diff options
| author | Colin Watson <cjwatson@debian.org> | 2011-01-24 12:43:25 +0000 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2011-01-24 12:43:25 +0000 |
| commit | 626f1d986ff72aa514da63e34744e1de9cf21b9a (patch) | |
| tree | d215a5280bc2e57251e4a9e08bfd3674ad824a94 /debian/patches/ssh-vulnkey.patch | |
| parent | 6ed622cb6fe8f71bbe0d998cdd12280410bfb420 (diff) | |
| parent | 0970072c89b079b022538e3c366fbfa2c53fc821 (diff) | |
* New upstream release (http://www.openssh.org/txt/release-5.7):
- Implement Elliptic Curve Cryptography modes for key exchange (ECDH)
and host/user keys (ECDSA) as specified by RFC5656. ECDH and ECDSA
offer better performance than plain DH and DSA at the same equivalent
symmetric key length, as well as much shorter keys.
- sftp(1)/sftp-server(8): add a protocol extension to support a hard
link operation. It is available through the "ln" command in the
client. The old "ln" behaviour of creating a symlink is available
using its "-s" option or through the preexisting "symlink" command.
- scp(1): Add a new -3 option to scp: Copies between two remote hosts
are transferred through the local host (closes: #508613).
- ssh(1): "atomically" create the listening mux socket by binding it on
a temporary name and then linking it into position after listen() has
succeeded. This allows the mux clients to determine that the server
socket is either ready or stale without races (closes: #454784).
Stale server sockets are now automatically removed (closes: #523250).
- ssh(1): install a SIGCHLD handler to reap expired child process
(closes: #594687).
- ssh(1)/ssh-agent(1): honour $TMPDIR for client xauth and ssh-agent
temporary directories (closes: #357469, although only if you arrange
for ssh-agent to actually see $TMPDIR since the setgid bit will cause
it to be stripped off).
Diffstat (limited to 'debian/patches/ssh-vulnkey.patch')
| -rw-r--r-- | debian/patches/ssh-vulnkey.patch | 90 |
1 files changed, 45 insertions, 45 deletions
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch index 81c225a7f..444aef251 100644 --- a/debian/patches/ssh-vulnkey.patch +++ b/debian/patches/ssh-vulnkey.patch | |||
| @@ -32,7 +32,7 @@ Index: b/Makefile.in | |||
| 32 | 32 | ||
| 33 | CC=@CC@ | 33 | CC=@CC@ |
| 34 | LD=@LD@ | 34 | LD=@LD@ |
| 35 | @@ -62,7 +64,7 @@ | 35 | @@ -63,7 +65,7 @@ |
| 36 | INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ | 36 | INSTALL_SSH_PRNG_CMDS=@INSTALL_SSH_PRNG_CMDS@ |
| 37 | INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ | 37 | INSTALL_SSH_RAND_HELPER=@INSTALL_SSH_RAND_HELPER@ |
| 38 | 38 | ||
| @@ -41,8 +41,8 @@ Index: b/Makefile.in | |||
| 41 | 41 | ||
| 42 | LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ | 42 | LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ |
| 43 | canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ | 43 | canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ |
| 44 | @@ -93,8 +95,8 @@ | 44 | @@ -95,8 +97,8 @@ |
| 45 | audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o \ | 45 | sftp-server.o sftp-common.o \ |
| 46 | roaming_common.o roaming_serv.o | 46 | roaming_common.o roaming_serv.o |
| 47 | 47 | ||
| 48 | -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out | 48 | -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out |
| @@ -52,7 +52,7 @@ Index: b/Makefile.in | |||
| 52 | MANTYPE = @MANTYPE@ | 52 | MANTYPE = @MANTYPE@ |
| 53 | 53 | ||
| 54 | CONFIGFILES=sshd_config.out ssh_config.out moduli.out | 54 | CONFIGFILES=sshd_config.out ssh_config.out moduli.out |
| 55 | @@ -174,6 +176,9 @@ | 55 | @@ -177,6 +179,9 @@ |
| 56 | ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o | 56 | ssh-rand-helper${EXEEXT}: $(LIBCOMPAT) libssh.a ssh-rand-helper.o |
| 57 | $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) | 57 | $(LD) -o $@ ssh-rand-helper.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) |
| 58 | 58 | ||
| @@ -62,7 +62,7 @@ Index: b/Makefile.in | |||
| 62 | # test driver for the loginrec code - not built by default | 62 | # test driver for the loginrec code - not built by default |
| 63 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o | 63 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o |
| 64 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) | 64 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) |
| 65 | @@ -268,6 +273,7 @@ | 65 | @@ -271,6 +276,7 @@ |
| 66 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) | 66 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) |
| 67 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) | 67 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
| 68 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | 68 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
| @@ -70,7 +70,7 @@ Index: b/Makefile.in | |||
| 70 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 | 70 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 |
| 71 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 | 71 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 |
| 72 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 | 72 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 |
| 73 | @@ -285,6 +291,7 @@ | 73 | @@ -288,6 +294,7 @@ |
| 74 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 74 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
| 75 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 | 75 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 |
| 76 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 76 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
| @@ -78,7 +78,7 @@ Index: b/Makefile.in | |||
| 78 | -rm -f $(DESTDIR)$(bindir)/slogin | 78 | -rm -f $(DESTDIR)$(bindir)/slogin |
| 79 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | 79 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin |
| 80 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | 80 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
| 81 | @@ -366,6 +373,7 @@ | 81 | @@ -377,6 +384,7 @@ |
| 82 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) | 82 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) |
| 83 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) | 83 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) |
| 84 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) | 84 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) |
| @@ -86,7 +86,7 @@ Index: b/Makefile.in | |||
| 86 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) | 86 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
| 87 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) | 87 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) |
| 88 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | 88 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
| 89 | @@ -379,6 +387,7 @@ | 89 | @@ -390,6 +398,7 @@ |
| 90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 | 90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 |
| 91 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 | 91 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 |
| 92 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 | 92 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 |
| @@ -111,15 +111,15 @@ Index: b/auth-rsa.c | |||
| 111 | =================================================================== | 111 | =================================================================== |
| 112 | --- a/auth-rsa.c | 112 | --- a/auth-rsa.c |
| 113 | +++ b/auth-rsa.c | 113 | +++ b/auth-rsa.c |
| 114 | @@ -94,7 +94,7 @@ | 114 | @@ -247,7 +247,7 @@ |
| 115 | MD5_CTX md; | 115 | file, linenum, BN_num_bits(key->rsa->n), bits); |
| 116 | int len; | ||
| 117 | 116 | ||
| 118 | - if (auth_key_is_revoked(key)) | 117 | /* Never accept a revoked key */ |
| 119 | + if (auth_key_is_revoked(key, 0)) | 118 | - if (auth_key_is_revoked(key)) |
| 120 | return 0; | 119 | + if (auth_key_is_revoked(key, 0)) |
| 120 | break; | ||
| 121 | 121 | ||
| 122 | /* don't allow short keys */ | 122 | /* We have found the desired key. */ |
| 123 | Index: b/auth.c | 123 | Index: b/auth.c |
| 124 | =================================================================== | 124 | =================================================================== |
| 125 | --- a/auth.c | 125 | --- a/auth.c |
| @@ -132,7 +132,7 @@ Index: b/auth.c | |||
| 132 | #include "auth.h" | 132 | #include "auth.h" |
| 133 | #include "auth-options.h" | 133 | #include "auth-options.h" |
| 134 | #include "canohost.h" | 134 | #include "canohost.h" |
| 135 | @@ -615,10 +616,34 @@ | 135 | @@ -621,10 +622,34 @@ |
| 136 | 136 | ||
| 137 | /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ | 137 | /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ |
| 138 | int | 138 | int |
| @@ -223,7 +223,7 @@ Index: b/authfile.c | |||
| 223 | 223 | ||
| 224 | /* Version identification string for SSH v1 identity files. */ | 224 | /* Version identification string for SSH v1 identity files. */ |
| 225 | static const char authfile_id_string[] = | 225 | static const char authfile_id_string[] = |
| 226 | @@ -814,3 +815,140 @@ | 226 | @@ -906,3 +907,140 @@ |
| 227 | return ret; | 227 | return ret; |
| 228 | } | 228 | } |
| 229 | 229 | ||
| @@ -390,7 +390,7 @@ Index: b/pathnames.h | |||
| 390 | #ifndef _PATH_SSH_PIDDIR | 390 | #ifndef _PATH_SSH_PIDDIR |
| 391 | #define _PATH_SSH_PIDDIR "/var/run" | 391 | #define _PATH_SSH_PIDDIR "/var/run" |
| 392 | #endif | 392 | #endif |
| 393 | @@ -43,6 +47,9 @@ | 393 | @@ -44,6 +48,9 @@ |
| 394 | /* Backwards compatibility */ | 394 | /* Backwards compatibility */ |
| 395 | #define _PATH_DH_PRIMES SSHDIR "/primes" | 395 | #define _PATH_DH_PRIMES SSHDIR "/primes" |
| 396 | 396 | ||
| @@ -404,7 +404,7 @@ Index: b/readconf.c | |||
| 404 | =================================================================== | 404 | =================================================================== |
| 405 | --- a/readconf.c | 405 | --- a/readconf.c |
| 406 | +++ b/readconf.c | 406 | +++ b/readconf.c |
| 407 | @@ -123,6 +123,7 @@ | 407 | @@ -125,6 +125,7 @@ |
| 408 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, | 408 | oGlobalKnownHostsFile2, oUserKnownHostsFile2, oPubkeyAuthentication, |
| 409 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, | 409 | oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, |
| 410 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, | 410 | oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, |
| @@ -412,7 +412,7 @@ Index: b/readconf.c | |||
| 412 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, | 412 | oHostKeyAlgorithms, oBindAddress, oPKCS11Provider, |
| 413 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 413 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
| 414 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 414 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
| 415 | @@ -154,6 +155,7 @@ | 415 | @@ -158,6 +159,7 @@ |
| 416 | { "passwordauthentication", oPasswordAuthentication }, | 416 | { "passwordauthentication", oPasswordAuthentication }, |
| 417 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, | 417 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
| 418 | { "kbdinteractivedevices", oKbdInteractiveDevices }, | 418 | { "kbdinteractivedevices", oKbdInteractiveDevices }, |
| @@ -420,7 +420,7 @@ Index: b/readconf.c | |||
| 420 | { "rsaauthentication", oRSAAuthentication }, | 420 | { "rsaauthentication", oRSAAuthentication }, |
| 421 | { "pubkeyauthentication", oPubkeyAuthentication }, | 421 | { "pubkeyauthentication", oPubkeyAuthentication }, |
| 422 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ | 422 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
| 423 | @@ -479,6 +481,10 @@ | 423 | @@ -486,6 +488,10 @@ |
| 424 | intptr = &options->challenge_response_authentication; | 424 | intptr = &options->challenge_response_authentication; |
| 425 | goto parse_flag; | 425 | goto parse_flag; |
| 426 | 426 | ||
| @@ -431,7 +431,7 @@ Index: b/readconf.c | |||
| 431 | case oGssAuthentication: | 431 | case oGssAuthentication: |
| 432 | intptr = &options->gss_authentication; | 432 | intptr = &options->gss_authentication; |
| 433 | goto parse_flag; | 433 | goto parse_flag; |
| 434 | @@ -1093,6 +1099,7 @@ | 434 | @@ -1134,6 +1140,7 @@ |
| 435 | options->kbd_interactive_devices = NULL; | 435 | options->kbd_interactive_devices = NULL; |
| 436 | options->rhosts_rsa_authentication = -1; | 436 | options->rhosts_rsa_authentication = -1; |
| 437 | options->hostbased_authentication = -1; | 437 | options->hostbased_authentication = -1; |
| @@ -439,7 +439,7 @@ Index: b/readconf.c | |||
| 439 | options->batch_mode = -1; | 439 | options->batch_mode = -1; |
| 440 | options->check_host_ip = -1; | 440 | options->check_host_ip = -1; |
| 441 | options->strict_host_key_checking = -1; | 441 | options->strict_host_key_checking = -1; |
| 442 | @@ -1201,6 +1208,8 @@ | 442 | @@ -1245,6 +1252,8 @@ |
| 443 | options->rhosts_rsa_authentication = 0; | 443 | options->rhosts_rsa_authentication = 0; |
| 444 | if (options->hostbased_authentication == -1) | 444 | if (options->hostbased_authentication == -1) |
| 445 | options->hostbased_authentication = 0; | 445 | options->hostbased_authentication = 0; |
| @@ -452,7 +452,7 @@ Index: b/readconf.h | |||
| 452 | =================================================================== | 452 | =================================================================== |
| 453 | --- a/readconf.h | 453 | --- a/readconf.h |
| 454 | +++ b/readconf.h | 454 | +++ b/readconf.h |
| 455 | @@ -56,6 +56,7 @@ | 455 | @@ -57,6 +57,7 @@ |
| 456 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ | 456 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ |
| 457 | char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ | 457 | char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ |
| 458 | int zero_knowledge_password_authentication; /* Try jpake */ | 458 | int zero_knowledge_password_authentication; /* Try jpake */ |
| @@ -464,7 +464,7 @@ Index: b/servconf.c | |||
| 464 | =================================================================== | 464 | =================================================================== |
| 465 | --- a/servconf.c | 465 | --- a/servconf.c |
| 466 | +++ b/servconf.c | 466 | +++ b/servconf.c |
| 467 | @@ -100,6 +100,7 @@ | 467 | @@ -104,6 +104,7 @@ |
| 468 | options->password_authentication = -1; | 468 | options->password_authentication = -1; |
| 469 | options->kbd_interactive_authentication = -1; | 469 | options->kbd_interactive_authentication = -1; |
| 470 | options->challenge_response_authentication = -1; | 470 | options->challenge_response_authentication = -1; |
| @@ -472,7 +472,7 @@ Index: b/servconf.c | |||
| 472 | options->permit_empty_passwd = -1; | 472 | options->permit_empty_passwd = -1; |
| 473 | options->permit_user_env = -1; | 473 | options->permit_user_env = -1; |
| 474 | options->use_login = -1; | 474 | options->use_login = -1; |
| 475 | @@ -232,6 +233,8 @@ | 475 | @@ -243,6 +244,8 @@ |
| 476 | options->kbd_interactive_authentication = 0; | 476 | options->kbd_interactive_authentication = 0; |
| 477 | if (options->challenge_response_authentication == -1) | 477 | if (options->challenge_response_authentication == -1) |
| 478 | options->challenge_response_authentication = 1; | 478 | options->challenge_response_authentication = 1; |
| @@ -481,7 +481,7 @@ Index: b/servconf.c | |||
| 481 | if (options->permit_empty_passwd == -1) | 481 | if (options->permit_empty_passwd == -1) |
| 482 | options->permit_empty_passwd = 0; | 482 | options->permit_empty_passwd = 0; |
| 483 | if (options->permit_user_env == -1) | 483 | if (options->permit_user_env == -1) |
| 484 | @@ -307,7 +310,7 @@ | 484 | @@ -322,7 +325,7 @@ |
| 485 | sListenAddress, sAddressFamily, | 485 | sListenAddress, sAddressFamily, |
| 486 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 486 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
| 487 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 487 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
| @@ -490,7 +490,7 @@ Index: b/servconf.c | |||
| 490 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 490 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
| 491 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 491 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
| 492 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 492 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
| 493 | @@ -416,6 +419,7 @@ | 493 | @@ -432,6 +435,7 @@ |
| 494 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | 494 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, |
| 495 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | 495 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, |
| 496 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | 496 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, |
| @@ -498,7 +498,7 @@ Index: b/servconf.c | |||
| 498 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, | 498 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, |
| 499 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 499 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
| 500 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 500 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
| 501 | @@ -1011,6 +1015,10 @@ | 501 | @@ -1029,6 +1033,10 @@ |
| 502 | intptr = &options->tcp_keep_alive; | 502 | intptr = &options->tcp_keep_alive; |
| 503 | goto parse_flag; | 503 | goto parse_flag; |
| 504 | 504 | ||
| @@ -509,7 +509,7 @@ Index: b/servconf.c | |||
| 509 | case sEmptyPasswd: | 509 | case sEmptyPasswd: |
| 510 | intptr = &options->permit_empty_passwd; | 510 | intptr = &options->permit_empty_passwd; |
| 511 | goto parse_flag; | 511 | goto parse_flag; |
| 512 | @@ -1708,6 +1716,7 @@ | 512 | @@ -1757,6 +1765,7 @@ |
| 513 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 513 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
| 514 | dump_cfg_fmtint(sStrictModes, o->strict_modes); | 514 | dump_cfg_fmtint(sStrictModes, o->strict_modes); |
| 515 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); | 515 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); |
| @@ -521,7 +521,7 @@ Index: b/servconf.h | |||
| 521 | =================================================================== | 521 | =================================================================== |
| 522 | --- a/servconf.h | 522 | --- a/servconf.h |
| 523 | +++ b/servconf.h | 523 | +++ b/servconf.h |
| 524 | @@ -104,6 +104,7 @@ | 524 | @@ -107,6 +107,7 @@ |
| 525 | int challenge_response_authentication; | 525 | int challenge_response_authentication; |
| 526 | int zero_knowledge_password_authentication; | 526 | int zero_knowledge_password_authentication; |
| 527 | /* If true, permit jpake auth */ | 527 | /* If true, permit jpake auth */ |
| @@ -533,7 +533,7 @@ Index: b/ssh-add.1 | |||
| 533 | =================================================================== | 533 | =================================================================== |
| 534 | --- a/ssh-add.1 | 534 | --- a/ssh-add.1 |
| 535 | +++ b/ssh-add.1 | 535 | +++ b/ssh-add.1 |
| 536 | @@ -82,6 +82,10 @@ | 536 | @@ -81,6 +81,10 @@ |
| 537 | .Nm | 537 | .Nm |
| 538 | to work. | 538 | to work. |
| 539 | .Pp | 539 | .Pp |
| @@ -544,7 +544,7 @@ Index: b/ssh-add.1 | |||
| 544 | The options are as follows: | 544 | The options are as follows: |
| 545 | .Bl -tag -width Ds | 545 | .Bl -tag -width Ds |
| 546 | .It Fl c | 546 | .It Fl c |
| 547 | @@ -182,6 +186,7 @@ | 547 | @@ -183,6 +187,7 @@ |
| 548 | .Xr ssh 1 , | 548 | .Xr ssh 1 , |
| 549 | .Xr ssh-agent 1 , | 549 | .Xr ssh-agent 1 , |
| 550 | .Xr ssh-keygen 1 , | 550 | .Xr ssh-keygen 1 , |
| @@ -556,7 +556,7 @@ Index: b/ssh-add.c | |||
| 556 | =================================================================== | 556 | =================================================================== |
| 557 | --- a/ssh-add.c | 557 | --- a/ssh-add.c |
| 558 | +++ b/ssh-add.c | 558 | +++ b/ssh-add.c |
| 559 | @@ -139,7 +139,7 @@ | 559 | @@ -142,7 +142,7 @@ |
| 560 | add_file(AuthenticationConnection *ac, const char *filename) | 560 | add_file(AuthenticationConnection *ac, const char *filename) |
| 561 | { | 561 | { |
| 562 | Key *private, *cert; | 562 | Key *private, *cert; |
| @@ -565,7 +565,7 @@ Index: b/ssh-add.c | |||
| 565 | char msg[1024], *certpath; | 565 | char msg[1024], *certpath; |
| 566 | int fd, perms_ok, ret = -1; | 566 | int fd, perms_ok, ret = -1; |
| 567 | 567 | ||
| 568 | @@ -184,6 +184,14 @@ | 568 | @@ -187,6 +187,14 @@ |
| 569 | "Bad passphrase, try again for %.200s: ", comment); | 569 | "Bad passphrase, try again for %.200s: ", comment); |
| 570 | } | 570 | } |
| 571 | } | 571 | } |
| @@ -584,7 +584,7 @@ Index: b/ssh-keygen.1 | |||
| 584 | =================================================================== | 584 | =================================================================== |
| 585 | --- a/ssh-keygen.1 | 585 | --- a/ssh-keygen.1 |
| 586 | +++ b/ssh-keygen.1 | 586 | +++ b/ssh-keygen.1 |
| 587 | @@ -669,6 +669,7 @@ | 587 | @@ -659,6 +659,7 @@ |
| 588 | .Xr ssh 1 , | 588 | .Xr ssh 1 , |
| 589 | .Xr ssh-add 1 , | 589 | .Xr ssh-add 1 , |
| 590 | .Xr ssh-agent 1 , | 590 | .Xr ssh-agent 1 , |
| @@ -1236,7 +1236,7 @@ Index: b/ssh.1 | |||
| 1236 | =================================================================== | 1236 | =================================================================== |
| 1237 | --- a/ssh.1 | 1237 | --- a/ssh.1 |
| 1238 | +++ b/ssh.1 | 1238 | +++ b/ssh.1 |
| 1239 | @@ -1392,6 +1392,7 @@ | 1239 | @@ -1402,6 +1402,7 @@ |
| 1240 | .Xr ssh-agent 1 , | 1240 | .Xr ssh-agent 1 , |
| 1241 | .Xr ssh-keygen 1 , | 1241 | .Xr ssh-keygen 1 , |
| 1242 | .Xr ssh-keyscan 1 , | 1242 | .Xr ssh-keyscan 1 , |
| @@ -1248,7 +1248,7 @@ Index: b/ssh.c | |||
| 1248 | =================================================================== | 1248 | =================================================================== |
| 1249 | --- a/ssh.c | 1249 | --- a/ssh.c |
| 1250 | +++ b/ssh.c | 1250 | +++ b/ssh.c |
| 1251 | @@ -1422,7 +1422,7 @@ | 1251 | @@ -1448,7 +1448,7 @@ |
| 1252 | static void | 1252 | static void |
| 1253 | load_public_identity_files(void) | 1253 | load_public_identity_files(void) |
| 1254 | { | 1254 | { |
| @@ -1257,7 +1257,7 @@ Index: b/ssh.c | |||
| 1257 | char *pwdir = NULL, *pwname = NULL; | 1257 | char *pwdir = NULL, *pwname = NULL; |
| 1258 | int i = 0; | 1258 | int i = 0; |
| 1259 | Key *public; | 1259 | Key *public; |
| 1260 | @@ -1479,6 +1479,22 @@ | 1260 | @@ -1505,6 +1505,22 @@ |
| 1261 | public = key_load_public(filename, NULL); | 1261 | public = key_load_public(filename, NULL); |
| 1262 | debug("identity file %s type %d", filename, | 1262 | debug("identity file %s type %d", filename, |
| 1263 | public ? public->type : -1); | 1263 | public ? public->type : -1); |
| @@ -1284,7 +1284,7 @@ Index: b/ssh_config.5 | |||
| 1284 | =================================================================== | 1284 | =================================================================== |
| 1285 | --- a/ssh_config.5 | 1285 | --- a/ssh_config.5 |
| 1286 | +++ b/ssh_config.5 | 1286 | +++ b/ssh_config.5 |
| 1287 | @@ -1082,6 +1082,23 @@ | 1287 | @@ -1146,6 +1146,23 @@ |
| 1288 | .Dq any . | 1288 | .Dq any . |
| 1289 | The default is | 1289 | The default is |
| 1290 | .Dq any:any . | 1290 | .Dq any:any . |
| @@ -1312,7 +1312,7 @@ Index: b/sshconnect2.c | |||
| 1312 | =================================================================== | 1312 | =================================================================== |
| 1313 | --- a/sshconnect2.c | 1313 | --- a/sshconnect2.c |
| 1314 | +++ b/sshconnect2.c | 1314 | +++ b/sshconnect2.c |
| 1315 | @@ -1421,6 +1421,8 @@ | 1315 | @@ -1488,6 +1488,8 @@ |
| 1316 | 1316 | ||
| 1317 | /* list of keys stored in the filesystem */ | 1317 | /* list of keys stored in the filesystem */ |
| 1318 | for (i = 0; i < options.num_identity_files; i++) { | 1318 | for (i = 0; i < options.num_identity_files; i++) { |
| @@ -1321,7 +1321,7 @@ Index: b/sshconnect2.c | |||
| 1321 | key = options.identity_keys[i]; | 1321 | key = options.identity_keys[i]; |
| 1322 | if (key && key->type == KEY_RSA1) | 1322 | if (key && key->type == KEY_RSA1) |
| 1323 | continue; | 1323 | continue; |
| 1324 | @@ -1514,7 +1516,7 @@ | 1324 | @@ -1581,7 +1583,7 @@ |
| 1325 | debug("Offering %s public key: %s", key_type(id->key), | 1325 | debug("Offering %s public key: %s", key_type(id->key), |
| 1326 | id->filename); | 1326 | id->filename); |
| 1327 | sent = send_pubkey_test(authctxt, id); | 1327 | sent = send_pubkey_test(authctxt, id); |
| @@ -1334,7 +1334,7 @@ Index: b/sshd.8 | |||
| 1334 | =================================================================== | 1334 | =================================================================== |
| 1335 | --- a/sshd.8 | 1335 | --- a/sshd.8 |
| 1336 | +++ b/sshd.8 | 1336 | +++ b/sshd.8 |
| 1337 | @@ -938,6 +938,7 @@ | 1337 | @@ -945,6 +945,7 @@ |
| 1338 | .Xr ssh-agent 1 , | 1338 | .Xr ssh-agent 1 , |
| 1339 | .Xr ssh-keygen 1 , | 1339 | .Xr ssh-keygen 1 , |
| 1340 | .Xr ssh-keyscan 1 , | 1340 | .Xr ssh-keyscan 1 , |
| @@ -1346,7 +1346,7 @@ Index: b/sshd.c | |||
| 1346 | =================================================================== | 1346 | =================================================================== |
| 1347 | --- a/sshd.c | 1347 | --- a/sshd.c |
| 1348 | +++ b/sshd.c | 1348 | +++ b/sshd.c |
| 1349 | @@ -1573,6 +1573,11 @@ | 1349 | @@ -1576,6 +1576,11 @@ |
| 1350 | sensitive_data.host_keys[i] = NULL; | 1350 | sensitive_data.host_keys[i] = NULL; |
| 1351 | continue; | 1351 | continue; |
| 1352 | } | 1352 | } |
| @@ -1362,7 +1362,7 @@ Index: b/sshd_config.5 | |||
| 1362 | =================================================================== | 1362 | =================================================================== |
| 1363 | --- a/sshd_config.5 | 1363 | --- a/sshd_config.5 |
| 1364 | +++ b/sshd_config.5 | 1364 | +++ b/sshd_config.5 |
| 1365 | @@ -743,6 +743,20 @@ | 1365 | @@ -792,6 +792,20 @@ |
| 1366 | Specifies whether password authentication is allowed. | 1366 | Specifies whether password authentication is allowed. |
| 1367 | The default is | 1367 | The default is |
| 1368 | .Dq yes . | 1368 | .Dq yes . |