summaryrefslogtreecommitdiff
path: root/debian/patches/user-group-modes.patch
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches/user-group-modes.patch')
-rw-r--r--debian/patches/user-group-modes.patch36
1 files changed, 18 insertions, 18 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 05ea5f486..9a1b434fa 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
1From 0fc2ac6707abe076cd6b444f73c478eeda54b25f Mon Sep 17 00:00:00 2001 1From 19f1d075a06f4d3c9b440d7272272569d8bb0a17 Mon Sep 17 00:00:00 2001
2From: Colin Watson <cjwatson@debian.org> 2From: Colin Watson <cjwatson@debian.org>
3Date: Sun, 9 Feb 2014 16:09:58 +0000 3Date: Sun, 9 Feb 2014 16:09:58 +0000
4Subject: Allow harmless group-writability 4Subject: Allow harmless group-writability
@@ -13,7 +13,7 @@ default.
13 13
14Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060 14Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
15Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347 15Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
16Last-Update: 2019-06-05 16Last-Update: 2019-10-09
17 17
18Patch-Name: user-group-modes.patch 18Patch-Name: user-group-modes.patch
19--- 19---
@@ -27,10 +27,10 @@ Patch-Name: user-group-modes.patch
27 7 files changed, 63 insertions(+), 13 deletions(-) 27 7 files changed, 63 insertions(+), 13 deletions(-)
28 28
29diff --git a/auth-rhosts.c b/auth-rhosts.c 29diff --git a/auth-rhosts.c b/auth-rhosts.c
30index 57296e1f6..546aa0495 100644 30index 7a10210b6..587f53721 100644
31--- a/auth-rhosts.c 31--- a/auth-rhosts.c
32+++ b/auth-rhosts.c 32+++ b/auth-rhosts.c
33@@ -261,8 +261,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, 33@@ -260,8 +260,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
34 return 0; 34 return 0;
35 } 35 }
36 if (options.strict_modes && 36 if (options.strict_modes &&
@@ -40,7 +40,7 @@ index 57296e1f6..546aa0495 100644
40 logit("Rhosts authentication refused for %.100s: " 40 logit("Rhosts authentication refused for %.100s: "
41 "bad ownership or modes for home directory.", pw->pw_name); 41 "bad ownership or modes for home directory.", pw->pw_name);
42 auth_debug_add("Rhosts authentication refused for %.100s: " 42 auth_debug_add("Rhosts authentication refused for %.100s: "
43@@ -288,8 +287,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname, 43@@ -287,8 +286,7 @@ auth_rhosts2(struct passwd *pw, const char *client_user, const char *hostname,
44 * allowing access to their account by anyone. 44 * allowing access to their account by anyone.
45 */ 45 */
46 if (options.strict_modes && 46 if (options.strict_modes &&
@@ -51,7 +51,7 @@ index 57296e1f6..546aa0495 100644
51 pw->pw_name, buf); 51 pw->pw_name, buf);
52 auth_debug_add("Bad file modes for %.200s", buf); 52 auth_debug_add("Bad file modes for %.200s", buf);
53diff --git a/auth.c b/auth.c 53diff --git a/auth.c b/auth.c
54index f7a23afba..8ffd77662 100644 54index 47c27773c..fc0c05bae 100644
55--- a/auth.c 55--- a/auth.c
56+++ b/auth.c 56+++ b/auth.c
57@@ -473,8 +473,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, 57@@ -473,8 +473,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
@@ -65,7 +65,7 @@ index f7a23afba..8ffd77662 100644
65 "bad owner or modes for %.200s", 65 "bad owner or modes for %.200s",
66 pw->pw_name, user_hostfile); 66 pw->pw_name, user_hostfile);
67diff --git a/misc.c b/misc.c 67diff --git a/misc.c b/misc.c
68index 009e02bc5..634b5060a 100644 68index 88833d7ff..42eeb425a 100644
69--- a/misc.c 69--- a/misc.c
70+++ b/misc.c 70+++ b/misc.c
71@@ -59,8 +59,9 @@ 71@@ -59,8 +59,9 @@
@@ -79,7 +79,7 @@ index 009e02bc5..634b5060a 100644
79 #ifdef SSH_TUN_OPENBSD 79 #ifdef SSH_TUN_OPENBSD
80 #include <net/if.h> 80 #include <net/if.h>
81 #endif 81 #endif
82@@ -1103,6 +1104,55 @@ percent_expand(const char *string, ...) 82@@ -1112,6 +1113,55 @@ percent_expand(const char *string, ...)
83 #undef EXPAND_MAX_KEYS 83 #undef EXPAND_MAX_KEYS
84 } 84 }
85 85
@@ -135,7 +135,7 @@ index 009e02bc5..634b5060a 100644
135 int 135 int
136 tun_open(int tun, int mode, char **ifname) 136 tun_open(int tun, int mode, char **ifname)
137 { 137 {
138@@ -1860,8 +1910,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, 138@@ -1869,8 +1919,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
139 snprintf(err, errlen, "%s is not a regular file", buf); 139 snprintf(err, errlen, "%s is not a regular file", buf);
140 return -1; 140 return -1;
141 } 141 }
@@ -145,10 +145,10 @@ index 009e02bc5..634b5060a 100644
145 snprintf(err, errlen, "bad ownership or modes for file %s", 145 snprintf(err, errlen, "bad ownership or modes for file %s",
146 buf); 146 buf);
147 return -1; 147 return -1;
148@@ -1876,8 +1925,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, 148@@ -1885,8 +1934,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
149 strlcpy(buf, cp, sizeof(buf)); 149 strlcpy(buf, cp, sizeof(buf));
150 150
151 if (stat(buf, &st) < 0 || 151 if (stat(buf, &st) == -1 ||
152- (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) || 152- (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
153- (st.st_mode & 022) != 0) { 153- (st.st_mode & 022) != 0) {
154+ !secure_permissions(&st, uid)) { 154+ !secure_permissions(&st, uid)) {
@@ -156,10 +156,10 @@ index 009e02bc5..634b5060a 100644
156 "bad ownership or modes for directory %s", buf); 156 "bad ownership or modes for directory %s", buf);
157 return -1; 157 return -1;
158diff --git a/misc.h b/misc.h 158diff --git a/misc.h b/misc.h
159index 5b4325aba..a4bdee187 100644 159index bcc34f980..869895d3a 100644
160--- a/misc.h 160--- a/misc.h
161+++ b/misc.h 161+++ b/misc.h
162@@ -175,6 +175,8 @@ int safe_path_fd(int, const char *, struct passwd *, 162@@ -181,6 +181,8 @@ int opt_match(const char **opts, const char *term);
163 char *read_passphrase(const char *, int); 163 char *read_passphrase(const char *, int);
164 int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2))); 164 int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
165 165
@@ -169,10 +169,10 @@ index 5b4325aba..a4bdee187 100644
169 #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) 169 #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
170 #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) 170 #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y))
171diff --git a/readconf.c b/readconf.c 171diff --git a/readconf.c b/readconf.c
172index 3d0b6ff90..cd60007f8 100644 172index 09787c0e5..16d2729dd 100644
173--- a/readconf.c 173--- a/readconf.c
174+++ b/readconf.c 174+++ b/readconf.c
175@@ -1846,8 +1846,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, 175@@ -1855,8 +1855,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
176 176
177 if (fstat(fileno(f), &sb) == -1) 177 if (fstat(fileno(f), &sb) == -1)
178 fatal("fstat %s: %s", filename, strerror(errno)); 178 fatal("fstat %s: %s", filename, strerror(errno));
@@ -183,7 +183,7 @@ index 3d0b6ff90..cd60007f8 100644
183 } 183 }
184 184
185diff --git a/ssh.1 b/ssh.1 185diff --git a/ssh.1 b/ssh.1
186index a1c7d2305..64ead5f57 100644 186index 26940ad55..20e4c4efa 100644
187--- a/ssh.1 187--- a/ssh.1
188+++ b/ssh.1 188+++ b/ssh.1
189@@ -1484,6 +1484,8 @@ The file format and configuration options are described in 189@@ -1484,6 +1484,8 @@ The file format and configuration options are described in
@@ -196,10 +196,10 @@ index a1c7d2305..64ead5f57 100644
196 .It Pa ~/.ssh/environment 196 .It Pa ~/.ssh/environment
197 Contains additional definitions for environment variables; see 197 Contains additional definitions for environment variables; see
198diff --git a/ssh_config.5 b/ssh_config.5 198diff --git a/ssh_config.5 b/ssh_config.5
199index 250c92d04..bd1e9311d 100644 199index bc04d8d02..2c74b57c0 100644
200--- a/ssh_config.5 200--- a/ssh_config.5
201+++ b/ssh_config.5 201+++ b/ssh_config.5
202@@ -1885,6 +1885,8 @@ The format of this file is described above. 202@@ -1907,6 +1907,8 @@ The format of this file is described above.
203 This file is used by the SSH client. 203 This file is used by the SSH client.
204 Because of the potential for abuse, this file must have strict permissions: 204 Because of the potential for abuse, this file must have strict permissions:
205 read/write for the user, and not writable by others. 205 read/write for the user, and not writable by others.