summaryrefslogtreecommitdiff
path: root/debian/patches
diff options
context:
space:
mode:
Diffstat (limited to 'debian/patches')
-rw-r--r--debian/patches/auth-log-verbosity.patch6
-rw-r--r--debian/patches/authorized-keys-man-symlink.patch2
-rw-r--r--debian/patches/cross-pkg-config.patch8
-rw-r--r--debian/patches/debian-banner.patch2
-rw-r--r--debian/patches/debian-config.patch2
-rw-r--r--debian/patches/gssapi.patch40
-rw-r--r--debian/patches/keepalive-extensions.patch4
-rw-r--r--debian/patches/lintian-symlink-pickiness.patch2
-rw-r--r--debian/patches/no-openssl-version-check.patch27
-rw-r--r--debian/patches/openbsd-docs.patch14
-rw-r--r--debian/patches/package-versioning.patch4
-rw-r--r--debian/patches/quieter-signals.patch2
-rw-r--r--debian/patches/selinux-role.patch23
-rw-r--r--debian/patches/series1
-rw-r--r--debian/patches/ssh-argv0.patch2
-rw-r--r--debian/patches/ssh-vulnkey.patch48
-rw-r--r--debian/patches/ssh1-keepalive.patch4
-rw-r--r--debian/patches/syslog-level-silent.patch2
-rw-r--r--debian/patches/user-group-modes.patch4
19 files changed, 83 insertions, 114 deletions
diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch
index da940d9fa..bc2602306 100644
--- a/debian/patches/auth-log-verbosity.patch
+++ b/debian/patches/auth-log-verbosity.patch
@@ -47,7 +47,7 @@ Index: b/auth-options.c
47 auth_debug_add("Your host '%.200s' is not " 47 auth_debug_add("Your host '%.200s' is not "
48 "permitted to use this key for login.", 48 "permitted to use this key for login.",
49 remote_host); 49 remote_host);
50@@ -526,11 +540,14 @@ 50@@ -512,11 +526,14 @@
51 break; 51 break;
52 case 0: 52 case 0:
53 /* no match */ 53 /* no match */
@@ -104,7 +104,7 @@ Index: b/auth2-pubkey.c
104 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { 104 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
105 /* Skip leading whitespace. */ 105 /* Skip leading whitespace. */
106 for (cp = line; *cp == ' ' || *cp == '\t'; cp++) 106 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
107@@ -280,6 +281,8 @@ 107@@ -281,6 +282,8 @@
108 found_key = 0; 108 found_key = 0;
109 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); 109 found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type);
110 110
@@ -113,7 +113,7 @@ Index: b/auth2-pubkey.c
113 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { 113 while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
114 char *cp, *key_options = NULL; 114 char *cp, *key_options = NULL;
115 115
116@@ -416,6 +419,7 @@ 116@@ -417,6 +420,7 @@
117 if (key_cert_check_authority(key, 0, 1, 117 if (key_cert_check_authority(key, 0, 1,
118 principals_file == NULL ? pw->pw_name : NULL, &reason) != 0) 118 principals_file == NULL ? pw->pw_name : NULL, &reason) != 0)
119 goto fail_reason; 119 goto fail_reason;
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch
index a9ca85407..08ba01e37 100644
--- a/debian/patches/authorized-keys-man-symlink.patch
+++ b/debian/patches/authorized-keys-man-symlink.patch
@@ -8,7 +8,7 @@ Index: b/Makefile.in
8=================================================================== 8===================================================================
9--- a/Makefile.in 9--- a/Makefile.in
10+++ b/Makefile.in 10+++ b/Makefile.in
11@@ -275,6 +275,7 @@ 11@@ -276,6 +276,7 @@
12 $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 12 $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5
13 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 13 $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5
14 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 14 $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8
diff --git a/debian/patches/cross-pkg-config.patch b/debian/patches/cross-pkg-config.patch
index 87818cd95..c25d2a6e5 100644
--- a/debian/patches/cross-pkg-config.patch
+++ b/debian/patches/cross-pkg-config.patch
@@ -8,7 +8,7 @@ Index: b/configure
8=================================================================== 8===================================================================
9--- a/configure 9--- a/configure
10+++ b/configure 10+++ b/configure
11@@ -8739,8 +8739,9 @@ 11@@ -9194,8 +9194,9 @@
12 if test "${with_libedit+set}" = set; then : 12 if test "${with_libedit+set}" = set; then :
13 withval=$with_libedit; if test "x$withval" != "xno" ; then 13 withval=$with_libedit; if test "x$withval" != "xno" ; then
14 if test "x$withval" = "xyes" ; then 14 if test "x$withval" = "xyes" ; then
@@ -20,7 +20,7 @@ Index: b/configure
20 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 20 { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5
21 $as_echo_n "checking for $ac_word... " >&6; } 21 $as_echo_n "checking for $ac_word... " >&6; }
22 if ${ac_cv_path_PKGCONFIG+:} false; then : 22 if ${ac_cv_path_PKGCONFIG+:} false; then :
23@@ -8766,7 +8767,6 @@ 23@@ -9221,7 +9222,6 @@
24 done 24 done
25 IFS=$as_save_IFS 25 IFS=$as_save_IFS
26 26
@@ -28,7 +28,7 @@ Index: b/configure
28 ;; 28 ;;
29 esac 29 esac
30 fi 30 fi
31@@ -8780,6 +8780,63 @@ 31@@ -9235,6 +9235,63 @@
32 fi 32 fi
33 33
34 34
@@ -96,7 +96,7 @@ Index: b/configure.ac
96=================================================================== 96===================================================================
97--- a/configure.ac 97--- a/configure.ac
98+++ b/configure.ac 98+++ b/configure.ac
99@@ -1349,7 +1349,7 @@ 99@@ -1434,7 +1434,7 @@
100 [ --with-libedit[[=PATH]] Enable libedit support for sftp], 100 [ --with-libedit[[=PATH]] Enable libedit support for sftp],
101 [ if test "x$withval" != "xno" ; then 101 [ if test "x$withval" != "xno" ; then
102 if test "x$withval" = "xyes" ; then 102 if test "x$withval" = "xyes" ; then
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch
index 57ca35e87..a03ce23bb 100644
--- a/debian/patches/debian-banner.patch
+++ b/debian/patches/debian-banner.patch
@@ -71,7 +71,7 @@ Index: b/sshd.c
71=================================================================== 71===================================================================
72--- a/sshd.c 72--- a/sshd.c
73+++ b/sshd.c 73+++ b/sshd.c
74@@ -423,7 +423,8 @@ 74@@ -424,7 +424,8 @@
75 minor = PROTOCOL_MINOR_1; 75 minor = PROTOCOL_MINOR_1;
76 } 76 }
77 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, 77 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch
index 74aa53ecc..57ebbf540 100644
--- a/debian/patches/debian-config.patch
+++ b/debian/patches/debian-config.patch
@@ -24,7 +24,7 @@ Index: b/readconf.c
24=================================================================== 24===================================================================
25--- a/readconf.c 25--- a/readconf.c
26+++ b/readconf.c 26+++ b/readconf.c
27@@ -1268,7 +1268,7 @@ 27@@ -1269,7 +1269,7 @@
28 if (options->forward_x11 == -1) 28 if (options->forward_x11 == -1)
29 options->forward_x11 = 0; 29 options->forward_x11 = 0;
30 if (options->forward_x11_trusted == -1) 30 if (options->forward_x11_trusted == -1)
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch
index dc293683e..d78835bd6 100644
--- a/debian/patches/gssapi.patch
+++ b/debian/patches/gssapi.patch
@@ -327,7 +327,7 @@ Index: b/clientloop.c
327 /* import options */ 327 /* import options */
328 extern Options options; 328 extern Options options;
329 329
330@@ -1508,6 +1512,15 @@ 330@@ -1540,6 +1544,15 @@
331 /* Do channel operations unless rekeying in progress. */ 331 /* Do channel operations unless rekeying in progress. */
332 if (!rekeying) { 332 if (!rekeying) {
333 channel_after_select(readset, writeset); 333 channel_after_select(readset, writeset);
@@ -347,7 +347,7 @@ Index: b/config.h.in
347=================================================================== 347===================================================================
348--- a/config.h.in 348--- a/config.h.in
349+++ b/config.h.in 349+++ b/config.h.in
350@@ -1441,6 +1441,9 @@ 350@@ -1465,6 +1465,9 @@
351 /* Use btmp to log bad logins */ 351 /* Use btmp to log bad logins */
352 #undef USE_BTMP 352 #undef USE_BTMP
353 353
@@ -357,7 +357,7 @@ Index: b/config.h.in
357 /* Use libedit for sftp */ 357 /* Use libedit for sftp */
358 #undef USE_LIBEDIT 358 #undef USE_LIBEDIT
359 359
360@@ -1456,6 +1459,9 @@ 360@@ -1480,6 +1483,9 @@
361 /* Use PIPES instead of a socketpair() */ 361 /* Use PIPES instead of a socketpair() */
362 #undef USE_PIPES 362 #undef USE_PIPES
363 363
@@ -371,7 +371,7 @@ Index: b/configure
371=================================================================== 371===================================================================
372--- a/configure 372--- a/configure
373+++ b/configure 373+++ b/configure
374@@ -6521,6 +6521,63 @@ 374@@ -6608,6 +6608,63 @@
375 375
376 $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h 376 $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h
377 377
@@ -439,7 +439,7 @@ Index: b/configure.ac
439=================================================================== 439===================================================================
440--- a/configure.ac 440--- a/configure.ac
441+++ b/configure.ac 441+++ b/configure.ac
442@@ -515,6 +515,30 @@ 442@@ -545,6 +545,30 @@
443 [Use tunnel device compatibility to OpenBSD]) 443 [Use tunnel device compatibility to OpenBSD])
444 AC_DEFINE([SSH_TUN_PREPEND_AF], [1], 444 AC_DEFINE([SSH_TUN_PREPEND_AF], [1],
445 [Prepend the address family to IP tunnel traffic]) 445 [Prepend the address family to IP tunnel traffic])
@@ -2059,7 +2059,7 @@ Index: b/monitor.c
2059 } else { 2059 } else {
2060 mon_dispatch = mon_dispatch_postauth15; 2060 mon_dispatch = mon_dispatch_postauth15;
2061 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); 2061 monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1);
2062@@ -1802,6 +1819,13 @@ 2062@@ -1803,6 +1820,13 @@
2063 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 2063 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
2064 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 2064 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
2065 kex->kex[KEX_ECDH_SHA2] = kexecdh_server; 2065 kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
@@ -2073,7 +2073,7 @@ Index: b/monitor.c
2073 kex->server = 1; 2073 kex->server = 1;
2074 kex->hostkey_type = buffer_get_int(m); 2074 kex->hostkey_type = buffer_get_int(m);
2075 kex->kex_type = buffer_get_int(m); 2075 kex->kex_type = buffer_get_int(m);
2076@@ -2008,6 +2032,9 @@ 2076@@ -2009,6 +2033,9 @@
2077 OM_uint32 major; 2077 OM_uint32 major;
2078 u_int len; 2078 u_int len;
2079 2079
@@ -2083,7 +2083,7 @@ Index: b/monitor.c
2083 goid.elements = buffer_get_string(m, &len); 2083 goid.elements = buffer_get_string(m, &len);
2084 goid.length = len; 2084 goid.length = len;
2085 2085
2086@@ -2035,6 +2062,9 @@ 2086@@ -2036,6 +2063,9 @@
2087 OM_uint32 flags = 0; /* GSI needs this */ 2087 OM_uint32 flags = 0; /* GSI needs this */
2088 u_int len; 2088 u_int len;
2089 2089
@@ -2093,7 +2093,7 @@ Index: b/monitor.c
2093 in.value = buffer_get_string(m, &len); 2093 in.value = buffer_get_string(m, &len);
2094 in.length = len; 2094 in.length = len;
2095 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); 2095 major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags);
2096@@ -2052,6 +2082,7 @@ 2096@@ -2053,6 +2083,7 @@
2097 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); 2097 monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0);
2098 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); 2098 monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1);
2099 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); 2099 monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1);
@@ -2101,7 +2101,7 @@ Index: b/monitor.c
2101 } 2101 }
2102 return (0); 2102 return (0);
2103 } 2103 }
2104@@ -2063,6 +2094,9 @@ 2104@@ -2064,6 +2095,9 @@
2105 OM_uint32 ret; 2105 OM_uint32 ret;
2106 u_int len; 2106 u_int len;
2107 2107
@@ -2111,7 +2111,7 @@ Index: b/monitor.c
2111 gssbuf.value = buffer_get_string(m, &len); 2111 gssbuf.value = buffer_get_string(m, &len);
2112 gssbuf.length = len; 2112 gssbuf.length = len;
2113 mic.value = buffer_get_string(m, &len); 2113 mic.value = buffer_get_string(m, &len);
2114@@ -2089,7 +2123,11 @@ 2114@@ -2090,7 +2124,11 @@
2115 { 2115 {
2116 int authenticated; 2116 int authenticated;
2117 2117
@@ -2124,7 +2124,7 @@ Index: b/monitor.c
2124 2124
2125 buffer_clear(m); 2125 buffer_clear(m);
2126 buffer_put_int(m, authenticated); 2126 buffer_put_int(m, authenticated);
2127@@ -2102,6 +2140,74 @@ 2127@@ -2103,6 +2141,74 @@
2128 /* Monitor loop will terminate if authenticated */ 2128 /* Monitor loop will terminate if authenticated */
2129 return (authenticated); 2129 return (authenticated);
2130 } 2130 }
@@ -2326,7 +2326,7 @@ Index: b/readconf.c
2326 #endif 2326 #endif
2327 { "fallbacktorsh", oDeprecated }, 2327 { "fallbacktorsh", oDeprecated },
2328 { "usersh", oDeprecated }, 2328 { "usersh", oDeprecated },
2329@@ -482,10 +493,30 @@ 2329@@ -483,10 +494,30 @@
2330 intptr = &options->gss_authentication; 2330 intptr = &options->gss_authentication;
2331 goto parse_flag; 2331 goto parse_flag;
2332 2332
@@ -2357,7 +2357,7 @@ Index: b/readconf.c
2357 case oBatchMode: 2357 case oBatchMode:
2358 intptr = &options->batch_mode; 2358 intptr = &options->batch_mode;
2359 goto parse_flag; 2359 goto parse_flag;
2360@@ -1138,7 +1169,12 @@ 2360@@ -1139,7 +1170,12 @@
2361 options->pubkey_authentication = -1; 2361 options->pubkey_authentication = -1;
2362 options->challenge_response_authentication = -1; 2362 options->challenge_response_authentication = -1;
2363 options->gss_authentication = -1; 2363 options->gss_authentication = -1;
@@ -2370,7 +2370,7 @@ Index: b/readconf.c
2370 options->password_authentication = -1; 2370 options->password_authentication = -1;
2371 options->kbd_interactive_authentication = -1; 2371 options->kbd_interactive_authentication = -1;
2372 options->kbd_interactive_devices = NULL; 2372 options->kbd_interactive_devices = NULL;
2373@@ -1238,8 +1274,14 @@ 2373@@ -1239,8 +1275,14 @@
2374 options->challenge_response_authentication = 1; 2374 options->challenge_response_authentication = 1;
2375 if (options->gss_authentication == -1) 2375 if (options->gss_authentication == -1)
2376 options->gss_authentication = 0; 2376 options->gss_authentication = 0;
@@ -2389,7 +2389,7 @@ Index: b/readconf.h
2389=================================================================== 2389===================================================================
2390--- a/readconf.h 2390--- a/readconf.h
2391+++ b/readconf.h 2391+++ b/readconf.h
2392@@ -47,7 +47,12 @@ 2392@@ -48,7 +48,12 @@
2393 int challenge_response_authentication; 2393 int challenge_response_authentication;
2394 /* Try S/Key or TIS, authentication. */ 2394 /* Try S/Key or TIS, authentication. */
2395 int gss_authentication; /* Try GSS authentication */ 2395 int gss_authentication; /* Try GSS authentication */
@@ -2893,7 +2893,7 @@ Index: b/sshd.c
2893 #ifdef LIBWRAP 2893 #ifdef LIBWRAP
2894 #include <tcpd.h> 2894 #include <tcpd.h>
2895 #include <syslog.h> 2895 #include <syslog.h>
2896@@ -1612,10 +1616,13 @@ 2896@@ -1616,10 +1620,13 @@
2897 logit("Disabling protocol version 1. Could not load host key"); 2897 logit("Disabling protocol version 1. Could not load host key");
2898 options.protocol &= ~SSH_PROTO_1; 2898 options.protocol &= ~SSH_PROTO_1;
2899 } 2899 }
@@ -2907,7 +2907,7 @@ Index: b/sshd.c
2907 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { 2907 if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) {
2908 logit("sshd: no hostkeys available -- exiting."); 2908 logit("sshd: no hostkeys available -- exiting.");
2909 exit(1); 2909 exit(1);
2910@@ -1944,6 +1951,60 @@ 2910@@ -1948,6 +1955,60 @@
2911 /* Log the connection. */ 2911 /* Log the connection. */
2912 verbose("Connection from %.500s port %d", remote_ip, remote_port); 2912 verbose("Connection from %.500s port %d", remote_ip, remote_port);
2913 2913
@@ -2968,7 +2968,7 @@ Index: b/sshd.c
2968 /* 2968 /*
2969 * We don't want to listen forever unless the other side 2969 * We don't want to listen forever unless the other side
2970 * successfully authenticates itself. So we set up an alarm which is 2970 * successfully authenticates itself. So we set up an alarm which is
2971@@ -2325,6 +2386,48 @@ 2971@@ -2329,6 +2390,48 @@
2972 2972
2973 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); 2973 myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types();
2974 2974
@@ -3017,7 +3017,7 @@ Index: b/sshd.c
3017 /* start key exchange */ 3017 /* start key exchange */
3018 kex = kex_setup(myproposal); 3018 kex = kex_setup(myproposal);
3019 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; 3019 kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server;
3020@@ -2332,6 +2435,13 @@ 3020@@ -2336,6 +2439,13 @@
3021 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; 3021 kex->kex[KEX_DH_GEX_SHA1] = kexgex_server;
3022 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; 3022 kex->kex[KEX_DH_GEX_SHA256] = kexgex_server;
3023 kex->kex[KEX_ECDH_SHA2] = kexecdh_server; 3023 kex->kex[KEX_ECDH_SHA2] = kexecdh_server;
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch
index d8362de70..eab9914f2 100644
--- a/debian/patches/keepalive-extensions.patch
+++ b/debian/patches/keepalive-extensions.patch
@@ -35,7 +35,7 @@ Index: b/readconf.c
35 35
36 { NULL, oBadOption } 36 { NULL, oBadOption }
37 }; 37 };
38@@ -914,6 +917,8 @@ 38@@ -915,6 +918,8 @@
39 goto parse_flag; 39 goto parse_flag;
40 40
41 case oServerAliveInterval: 41 case oServerAliveInterval:
@@ -44,7 +44,7 @@ Index: b/readconf.c
44 intptr = &options->server_alive_interval; 44 intptr = &options->server_alive_interval;
45 goto parse_time; 45 goto parse_time;
46 46
47@@ -1385,8 +1390,13 @@ 47@@ -1386,8 +1391,13 @@
48 options->rekey_limit = 0; 48 options->rekey_limit = 0;
49 if (options->verify_host_key_dns == -1) 49 if (options->verify_host_key_dns == -1)
50 options->verify_host_key_dns = 0; 50 options->verify_host_key_dns = 0;
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch
index 7ee91cce8..12877d32f 100644
--- a/debian/patches/lintian-symlink-pickiness.patch
+++ b/debian/patches/lintian-symlink-pickiness.patch
@@ -9,7 +9,7 @@ Index: b/Makefile.in
9=================================================================== 9===================================================================
10--- a/Makefile.in 10--- a/Makefile.in
11+++ b/Makefile.in 11+++ b/Makefile.in
12@@ -282,9 +282,9 @@ 12@@ -283,9 +283,9 @@
13 $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 13 $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
14 $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 14 $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1
15 -rm -f $(DESTDIR)$(bindir)/slogin 15 -rm -f $(DESTDIR)$(bindir)/slogin
diff --git a/debian/patches/no-openssl-version-check.patch b/debian/patches/no-openssl-version-check.patch
deleted file mode 100644
index d88d0fff0..000000000
--- a/debian/patches/no-openssl-version-check.patch
+++ /dev/null
@@ -1,27 +0,0 @@
1Description: Disable OpenSSL version check
2 OpenSSL's SONAME is sufficient nowadays.
3Author: Philip Hands <phil@hands.com>
4Author: Colin Watson <cjwatson@debian.org>
5Bug-Debian: http://bugs.debian.org/93581
6Bug-Debian: http://bugs.debian.org/664383
7Forwarded: not-needed
8Last-Update: 2012-03-19
9
10Index: b/entropy.c
11===================================================================
12--- a/entropy.c
13+++ b/entropy.c
14@@ -209,13 +209,6 @@
15 #ifndef OPENSSL_PRNG_ONLY
16 unsigned char buf[RANDOM_SEED_SIZE];
17 #endif
18- /*
19- * OpenSSL version numbers: MNNFFPPS: major minor fix patch status
20- * We match major, minor, fix and status (not patch)
21- */
22- if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L)
23- fatal("OpenSSL version mismatch. Built against %lx, you "
24- "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay());
25
26 #ifndef OPENSSL_PRNG_ONLY
27 if (RAND_status() == 1) {
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch
index bda5f0c24..59fc441a7 100644
--- a/debian/patches/openbsd-docs.patch
+++ b/debian/patches/openbsd-docs.patch
@@ -34,7 +34,7 @@ Index: b/ssh-keygen.1
34=================================================================== 34===================================================================
35--- a/ssh-keygen.1 35--- a/ssh-keygen.1
36+++ b/ssh-keygen.1 36+++ b/ssh-keygen.1
37@@ -149,9 +149,7 @@ 37@@ -150,9 +150,7 @@
38 .Pa ~/.ssh/id_dsa 38 .Pa ~/.ssh/id_dsa
39 or 39 or
40 .Pa ~/.ssh/id_rsa . 40 .Pa ~/.ssh/id_rsa .
@@ -45,7 +45,7 @@ Index: b/ssh-keygen.1
45 .Pp 45 .Pp
46 Normally this program generates the key and asks for a file in which 46 Normally this program generates the key and asks for a file in which
47 to store the private key. 47 to store the private key.
48@@ -197,9 +195,7 @@ 48@@ -198,9 +196,7 @@
49 For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys 49 For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys
50 do not exist, generate the host keys with the default key file path, 50 do not exist, generate the host keys with the default key file path,
51 an empty passphrase, default bits for the key type, and default comment. 51 an empty passphrase, default bits for the key type, and default comment.
@@ -56,7 +56,7 @@ Index: b/ssh-keygen.1
56 .It Fl a Ar trials 56 .It Fl a Ar trials
57 Specifies the number of primality tests to perform when screening DH-GEX 57 Specifies the number of primality tests to perform when screening DH-GEX
58 candidates using the 58 candidates using the
59@@ -535,7 +531,7 @@ 59@@ -544,7 +540,7 @@
60 Valid generator values are 2, 3, and 5. 60 Valid generator values are 2, 3, and 5.
61 .Pp 61 .Pp
62 Screened DH groups may be installed in 62 Screened DH groups may be installed in
@@ -65,7 +65,7 @@ Index: b/ssh-keygen.1
65 It is important that this file contains moduli of a range of bit lengths and 65 It is important that this file contains moduli of a range of bit lengths and
66 that both ends of a connection share common moduli. 66 that both ends of a connection share common moduli.
67 .Sh CERTIFICATES 67 .Sh CERTIFICATES
68@@ -661,7 +657,7 @@ 68@@ -670,7 +666,7 @@
69 where the user wishes to log in using public key authentication. 69 where the user wishes to log in using public key authentication.
70 There is no need to keep the contents of this file secret. 70 There is no need to keep the contents of this file secret.
71 .Pp 71 .Pp
@@ -78,7 +78,7 @@ Index: b/ssh.1
78=================================================================== 78===================================================================
79--- a/ssh.1 79--- a/ssh.1
80+++ b/ssh.1 80+++ b/ssh.1
81@@ -731,6 +731,10 @@ 81@@ -736,6 +736,10 @@
82 .Sx HISTORY 82 .Sx HISTORY
83 section of 83 section of
84 .Xr ssl 8 84 .Xr ssl 8
@@ -102,7 +102,7 @@ Index: b/sshd.8
102 It forks a new 102 It forks a new
103 daemon for each incoming connection. 103 daemon for each incoming connection.
104 The forked daemons handle 104 The forked daemons handle
105@@ -853,7 +853,7 @@ 105@@ -856,7 +856,7 @@
106 .Xr ssh 1 ) . 106 .Xr ssh 1 ) .
107 It should only be writable by root. 107 It should only be writable by root.
108 .Pp 108 .Pp
@@ -111,7 +111,7 @@ Index: b/sshd.8
111 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". 111 Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange".
112 The file format is described in 112 The file format is described in
113 .Xr moduli 5 . 113 .Xr moduli 5 .
114@@ -951,7 +951,6 @@ 114@@ -954,7 +954,6 @@
115 .Xr ssh-vulnkey 1 , 115 .Xr ssh-vulnkey 1 ,
116 .Xr chroot 2 , 116 .Xr chroot 2 ,
117 .Xr hosts_access 5 , 117 .Xr hosts_access 5 ,
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch
index 95444cbd4..64606e2e9 100644
--- a/debian/patches/package-versioning.patch
+++ b/debian/patches/package-versioning.patch
@@ -24,7 +24,7 @@ Index: b/sshd.c
24=================================================================== 24===================================================================
25--- a/sshd.c 25--- a/sshd.c
26+++ b/sshd.c 26+++ b/sshd.c
27@@ -423,7 +423,7 @@ 27@@ -424,7 +424,7 @@
28 minor = PROTOCOL_MINOR_1; 28 minor = PROTOCOL_MINOR_1;
29 } 29 }
30 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, 30 snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor,
@@ -38,7 +38,7 @@ Index: b/version.h
38--- a/version.h 38--- a/version.h
39+++ b/version.h 39+++ b/version.h
40@@ -3,4 +3,9 @@ 40@@ -3,4 +3,9 @@
41 #define SSH_VERSION "OpenSSH_5.9" 41 #define SSH_VERSION "OpenSSH_6.0"
42 42
43 #define SSH_PORTABLE "p1" 43 #define SSH_PORTABLE "p1"
44-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE 44-#define SSH_RELEASE SSH_VERSION SSH_PORTABLE
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch
index ff41f094d..db2cba1e1 100644
--- a/debian/patches/quieter-signals.patch
+++ b/debian/patches/quieter-signals.patch
@@ -16,7 +16,7 @@ Index: b/clientloop.c
16=================================================================== 16===================================================================
17--- a/clientloop.c 17--- a/clientloop.c
18+++ b/clientloop.c 18+++ b/clientloop.c
19@@ -1619,8 +1619,10 @@ 19@@ -1651,8 +1651,10 @@
20 exit_status = 0; 20 exit_status = 0;
21 } 21 }
22 22
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch
index b14402199..0d696989a 100644
--- a/debian/patches/selinux-role.patch
+++ b/debian/patches/selinux-role.patch
@@ -108,7 +108,7 @@ Index: b/monitor.c
108 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, 108 {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner},
109 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, 109 {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword},
110 #ifdef USE_PAM 110 #ifdef USE_PAM
111@@ -810,6 +812,7 @@ 111@@ -811,6 +813,7 @@
112 else { 112 else {
113 /* Allow service/style information on the auth context */ 113 /* Allow service/style information on the auth context */
114 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); 114 monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1);
@@ -116,7 +116,7 @@ Index: b/monitor.c
116 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); 116 monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1);
117 } 117 }
118 #ifdef USE_PAM 118 #ifdef USE_PAM
119@@ -842,14 +845,37 @@ 119@@ -843,14 +846,37 @@
120 120
121 authctxt->service = buffer_get_string(m, NULL); 121 authctxt->service = buffer_get_string(m, NULL);
122 authctxt->style = buffer_get_string(m, NULL); 122 authctxt->style = buffer_get_string(m, NULL);
@@ -156,7 +156,7 @@ Index: b/monitor.c
156 return (0); 156 return (0);
157 } 157 }
158 158
159@@ -1437,7 +1463,7 @@ 159@@ -1438,7 +1464,7 @@
160 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); 160 res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty));
161 if (res == 0) 161 if (res == 0)
162 goto error; 162 goto error;
@@ -256,18 +256,15 @@ Index: b/openbsd-compat/port-linux.c
256 #include "log.h" 256 #include "log.h"
257 #include "xmalloc.h" 257 #include "xmalloc.h"
258 #include "port-linux.h" 258 #include "port-linux.h"
259@@ -58,9 +64,9 @@ 259@@ -58,7 +64,7 @@
260 260
261 /* Return the default security context for the given username */ 261 /* Return the default security context for the given username */
262 static security_context_t 262 static security_context_t
263-ssh_selinux_getctxbyname(char *pwname) 263-ssh_selinux_getctxbyname(char *pwname)
264+ssh_selinux_getctxbyname(char *pwname, const char *role) 264+ssh_selinux_getctxbyname(char *pwname, const char *role)
265 { 265 {
266- security_context_t sc; 266 security_context_t sc = NULL;
267+ security_context_t sc = NULL;
268 char *sename = NULL, *lvl = NULL; 267 char *sename = NULL, *lvl = NULL;
269 int r;
270
271@@ -73,9 +79,16 @@ 268@@ -73,9 +79,16 @@
272 #endif 269 #endif
273 270
@@ -287,7 +284,7 @@ Index: b/openbsd-compat/port-linux.c
287 #endif 284 #endif
288 285
289 if (r != 0) { 286 if (r != 0) {
290@@ -106,7 +119,7 @@ 287@@ -107,7 +120,7 @@
291 288
292 /* Set the execution context to the default for the specified user */ 289 /* Set the execution context to the default for the specified user */
293 void 290 void
@@ -296,7 +293,7 @@ Index: b/openbsd-compat/port-linux.c
296 { 293 {
297 security_context_t user_ctx = NULL; 294 security_context_t user_ctx = NULL;
298 295
299@@ -115,7 +128,7 @@ 296@@ -116,7 +129,7 @@
300 297
301 debug3("%s: setting execution context", __func__); 298 debug3("%s: setting execution context", __func__);
302 299
@@ -305,7 +302,7 @@ Index: b/openbsd-compat/port-linux.c
305 if (setexeccon(user_ctx) != 0) { 302 if (setexeccon(user_ctx) != 0) {
306 switch (security_getenforce()) { 303 switch (security_getenforce()) {
307 case -1: 304 case -1:
308@@ -137,7 +150,7 @@ 305@@ -138,7 +151,7 @@
309 306
310 /* Set the TTY context for the specified user */ 307 /* Set the TTY context for the specified user */
311 void 308 void
@@ -314,7 +311,7 @@ Index: b/openbsd-compat/port-linux.c
314 { 311 {
315 security_context_t new_tty_ctx = NULL; 312 security_context_t new_tty_ctx = NULL;
316 security_context_t user_ctx = NULL; 313 security_context_t user_ctx = NULL;
317@@ -148,7 +161,7 @@ 314@@ -149,7 +162,7 @@
318 315
319 debug3("%s: setting TTY context on %s", __func__, tty); 316 debug3("%s: setting TTY context on %s", __func__, tty);
320 317
@@ -439,7 +436,7 @@ Index: b/sshd.c
439=================================================================== 436===================================================================
440--- a/sshd.c 437--- a/sshd.c
441+++ b/sshd.c 438+++ b/sshd.c
442@@ -730,7 +730,7 @@ 439@@ -734,7 +734,7 @@
443 RAND_seed(rnd, sizeof(rnd)); 440 RAND_seed(rnd, sizeof(rnd));
444 441
445 /* Drop privileges */ 442 /* Drop privileges */
diff --git a/debian/patches/series b/debian/patches/series
index ceeb32499..2c3fdb668 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -40,6 +40,5 @@ auth-log-verbosity.patch
40cross-pkg-config.patch 40cross-pkg-config.patch
41 41
42# Debian-specific configuration 42# Debian-specific configuration
43no-openssl-version-check.patch
44gnome-ssh-askpass2-icon.patch 43gnome-ssh-askpass2-icon.patch
45debian-config.patch 44debian-config.patch
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch
index a7750ed23..3cc1272ec 100644
--- a/debian/patches/ssh-argv0.patch
+++ b/debian/patches/ssh-argv0.patch
@@ -11,7 +11,7 @@ Index: b/ssh.1
11=================================================================== 11===================================================================
12--- a/ssh.1 12--- a/ssh.1
13+++ b/ssh.1 13+++ b/ssh.1
14@@ -1411,6 +1411,7 @@ 14@@ -1425,6 +1425,7 @@
15 .Xr sftp 1 , 15 .Xr sftp 1 ,
16 .Xr ssh-add 1 , 16 .Xr ssh-add 1 ,
17 .Xr ssh-agent 1 , 17 .Xr ssh-agent 1 ,
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch
index 4245319c3..d60816d46 100644
--- a/debian/patches/ssh-vulnkey.patch
+++ b/debian/patches/ssh-vulnkey.patch
@@ -39,9 +39,9 @@ Index: b/Makefile.in
39 39
40 LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ 40 LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
41 canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ 41 canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
42@@ -93,8 +95,8 @@ 42@@ -94,8 +96,8 @@
43 roaming_common.o roaming_serv.o \ 43 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
44 sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o 44 sandbox-seccomp-filter.o
45 45
46-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out 46-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
47-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 47-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@@ -50,7 +50,7 @@ Index: b/Makefile.in
50 MANTYPE = @MANTYPE@ 50 MANTYPE = @MANTYPE@
51 51
52 CONFIGFILES=sshd_config.out ssh_config.out moduli.out 52 CONFIGFILES=sshd_config.out ssh_config.out moduli.out
53@@ -171,6 +173,9 @@ 53@@ -172,6 +174,9 @@
54 sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o 54 sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
55 $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) 55 $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
56 56
@@ -60,7 +60,7 @@ Index: b/Makefile.in
60 # test driver for the loginrec code - not built by default 60 # test driver for the loginrec code - not built by default
61 logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o 61 logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
62 $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) 62 $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
63@@ -259,6 +264,7 @@ 63@@ -260,6 +265,7 @@
64 $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) 64 $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
65 $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) 65 $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
66 $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) 66 $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
@@ -68,7 +68,7 @@ Index: b/Makefile.in
68 $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 68 $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
69 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 69 $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
70 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 70 $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
71@@ -273,6 +279,7 @@ 71@@ -274,6 +280,7 @@
72 $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 72 $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
73 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 73 $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
74 $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 74 $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
@@ -76,7 +76,7 @@ Index: b/Makefile.in
76 -rm -f $(DESTDIR)$(bindir)/slogin 76 -rm -f $(DESTDIR)$(bindir)/slogin
77 ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin 77 ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
78 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 78 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
79@@ -354,6 +361,7 @@ 79@@ -355,6 +362,7 @@
80 -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) 80 -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
81 -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) 81 -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
82 -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) 82 -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
@@ -84,7 +84,7 @@ Index: b/Makefile.in
84 -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) 84 -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
85 -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) 85 -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
86 -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) 86 -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
87@@ -366,6 +374,7 @@ 87@@ -367,6 +375,7 @@
88 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 88 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
89 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 89 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
90 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 90 -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
@@ -196,7 +196,7 @@ Index: b/auth2-pubkey.c
196=================================================================== 196===================================================================
197--- a/auth2-pubkey.c 197--- a/auth2-pubkey.c
198+++ b/auth2-pubkey.c 198+++ b/auth2-pubkey.c
199@@ -439,9 +439,10 @@ 199@@ -440,9 +440,10 @@
200 u_int success, i; 200 u_int success, i;
201 char *file; 201 char *file;
202 202
@@ -418,7 +418,7 @@ Index: b/readconf.c
418 { "rsaauthentication", oRSAAuthentication }, 418 { "rsaauthentication", oRSAAuthentication },
419 { "pubkeyauthentication", oPubkeyAuthentication }, 419 { "pubkeyauthentication", oPubkeyAuthentication },
420 { "dsaauthentication", oPubkeyAuthentication }, /* alias */ 420 { "dsaauthentication", oPubkeyAuthentication }, /* alias */
421@@ -489,6 +491,10 @@ 421@@ -490,6 +492,10 @@
422 intptr = &options->challenge_response_authentication; 422 intptr = &options->challenge_response_authentication;
423 goto parse_flag; 423 goto parse_flag;
424 424
@@ -429,7 +429,7 @@ Index: b/readconf.c
429 case oGssAuthentication: 429 case oGssAuthentication:
430 intptr = &options->gss_authentication; 430 intptr = &options->gss_authentication;
431 goto parse_flag; 431 goto parse_flag;
432@@ -1180,6 +1186,7 @@ 432@@ -1181,6 +1187,7 @@
433 options->kbd_interactive_devices = NULL; 433 options->kbd_interactive_devices = NULL;
434 options->rhosts_rsa_authentication = -1; 434 options->rhosts_rsa_authentication = -1;
435 options->hostbased_authentication = -1; 435 options->hostbased_authentication = -1;
@@ -437,7 +437,7 @@ Index: b/readconf.c
437 options->batch_mode = -1; 437 options->batch_mode = -1;
438 options->check_host_ip = -1; 438 options->check_host_ip = -1;
439 options->strict_host_key_checking = -1; 439 options->strict_host_key_checking = -1;
440@@ -1290,6 +1297,8 @@ 440@@ -1291,6 +1298,8 @@
441 options->rhosts_rsa_authentication = 0; 441 options->rhosts_rsa_authentication = 0;
442 if (options->hostbased_authentication == -1) 442 if (options->hostbased_authentication == -1)
443 options->hostbased_authentication = 0; 443 options->hostbased_authentication = 0;
@@ -450,7 +450,7 @@ Index: b/readconf.h
450=================================================================== 450===================================================================
451--- a/readconf.h 451--- a/readconf.h
452+++ b/readconf.h 452+++ b/readconf.h
453@@ -58,6 +58,7 @@ 453@@ -59,6 +59,7 @@
454 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ 454 int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
455 char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ 455 char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
456 int zero_knowledge_password_authentication; /* Try jpake */ 456 int zero_knowledge_password_authentication; /* Try jpake */
@@ -542,7 +542,7 @@ Index: b/ssh-add.1
542 The options are as follows: 542 The options are as follows:
543 .Bl -tag -width Ds 543 .Bl -tag -width Ds
544 .It Fl c 544 .It Fl c
545@@ -183,6 +187,7 @@ 545@@ -186,6 +190,7 @@
546 .Xr ssh 1 , 546 .Xr ssh 1 ,
547 .Xr ssh-agent 1 , 547 .Xr ssh-agent 1 ,
548 .Xr ssh-keygen 1 , 548 .Xr ssh-keygen 1 ,
@@ -555,12 +555,12 @@ Index: b/ssh-add.c
555--- a/ssh-add.c 555--- a/ssh-add.c
556+++ b/ssh-add.c 556+++ b/ssh-add.c
557@@ -142,7 +142,7 @@ 557@@ -142,7 +142,7 @@
558 add_file(AuthenticationConnection *ac, const char *filename) 558 add_file(AuthenticationConnection *ac, const char *filename, int key_only)
559 { 559 {
560 Key *private, *cert; 560 Key *private, *cert;
561- char *comment = NULL; 561- char *comment = NULL;
562+ char *comment = NULL, *fp; 562+ char *comment = NULL, *fp;
563 char msg[1024], *certpath; 563 char msg[1024], *certpath = NULL;
564 int fd, perms_ok, ret = -1; 564 int fd, perms_ok, ret = -1;
565 Buffer keyblob; 565 Buffer keyblob;
566@@ -218,6 +218,14 @@ 566@@ -218,6 +218,14 @@
@@ -576,13 +576,13 @@ Index: b/ssh-add.c
576+ return -1; 576+ return -1;
577+ } 577+ }
578 578
579 579 /* Skip trying to load the cert if requested */
580 /* Now try to add the certificate flavour too */ 580 if (key_only)
581Index: b/ssh-keygen.1 581Index: b/ssh-keygen.1
582=================================================================== 582===================================================================
583--- a/ssh-keygen.1 583--- a/ssh-keygen.1
584+++ b/ssh-keygen.1 584+++ b/ssh-keygen.1
585@@ -670,6 +670,7 @@ 585@@ -679,6 +679,7 @@
586 .Xr ssh 1 , 586 .Xr ssh 1 ,
587 .Xr ssh-add 1 , 587 .Xr ssh-add 1 ,
588 .Xr ssh-agent 1 , 588 .Xr ssh-agent 1 ,
@@ -1233,7 +1233,7 @@ Index: b/ssh.1
1233=================================================================== 1233===================================================================
1234--- a/ssh.1 1234--- a/ssh.1
1235+++ b/ssh.1 1235+++ b/ssh.1
1236@@ -1407,6 +1407,7 @@ 1236@@ -1421,6 +1421,7 @@
1237 .Xr ssh-agent 1 , 1237 .Xr ssh-agent 1 ,
1238 .Xr ssh-keygen 1 , 1238 .Xr ssh-keygen 1 ,
1239 .Xr ssh-keyscan 1 , 1239 .Xr ssh-keyscan 1 ,
@@ -1245,7 +1245,7 @@ Index: b/ssh.c
1245=================================================================== 1245===================================================================
1246--- a/ssh.c 1246--- a/ssh.c
1247+++ b/ssh.c 1247+++ b/ssh.c
1248@@ -1476,7 +1476,7 @@ 1248@@ -1492,7 +1492,7 @@
1249 static void 1249 static void
1250 load_public_identity_files(void) 1250 load_public_identity_files(void)
1251 { 1251 {
@@ -1254,7 +1254,7 @@ Index: b/ssh.c
1254 char *pwdir = NULL, *pwname = NULL; 1254 char *pwdir = NULL, *pwname = NULL;
1255 int i = 0; 1255 int i = 0;
1256 Key *public; 1256 Key *public;
1257@@ -1533,6 +1533,22 @@ 1257@@ -1549,6 +1549,22 @@
1258 public = key_load_public(filename, NULL); 1258 public = key_load_public(filename, NULL);
1259 debug("identity file %s type %d", filename, 1259 debug("identity file %s type %d", filename,
1260 public ? public->type : -1); 1260 public ? public->type : -1);
@@ -1331,7 +1331,7 @@ Index: b/sshd.8
1331=================================================================== 1331===================================================================
1332--- a/sshd.8 1332--- a/sshd.8
1333+++ b/sshd.8 1333+++ b/sshd.8
1334@@ -948,6 +948,7 @@ 1334@@ -951,6 +951,7 @@
1335 .Xr ssh-agent 1 , 1335 .Xr ssh-agent 1 ,
1336 .Xr ssh-keygen 1 , 1336 .Xr ssh-keygen 1 ,
1337 .Xr ssh-keyscan 1 , 1337 .Xr ssh-keyscan 1 ,
@@ -1343,7 +1343,7 @@ Index: b/sshd.c
1343=================================================================== 1343===================================================================
1344--- a/sshd.c 1344--- a/sshd.c
1345+++ b/sshd.c 1345+++ b/sshd.c
1346@@ -1598,6 +1598,11 @@ 1346@@ -1602,6 +1602,11 @@
1347 sensitive_data.host_keys[i] = NULL; 1347 sensitive_data.host_keys[i] = NULL;
1348 continue; 1348 continue;
1349 } 1349 }
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch
index d5a7fe07a..2acf9704f 100644
--- a/debian/patches/ssh1-keepalive.patch
+++ b/debian/patches/ssh1-keepalive.patch
@@ -7,7 +7,7 @@ Index: b/clientloop.c
7=================================================================== 7===================================================================
8--- a/clientloop.c 8--- a/clientloop.c
9+++ b/clientloop.c 9+++ b/clientloop.c
10@@ -545,16 +545,21 @@ 10@@ -565,16 +565,21 @@
11 static void 11 static void
12 server_alive_check(void) 12 server_alive_check(void)
13 { 13 {
@@ -38,7 +38,7 @@ Index: b/clientloop.c
38 } 38 }
39 39
40 /* 40 /*
41@@ -614,7 +619,7 @@ 41@@ -634,7 +639,7 @@
42 */ 42 */
43 43
44 timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ 44 timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch
index 90ddca4ad..07e2974aa 100644
--- a/debian/patches/syslog-level-silent.patch
+++ b/debian/patches/syslog-level-silent.patch
@@ -26,7 +26,7 @@ Index: b/ssh.c
26=================================================================== 26===================================================================
27--- a/ssh.c 27--- a/ssh.c
28+++ b/ssh.c 28+++ b/ssh.c
29@@ -678,7 +678,7 @@ 29@@ -680,7 +680,7 @@
30 /* Do not allocate a tty if stdin is not a tty. */ 30 /* Do not allocate a tty if stdin is not a tty. */
31 if ((!isatty(fileno(stdin)) || stdin_null_flag) && 31 if ((!isatty(fileno(stdin)) || stdin_null_flag) &&
32 options.request_tty != REQUEST_TTY_FORCE) { 32 options.request_tty != REQUEST_TTY_FORCE) {
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch
index 01ba05526..8e4ee3eb1 100644
--- a/debian/patches/user-group-modes.patch
+++ b/debian/patches/user-group-modes.patch
@@ -24,7 +24,7 @@ Index: b/readconf.c
24 24
25 #include "xmalloc.h" 25 #include "xmalloc.h"
26 #include "ssh.h" 26 #include "ssh.h"
27@@ -1131,8 +1133,7 @@ 27@@ -1132,8 +1134,7 @@
28 28
29 if (fstat(fileno(f), &sb) == -1) 29 if (fstat(fileno(f), &sb) == -1)
30 fatal("fstat %s: %s", filename, strerror(errno)); 30 fatal("fstat %s: %s", filename, strerror(errno));
@@ -38,7 +38,7 @@ Index: b/ssh.1
38=================================================================== 38===================================================================
39--- a/ssh.1 39--- a/ssh.1
40+++ b/ssh.1 40+++ b/ssh.1
41@@ -1298,6 +1298,8 @@ 41@@ -1312,6 +1312,8 @@
42 .Xr ssh_config 5 . 42 .Xr ssh_config 5 .
43 Because of the potential for abuse, this file must have strict permissions: 43 Because of the potential for abuse, this file must have strict permissions:
44 read/write for the user, and not accessible by others. 44 read/write for the user, and not accessible by others.
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 15:01:14 +0000