeSeparation, sAllowAgentForwarding,
-        sZeroKnowledgePasswordAuthentication,
+        sZeroKnowledgePasswordAuthentication, sHostCertificate,
+        sRevokedKeys, sTrustedUserCAKeys,
 +       sDebianBanner,
        sDeprecated, sUnsupported
 } ServerOpCodes;
 
-@@ -449,6 +453,7 @@
+@@ -457,6 +461,7 @@
-        { "permitopen", sPermitOpen, SSHCFG_ALL },
+        { "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
-        { "forcecommand", sForceCommand, SSHCFG_ALL },
+        { "revokedkeys", sRevokedKeys, SSHCFG_ALL },
-        { "chrootdirectory", sChrootDirectory, SSHCFG_ALL },
+        { "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
 +       { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
        { NULL, sBadOption, 0 }
 };
 
-@@ -1335,6 +1340,10 @@
+@@ -1377,6 +1382,10 @@
-                        *charptr = xstrdup(arg);
+                charptr = &options->revoked_keys_file;
-                break;
+                goto parse_filename;
 
 +       case sDebianBanner:
 +               intptr = &options->debian_banner;
@@ -58,20 +58,20 @@ Index: b/servconf.h
 ===================================================================
 --- a/servconf.h
 +++ b/servconf.h
-@@ -154,6 +154,8 @@
+@@ -157,6 +157,8 @@
 
        int     num_permitted_opens;
 
 +       int     debian_banner;
 +
        char   *chroot_directory;
- }       ServerOptions;
+        char   *revoked_keys_file;
- 
+        char   *trusted_user_ca_keys;
 Index: b/sshd.c
 ===================================================================
 --- a/sshd.c
 +++ b/sshd.c
-@@ -426,7 +426,8 @@
+@@ -422,7 +422,8 @@
                minor = PROTOCOL_MINOR_1;
        }
        snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
author	Colin Watson <cjwatson@debian.org>	2010-03-31 10:46:28 +0100
committer	Colin Watson <cjwatson@debian.org>	2010-03-31 10:46:28 +0100
commit	efd3d4522636ae029488c2e9730b60c88e257d2e (patch)
tree	31e02ac3f16090ce8c53448677356b2b7f423683 /debian/patches/debian-banner.patch
parent	bbec4db36d464ea1d464a707625125f9fd5c7b5e (diff)
parent	d1a87e462e1db89f19cd960588d0c6b287cb5ccc (diff)

diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index a9b38e281..c0567f264 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch
@@ -10,15 +10,15 @@ Index: b/servconf.c
10	===================================================================	10	===================================================================
11	--- a/servconf.c	11	--- a/servconf.c
12	+++ b/servconf.c	12	+++ b/servconf.c
13	@@ -132,6 +132,7 @@	13	@@ -135,6 +135,7 @@
14	options->adm_forced_command = NULL;
15	options->chroot_directory = NULL;
16	options->zero_knowledge_password_authentication = -1;	14	options->zero_knowledge_password_authentication = -1;
		15	options->revoked_keys_file = NULL;
		16	options->trusted_user_ca_keys = NULL;
17	+ options->debian_banner = -1;	17	+ options->debian_banner = -1;
18	}	18	}
19		19
20	void	20	void
21	@@ -273,6 +274,8 @@	21	@@ -277,6 +278,8 @@
22	options->permit_tun = SSH_TUNMODE_NO;	22	options->permit_tun = SSH_TUNMODE_NO;
23	if (options->zero_knowledge_password_authentication == -1)	23	if (options->zero_knowledge_password_authentication == -1)
24	options->zero_knowledge_password_authentication = 0;	24	options->zero_knowledge_password_authentication = 0;
@@ -27,25 +27,25 @@ Index: b/servconf.c
27		27
28	/* Turn privilege separation on by default */	28	/* Turn privilege separation on by default */
29	if (use_privsep == -1)	29	if (use_privsep == -1)
30	@@ -320,6 +323,7 @@	30	@@ -325,6 +328,7 @@
31	sMatch, sPermitOpen, sForceCommand, sChrootDirectory,
32	sUsePrivilegeSeparation, sAllowAgentForwarding,	31	sUsePrivilegeSeparation, sAllowAgentForwarding,
33	sZeroKnowledgePasswordAuthentication,	32	sZeroKnowledgePasswordAuthentication, sHostCertificate,
		33	sRevokedKeys, sTrustedUserCAKeys,
34	+ sDebianBanner,	34	+ sDebianBanner,
35	sDeprecated, sUnsupported	35	sDeprecated, sUnsupported
36	} ServerOpCodes;	36	} ServerOpCodes;
37		37
38	@@ -449,6 +453,7 @@	38	@@ -457,6 +461,7 @@
39	{ "permitopen", sPermitOpen, SSHCFG_ALL },	39	{ "hostcertificate", sHostCertificate, SSHCFG_GLOBAL },
40	{ "forcecommand", sForceCommand, SSHCFG_ALL },	40	{ "revokedkeys", sRevokedKeys, SSHCFG_ALL },
41	{ "chrootdirectory", sChrootDirectory, SSHCFG_ALL },	41	{ "trustedusercakeys", sTrustedUserCAKeys, SSHCFG_ALL },
42	+ { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },	42	+ { "debianbanner", sDebianBanner, SSHCFG_GLOBAL },
43	{ NULL, sBadOption, 0 }	43	{ NULL, sBadOption, 0 }
44	};	44	};
45		45
46	@@ -1335,6 +1340,10 @@	46	@@ -1377,6 +1382,10 @@
47	*charptr = xstrdup(arg);	47	charptr = &options->revoked_keys_file;
48	break;	48	goto parse_filename;
49		49
50	+ case sDebianBanner:	50	+ case sDebianBanner:
51	+ intptr = &options->debian_banner;	51	+ intptr = &options->debian_banner;
@@ -58,20 +58,20 @@ Index: b/servconf.h
58	===================================================================	58	===================================================================
59	--- a/servconf.h	59	--- a/servconf.h
60	+++ b/servconf.h	60	+++ b/servconf.h
61	@@ -154,6 +154,8 @@	61	@@ -157,6 +157,8 @@
62		62
63	int num_permitted_opens;	63	int num_permitted_opens;
64		64
65	+ int debian_banner;	65	+ int debian_banner;
66	+	66	+
67	char *chroot_directory;	67	char *chroot_directory;
68	} ServerOptions;	68	char *revoked_keys_file;
69		69	char *trusted_user_ca_keys;
70	Index: b/sshd.c	70	Index: b/sshd.c
71	===================================================================	71	===================================================================
72	--- a/sshd.c	72	--- a/sshd.c
73	+++ b/sshd.c	73	+++ b/sshd.c
74	@@ -426,7 +426,8 @@	74	@@ -422,7 +422,8 @@
75	minor = PROTOCOL_MINOR_1;	75	minor = PROTOCOL_MINOR_1;
76	}	76	}
77	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,	77	snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,