diff options
author | Colin Watson <cjwatson@debian.org> | 2013-05-16 14:04:24 +0100 |
---|---|---|
committer | Colin Watson <cjwatson@debian.org> | 2013-05-16 14:04:24 +0100 |
commit | 031d51614426a5d5ad42f971831df373f5d6e6d8 (patch) | |
tree | 6a66dc70fd3444ea8064f25256bd2fccdce6e3cd /debian | |
parent | 43587d4ea4349c7b98edcde117f37e6ca2e1b674 (diff) | |
parent | 328b60656f29db6306994d7498dede386ec2d1c3 (diff) |
* New upstream release (http://www.openssh.com/txt/release-6.2p2):
- Only warn for missing identity files that were explicitly specified
(closes: #708275).
- Fix bug in contributed contrib/ssh-copy-id script that could result in
"rm *" being called on mktemp failure (closes: #708419).
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 10 | ||||
-rw-r--r-- | debian/patches/debian-config.patch | 4 | ||||
-rw-r--r-- | debian/patches/gssapi.patch | 8 | ||||
-rw-r--r-- | debian/patches/keepalive-extensions.patch | 6 | ||||
-rw-r--r-- | debian/patches/mention-ssh-keygen-on-keychange.patch | 6 | ||||
-rw-r--r-- | debian/patches/package-versioning.patch | 6 | ||||
-rw-r--r-- | debian/patches/shell-path.patch | 6 | ||||
-rw-r--r-- | debian/patches/ssh-vulnkey.patch | 12 | ||||
-rw-r--r-- | debian/patches/syslog-level-silent.patch | 4 | ||||
-rw-r--r-- | debian/patches/user-group-modes.patch | 4 |
10 files changed, 38 insertions, 28 deletions
diff --git a/debian/changelog b/debian/changelog index b63fe90e9..b048e8927 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,13 @@ | |||
1 | openssh (1:6.2p2-1) UNRELEASED; urgency=low | ||
2 | |||
3 | * New upstream release (http://www.openssh.com/txt/release-6.2p2): | ||
4 | - Only warn for missing identity files that were explicitly specified | ||
5 | (closes: #708275). | ||
6 | - Fix bug in contributed contrib/ssh-copy-id script that could result in | ||
7 | "rm *" being called on mktemp failure (closes: #708419). | ||
8 | |||
9 | -- Colin Watson <cjwatson@debian.org> Thu, 16 May 2013 13:56:20 +0100 | ||
10 | |||
1 | openssh (1:6.2p1-3) unstable; urgency=low | 11 | openssh (1:6.2p1-3) unstable; urgency=low |
2 | 12 | ||
3 | * Renumber Debian-specific additions to enum monitor_reqtype so that they | 13 | * Renumber Debian-specific additions to enum monitor_reqtype so that they |
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index 77e807502..45a8364ca 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch | |||
@@ -18,13 +18,13 @@ Description: Various Debian-specific configuration changes | |||
18 | Author: Colin Watson <cjwatson@debian.org> | 18 | Author: Colin Watson <cjwatson@debian.org> |
19 | Author: Russ Allbery <rra@debian.org> | 19 | Author: Russ Allbery <rra@debian.org> |
20 | Forwarded: not-needed | 20 | Forwarded: not-needed |
21 | Last-Update: 2013-05-07 | 21 | Last-Update: 2013-05-16 |
22 | 22 | ||
23 | Index: b/readconf.c | 23 | Index: b/readconf.c |
24 | =================================================================== | 24 | =================================================================== |
25 | --- a/readconf.c | 25 | --- a/readconf.c |
26 | +++ b/readconf.c | 26 | +++ b/readconf.c |
27 | @@ -1269,7 +1269,7 @@ | 27 | @@ -1288,7 +1288,7 @@ |
28 | if (options->forward_x11 == -1) | 28 | if (options->forward_x11 == -1) |
29 | options->forward_x11 = 0; | 29 | options->forward_x11 = 0; |
30 | if (options->forward_x11_trusted == -1) | 30 | if (options->forward_x11_trusted == -1) |
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index ce50db505..416e2f16c 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
@@ -13,7 +13,7 @@ Description: GSSAPI key exchange support | |||
13 | security history. | 13 | security history. |
14 | Author: Simon Wilkinson <simon@sxw.org.uk> | 14 | Author: Simon Wilkinson <simon@sxw.org.uk> |
15 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 | 15 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242 |
16 | Last-Updated: 2013-05-13 | 16 | Last-Updated: 2013-05-16 |
17 | 17 | ||
18 | Index: b/ChangeLog.gssapi | 18 | Index: b/ChangeLog.gssapi |
19 | =================================================================== | 19 | =================================================================== |
@@ -2327,7 +2327,7 @@ Index: b/readconf.c | |||
2327 | #endif | 2327 | #endif |
2328 | { "fallbacktorsh", oDeprecated }, | 2328 | { "fallbacktorsh", oDeprecated }, |
2329 | { "usersh", oDeprecated }, | 2329 | { "usersh", oDeprecated }, |
2330 | @@ -483,10 +494,30 @@ | 2330 | @@ -503,10 +514,30 @@ |
2331 | intptr = &options->gss_authentication; | 2331 | intptr = &options->gss_authentication; |
2332 | goto parse_flag; | 2332 | goto parse_flag; |
2333 | 2333 | ||
@@ -2358,7 +2358,7 @@ Index: b/readconf.c | |||
2358 | case oBatchMode: | 2358 | case oBatchMode: |
2359 | intptr = &options->batch_mode; | 2359 | intptr = &options->batch_mode; |
2360 | goto parse_flag; | 2360 | goto parse_flag; |
2361 | @@ -1139,7 +1170,12 @@ | 2361 | @@ -1158,7 +1189,12 @@ |
2362 | options->pubkey_authentication = -1; | 2362 | options->pubkey_authentication = -1; |
2363 | options->challenge_response_authentication = -1; | 2363 | options->challenge_response_authentication = -1; |
2364 | options->gss_authentication = -1; | 2364 | options->gss_authentication = -1; |
@@ -2371,7 +2371,7 @@ Index: b/readconf.c | |||
2371 | options->password_authentication = -1; | 2371 | options->password_authentication = -1; |
2372 | options->kbd_interactive_authentication = -1; | 2372 | options->kbd_interactive_authentication = -1; |
2373 | options->kbd_interactive_devices = NULL; | 2373 | options->kbd_interactive_devices = NULL; |
2374 | @@ -1239,8 +1275,14 @@ | 2374 | @@ -1258,8 +1294,14 @@ |
2375 | options->challenge_response_authentication = 1; | 2375 | options->challenge_response_authentication = 1; |
2376 | if (options->gss_authentication == -1) | 2376 | if (options->gss_authentication == -1) |
2377 | options->gss_authentication = 0; | 2377 | options->gss_authentication = 0; |
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch index 028bd62e5..98e9f8bdd 100644 --- a/debian/patches/keepalive-extensions.patch +++ b/debian/patches/keepalive-extensions.patch | |||
@@ -12,7 +12,7 @@ Author: Richard Kettlewell <rjk@greenend.org.uk> | |||
12 | Author: Ian Jackson <ian@chiark.greenend.org.uk> | 12 | Author: Ian Jackson <ian@chiark.greenend.org.uk> |
13 | Author: Matthew Vernon <matthew@debian.org> | 13 | Author: Matthew Vernon <matthew@debian.org> |
14 | Author: Colin Watson <cjwatson@debian.org> | 14 | Author: Colin Watson <cjwatson@debian.org> |
15 | Last-Update: 2013-05-07 | 15 | Last-Update: 2013-05-16 |
16 | 16 | ||
17 | Index: b/readconf.c | 17 | Index: b/readconf.c |
18 | =================================================================== | 18 | =================================================================== |
@@ -35,7 +35,7 @@ Index: b/readconf.c | |||
35 | 35 | ||
36 | { NULL, oBadOption } | 36 | { NULL, oBadOption } |
37 | }; | 37 | }; |
38 | @@ -915,6 +918,8 @@ | 38 | @@ -933,6 +936,8 @@ |
39 | goto parse_flag; | 39 | goto parse_flag; |
40 | 40 | ||
41 | case oServerAliveInterval: | 41 | case oServerAliveInterval: |
@@ -44,7 +44,7 @@ Index: b/readconf.c | |||
44 | intptr = &options->server_alive_interval; | 44 | intptr = &options->server_alive_interval; |
45 | goto parse_time; | 45 | goto parse_time; |
46 | 46 | ||
47 | @@ -1386,8 +1391,13 @@ | 47 | @@ -1392,8 +1397,13 @@ |
48 | options->rekey_limit = 0; | 48 | options->rekey_limit = 0; |
49 | if (options->verify_host_key_dns == -1) | 49 | if (options->verify_host_key_dns == -1) |
50 | options->verify_host_key_dns = 0; | 50 | options->verify_host_key_dns = 0; |
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch index fa7c725b4..fd1b6f9f5 100644 --- a/debian/patches/mention-ssh-keygen-on-keychange.patch +++ b/debian/patches/mention-ssh-keygen-on-keychange.patch | |||
@@ -2,13 +2,13 @@ Description: Mention ssh-keygen in ssh fingerprint changed warning | |||
2 | Author: Scott Moser <smoser@ubuntu.com> | 2 | Author: Scott Moser <smoser@ubuntu.com> |
3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843 | 3 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843 |
4 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607 | 4 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607 |
5 | Last-Update: 2013-05-07 | 5 | Last-Update: 2013-05-16 |
6 | 6 | ||
7 | Index: b/sshconnect.c | 7 | Index: b/sshconnect.c |
8 | =================================================================== | 8 | =================================================================== |
9 | --- a/sshconnect.c | 9 | --- a/sshconnect.c |
10 | +++ b/sshconnect.c | 10 | +++ b/sshconnect.c |
11 | @@ -975,9 +975,12 @@ | 11 | @@ -982,9 +982,12 @@ |
12 | error("%s. This could either mean that", key_msg); | 12 | error("%s. This could either mean that", key_msg); |
13 | error("DNS SPOOFING is happening or the IP address for the host"); | 13 | error("DNS SPOOFING is happening or the IP address for the host"); |
14 | error("and its host key have changed at the same time."); | 14 | error("and its host key have changed at the same time."); |
@@ -22,7 +22,7 @@ Index: b/sshconnect.c | |||
22 | } | 22 | } |
23 | /* The host key has changed. */ | 23 | /* The host key has changed. */ |
24 | warn_changed_key(host_key); | 24 | warn_changed_key(host_key); |
25 | @@ -985,6 +988,8 @@ | 25 | @@ -992,6 +995,8 @@ |
26 | user_hostfiles[0]); | 26 | user_hostfiles[0]); |
27 | error("Offending %s key in %s:%lu", key_type(host_found->key), | 27 | error("Offending %s key in %s:%lu", key_type(host_found->key), |
28 | host_found->file, host_found->line); | 28 | host_found->file, host_found->line); |
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch index c337ad671..b922a185b 100644 --- a/debian/patches/package-versioning.patch +++ b/debian/patches/package-versioning.patch | |||
@@ -5,13 +5,13 @@ Description: Include the Debian version in our identification | |||
5 | vulnerable-looking version strings. (However, see debian-banner.patch.) | 5 | vulnerable-looking version strings. (However, see debian-banner.patch.) |
6 | Author: Matthew Vernon <matthew@debian.org> | 6 | Author: Matthew Vernon <matthew@debian.org> |
7 | Forwarded: not-needed | 7 | Forwarded: not-needed |
8 | Last-Update: 2013-05-07 | 8 | Last-Update: 2013-05-16 |
9 | 9 | ||
10 | Index: b/sshconnect.c | 10 | Index: b/sshconnect.c |
11 | =================================================================== | 11 | =================================================================== |
12 | --- a/sshconnect.c | 12 | --- a/sshconnect.c |
13 | +++ b/sshconnect.c | 13 | +++ b/sshconnect.c |
14 | @@ -435,10 +435,10 @@ | 14 | @@ -442,10 +442,10 @@ |
15 | /* Send our own protocol version identification. */ | 15 | /* Send our own protocol version identification. */ |
16 | if (compat20) { | 16 | if (compat20) { |
17 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", | 17 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", |
@@ -44,7 +44,7 @@ Index: b/version.h | |||
44 | @@ -3,4 +3,9 @@ | 44 | @@ -3,4 +3,9 @@ |
45 | #define SSH_VERSION "OpenSSH_6.2" | 45 | #define SSH_VERSION "OpenSSH_6.2" |
46 | 46 | ||
47 | #define SSH_PORTABLE "p1" | 47 | #define SSH_PORTABLE "p2" |
48 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 48 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
49 | +#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE | 49 | +#define SSH_RELEASE_MINIMUM SSH_VERSION SSH_PORTABLE |
50 | +#ifdef SSH_EXTRAVERSION | 50 | +#ifdef SSH_EXTRAVERSION |
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch index 4c4532e99..d4cbc3e5f 100644 --- a/debian/patches/shell-path.patch +++ b/debian/patches/shell-path.patch | |||
@@ -4,13 +4,13 @@ Description: Look for $SHELL on the path for ProxyCommand/LocalCommand | |||
4 | Author: Colin Watson <cjwatson@debian.org> | 4 | Author: Colin Watson <cjwatson@debian.org> |
5 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494 | 5 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494 |
6 | Bug-Debian: http://bugs.debian.org/492728 | 6 | Bug-Debian: http://bugs.debian.org/492728 |
7 | Last-Update: 2013-05-07 | 7 | Last-Update: 2013-05-16 |
8 | 8 | ||
9 | Index: b/sshconnect.c | 9 | Index: b/sshconnect.c |
10 | =================================================================== | 10 | =================================================================== |
11 | --- a/sshconnect.c | 11 | --- a/sshconnect.c |
12 | +++ b/sshconnect.c | 12 | +++ b/sshconnect.c |
13 | @@ -144,7 +144,7 @@ | 13 | @@ -151,7 +151,7 @@ |
14 | /* Execute the proxy command. Note that we gave up any | 14 | /* Execute the proxy command. Note that we gave up any |
15 | extra privileges above. */ | 15 | extra privileges above. */ |
16 | signal(SIGPIPE, SIG_DFL); | 16 | signal(SIGPIPE, SIG_DFL); |
@@ -19,7 +19,7 @@ Index: b/sshconnect.c | |||
19 | perror(argv[0]); | 19 | perror(argv[0]); |
20 | exit(1); | 20 | exit(1); |
21 | } | 21 | } |
22 | @@ -1292,7 +1292,7 @@ | 22 | @@ -1299,7 +1299,7 @@ |
23 | if (pid == 0) { | 23 | if (pid == 0) { |
24 | signal(SIGPIPE, SIG_DFL); | 24 | signal(SIGPIPE, SIG_DFL); |
25 | debug3("Executing %s -c \"%s\"", shell, args); | 25 | debug3("Executing %s -c \"%s\"", shell, args); |
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch index b7531cce0..03d6f15d9 100644 --- a/debian/patches/ssh-vulnkey.patch +++ b/debian/patches/ssh-vulnkey.patch | |||
@@ -8,7 +8,7 @@ Description: Reject vulnerable keys to mitigate Debian OpenSSL flaw | |||
8 | See CVE-2008-0166. | 8 | See CVE-2008-0166. |
9 | Author: Colin Watson <cjwatson@ubuntu.com> | 9 | Author: Colin Watson <cjwatson@ubuntu.com> |
10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469 | 10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469 |
11 | Last-Update: 2013-05-07 | 11 | Last-Update: 2013-05-16 |
12 | 12 | ||
13 | Index: b/Makefile.in | 13 | Index: b/Makefile.in |
14 | =================================================================== | 14 | =================================================================== |
@@ -420,7 +420,7 @@ Index: b/readconf.c | |||
420 | { "rsaauthentication", oRSAAuthentication }, | 420 | { "rsaauthentication", oRSAAuthentication }, |
421 | { "pubkeyauthentication", oPubkeyAuthentication }, | 421 | { "pubkeyauthentication", oPubkeyAuthentication }, |
422 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ | 422 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
423 | @@ -490,6 +492,10 @@ | 423 | @@ -510,6 +512,10 @@ |
424 | intptr = &options->challenge_response_authentication; | 424 | intptr = &options->challenge_response_authentication; |
425 | goto parse_flag; | 425 | goto parse_flag; |
426 | 426 | ||
@@ -431,7 +431,7 @@ Index: b/readconf.c | |||
431 | case oGssAuthentication: | 431 | case oGssAuthentication: |
432 | intptr = &options->gss_authentication; | 432 | intptr = &options->gss_authentication; |
433 | goto parse_flag; | 433 | goto parse_flag; |
434 | @@ -1181,6 +1187,7 @@ | 434 | @@ -1200,6 +1206,7 @@ |
435 | options->kbd_interactive_devices = NULL; | 435 | options->kbd_interactive_devices = NULL; |
436 | options->rhosts_rsa_authentication = -1; | 436 | options->rhosts_rsa_authentication = -1; |
437 | options->hostbased_authentication = -1; | 437 | options->hostbased_authentication = -1; |
@@ -439,7 +439,7 @@ Index: b/readconf.c | |||
439 | options->batch_mode = -1; | 439 | options->batch_mode = -1; |
440 | options->check_host_ip = -1; | 440 | options->check_host_ip = -1; |
441 | options->strict_host_key_checking = -1; | 441 | options->strict_host_key_checking = -1; |
442 | @@ -1291,6 +1298,8 @@ | 442 | @@ -1310,6 +1317,8 @@ |
443 | options->rhosts_rsa_authentication = 0; | 443 | options->rhosts_rsa_authentication = 0; |
444 | if (options->hostbased_authentication == -1) | 444 | if (options->hostbased_authentication == -1) |
445 | options->hostbased_authentication = 0; | 445 | options->hostbased_authentication = 0; |
@@ -1247,7 +1247,7 @@ Index: b/ssh.c | |||
1247 | =================================================================== | 1247 | =================================================================== |
1248 | --- a/ssh.c | 1248 | --- a/ssh.c |
1249 | +++ b/ssh.c | 1249 | +++ b/ssh.c |
1250 | @@ -1495,7 +1495,7 @@ | 1250 | @@ -1492,7 +1492,7 @@ |
1251 | static void | 1251 | static void |
1252 | load_public_identity_files(void) | 1252 | load_public_identity_files(void) |
1253 | { | 1253 | { |
@@ -1256,7 +1256,7 @@ Index: b/ssh.c | |||
1256 | char *pwdir = NULL, *pwname = NULL; | 1256 | char *pwdir = NULL, *pwname = NULL; |
1257 | int i = 0; | 1257 | int i = 0; |
1258 | Key *public; | 1258 | Key *public; |
1259 | @@ -1552,6 +1552,22 @@ | 1259 | @@ -1550,6 +1550,22 @@ |
1260 | public = key_load_public(filename, NULL); | 1260 | public = key_load_public(filename, NULL); |
1261 | debug("identity file %s type %d", filename, | 1261 | debug("identity file %s type %d", filename, |
1262 | public ? public->type : -1); | 1262 | public ? public->type : -1); |
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch index 3dfc89027..2bac7c8cb 100644 --- a/debian/patches/syslog-level-silent.patch +++ b/debian/patches/syslog-level-silent.patch | |||
@@ -8,7 +8,7 @@ Description: "LogLevel SILENT" compatibility | |||
8 | Author: Jonathan David Amery <jdamery@ysolde.ucam.org> | 8 | Author: Jonathan David Amery <jdamery@ysolde.ucam.org> |
9 | Author: Matthew Vernon <matthew@debian.org> | 9 | Author: Matthew Vernon <matthew@debian.org> |
10 | Author: Colin Watson <cjwatson@debian.org> | 10 | Author: Colin Watson <cjwatson@debian.org> |
11 | Last-Update: 2010-03-31 | 11 | Last-Update: 2013-05-16 |
12 | 12 | ||
13 | Index: b/log.c | 13 | Index: b/log.c |
14 | =================================================================== | 14 | =================================================================== |
@@ -26,7 +26,7 @@ Index: b/ssh.c | |||
26 | =================================================================== | 26 | =================================================================== |
27 | --- a/ssh.c | 27 | --- a/ssh.c |
28 | +++ b/ssh.c | 28 | +++ b/ssh.c |
29 | @@ -714,7 +714,7 @@ | 29 | @@ -711,7 +711,7 @@ |
30 | /* Do not allocate a tty if stdin is not a tty. */ | 30 | /* Do not allocate a tty if stdin is not a tty. */ |
31 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && | 31 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && |
32 | options.request_tty != REQUEST_TTY_FORCE) { | 32 | options.request_tty != REQUEST_TTY_FORCE) { |
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 64ecbd7c8..d0de9c006 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
@@ -9,7 +9,7 @@ Description: Allow harmless group-writability | |||
9 | Author: Colin Watson <cjwatson@debian.org> | 9 | Author: Colin Watson <cjwatson@debian.org> |
10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 | 10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 |
11 | Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 | 11 | Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 |
12 | Last-Update: 2013-05-07 | 12 | Last-Update: 2013-05-16 |
13 | 13 | ||
14 | Index: b/readconf.c | 14 | Index: b/readconf.c |
15 | =================================================================== | 15 | =================================================================== |
@@ -24,7 +24,7 @@ Index: b/readconf.c | |||
24 | 24 | ||
25 | #include "xmalloc.h" | 25 | #include "xmalloc.h" |
26 | #include "ssh.h" | 26 | #include "ssh.h" |
27 | @@ -1132,8 +1134,7 @@ | 27 | @@ -1150,8 +1152,7 @@ |
28 | 28 | ||
29 | if (fstat(fileno(f), &sb) == -1) | 29 | if (fstat(fileno(f), &sb) == -1) |
30 | fatal("fstat %s: %s", filename, strerror(errno)); | 30 | fatal("fstat %s: %s", filename, strerror(errno)); |