1 files changed, 45 insertions, 32 deletions
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index d005bdc2e..e706b4a02 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -1,30 +1,43 @@
-Description: Various Debian-specific configuration changes
+From bb5616c94d6d6b97890e90dd01a7ad07c663dc0b Mon Sep 17 00:00:00 2001
- ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
+From: Colin Watson <cjwatson@debian.org>
- fewer problems with existing setups (http://bugs.debian.org/237021).
+Date: Sun, 9 Feb 2014 16:10:18 +0000
- .
+Subject: Various Debian-specific configuration changes
- ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
- .
+ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
- ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
+fewer problems with existing setups (http://bugs.debian.org/237021).
- worms.
- .
+ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
- ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
- default.
+ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
- .
+worms.
- sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside
- PermitRootLogin default.
+ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
- .
+default.
- Document all of this, along with several sshd defaults set in
- debian/openssh-server.postinst.
+sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside
-Author: Colin Watson <cjwatson@debian.org>
+PermitRootLogin default.
+Document all of this, along with several sshd defaults set in
+debian/openssh-server.postinst.
 Author: Russ Allbery <rra@debian.org>
 Forwarded: not-needed
 Last-Update: 2013-09-14
-Index: b/readconf.c
+Patch-Name: debian-config.patch
-===================================================================
+---
+ readconf.c    |  2 +-
+ ssh_config    |  7 ++++++-
+ ssh_config.5  | 19 ++++++++++++++++++-
+ sshd_config   |  1 +
+ sshd_config.5 | 27 +++++++++++++++++++++++++++
+ 5 files changed, 53 insertions(+), 3 deletions(-)
+diff --git a/readconf.c b/readconf.c
+index 389de7d..2778176 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1298,7 +1298,7 @@
+@@ -1298,7 +1298,7 @@ fill_default_options(Options * options)
        if (options->forward_x11 == -1)
                options->forward_x11 = 0;
        if (options->forward_x11_trusted == -1)
@@ -33,8 +46,8 @@ Index: b/readconf.c
        if (options->forward_x11_timeout == -1)
                options->forward_x11_timeout = 1200;
        if (options->exit_on_forward_failure == -1)
-Index: b/ssh_config
+diff --git a/ssh_config b/ssh_config
-===================================================================
+index 3234321..064b593 100644
 --- a/ssh_config
 +++ b/ssh_config
 @@ -17,9 +17,10 @@
@@ -57,11 +70,11 @@ Index: b/ssh_config
 +    HashKnownHosts yes
 +    GSSAPIAuthentication yes
 +    GSSAPIDelegateCredentials no
-Index: b/ssh_config.5
+diff --git a/ssh_config.5 b/ssh_config.5
-===================================================================
+index 5bca932..127540a 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -71,6 +71,22 @@
+@@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more
 host-specific declarations should be given near the beginning of the
 file, and general defaults at the end.
 .Pp
@@ -84,7 +97,7 @@ Index: b/ssh_config.5
 The configuration file has the following format:
 .Pp
 Empty lines and lines starting with
-@@ -501,7 +517,8 @@
+@@ -501,7 +517,8 @@ token used for the session will be set to expire after 20 minutes.
 Remote clients will be refused access after this time.
 .Pp
 The default is
@@ -94,8 +107,8 @@ Index: b/ssh_config.5
 .Pp
 See the X11 SECURITY extension specification for full details on
 the restrictions imposed on untrusted clients.
-Index: b/sshd_config
+diff --git a/sshd_config b/sshd_config
-===================================================================
+index 9450141..9cfe28d 100644
 --- a/sshd_config
 +++ b/sshd_config
 @@ -40,6 +40,7 @@
@@ -106,11 +119,11 @@ Index: b/sshd_config
 #PermitRootLogin yes
 #StrictModes yes
 #MaxAuthTries 6
-Index: b/sshd_config.5
+diff --git a/sshd_config.5 b/sshd_config.5
-===================================================================
+index ec4851a..faf93fc 100644
 --- a/sshd_config.5
 +++ b/sshd_config.5
-@@ -57,6 +57,33 @@
+@@ -57,6 +57,33 @@ Arguments may optionally be enclosed in double quotes
 .Pq \&"
 in order to represent arguments containing spaces.
 .Pp

diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index d005bdc2e..e706b4a02 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch
@@ -1,30 +1,43 @@
1	Description: Various Debian-specific configuration changes	1	From bb5616c94d6d6b97890e90dd01a7ad07c663dc0b Mon Sep 17 00:00:00 2001
2	ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause	2	From: Colin Watson <cjwatson@debian.org>
3	fewer problems with existing setups (http://bugs.debian.org/237021).	3	Date: Sun, 9 Feb 2014 16:10:18 +0000
4	.	4	Subject: Various Debian-specific configuration changes
5	ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).	5
6	.	6	ssh: Enable ForwardX11Trusted, returning to earlier semantics which cause
7	ssh: Enable HashKnownHosts by default to try to limit the spread of ssh	7	fewer problems with existing setups (http://bugs.debian.org/237021).
8	worms.	8
9	.	9	ssh: Set 'SendEnv LANG LC_*' by default (http://bugs.debian.org/264024).
10	ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by	10
11	default.	11	ssh: Enable HashKnownHosts by default to try to limit the spread of ssh
12	.	12	worms.
13	sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside	13
14	PermitRootLogin default.	14	ssh: Enable GSSAPIAuthentication and disable GSSAPIDelegateCredentials by
15	.	15	default.
16	Document all of this, along with several sshd defaults set in	16
17	debian/openssh-server.postinst.	17	sshd: Refer to /usr/share/doc/openssh-server/README.Debian.gz alongside
18	Author: Colin Watson <cjwatson@debian.org>	18	PermitRootLogin default.
		19
		20	Document all of this, along with several sshd defaults set in
		21	debian/openssh-server.postinst.
		22
19	Author: Russ Allbery <rra@debian.org>	23	Author: Russ Allbery <rra@debian.org>
20	Forwarded: not-needed	24	Forwarded: not-needed
21	Last-Update: 2013-09-14	25	Last-Update: 2013-09-14
22		26
23	Index: b/readconf.c	27	Patch-Name: debian-config.patch
24	===================================================================	28	---
		29	readconf.c \| 2 +-
		30	ssh_config \| 7 ++++++-
		31	ssh_config.5 \| 19 ++++++++++++++++++-
		32	sshd_config \| 1 +
		33	sshd_config.5 \| 27 +++++++++++++++++++++++++++
		34	5 files changed, 53 insertions(+), 3 deletions(-)
		35
		36	diff --git a/readconf.c b/readconf.c
		37	index 389de7d..2778176 100644
25	--- a/readconf.c	38	--- a/readconf.c
26	+++ b/readconf.c	39	+++ b/readconf.c
27	@@ -1298,7 +1298,7 @@	40	@@ -1298,7 +1298,7 @@ fill_default_options(Options * options)
28	if (options->forward_x11 == -1)	41	if (options->forward_x11 == -1)
29	options->forward_x11 = 0;	42	options->forward_x11 = 0;
30	if (options->forward_x11_trusted == -1)	43	if (options->forward_x11_trusted == -1)
@@ -33,8 +46,8 @@ Index: b/readconf.c
33	if (options->forward_x11_timeout == -1)	46	if (options->forward_x11_timeout == -1)
34	options->forward_x11_timeout = 1200;	47	options->forward_x11_timeout = 1200;
35	if (options->exit_on_forward_failure == -1)	48	if (options->exit_on_forward_failure == -1)
36	Index: b/ssh_config	49	diff --git a/ssh_config b/ssh_config
37	===================================================================	50	index 3234321..064b593 100644
38	--- a/ssh_config	51	--- a/ssh_config
39	+++ b/ssh_config	52	+++ b/ssh_config
40	@@ -17,9 +17,10 @@	53	@@ -17,9 +17,10 @@
@@ -57,11 +70,11 @@ Index: b/ssh_config
57	+ HashKnownHosts yes	70	+ HashKnownHosts yes
58	+ GSSAPIAuthentication yes	71	+ GSSAPIAuthentication yes
59	+ GSSAPIDelegateCredentials no	72	+ GSSAPIDelegateCredentials no
60	Index: b/ssh_config.5	73	diff --git a/ssh_config.5 b/ssh_config.5
61	===================================================================	74	index 5bca932..127540a 100644
62	--- a/ssh_config.5	75	--- a/ssh_config.5
63	+++ b/ssh_config.5	76	+++ b/ssh_config.5
64	@@ -71,6 +71,22 @@	77	@@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more
65	host-specific declarations should be given near the beginning of the	78	host-specific declarations should be given near the beginning of the
66	file, and general defaults at the end.	79	file, and general defaults at the end.
67	.Pp	80	.Pp
@@ -84,7 +97,7 @@ Index: b/ssh_config.5
84	The configuration file has the following format:	97	The configuration file has the following format:
85	.Pp	98	.Pp
86	Empty lines and lines starting with	99	Empty lines and lines starting with
87	@@ -501,7 +517,8 @@	100	@@ -501,7 +517,8 @@ token used for the session will be set to expire after 20 minutes.
88	Remote clients will be refused access after this time.	101	Remote clients will be refused access after this time.
89	.Pp	102	.Pp
90	The default is	103	The default is
@@ -94,8 +107,8 @@ Index: b/ssh_config.5
94	.Pp	107	.Pp
95	See the X11 SECURITY extension specification for full details on	108	See the X11 SECURITY extension specification for full details on
96	the restrictions imposed on untrusted clients.	109	the restrictions imposed on untrusted clients.
97	Index: b/sshd_config	110	diff --git a/sshd_config b/sshd_config
98	===================================================================	111	index 9450141..9cfe28d 100644
99	--- a/sshd_config	112	--- a/sshd_config
100	+++ b/sshd_config	113	+++ b/sshd_config
101	@@ -40,6 +40,7 @@	114	@@ -40,6 +40,7 @@
@@ -106,11 +119,11 @@ Index: b/sshd_config
106	#PermitRootLogin yes	119	#PermitRootLogin yes
107	#StrictModes yes	120	#StrictModes yes
108	#MaxAuthTries 6	121	#MaxAuthTries 6
109	Index: b/sshd_config.5	122	diff --git a/sshd_config.5 b/sshd_config.5
110	===================================================================	123	index ec4851a..faf93fc 100644
111	--- a/sshd_config.5	124	--- a/sshd_config.5
112	+++ b/sshd_config.5	125	+++ b/sshd_config.5
113	@@ -57,6 +57,33 @@	126	@@ -57,6 +57,33 @@ Arguments may optionally be enclosed in double quotes
114	.Pq \&"	127	.Pq \&"
115	in order to represent arguments containing spaces.	128	in order to represent arguments containing spaces.
116	.Pp	129	.Pp