diff options
| author | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2012-09-07 00:20:47 +0100 |
| commit | eab78da6a54225de06271d9c8da650f04a55ed88 (patch) | |
| tree | aa258ca77515939f6d89317ff67fbcb0bca08b24 /debian/patches/user-group-modes.patch | |
| parent | a26f5de49df59322fde07f7be91b3e3969c9c238 (diff) | |
| parent | c6a2c0334e45419875687d250aed9bea78480f2e (diff) | |
* New upstream release (http://www.openssh.com/txt/release-6.1).
- Enable pre-auth sandboxing by default for new installs.
- Allow "PermitOpen none" to refuse all port-forwarding requests
(closes: #543683).
Diffstat (limited to 'debian/patches/user-group-modes.patch')
| -rw-r--r-- | debian/patches/user-group-modes.patch | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 8e4ee3eb1..1368ccb3c 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
| @@ -51,7 +51,7 @@ Index: b/ssh_config.5 | |||
| 51 | =================================================================== | 51 | =================================================================== |
| 52 | --- a/ssh_config.5 | 52 | --- a/ssh_config.5 |
| 53 | +++ b/ssh_config.5 | 53 | +++ b/ssh_config.5 |
| 54 | @@ -1343,6 +1343,8 @@ | 54 | @@ -1342,6 +1342,8 @@ |
| 55 | This file is used by the SSH client. | 55 | This file is used by the SSH client. |
| 56 | Because of the potential for abuse, this file must have strict permissions: | 56 | Because of the potential for abuse, this file must have strict permissions: |
| 57 | read/write for the user, and not accessible by others. | 57 | read/write for the user, and not accessible by others. |
| @@ -64,7 +64,7 @@ Index: b/auth.c | |||
| 64 | =================================================================== | 64 | =================================================================== |
| 65 | --- a/auth.c | 65 | --- a/auth.c |
| 66 | +++ b/auth.c | 66 | +++ b/auth.c |
| 67 | @@ -380,8 +380,7 @@ | 67 | @@ -381,8 +381,7 @@ |
| 68 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); | 68 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); |
| 69 | if (options.strict_modes && | 69 | if (options.strict_modes && |
| 70 | (stat(user_hostfile, &st) == 0) && | 70 | (stat(user_hostfile, &st) == 0) && |
| @@ -74,7 +74,7 @@ Index: b/auth.c | |||
| 74 | logit("Authentication refused for %.100s: " | 74 | logit("Authentication refused for %.100s: " |
| 75 | "bad owner or modes for %.200s", | 75 | "bad owner or modes for %.200s", |
| 76 | pw->pw_name, user_hostfile); | 76 | pw->pw_name, user_hostfile); |
| 77 | @@ -442,8 +441,7 @@ | 77 | @@ -443,8 +442,7 @@ |
| 78 | 78 | ||
| 79 | /* check the open file to avoid races */ | 79 | /* check the open file to avoid races */ |
| 80 | if (fstat(fileno(f), &st) < 0 || | 80 | if (fstat(fileno(f), &st) < 0 || |
| @@ -84,7 +84,7 @@ Index: b/auth.c | |||
| 84 | snprintf(err, errlen, "bad ownership or modes for file %s", | 84 | snprintf(err, errlen, "bad ownership or modes for file %s", |
| 85 | buf); | 85 | buf); |
| 86 | return -1; | 86 | return -1; |
| 87 | @@ -458,8 +456,7 @@ | 87 | @@ -459,8 +457,7 @@ |
| 88 | strlcpy(buf, cp, sizeof(buf)); | 88 | strlcpy(buf, cp, sizeof(buf)); |
| 89 | 89 | ||
| 90 | if (stat(buf, &st) < 0 || | 90 | if (stat(buf, &st) < 0 || |