summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/patches/config-guess-sub.patch5
-rw-r--r--debian/patches/keepalive-extensions.patch16
-rw-r--r--debian/patches/selinux-autoconf.patch13
-rw-r--r--debian/patches/selinux-fix-chroot-directory.patch9
-rw-r--r--debian/patches/selinux-role.patch9
-rw-r--r--debian/patches/ssh-vulnkey.patch12
-rw-r--r--debian/patches/ssh1-keepalive.patch5
7 files changed, 69 insertions, 0 deletions
diff --git a/debian/patches/config-guess-sub.patch b/debian/patches/config-guess-sub.patch
index d5c016b87..b0a0ada81 100644
--- a/debian/patches/config-guess-sub.patch
+++ b/debian/patches/config-guess-sub.patch
@@ -1,3 +1,8 @@
1Description: Update config.guess and config.sub from autotools-dev 20090611.1
2From: Bradley Smith <bradsmith@debian.org>
3Bug-Debian: http://bugs.debian.org/538301
4Last-Update: 2010-02-27
5
1Index: b/config.guess 6Index: b/config.guess
2=================================================================== 7===================================================================
3--- a/config.guess 8--- a/config.guess
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index cb9c2823c..1bfc9c798 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -1,3 +1,19 @@
1Description: Various keepalive extensions
2 Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut,
3 supported in previous versions of Debian's OpenSSH package but since
4 superseded by ServerAliveInterval. (We're probably stuck with this bit for
5 compatibility.)
6 .
7 In batch mode, default ServerAliveInterval to five minutes.
8 .
9 Adjust documentation to match and to give some more advice on use of
10 keepalives.
11Author: Richard Kettlewell <rjk@greenend.org.uk>
12Author: Ian Jackson <ian@chiark.greenend.org.uk>
13Author: Matthew Vernon <matthew@debian.org>
14Author: Colin Watson <cjwatson@debian.org>
15Last-Update: 2010-02-27
16
1Index: b/readconf.c 17Index: b/readconf.c
2=================================================================== 18===================================================================
3--- a/readconf.c 19--- a/readconf.c
diff --git a/debian/patches/selinux-autoconf.patch b/debian/patches/selinux-autoconf.patch
index 934f885c8..9ac4cd435 100644
--- a/debian/patches/selinux-autoconf.patch
+++ b/debian/patches/selinux-autoconf.patch
@@ -1,3 +1,16 @@
1Description: Fix seusers detection at configure time
2 configure didn't add -lselinux to LIBS before it checked for the existence
3 of getseuserbyname and get_default_context_with_level. This resulted in
4 seusers configuration not being handled correctly. Most policies use the
5 seusers feature, and without it login security contexts will not be
6 correct.
7Author: Caleb Case <calebcase@gmail.com>
8Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1713
9Bug-Debian: http://bugs.debian.org/465614
10Bug-Ubuntu: https://bugs.launchpad.net/bugs/188136
11Reviewed-by: Colin Watson <cjwatson@debian.org>
12Last-Update: 2010-02-27
13
1Index: b/configure 14Index: b/configure
2=================================================================== 15===================================================================
3--- a/configure 16--- a/configure
diff --git a/debian/patches/selinux-fix-chroot-directory.patch b/debian/patches/selinux-fix-chroot-directory.patch
index a69ded59b..5c7c3c4a9 100644
--- a/debian/patches/selinux-fix-chroot-directory.patch
+++ b/debian/patches/selinux-fix-chroot-directory.patch
@@ -1,3 +1,12 @@
1Description: Make ChrootDirectory work with SELinux
2 After chroot() is called the SE Linux context setting won't work unless
3 /selinux and /proc are mounted in the chroot environment. Even worse, if
4 the user has control over the chroot environment then they may be able to
5 control the context that they get (I haven't verified this).
6Author: Russell Coker <russell@coker.com.au>
7Bug-Debian: http://bugs.debian.org/556644
8Last-Update: 2010-02-27
9
1Index: b/session.c 10Index: b/session.c
2=================================================================== 11===================================================================
3--- a/session.c 12--- a/session.c
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index 5e2a9ecb6..ab343b083 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -1,3 +1,12 @@
1Description: Handle SELinux authorisation roles
2 Rejected upstream due to discomfort with magic usernames; a better approach
3 will need an SSH protocol change. In the meantime, this came from Debian's
4 SELinux maintainer, so we'll keep it until we have something better.
5Author: Manoj Srivastava <srivasta@debian.org>
6Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
7Bug-Debian: http://bugs.debian.org/394795
8Last-Update: 2010-02-27
9
1Index: b/auth.h 10Index: b/auth.h
2=================================================================== 11===================================================================
3--- a/auth.h 12--- a/auth.h
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch
index 3e4e96493..b33315677 100644
--- a/debian/patches/ssh-vulnkey.patch
+++ b/debian/patches/ssh-vulnkey.patch
@@ -1,3 +1,15 @@
1Description: Reject vulnerable keys to mitigate Debian OpenSSL flaw
2 In 2008, Debian (and derived distributions such as Ubuntu) shipped an
3 OpenSSL package with a flawed random number generator, causing OpenSSH to
4 generate only a very limited set of keys which were subject to private half
5 precomputation. To mitigate this, this patch checks key authentications
6 against a blacklist of known-vulnerable keys, and adds a new ssh-vulnkey
7 program which can be used to explicitly check keys against that blacklist.
8 See CVE-2008-0166.
9Author: Colin Watson <cjwatson@ubuntu.com>
10Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469
11Last-Update: 2010-02-27
12
1Index: b/Makefile.in 13Index: b/Makefile.in
2=================================================================== 14===================================================================
3--- a/Makefile.in 15--- a/Makefile.in
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch
index 37b8052eb..c82563033 100644
--- a/debian/patches/ssh1-keepalive.patch
+++ b/debian/patches/ssh1-keepalive.patch
@@ -1,3 +1,8 @@
1Description: Partial server keep-alive implementation for SSH1
2Author: Colin Watson <cjwatson@debian.org>
3Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1712
4Last-Update: 2010-02-27
5
1Index: b/clientloop.c 6Index: b/clientloop.c
2=================================================================== 7===================================================================
3--- a/clientloop.c 8--- a/clientloop.c