1 files changed, 14 insertions, 14 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 1368ccb3c..ddedbf79a 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -9,7 +9,7 @@ Description: Allow harmless group-writability
 Author: Colin Watson <cjwatson@debian.org>
 Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
 Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
-Last-Update: 2010-02-27
+Last-Update: 2013-05-07
 Index: b/readconf.c
 ===================================================================
@@ -38,7 +38,7 @@ Index: b/ssh.1
 ===================================================================
 --- a/ssh.1
 +++ b/ssh.1
-@@ -1312,6 +1312,8 @@
+@@ -1320,6 +1320,8 @@
 .Xr ssh_config 5 .
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
@@ -51,7 +51,7 @@ Index: b/ssh_config.5
 ===================================================================
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -1342,6 +1342,8 @@
+@@ -1356,6 +1356,8 @@
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not accessible by others.
@@ -64,7 +64,7 @@ Index: b/auth.c
 ===================================================================
 --- a/auth.c
 +++ b/auth.c
-@@ -381,8 +381,7 @@
+@@ -386,8 +386,7 @@
                user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
                if (options.strict_modes &&
                    (stat(user_hostfile, &st) == 0) &&
@@ -74,21 +74,21 @@ Index: b/auth.c
                        logit("Authentication refused for %.100s: "
                            "bad owner or modes for %.200s",
                            pw->pw_name, user_hostfile);
-@@ -443,8 +442,7 @@
+@@ -449,8 +448,7 @@
- 
+                snprintf(err, errlen, "%s is not a regular file", buf);
-        /* check the open file to avoid races */
+                return -1;
-        if (fstat(fileno(f), &st) < 0 ||
+        }
-           (st.st_uid != 0 && st.st_uid != uid) ||
+-       if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) ||
-           (st.st_mode & 022) != 0) {
+-           (stp->st_mode & 022) != 0) {
-+           !secure_permissions(&st, uid)) {
+       if (!secure_permissions(stp, uid)) {
                snprintf(err, errlen, "bad ownership or modes for file %s",
                    buf);
                return -1;
-@@ -459,8 +457,7 @@
+@@ -465,8 +463,7 @@
                strlcpy(buf, cp, sizeof(buf));
 
                if (stat(buf, &st) < 0 ||
-                   (st.st_uid != 0 && st.st_uid != uid) ||
+-                   (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) ||
 -                   (st.st_mode & 022) != 0) {
 +                   !secure_permissions(&st, uid)) {
                        snprintf(err, errlen,
@@ -115,7 +115,7 @@ Index: b/misc.c
 int
 +secure_permissions(struct stat *st, uid_t uid)
 +{
-+       if (st->st_uid != 0 && st->st_uid != uid)
+       if (!platform_sys_dir_uid(st->st_uid) && st->st_uid != uid)
 +               return 0;
 +       if ((st->st_mode & 002) != 0)
 +               return 0;

diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 1368ccb3c..ddedbf79a 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch
@@ -9,7 +9,7 @@ Description: Allow harmless group-writability
9	Author: Colin Watson <cjwatson@debian.org>	9	Author: Colin Watson <cjwatson@debian.org>
10	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060	10	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
11	Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347	11	Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
12	Last-Update: 2010-02-27	12	Last-Update: 2013-05-07
13		13
14	Index: b/readconf.c	14	Index: b/readconf.c
15	===================================================================	15	===================================================================
@@ -38,7 +38,7 @@ Index: b/ssh.1
38	===================================================================	38	===================================================================
39	--- a/ssh.1	39	--- a/ssh.1
40	+++ b/ssh.1	40	+++ b/ssh.1
41	@@ -1312,6 +1312,8 @@	41	@@ -1320,6 +1320,8 @@
42	.Xr ssh_config 5 .	42	.Xr ssh_config 5 .
43	Because of the potential for abuse, this file must have strict permissions:	43	Because of the potential for abuse, this file must have strict permissions:
44	read/write for the user, and not accessible by others.	44	read/write for the user, and not accessible by others.
@@ -51,7 +51,7 @@ Index: b/ssh_config.5
51	===================================================================	51	===================================================================
52	--- a/ssh_config.5	52	--- a/ssh_config.5
53	+++ b/ssh_config.5	53	+++ b/ssh_config.5
54	@@ -1342,6 +1342,8 @@	54	@@ -1356,6 +1356,8 @@
55	This file is used by the SSH client.	55	This file is used by the SSH client.
56	Because of the potential for abuse, this file must have strict permissions:	56	Because of the potential for abuse, this file must have strict permissions:
57	read/write for the user, and not accessible by others.	57	read/write for the user, and not accessible by others.
@@ -64,7 +64,7 @@ Index: b/auth.c
64	===================================================================	64	===================================================================
65	--- a/auth.c	65	--- a/auth.c
66	+++ b/auth.c	66	+++ b/auth.c
67	@@ -381,8 +381,7 @@	67	@@ -386,8 +386,7 @@
68	user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);	68	user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
69	if (options.strict_modes &&	69	if (options.strict_modes &&
70	(stat(user_hostfile, &st) == 0) &&	70	(stat(user_hostfile, &st) == 0) &&
@@ -74,21 +74,21 @@ Index: b/auth.c
74	logit("Authentication refused for %.100s: "	74	logit("Authentication refused for %.100s: "
75	"bad owner or modes for %.200s",	75	"bad owner or modes for %.200s",
76	pw->pw_name, user_hostfile);	76	pw->pw_name, user_hostfile);
77	@@ -443,8 +442,7 @@	77	@@ -449,8 +448,7 @@
78		78	snprintf(err, errlen, "%s is not a regular file", buf);
79	/* check the open file to avoid races */	79	return -1;
80	if (fstat(fileno(f), &st) < 0 \|\|	80	}
81	- (st.st_uid != 0 && st.st_uid != uid) \|\|	81	- if ((!platform_sys_dir_uid(stp->st_uid) && stp->st_uid != uid) \|\|
82	- (st.st_mode & 022) != 0) {	82	- (stp->st_mode & 022) != 0) {
83	+ !secure_permissions(&st, uid)) {	83	+ if (!secure_permissions(stp, uid)) {
84	snprintf(err, errlen, "bad ownership or modes for file %s",	84	snprintf(err, errlen, "bad ownership or modes for file %s",
85	buf);	85	buf);
86	return -1;	86	return -1;
87	@@ -459,8 +457,7 @@	87	@@ -465,8 +463,7 @@
88	strlcpy(buf, cp, sizeof(buf));	88	strlcpy(buf, cp, sizeof(buf));
89		89
90	if (stat(buf, &st) < 0 \|\|	90	if (stat(buf, &st) < 0 \|\|
91	- (st.st_uid != 0 && st.st_uid != uid) \|\|	91	- (!platform_sys_dir_uid(st.st_uid) && st.st_uid != uid) \|\|
92	- (st.st_mode & 022) != 0) {	92	- (st.st_mode & 022) != 0) {
93	+ !secure_permissions(&st, uid)) {	93	+ !secure_permissions(&st, uid)) {
94	snprintf(err, errlen,	94	snprintf(err, errlen,
@@ -115,7 +115,7 @@ Index: b/misc.c
115	int	115	int
116	+secure_permissions(struct stat *st, uid_t uid)	116	+secure_permissions(struct stat *st, uid_t uid)
117	+{	117	+{
118	+ if (st->st_uid != 0 && st->st_uid != uid)	118	+ if (!platform_sys_dir_uid(st->st_uid) && st->st_uid != uid)
119	+ return 0;	119	+ return 0;
120	+ if ((st->st_mode & 002) != 0)	120	+ if ((st->st_mode & 002) != 0)
121	+ return 0;	121	+ return 0;