diff options
author | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2011-09-06 14:56:29 +0100 |
commit | 978e62d6f14c60747bddef2cc72d66a9c8b83b54 (patch) | |
tree | 89400a44e42d84937deba7864e4964d6c7734da5 /debian/patches/openbsd-docs.patch | |
parent | 87c685b8c6a49814fd782288097b3093f975aa72 (diff) | |
parent | 3a7e89697ca363de0f64e0d5704c57219294e41c (diff) |
* New upstream release (http://www.openssh.org/txt/release-5.9).
- Introduce sandboxing of the pre-auth privsep child using an optional
sshd_config(5) "UsePrivilegeSeparation=sandbox" mode that enables
mandatory restrictions on the syscalls the privsep child can perform.
- Add new SHA256-based HMAC transport integrity modes from
http://www.ietf.org/id/draft-dbider-sha2-mac-for-ssh-02.txt.
- The pre-authentication sshd(8) privilege separation slave process now
logs via a socket shared with the master process, avoiding the need to
maintain /dev/log inside the chroot (closes: #75043, #429243,
#599240).
- ssh(1) now warns when a server refuses X11 forwarding (closes:
#504757).
- sshd_config(5)'s AuthorizedKeysFile now accepts multiple paths,
separated by whitespace (closes: #76312). The authorized_keys2
fallback is deprecated but documented (closes: #560156).
- ssh(1) and sshd(8): set IPv6 traffic class from IPQoS, as well as IPv4
ToS/DSCP (closes: #498297).
- ssh-add(1) now accepts keys piped from standard input. E.g. "ssh-add
- < /path/to/key" (closes: #229124).
- Clean up lost-passphrase text in ssh-keygen(1) (closes: #444691).
- Say "required" rather than "recommended" in unprotected-private-key
warning (LP: #663455).
Diffstat (limited to 'debian/patches/openbsd-docs.patch')
-rw-r--r-- | debian/patches/openbsd-docs.patch | 58 |
1 files changed, 38 insertions, 20 deletions
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch index fc07e8861..bda5f0c24 100644 --- a/debian/patches/openbsd-docs.patch +++ b/debian/patches/openbsd-docs.patch | |||
@@ -13,28 +13,28 @@ Index: b/moduli.5 | |||
13 | --- a/moduli.5 | 13 | --- a/moduli.5 |
14 | +++ b/moduli.5 | 14 | +++ b/moduli.5 |
15 | @@ -21,7 +21,7 @@ | 15 | @@ -21,7 +21,7 @@ |
16 | .Nd Diffie Hellman moduli | 16 | .Nd Diffie-Hellman moduli |
17 | .Sh DESCRIPTION | 17 | .Sh DESCRIPTION |
18 | The | 18 | The |
19 | -.Pa /etc/moduli | 19 | -.Pa /etc/moduli |
20 | +.Pa /etc/ssh/moduli | 20 | +.Pa /etc/ssh/moduli |
21 | file contains prime numbers and generators for use by | 21 | file contains prime numbers and generators for use by |
22 | .Xr sshd 8 | 22 | .Xr sshd 8 |
23 | in the Diffie-Hellman Group Exchange key exchange method. | 23 | in the Diffie-Hellman Group Exchange key exchange method. |
24 | @@ -111,7 +111,7 @@ | 24 | @@ -110,7 +110,7 @@ |
25 | Diffie Hellman output to sufficiently key the selected symmetric cipher. | 25 | Diffie-Hellman output to sufficiently key the selected symmetric cipher. |
26 | .Xr sshd 8 | 26 | .Xr sshd 8 |
27 | then randomly selects a modulus from | 27 | then randomly selects a modulus from |
28 | -.Fa /etc/moduli | 28 | -.Fa /etc/moduli |
29 | +.Fa /etc/ssh/moduli | 29 | +.Fa /etc/ssh/moduli |
30 | that best meets the size requirement. | 30 | that best meets the size requirement. |
31 | .Pp | ||
32 | .Sh SEE ALSO | 31 | .Sh SEE ALSO |
32 | .Xr ssh-keygen 1 , | ||
33 | Index: b/ssh-keygen.1 | 33 | Index: b/ssh-keygen.1 |
34 | =================================================================== | 34 | =================================================================== |
35 | --- a/ssh-keygen.1 | 35 | --- a/ssh-keygen.1 |
36 | +++ b/ssh-keygen.1 | 36 | +++ b/ssh-keygen.1 |
37 | @@ -147,9 +147,7 @@ | 37 | @@ -149,9 +149,7 @@ |
38 | .Pa ~/.ssh/id_dsa | 38 | .Pa ~/.ssh/id_dsa |
39 | or | 39 | or |
40 | .Pa ~/.ssh/id_rsa . | 40 | .Pa ~/.ssh/id_rsa . |
@@ -45,22 +45,40 @@ Index: b/ssh-keygen.1 | |||
45 | .Pp | 45 | .Pp |
46 | Normally this program generates the key and asks for a file in which | 46 | Normally this program generates the key and asks for a file in which |
47 | to store the private key. | 47 | to store the private key. |
48 | @@ -393,9 +391,7 @@ | 48 | @@ -197,9 +195,7 @@ |
49 | .It Fl q | 49 | For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys |
50 | Silence | 50 | do not exist, generate the host keys with the default key file path, |
51 | .Nm ssh-keygen . | 51 | an empty passphrase, default bits for the key type, and default comment. |
52 | -Used by | 52 | -This is used by |
53 | -.Pa /etc/rc | 53 | -.Pa /etc/rc |
54 | -when creating a new key. | 54 | -to generate new host keys. |
55 | +Used by system administration scripts when creating a new key. | 55 | +This is used by system administration scripts to generate new host keys. |
56 | .It Fl R Ar hostname | 56 | .It Fl a Ar trials |
57 | Removes all keys belonging to | 57 | Specifies the number of primality tests to perform when screening DH-GEX |
58 | .Ar hostname | 58 | candidates using the |
59 | @@ -535,7 +531,7 @@ | ||
60 | Valid generator values are 2, 3, and 5. | ||
61 | .Pp | ||
62 | Screened DH groups may be installed in | ||
63 | -.Pa /etc/moduli . | ||
64 | +.Pa /etc/ssh/moduli . | ||
65 | It is important that this file contains moduli of a range of bit lengths and | ||
66 | that both ends of a connection share common moduli. | ||
67 | .Sh CERTIFICATES | ||
68 | @@ -661,7 +657,7 @@ | ||
69 | where the user wishes to log in using public key authentication. | ||
70 | There is no need to keep the contents of this file secret. | ||
71 | .Pp | ||
72 | -.It Pa /etc/moduli | ||
73 | +.It Pa /etc/ssh/moduli | ||
74 | Contains Diffie-Hellman groups used for DH-GEX. | ||
75 | The file format is described in | ||
76 | .Xr moduli 5 . | ||
59 | Index: b/ssh.1 | 77 | Index: b/ssh.1 |
60 | =================================================================== | 78 | =================================================================== |
61 | --- a/ssh.1 | 79 | --- a/ssh.1 |
62 | +++ b/ssh.1 | 80 | +++ b/ssh.1 |
63 | @@ -726,6 +726,10 @@ | 81 | @@ -731,6 +731,10 @@ |
64 | .Sx HISTORY | 82 | .Sx HISTORY |
65 | section of | 83 | section of |
66 | .Xr ssl 8 | 84 | .Xr ssl 8 |
@@ -84,7 +102,7 @@ Index: b/sshd.8 | |||
84 | It forks a new | 102 | It forks a new |
85 | daemon for each incoming connection. | 103 | daemon for each incoming connection. |
86 | The forked daemons handle | 104 | The forked daemons handle |
87 | @@ -850,7 +850,7 @@ | 105 | @@ -853,7 +853,7 @@ |
88 | .Xr ssh 1 ) . | 106 | .Xr ssh 1 ) . |
89 | It should only be writable by root. | 107 | It should only be writable by root. |
90 | .Pp | 108 | .Pp |
@@ -93,7 +111,7 @@ Index: b/sshd.8 | |||
93 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". | 111 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
94 | The file format is described in | 112 | The file format is described in |
95 | .Xr moduli 5 . | 113 | .Xr moduli 5 . |
96 | @@ -948,7 +948,6 @@ | 114 | @@ -951,7 +951,6 @@ |
97 | .Xr ssh-vulnkey 1 , | 115 | .Xr ssh-vulnkey 1 , |
98 | .Xr chroot 2 , | 116 | .Xr chroot 2 , |
99 | .Xr hosts_access 5 , | 117 | .Xr hosts_access 5 , |
@@ -105,7 +123,7 @@ Index: b/sshd_config.5 | |||
105 | =================================================================== | 123 | =================================================================== |
106 | --- a/sshd_config.5 | 124 | --- a/sshd_config.5 |
107 | +++ b/sshd_config.5 | 125 | +++ b/sshd_config.5 |
108 | @@ -221,8 +221,7 @@ | 126 | @@ -222,8 +222,7 @@ |
109 | By default, no banner is displayed. | 127 | By default, no banner is displayed. |
110 | .It Cm ChallengeResponseAuthentication | 128 | .It Cm ChallengeResponseAuthentication |
111 | Specifies whether challenge-response authentication is allowed (e.g. via | 129 | Specifies whether challenge-response authentication is allowed (e.g. via |