diff options
Diffstat (limited to 'debian/patches')
-rw-r--r-- | debian/patches/auth-log-verbosity.patch | 6 | ||||
-rw-r--r-- | debian/patches/authorized-keys-man-symlink.patch | 2 | ||||
-rw-r--r-- | debian/patches/cross-pkg-config.patch | 8 | ||||
-rw-r--r-- | debian/patches/debian-banner.patch | 2 | ||||
-rw-r--r-- | debian/patches/debian-config.patch | 2 | ||||
-rw-r--r-- | debian/patches/gssapi.patch | 40 | ||||
-rw-r--r-- | debian/patches/keepalive-extensions.patch | 4 | ||||
-rw-r--r-- | debian/patches/lintian-symlink-pickiness.patch | 2 | ||||
-rw-r--r-- | debian/patches/no-openssl-version-check.patch | 27 | ||||
-rw-r--r-- | debian/patches/openbsd-docs.patch | 14 | ||||
-rw-r--r-- | debian/patches/package-versioning.patch | 4 | ||||
-rw-r--r-- | debian/patches/quieter-signals.patch | 2 | ||||
-rw-r--r-- | debian/patches/selinux-role.patch | 23 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | debian/patches/ssh-argv0.patch | 2 | ||||
-rw-r--r-- | debian/patches/ssh-vulnkey.patch | 48 | ||||
-rw-r--r-- | debian/patches/ssh1-keepalive.patch | 4 | ||||
-rw-r--r-- | debian/patches/syslog-level-silent.patch | 2 | ||||
-rw-r--r-- | debian/patches/user-group-modes.patch | 4 |
19 files changed, 83 insertions, 114 deletions
diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch index da940d9fa..bc2602306 100644 --- a/debian/patches/auth-log-verbosity.patch +++ b/debian/patches/auth-log-verbosity.patch | |||
@@ -47,7 +47,7 @@ Index: b/auth-options.c | |||
47 | auth_debug_add("Your host '%.200s' is not " | 47 | auth_debug_add("Your host '%.200s' is not " |
48 | "permitted to use this key for login.", | 48 | "permitted to use this key for login.", |
49 | remote_host); | 49 | remote_host); |
50 | @@ -526,11 +540,14 @@ | 50 | @@ -512,11 +526,14 @@ |
51 | break; | 51 | break; |
52 | case 0: | 52 | case 0: |
53 | /* no match */ | 53 | /* no match */ |
@@ -104,7 +104,7 @@ Index: b/auth2-pubkey.c | |||
104 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 104 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
105 | /* Skip leading whitespace. */ | 105 | /* Skip leading whitespace. */ |
106 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) | 106 | for (cp = line; *cp == ' ' || *cp == '\t'; cp++) |
107 | @@ -280,6 +281,8 @@ | 107 | @@ -281,6 +282,8 @@ |
108 | found_key = 0; | 108 | found_key = 0; |
109 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); | 109 | found = key_new(key_is_cert(key) ? KEY_UNSPEC : key->type); |
110 | 110 | ||
@@ -113,7 +113,7 @@ Index: b/auth2-pubkey.c | |||
113 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { | 113 | while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) { |
114 | char *cp, *key_options = NULL; | 114 | char *cp, *key_options = NULL; |
115 | 115 | ||
116 | @@ -416,6 +419,7 @@ | 116 | @@ -417,6 +420,7 @@ |
117 | if (key_cert_check_authority(key, 0, 1, | 117 | if (key_cert_check_authority(key, 0, 1, |
118 | principals_file == NULL ? pw->pw_name : NULL, &reason) != 0) | 118 | principals_file == NULL ? pw->pw_name : NULL, &reason) != 0) |
119 | goto fail_reason; | 119 | goto fail_reason; |
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch index a9ca85407..08ba01e37 100644 --- a/debian/patches/authorized-keys-man-symlink.patch +++ b/debian/patches/authorized-keys-man-symlink.patch | |||
@@ -8,7 +8,7 @@ Index: b/Makefile.in | |||
8 | =================================================================== | 8 | =================================================================== |
9 | --- a/Makefile.in | 9 | --- a/Makefile.in |
10 | +++ b/Makefile.in | 10 | +++ b/Makefile.in |
11 | @@ -275,6 +275,7 @@ | 11 | @@ -276,6 +276,7 @@ |
12 | $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 | 12 | $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 |
13 | $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 | 13 | $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 |
14 | $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 | 14 | $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 |
diff --git a/debian/patches/cross-pkg-config.patch b/debian/patches/cross-pkg-config.patch index 87818cd95..c25d2a6e5 100644 --- a/debian/patches/cross-pkg-config.patch +++ b/debian/patches/cross-pkg-config.patch | |||
@@ -8,7 +8,7 @@ Index: b/configure | |||
8 | =================================================================== | 8 | =================================================================== |
9 | --- a/configure | 9 | --- a/configure |
10 | +++ b/configure | 10 | +++ b/configure |
11 | @@ -8739,8 +8739,9 @@ | 11 | @@ -9194,8 +9194,9 @@ |
12 | if test "${with_libedit+set}" = set; then : | 12 | if test "${with_libedit+set}" = set; then : |
13 | withval=$with_libedit; if test "x$withval" != "xno" ; then | 13 | withval=$with_libedit; if test "x$withval" != "xno" ; then |
14 | if test "x$withval" = "xyes" ; then | 14 | if test "x$withval" = "xyes" ; then |
@@ -20,7 +20,7 @@ Index: b/configure | |||
20 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 | 20 | { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 |
21 | $as_echo_n "checking for $ac_word... " >&6; } | 21 | $as_echo_n "checking for $ac_word... " >&6; } |
22 | if ${ac_cv_path_PKGCONFIG+:} false; then : | 22 | if ${ac_cv_path_PKGCONFIG+:} false; then : |
23 | @@ -8766,7 +8767,6 @@ | 23 | @@ -9221,7 +9222,6 @@ |
24 | done | 24 | done |
25 | IFS=$as_save_IFS | 25 | IFS=$as_save_IFS |
26 | 26 | ||
@@ -28,7 +28,7 @@ Index: b/configure | |||
28 | ;; | 28 | ;; |
29 | esac | 29 | esac |
30 | fi | 30 | fi |
31 | @@ -8780,6 +8780,63 @@ | 31 | @@ -9235,6 +9235,63 @@ |
32 | fi | 32 | fi |
33 | 33 | ||
34 | 34 | ||
@@ -96,7 +96,7 @@ Index: b/configure.ac | |||
96 | =================================================================== | 96 | =================================================================== |
97 | --- a/configure.ac | 97 | --- a/configure.ac |
98 | +++ b/configure.ac | 98 | +++ b/configure.ac |
99 | @@ -1349,7 +1349,7 @@ | 99 | @@ -1434,7 +1434,7 @@ |
100 | [ --with-libedit[[=PATH]] Enable libedit support for sftp], | 100 | [ --with-libedit[[=PATH]] Enable libedit support for sftp], |
101 | [ if test "x$withval" != "xno" ; then | 101 | [ if test "x$withval" != "xno" ; then |
102 | if test "x$withval" = "xyes" ; then | 102 | if test "x$withval" = "xyes" ; then |
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index 57ca35e87..a03ce23bb 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch | |||
@@ -71,7 +71,7 @@ Index: b/sshd.c | |||
71 | =================================================================== | 71 | =================================================================== |
72 | --- a/sshd.c | 72 | --- a/sshd.c |
73 | +++ b/sshd.c | 73 | +++ b/sshd.c |
74 | @@ -423,7 +423,8 @@ | 74 | @@ -424,7 +424,8 @@ |
75 | minor = PROTOCOL_MINOR_1; | 75 | minor = PROTOCOL_MINOR_1; |
76 | } | 76 | } |
77 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, | 77 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, |
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index 74aa53ecc..57ebbf540 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch | |||
@@ -24,7 +24,7 @@ Index: b/readconf.c | |||
24 | =================================================================== | 24 | =================================================================== |
25 | --- a/readconf.c | 25 | --- a/readconf.c |
26 | +++ b/readconf.c | 26 | +++ b/readconf.c |
27 | @@ -1268,7 +1268,7 @@ | 27 | @@ -1269,7 +1269,7 @@ |
28 | if (options->forward_x11 == -1) | 28 | if (options->forward_x11 == -1) |
29 | options->forward_x11 = 0; | 29 | options->forward_x11 = 0; |
30 | if (options->forward_x11_trusted == -1) | 30 | if (options->forward_x11_trusted == -1) |
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index dc293683e..d78835bd6 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
@@ -327,7 +327,7 @@ Index: b/clientloop.c | |||
327 | /* import options */ | 327 | /* import options */ |
328 | extern Options options; | 328 | extern Options options; |
329 | 329 | ||
330 | @@ -1508,6 +1512,15 @@ | 330 | @@ -1540,6 +1544,15 @@ |
331 | /* Do channel operations unless rekeying in progress. */ | 331 | /* Do channel operations unless rekeying in progress. */ |
332 | if (!rekeying) { | 332 | if (!rekeying) { |
333 | channel_after_select(readset, writeset); | 333 | channel_after_select(readset, writeset); |
@@ -347,7 +347,7 @@ Index: b/config.h.in | |||
347 | =================================================================== | 347 | =================================================================== |
348 | --- a/config.h.in | 348 | --- a/config.h.in |
349 | +++ b/config.h.in | 349 | +++ b/config.h.in |
350 | @@ -1441,6 +1441,9 @@ | 350 | @@ -1465,6 +1465,9 @@ |
351 | /* Use btmp to log bad logins */ | 351 | /* Use btmp to log bad logins */ |
352 | #undef USE_BTMP | 352 | #undef USE_BTMP |
353 | 353 | ||
@@ -357,7 +357,7 @@ Index: b/config.h.in | |||
357 | /* Use libedit for sftp */ | 357 | /* Use libedit for sftp */ |
358 | #undef USE_LIBEDIT | 358 | #undef USE_LIBEDIT |
359 | 359 | ||
360 | @@ -1456,6 +1459,9 @@ | 360 | @@ -1480,6 +1483,9 @@ |
361 | /* Use PIPES instead of a socketpair() */ | 361 | /* Use PIPES instead of a socketpair() */ |
362 | #undef USE_PIPES | 362 | #undef USE_PIPES |
363 | 363 | ||
@@ -371,7 +371,7 @@ Index: b/configure | |||
371 | =================================================================== | 371 | =================================================================== |
372 | --- a/configure | 372 | --- a/configure |
373 | +++ b/configure | 373 | +++ b/configure |
374 | @@ -6521,6 +6521,63 @@ | 374 | @@ -6608,6 +6608,63 @@ |
375 | 375 | ||
376 | $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h | 376 | $as_echo "#define SSH_TUN_PREPEND_AF 1" >>confdefs.h |
377 | 377 | ||
@@ -439,7 +439,7 @@ Index: b/configure.ac | |||
439 | =================================================================== | 439 | =================================================================== |
440 | --- a/configure.ac | 440 | --- a/configure.ac |
441 | +++ b/configure.ac | 441 | +++ b/configure.ac |
442 | @@ -515,6 +515,30 @@ | 442 | @@ -545,6 +545,30 @@ |
443 | [Use tunnel device compatibility to OpenBSD]) | 443 | [Use tunnel device compatibility to OpenBSD]) |
444 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], | 444 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], |
445 | [Prepend the address family to IP tunnel traffic]) | 445 | [Prepend the address family to IP tunnel traffic]) |
@@ -2059,7 +2059,7 @@ Index: b/monitor.c | |||
2059 | } else { | 2059 | } else { |
2060 | mon_dispatch = mon_dispatch_postauth15; | 2060 | mon_dispatch = mon_dispatch_postauth15; |
2061 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | 2061 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); |
2062 | @@ -1802,6 +1819,13 @@ | 2062 | @@ -1803,6 +1820,13 @@ |
2063 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 2063 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
2064 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 2064 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
2065 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; | 2065 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
@@ -2073,7 +2073,7 @@ Index: b/monitor.c | |||
2073 | kex->server = 1; | 2073 | kex->server = 1; |
2074 | kex->hostkey_type = buffer_get_int(m); | 2074 | kex->hostkey_type = buffer_get_int(m); |
2075 | kex->kex_type = buffer_get_int(m); | 2075 | kex->kex_type = buffer_get_int(m); |
2076 | @@ -2008,6 +2032,9 @@ | 2076 | @@ -2009,6 +2033,9 @@ |
2077 | OM_uint32 major; | 2077 | OM_uint32 major; |
2078 | u_int len; | 2078 | u_int len; |
2079 | 2079 | ||
@@ -2083,7 +2083,7 @@ Index: b/monitor.c | |||
2083 | goid.elements = buffer_get_string(m, &len); | 2083 | goid.elements = buffer_get_string(m, &len); |
2084 | goid.length = len; | 2084 | goid.length = len; |
2085 | 2085 | ||
2086 | @@ -2035,6 +2062,9 @@ | 2086 | @@ -2036,6 +2063,9 @@ |
2087 | OM_uint32 flags = 0; /* GSI needs this */ | 2087 | OM_uint32 flags = 0; /* GSI needs this */ |
2088 | u_int len; | 2088 | u_int len; |
2089 | 2089 | ||
@@ -2093,7 +2093,7 @@ Index: b/monitor.c | |||
2093 | in.value = buffer_get_string(m, &len); | 2093 | in.value = buffer_get_string(m, &len); |
2094 | in.length = len; | 2094 | in.length = len; |
2095 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); | 2095 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
2096 | @@ -2052,6 +2082,7 @@ | 2096 | @@ -2053,6 +2083,7 @@ |
2097 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); | 2097 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
2098 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); | 2098 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
2099 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); | 2099 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); |
@@ -2101,7 +2101,7 @@ Index: b/monitor.c | |||
2101 | } | 2101 | } |
2102 | return (0); | 2102 | return (0); |
2103 | } | 2103 | } |
2104 | @@ -2063,6 +2094,9 @@ | 2104 | @@ -2064,6 +2095,9 @@ |
2105 | OM_uint32 ret; | 2105 | OM_uint32 ret; |
2106 | u_int len; | 2106 | u_int len; |
2107 | 2107 | ||
@@ -2111,7 +2111,7 @@ Index: b/monitor.c | |||
2111 | gssbuf.value = buffer_get_string(m, &len); | 2111 | gssbuf.value = buffer_get_string(m, &len); |
2112 | gssbuf.length = len; | 2112 | gssbuf.length = len; |
2113 | mic.value = buffer_get_string(m, &len); | 2113 | mic.value = buffer_get_string(m, &len); |
2114 | @@ -2089,7 +2123,11 @@ | 2114 | @@ -2090,7 +2124,11 @@ |
2115 | { | 2115 | { |
2116 | int authenticated; | 2116 | int authenticated; |
2117 | 2117 | ||
@@ -2124,7 +2124,7 @@ Index: b/monitor.c | |||
2124 | 2124 | ||
2125 | buffer_clear(m); | 2125 | buffer_clear(m); |
2126 | buffer_put_int(m, authenticated); | 2126 | buffer_put_int(m, authenticated); |
2127 | @@ -2102,6 +2140,74 @@ | 2127 | @@ -2103,6 +2141,74 @@ |
2128 | /* Monitor loop will terminate if authenticated */ | 2128 | /* Monitor loop will terminate if authenticated */ |
2129 | return (authenticated); | 2129 | return (authenticated); |
2130 | } | 2130 | } |
@@ -2326,7 +2326,7 @@ Index: b/readconf.c | |||
2326 | #endif | 2326 | #endif |
2327 | { "fallbacktorsh", oDeprecated }, | 2327 | { "fallbacktorsh", oDeprecated }, |
2328 | { "usersh", oDeprecated }, | 2328 | { "usersh", oDeprecated }, |
2329 | @@ -482,10 +493,30 @@ | 2329 | @@ -483,10 +494,30 @@ |
2330 | intptr = &options->gss_authentication; | 2330 | intptr = &options->gss_authentication; |
2331 | goto parse_flag; | 2331 | goto parse_flag; |
2332 | 2332 | ||
@@ -2357,7 +2357,7 @@ Index: b/readconf.c | |||
2357 | case oBatchMode: | 2357 | case oBatchMode: |
2358 | intptr = &options->batch_mode; | 2358 | intptr = &options->batch_mode; |
2359 | goto parse_flag; | 2359 | goto parse_flag; |
2360 | @@ -1138,7 +1169,12 @@ | 2360 | @@ -1139,7 +1170,12 @@ |
2361 | options->pubkey_authentication = -1; | 2361 | options->pubkey_authentication = -1; |
2362 | options->challenge_response_authentication = -1; | 2362 | options->challenge_response_authentication = -1; |
2363 | options->gss_authentication = -1; | 2363 | options->gss_authentication = -1; |
@@ -2370,7 +2370,7 @@ Index: b/readconf.c | |||
2370 | options->password_authentication = -1; | 2370 | options->password_authentication = -1; |
2371 | options->kbd_interactive_authentication = -1; | 2371 | options->kbd_interactive_authentication = -1; |
2372 | options->kbd_interactive_devices = NULL; | 2372 | options->kbd_interactive_devices = NULL; |
2373 | @@ -1238,8 +1274,14 @@ | 2373 | @@ -1239,8 +1275,14 @@ |
2374 | options->challenge_response_authentication = 1; | 2374 | options->challenge_response_authentication = 1; |
2375 | if (options->gss_authentication == -1) | 2375 | if (options->gss_authentication == -1) |
2376 | options->gss_authentication = 0; | 2376 | options->gss_authentication = 0; |
@@ -2389,7 +2389,7 @@ Index: b/readconf.h | |||
2389 | =================================================================== | 2389 | =================================================================== |
2390 | --- a/readconf.h | 2390 | --- a/readconf.h |
2391 | +++ b/readconf.h | 2391 | +++ b/readconf.h |
2392 | @@ -47,7 +47,12 @@ | 2392 | @@ -48,7 +48,12 @@ |
2393 | int challenge_response_authentication; | 2393 | int challenge_response_authentication; |
2394 | /* Try S/Key or TIS, authentication. */ | 2394 | /* Try S/Key or TIS, authentication. */ |
2395 | int gss_authentication; /* Try GSS authentication */ | 2395 | int gss_authentication; /* Try GSS authentication */ |
@@ -2893,7 +2893,7 @@ Index: b/sshd.c | |||
2893 | #ifdef LIBWRAP | 2893 | #ifdef LIBWRAP |
2894 | #include <tcpd.h> | 2894 | #include <tcpd.h> |
2895 | #include <syslog.h> | 2895 | #include <syslog.h> |
2896 | @@ -1612,10 +1616,13 @@ | 2896 | @@ -1616,10 +1620,13 @@ |
2897 | logit("Disabling protocol version 1. Could not load host key"); | 2897 | logit("Disabling protocol version 1. Could not load host key"); |
2898 | options.protocol &= ~SSH_PROTO_1; | 2898 | options.protocol &= ~SSH_PROTO_1; |
2899 | } | 2899 | } |
@@ -2907,7 +2907,7 @@ Index: b/sshd.c | |||
2907 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { | 2907 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { |
2908 | logit("sshd: no hostkeys available -- exiting."); | 2908 | logit("sshd: no hostkeys available -- exiting."); |
2909 | exit(1); | 2909 | exit(1); |
2910 | @@ -1944,6 +1951,60 @@ | 2910 | @@ -1948,6 +1955,60 @@ |
2911 | /* Log the connection. */ | 2911 | /* Log the connection. */ |
2912 | verbose("Connection from %.500s port %d", remote_ip, remote_port); | 2912 | verbose("Connection from %.500s port %d", remote_ip, remote_port); |
2913 | 2913 | ||
@@ -2968,7 +2968,7 @@ Index: b/sshd.c | |||
2968 | /* | 2968 | /* |
2969 | * We don't want to listen forever unless the other side | 2969 | * We don't want to listen forever unless the other side |
2970 | * successfully authenticates itself. So we set up an alarm which is | 2970 | * successfully authenticates itself. So we set up an alarm which is |
2971 | @@ -2325,6 +2386,48 @@ | 2971 | @@ -2329,6 +2390,48 @@ |
2972 | 2972 | ||
2973 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); | 2973 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = list_hostkey_types(); |
2974 | 2974 | ||
@@ -3017,7 +3017,7 @@ Index: b/sshd.c | |||
3017 | /* start key exchange */ | 3017 | /* start key exchange */ |
3018 | kex = kex_setup(myproposal); | 3018 | kex = kex_setup(myproposal); |
3019 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 3019 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
3020 | @@ -2332,6 +2435,13 @@ | 3020 | @@ -2336,6 +2439,13 @@ |
3021 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; | 3021 | kex->kex[KEX_DH_GEX_SHA1] = kexgex_server; |
3022 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 3022 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
3023 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; | 3023 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch index d8362de70..eab9914f2 100644 --- a/debian/patches/keepalive-extensions.patch +++ b/debian/patches/keepalive-extensions.patch | |||
@@ -35,7 +35,7 @@ Index: b/readconf.c | |||
35 | 35 | ||
36 | { NULL, oBadOption } | 36 | { NULL, oBadOption } |
37 | }; | 37 | }; |
38 | @@ -914,6 +917,8 @@ | 38 | @@ -915,6 +918,8 @@ |
39 | goto parse_flag; | 39 | goto parse_flag; |
40 | 40 | ||
41 | case oServerAliveInterval: | 41 | case oServerAliveInterval: |
@@ -44,7 +44,7 @@ Index: b/readconf.c | |||
44 | intptr = &options->server_alive_interval; | 44 | intptr = &options->server_alive_interval; |
45 | goto parse_time; | 45 | goto parse_time; |
46 | 46 | ||
47 | @@ -1385,8 +1390,13 @@ | 47 | @@ -1386,8 +1391,13 @@ |
48 | options->rekey_limit = 0; | 48 | options->rekey_limit = 0; |
49 | if (options->verify_host_key_dns == -1) | 49 | if (options->verify_host_key_dns == -1) |
50 | options->verify_host_key_dns = 0; | 50 | options->verify_host_key_dns = 0; |
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch index 7ee91cce8..12877d32f 100644 --- a/debian/patches/lintian-symlink-pickiness.patch +++ b/debian/patches/lintian-symlink-pickiness.patch | |||
@@ -9,7 +9,7 @@ Index: b/Makefile.in | |||
9 | =================================================================== | 9 | =================================================================== |
10 | --- a/Makefile.in | 10 | --- a/Makefile.in |
11 | +++ b/Makefile.in | 11 | +++ b/Makefile.in |
12 | @@ -282,9 +282,9 @@ | 12 | @@ -283,9 +283,9 @@ |
13 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 13 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
14 | $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 | 14 | $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 |
15 | -rm -f $(DESTDIR)$(bindir)/slogin | 15 | -rm -f $(DESTDIR)$(bindir)/slogin |
diff --git a/debian/patches/no-openssl-version-check.patch b/debian/patches/no-openssl-version-check.patch deleted file mode 100644 index d88d0fff0..000000000 --- a/debian/patches/no-openssl-version-check.patch +++ /dev/null | |||
@@ -1,27 +0,0 @@ | |||
1 | Description: Disable OpenSSL version check | ||
2 | OpenSSL's SONAME is sufficient nowadays. | ||
3 | Author: Philip Hands <phil@hands.com> | ||
4 | Author: Colin Watson <cjwatson@debian.org> | ||
5 | Bug-Debian: http://bugs.debian.org/93581 | ||
6 | Bug-Debian: http://bugs.debian.org/664383 | ||
7 | Forwarded: not-needed | ||
8 | Last-Update: 2012-03-19 | ||
9 | |||
10 | Index: b/entropy.c | ||
11 | =================================================================== | ||
12 | --- a/entropy.c | ||
13 | +++ b/entropy.c | ||
14 | @@ -209,13 +209,6 @@ | ||
15 | #ifndef OPENSSL_PRNG_ONLY | ||
16 | unsigned char buf[RANDOM_SEED_SIZE]; | ||
17 | #endif | ||
18 | - /* | ||
19 | - * OpenSSL version numbers: MNNFFPPS: major minor fix patch status | ||
20 | - * We match major, minor, fix and status (not patch) | ||
21 | - */ | ||
22 | - if ((SSLeay() ^ OPENSSL_VERSION_NUMBER) & ~0xff0L) | ||
23 | - fatal("OpenSSL version mismatch. Built against %lx, you " | ||
24 | - "have %lx", (u_long)OPENSSL_VERSION_NUMBER, SSLeay()); | ||
25 | |||
26 | #ifndef OPENSSL_PRNG_ONLY | ||
27 | if (RAND_status() == 1) { | ||
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch index bda5f0c24..59fc441a7 100644 --- a/debian/patches/openbsd-docs.patch +++ b/debian/patches/openbsd-docs.patch | |||
@@ -34,7 +34,7 @@ Index: b/ssh-keygen.1 | |||
34 | =================================================================== | 34 | =================================================================== |
35 | --- a/ssh-keygen.1 | 35 | --- a/ssh-keygen.1 |
36 | +++ b/ssh-keygen.1 | 36 | +++ b/ssh-keygen.1 |
37 | @@ -149,9 +149,7 @@ | 37 | @@ -150,9 +150,7 @@ |
38 | .Pa ~/.ssh/id_dsa | 38 | .Pa ~/.ssh/id_dsa |
39 | or | 39 | or |
40 | .Pa ~/.ssh/id_rsa . | 40 | .Pa ~/.ssh/id_rsa . |
@@ -45,7 +45,7 @@ Index: b/ssh-keygen.1 | |||
45 | .Pp | 45 | .Pp |
46 | Normally this program generates the key and asks for a file in which | 46 | Normally this program generates the key and asks for a file in which |
47 | to store the private key. | 47 | to store the private key. |
48 | @@ -197,9 +195,7 @@ | 48 | @@ -198,9 +196,7 @@ |
49 | For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys | 49 | For each of the key types (rsa1, rsa, dsa and ecdsa) for which host keys |
50 | do not exist, generate the host keys with the default key file path, | 50 | do not exist, generate the host keys with the default key file path, |
51 | an empty passphrase, default bits for the key type, and default comment. | 51 | an empty passphrase, default bits for the key type, and default comment. |
@@ -56,7 +56,7 @@ Index: b/ssh-keygen.1 | |||
56 | .It Fl a Ar trials | 56 | .It Fl a Ar trials |
57 | Specifies the number of primality tests to perform when screening DH-GEX | 57 | Specifies the number of primality tests to perform when screening DH-GEX |
58 | candidates using the | 58 | candidates using the |
59 | @@ -535,7 +531,7 @@ | 59 | @@ -544,7 +540,7 @@ |
60 | Valid generator values are 2, 3, and 5. | 60 | Valid generator values are 2, 3, and 5. |
61 | .Pp | 61 | .Pp |
62 | Screened DH groups may be installed in | 62 | Screened DH groups may be installed in |
@@ -65,7 +65,7 @@ Index: b/ssh-keygen.1 | |||
65 | It is important that this file contains moduli of a range of bit lengths and | 65 | It is important that this file contains moduli of a range of bit lengths and |
66 | that both ends of a connection share common moduli. | 66 | that both ends of a connection share common moduli. |
67 | .Sh CERTIFICATES | 67 | .Sh CERTIFICATES |
68 | @@ -661,7 +657,7 @@ | 68 | @@ -670,7 +666,7 @@ |
69 | where the user wishes to log in using public key authentication. | 69 | where the user wishes to log in using public key authentication. |
70 | There is no need to keep the contents of this file secret. | 70 | There is no need to keep the contents of this file secret. |
71 | .Pp | 71 | .Pp |
@@ -78,7 +78,7 @@ Index: b/ssh.1 | |||
78 | =================================================================== | 78 | =================================================================== |
79 | --- a/ssh.1 | 79 | --- a/ssh.1 |
80 | +++ b/ssh.1 | 80 | +++ b/ssh.1 |
81 | @@ -731,6 +731,10 @@ | 81 | @@ -736,6 +736,10 @@ |
82 | .Sx HISTORY | 82 | .Sx HISTORY |
83 | section of | 83 | section of |
84 | .Xr ssl 8 | 84 | .Xr ssl 8 |
@@ -102,7 +102,7 @@ Index: b/sshd.8 | |||
102 | It forks a new | 102 | It forks a new |
103 | daemon for each incoming connection. | 103 | daemon for each incoming connection. |
104 | The forked daemons handle | 104 | The forked daemons handle |
105 | @@ -853,7 +853,7 @@ | 105 | @@ -856,7 +856,7 @@ |
106 | .Xr ssh 1 ) . | 106 | .Xr ssh 1 ) . |
107 | It should only be writable by root. | 107 | It should only be writable by root. |
108 | .Pp | 108 | .Pp |
@@ -111,7 +111,7 @@ Index: b/sshd.8 | |||
111 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". | 111 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange". |
112 | The file format is described in | 112 | The file format is described in |
113 | .Xr moduli 5 . | 113 | .Xr moduli 5 . |
114 | @@ -951,7 +951,6 @@ | 114 | @@ -954,7 +954,6 @@ |
115 | .Xr ssh-vulnkey 1 , | 115 | .Xr ssh-vulnkey 1 , |
116 | .Xr chroot 2 , | 116 | .Xr chroot 2 , |
117 | .Xr hosts_access 5 , | 117 | .Xr hosts_access 5 , |
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch index 95444cbd4..64606e2e9 100644 --- a/debian/patches/package-versioning.patch +++ b/debian/patches/package-versioning.patch | |||
@@ -24,7 +24,7 @@ Index: b/sshd.c | |||
24 | =================================================================== | 24 | =================================================================== |
25 | --- a/sshd.c | 25 | --- a/sshd.c |
26 | +++ b/sshd.c | 26 | +++ b/sshd.c |
27 | @@ -423,7 +423,7 @@ | 27 | @@ -424,7 +424,7 @@ |
28 | minor = PROTOCOL_MINOR_1; | 28 | minor = PROTOCOL_MINOR_1; |
29 | } | 29 | } |
30 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, | 30 | snprintf(buf, sizeof buf, "SSH-%d.%d-%.100s%s", major, minor, |
@@ -38,7 +38,7 @@ Index: b/version.h | |||
38 | --- a/version.h | 38 | --- a/version.h |
39 | +++ b/version.h | 39 | +++ b/version.h |
40 | @@ -3,4 +3,9 @@ | 40 | @@ -3,4 +3,9 @@ |
41 | #define SSH_VERSION "OpenSSH_5.9" | 41 | #define SSH_VERSION "OpenSSH_6.0" |
42 | 42 | ||
43 | #define SSH_PORTABLE "p1" | 43 | #define SSH_PORTABLE "p1" |
44 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 44 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch index ff41f094d..db2cba1e1 100644 --- a/debian/patches/quieter-signals.patch +++ b/debian/patches/quieter-signals.patch | |||
@@ -16,7 +16,7 @@ Index: b/clientloop.c | |||
16 | =================================================================== | 16 | =================================================================== |
17 | --- a/clientloop.c | 17 | --- a/clientloop.c |
18 | +++ b/clientloop.c | 18 | +++ b/clientloop.c |
19 | @@ -1619,8 +1619,10 @@ | 19 | @@ -1651,8 +1651,10 @@ |
20 | exit_status = 0; | 20 | exit_status = 0; |
21 | } | 21 | } |
22 | 22 | ||
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch index b14402199..0d696989a 100644 --- a/debian/patches/selinux-role.patch +++ b/debian/patches/selinux-role.patch | |||
@@ -108,7 +108,7 @@ Index: b/monitor.c | |||
108 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 108 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
109 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 109 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
110 | #ifdef USE_PAM | 110 | #ifdef USE_PAM |
111 | @@ -810,6 +812,7 @@ | 111 | @@ -811,6 +813,7 @@ |
112 | else { | 112 | else { |
113 | /* Allow service/style information on the auth context */ | 113 | /* Allow service/style information on the auth context */ |
114 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 114 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
@@ -116,7 +116,7 @@ Index: b/monitor.c | |||
116 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 116 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
117 | } | 117 | } |
118 | #ifdef USE_PAM | 118 | #ifdef USE_PAM |
119 | @@ -842,14 +845,37 @@ | 119 | @@ -843,14 +846,37 @@ |
120 | 120 | ||
121 | authctxt->service = buffer_get_string(m, NULL); | 121 | authctxt->service = buffer_get_string(m, NULL); |
122 | authctxt->style = buffer_get_string(m, NULL); | 122 | authctxt->style = buffer_get_string(m, NULL); |
@@ -156,7 +156,7 @@ Index: b/monitor.c | |||
156 | return (0); | 156 | return (0); |
157 | } | 157 | } |
158 | 158 | ||
159 | @@ -1437,7 +1463,7 @@ | 159 | @@ -1438,7 +1464,7 @@ |
160 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 160 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
161 | if (res == 0) | 161 | if (res == 0) |
162 | goto error; | 162 | goto error; |
@@ -256,18 +256,15 @@ Index: b/openbsd-compat/port-linux.c | |||
256 | #include "log.h" | 256 | #include "log.h" |
257 | #include "xmalloc.h" | 257 | #include "xmalloc.h" |
258 | #include "port-linux.h" | 258 | #include "port-linux.h" |
259 | @@ -58,9 +64,9 @@ | 259 | @@ -58,7 +64,7 @@ |
260 | 260 | ||
261 | /* Return the default security context for the given username */ | 261 | /* Return the default security context for the given username */ |
262 | static security_context_t | 262 | static security_context_t |
263 | -ssh_selinux_getctxbyname(char *pwname) | 263 | -ssh_selinux_getctxbyname(char *pwname) |
264 | +ssh_selinux_getctxbyname(char *pwname, const char *role) | 264 | +ssh_selinux_getctxbyname(char *pwname, const char *role) |
265 | { | 265 | { |
266 | - security_context_t sc; | 266 | security_context_t sc = NULL; |
267 | + security_context_t sc = NULL; | ||
268 | char *sename = NULL, *lvl = NULL; | 267 | char *sename = NULL, *lvl = NULL; |
269 | int r; | ||
270 | |||
271 | @@ -73,9 +79,16 @@ | 268 | @@ -73,9 +79,16 @@ |
272 | #endif | 269 | #endif |
273 | 270 | ||
@@ -287,7 +284,7 @@ Index: b/openbsd-compat/port-linux.c | |||
287 | #endif | 284 | #endif |
288 | 285 | ||
289 | if (r != 0) { | 286 | if (r != 0) { |
290 | @@ -106,7 +119,7 @@ | 287 | @@ -107,7 +120,7 @@ |
291 | 288 | ||
292 | /* Set the execution context to the default for the specified user */ | 289 | /* Set the execution context to the default for the specified user */ |
293 | void | 290 | void |
@@ -296,7 +293,7 @@ Index: b/openbsd-compat/port-linux.c | |||
296 | { | 293 | { |
297 | security_context_t user_ctx = NULL; | 294 | security_context_t user_ctx = NULL; |
298 | 295 | ||
299 | @@ -115,7 +128,7 @@ | 296 | @@ -116,7 +129,7 @@ |
300 | 297 | ||
301 | debug3("%s: setting execution context", __func__); | 298 | debug3("%s: setting execution context", __func__); |
302 | 299 | ||
@@ -305,7 +302,7 @@ Index: b/openbsd-compat/port-linux.c | |||
305 | if (setexeccon(user_ctx) != 0) { | 302 | if (setexeccon(user_ctx) != 0) { |
306 | switch (security_getenforce()) { | 303 | switch (security_getenforce()) { |
307 | case -1: | 304 | case -1: |
308 | @@ -137,7 +150,7 @@ | 305 | @@ -138,7 +151,7 @@ |
309 | 306 | ||
310 | /* Set the TTY context for the specified user */ | 307 | /* Set the TTY context for the specified user */ |
311 | void | 308 | void |
@@ -314,7 +311,7 @@ Index: b/openbsd-compat/port-linux.c | |||
314 | { | 311 | { |
315 | security_context_t new_tty_ctx = NULL; | 312 | security_context_t new_tty_ctx = NULL; |
316 | security_context_t user_ctx = NULL; | 313 | security_context_t user_ctx = NULL; |
317 | @@ -148,7 +161,7 @@ | 314 | @@ -149,7 +162,7 @@ |
318 | 315 | ||
319 | debug3("%s: setting TTY context on %s", __func__, tty); | 316 | debug3("%s: setting TTY context on %s", __func__, tty); |
320 | 317 | ||
@@ -439,7 +436,7 @@ Index: b/sshd.c | |||
439 | =================================================================== | 436 | =================================================================== |
440 | --- a/sshd.c | 437 | --- a/sshd.c |
441 | +++ b/sshd.c | 438 | +++ b/sshd.c |
442 | @@ -730,7 +730,7 @@ | 439 | @@ -734,7 +734,7 @@ |
443 | RAND_seed(rnd, sizeof(rnd)); | 440 | RAND_seed(rnd, sizeof(rnd)); |
444 | 441 | ||
445 | /* Drop privileges */ | 442 | /* Drop privileges */ |
diff --git a/debian/patches/series b/debian/patches/series index ceeb32499..2c3fdb668 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -40,6 +40,5 @@ auth-log-verbosity.patch | |||
40 | cross-pkg-config.patch | 40 | cross-pkg-config.patch |
41 | 41 | ||
42 | # Debian-specific configuration | 42 | # Debian-specific configuration |
43 | no-openssl-version-check.patch | ||
44 | gnome-ssh-askpass2-icon.patch | 43 | gnome-ssh-askpass2-icon.patch |
45 | debian-config.patch | 44 | debian-config.patch |
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch index a7750ed23..3cc1272ec 100644 --- a/debian/patches/ssh-argv0.patch +++ b/debian/patches/ssh-argv0.patch | |||
@@ -11,7 +11,7 @@ Index: b/ssh.1 | |||
11 | =================================================================== | 11 | =================================================================== |
12 | --- a/ssh.1 | 12 | --- a/ssh.1 |
13 | +++ b/ssh.1 | 13 | +++ b/ssh.1 |
14 | @@ -1411,6 +1411,7 @@ | 14 | @@ -1425,6 +1425,7 @@ |
15 | .Xr sftp 1 , | 15 | .Xr sftp 1 , |
16 | .Xr ssh-add 1 , | 16 | .Xr ssh-add 1 , |
17 | .Xr ssh-agent 1 , | 17 | .Xr ssh-agent 1 , |
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch index 4245319c3..d60816d46 100644 --- a/debian/patches/ssh-vulnkey.patch +++ b/debian/patches/ssh-vulnkey.patch | |||
@@ -39,9 +39,9 @@ Index: b/Makefile.in | |||
39 | 39 | ||
40 | LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ | 40 | LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ |
41 | canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ | 41 | canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ |
42 | @@ -93,8 +95,8 @@ | 42 | @@ -94,8 +96,8 @@ |
43 | roaming_common.o roaming_serv.o \ | 43 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ |
44 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o | 44 | sandbox-seccomp-filter.o |
45 | 45 | ||
46 | -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out | 46 | -MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out |
47 | -MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 | 47 | -MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 |
@@ -50,7 +50,7 @@ Index: b/Makefile.in | |||
50 | MANTYPE = @MANTYPE@ | 50 | MANTYPE = @MANTYPE@ |
51 | 51 | ||
52 | CONFIGFILES=sshd_config.out ssh_config.out moduli.out | 52 | CONFIGFILES=sshd_config.out ssh_config.out moduli.out |
53 | @@ -171,6 +173,9 @@ | 53 | @@ -172,6 +174,9 @@ |
54 | sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o | 54 | sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o |
55 | $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) | 55 | $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) |
56 | 56 | ||
@@ -60,7 +60,7 @@ Index: b/Makefile.in | |||
60 | # test driver for the loginrec code - not built by default | 60 | # test driver for the loginrec code - not built by default |
61 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o | 61 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o |
62 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) | 62 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) |
63 | @@ -259,6 +264,7 @@ | 63 | @@ -260,6 +265,7 @@ |
64 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) | 64 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) |
65 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) | 65 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
66 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | 66 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
@@ -68,7 +68,7 @@ Index: b/Makefile.in | |||
68 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 | 68 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 |
69 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 | 69 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 |
70 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 | 70 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 |
71 | @@ -273,6 +279,7 @@ | 71 | @@ -274,6 +280,7 @@ |
72 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 72 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
73 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 | 73 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 |
74 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 74 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
@@ -76,7 +76,7 @@ Index: b/Makefile.in | |||
76 | -rm -f $(DESTDIR)$(bindir)/slogin | 76 | -rm -f $(DESTDIR)$(bindir)/slogin |
77 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | 77 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin |
78 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | 78 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
79 | @@ -354,6 +361,7 @@ | 79 | @@ -355,6 +362,7 @@ |
80 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) | 80 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) |
81 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) | 81 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) |
82 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) | 82 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) |
@@ -84,7 +84,7 @@ Index: b/Makefile.in | |||
84 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) | 84 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
85 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) | 85 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) |
86 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | 86 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
87 | @@ -366,6 +374,7 @@ | 87 | @@ -367,6 +375,7 @@ |
88 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 | 88 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 |
89 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 | 89 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 |
90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 | 90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 |
@@ -196,7 +196,7 @@ Index: b/auth2-pubkey.c | |||
196 | =================================================================== | 196 | =================================================================== |
197 | --- a/auth2-pubkey.c | 197 | --- a/auth2-pubkey.c |
198 | +++ b/auth2-pubkey.c | 198 | +++ b/auth2-pubkey.c |
199 | @@ -439,9 +439,10 @@ | 199 | @@ -440,9 +440,10 @@ |
200 | u_int success, i; | 200 | u_int success, i; |
201 | char *file; | 201 | char *file; |
202 | 202 | ||
@@ -418,7 +418,7 @@ Index: b/readconf.c | |||
418 | { "rsaauthentication", oRSAAuthentication }, | 418 | { "rsaauthentication", oRSAAuthentication }, |
419 | { "pubkeyauthentication", oPubkeyAuthentication }, | 419 | { "pubkeyauthentication", oPubkeyAuthentication }, |
420 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ | 420 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
421 | @@ -489,6 +491,10 @@ | 421 | @@ -490,6 +492,10 @@ |
422 | intptr = &options->challenge_response_authentication; | 422 | intptr = &options->challenge_response_authentication; |
423 | goto parse_flag; | 423 | goto parse_flag; |
424 | 424 | ||
@@ -429,7 +429,7 @@ Index: b/readconf.c | |||
429 | case oGssAuthentication: | 429 | case oGssAuthentication: |
430 | intptr = &options->gss_authentication; | 430 | intptr = &options->gss_authentication; |
431 | goto parse_flag; | 431 | goto parse_flag; |
432 | @@ -1180,6 +1186,7 @@ | 432 | @@ -1181,6 +1187,7 @@ |
433 | options->kbd_interactive_devices = NULL; | 433 | options->kbd_interactive_devices = NULL; |
434 | options->rhosts_rsa_authentication = -1; | 434 | options->rhosts_rsa_authentication = -1; |
435 | options->hostbased_authentication = -1; | 435 | options->hostbased_authentication = -1; |
@@ -437,7 +437,7 @@ Index: b/readconf.c | |||
437 | options->batch_mode = -1; | 437 | options->batch_mode = -1; |
438 | options->check_host_ip = -1; | 438 | options->check_host_ip = -1; |
439 | options->strict_host_key_checking = -1; | 439 | options->strict_host_key_checking = -1; |
440 | @@ -1290,6 +1297,8 @@ | 440 | @@ -1291,6 +1298,8 @@ |
441 | options->rhosts_rsa_authentication = 0; | 441 | options->rhosts_rsa_authentication = 0; |
442 | if (options->hostbased_authentication == -1) | 442 | if (options->hostbased_authentication == -1) |
443 | options->hostbased_authentication = 0; | 443 | options->hostbased_authentication = 0; |
@@ -450,7 +450,7 @@ Index: b/readconf.h | |||
450 | =================================================================== | 450 | =================================================================== |
451 | --- a/readconf.h | 451 | --- a/readconf.h |
452 | +++ b/readconf.h | 452 | +++ b/readconf.h |
453 | @@ -58,6 +58,7 @@ | 453 | @@ -59,6 +59,7 @@ |
454 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ | 454 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ |
455 | char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ | 455 | char *kbd_interactive_devices; /* Keyboard-interactive auth devices. */ |
456 | int zero_knowledge_password_authentication; /* Try jpake */ | 456 | int zero_knowledge_password_authentication; /* Try jpake */ |
@@ -542,7 +542,7 @@ Index: b/ssh-add.1 | |||
542 | The options are as follows: | 542 | The options are as follows: |
543 | .Bl -tag -width Ds | 543 | .Bl -tag -width Ds |
544 | .It Fl c | 544 | .It Fl c |
545 | @@ -183,6 +187,7 @@ | 545 | @@ -186,6 +190,7 @@ |
546 | .Xr ssh 1 , | 546 | .Xr ssh 1 , |
547 | .Xr ssh-agent 1 , | 547 | .Xr ssh-agent 1 , |
548 | .Xr ssh-keygen 1 , | 548 | .Xr ssh-keygen 1 , |
@@ -555,12 +555,12 @@ Index: b/ssh-add.c | |||
555 | --- a/ssh-add.c | 555 | --- a/ssh-add.c |
556 | +++ b/ssh-add.c | 556 | +++ b/ssh-add.c |
557 | @@ -142,7 +142,7 @@ | 557 | @@ -142,7 +142,7 @@ |
558 | add_file(AuthenticationConnection *ac, const char *filename) | 558 | add_file(AuthenticationConnection *ac, const char *filename, int key_only) |
559 | { | 559 | { |
560 | Key *private, *cert; | 560 | Key *private, *cert; |
561 | - char *comment = NULL; | 561 | - char *comment = NULL; |
562 | + char *comment = NULL, *fp; | 562 | + char *comment = NULL, *fp; |
563 | char msg[1024], *certpath; | 563 | char msg[1024], *certpath = NULL; |
564 | int fd, perms_ok, ret = -1; | 564 | int fd, perms_ok, ret = -1; |
565 | Buffer keyblob; | 565 | Buffer keyblob; |
566 | @@ -218,6 +218,14 @@ | 566 | @@ -218,6 +218,14 @@ |
@@ -576,13 +576,13 @@ Index: b/ssh-add.c | |||
576 | + return -1; | 576 | + return -1; |
577 | + } | 577 | + } |
578 | 578 | ||
579 | 579 | /* Skip trying to load the cert if requested */ | |
580 | /* Now try to add the certificate flavour too */ | 580 | if (key_only) |
581 | Index: b/ssh-keygen.1 | 581 | Index: b/ssh-keygen.1 |
582 | =================================================================== | 582 | =================================================================== |
583 | --- a/ssh-keygen.1 | 583 | --- a/ssh-keygen.1 |
584 | +++ b/ssh-keygen.1 | 584 | +++ b/ssh-keygen.1 |
585 | @@ -670,6 +670,7 @@ | 585 | @@ -679,6 +679,7 @@ |
586 | .Xr ssh 1 , | 586 | .Xr ssh 1 , |
587 | .Xr ssh-add 1 , | 587 | .Xr ssh-add 1 , |
588 | .Xr ssh-agent 1 , | 588 | .Xr ssh-agent 1 , |
@@ -1233,7 +1233,7 @@ Index: b/ssh.1 | |||
1233 | =================================================================== | 1233 | =================================================================== |
1234 | --- a/ssh.1 | 1234 | --- a/ssh.1 |
1235 | +++ b/ssh.1 | 1235 | +++ b/ssh.1 |
1236 | @@ -1407,6 +1407,7 @@ | 1236 | @@ -1421,6 +1421,7 @@ |
1237 | .Xr ssh-agent 1 , | 1237 | .Xr ssh-agent 1 , |
1238 | .Xr ssh-keygen 1 , | 1238 | .Xr ssh-keygen 1 , |
1239 | .Xr ssh-keyscan 1 , | 1239 | .Xr ssh-keyscan 1 , |
@@ -1245,7 +1245,7 @@ Index: b/ssh.c | |||
1245 | =================================================================== | 1245 | =================================================================== |
1246 | --- a/ssh.c | 1246 | --- a/ssh.c |
1247 | +++ b/ssh.c | 1247 | +++ b/ssh.c |
1248 | @@ -1476,7 +1476,7 @@ | 1248 | @@ -1492,7 +1492,7 @@ |
1249 | static void | 1249 | static void |
1250 | load_public_identity_files(void) | 1250 | load_public_identity_files(void) |
1251 | { | 1251 | { |
@@ -1254,7 +1254,7 @@ Index: b/ssh.c | |||
1254 | char *pwdir = NULL, *pwname = NULL; | 1254 | char *pwdir = NULL, *pwname = NULL; |
1255 | int i = 0; | 1255 | int i = 0; |
1256 | Key *public; | 1256 | Key *public; |
1257 | @@ -1533,6 +1533,22 @@ | 1257 | @@ -1549,6 +1549,22 @@ |
1258 | public = key_load_public(filename, NULL); | 1258 | public = key_load_public(filename, NULL); |
1259 | debug("identity file %s type %d", filename, | 1259 | debug("identity file %s type %d", filename, |
1260 | public ? public->type : -1); | 1260 | public ? public->type : -1); |
@@ -1331,7 +1331,7 @@ Index: b/sshd.8 | |||
1331 | =================================================================== | 1331 | =================================================================== |
1332 | --- a/sshd.8 | 1332 | --- a/sshd.8 |
1333 | +++ b/sshd.8 | 1333 | +++ b/sshd.8 |
1334 | @@ -948,6 +948,7 @@ | 1334 | @@ -951,6 +951,7 @@ |
1335 | .Xr ssh-agent 1 , | 1335 | .Xr ssh-agent 1 , |
1336 | .Xr ssh-keygen 1 , | 1336 | .Xr ssh-keygen 1 , |
1337 | .Xr ssh-keyscan 1 , | 1337 | .Xr ssh-keyscan 1 , |
@@ -1343,7 +1343,7 @@ Index: b/sshd.c | |||
1343 | =================================================================== | 1343 | =================================================================== |
1344 | --- a/sshd.c | 1344 | --- a/sshd.c |
1345 | +++ b/sshd.c | 1345 | +++ b/sshd.c |
1346 | @@ -1598,6 +1598,11 @@ | 1346 | @@ -1602,6 +1602,11 @@ |
1347 | sensitive_data.host_keys[i] = NULL; | 1347 | sensitive_data.host_keys[i] = NULL; |
1348 | continue; | 1348 | continue; |
1349 | } | 1349 | } |
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch index d5a7fe07a..2acf9704f 100644 --- a/debian/patches/ssh1-keepalive.patch +++ b/debian/patches/ssh1-keepalive.patch | |||
@@ -7,7 +7,7 @@ Index: b/clientloop.c | |||
7 | =================================================================== | 7 | =================================================================== |
8 | --- a/clientloop.c | 8 | --- a/clientloop.c |
9 | +++ b/clientloop.c | 9 | +++ b/clientloop.c |
10 | @@ -545,16 +545,21 @@ | 10 | @@ -565,16 +565,21 @@ |
11 | static void | 11 | static void |
12 | server_alive_check(void) | 12 | server_alive_check(void) |
13 | { | 13 | { |
@@ -38,7 +38,7 @@ Index: b/clientloop.c | |||
38 | } | 38 | } |
39 | 39 | ||
40 | /* | 40 | /* |
41 | @@ -614,7 +619,7 @@ | 41 | @@ -634,7 +639,7 @@ |
42 | */ | 42 | */ |
43 | 43 | ||
44 | timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ | 44 | timeout_secs = INT_MAX; /* we use INT_MAX to mean no timeout */ |
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch index 90ddca4ad..07e2974aa 100644 --- a/debian/patches/syslog-level-silent.patch +++ b/debian/patches/syslog-level-silent.patch | |||
@@ -26,7 +26,7 @@ Index: b/ssh.c | |||
26 | =================================================================== | 26 | =================================================================== |
27 | --- a/ssh.c | 27 | --- a/ssh.c |
28 | +++ b/ssh.c | 28 | +++ b/ssh.c |
29 | @@ -678,7 +678,7 @@ | 29 | @@ -680,7 +680,7 @@ |
30 | /* Do not allocate a tty if stdin is not a tty. */ | 30 | /* Do not allocate a tty if stdin is not a tty. */ |
31 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && | 31 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && |
32 | options.request_tty != REQUEST_TTY_FORCE) { | 32 | options.request_tty != REQUEST_TTY_FORCE) { |
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 01ba05526..8e4ee3eb1 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
@@ -24,7 +24,7 @@ Index: b/readconf.c | |||
24 | 24 | ||
25 | #include "xmalloc.h" | 25 | #include "xmalloc.h" |
26 | #include "ssh.h" | 26 | #include "ssh.h" |
27 | @@ -1131,8 +1133,7 @@ | 27 | @@ -1132,8 +1134,7 @@ |
28 | 28 | ||
29 | if (fstat(fileno(f), &sb) == -1) | 29 | if (fstat(fileno(f), &sb) == -1) |
30 | fatal("fstat %s: %s", filename, strerror(errno)); | 30 | fatal("fstat %s: %s", filename, strerror(errno)); |
@@ -38,7 +38,7 @@ Index: b/ssh.1 | |||
38 | =================================================================== | 38 | =================================================================== |
39 | --- a/ssh.1 | 39 | --- a/ssh.1 |
40 | +++ b/ssh.1 | 40 | +++ b/ssh.1 |
41 | @@ -1298,6 +1298,8 @@ | 41 | @@ -1312,6 +1312,8 @@ |
42 | .Xr ssh_config 5 . | 42 | .Xr ssh_config 5 . |
43 | Because of the potential for abuse, this file must have strict permissions: | 43 | Because of the potential for abuse, this file must have strict permissions: |
44 | read/write for the user, and not accessible by others. | 44 | read/write for the user, and not accessible by others. |