1 files changed, 18 insertions, 18 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 05ea5f486..9a1b434fa 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From 0fc2ac6707abe076cd6b444f73c478eeda54b25f Mon Sep 17 00:00:00 2001
+From 19f1d075a06f4d3c9b440d7272272569d8bb0a17 Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:58 +0000
 Subject: Allow harmless group-writability
@@ -13,7 +13,7 @@ default.
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
-Last-Update: 2019-06-05
+Last-Update: 2019-10-09
 Patch-Name: user-group-modes.patch
 ---
@@ -27,10 +27,10 @@ Patch-Name: user-group-modes.patch
 7 files changed, 63 insertions(+), 13 deletions(-)
 diff --git a/auth-rhosts.c b/auth-rhosts.c
-index 57296e1f6..546aa0495 100644
+index 7a10210b6..587f53721 100644
 --- a/auth-rhosts.c
 +++ b/auth-rhosts.c
-@@ -261,8 +261,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
+@@ -260,8 +260,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
                return 0;
        }
        if (options.strict_modes &&
@@ -40,7 +40,7 @@ index 57296e1f6..546aa0495 100644
                logit("Rhosts authentication refused for %.100s: "
                    "bad ownership or modes for home directory.", pw->pw_name);
                auth_debug_add("Rhosts authentication refused for %.100s: "
-@@ -288,8 +287,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
+@@ -287,8 +286,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
                 * allowing access to their account by anyone.
                 */
                if (options.strict_modes &&
@@ -51,7 +51,7 @@ index 57296e1f6..546aa0495 100644
                            pw->pw_name, buf);
                        auth_debug_add("Bad file modes for %.200s", buf);
 diff --git a/auth.c b/auth.c
-index f7a23afba..8ffd77662 100644
+index 47c27773c..fc0c05bae 100644
 --- a/auth.c
 +++ b/auth.c
 @@ -473,8 +473,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
@@ -65,7 +65,7 @@ index f7a23afba..8ffd77662 100644
                            "bad owner or modes for %.200s",
                            pw->pw_name, user_hostfile);
 diff --git a/misc.c b/misc.c
-index 009e02bc5..634b5060a 100644
+index 88833d7ff..42eeb425a 100644
 --- a/misc.c
 +++ b/misc.c
 @@ -59,8 +59,9 @@
@@ -79,7 +79,7 @@ index 009e02bc5..634b5060a 100644
 #ifdef SSH_TUN_OPENBSD
 #include <net/if.h>
 #endif
-@@ -1103,6 +1104,55 @@ percent_expand(const char *string, ...)
+@@ -1112,6 +1113,55 @@ percent_expand(const char *string, ...)
 #undef EXPAND_MAX_KEYS
 }
 
@@ -135,7 +135,7 @@ index 009e02bc5..634b5060a 100644
 int
 tun_open(int tun, int mode, char **ifname)
 {
-@@ -1860,8 +1910,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -1869,8 +1919,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
                snprintf(err, errlen, "%s is not a regular file", buf);
                return -1;
        }
@@ -145,10 +145,10 @@ index 009e02bc5..634b5060a 100644
                snprintf(err, errlen, "bad ownership or modes for file %s",
                    buf);
                return -1;
-@@ -1876,8 +1925,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -1885,8 +1934,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
                strlcpy(buf, cp, sizeof(buf));
 
-                if (stat(buf, &st) < 0 ||
+                if (stat(buf, &st) == -1 ||
 -                   (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
 -                   (st.st_mode & 022) != 0) {
 +                   !secure_permissions(&st, uid)) {
@@ -156,10 +156,10 @@ index 009e02bc5..634b5060a 100644
                            "bad ownership or modes for directory %s", buf);
                        return -1;
 diff --git a/misc.h b/misc.h
-index 5b4325aba..a4bdee187 100644
+index bcc34f980..869895d3a 100644
 --- a/misc.h
 +++ b/misc.h
-@@ -175,6 +175,8 @@ int  safe_path_fd(int, const char *, struct passwd *,
+@@ -181,6 +181,8 @@ int opt_match(const char **opts, const char *term);
 char   *read_passphrase(const char *, int);
 int     ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
 
@@ -169,10 +169,10 @@ index 5b4325aba..a4bdee187 100644
 #define MAXIMUM(a, b)  (((a) > (b)) ? (a) : (b))
 #define ROUNDUP(x, y)   ((((x)+((y)-1))/(y))*(y))
 diff --git a/readconf.c b/readconf.c
-index 3d0b6ff90..cd60007f8 100644
+index 09787c0e5..16d2729dd 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1846,8 +1846,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
+@@ -1855,8 +1855,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
 
                if (fstat(fileno(f), &sb) == -1)
                        fatal("fstat %s: %s", filename, strerror(errno));
@@ -183,7 +183,7 @@ index 3d0b6ff90..cd60007f8 100644
        }
 
 diff --git a/ssh.1 b/ssh.1
-index a1c7d2305..64ead5f57 100644
+index 26940ad55..20e4c4efa 100644
 --- a/ssh.1
 +++ b/ssh.1
 @@ -1484,6 +1484,8 @@ The file format and configuration options are described in
@@ -196,10 +196,10 @@ index a1c7d2305..64ead5f57 100644
 .It Pa ~/.ssh/environment
 Contains additional definitions for environment variables; see
 diff --git a/ssh_config.5 b/ssh_config.5
-index 250c92d04..bd1e9311d 100644
+index bc04d8d02..2c74b57c0 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -1885,6 +1885,8 @@ The format of this file is described above.
+@@ -1907,6 +1907,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not writable by others.

diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 05ea5f486..9a1b434fa 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
1	From 0fc2ac6707abe076cd6b444f73c478eeda54b25f Mon Sep 17 00:00:00 2001	1	From 19f1d075a06f4d3c9b440d7272272569d8bb0a17 Mon Sep 17 00:00:00 2001
2	From: Colin Watson <cjwatson@debian.org>	2	From: Colin Watson <cjwatson@debian.org>
3	Date: Sun, 9 Feb 2014 16:09:58 +0000	3	Date: Sun, 9 Feb 2014 16:09:58 +0000
4	Subject: Allow harmless group-writability	4	Subject: Allow harmless group-writability
@@ -13,7 +13,7 @@ default.
13		13
14	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060	14	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
15	Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347	15	Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
16	Last-Update: 2019-06-05	16	Last-Update: 2019-10-09
17		17
18	Patch-Name: user-group-modes.patch	18	Patch-Name: user-group-modes.patch
19	---	19	---
@@ -27,10 +27,10 @@ Patch-Name: user-group-modes.patch
27	7 files changed, 63 insertions(+), 13 deletions(-)	27	7 files changed, 63 insertions(+), 13 deletions(-)
28		28
29	diff --git a/auth-rhosts.c b/auth-rhosts.c	29	diff --git a/auth-rhosts.c b/auth-rhosts.c
30	index 57296e1f6..546aa0495 100644	30	index 7a10210b6..587f53721 100644
31	--- a/auth-rhosts.c	31	--- a/auth-rhosts.c
32	+++ b/auth-rhosts.c	32	+++ b/auth-rhosts.c
33	@@ -261,8 +261,7 @@ auth_rhosts2(struct passwd pw, const char client_user, const char *hostname,	33	@@ -260,8 +260,7 @@ auth_rhosts2(struct passwd pw, const char client_user, const char *hostname,
34	return 0;	34	return 0;
35	}	35	}
36	if (options.strict_modes &&	36	if (options.strict_modes &&
@@ -40,7 +40,7 @@ index 57296e1f6..546aa0495 100644
40	logit("Rhosts authentication refused for %.100s: "	40	logit("Rhosts authentication refused for %.100s: "
41	"bad ownership or modes for home directory.", pw->pw_name);	41	"bad ownership or modes for home directory.", pw->pw_name);
42	auth_debug_add("Rhosts authentication refused for %.100s: "	42	auth_debug_add("Rhosts authentication refused for %.100s: "
43	@@ -288,8 +287,7 @@ auth_rhosts2(struct passwd pw, const char client_user, const char *hostname,	43	@@ -287,8 +286,7 @@ auth_rhosts2(struct passwd pw, const char client_user, const char *hostname,
44	* allowing access to their account by anyone.	44	* allowing access to their account by anyone.
45	*/	45	*/
46	if (options.strict_modes &&	46	if (options.strict_modes &&
@@ -51,7 +51,7 @@ index 57296e1f6..546aa0495 100644
51	pw->pw_name, buf);	51	pw->pw_name, buf);
52	auth_debug_add("Bad file modes for %.200s", buf);	52	auth_debug_add("Bad file modes for %.200s", buf);
53	diff --git a/auth.c b/auth.c	53	diff --git a/auth.c b/auth.c
54	index f7a23afba..8ffd77662 100644	54	index 47c27773c..fc0c05bae 100644
55	--- a/auth.c	55	--- a/auth.c
56	+++ b/auth.c	56	+++ b/auth.c
57	@@ -473,8 +473,7 @@ check_key_in_hostfiles(struct passwd pw, struct sshkey key, const char *host,	57	@@ -473,8 +473,7 @@ check_key_in_hostfiles(struct passwd pw, struct sshkey key, const char *host,
@@ -65,7 +65,7 @@ index f7a23afba..8ffd77662 100644
65	"bad owner or modes for %.200s",	65	"bad owner or modes for %.200s",
66	pw->pw_name, user_hostfile);	66	pw->pw_name, user_hostfile);
67	diff --git a/misc.c b/misc.c	67	diff --git a/misc.c b/misc.c
68	index 009e02bc5..634b5060a 100644	68	index 88833d7ff..42eeb425a 100644
69	--- a/misc.c	69	--- a/misc.c
70	+++ b/misc.c	70	+++ b/misc.c
71	@@ -59,8 +59,9 @@	71	@@ -59,8 +59,9 @@
@@ -79,7 +79,7 @@ index 009e02bc5..634b5060a 100644
79	#ifdef SSH_TUN_OPENBSD	79	#ifdef SSH_TUN_OPENBSD
80	#include <net/if.h>	80	#include <net/if.h>
81	#endif	81	#endif
82	@@ -1103,6 +1104,55 @@ percent_expand(const char *string, ...)	82	@@ -1112,6 +1113,55 @@ percent_expand(const char *string, ...)
83	#undef EXPAND_MAX_KEYS	83	#undef EXPAND_MAX_KEYS
84	}	84	}
85		85
@@ -135,7 +135,7 @@ index 009e02bc5..634b5060a 100644
135	int	135	int
136	tun_open(int tun, int mode, char **ifname)	136	tun_open(int tun, int mode, char **ifname)
137	{	137	{
138	@@ -1860,8 +1910,7 @@ safe_path(const char name, struct stat stp, const char *pw_dir,	138	@@ -1869,8 +1919,7 @@ safe_path(const char name, struct stat stp, const char *pw_dir,
139	snprintf(err, errlen, "%s is not a regular file", buf);	139	snprintf(err, errlen, "%s is not a regular file", buf);
140	return -1;	140	return -1;
141	}	141	}
@@ -145,10 +145,10 @@ index 009e02bc5..634b5060a 100644
145	snprintf(err, errlen, "bad ownership or modes for file %s",	145	snprintf(err, errlen, "bad ownership or modes for file %s",
146	buf);	146	buf);
147	return -1;	147	return -1;
148	@@ -1876,8 +1925,7 @@ safe_path(const char name, struct stat stp, const char *pw_dir,	148	@@ -1885,8 +1934,7 @@ safe_path(const char name, struct stat stp, const char *pw_dir,
149	strlcpy(buf, cp, sizeof(buf));	149	strlcpy(buf, cp, sizeof(buf));
150		150
151	if (stat(buf, &st) < 0 \|\|	151	if (stat(buf, &st) == -1 \|\|
152	- (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) \|\|	152	- (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) \|\|
153	- (st.st_mode & 022) != 0) {	153	- (st.st_mode & 022) != 0) {
154	+ !secure_permissions(&st, uid)) {	154	+ !secure_permissions(&st, uid)) {
@@ -156,10 +156,10 @@ index 009e02bc5..634b5060a 100644
156	"bad ownership or modes for directory %s", buf);	156	"bad ownership or modes for directory %s", buf);
157	return -1;	157	return -1;
158	diff --git a/misc.h b/misc.h	158	diff --git a/misc.h b/misc.h
159	index 5b4325aba..a4bdee187 100644	159	index bcc34f980..869895d3a 100644
160	--- a/misc.h	160	--- a/misc.h
161	+++ b/misc.h	161	+++ b/misc.h
162	@@ -175,6 +175,8 @@ int safe_path_fd(int, const char , struct passwd ,	162	@@ -181,6 +181,8 @@ int opt_match(const char *opts, const char term);
163	char read_passphrase(const char , int);	163	char read_passphrase(const char , int);
164	int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));	164	int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
165		165
@@ -169,10 +169,10 @@ index 5b4325aba..a4bdee187 100644
169	#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))	169	#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
170	#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y))	170	#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y))
171	diff --git a/readconf.c b/readconf.c	171	diff --git a/readconf.c b/readconf.c
172	index 3d0b6ff90..cd60007f8 100644	172	index 09787c0e5..16d2729dd 100644
173	--- a/readconf.c	173	--- a/readconf.c
174	+++ b/readconf.c	174	+++ b/readconf.c
175	@@ -1846,8 +1846,7 @@ read_config_file_depth(const char filename, struct passwd pw,	175	@@ -1855,8 +1855,7 @@ read_config_file_depth(const char filename, struct passwd pw,
176		176
177	if (fstat(fileno(f), &sb) == -1)	177	if (fstat(fileno(f), &sb) == -1)
178	fatal("fstat %s: %s", filename, strerror(errno));	178	fatal("fstat %s: %s", filename, strerror(errno));
@@ -183,7 +183,7 @@ index 3d0b6ff90..cd60007f8 100644
183	}	183	}
184		184
185	diff --git a/ssh.1 b/ssh.1	185	diff --git a/ssh.1 b/ssh.1
186	index a1c7d2305..64ead5f57 100644	186	index 26940ad55..20e4c4efa 100644
187	--- a/ssh.1	187	--- a/ssh.1
188	+++ b/ssh.1	188	+++ b/ssh.1
189	@@ -1484,6 +1484,8 @@ The file format and configuration options are described in	189	@@ -1484,6 +1484,8 @@ The file format and configuration options are described in
@@ -196,10 +196,10 @@ index a1c7d2305..64ead5f57 100644
196	.It Pa ~/.ssh/environment	196	.It Pa ~/.ssh/environment
197	Contains additional definitions for environment variables; see	197	Contains additional definitions for environment variables; see
198	diff --git a/ssh_config.5 b/ssh_config.5	198	diff --git a/ssh_config.5 b/ssh_config.5
199	index 250c92d04..bd1e9311d 100644	199	index bc04d8d02..2c74b57c0 100644
200	--- a/ssh_config.5	200	--- a/ssh_config.5
201	+++ b/ssh_config.5	201	+++ b/ssh_config.5
202	@@ -1885,6 +1885,8 @@ The format of this file is described above.	202	@@ -1907,6 +1907,8 @@ The format of this file is described above.
203	This file is used by the SSH client.	203	This file is used by the SSH client.
204	Because of the potential for abuse, this file must have strict permissions:	204	Because of the potential for abuse, this file must have strict permissions:
205	read/write for the user, and not writable by others.	205	read/write for the user, and not writable by others.