1 files changed, 18 insertions, 18 deletions
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 9a1b434fa..8bd35addf 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
-From 19f1d075a06f4d3c9b440d7272272569d8bb0a17 Mon Sep 17 00:00:00 2001
+From 3309e464e5ae6c940ddd584eed4d2d403f4c168c Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:09:58 +0000
 Subject: Allow harmless group-writability
@@ -51,10 +51,10 @@ index 7a10210b6..587f53721 100644
                            pw->pw_name, buf);
                        auth_debug_add("Bad file modes for %.200s", buf);
 diff --git a/auth.c b/auth.c
-index 47c27773c..fc0c05bae 100644
+index 687c57b42..aed3c13ac 100644
 --- a/auth.c
 +++ b/auth.c
-@@ -473,8 +473,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
+@@ -474,8 +474,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host,
                user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
                if (options.strict_modes &&
                    (stat(user_hostfile, &st) == 0) &&
@@ -65,10 +65,10 @@ index 47c27773c..fc0c05bae 100644
                            "bad owner or modes for %.200s",
                            pw->pw_name, user_hostfile);
 diff --git a/misc.c b/misc.c
-index 88833d7ff..42eeb425a 100644
+index 3a31d5c18..073d3be19 100644
 --- a/misc.c
 +++ b/misc.c
-@@ -59,8 +59,9 @@
+@@ -61,8 +61,9 @@
 #include <netdb.h>
 #ifdef HAVE_PATHS_H
 # include <paths.h>
@@ -79,7 +79,7 @@ index 88833d7ff..42eeb425a 100644
 #ifdef SSH_TUN_OPENBSD
 #include <net/if.h>
 #endif
-@@ -1112,6 +1113,55 @@ percent_expand(const char *string, ...)
+@@ -1124,6 +1125,55 @@ percent_expand(const char *string, ...)
 #undef EXPAND_MAX_KEYS
 }
 
@@ -135,7 +135,7 @@ index 88833d7ff..42eeb425a 100644
 int
 tun_open(int tun, int mode, char **ifname)
 {
-@@ -1869,8 +1919,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -1909,8 +1959,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
                snprintf(err, errlen, "%s is not a regular file", buf);
                return -1;
        }
@@ -145,7 +145,7 @@ index 88833d7ff..42eeb425a 100644
                snprintf(err, errlen, "bad ownership or modes for file %s",
                    buf);
                return -1;
-@@ -1885,8 +1934,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
+@@ -1925,8 +1974,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir,
                strlcpy(buf, cp, sizeof(buf));
 
                if (stat(buf, &st) == -1 ||
@@ -156,12 +156,12 @@ index 88833d7ff..42eeb425a 100644
                            "bad ownership or modes for directory %s", buf);
                        return -1;
 diff --git a/misc.h b/misc.h
-index bcc34f980..869895d3a 100644
+index 4a05db2da..5db594b91 100644
 --- a/misc.h
 +++ b/misc.h
-@@ -181,6 +181,8 @@ int opt_match(const char **opts, const char *term);
+@@ -188,6 +188,8 @@ struct notifier_ctx *notify_start(int, const char *, ...)
- char   *read_passphrase(const char *, int);
+        __attribute__((format(printf, 2, 3)));
- int     ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));
+ void   notify_complete(struct notifier_ctx *);
 
 +int     secure_permissions(struct stat *st, uid_t uid);
 +
@@ -169,10 +169,10 @@ index bcc34f980..869895d3a 100644
 #define MAXIMUM(a, b)  (((a) > (b)) ? (a) : (b))
 #define ROUNDUP(x, y)   ((((x)+((y)-1))/(y))*(y))
 diff --git a/readconf.c b/readconf.c
-index 09787c0e5..16d2729dd 100644
+index 2399208f8..7f251dd4a 100644
 --- a/readconf.c
 +++ b/readconf.c
-@@ -1855,8 +1855,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
+@@ -1902,8 +1902,7 @@ read_config_file_depth(const char *filename, struct passwd *pw,
 
                if (fstat(fileno(f), &sb) == -1)
                        fatal("fstat %s: %s", filename, strerror(errno));
@@ -183,10 +183,10 @@ index 09787c0e5..16d2729dd 100644
        }
 
 diff --git a/ssh.1 b/ssh.1
-index 26940ad55..20e4c4efa 100644
+index db5c65bc7..cf991e4ee 100644
 --- a/ssh.1
 +++ b/ssh.1
-@@ -1484,6 +1484,8 @@ The file format and configuration options are described in
+@@ -1506,6 +1506,8 @@ The file format and configuration options are described in
 .Xr ssh_config 5 .
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not writable by others.
@@ -196,10 +196,10 @@ index 26940ad55..20e4c4efa 100644
 .It Pa ~/.ssh/environment
 Contains additional definitions for environment variables; see
 diff --git a/ssh_config.5 b/ssh_config.5
-index bc04d8d02..2c74b57c0 100644
+index 3079db19b..e61a0fd43 100644
 --- a/ssh_config.5
 +++ b/ssh_config.5
-@@ -1907,6 +1907,8 @@ The format of this file is described above.
+@@ -1952,6 +1952,8 @@ The format of this file is described above.
 This file is used by the SSH client.
 Because of the potential for abuse, this file must have strict permissions:
 read/write for the user, and not writable by others.

diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 9a1b434fa..8bd35addf 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch
@@ -1,4 +1,4 @@
1	From 19f1d075a06f4d3c9b440d7272272569d8bb0a17 Mon Sep 17 00:00:00 2001	1	From 3309e464e5ae6c940ddd584eed4d2d403f4c168c Mon Sep 17 00:00:00 2001
2	From: Colin Watson <cjwatson@debian.org>	2	From: Colin Watson <cjwatson@debian.org>
3	Date: Sun, 9 Feb 2014 16:09:58 +0000	3	Date: Sun, 9 Feb 2014 16:09:58 +0000
4	Subject: Allow harmless group-writability	4	Subject: Allow harmless group-writability
@@ -51,10 +51,10 @@ index 7a10210b6..587f53721 100644
51	pw->pw_name, buf);	51	pw->pw_name, buf);
52	auth_debug_add("Bad file modes for %.200s", buf);	52	auth_debug_add("Bad file modes for %.200s", buf);
53	diff --git a/auth.c b/auth.c	53	diff --git a/auth.c b/auth.c
54	index 47c27773c..fc0c05bae 100644	54	index 687c57b42..aed3c13ac 100644
55	--- a/auth.c	55	--- a/auth.c
56	+++ b/auth.c	56	+++ b/auth.c
57	@@ -473,8 +473,7 @@ check_key_in_hostfiles(struct passwd pw, struct sshkey key, const char *host,	57	@@ -474,8 +474,7 @@ check_key_in_hostfiles(struct passwd pw, struct sshkey key, const char *host,
58	user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);	58	user_hostfile = tilde_expand_filename(userfile, pw->pw_uid);
59	if (options.strict_modes &&	59	if (options.strict_modes &&
60	(stat(user_hostfile, &st) == 0) &&	60	(stat(user_hostfile, &st) == 0) &&
@@ -65,10 +65,10 @@ index 47c27773c..fc0c05bae 100644
65	"bad owner or modes for %.200s",	65	"bad owner or modes for %.200s",
66	pw->pw_name, user_hostfile);	66	pw->pw_name, user_hostfile);
67	diff --git a/misc.c b/misc.c	67	diff --git a/misc.c b/misc.c
68	index 88833d7ff..42eeb425a 100644	68	index 3a31d5c18..073d3be19 100644
69	--- a/misc.c	69	--- a/misc.c
70	+++ b/misc.c	70	+++ b/misc.c
71	@@ -59,8 +59,9 @@	71	@@ -61,8 +61,9 @@
72	#include <netdb.h>	72	#include <netdb.h>
73	#ifdef HAVE_PATHS_H	73	#ifdef HAVE_PATHS_H
74	# include <paths.h>	74	# include <paths.h>
@@ -79,7 +79,7 @@ index 88833d7ff..42eeb425a 100644
79	#ifdef SSH_TUN_OPENBSD	79	#ifdef SSH_TUN_OPENBSD
80	#include <net/if.h>	80	#include <net/if.h>
81	#endif	81	#endif
82	@@ -1112,6 +1113,55 @@ percent_expand(const char *string, ...)	82	@@ -1124,6 +1125,55 @@ percent_expand(const char *string, ...)
83	#undef EXPAND_MAX_KEYS	83	#undef EXPAND_MAX_KEYS
84	}	84	}
85		85
@@ -135,7 +135,7 @@ index 88833d7ff..42eeb425a 100644
135	int	135	int
136	tun_open(int tun, int mode, char **ifname)	136	tun_open(int tun, int mode, char **ifname)
137	{	137	{
138	@@ -1869,8 +1919,7 @@ safe_path(const char name, struct stat stp, const char *pw_dir,	138	@@ -1909,8 +1959,7 @@ safe_path(const char name, struct stat stp, const char *pw_dir,
139	snprintf(err, errlen, "%s is not a regular file", buf);	139	snprintf(err, errlen, "%s is not a regular file", buf);
140	return -1;	140	return -1;
141	}	141	}
@@ -145,7 +145,7 @@ index 88833d7ff..42eeb425a 100644
145	snprintf(err, errlen, "bad ownership or modes for file %s",	145	snprintf(err, errlen, "bad ownership or modes for file %s",
146	buf);	146	buf);
147	return -1;	147	return -1;
148	@@ -1885,8 +1934,7 @@ safe_path(const char name, struct stat stp, const char *pw_dir,	148	@@ -1925,8 +1974,7 @@ safe_path(const char name, struct stat stp, const char *pw_dir,
149	strlcpy(buf, cp, sizeof(buf));	149	strlcpy(buf, cp, sizeof(buf));
150		150
151	if (stat(buf, &st) == -1 \|\|	151	if (stat(buf, &st) == -1 \|\|
@@ -156,12 +156,12 @@ index 88833d7ff..42eeb425a 100644
156	"bad ownership or modes for directory %s", buf);	156	"bad ownership or modes for directory %s", buf);
157	return -1;	157	return -1;
158	diff --git a/misc.h b/misc.h	158	diff --git a/misc.h b/misc.h
159	index bcc34f980..869895d3a 100644	159	index 4a05db2da..5db594b91 100644
160	--- a/misc.h	160	--- a/misc.h
161	+++ b/misc.h	161	+++ b/misc.h
162	@@ -181,6 +181,8 @@ int opt_match(const char *opts, const char term);	162	@@ -188,6 +188,8 @@ struct notifier_ctx notify_start(int, const char , ...)
163	char read_passphrase(const char , int);	163	__attribute__((format(printf, 2, 3)));
164	int ask_permission(const char *, ...) __attribute__((format(printf, 1, 2)));	164	void notify_complete(struct notifier_ctx *);
165		165
166	+int secure_permissions(struct stat *st, uid_t uid);	166	+int secure_permissions(struct stat *st, uid_t uid);
167	+	167	+
@@ -169,10 +169,10 @@ index bcc34f980..869895d3a 100644
169	#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))	169	#define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b))
170	#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y))	170	#define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y))
171	diff --git a/readconf.c b/readconf.c	171	diff --git a/readconf.c b/readconf.c
172	index 09787c0e5..16d2729dd 100644	172	index 2399208f8..7f251dd4a 100644
173	--- a/readconf.c	173	--- a/readconf.c
174	+++ b/readconf.c	174	+++ b/readconf.c
175	@@ -1855,8 +1855,7 @@ read_config_file_depth(const char filename, struct passwd pw,	175	@@ -1902,8 +1902,7 @@ read_config_file_depth(const char filename, struct passwd pw,
176		176
177	if (fstat(fileno(f), &sb) == -1)	177	if (fstat(fileno(f), &sb) == -1)
178	fatal("fstat %s: %s", filename, strerror(errno));	178	fatal("fstat %s: %s", filename, strerror(errno));
@@ -183,10 +183,10 @@ index 09787c0e5..16d2729dd 100644
183	}	183	}
184		184
185	diff --git a/ssh.1 b/ssh.1	185	diff --git a/ssh.1 b/ssh.1
186	index 26940ad55..20e4c4efa 100644	186	index db5c65bc7..cf991e4ee 100644
187	--- a/ssh.1	187	--- a/ssh.1
188	+++ b/ssh.1	188	+++ b/ssh.1
189	@@ -1484,6 +1484,8 @@ The file format and configuration options are described in	189	@@ -1506,6 +1506,8 @@ The file format and configuration options are described in
190	.Xr ssh_config 5 .	190	.Xr ssh_config 5 .
191	Because of the potential for abuse, this file must have strict permissions:	191	Because of the potential for abuse, this file must have strict permissions:
192	read/write for the user, and not writable by others.	192	read/write for the user, and not writable by others.
@@ -196,10 +196,10 @@ index 26940ad55..20e4c4efa 100644
196	.It Pa ~/.ssh/environment	196	.It Pa ~/.ssh/environment
197	Contains additional definitions for environment variables; see	197	Contains additional definitions for environment variables; see
198	diff --git a/ssh_config.5 b/ssh_config.5	198	diff --git a/ssh_config.5 b/ssh_config.5
199	index bc04d8d02..2c74b57c0 100644	199	index 3079db19b..e61a0fd43 100644
200	--- a/ssh_config.5	200	--- a/ssh_config.5
201	+++ b/ssh_config.5	201	+++ b/ssh_config.5
202	@@ -1907,6 +1907,8 @@ The format of this file is described above.	202	@@ -1952,6 +1952,8 @@ The format of this file is described above.
203	This file is used by the SSH client.	203	This file is used by the SSH client.
204	Because of the potential for abuse, this file must have strict permissions:	204	Because of the potential for abuse, this file must have strict permissions:
205	read/write for the user, and not writable by others.	205	read/write for the user, and not writable by others.