diff options
Diffstat (limited to 'debian/patches/user-group-modes.patch')
-rw-r--r-- | debian/patches/user-group-modes.patch | 53 |
1 files changed, 22 insertions, 31 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index c64e141f8..3bd2fd91f 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From bf0d87583a842b9e8aaf2a9cd9dbc3e976df2af4 Mon Sep 17 00:00:00 2001 | 1 | From 563974a78e937c4844e1198b5f6d79b8b2b5c600 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:09:58 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:58 +0000 |
4 | Subject: Allow harmless group-writability | 4 | Subject: Allow harmless group-writability |
@@ -22,16 +22,16 @@ Patch-Name: user-group-modes.patch | |||
22 | misc.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- | 22 | misc.c | 69 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- |
23 | misc.h | 2 ++ | 23 | misc.h | 2 ++ |
24 | platform.c | 16 -------------- | 24 | platform.c | 16 -------------- |
25 | readconf.c | 5 +++-- | 25 | readconf.c | 3 +-- |
26 | ssh.1 | 2 ++ | 26 | ssh.1 | 2 ++ |
27 | ssh_config.5 | 2 ++ | 27 | ssh_config.5 | 2 ++ |
28 | 8 files changed, 82 insertions(+), 29 deletions(-) | 28 | 8 files changed, 80 insertions(+), 29 deletions(-) |
29 | 29 | ||
30 | diff --git a/auth-rhosts.c b/auth-rhosts.c | 30 | diff --git a/auth-rhosts.c b/auth-rhosts.c |
31 | index ee9e827..2ff2cff 100644 | 31 | index 0ef3447..c17c13c 100644 |
32 | --- a/auth-rhosts.c | 32 | --- a/auth-rhosts.c |
33 | +++ b/auth-rhosts.c | 33 | +++ b/auth-rhosts.c |
34 | @@ -271,8 +271,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam | 34 | @@ -273,8 +273,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam |
35 | return 0; | 35 | return 0; |
36 | } | 36 | } |
37 | if (options.strict_modes && | 37 | if (options.strict_modes && |
@@ -41,7 +41,7 @@ index ee9e827..2ff2cff 100644 | |||
41 | logit("Rhosts authentication refused for %.100s: " | 41 | logit("Rhosts authentication refused for %.100s: " |
42 | "bad ownership or modes for home directory.", pw->pw_name); | 42 | "bad ownership or modes for home directory.", pw->pw_name); |
43 | auth_debug_add("Rhosts authentication refused for %.100s: " | 43 | auth_debug_add("Rhosts authentication refused for %.100s: " |
44 | @@ -298,8 +297,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam | 44 | @@ -300,8 +299,7 @@ auth_rhosts2_raw(struct passwd *pw, const char *client_user, const char *hostnam |
45 | * allowing access to their account by anyone. | 45 | * allowing access to their account by anyone. |
46 | */ | 46 | */ |
47 | if (options.strict_modes && | 47 | if (options.strict_modes && |
@@ -52,10 +52,10 @@ index ee9e827..2ff2cff 100644 | |||
52 | pw->pw_name, buf); | 52 | pw->pw_name, buf); |
53 | auth_debug_add("Bad file modes for %.200s", buf); | 53 | auth_debug_add("Bad file modes for %.200s", buf); |
54 | diff --git a/auth.c b/auth.c | 54 | diff --git a/auth.c b/auth.c |
55 | index bd6a026..782b7f8 100644 | 55 | index f56dcc6..3f8b348 100644 |
56 | --- a/auth.c | 56 | --- a/auth.c |
57 | +++ b/auth.c | 57 | +++ b/auth.c |
58 | @@ -425,8 +425,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, | 58 | @@ -435,8 +435,7 @@ check_key_in_hostfiles(struct passwd *pw, Key *key, const char *host, |
59 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); | 59 | user_hostfile = tilde_expand_filename(userfile, pw->pw_uid); |
60 | if (options.strict_modes && | 60 | if (options.strict_modes && |
61 | (stat(user_hostfile, &st) == 0) && | 61 | (stat(user_hostfile, &st) == 0) && |
@@ -65,7 +65,7 @@ index bd6a026..782b7f8 100644 | |||
65 | logit("Authentication refused for %.100s: " | 65 | logit("Authentication refused for %.100s: " |
66 | "bad owner or modes for %.200s", | 66 | "bad owner or modes for %.200s", |
67 | pw->pw_name, user_hostfile); | 67 | pw->pw_name, user_hostfile); |
68 | @@ -488,8 +487,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, | 68 | @@ -498,8 +497,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, |
69 | snprintf(err, errlen, "%s is not a regular file", buf); | 69 | snprintf(err, errlen, "%s is not a regular file", buf); |
70 | return -1; | 70 | return -1; |
71 | } | 71 | } |
@@ -75,7 +75,7 @@ index bd6a026..782b7f8 100644 | |||
75 | snprintf(err, errlen, "bad ownership or modes for file %s", | 75 | snprintf(err, errlen, "bad ownership or modes for file %s", |
76 | buf); | 76 | buf); |
77 | return -1; | 77 | return -1; |
78 | @@ -504,8 +502,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, | 78 | @@ -514,8 +512,7 @@ auth_secure_path(const char *name, struct stat *stp, const char *pw_dir, |
79 | strlcpy(buf, cp, sizeof(buf)); | 79 | strlcpy(buf, cp, sizeof(buf)); |
80 | 80 | ||
81 | if (stat(buf, &st) < 0 || | 81 | if (stat(buf, &st) < 0 || |
@@ -86,7 +86,7 @@ index bd6a026..782b7f8 100644 | |||
86 | "bad ownership or modes for directory %s", buf); | 86 | "bad ownership or modes for directory %s", buf); |
87 | return -1; | 87 | return -1; |
88 | diff --git a/misc.c b/misc.c | 88 | diff --git a/misc.c b/misc.c |
89 | index de7e1fa..5704fa6 100644 | 89 | index 9421b4d..68efb2b 100644 |
90 | --- a/misc.c | 90 | --- a/misc.c |
91 | +++ b/misc.c | 91 | +++ b/misc.c |
92 | @@ -51,8 +51,9 @@ | 92 | @@ -51,8 +51,9 @@ |
@@ -108,7 +108,7 @@ index de7e1fa..5704fa6 100644 | |||
108 | 108 | ||
109 | /* remove newline at end of string */ | 109 | /* remove newline at end of string */ |
110 | char * | 110 | char * |
111 | @@ -647,6 +649,71 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, | 111 | @@ -708,6 +710,71 @@ read_keyfile_line(FILE *f, const char *filename, char *buf, size_t bufsz, |
112 | return -1; | 112 | return -1; |
113 | } | 113 | } |
114 | 114 | ||
@@ -181,10 +181,10 @@ index de7e1fa..5704fa6 100644 | |||
181 | tun_open(int tun, int mode) | 181 | tun_open(int tun, int mode) |
182 | { | 182 | { |
183 | diff --git a/misc.h b/misc.h | 183 | diff --git a/misc.h b/misc.h |
184 | index 374c33c..89e1f75 100644 | 184 | index 7c76a6a..42cd95e 100644 |
185 | --- a/misc.h | 185 | --- a/misc.h |
186 | +++ b/misc.h | 186 | +++ b/misc.h |
187 | @@ -135,4 +135,6 @@ char *read_passphrase(const char *, int); | 187 | @@ -139,4 +139,6 @@ char *read_passphrase(const char *, int); |
188 | int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); | 188 | int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); |
189 | int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); | 189 | int read_keyfile_line(FILE *, const char *, char *, size_t, u_long *); |
190 | 190 | ||
@@ -192,10 +192,10 @@ index 374c33c..89e1f75 100644 | |||
192 | + | 192 | + |
193 | #endif /* _MISC_H */ | 193 | #endif /* _MISC_H */ |
194 | diff --git a/platform.c b/platform.c | 194 | diff --git a/platform.c b/platform.c |
195 | index f35ec39..9a23e6e 100644 | 195 | index 4831706..2ce4dbf 100644 |
196 | --- a/platform.c | 196 | --- a/platform.c |
197 | +++ b/platform.c | 197 | +++ b/platform.c |
198 | @@ -197,19 +197,3 @@ platform_krb5_get_principal_name(const char *pw_name) | 198 | @@ -199,19 +199,3 @@ platform_krb5_get_principal_name(const char *pw_name) |
199 | return NULL; | 199 | return NULL; |
200 | #endif | 200 | #endif |
201 | } | 201 | } |
@@ -216,19 +216,10 @@ index f35ec39..9a23e6e 100644 | |||
216 | - return 0; | 216 | - return 0; |
217 | -} | 217 | -} |
218 | diff --git a/readconf.c b/readconf.c | 218 | diff --git a/readconf.c b/readconf.c |
219 | index fde6b41..cc1a633 100644 | 219 | index 3a6c67b..f6b4c8f 100644 |
220 | --- a/readconf.c | 220 | --- a/readconf.c |
221 | +++ b/readconf.c | 221 | +++ b/readconf.c |
222 | @@ -39,6 +39,8 @@ | 222 | @@ -1753,8 +1753,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, |
223 | #include <stdio.h> | ||
224 | #include <string.h> | ||
225 | #include <unistd.h> | ||
226 | +#include <pwd.h> | ||
227 | +#include <grp.h> | ||
228 | #ifdef HAVE_UTIL_H | ||
229 | #include <util.h> | ||
230 | #endif | ||
231 | @@ -1626,8 +1628,7 @@ read_config_file(const char *filename, struct passwd *pw, const char *host, | ||
232 | 223 | ||
233 | if (fstat(fileno(f), &sb) == -1) | 224 | if (fstat(fileno(f), &sb) == -1) |
234 | fatal("fstat %s: %s", filename, strerror(errno)); | 225 | fatal("fstat %s: %s", filename, strerror(errno)); |
@@ -239,10 +230,10 @@ index fde6b41..cc1a633 100644 | |||
239 | } | 230 | } |
240 | 231 | ||
241 | diff --git a/ssh.1 b/ssh.1 | 232 | diff --git a/ssh.1 b/ssh.1 |
242 | index cc53343..feb0e89 100644 | 233 | index 4011c65..feef81a 100644 |
243 | --- a/ssh.1 | 234 | --- a/ssh.1 |
244 | +++ b/ssh.1 | 235 | +++ b/ssh.1 |
245 | @@ -1459,6 +1459,8 @@ The file format and configuration options are described in | 236 | @@ -1484,6 +1484,8 @@ The file format and configuration options are described in |
246 | .Xr ssh_config 5 . | 237 | .Xr ssh_config 5 . |
247 | Because of the potential for abuse, this file must have strict permissions: | 238 | Because of the potential for abuse, this file must have strict permissions: |
248 | read/write for the user, and not writable by others. | 239 | read/write for the user, and not writable by others. |
@@ -252,10 +243,10 @@ index cc53343..feb0e89 100644 | |||
252 | .It Pa ~/.ssh/environment | 243 | .It Pa ~/.ssh/environment |
253 | Contains additional definitions for environment variables; see | 244 | Contains additional definitions for environment variables; see |
254 | diff --git a/ssh_config.5 b/ssh_config.5 | 245 | diff --git a/ssh_config.5 b/ssh_config.5 |
255 | index bbf638b..ab8f271 100644 | 246 | index efc265a..5dd26bc 100644 |
256 | --- a/ssh_config.5 | 247 | --- a/ssh_config.5 |
257 | +++ b/ssh_config.5 | 248 | +++ b/ssh_config.5 |
258 | @@ -1830,6 +1830,8 @@ The format of this file is described above. | 249 | @@ -1903,6 +1903,8 @@ The format of this file is described above. |
259 | This file is used by the SSH client. | 250 | This file is used by the SSH client. |
260 | Because of the potential for abuse, this file must have strict permissions: | 251 | Because of the potential for abuse, this file must have strict permissions: |
261 | read/write for the user, and not accessible by others. | 252 | read/write for the user, and not accessible by others. |