summaryrefslogtreecommitdiff
path: root/debian/patches
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2020-02-19 11:49:59 +0000
committerColin Watson <cjwatson@debian.org>2020-02-19 11:50:46 +0000
commitac2b4c0697fcac554041ab95f81736887eadf6ec (patch)
treefb9ae0d70482d4d40f8f6fe649bd80efe694d591 /debian/patches
parent42013fcd5152e17865cd439daa298ed738a61586 (diff)
parent2e128b223e8e73ace57a0726130bfbcf920d0f9e (diff)
ssh(1): Explain that -Y is equivalent to -X
Closes: #951640
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/conch-old-privkey-format.patch2
-rw-r--r--debian/patches/debian-config.patch23
-rw-r--r--debian/patches/regress-2020.patch2
-rw-r--r--debian/patches/restore-authorized_keys2.patch2
-rw-r--r--debian/patches/revert-ipqos-defaults.patch2
-rw-r--r--debian/patches/sandbox-seccomp-clock_gettime64.patch2
-rw-r--r--debian/patches/sandbox-seccomp-clock_nanosleep.patch2
-rw-r--r--debian/patches/sandbox-seccomp-clock_nanosleep_time64.patch2
-rw-r--r--debian/patches/sandbox-seccomp-ipc.patch2
9 files changed, 21 insertions, 18 deletions
diff --git a/debian/patches/conch-old-privkey-format.patch b/debian/patches/conch-old-privkey-format.patch
index e018ac639..ce7dc266e 100644
--- a/debian/patches/conch-old-privkey-format.patch
+++ b/debian/patches/conch-old-privkey-format.patch
@@ -1,4 +1,4 @@
1From bbce4380e516e8bfed1ae09af0bc3661e427794a Mon Sep 17 00:00:00 2001 1From 2e889a135439e6234502c813fa0ef2eb1fcd733c Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Thu, 30 Aug 2018 00:58:56 +0100 3Date: Thu, 30 Aug 2018 00:58:56 +0100
4Subject: Work around conch interoperability failure 4Subject: Work around conch interoperability failure
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index fe1e3f550..acb4e3ce9 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,4 +1,4 @@
1From 7abde40896668ce9debfe056c7dabc6a70ef7da4 Mon Sep 17 00:00:00 2001 1From 9a713cd4bbaef5ad4f1d28c1718fb6960ac257b3 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:10:18 +0000 3Date: Sun, 9 Feb 2014 16:10:18 +0000
4Subject: Various Debian-specific configuration changes 4Subject: Various Debian-specific configuration changes
@@ -26,17 +26,17 @@ Document all of this.
26 26
27Author: Russ Allbery <rra@debian.org> 27Author: Russ Allbery <rra@debian.org>
28Forwarded: not-needed 28Forwarded: not-needed
29Last-Update: 2017-10-04 29Last-Update: 2020-02-19
30 30
31Patch-Name: debian-config.patch 31Patch-Name: debian-config.patch
32--- 32---
33 readconf.c | 2 +- 33 readconf.c | 2 +-
34 ssh.1 | 21 +++++++++++++++++++++ 34 ssh.1 | 24 ++++++++++++++++++++++++
35 ssh_config | 6 +++++- 35 ssh_config | 6 +++++-
36 ssh_config.5 | 19 ++++++++++++++++++- 36 ssh_config.5 | 19 ++++++++++++++++++-
37 sshd_config | 16 ++++++++++------ 37 sshd_config | 16 ++++++++++------
38 sshd_config.5 | 22 ++++++++++++++++++++++ 38 sshd_config.5 | 22 ++++++++++++++++++++++
39 6 files changed, 77 insertions(+), 9 deletions(-) 39 6 files changed, 80 insertions(+), 9 deletions(-)
40 40
41diff --git a/readconf.c b/readconf.c 41diff --git a/readconf.c b/readconf.c
42index 16d2729dd..253574ce0 100644 42index 16d2729dd..253574ce0 100644
@@ -52,7 +52,7 @@ index 16d2729dd..253574ce0 100644
52 options->forward_x11_timeout = 1200; 52 options->forward_x11_timeout = 1200;
53 /* 53 /*
54diff --git a/ssh.1 b/ssh.1 54diff --git a/ssh.1 b/ssh.1
55index 24530e511..fd495da2c 100644 55index 24530e511..44a00d525 100644
56--- a/ssh.1 56--- a/ssh.1
57+++ b/ssh.1 57+++ b/ssh.1
58@@ -795,6 +795,16 @@ directive in 58@@ -795,6 +795,16 @@ directive in
@@ -72,14 +72,17 @@ index 24530e511..fd495da2c 100644
72 .It Fl x 72 .It Fl x
73 Disables X11 forwarding. 73 Disables X11 forwarding.
74 .Pp 74 .Pp
75@@ -803,6 +813,17 @@ Enables trusted X11 forwarding. 75@@ -803,6 +813,20 @@ Enables trusted X11 forwarding.
76 Trusted X11 forwardings are not subjected to the X11 SECURITY extension 76 Trusted X11 forwardings are not subjected to the X11 SECURITY extension
77 controls. 77 controls.
78 .Pp 78 .Pp
79+(Debian-specific: This option does nothing in the default configuration: it 79+(Debian-specific: In the default configuration, this option is equivalent to
80+is equivalent to 80+.Fl X ,
81+.Dq Cm ForwardX11Trusted No yes , 81+since
82+which is the default as described above. 82+.Cm ForwardX11Trusted
83+defaults to
84+.Dq yes
85+as described above.
83+Set the 86+Set the
84+.Cm ForwardX11Trusted 87+.Cm ForwardX11Trusted
85+option to 88+option to
diff --git a/debian/patches/regress-2020.patch b/debian/patches/regress-2020.patch
index b46e0df31..785945d33 100644
--- a/debian/patches/regress-2020.patch
+++ b/debian/patches/regress-2020.patch
@@ -1,4 +1,4 @@
1From df3ad29af495185aa9b051028ae94b965a4b1659 Mon Sep 17 00:00:00 2001 1From 7ee24da2b84bf463dd5e8611479fa7a5acaa40e4 Mon Sep 17 00:00:00 2001
2From: "djm@openbsd.org" <djm@openbsd.org> 2From: "djm@openbsd.org" <djm@openbsd.org>
3Date: Fri, 3 Jan 2020 03:02:26 +0000 3Date: Fri, 3 Jan 2020 03:02:26 +0000
4Subject: upstream: what bozo decided to use 2020 as a future date in a regress 4Subject: upstream: what bozo decided to use 2020 as a future date in a regress
diff --git a/debian/patches/restore-authorized_keys2.patch b/debian/patches/restore-authorized_keys2.patch
index ea5ea0396..15102b004 100644
--- a/debian/patches/restore-authorized_keys2.patch
+++ b/debian/patches/restore-authorized_keys2.patch
@@ -1,4 +1,4 @@
1From f0c916d8008c30809fef44469bee1b74426a3071 Mon Sep 17 00:00:00 2001 1From 5c1ed7182e928fcf03d11c1bcc51c26c2c42629d Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 5 Mar 2017 02:02:11 +0000 3Date: Sun, 5 Mar 2017 02:02:11 +0000
4Subject: Restore reading authorized_keys2 by default 4Subject: Restore reading authorized_keys2 by default
diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch
index 7fdfe246c..37a1fec98 100644
--- a/debian/patches/revert-ipqos-defaults.patch
+++ b/debian/patches/revert-ipqos-defaults.patch
@@ -1,4 +1,4 @@
1From cfa01c635debb10e05f5ac34d269809c77c582dc Mon Sep 17 00:00:00 2001 1From 08ef8cb952462442660914b42de3f84f31ec1a6d Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Mon, 8 Apr 2019 10:46:29 +0100 3Date: Mon, 8 Apr 2019 10:46:29 +0100
4Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP 4Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP
diff --git a/debian/patches/sandbox-seccomp-clock_gettime64.patch b/debian/patches/sandbox-seccomp-clock_gettime64.patch
index ad0d647a2..d3e0bc40c 100644
--- a/debian/patches/sandbox-seccomp-clock_gettime64.patch
+++ b/debian/patches/sandbox-seccomp-clock_gettime64.patch
@@ -1,4 +1,4 @@
1From 93e9440bae1818746e0cc7f2543001db9d0ea1ea Mon Sep 17 00:00:00 2001 1From ba675f490d681365db5a4e4ea6419e8690da6f30 Mon Sep 17 00:00:00 2001
2From: Khem Raj <raj.khem@gmail.com> 2From: Khem Raj <raj.khem@gmail.com>
3Date: Tue, 7 Jan 2020 16:26:45 -0800 3Date: Tue, 7 Jan 2020 16:26:45 -0800
4Subject: seccomp: Allow clock_gettime64() in sandbox. 4Subject: seccomp: Allow clock_gettime64() in sandbox.
diff --git a/debian/patches/sandbox-seccomp-clock_nanosleep.patch b/debian/patches/sandbox-seccomp-clock_nanosleep.patch
index ccf9d0b09..2023717b9 100644
--- a/debian/patches/sandbox-seccomp-clock_nanosleep.patch
+++ b/debian/patches/sandbox-seccomp-clock_nanosleep.patch
@@ -1,4 +1,4 @@
1From c80d266f4aed7224261b192b8e31ac87dc070cba Mon Sep 17 00:00:00 2001 1From cb38e55b8af8756b2d6d6f6a1c1a5f949e15b980 Mon Sep 17 00:00:00 2001
2From: Darren Tucker <dtucker@dtucker.net> 2From: Darren Tucker <dtucker@dtucker.net>
3Date: Wed, 13 Nov 2019 23:19:35 +1100 3Date: Wed, 13 Nov 2019 23:19:35 +1100
4Subject: seccomp: Allow clock_nanosleep() in sandbox. 4Subject: seccomp: Allow clock_nanosleep() in sandbox.
diff --git a/debian/patches/sandbox-seccomp-clock_nanosleep_time64.patch b/debian/patches/sandbox-seccomp-clock_nanosleep_time64.patch
index 8825d569d..b8d7ad569 100644
--- a/debian/patches/sandbox-seccomp-clock_nanosleep_time64.patch
+++ b/debian/patches/sandbox-seccomp-clock_nanosleep_time64.patch
@@ -1,4 +1,4 @@
1From c80c5e338c19964755f277b54b390016f5c829a4 Mon Sep 17 00:00:00 2001 1From f0cfb9ad4b83693731505c945c0685de64483c8d Mon Sep 17 00:00:00 2001
2From: Darren Tucker <dtucker@dtucker.net> 2From: Darren Tucker <dtucker@dtucker.net>
3Date: Mon, 16 Dec 2019 13:55:56 +1100 3Date: Mon, 16 Dec 2019 13:55:56 +1100
4Subject: Allow clock_nanosleep_time64 in seccomp sandbox. 4Subject: Allow clock_nanosleep_time64 in seccomp sandbox.
diff --git a/debian/patches/sandbox-seccomp-ipc.patch b/debian/patches/sandbox-seccomp-ipc.patch
index cbeb6613d..c84290726 100644
--- a/debian/patches/sandbox-seccomp-ipc.patch
+++ b/debian/patches/sandbox-seccomp-ipc.patch
@@ -1,4 +1,4 @@
1From 489e04f2c23327dd95981327d8757144a4e574af Mon Sep 17 00:00:00 2001 1From 2e128b223e8e73ace57a0726130bfbcf920d0f9e Mon Sep 17 00:00:00 2001
2From: Jeremy Drake <github@jdrake.com> 2From: Jeremy Drake <github@jdrake.com>
3Date: Fri, 11 Oct 2019 18:31:05 -0700 3Date: Fri, 11 Oct 2019 18:31:05 -0700
4Subject: Deny (non-fatal) ipc in preauth privsep child. 4Subject: Deny (non-fatal) ipc in preauth privsep child.