Drop ssh-vulnkey

Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration code, leaving only basic configuration file compatibility, since it has been nearly six years since the original vulnerability and this code is not likely to be of much value any more. See https://lists.debian.org/debian-devel/2013/09/msg00240.html for my full reasoning.
author: Colin Watson <cjwatson@debian.org> 2014-02-09 23:45:24 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-09 23:47:26 +0000
commit: d62fa90d496ae9532d8c1426b177e12d3c5ac03b (patch)
tree: 3179fea9631a318c8a0782dedc7cd690f201af69 /debian/patches/keepalive-extensions.patch
parent: d26565af8589d88f824b26f31da493f1056efcf4 (diff)
parent: b65a0ded7a8cfe7d351e28266d7851216d679e05 (diff)
1 files changed, 9 insertions, 9 deletions
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index 61389cc44..e22410298 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
-From affb41e3cf23b79a3d165ae0d97689a46a965b6f Mon Sep 17 00:00:00 2001
+From bd3d91c378d549aed56246ad4535aea29db04150 Mon Sep 17 00:00:00 2001
 From: Richard Kettlewell <rjk@greenend.org.uk>
 Date: Sun, 9 Feb 2014 16:09:52 +0000
 Subject: Various keepalive extensions
@@ -26,10 +26,10 @@ Patch-Name: keepalive-extensions.patch
 3 files changed, 34 insertions(+), 4 deletions(-)
 diff --git a/readconf.c b/readconf.c
-index 22e5a3a..2dcbf31 100644
+index 915a0f7..dab7963 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -141,6 +141,7 @@ typedef enum {
+@@ -140,6 +140,7 @@ typedef enum {
        oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
        oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
        oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
@@ -37,7 +37,7 @@ index 22e5a3a..2dcbf31 100644
        oIgnoredUnknownOption, oDeprecated, oUnsupported
 } OpCodes;
 
-@@ -263,6 +264,8 @@ static struct {
+@@ -262,6 +263,8 @@ static struct {
        { "ipqos", oIPQoS },
        { "requesttty", oRequestTTY },
        { "ignoreunknown", oIgnoreUnknown },
@@ -46,7 +46,7 @@ index 22e5a3a..2dcbf31 100644
 
        { NULL, oBadOption }
 };
-@@ -939,6 +942,8 @@ parse_int:
+@@ -934,6 +937,8 @@ parse_int:
                goto parse_flag;
 
        case oServerAliveInterval:
@@ -55,7 +55,7 @@ index 22e5a3a..2dcbf31 100644
                intptr = &options->server_alive_interval;
                goto parse_time;
 
-@@ -1404,8 +1409,13 @@ fill_default_options(Options * options)
+@@ -1396,8 +1401,13 @@ fill_default_options(Options * options)
                options->rekey_interval = 0;
        if (options->verify_host_key_dns == -1)
                options->verify_host_key_dns = 0;
@@ -72,7 +72,7 @@ index 22e5a3a..2dcbf31 100644
                options->server_alive_count_max = 3;
        if (options->control_master == -1)
 diff --git a/ssh_config.5 b/ssh_config.5
-index 89b25cd..135d833 100644
+index 1fc0a6b..6948680 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
 @@ -136,8 +136,12 @@ Valid arguments are
@@ -120,10 +120,10 @@ index 89b25cd..135d833 100644
 connections will die if the route is down temporarily, and some people
 find it annoying.
 diff --git a/sshd_config.5 b/sshd_config.5
-index 18ec81f..510cc7c 100644
+index 525d9c8..e29604a 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -1161,6 +1161,9 @@ This avoids infinitely hanging sessions.
+@@ -1147,6 +1147,9 @@ This avoids infinitely hanging sessions.
 .Pp
 To disable TCP keepalive messages, the value should be set to
 .Dq no .
author	Colin Watson <cjwatson@debian.org>	2014-02-09 23:45:24 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-09 23:47:26 +0000
commit	d62fa90d496ae9532d8c1426b177e12d3c5ac03b (patch)
tree	3179fea9631a318c8a0782dedc7cd690f201af69 /debian/patches/keepalive-extensions.patch
parent	d26565af8589d88f824b26f31da493f1056efcf4 (diff)
parent	b65a0ded7a8cfe7d351e28266d7851216d679e05 (diff)

diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch index 61389cc44..e22410298 100644 --- a/debian/patches/keepalive-extensions.patch +++ b/debian/patches/keepalive-extensions.patch
@@ -1,4 +1,4 @@
1	From affb41e3cf23b79a3d165ae0d97689a46a965b6f Mon Sep 17 00:00:00 2001	1	From bd3d91c378d549aed56246ad4535aea29db04150 Mon Sep 17 00:00:00 2001
2	From: Richard Kettlewell <rjk@greenend.org.uk>	2	From: Richard Kettlewell <rjk@greenend.org.uk>
3	Date: Sun, 9 Feb 2014 16:09:52 +0000	3	Date: Sun, 9 Feb 2014 16:09:52 +0000
4	Subject: Various keepalive extensions	4	Subject: Various keepalive extensions
@@ -26,10 +26,10 @@ Patch-Name: keepalive-extensions.patch
26	3 files changed, 34 insertions(+), 4 deletions(-)	26	3 files changed, 34 insertions(+), 4 deletions(-)
27		27
28	diff --git a/readconf.c b/readconf.c	28	diff --git a/readconf.c b/readconf.c
29	index 22e5a3a..2dcbf31 100644	29	index 915a0f7..dab7963 100644
30	--- a/readconf.c	30	--- a/readconf.c
31	+++ b/readconf.c	31	+++ b/readconf.c
32	@@ -141,6 +141,7 @@ typedef enum {	32	@@ -140,6 +140,7 @@ typedef enum {
33	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,	33	oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand,
34	oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,	34	oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication,
35	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,	35	oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown,
@@ -37,7 +37,7 @@ index 22e5a3a..2dcbf31 100644
37	oIgnoredUnknownOption, oDeprecated, oUnsupported	37	oIgnoredUnknownOption, oDeprecated, oUnsupported
38	} OpCodes;	38	} OpCodes;
39		39
40	@@ -263,6 +264,8 @@ static struct {	40	@@ -262,6 +263,8 @@ static struct {
41	{ "ipqos", oIPQoS },	41	{ "ipqos", oIPQoS },
42	{ "requesttty", oRequestTTY },	42	{ "requesttty", oRequestTTY },
43	{ "ignoreunknown", oIgnoreUnknown },	43	{ "ignoreunknown", oIgnoreUnknown },
@@ -46,7 +46,7 @@ index 22e5a3a..2dcbf31 100644
46		46
47	{ NULL, oBadOption }	47	{ NULL, oBadOption }
48	};	48	};
49	@@ -939,6 +942,8 @@ parse_int:	49	@@ -934,6 +937,8 @@ parse_int:
50	goto parse_flag;	50	goto parse_flag;
51		51
52	case oServerAliveInterval:	52	case oServerAliveInterval:
@@ -55,7 +55,7 @@ index 22e5a3a..2dcbf31 100644
55	intptr = &options->server_alive_interval;	55	intptr = &options->server_alive_interval;
56	goto parse_time;	56	goto parse_time;
57		57
58	@@ -1404,8 +1409,13 @@ fill_default_options(Options * options)	58	@@ -1396,8 +1401,13 @@ fill_default_options(Options * options)
59	options->rekey_interval = 0;	59	options->rekey_interval = 0;
60	if (options->verify_host_key_dns == -1)	60	if (options->verify_host_key_dns == -1)
61	options->verify_host_key_dns = 0;	61	options->verify_host_key_dns = 0;
@@ -72,7 +72,7 @@ index 22e5a3a..2dcbf31 100644
72	options->server_alive_count_max = 3;	72	options->server_alive_count_max = 3;
73	if (options->control_master == -1)	73	if (options->control_master == -1)
74	diff --git a/ssh_config.5 b/ssh_config.5	74	diff --git a/ssh_config.5 b/ssh_config.5
75	index 89b25cd..135d833 100644	75	index 1fc0a6b..6948680 100644
76	--- a/ssh_config.5	76	--- a/ssh_config.5
77	+++ b/ssh_config.5	77	+++ b/ssh_config.5
78	@@ -136,8 +136,12 @@ Valid arguments are	78	@@ -136,8 +136,12 @@ Valid arguments are
@@ -120,10 +120,10 @@ index 89b25cd..135d833 100644
120	connections will die if the route is down temporarily, and some people	120	connections will die if the route is down temporarily, and some people
121	find it annoying.	121	find it annoying.
122	diff --git a/sshd_config.5 b/sshd_config.5	122	diff --git a/sshd_config.5 b/sshd_config.5
123	index 18ec81f..510cc7c 100644	123	index 525d9c8..e29604a 100644
124	--- a/sshd_config.5	124	--- a/sshd_config.5
125	+++ b/sshd_config.5	125	+++ b/sshd_config.5
126	@@ -1161,6 +1161,9 @@ This avoids infinitely hanging sessions.	126	@@ -1147,6 +1147,9 @@ This avoids infinitely hanging sessions.
127	.Pp	127	.Pp
128	To disable TCP keepalive messages, the value should be set to	128	To disable TCP keepalive messages, the value should be set to
129	.Dq no .	129	.Dq no .