diff options
author | Colin Watson <cjwatson@debian.org> | 2014-02-09 23:45:24 +0000 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2014-02-09 23:47:26 +0000 |
commit | d62fa90d496ae9532d8c1426b177e12d3c5ac03b (patch) | |
tree | 3179fea9631a318c8a0782dedc7cd690f201af69 /debian/patches/keepalive-extensions.patch | |
parent | d26565af8589d88f824b26f31da493f1056efcf4 (diff) | |
parent | b65a0ded7a8cfe7d351e28266d7851216d679e05 (diff) |
Drop ssh-vulnkey
Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration
code, leaving only basic configuration file compatibility, since it
has been nearly six years since the original vulnerability and this
code is not likely to be of much value any more. See
https://lists.debian.org/debian-devel/2013/09/msg00240.html for my
full reasoning.
Diffstat (limited to 'debian/patches/keepalive-extensions.patch')
-rw-r--r-- | debian/patches/keepalive-extensions.patch | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch index 61389cc44..e22410298 100644 --- a/debian/patches/keepalive-extensions.patch +++ b/debian/patches/keepalive-extensions.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From affb41e3cf23b79a3d165ae0d97689a46a965b6f Mon Sep 17 00:00:00 2001 | 1 | From bd3d91c378d549aed56246ad4535aea29db04150 Mon Sep 17 00:00:00 2001 |
2 | From: Richard Kettlewell <rjk@greenend.org.uk> | 2 | From: Richard Kettlewell <rjk@greenend.org.uk> |
3 | Date: Sun, 9 Feb 2014 16:09:52 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:52 +0000 |
4 | Subject: Various keepalive extensions | 4 | Subject: Various keepalive extensions |
@@ -26,10 +26,10 @@ Patch-Name: keepalive-extensions.patch | |||
26 | 3 files changed, 34 insertions(+), 4 deletions(-) | 26 | 3 files changed, 34 insertions(+), 4 deletions(-) |
27 | 27 | ||
28 | diff --git a/readconf.c b/readconf.c | 28 | diff --git a/readconf.c b/readconf.c |
29 | index 22e5a3a..2dcbf31 100644 | 29 | index 915a0f7..dab7963 100644 |
30 | --- a/readconf.c | 30 | --- a/readconf.c |
31 | +++ b/readconf.c | 31 | +++ b/readconf.c |
32 | @@ -141,6 +141,7 @@ typedef enum { | 32 | @@ -140,6 +140,7 @@ typedef enum { |
33 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, | 33 | oTunnel, oTunnelDevice, oLocalCommand, oPermitLocalCommand, |
34 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, | 34 | oVisualHostKey, oUseRoaming, oZeroKnowledgePasswordAuthentication, |
35 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, | 35 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, |
@@ -37,7 +37,7 @@ index 22e5a3a..2dcbf31 100644 | |||
37 | oIgnoredUnknownOption, oDeprecated, oUnsupported | 37 | oIgnoredUnknownOption, oDeprecated, oUnsupported |
38 | } OpCodes; | 38 | } OpCodes; |
39 | 39 | ||
40 | @@ -263,6 +264,8 @@ static struct { | 40 | @@ -262,6 +263,8 @@ static struct { |
41 | { "ipqos", oIPQoS }, | 41 | { "ipqos", oIPQoS }, |
42 | { "requesttty", oRequestTTY }, | 42 | { "requesttty", oRequestTTY }, |
43 | { "ignoreunknown", oIgnoreUnknown }, | 43 | { "ignoreunknown", oIgnoreUnknown }, |
@@ -46,7 +46,7 @@ index 22e5a3a..2dcbf31 100644 | |||
46 | 46 | ||
47 | { NULL, oBadOption } | 47 | { NULL, oBadOption } |
48 | }; | 48 | }; |
49 | @@ -939,6 +942,8 @@ parse_int: | 49 | @@ -934,6 +937,8 @@ parse_int: |
50 | goto parse_flag; | 50 | goto parse_flag; |
51 | 51 | ||
52 | case oServerAliveInterval: | 52 | case oServerAliveInterval: |
@@ -55,7 +55,7 @@ index 22e5a3a..2dcbf31 100644 | |||
55 | intptr = &options->server_alive_interval; | 55 | intptr = &options->server_alive_interval; |
56 | goto parse_time; | 56 | goto parse_time; |
57 | 57 | ||
58 | @@ -1404,8 +1409,13 @@ fill_default_options(Options * options) | 58 | @@ -1396,8 +1401,13 @@ fill_default_options(Options * options) |
59 | options->rekey_interval = 0; | 59 | options->rekey_interval = 0; |
60 | if (options->verify_host_key_dns == -1) | 60 | if (options->verify_host_key_dns == -1) |
61 | options->verify_host_key_dns = 0; | 61 | options->verify_host_key_dns = 0; |
@@ -72,7 +72,7 @@ index 22e5a3a..2dcbf31 100644 | |||
72 | options->server_alive_count_max = 3; | 72 | options->server_alive_count_max = 3; |
73 | if (options->control_master == -1) | 73 | if (options->control_master == -1) |
74 | diff --git a/ssh_config.5 b/ssh_config.5 | 74 | diff --git a/ssh_config.5 b/ssh_config.5 |
75 | index 89b25cd..135d833 100644 | 75 | index 1fc0a6b..6948680 100644 |
76 | --- a/ssh_config.5 | 76 | --- a/ssh_config.5 |
77 | +++ b/ssh_config.5 | 77 | +++ b/ssh_config.5 |
78 | @@ -136,8 +136,12 @@ Valid arguments are | 78 | @@ -136,8 +136,12 @@ Valid arguments are |
@@ -120,10 +120,10 @@ index 89b25cd..135d833 100644 | |||
120 | connections will die if the route is down temporarily, and some people | 120 | connections will die if the route is down temporarily, and some people |
121 | find it annoying. | 121 | find it annoying. |
122 | diff --git a/sshd_config.5 b/sshd_config.5 | 122 | diff --git a/sshd_config.5 b/sshd_config.5 |
123 | index 18ec81f..510cc7c 100644 | 123 | index 525d9c8..e29604a 100644 |
124 | --- a/sshd_config.5 | 124 | --- a/sshd_config.5 |
125 | +++ b/sshd_config.5 | 125 | +++ b/sshd_config.5 |
126 | @@ -1161,6 +1161,9 @@ This avoids infinitely hanging sessions. | 126 | @@ -1147,6 +1147,9 @@ This avoids infinitely hanging sessions. |
127 | .Pp | 127 | .Pp |
128 | To disable TCP keepalive messages, the value should be set to | 128 | To disable TCP keepalive messages, the value should be set to |
129 | .Dq no . | 129 | .Dq no . |