Drop ssh-vulnkey

Drop ssh-vulnkey and the associated ssh/ssh-add/sshd integration code, leaving only basic configuration file compatibility, since it has been nearly six years since the original vulnerability and this code is not likely to be of much value any more. See https://lists.debian.org/debian-devel/2013/09/msg00240.html for my full reasoning.
author: Colin Watson <cjwatson@debian.org> 2014-02-09 23:45:24 +0000
committer: Colin Watson <cjwatson@debian.org> 2014-02-09 23:47:26 +0000
commit: d62fa90d496ae9532d8c1426b177e12d3c5ac03b (patch)
tree: 3179fea9631a318c8a0782dedc7cd690f201af69 /debian/patches/user-group-modes.patch
parent: d26565af8589d88f824b26f31da493f1056efcf4 (diff)
parent: b65a0ded7a8cfe7d351e28266d7851216d679e05 (diff)
1 files changed, 10 insertions, 10 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 9382d5086..cfc14523a 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From 7016a7e8a6b854833132db253fd5e392984bd4ea Mon Sep 17 00:00:00 2001
+From 2bb37315c1e077bc176e703fbf0028a1f6315d37 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:58 +0000
 Subject: Allow harmless group-writability
@@ -52,10 +52,10 @@ index 06ae7f0..f202787 100644
                            pw->pw_name, buf);
                        auth_debug_add("Bad file modes for %.200s", buf);
 diff --git a/auth.c b/auth.c
-index 6662e9a..7f6c6c8 100644
+index 9a36f1d..0c45f09 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -408,8 +408,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
+@@ -407,8 +407,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host,
                user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
                if (options.strict_modes &&
                    (stat(user_hostfile, &st) == 0) &&
@@ -65,7 +65,7 @@ index 6662e9a..7f6c6c8 100644
                        logit("Authentication refused for %.100s: "
                            "bad owner or modes for %.200s",
                            pw->pw_name, user_hostfile);
-@@ -471,8 +470,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -470,8 +469,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
                snprintf(err, errlen, "%s is not a regular file", buf);
                return -1;
        }
@@ -75,7 +75,7 @@ index 6662e9a..7f6c6c8 100644
                snprintf(err, errlen, "bad ownership or modes for file %s",
                    buf);
                return -1;
-@@ -487,8 +485,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -486,8 +484,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir,
                strlcpy(buf, cp, sizeof(buf));
 
                if (stat(buf, &st) < 0 ||
@@ -216,7 +216,7 @@ index a962f15..0b3bee1 100644
 -       return 0;
 -}
 diff --git a/readconf.c b/readconf.c
-index 2dcbf31..389de7d 100644
+index dab7963..c741934 100644
 --- a/readconf.c
 +++ b/readconf.c
 @@ -30,6 +30,8 @@
@@ -228,7 +228,7 @@ index 2dcbf31..389de7d 100644
 #ifdef HAVE_UTIL_H
 #include <util.h>
 #endif
-@@ -1160,8 +1162,7 @@ read_config_file(const char *filename, const char *host, Options *options,
+@@ -1155,8 +1157,7 @@ read_config_file(const char *filename, const char *host, Options *options,
 
                if (fstat(fileno(f), &sb) == -1)
                        fatal("fstat %s: %s", filename, strerror(errno));
@@ -239,7 +239,7 @@ index 2dcbf31..389de7d 100644
        }
 
 diff --git a/ssh.1 b/ssh.1
-index 66a7007..0b38ae1 100644
+index 62292cc..05ae6ad 100644
 --- a/ssh.1
 +++ b/ssh.1
 @@ -1338,6 +1338,8 @@ The file format and configuration options are described in
@@ -252,10 +252,10 @@ index 66a7007..0b38ae1 100644
 .It Pa ~/.ssh/environment
 Contains additional definitions for environment variables; see
 diff --git a/ssh_config.5 b/ssh_config.5
-index 135d833..1497cfc 100644
+index 6948680..a1e18d2 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -1382,6 +1382,8 @@ The format of this file is described above.
+@@ -1365,6 +1365,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
author	Colin Watson <cjwatson@debian.org>	2014-02-09 23:45:24 +0000
committer	Colin Watson <cjwatson@debian.org>	2014-02-09 23:47:26 +0000
commit	d62fa90d496ae9532d8c1426b177e12d3c5ac03b (patch)
tree	3179fea9631a318c8a0782dedc7cd690f201af69 /debian/patches/user-group-modes.patch
parent	d26565af8589d88f824b26f31da493f1056efcf4 (diff)
parent	b65a0ded7a8cfe7d351e28266d7851216d679e05 (diff)

diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 9382d5086..cfc14523a 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
1	From 7016a7e8a6b854833132db253fd5e392984bd4ea Mon Sep 17 00:00:00 2001	1	From 2bb37315c1e077bc176e703fbf0028a1f6315d37 Mon Sep 17 00:00:00 2001
2	From: Colin Watson <cjwatson@debian.org>	2	From: Colin Watson <cjwatson@debian.org>
3	Date: Sun, 9 Feb 2014 16:09:58 +0000	3	Date: Sun, 9 Feb 2014 16:09:58 +0000
4	Subject: Allow harmless group-writability	4	Subject: Allow harmless group-writability
@@ -52,10 +52,10 @@ index 06ae7f0..f202787 100644
52	pw->pw_name, buf);	52	pw->pw_name, buf);
53	auth_debug_add("Bad file modes for %.200s", buf);	53	auth_debug_add("Bad file modes for %.200s", buf);
54	diff --git a/auth.c b/auth.c	54	diff --git a/auth.c b/auth.c
55	index 6662e9a..7f6c6c8 100644	55	index 9a36f1d..0c45f09 100644
56	--- a/auth.c	56	--- a/auth.c
57	+++ b/auth.c	57	+++ b/auth.c
58	@@ -408,8 +408,7 @@ check_key_in_hostfiles(struct passwd pw, Key key, const char *host,	58	@@ -407,8 +407,7 @@ check_key_in_hostfiles(struct passwd pw, Key key, const char *host,
59	user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);	59	user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
60	if (options.strict_modes &&	60	if (options.strict_modes &&
61	(stat(user_hostfile, &st) == 0) &&	61	(stat(user_hostfile, &st) == 0) &&
@@ -65,7 +65,7 @@ index 6662e9a..7f6c6c8 100644
65	logit("Authentication refused for %.100s: "	65	logit("Authentication refused for %.100s: "
66	"bad owner or modes for %.200s",	66	"bad owner or modes for %.200s",
67	pw->pw_name, user_hostfile);	67	pw->pw_name, user_hostfile);
68	@@ -471,8 +470,7 @@ auth_secure_path(const char name, struct stat stp, const char *pw_dir,	68	@@ -470,8 +469,7 @@ auth_secure_path(const char name, struct stat stp, const char *pw_dir,
69	snprintf(err, errlen, "%s is not a regular file", buf);	69	snprintf(err, errlen, "%s is not a regular file", buf);
70	return -1;	70	return -1;
71	}	71	}
@@ -75,7 +75,7 @@ index 6662e9a..7f6c6c8 100644
75	snprintf(err, errlen, "bad ownership or modes for file %s",	75	snprintf(err, errlen, "bad ownership or modes for file %s",
76	buf);	76	buf);
77	return -1;	77	return -1;
78	@@ -487,8 +485,7 @@ auth_secure_path(const char name, struct stat stp, const char *pw_dir,	78	@@ -486,8 +484,7 @@ auth_secure_path(const char name, struct stat stp, const char *pw_dir,
79	strlcpy(buf, cp, sizeof(buf));	79	strlcpy(buf, cp, sizeof(buf));
80		80
81	if (stat(buf, &st) < 0 \|\|	81	if (stat(buf, &st) < 0 \|\|
@@ -216,7 +216,7 @@ index a962f15..0b3bee1 100644
216	- return 0;	216	- return 0;
217	-}	217	-}
218	diff --git a/readconf.c b/readconf.c	218	diff --git a/readconf.c b/readconf.c
219	index 2dcbf31..389de7d 100644	219	index dab7963..c741934 100644
220	--- a/readconf.c	220	--- a/readconf.c
221	+++ b/readconf.c	221	+++ b/readconf.c
222	@@ -30,6 +30,8 @@	222	@@ -30,6 +30,8 @@
@@ -228,7 +228,7 @@ index 2dcbf31..389de7d 100644
228	#ifdef HAVE_UTIL_H	228	#ifdef HAVE_UTIL_H
229	#include <util.h>	229	#include <util.h>
230	#endif	230	#endif
231	@@ -1160,8 +1162,7 @@ read_config_file(const char filename, const char host, Options *options,	231	@@ -1155,8 +1157,7 @@ read_config_file(const char filename, const char host, Options *options,
232		232
233	if (fstat(fileno(f), &sb) == -1)	233	if (fstat(fileno(f), &sb) == -1)
234	fatal("fstat %s: %s", filename, strerror(errno));	234	fatal("fstat %s: %s", filename, strerror(errno));
@@ -239,7 +239,7 @@ index 2dcbf31..389de7d 100644
239	}	239	}
240		240
241	diff --git a/ssh.1 b/ssh.1	241	diff --git a/ssh.1 b/ssh.1
242	index 66a7007..0b38ae1 100644	242	index 62292cc..05ae6ad 100644
243	--- a/ssh.1	243	--- a/ssh.1
244	+++ b/ssh.1	244	+++ b/ssh.1
245	@@ -1338,6 +1338,8 @@ The file format and configuration options are described in	245	@@ -1338,6 +1338,8 @@ The file format and configuration options are described in
@@ -252,10 +252,10 @@ index 66a7007..0b38ae1 100644
252	.It Pa ~/.ssh/environment	252	.It Pa ~/.ssh/environment
253	Contains additional definitions for environment variables; see	253	Contains additional definitions for environment variables; see
254	diff --git a/ssh_config.5 b/ssh_config.5	254	diff --git a/ssh_config.5 b/ssh_config.5
255	index 135d833..1497cfc 100644	255	index 6948680..a1e18d2 100644
256	--- a/ssh_config.5	256	--- a/ssh_config.5
257	+++ b/ssh_config.5	257	+++ b/ssh_config.5
258	@@ -1382,6 +1382,8 @@ The format of this file is described above.	258	@@ -1365,6 +1365,8 @@ The format of this file is described above.
259	This file is used by the SSH client.	259	This file is used by the SSH client.
260	Because of the potential for abuse, this file must have strict permissions:	260	Because of the potential for abuse, this file must have strict permissions:
261	read/write for the user, and not accessible by others.	261	read/write for the user, and not accessible by others.