diff options
| author | Colin Watson <cjwatson@debian.org> | 2014-02-09 23:45:24 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2014-02-09 23:47:26 +0000 |
| commit | d62fa90d496ae9532d8c1426b177e12d3c5ac03b (patch) | |
| tree | 3179fea9631a318c8a0782dedc7cd690f201af69 /debian/patches/ssh-vulnkey-compat.patch | |
| parent | d26565af8589d88f824b26f31da493f1056efcf4 (diff) | |
| parent | b65a0ded7a8cfe7d351e28266d7851216d679e05 (diff) | |
Drop ssh-vulnkey
Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration
code, leaving only basic configuration file compatibility, since it
has been nearly six years since the original vulnerability and this
code is not likely to be of much value any more. See
https://lists.debian.org/debian-devel/2013/09/msg00240.html for my
full reasoning.
Diffstat (limited to 'debian/patches/ssh-vulnkey-compat.patch')
| -rw-r--r-- | debian/patches/ssh-vulnkey-compat.patch | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch new file mode 100644 index 000000000..50d500f6d --- /dev/null +++ b/debian/patches/ssh-vulnkey-compat.patch | |||
| @@ -0,0 +1,42 @@ | |||
| 1 | From bdc94de85ed7dbafb949c239d7c3eff23ea4aa28 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Colin Watson <cjwatson@ubuntu.com> | ||
| 3 | Date: Sun, 9 Feb 2014 16:09:50 +0000 | ||
| 4 | Subject: Accept obsolete ssh-vulnkey configuration options | ||
| 5 | |||
| 6 | These options were used as part of Debian's response to CVE-2008-0166. | ||
| 7 | Nearly six years later, we no longer need to continue carrying the bulk | ||
| 8 | of that patch, but we do need to avoid failing when the associated | ||
| 9 | configuration options are still present. | ||
| 10 | |||
| 11 | Last-Update: 2014-02-09 | ||
| 12 | |||
| 13 | Patch-Name: ssh-vulnkey-compat.patch | ||
| 14 | --- | ||
| 15 | readconf.c | 1 + | ||
| 16 | servconf.c | 1 + | ||
| 17 | 2 files changed, 2 insertions(+) | ||
| 18 | |||
| 19 | diff --git a/readconf.c b/readconf.c | ||
| 20 | index 2695fd6..915a0f7 100644 | ||
| 21 | --- a/readconf.c | ||
| 22 | +++ b/readconf.c | ||
| 23 | @@ -161,6 +161,7 @@ static struct { | ||
| 24 | { "passwordauthentication", oPasswordAuthentication }, | ||
| 25 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, | ||
| 26 | { "kbdinteractivedevices", oKbdInteractiveDevices }, | ||
| 27 | + { "useblacklistedkeys", oDeprecated }, | ||
| 28 | { "rsaauthentication", oRSAAuthentication }, | ||
| 29 | { "pubkeyauthentication", oPubkeyAuthentication }, | ||
| 30 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ | ||
| 31 | diff --git a/servconf.c b/servconf.c | ||
| 32 | index c938ae3..dcb8caf 100644 | ||
| 33 | --- a/servconf.c | ||
| 34 | +++ b/servconf.c | ||
| 35 | @@ -451,6 +451,7 @@ static struct { | ||
| 36 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | ||
| 37 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | ||
| 38 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | ||
| 39 | + { "permitblacklistedkeys", sDeprecated, SSHCFG_GLOBAL }, | ||
| 40 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, | ||
| 41 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | ||
| 42 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | ||