summaryrefslogtreecommitdiff
path: root/debian/patches/user-group-modes.patch
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2018-08-24 12:49:36 +0100
committerColin Watson <cjwatson@debian.org>2018-08-30 00:57:27 +0100
commit816386e17654ca36834bebbf351419e460fad8f6 (patch)
tree3dc79d831cb73bc25b92f5a4d18f8e328c0c570a /debian/patches/user-group-modes.patch
parent3e6f76c7039d3df22b1d0a3a5f30150efb09b69d (diff)
parent16a47fc4b04977a14f44dd433c8da1499fa80671 (diff)
New upstream release (7.8p1)
Closes: #907534
Diffstat (limited to 'debian/patches/user-group-modes.patch')
-rw-r--r--debian/patches/user-group-modes.patch36
1 files changed, 18 insertions, 18 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 712620843..cc9cbacad 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
1From 9e45701c5d6105444cc2f4f5d6c44b0f69969479 Mon Sep 17 00:00:00 2001 1From 840f43066f9cdf5f6bb07992aca1c5f43be8eb80 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:09:58 +0000 3Date: Sun, 9 Feb 2014 16:09:58 +0000
4Subject: Allow harmless group-writability 4Subject: Allow harmless group-writability
@@ -27,7 +27,7 @@ Patch-Name: user-group-modes.patch
27 7 files changed, 63 insertions(+), 13 deletions(-) 27 7 files changed, 63 insertions(+), 13 deletions(-)
28 28
29diff --git a/auth-rhosts.c b/auth-rhosts.c 29diff --git a/auth-rhosts.c b/auth-rhosts.c
30index ecf956f06..4dccd5e6a 100644 30index 57296e1f6..546aa0495 100644
31--- a/auth-rhosts.c 31--- a/auth-rhosts.c
32+++ b/auth-rhosts.c 32+++ b/auth-rhosts.c
33@@ -261,8 +261,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, 33@@ -261,8 +261,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
@@ -51,10 +51,10 @@ index ecf956f06..4dccd5e6a 100644
51 pw->pw_name, buf); 51 pw->pw_name, buf);
52 auth_debug_add("Bad file modes for %.200s", buf); 52 auth_debug_add("Bad file modes for %.200s", buf);
53diff --git a/auth.c b/auth.c 53diff --git a/auth.c b/auth.c
54index 76d586e31..68b9fe795 100644 54index 80eb78c48..ad25631a5 100644
55--- a/auth.c 55--- a/auth.c
56+++ b/auth.c 56+++ b/auth.c
57@@ -468,8 +468,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, 57@@ -469,8 +469,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
58 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); 58 user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
59 if (options.strict_modes && 59 if (options.strict_modes &&
60 (stat(user_hostfile, &st) == 0) && 60 (stat(user_hostfile, &st) == 0) &&
@@ -65,7 +65,7 @@ index 76d586e31..68b9fe795 100644
65 "bad owner or modes for %.200s", 65 "bad owner or modes for %.200s",
66 pw->pw_name, user_hostfile); 66 pw->pw_name, user_hostfile);
67diff --git a/misc.c b/misc.c 67diff --git a/misc.c b/misc.c
68index 874dcc8a2..75c4113f0 100644 68index ae4d29b84..2f3dbda0c 100644
69--- a/misc.c 69--- a/misc.c
70+++ b/misc.c 70+++ b/misc.c
71@@ -57,8 +57,9 @@ 71@@ -57,8 +57,9 @@
@@ -79,8 +79,8 @@ index 874dcc8a2..75c4113f0 100644
79 #ifdef SSH_TUN_OPENBSD 79 #ifdef SSH_TUN_OPENBSD
80 #include <net/if.h> 80 #include <net/if.h>
81 #endif 81 #endif
82@@ -1030,6 +1031,55 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, 82@@ -1024,6 +1025,55 @@ percent_expand(const char *string, ...)
83 return -1; 83 #undef EXPAND_MAX_KEYS
84 } 84 }
85 85
86+int 86+int
@@ -135,7 +135,7 @@ index 874dcc8a2..75c4113f0 100644
135 int 135 int
136 tun_open(int tun, int mode, char **ifname) 136 tun_open(int tun, int mode, char **ifname)
137 { 137 {
138@@ -1797,8 +1847,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, 138@@ -1782,8 +1832,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
139 snprintf(err, errlen, "%s is not a regular file", buf); 139 snprintf(err, errlen, "%s is not a regular file", buf);
140 return -1; 140 return -1;
141 } 141 }
@@ -145,7 +145,7 @@ index 874dcc8a2..75c4113f0 100644
145 snprintf(err, errlen, "bad ownership or modes for file %s", 145 snprintf(err, errlen, "bad ownership or modes for file %s",
146 buf); 146 buf);
147 return -1; 147 return -1;
148@@ -1813,8 +1862,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, 148@@ -1798,8 +1847,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
149 strlcpy(buf, cp, sizeof(buf)); 149 strlcpy(buf, cp, sizeof(buf));
150 150
151 if (stat(buf, &st) < 0 || 151 if (stat(buf, &st) < 0 ||
@@ -156,12 +156,12 @@ index 874dcc8a2..75c4113f0 100644
156 "bad ownership or modes for directory %s", buf); 156 "bad ownership or modes for directory %s", buf);
157 return -1; 157 return -1;
158diff --git a/misc.h b/misc.h 158diff --git a/misc.h b/misc.h
159index cdafea735..51943db90 100644 159index 6be289fd2..213c3abb7 100644
160--- a/misc.h 160--- a/misc.h
161+++ b/misc.h 161+++ b/misc.h
162@@ -168,6 +168,8 @@ char *read_passphrase(const char *, int); 162@@ -167,6 +167,8 @@ int safe_path_fd(int, const char *, struct passwd *,
163 char *read_passphrase(const char *, int);
163 int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); 164 int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
164 int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *);
165 165
166+int secure_permissions(struct stat *st, uid_t uid); 166+int secure_permissions(struct stat *st, uid_t uid);
167+ 167+
@@ -169,10 +169,10 @@ index cdafea735..51943db90 100644
169 #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) 169 #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
170 #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) 170 #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y))
171diff --git a/readconf.c b/readconf.c 171diff --git a/readconf.c b/readconf.c
172index 7f2b5c172..50349e238 100644 172index 3fd0fe7b7..3ed6dfb54 100644
173--- a/readconf.c 173--- a/readconf.c
174+++ b/readconf.c 174+++ b/readconf.c
175@@ -1741,8 +1741,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, 175@@ -1795,8 +1795,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
176 176
177 if (fstat(fileno(f), &sb) == -1) 177 if (fstat(fileno(f), &sb) == -1)
178 fatal("fstat %s: %s", filename, strerror(errno)); 178 fatal("fstat %s: %s", filename, strerror(errno));
@@ -183,10 +183,10 @@ index 7f2b5c172..50349e238 100644
183 } 183 }
184 184
185diff --git a/ssh.1 b/ssh.1 185diff --git a/ssh.1 b/ssh.1
186index b4078525b..0ef7c1709 100644 186index b20908a5e..cb0fdd50e 100644
187--- a/ssh.1 187--- a/ssh.1
188+++ b/ssh.1 188+++ b/ssh.1
189@@ -1471,6 +1471,8 @@ The file format and configuration options are described in 189@@ -1475,6 +1475,8 @@ The file format and configuration options are described in
190 .Xr ssh_config 5 . 190 .Xr ssh_config 5 .
191 Because of the potential for abuse, this file must have strict permissions: 191 Because of the potential for abuse, this file must have strict permissions:
192 read/write for the user, and not writable by others. 192 read/write for the user, and not writable by others.
@@ -196,10 +196,10 @@ index b4078525b..0ef7c1709 100644
196 .It Pa ~/.ssh/environment 196 .It Pa ~/.ssh/environment
197 Contains additional definitions for environment variables; see 197 Contains additional definitions for environment variables; see
198diff --git a/ssh_config.5 b/ssh_config.5 198diff --git a/ssh_config.5 b/ssh_config.5
199index 32c3632c7..84dcd52cc 100644 199index 86ada128e..03341a229 100644
200--- a/ssh_config.5 200--- a/ssh_config.5
201+++ b/ssh_config.5 201+++ b/ssh_config.5
202@@ -1818,6 +1818,8 @@ The format of this file is described above. 202@@ -1813,6 +1813,8 @@ The format of this file is described above.
203 This file is used by the SSH client. 203 This file is used by the SSH client.
204 Because of the potential for abuse, this file must have strict permissions: 204 Because of the potential for abuse, this file must have strict permissions:
205 read/write for the user, and not accessible by others. 205 read/write for the user, and not accessible by others.