diff options
Diffstat (limited to 'debian/patches')
27 files changed, 215 insertions, 283 deletions
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch index 68f5029d5..2680fc739 100644 --- a/debian/patches/authorized-keys-man-symlink.patch +++ b/debian/patches/authorized-keys-man-symlink.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From eb51213d1bdc8d80cd7d0578737d8a7bfde992d2 Mon Sep 17 00:00:00 2001 | 1 | From 27ced5f6a3c5dec6e0a78ae138d3db56d49953bd Mon Sep 17 00:00:00 2001 |
2 | From: Tomas Pospisek <tpo_deb@sourcepole.ch> | 2 | From: Tomas Pospisek <tpo_deb@sourcepole.ch> |
3 | Date: Sun, 9 Feb 2014 16:10:07 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:07 +0000 |
4 | Subject: Install authorized_keys(5) as a symlink to sshd(8) | 4 | Subject: Install authorized_keys(5) as a symlink to sshd(8) |
@@ -13,10 +13,10 @@ Patch-Name: authorized-keys-man-symlink.patch | |||
13 | 1 file changed, 1 insertion(+) | 13 | 1 file changed, 1 insertion(+) |
14 | 14 | ||
15 | diff --git a/Makefile.in b/Makefile.in | 15 | diff --git a/Makefile.in b/Makefile.in |
16 | index bf1e1de47..3aa808a38 100644 | 16 | index 56759c388..73e56aaac 100644 |
17 | --- a/Makefile.in | 17 | --- a/Makefile.in |
18 | +++ b/Makefile.in | 18 | +++ b/Makefile.in |
19 | @@ -406,6 +406,7 @@ install-files: | 19 | @@ -408,6 +408,7 @@ install-files: |
20 | $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 | 20 | $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 |
21 | $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 | 21 | $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 |
22 | $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 | 22 | $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 |
diff --git a/debian/patches/avoid-extra-ports.patch b/debian/patches/avoid-extra-ports.patch deleted file mode 100644 index d8df325ac..000000000 --- a/debian/patches/avoid-extra-ports.patch +++ /dev/null | |||
@@ -1,67 +0,0 @@ | |||
1 | From 877a000e9474ed5e32029f434dbec4de2fb1696f Mon Sep 17 00:00:00 2001 | ||
2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
3 | Date: Wed, 27 May 2020 21:59:11 +0000 | ||
4 | Subject: upstream: Do not call process_queued_listen_addrs() for every | ||
5 | |||
6 | included file from sshd_config; patch from Jakub Jelen | ||
7 | |||
8 | OpenBSD-Commit-ID: 0ff603d6f06a7fab4881f12503b53024799d0a49 | ||
9 | |||
10 | Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=0a9a611619b0a1fecd0195ec86a9885f5d681c84 | ||
11 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=3169 | ||
12 | Bug-Debian: https://bugs.debian.org/962035 | ||
13 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/1876320 | ||
14 | Last-Update: 2020-06-07 | ||
15 | |||
16 | Patch-Name: avoid-extra-ports.patch | ||
17 | --- | ||
18 | servconf.c | 10 +++++----- | ||
19 | 1 file changed, 5 insertions(+), 5 deletions(-) | ||
20 | |||
21 | diff --git a/servconf.c b/servconf.c | ||
22 | index c290e9786..5f3336365 100644 | ||
23 | --- a/servconf.c | ||
24 | +++ b/servconf.c | ||
25 | @@ -1,5 +1,5 @@ | ||
26 | |||
27 | -/* $OpenBSD: servconf.c,v 1.363 2020/04/17 03:30:05 djm Exp $ */ | ||
28 | +/* $OpenBSD: servconf.c,v 1.364 2020/05/27 21:59:11 djm Exp $ */ | ||
29 | /* | ||
30 | * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland | ||
31 | * All rights reserved | ||
32 | @@ -75,8 +75,8 @@ static void add_listen_addr(ServerOptions *, const char *, | ||
33 | const char *, int); | ||
34 | static void add_one_listen_addr(ServerOptions *, const char *, | ||
35 | const char *, int); | ||
36 | -void parse_server_config_depth(ServerOptions *options, const char *filename, | ||
37 | - struct sshbuf *conf, struct include_list *includes, | ||
38 | +static void parse_server_config_depth(ServerOptions *options, | ||
39 | + const char *filename, struct sshbuf *conf, struct include_list *includes, | ||
40 | struct connection_info *connectinfo, int flags, int *activep, int depth); | ||
41 | |||
42 | /* Use of privilege separation or not */ | ||
43 | @@ -2623,7 +2623,7 @@ copy_set_server_options(ServerOptions *dst, ServerOptions *src, int preauth) | ||
44 | #undef M_CP_STRARRAYOPT | ||
45 | |||
46 | #define SERVCONF_MAX_DEPTH 16 | ||
47 | -void | ||
48 | +static void | ||
49 | parse_server_config_depth(ServerOptions *options, const char *filename, | ||
50 | struct sshbuf *conf, struct include_list *includes, | ||
51 | struct connection_info *connectinfo, int flags, int *activep, int depth) | ||
52 | @@ -2649,7 +2649,6 @@ parse_server_config_depth(ServerOptions *options, const char *filename, | ||
53 | if (bad_options > 0) | ||
54 | fatal("%s: terminating, %d bad configuration options", | ||
55 | filename, bad_options); | ||
56 | - process_queued_listen_addrs(options); | ||
57 | } | ||
58 | |||
59 | void | ||
60 | @@ -2660,6 +2659,7 @@ parse_server_config(ServerOptions *options, const char *filename, | ||
61 | int active = connectinfo ? 0 : 1; | ||
62 | parse_server_config_depth(options, filename, conf, includes, | ||
63 | connectinfo, 0, &active, 0); | ||
64 | + process_queued_listen_addrs(options); | ||
65 | } | ||
66 | |||
67 | static const char * | ||
diff --git a/debian/patches/conch-old-privkey-format.patch b/debian/patches/conch-old-privkey-format.patch index dfd1058b8..c7063cece 100644 --- a/debian/patches/conch-old-privkey-format.patch +++ b/debian/patches/conch-old-privkey-format.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From f2697f0c5ff23bc13dce1c90fb4c1c934c02070b Mon Sep 17 00:00:00 2001 | 1 | From a73fcc8bab768900ca16d3121303941511b28d45 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Thu, 30 Aug 2018 00:58:56 +0100 | 3 | Date: Thu, 30 Aug 2018 00:58:56 +0100 |
4 | Subject: Work around conch interoperability failure | 4 | Subject: Work around conch interoperability failure |
@@ -18,10 +18,10 @@ Patch-Name: conch-old-privkey-format.patch | |||
18 | 3 files changed, 14 insertions(+), 2 deletions(-) | 18 | 3 files changed, 14 insertions(+), 2 deletions(-) |
19 | 19 | ||
20 | diff --git a/regress/Makefile b/regress/Makefile | 20 | diff --git a/regress/Makefile b/regress/Makefile |
21 | index 62794d25f..53a50ffca 100644 | 21 | index 8b4ed9de3..f50d189bb 100644 |
22 | --- a/regress/Makefile | 22 | --- a/regress/Makefile |
23 | +++ b/regress/Makefile | 23 | +++ b/regress/Makefile |
24 | @@ -121,7 +121,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ | 24 | @@ -122,7 +122,7 @@ CLEANFILES= *.core actual agent-key.* authorized_keys_${USERNAME} \ |
25 | rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ | 25 | rsa_ssh2_crnl.prv scp-ssh-wrapper.exe \ |
26 | scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ | 26 | scp-ssh-wrapper.scp setuid-allowed sftp-server.log \ |
27 | sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ | 27 | sftp-server.sh sftp.log ssh-log-wrapper.sh ssh.log \ |
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index 47a2fe372..82cc37c1b 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 90c1c8771b61dd3ee0eacb4e1cfac404dc42f4b0 Mon Sep 17 00:00:00 2001 | 1 | From 6353ee79cc71ef33a0a34d2d769a5fe327f6260d Mon Sep 17 00:00:00 2001 |
2 | From: Kees Cook <kees@debian.org> | 2 | From: Kees Cook <kees@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:06 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:06 +0000 |
4 | Subject: Add DebianBanner server configuration option | 4 | Subject: Add DebianBanner server configuration option |
@@ -22,7 +22,7 @@ Patch-Name: debian-banner.patch | |||
22 | 7 files changed, 22 insertions(+), 5 deletions(-) | 22 | 7 files changed, 22 insertions(+), 5 deletions(-) |
23 | 23 | ||
24 | diff --git a/kex.c b/kex.c | 24 | diff --git a/kex.c b/kex.c |
25 | index 0e64bf760..aa5acaac3 100644 | 25 | index ce7bb5b3b..763c45536 100644 |
26 | --- a/kex.c | 26 | --- a/kex.c |
27 | +++ b/kex.c | 27 | +++ b/kex.c |
28 | @@ -1225,7 +1225,7 @@ send_error(struct ssh *ssh, char *msg) | 28 | @@ -1225,7 +1225,7 @@ send_error(struct ssh *ssh, char *msg) |
@@ -58,10 +58,10 @@ index fe7141414..938dca03b 100644 | |||
58 | struct kex *kex_new(void); | 58 | struct kex *kex_new(void); |
59 | int kex_ready(struct ssh *, char *[PROPOSAL_MAX]); | 59 | int kex_ready(struct ssh *, char *[PROPOSAL_MAX]); |
60 | diff --git a/servconf.c b/servconf.c | 60 | diff --git a/servconf.c b/servconf.c |
61 | index ff5b9436c..cf4e52f3b 100644 | 61 | index 21abe41ac..f9eb778d6 100644 |
62 | --- a/servconf.c | 62 | --- a/servconf.c |
63 | +++ b/servconf.c | 63 | +++ b/servconf.c |
64 | @@ -194,6 +194,7 @@ initialize_server_options(ServerOptions *options) | 64 | @@ -195,6 +195,7 @@ initialize_server_options(ServerOptions *options) |
65 | options->fingerprint_hash = -1; | 65 | options->fingerprint_hash = -1; |
66 | options->disable_forwarding = -1; | 66 | options->disable_forwarding = -1; |
67 | options->expose_userauth_info = -1; | 67 | options->expose_userauth_info = -1; |
@@ -69,7 +69,7 @@ index ff5b9436c..cf4e52f3b 100644 | |||
69 | } | 69 | } |
70 | 70 | ||
71 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ | 71 | /* Returns 1 if a string option is unset or set to "none" or 0 otherwise. */ |
72 | @@ -468,6 +469,8 @@ fill_default_server_options(ServerOptions *options) | 72 | @@ -469,6 +470,8 @@ fill_default_server_options(ServerOptions *options) |
73 | options->expose_userauth_info = 0; | 73 | options->expose_userauth_info = 0; |
74 | if (options->sk_provider == NULL) | 74 | if (options->sk_provider == NULL) |
75 | options->sk_provider = xstrdup("internal"); | 75 | options->sk_provider = xstrdup("internal"); |
@@ -78,7 +78,7 @@ index ff5b9436c..cf4e52f3b 100644 | |||
78 | 78 | ||
79 | assemble_algorithms(options); | 79 | assemble_algorithms(options); |
80 | 80 | ||
81 | @@ -556,6 +559,7 @@ typedef enum { | 81 | @@ -548,6 +551,7 @@ typedef enum { |
82 | sStreamLocalBindMask, sStreamLocalBindUnlink, | 82 | sStreamLocalBindMask, sStreamLocalBindUnlink, |
83 | sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, | 83 | sAllowStreamLocalForwarding, sFingerprintHash, sDisableForwarding, |
84 | sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, | 84 | sExposeAuthInfo, sRDomain, sPubkeyAuthOptions, sSecurityKeyProvider, |
@@ -86,7 +86,7 @@ index ff5b9436c..cf4e52f3b 100644 | |||
86 | sDeprecated, sIgnore, sUnsupported | 86 | sDeprecated, sIgnore, sUnsupported |
87 | } ServerOpCodes; | 87 | } ServerOpCodes; |
88 | 88 | ||
89 | @@ -719,6 +723,7 @@ static struct { | 89 | @@ -712,6 +716,7 @@ static struct { |
90 | { "rdomain", sRDomain, SSHCFG_ALL }, | 90 | { "rdomain", sRDomain, SSHCFG_ALL }, |
91 | { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, | 91 | { "casignaturealgorithms", sCASignatureAlgorithms, SSHCFG_ALL }, |
92 | { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, | 92 | { "securitykeyprovider", sSecurityKeyProvider, SSHCFG_GLOBAL }, |
@@ -94,7 +94,7 @@ index ff5b9436c..cf4e52f3b 100644 | |||
94 | { NULL, sBadOption, 0 } | 94 | { NULL, sBadOption, 0 } |
95 | }; | 95 | }; |
96 | 96 | ||
97 | @@ -2393,6 +2398,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, | 97 | @@ -2402,6 +2407,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, |
98 | *charptr = xstrdup(arg); | 98 | *charptr = xstrdup(arg); |
99 | break; | 99 | break; |
100 | 100 | ||
@@ -106,10 +106,10 @@ index ff5b9436c..cf4e52f3b 100644 | |||
106 | case sIgnore: | 106 | case sIgnore: |
107 | case sUnsupported: | 107 | case sUnsupported: |
108 | diff --git a/servconf.h b/servconf.h | 108 | diff --git a/servconf.h b/servconf.h |
109 | index 253cad97e..5a2b60512 100644 | 109 | index f10908e5b..4afdf24d0 100644 |
110 | --- a/servconf.h | 110 | --- a/servconf.h |
111 | +++ b/servconf.h | 111 | +++ b/servconf.h |
112 | @@ -226,6 +226,8 @@ typedef struct { | 112 | @@ -227,6 +227,8 @@ typedef struct { |
113 | int expose_userauth_info; | 113 | int expose_userauth_info; |
114 | u_int64_t timing_secret; | 114 | u_int64_t timing_secret; |
115 | char *sk_provider; | 115 | char *sk_provider; |
@@ -119,10 +119,10 @@ index 253cad97e..5a2b60512 100644 | |||
119 | 119 | ||
120 | /* Information about the incoming connection as used by Match */ | 120 | /* Information about the incoming connection as used by Match */ |
121 | diff --git a/sshconnect.c b/sshconnect.c | 121 | diff --git a/sshconnect.c b/sshconnect.c |
122 | index f20d3e792..1e5b8ea5a 100644 | 122 | index 3ae20b74e..bab3916d8 100644 |
123 | --- a/sshconnect.c | 123 | --- a/sshconnect.c |
124 | +++ b/sshconnect.c | 124 | +++ b/sshconnect.c |
125 | @@ -1293,7 +1293,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, | 125 | @@ -1296,7 +1296,7 @@ ssh_login(struct ssh *ssh, Sensitive *sensitive, const char *orighost, |
126 | lowercase(host); | 126 | lowercase(host); |
127 | 127 | ||
128 | /* Exchange protocol version identification strings with the server. */ | 128 | /* Exchange protocol version identification strings with the server. */ |
@@ -132,10 +132,10 @@ index f20d3e792..1e5b8ea5a 100644 | |||
132 | 132 | ||
133 | /* Put the connection into non-blocking mode. */ | 133 | /* Put the connection into non-blocking mode. */ |
134 | diff --git a/sshd.c b/sshd.c | 134 | diff --git a/sshd.c b/sshd.c |
135 | index e8b332ca4..baee13506 100644 | 135 | index 38d281ab4..50f2726bf 100644 |
136 | --- a/sshd.c | 136 | --- a/sshd.c |
137 | +++ b/sshd.c | 137 | +++ b/sshd.c |
138 | @@ -2181,7 +2181,7 @@ main(int ac, char **av) | 138 | @@ -2232,7 +2232,7 @@ main(int ac, char **av) |
139 | if (!debug_flag) | 139 | if (!debug_flag) |
140 | alarm(options.login_grace_time); | 140 | alarm(options.login_grace_time); |
141 | 141 | ||
@@ -145,7 +145,7 @@ index e8b332ca4..baee13506 100644 | |||
145 | sshpkt_fatal(ssh, r, "banner exchange"); | 145 | sshpkt_fatal(ssh, r, "banner exchange"); |
146 | 146 | ||
147 | diff --git a/sshd_config.5 b/sshd_config.5 | 147 | diff --git a/sshd_config.5 b/sshd_config.5 |
148 | index 9f093be1f..753ceda10 100644 | 148 | index 6457620bb..33dc0c675 100644 |
149 | --- a/sshd_config.5 | 149 | --- a/sshd_config.5 |
150 | +++ b/sshd_config.5 | 150 | +++ b/sshd_config.5 |
151 | @@ -540,6 +540,11 @@ or | 151 | @@ -540,6 +540,11 @@ or |
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index d01331cc3..aa370e52f 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 08ca1225e6979fc6b5b6e7f85ce5cb0ac5cc7405 Mon Sep 17 00:00:00 2001 | 1 | From a0c9f82b05d33f3e2cf8e5442cee47c09d1a1dd8 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:18 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:18 +0000 |
4 | Subject: Various Debian-specific configuration changes | 4 | Subject: Various Debian-specific configuration changes |
@@ -30,7 +30,7 @@ Document all of this. | |||
30 | 30 | ||
31 | Author: Russ Allbery <rra@debian.org> | 31 | Author: Russ Allbery <rra@debian.org> |
32 | Forwarded: not-needed | 32 | Forwarded: not-needed |
33 | Last-Update: 2020-02-21 | 33 | Last-Update: 2020-10-18 |
34 | 34 | ||
35 | Patch-Name: debian-config.patch | 35 | Patch-Name: debian-config.patch |
36 | --- | 36 | --- |
@@ -43,10 +43,10 @@ Patch-Name: debian-config.patch | |||
43 | 6 files changed, 98 insertions(+), 9 deletions(-) | 43 | 6 files changed, 98 insertions(+), 9 deletions(-) |
44 | 44 | ||
45 | diff --git a/readconf.c b/readconf.c | 45 | diff --git a/readconf.c b/readconf.c |
46 | index 5bf0afbb4..87b0dc62a 100644 | 46 | index f4f273c96..e676b6be6 100644 |
47 | --- a/readconf.c | 47 | --- a/readconf.c |
48 | +++ b/readconf.c | 48 | +++ b/readconf.c |
49 | @@ -2111,7 +2111,7 @@ fill_default_options(Options * options) | 49 | @@ -2153,7 +2153,7 @@ fill_default_options(Options * options) |
50 | if (options->forward_x11 == -1) | 50 | if (options->forward_x11 == -1) |
51 | options->forward_x11 = 0; | 51 | options->forward_x11 = 0; |
52 | if (options->forward_x11_trusted == -1) | 52 | if (options->forward_x11_trusted == -1) |
@@ -56,7 +56,7 @@ index 5bf0afbb4..87b0dc62a 100644 | |||
56 | options->forward_x11_timeout = 1200; | 56 | options->forward_x11_timeout = 1200; |
57 | /* | 57 | /* |
58 | diff --git a/ssh.1 b/ssh.1 | 58 | diff --git a/ssh.1 b/ssh.1 |
59 | index 5a31b5dde..035823da3 100644 | 59 | index 76ddd89b5..ad48fc8c8 100644 |
60 | --- a/ssh.1 | 60 | --- a/ssh.1 |
61 | +++ b/ssh.1 | 61 | +++ b/ssh.1 |
62 | @@ -812,6 +812,16 @@ directive in | 62 | @@ -812,6 +812,16 @@ directive in |
@@ -98,7 +98,7 @@ index 5a31b5dde..035823da3 100644 | |||
98 | Send log information using the | 98 | Send log information using the |
99 | .Xr syslog 3 | 99 | .Xr syslog 3 |
100 | diff --git a/ssh_config b/ssh_config | 100 | diff --git a/ssh_config b/ssh_config |
101 | index 1ff999b68..8a55237b9 100644 | 101 | index 52aae8692..09a17cf18 100644 |
102 | --- a/ssh_config | 102 | --- a/ssh_config |
103 | +++ b/ssh_config | 103 | +++ b/ssh_config |
104 | @@ -17,9 +17,12 @@ | 104 | @@ -17,9 +17,12 @@ |
@@ -115,15 +115,15 @@ index 1ff999b68..8a55237b9 100644 | |||
115 | # PasswordAuthentication yes | 115 | # PasswordAuthentication yes |
116 | # HostbasedAuthentication no | 116 | # HostbasedAuthentication no |
117 | # GSSAPIAuthentication no | 117 | # GSSAPIAuthentication no |
118 | @@ -45,3 +48,6 @@ | 118 | @@ -46,3 +49,6 @@ |
119 | # VisualHostKey no | ||
120 | # ProxyCommand ssh -q -W %h:%p gateway.example.com | 119 | # ProxyCommand ssh -q -W %h:%p gateway.example.com |
121 | # RekeyLimit 1G 1h | 120 | # RekeyLimit 1G 1h |
121 | # UserKnownHostsFile ~/.ssh/known_hosts.d/%k | ||
122 | + SendEnv LANG LC_* | 122 | + SendEnv LANG LC_* |
123 | + HashKnownHosts yes | 123 | + HashKnownHosts yes |
124 | + GSSAPIAuthentication yes | 124 | + GSSAPIAuthentication yes |
125 | diff --git a/ssh_config.5 b/ssh_config.5 | 125 | diff --git a/ssh_config.5 b/ssh_config.5 |
126 | index dd8241df1..aac3fabb7 100644 | 126 | index 96ca7a5df..6d6c59521 100644 |
127 | --- a/ssh_config.5 | 127 | --- a/ssh_config.5 |
128 | +++ b/ssh_config.5 | 128 | +++ b/ssh_config.5 |
129 | @@ -71,6 +71,29 @@ Since the first obtained value for each parameter is used, more | 129 | @@ -71,6 +71,29 @@ Since the first obtained value for each parameter is used, more |
@@ -156,7 +156,7 @@ index dd8241df1..aac3fabb7 100644 | |||
156 | The file contains keyword-argument pairs, one per line. | 156 | The file contains keyword-argument pairs, one per line. |
157 | Lines starting with | 157 | Lines starting with |
158 | .Ql # | 158 | .Ql # |
159 | @@ -729,11 +752,12 @@ elapsed. | 159 | @@ -742,11 +765,12 @@ elapsed. |
160 | .It Cm ForwardX11Trusted | 160 | .It Cm ForwardX11Trusted |
161 | If this option is set to | 161 | If this option is set to |
162 | .Cm yes , | 162 | .Cm yes , |
@@ -229,7 +229,7 @@ index 2c48105f8..459c1b230 100644 | |||
229 | # Example of overriding settings on a per-user basis | 229 | # Example of overriding settings on a per-user basis |
230 | #Match User anoncvs | 230 | #Match User anoncvs |
231 | diff --git a/sshd_config.5 b/sshd_config.5 | 231 | diff --git a/sshd_config.5 b/sshd_config.5 |
232 | index c27f99937..b38025dbf 100644 | 232 | index 32ae46476..472001dd1 100644 |
233 | --- a/sshd_config.5 | 233 | --- a/sshd_config.5 |
234 | +++ b/sshd_config.5 | 234 | +++ b/sshd_config.5 |
235 | @@ -56,6 +56,35 @@ Arguments may optionally be enclosed in double quotes | 235 | @@ -56,6 +56,35 @@ Arguments may optionally be enclosed in double quotes |
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch index 3b9e8df3c..23ecc0d3d 100644 --- a/debian/patches/dnssec-sshfp.patch +++ b/debian/patches/dnssec-sshfp.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From ca39bb2ab1f56d8ecdeadc32d6bda1a8e73301ac Mon Sep 17 00:00:00 2001 | 1 | From 78a7702d88713e854550a05fa9b8670f219d9bf9 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:01 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:01 +0000 |
4 | Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf | 4 | Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf |
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch index f58bbaeee..3e96f3b8e 100644 --- a/debian/patches/doc-hash-tab-completion.patch +++ b/debian/patches/doc-hash-tab-completion.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 0402bdf307736b3afae8c80c84f04b0295990c45 Mon Sep 17 00:00:00 2001 | 1 | From 5fca8a730171f96a72007118c0d35cf4a09359f8 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:11 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:11 +0000 |
4 | Subject: Document that HashKnownHosts may break tab-completion | 4 | Subject: Document that HashKnownHosts may break tab-completion |
@@ -13,10 +13,10 @@ Patch-Name: doc-hash-tab-completion.patch | |||
13 | 1 file changed, 3 insertions(+) | 13 | 1 file changed, 3 insertions(+) |
14 | 14 | ||
15 | diff --git a/ssh_config.5 b/ssh_config.5 | 15 | diff --git a/ssh_config.5 b/ssh_config.5 |
16 | index d814147d4..dd8241df1 100644 | 16 | index 190e1d927..96ca7a5df 100644 |
17 | --- a/ssh_config.5 | 17 | --- a/ssh_config.5 |
18 | +++ b/ssh_config.5 | 18 | +++ b/ssh_config.5 |
19 | @@ -848,6 +848,9 @@ Note that existing names and addresses in known hosts files | 19 | @@ -861,6 +861,9 @@ Note that existing names and addresses in known hosts files |
20 | will not be converted automatically, | 20 | will not be converted automatically, |
21 | but may be manually hashed using | 21 | but may be manually hashed using |
22 | .Xr ssh-keygen 1 . | 22 | .Xr ssh-keygen 1 . |
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch index 7436be62d..d7d0bed64 100644 --- a/debian/patches/gnome-ssh-askpass2-icon.patch +++ b/debian/patches/gnome-ssh-askpass2-icon.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 9b1d6a32944943b6b18861b97868c463bf5a6e8c Mon Sep 17 00:00:00 2001 | 1 | From c26f6f9c7051b9ab2ac13d1d227e6d39527839cc Mon Sep 17 00:00:00 2001 |
2 | From: Vincent Untz <vuntz@ubuntu.com> | 2 | From: Vincent Untz <vuntz@ubuntu.com> |
3 | Date: Sun, 9 Feb 2014 16:10:16 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:16 +0000 |
4 | Subject: Give the ssh-askpass-gnome window a default icon | 4 | Subject: Give the ssh-askpass-gnome window a default icon |
@@ -12,10 +12,10 @@ Patch-Name: gnome-ssh-askpass2-icon.patch | |||
12 | 1 file changed, 2 insertions(+) | 12 | 1 file changed, 2 insertions(+) |
13 | 13 | ||
14 | diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c | 14 | diff --git a/contrib/gnome-ssh-askpass2.c b/contrib/gnome-ssh-askpass2.c |
15 | index bc83a2d67..88cdfaeff 100644 | 15 | index f7912727c..bf8c92c8f 100644 |
16 | --- a/contrib/gnome-ssh-askpass2.c | 16 | --- a/contrib/gnome-ssh-askpass2.c |
17 | +++ b/contrib/gnome-ssh-askpass2.c | 17 | +++ b/contrib/gnome-ssh-askpass2.c |
18 | @@ -233,6 +233,8 @@ main(int argc, char **argv) | 18 | @@ -322,6 +322,8 @@ main(int argc, char **argv) |
19 | 19 | ||
20 | gtk_init(&argc, &argv); | 20 | gtk_init(&argc, &argv); |
21 | 21 | ||
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index 685923e47..d779eacb6 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 79f9d21b406c172878896ef41cdc2502fc2f84a7 Mon Sep 17 00:00:00 2001 | 1 | From d1b7918f9bce6e997c7952ac795e18d09192b2a6 Mon Sep 17 00:00:00 2001 |
2 | From: Simon Wilkinson <simon@sxw.org.uk> | 2 | From: Simon Wilkinson <simon@sxw.org.uk> |
3 | Date: Sun, 9 Feb 2014 16:09:48 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:48 +0000 |
4 | Subject: GSSAPI key exchange support | 4 | Subject: GSSAPI key exchange support |
@@ -68,10 +68,10 @@ Patch-Name: gssapi.patch | |||
68 | create mode 100644 kexgsss.c | 68 | create mode 100644 kexgsss.c |
69 | 69 | ||
70 | diff --git a/Makefile.in b/Makefile.in | 70 | diff --git a/Makefile.in b/Makefile.in |
71 | index c9e4294d3..bf1e1de47 100644 | 71 | index acfb919da..56759c388 100644 |
72 | --- a/Makefile.in | 72 | --- a/Makefile.in |
73 | +++ b/Makefile.in | 73 | +++ b/Makefile.in |
74 | @@ -109,6 +109,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ | 74 | @@ -107,6 +107,7 @@ LIBSSH_OBJS=${LIBOPENSSH_OBJS} \ |
75 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ | 75 | kex.o kexdh.o kexgex.o kexecdh.o kexc25519.o \ |
76 | kexgexc.o kexgexs.o \ | 76 | kexgexc.o kexgexs.o \ |
77 | sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \ | 77 | sntrup4591761.o kexsntrup4591761x25519.o kexgen.o \ |
@@ -79,7 +79,7 @@ index c9e4294d3..bf1e1de47 100644 | |||
79 | sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \ | 79 | sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \ |
80 | sshbuf-io.o | 80 | sshbuf-io.o |
81 | 81 | ||
82 | @@ -125,7 +126,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ | 82 | @@ -123,7 +124,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o \ |
83 | auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ | 83 | auth-bsdauth.o auth2-hostbased.o auth2-kbdint.o \ |
84 | auth2-none.o auth2-passwd.o auth2-pubkey.o \ | 84 | auth2-none.o auth2-passwd.o auth2-pubkey.o \ |
85 | monitor.o monitor_wrap.o auth-krb5.o \ | 85 | monitor.o monitor_wrap.o auth-krb5.o \ |
@@ -130,7 +130,7 @@ index 28fb43d2a..5b73d24c0 100644 | |||
130 | 130 | ||
131 | [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) | 131 | [![Fuzzing Status](https://oss-fuzz-build-logs.storage.googleapis.com/badges/openssh.svg)](https://bugs.chromium.org/p/oss-fuzz/issues/list?sort=-opened&can=1&q=proj:openssh) |
132 | diff --git a/auth.c b/auth.c | 132 | diff --git a/auth.c b/auth.c |
133 | index 086b8ebb1..687c57b42 100644 | 133 | index 9a5498b66..3d31ec860 100644 |
134 | --- a/auth.c | 134 | --- a/auth.c |
135 | +++ b/auth.c | 135 | +++ b/auth.c |
136 | @@ -400,7 +400,8 @@ auth_root_allowed(struct ssh *ssh, const char *method) | 136 | @@ -400,7 +400,8 @@ auth_root_allowed(struct ssh *ssh, const char *method) |
@@ -339,7 +339,7 @@ index 9351e0428..d6446c0cf 100644 | |||
339 | "gssapi-with-mic", | 339 | "gssapi-with-mic", |
340 | userauth_gssapi, | 340 | userauth_gssapi, |
341 | diff --git a/auth2.c b/auth2.c | 341 | diff --git a/auth2.c b/auth2.c |
342 | index 91aaf34a6..a4a5e0069 100644 | 342 | index 242a7adbe..9fa1404b3 100644 |
343 | --- a/auth2.c | 343 | --- a/auth2.c |
344 | +++ b/auth2.c | 344 | +++ b/auth2.c |
345 | @@ -73,6 +73,7 @@ extern Authmethod method_passwd; | 345 | @@ -73,6 +73,7 @@ extern Authmethod method_passwd; |
@@ -477,7 +477,7 @@ index 26d62855a..0cadc9f18 100644 | |||
477 | int get_peer_port(int); | 477 | int get_peer_port(int); |
478 | char *get_local_ipaddr(int); | 478 | char *get_local_ipaddr(int); |
479 | diff --git a/clientloop.c b/clientloop.c | 479 | diff --git a/clientloop.c b/clientloop.c |
480 | index da396c72a..42ace7789 100644 | 480 | index 60b46d161..2cebea29f 100644 |
481 | --- a/clientloop.c | 481 | --- a/clientloop.c |
482 | +++ b/clientloop.c | 482 | +++ b/clientloop.c |
483 | @@ -112,6 +112,10 @@ | 483 | @@ -112,6 +112,10 @@ |
@@ -491,7 +491,7 @@ index da396c72a..42ace7789 100644 | |||
491 | /* import options */ | 491 | /* import options */ |
492 | extern Options options; | 492 | extern Options options; |
493 | 493 | ||
494 | @@ -1361,9 +1365,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, | 494 | @@ -1368,9 +1372,18 @@ client_loop(struct ssh *ssh, int have_pty, int escape_char_arg, |
495 | break; | 495 | break; |
496 | 496 | ||
497 | /* Do channel operations unless rekeying in progress. */ | 497 | /* Do channel operations unless rekeying in progress. */ |
@@ -512,10 +512,10 @@ index da396c72a..42ace7789 100644 | |||
512 | client_process_net_input(ssh, readset); | 512 | client_process_net_input(ssh, readset); |
513 | 513 | ||
514 | diff --git a/configure.ac b/configure.ac | 514 | diff --git a/configure.ac b/configure.ac |
515 | index 460383757..d98e6f74a 100644 | 515 | index 7005a503e..c8a96deb4 100644 |
516 | --- a/configure.ac | 516 | --- a/configure.ac |
517 | +++ b/configure.ac | 517 | +++ b/configure.ac |
518 | @@ -676,6 +676,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | 518 | @@ -679,6 +679,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) |
519 | [Use tunnel device compatibility to OpenBSD]) | 519 | [Use tunnel device compatibility to OpenBSD]) |
520 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], | 520 | AC_DEFINE([SSH_TUN_PREPEND_AF], [1], |
521 | [Prepend the address family to IP tunnel traffic]) | 521 | [Prepend the address family to IP tunnel traffic]) |
@@ -1330,7 +1330,7 @@ index b5d4bb2d1..55f4d4bda 100644 | |||
1330 | 1330 | ||
1331 | /* Privileged */ | 1331 | /* Privileged */ |
1332 | diff --git a/kex.c b/kex.c | 1332 | diff --git a/kex.c b/kex.c |
1333 | index 09c7258e0..144dee512 100644 | 1333 | index aecb9394d..751cfc710 100644 |
1334 | --- a/kex.c | 1334 | --- a/kex.c |
1335 | +++ b/kex.c | 1335 | +++ b/kex.c |
1336 | @@ -57,11 +57,16 @@ | 1336 | @@ -57,11 +57,16 @@ |
@@ -1523,10 +1523,10 @@ index a5ae6ac05..fe7141414 100644 | |||
1523 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) | 1523 | __attribute__((__bounded__(__minbytes__, 1, CURVE25519_SIZE))) |
1524 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); | 1524 | __attribute__((__bounded__(__minbytes__, 2, CURVE25519_SIZE))); |
1525 | diff --git a/kexdh.c b/kexdh.c | 1525 | diff --git a/kexdh.c b/kexdh.c |
1526 | index 67133e339..edaa46762 100644 | 1526 | index 6e0159f9f..d024a8b9a 100644 |
1527 | --- a/kexdh.c | 1527 | --- a/kexdh.c |
1528 | +++ b/kexdh.c | 1528 | +++ b/kexdh.c |
1529 | @@ -48,13 +48,23 @@ kex_dh_keygen(struct kex *kex) | 1529 | @@ -49,13 +49,23 @@ kex_dh_keygen(struct kex *kex) |
1530 | { | 1530 | { |
1531 | switch (kex->kex_type) { | 1531 | switch (kex->kex_type) { |
1532 | case KEX_DH_GRP1_SHA1: | 1532 | case KEX_DH_GRP1_SHA1: |
@@ -2656,7 +2656,7 @@ index 000000000..60bc02deb | |||
2656 | +} | 2656 | +} |
2657 | +#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */ | 2657 | +#endif /* defined(GSSAPI) && defined(WITH_OPENSSL) */ |
2658 | diff --git a/monitor.c b/monitor.c | 2658 | diff --git a/monitor.c b/monitor.c |
2659 | index b6e855d5d..5347e900d 100644 | 2659 | index 4cf79dfc9..11868952b 100644 |
2660 | --- a/monitor.c | 2660 | --- a/monitor.c |
2661 | +++ b/monitor.c | 2661 | +++ b/monitor.c |
2662 | @@ -148,6 +148,8 @@ int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *); | 2662 | @@ -148,6 +148,8 @@ int mm_answer_gss_setup_ctx(struct ssh *, int, struct sshbuf *); |
@@ -2709,7 +2709,7 @@ index b6e855d5d..5347e900d 100644 | |||
2709 | 2709 | ||
2710 | if (auth_opts->permit_pty_flag) { | 2710 | if (auth_opts->permit_pty_flag) { |
2711 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); | 2711 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); |
2712 | @@ -1712,6 +1729,17 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) | 2712 | @@ -1725,6 +1742,17 @@ monitor_apply_keystate(struct ssh *ssh, struct monitor *pmonitor) |
2713 | # ifdef OPENSSL_HAS_ECC | 2713 | # ifdef OPENSSL_HAS_ECC |
2714 | kex->kex[KEX_ECDH_SHA2] = kex_gen_server; | 2714 | kex->kex[KEX_ECDH_SHA2] = kex_gen_server; |
2715 | # endif | 2715 | # endif |
@@ -2727,7 +2727,7 @@ index b6e855d5d..5347e900d 100644 | |||
2727 | #endif /* WITH_OPENSSL */ | 2727 | #endif /* WITH_OPENSSL */ |
2728 | kex->kex[KEX_C25519_SHA256] = kex_gen_server; | 2728 | kex->kex[KEX_C25519_SHA256] = kex_gen_server; |
2729 | kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; | 2729 | kex->kex[KEX_KEM_SNTRUP4591761X25519_SHA512] = kex_gen_server; |
2730 | @@ -1805,8 +1833,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m) | 2730 | @@ -1818,8 +1846,8 @@ mm_answer_gss_setup_ctx(struct ssh *ssh, int sock, struct sshbuf *m) |
2731 | u_char *p; | 2731 | u_char *p; |
2732 | int r; | 2732 | int r; |
2733 | 2733 | ||
@@ -2738,7 +2738,7 @@ index b6e855d5d..5347e900d 100644 | |||
2738 | 2738 | ||
2739 | if ((r = sshbuf_get_string(m, &p, &len)) != 0) | 2739 | if ((r = sshbuf_get_string(m, &p, &len)) != 0) |
2740 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 2740 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
2741 | @@ -1838,8 +1866,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) | 2741 | @@ -1851,8 +1879,8 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) |
2742 | OM_uint32 flags = 0; /* GSI needs this */ | 2742 | OM_uint32 flags = 0; /* GSI needs this */ |
2743 | int r; | 2743 | int r; |
2744 | 2744 | ||
@@ -2749,7 +2749,7 @@ index b6e855d5d..5347e900d 100644 | |||
2749 | 2749 | ||
2750 | if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) | 2750 | if ((r = ssh_gssapi_get_buffer_desc(m, &in)) != 0) |
2751 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); | 2751 | fatal("%s: buffer error: %s", __func__, ssh_err(r)); |
2752 | @@ -1859,6 +1887,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) | 2752 | @@ -1872,6 +1900,7 @@ mm_answer_gss_accept_ctx(struct ssh *ssh, int sock, struct sshbuf *m) |
2753 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); | 2753 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
2754 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); | 2754 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
2755 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); | 2755 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); |
@@ -2757,7 +2757,7 @@ index b6e855d5d..5347e900d 100644 | |||
2757 | } | 2757 | } |
2758 | return (0); | 2758 | return (0); |
2759 | } | 2759 | } |
2760 | @@ -1870,8 +1899,8 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) | 2760 | @@ -1883,8 +1912,8 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) |
2761 | OM_uint32 ret; | 2761 | OM_uint32 ret; |
2762 | int r; | 2762 | int r; |
2763 | 2763 | ||
@@ -2768,7 +2768,7 @@ index b6e855d5d..5347e900d 100644 | |||
2768 | 2768 | ||
2769 | if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || | 2769 | if ((r = ssh_gssapi_get_buffer_desc(m, &gssbuf)) != 0 || |
2770 | (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0) | 2770 | (r = ssh_gssapi_get_buffer_desc(m, &mic)) != 0) |
2771 | @@ -1897,13 +1926,17 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) | 2771 | @@ -1910,13 +1939,17 @@ mm_answer_gss_checkmic(struct ssh *ssh, int sock, struct sshbuf *m) |
2772 | int | 2772 | int |
2773 | mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) | 2773 | mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) |
2774 | { | 2774 | { |
@@ -2790,7 +2790,7 @@ index b6e855d5d..5347e900d 100644 | |||
2790 | 2790 | ||
2791 | sshbuf_reset(m); | 2791 | sshbuf_reset(m); |
2792 | if ((r = sshbuf_put_u32(m, authenticated)) != 0) | 2792 | if ((r = sshbuf_put_u32(m, authenticated)) != 0) |
2793 | @@ -1912,7 +1945,11 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) | 2793 | @@ -1925,7 +1958,11 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) |
2794 | debug3("%s: sending result %d", __func__, authenticated); | 2794 | debug3("%s: sending result %d", __func__, authenticated); |
2795 | mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); | 2795 | mm_request_send(sock, MONITOR_ANS_GSSUSEROK, m); |
2796 | 2796 | ||
@@ -2803,7 +2803,7 @@ index b6e855d5d..5347e900d 100644 | |||
2803 | 2803 | ||
2804 | if ((displayname = ssh_gssapi_displayname()) != NULL) | 2804 | if ((displayname = ssh_gssapi_displayname()) != NULL) |
2805 | auth2_record_info(authctxt, "%s", displayname); | 2805 | auth2_record_info(authctxt, "%s", displayname); |
2806 | @@ -1920,5 +1957,85 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) | 2806 | @@ -1933,5 +1970,85 @@ mm_answer_gss_userok(struct ssh *ssh, int sock, struct sshbuf *m) |
2807 | /* Monitor loop will terminate if authenticated */ | 2807 | /* Monitor loop will terminate if authenticated */ |
2808 | return (authenticated); | 2808 | return (authenticated); |
2809 | } | 2809 | } |
@@ -2903,7 +2903,7 @@ index 683e5e071..2b1a2d590 100644 | |||
2903 | 2903 | ||
2904 | struct ssh; | 2904 | struct ssh; |
2905 | diff --git a/monitor_wrap.c b/monitor_wrap.c | 2905 | diff --git a/monitor_wrap.c b/monitor_wrap.c |
2906 | index 001a8fa1c..6edb509a3 100644 | 2906 | index 5e38d83eb..0e78cd006 100644 |
2907 | --- a/monitor_wrap.c | 2907 | --- a/monitor_wrap.c |
2908 | +++ b/monitor_wrap.c | 2908 | +++ b/monitor_wrap.c |
2909 | @@ -993,13 +993,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | 2909 | @@ -993,13 +993,15 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) |
@@ -2982,10 +2982,10 @@ index 001a8fa1c..6edb509a3 100644 | |||
2982 | + | 2982 | + |
2983 | #endif /* GSSAPI */ | 2983 | #endif /* GSSAPI */ |
2984 | diff --git a/monitor_wrap.h b/monitor_wrap.h | 2984 | diff --git a/monitor_wrap.h b/monitor_wrap.h |
2985 | index 23ab096aa..485590c18 100644 | 2985 | index 0db38c206..75aef1c74 100644 |
2986 | --- a/monitor_wrap.h | 2986 | --- a/monitor_wrap.h |
2987 | +++ b/monitor_wrap.h | 2987 | +++ b/monitor_wrap.h |
2988 | @@ -64,8 +64,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t, | 2988 | @@ -65,8 +65,10 @@ int mm_sshkey_verify(const struct sshkey *, const u_char *, size_t, |
2989 | OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); | 2989 | OM_uint32 mm_ssh_gssapi_server_ctx(Gssctxt **, gss_OID); |
2990 | OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, | 2990 | OM_uint32 mm_ssh_gssapi_accept_ctx(Gssctxt *, |
2991 | gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); | 2991 | gss_buffer_desc *, gss_buffer_desc *, OM_uint32 *); |
@@ -2998,7 +2998,7 @@ index 23ab096aa..485590c18 100644 | |||
2998 | 2998 | ||
2999 | #ifdef USE_PAM | 2999 | #ifdef USE_PAM |
3000 | diff --git a/readconf.c b/readconf.c | 3000 | diff --git a/readconf.c b/readconf.c |
3001 | index 2afcbaeca..fb585e248 100644 | 3001 | index 554efd7c9..57dae55d1 100644 |
3002 | --- a/readconf.c | 3002 | --- a/readconf.c |
3003 | +++ b/readconf.c | 3003 | +++ b/readconf.c |
3004 | @@ -67,6 +67,7 @@ | 3004 | @@ -67,6 +67,7 @@ |
@@ -3041,7 +3041,7 @@ index 2afcbaeca..fb585e248 100644 | |||
3041 | #endif | 3041 | #endif |
3042 | #ifdef ENABLE_PKCS11 | 3042 | #ifdef ENABLE_PKCS11 |
3043 | { "pkcs11provider", oPKCS11Provider }, | 3043 | { "pkcs11provider", oPKCS11Provider }, |
3044 | @@ -1053,10 +1068,42 @@ parse_time: | 3044 | @@ -1068,10 +1083,42 @@ parse_time: |
3045 | intptr = &options->gss_authentication; | 3045 | intptr = &options->gss_authentication; |
3046 | goto parse_flag; | 3046 | goto parse_flag; |
3047 | 3047 | ||
@@ -3084,7 +3084,7 @@ index 2afcbaeca..fb585e248 100644 | |||
3084 | case oBatchMode: | 3084 | case oBatchMode: |
3085 | intptr = &options->batch_mode; | 3085 | intptr = &options->batch_mode; |
3086 | goto parse_flag; | 3086 | goto parse_flag; |
3087 | @@ -1935,7 +1982,13 @@ initialize_options(Options * options) | 3087 | @@ -1976,7 +2023,13 @@ initialize_options(Options * options) |
3088 | options->pubkey_authentication = -1; | 3088 | options->pubkey_authentication = -1; |
3089 | options->challenge_response_authentication = -1; | 3089 | options->challenge_response_authentication = -1; |
3090 | options->gss_authentication = -1; | 3090 | options->gss_authentication = -1; |
@@ -3098,7 +3098,7 @@ index 2afcbaeca..fb585e248 100644 | |||
3098 | options->password_authentication = -1; | 3098 | options->password_authentication = -1; |
3099 | options->kbd_interactive_authentication = -1; | 3099 | options->kbd_interactive_authentication = -1; |
3100 | options->kbd_interactive_devices = NULL; | 3100 | options->kbd_interactive_devices = NULL; |
3101 | @@ -2083,8 +2136,18 @@ fill_default_options(Options * options) | 3101 | @@ -2125,8 +2178,18 @@ fill_default_options(Options * options) |
3102 | options->challenge_response_authentication = 1; | 3102 | options->challenge_response_authentication = 1; |
3103 | if (options->gss_authentication == -1) | 3103 | if (options->gss_authentication == -1) |
3104 | options->gss_authentication = 0; | 3104 | options->gss_authentication = 0; |
@@ -3117,7 +3117,7 @@ index 2afcbaeca..fb585e248 100644 | |||
3117 | if (options->password_authentication == -1) | 3117 | if (options->password_authentication == -1) |
3118 | options->password_authentication = 1; | 3118 | options->password_authentication = 1; |
3119 | if (options->kbd_interactive_authentication == -1) | 3119 | if (options->kbd_interactive_authentication == -1) |
3120 | @@ -2726,7 +2789,14 @@ dump_client_config(Options *o, const char *host) | 3120 | @@ -2776,7 +2839,14 @@ dump_client_config(Options *o, const char *host) |
3121 | dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); | 3121 | dump_cfg_fmtint(oGatewayPorts, o->fwd_opts.gateway_ports); |
3122 | #ifdef GSSAPI | 3122 | #ifdef GSSAPI |
3123 | dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); | 3123 | dump_cfg_fmtint(oGssAuthentication, o->gss_authentication); |
@@ -3133,7 +3133,7 @@ index 2afcbaeca..fb585e248 100644 | |||
3133 | dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); | 3133 | dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); |
3134 | dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); | 3134 | dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); |
3135 | diff --git a/readconf.h b/readconf.h | 3135 | diff --git a/readconf.h b/readconf.h |
3136 | index e143a1082..c405b837f 100644 | 3136 | index d6a15550d..3803eeddf 100644 |
3137 | --- a/readconf.h | 3137 | --- a/readconf.h |
3138 | +++ b/readconf.h | 3138 | +++ b/readconf.h |
3139 | @@ -41,7 +41,13 @@ typedef struct { | 3139 | @@ -41,7 +41,13 @@ typedef struct { |
@@ -3151,10 +3151,10 @@ index e143a1082..c405b837f 100644 | |||
3151 | * authentication. */ | 3151 | * authentication. */ |
3152 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ | 3152 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ |
3153 | diff --git a/servconf.c b/servconf.c | 3153 | diff --git a/servconf.c b/servconf.c |
3154 | index ba0a92c7b..f38ba9e44 100644 | 3154 | index f08e37477..ded8f4a87 100644 |
3155 | --- a/servconf.c | 3155 | --- a/servconf.c |
3156 | +++ b/servconf.c | 3156 | +++ b/servconf.c |
3157 | @@ -69,6 +69,7 @@ | 3157 | @@ -70,6 +70,7 @@ |
3158 | #include "auth.h" | 3158 | #include "auth.h" |
3159 | #include "myproposal.h" | 3159 | #include "myproposal.h" |
3160 | #include "digest.h" | 3160 | #include "digest.h" |
@@ -3162,7 +3162,7 @@ index ba0a92c7b..f38ba9e44 100644 | |||
3162 | 3162 | ||
3163 | static void add_listen_addr(ServerOptions *, const char *, | 3163 | static void add_listen_addr(ServerOptions *, const char *, |
3164 | const char *, int); | 3164 | const char *, int); |
3165 | @@ -133,8 +134,11 @@ initialize_server_options(ServerOptions *options) | 3165 | @@ -134,8 +135,11 @@ initialize_server_options(ServerOptions *options) |
3166 | options->kerberos_ticket_cleanup = -1; | 3166 | options->kerberos_ticket_cleanup = -1; |
3167 | options->kerberos_get_afs_token = -1; | 3167 | options->kerberos_get_afs_token = -1; |
3168 | options->gss_authentication=-1; | 3168 | options->gss_authentication=-1; |
@@ -3174,7 +3174,7 @@ index ba0a92c7b..f38ba9e44 100644 | |||
3174 | options->password_authentication = -1; | 3174 | options->password_authentication = -1; |
3175 | options->kbd_interactive_authentication = -1; | 3175 | options->kbd_interactive_authentication = -1; |
3176 | options->challenge_response_authentication = -1; | 3176 | options->challenge_response_authentication = -1; |
3177 | @@ -375,10 +379,18 @@ fill_default_server_options(ServerOptions *options) | 3177 | @@ -376,10 +380,18 @@ fill_default_server_options(ServerOptions *options) |
3178 | options->kerberos_get_afs_token = 0; | 3178 | options->kerberos_get_afs_token = 0; |
3179 | if (options->gss_authentication == -1) | 3179 | if (options->gss_authentication == -1) |
3180 | options->gss_authentication = 0; | 3180 | options->gss_authentication = 0; |
@@ -3193,7 +3193,7 @@ index ba0a92c7b..f38ba9e44 100644 | |||
3193 | if (options->password_authentication == -1) | 3193 | if (options->password_authentication == -1) |
3194 | options->password_authentication = 1; | 3194 | options->password_authentication = 1; |
3195 | if (options->kbd_interactive_authentication == -1) | 3195 | if (options->kbd_interactive_authentication == -1) |
3196 | @@ -531,6 +543,7 @@ typedef enum { | 3196 | @@ -523,6 +535,7 @@ typedef enum { |
3197 | sHostKeyAlgorithms, | 3197 | sHostKeyAlgorithms, |
3198 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, | 3198 | sClientAliveInterval, sClientAliveCountMax, sAuthorizedKeysFile, |
3199 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, | 3199 | sGssAuthentication, sGssCleanupCreds, sGssStrictAcceptor, |
@@ -3201,7 +3201,7 @@ index ba0a92c7b..f38ba9e44 100644 | |||
3201 | sAcceptEnv, sSetEnv, sPermitTunnel, | 3201 | sAcceptEnv, sSetEnv, sPermitTunnel, |
3202 | sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, | 3202 | sMatch, sPermitOpen, sPermitListen, sForceCommand, sChrootDirectory, |
3203 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 3203 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
3204 | @@ -607,12 +620,22 @@ static struct { | 3204 | @@ -600,12 +613,22 @@ static struct { |
3205 | #ifdef GSSAPI | 3205 | #ifdef GSSAPI |
3206 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 3206 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
3207 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 3207 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
@@ -3224,7 +3224,7 @@ index ba0a92c7b..f38ba9e44 100644 | |||
3224 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 3224 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
3225 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 3225 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
3226 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 3226 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
3227 | @@ -1555,6 +1578,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, | 3227 | @@ -1557,6 +1580,10 @@ process_server_config_line_depth(ServerOptions *options, char *line, |
3228 | intptr = &options->gss_authentication; | 3228 | intptr = &options->gss_authentication; |
3229 | goto parse_flag; | 3229 | goto parse_flag; |
3230 | 3230 | ||
@@ -3235,7 +3235,7 @@ index ba0a92c7b..f38ba9e44 100644 | |||
3235 | case sGssCleanupCreds: | 3235 | case sGssCleanupCreds: |
3236 | intptr = &options->gss_cleanup_creds; | 3236 | intptr = &options->gss_cleanup_creds; |
3237 | goto parse_flag; | 3237 | goto parse_flag; |
3238 | @@ -1563,6 +1590,22 @@ process_server_config_line_depth(ServerOptions *options, char *line, | 3238 | @@ -1565,6 +1592,22 @@ process_server_config_line_depth(ServerOptions *options, char *line, |
3239 | intptr = &options->gss_strict_acceptor; | 3239 | intptr = &options->gss_strict_acceptor; |
3240 | goto parse_flag; | 3240 | goto parse_flag; |
3241 | 3241 | ||
@@ -3258,7 +3258,7 @@ index ba0a92c7b..f38ba9e44 100644 | |||
3258 | case sPasswordAuthentication: | 3258 | case sPasswordAuthentication: |
3259 | intptr = &options->password_authentication; | 3259 | intptr = &options->password_authentication; |
3260 | goto parse_flag; | 3260 | goto parse_flag; |
3261 | @@ -2791,6 +2834,10 @@ dump_config(ServerOptions *o) | 3261 | @@ -2808,6 +2851,10 @@ dump_config(ServerOptions *o) |
3262 | #ifdef GSSAPI | 3262 | #ifdef GSSAPI |
3263 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 3263 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
3264 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); | 3264 | dump_cfg_fmtint(sGssCleanupCreds, o->gss_cleanup_creds); |
@@ -3270,10 +3270,10 @@ index ba0a92c7b..f38ba9e44 100644 | |||
3270 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); | 3270 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
3271 | dump_cfg_fmtint(sKbdInteractiveAuthentication, | 3271 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |
3272 | diff --git a/servconf.h b/servconf.h | 3272 | diff --git a/servconf.h b/servconf.h |
3273 | index a420f398d..253cad97e 100644 | 3273 | index 1df8f3db8..f10908e5b 100644 |
3274 | --- a/servconf.h | 3274 | --- a/servconf.h |
3275 | +++ b/servconf.h | 3275 | +++ b/servconf.h |
3276 | @@ -137,8 +137,11 @@ typedef struct { | 3276 | @@ -138,8 +138,11 @@ typedef struct { |
3277 | int kerberos_get_afs_token; /* If true, try to get AFS token if | 3277 | int kerberos_get_afs_token; /* If true, try to get AFS token if |
3278 | * authenticated with Kerberos. */ | 3278 | * authenticated with Kerberos. */ |
3279 | int gss_authentication; /* If true, permit GSSAPI authentication */ | 3279 | int gss_authentication; /* If true, permit GSSAPI authentication */ |
@@ -3286,10 +3286,10 @@ index a420f398d..253cad97e 100644 | |||
3286 | * authentication. */ | 3286 | * authentication. */ |
3287 | int kbd_interactive_authentication; /* If true, permit */ | 3287 | int kbd_interactive_authentication; /* If true, permit */ |
3288 | diff --git a/session.c b/session.c | 3288 | diff --git a/session.c b/session.c |
3289 | index 18cdfa8cf..f9c2c866e 100644 | 3289 | index 27ca8a104..857f17b3c 100644 |
3290 | --- a/session.c | 3290 | --- a/session.c |
3291 | +++ b/session.c | 3291 | +++ b/session.c |
3292 | @@ -2678,13 +2678,19 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt) | 3292 | @@ -2685,13 +2685,19 @@ do_cleanup(struct ssh *ssh, Authctxt *authctxt) |
3293 | 3293 | ||
3294 | #ifdef KRB5 | 3294 | #ifdef KRB5 |
3295 | if (options.kerberos_ticket_cleanup && | 3295 | if (options.kerberos_ticket_cleanup && |
@@ -3436,7 +3436,7 @@ index 36180d07a..50d80bbca 100644 | |||
3436 | 3436 | ||
3437 | #endif /* _SSH_GSS_H */ | 3437 | #endif /* _SSH_GSS_H */ |
3438 | diff --git a/ssh.1 b/ssh.1 | 3438 | diff --git a/ssh.1 b/ssh.1 |
3439 | index dce5f404b..7a3ba31ab 100644 | 3439 | index 555317887..be8e964f0 100644 |
3440 | --- a/ssh.1 | 3440 | --- a/ssh.1 |
3441 | +++ b/ssh.1 | 3441 | +++ b/ssh.1 |
3442 | @@ -506,7 +506,13 @@ For full details of the options listed below, and their possible values, see | 3442 | @@ -506,7 +506,13 @@ For full details of the options listed below, and their possible values, see |
@@ -3463,10 +3463,10 @@ index dce5f404b..7a3ba31ab 100644 | |||
3463 | (key types), | 3463 | (key types), |
3464 | .Ar key-cert | 3464 | .Ar key-cert |
3465 | diff --git a/ssh.c b/ssh.c | 3465 | diff --git a/ssh.c b/ssh.c |
3466 | index 98b6ce788..4a81ef810 100644 | 3466 | index f34ca0d71..bb98a7e2d 100644 |
3467 | --- a/ssh.c | 3467 | --- a/ssh.c |
3468 | +++ b/ssh.c | 3468 | +++ b/ssh.c |
3469 | @@ -773,6 +773,8 @@ main(int ac, char **av) | 3469 | @@ -801,6 +801,8 @@ main(int ac, char **av) |
3470 | else if (strcmp(optarg, "kex") == 0 || | 3470 | else if (strcmp(optarg, "kex") == 0 || |
3471 | strcasecmp(optarg, "KexAlgorithms") == 0) | 3471 | strcasecmp(optarg, "KexAlgorithms") == 0) |
3472 | cp = kex_alg_list('\n'); | 3472 | cp = kex_alg_list('\n'); |
@@ -3475,7 +3475,7 @@ index 98b6ce788..4a81ef810 100644 | |||
3475 | else if (strcmp(optarg, "key") == 0) | 3475 | else if (strcmp(optarg, "key") == 0) |
3476 | cp = sshkey_alg_list(0, 0, 0, '\n'); | 3476 | cp = sshkey_alg_list(0, 0, 0, '\n'); |
3477 | else if (strcmp(optarg, "key-cert") == 0) | 3477 | else if (strcmp(optarg, "key-cert") == 0) |
3478 | @@ -798,8 +800,8 @@ main(int ac, char **av) | 3478 | @@ -826,8 +828,8 @@ main(int ac, char **av) |
3479 | } else if (strcmp(optarg, "help") == 0) { | 3479 | } else if (strcmp(optarg, "help") == 0) { |
3480 | cp = xstrdup( | 3480 | cp = xstrdup( |
3481 | "cipher\ncipher-auth\ncompression\nkex\n" | 3481 | "cipher\ncipher-auth\ncompression\nkex\n" |
@@ -3487,7 +3487,7 @@ index 98b6ce788..4a81ef810 100644 | |||
3487 | if (cp == NULL) | 3487 | if (cp == NULL) |
3488 | fatal("Unsupported query \"%s\"", optarg); | 3488 | fatal("Unsupported query \"%s\"", optarg); |
3489 | diff --git a/ssh_config b/ssh_config | 3489 | diff --git a/ssh_config b/ssh_config |
3490 | index 5e8ef548b..1ff999b68 100644 | 3490 | index 842ea866c..52aae8692 100644 |
3491 | --- a/ssh_config | 3491 | --- a/ssh_config |
3492 | +++ b/ssh_config | 3492 | +++ b/ssh_config |
3493 | @@ -24,6 +24,8 @@ | 3493 | @@ -24,6 +24,8 @@ |
@@ -3500,10 +3500,10 @@ index 5e8ef548b..1ff999b68 100644 | |||
3500 | # CheckHostIP yes | 3500 | # CheckHostIP yes |
3501 | # AddressFamily any | 3501 | # AddressFamily any |
3502 | diff --git a/ssh_config.5 b/ssh_config.5 | 3502 | diff --git a/ssh_config.5 b/ssh_config.5 |
3503 | index dc010ccbd..e2a2359f9 100644 | 3503 | index 6be1f1aa2..bd86d000c 100644 |
3504 | --- a/ssh_config.5 | 3504 | --- a/ssh_config.5 |
3505 | +++ b/ssh_config.5 | 3505 | +++ b/ssh_config.5 |
3506 | @@ -766,10 +766,67 @@ The default is | 3506 | @@ -779,10 +779,67 @@ The default is |
3507 | Specifies whether user authentication based on GSSAPI is allowed. | 3507 | Specifies whether user authentication based on GSSAPI is allowed. |
3508 | The default is | 3508 | The default is |
3509 | .Cm no . | 3509 | .Cm no . |
@@ -3572,7 +3572,7 @@ index dc010ccbd..e2a2359f9 100644 | |||
3572 | Indicates that | 3572 | Indicates that |
3573 | .Xr ssh 1 | 3573 | .Xr ssh 1 |
3574 | diff --git a/sshconnect2.c b/sshconnect2.c | 3574 | diff --git a/sshconnect2.c b/sshconnect2.c |
3575 | index 1a6545edf..79a22e600 100644 | 3575 | index f64aae66a..c47fc31a6 100644 |
3576 | --- a/sshconnect2.c | 3576 | --- a/sshconnect2.c |
3577 | +++ b/sshconnect2.c | 3577 | +++ b/sshconnect2.c |
3578 | @@ -80,8 +80,6 @@ | 3578 | @@ -80,8 +80,6 @@ |
@@ -3584,7 +3584,7 @@ index 1a6545edf..79a22e600 100644 | |||
3584 | extern Options options; | 3584 | extern Options options; |
3585 | 3585 | ||
3586 | /* | 3586 | /* |
3587 | @@ -163,6 +161,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) | 3587 | @@ -210,6 +208,11 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) |
3588 | char *s, *all_key; | 3588 | char *s, *all_key; |
3589 | int r, use_known_hosts_order = 0; | 3589 | int r, use_known_hosts_order = 0; |
3590 | 3590 | ||
@@ -3596,7 +3596,7 @@ index 1a6545edf..79a22e600 100644 | |||
3596 | xxx_host = host; | 3596 | xxx_host = host; |
3597 | xxx_hostaddr = hostaddr; | 3597 | xxx_hostaddr = hostaddr; |
3598 | 3598 | ||
3599 | @@ -206,6 +209,41 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) | 3599 | @@ -253,6 +256,41 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) |
3600 | compat_pkalg_proposal(options.hostkeyalgorithms); | 3600 | compat_pkalg_proposal(options.hostkeyalgorithms); |
3601 | } | 3601 | } |
3602 | 3602 | ||
@@ -3638,7 +3638,7 @@ index 1a6545edf..79a22e600 100644 | |||
3638 | if (options.rekey_limit || options.rekey_interval) | 3638 | if (options.rekey_limit || options.rekey_interval) |
3639 | ssh_packet_set_rekey_limits(ssh, options.rekey_limit, | 3639 | ssh_packet_set_rekey_limits(ssh, options.rekey_limit, |
3640 | options.rekey_interval); | 3640 | options.rekey_interval); |
3641 | @@ -224,16 +262,46 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) | 3641 | @@ -271,16 +309,46 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port) |
3642 | # ifdef OPENSSL_HAS_ECC | 3642 | # ifdef OPENSSL_HAS_ECC |
3643 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; | 3643 | ssh->kex->kex[KEX_ECDH_SHA2] = kex_gen_client; |
3644 | # endif | 3644 | # endif |
@@ -3686,7 +3686,7 @@ index 1a6545edf..79a22e600 100644 | |||
3686 | if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) | 3686 | if ((r = kex_prop2buf(ssh->kex->my, myproposal)) != 0) |
3687 | fatal("kex_prop2buf: %s", ssh_err(r)); | 3687 | fatal("kex_prop2buf: %s", ssh_err(r)); |
3688 | 3688 | ||
3689 | @@ -330,6 +398,7 @@ static int input_gssapi_response(int type, u_int32_t, struct ssh *); | 3689 | @@ -377,6 +445,7 @@ static int input_gssapi_response(int type, u_int32_t, struct ssh *); |
3690 | static int input_gssapi_token(int type, u_int32_t, struct ssh *); | 3690 | static int input_gssapi_token(int type, u_int32_t, struct ssh *); |
3691 | static int input_gssapi_error(int, u_int32_t, struct ssh *); | 3691 | static int input_gssapi_error(int, u_int32_t, struct ssh *); |
3692 | static int input_gssapi_errtok(int, u_int32_t, struct ssh *); | 3692 | static int input_gssapi_errtok(int, u_int32_t, struct ssh *); |
@@ -3694,7 +3694,7 @@ index 1a6545edf..79a22e600 100644 | |||
3694 | #endif | 3694 | #endif |
3695 | 3695 | ||
3696 | void userauth(struct ssh *, char *); | 3696 | void userauth(struct ssh *, char *); |
3697 | @@ -346,6 +415,11 @@ static char *authmethods_get(void); | 3697 | @@ -393,6 +462,11 @@ static char *authmethods_get(void); |
3698 | 3698 | ||
3699 | Authmethod authmethods[] = { | 3699 | Authmethod authmethods[] = { |
3700 | #ifdef GSSAPI | 3700 | #ifdef GSSAPI |
@@ -3706,7 +3706,7 @@ index 1a6545edf..79a22e600 100644 | |||
3706 | {"gssapi-with-mic", | 3706 | {"gssapi-with-mic", |
3707 | userauth_gssapi, | 3707 | userauth_gssapi, |
3708 | userauth_gssapi_cleanup, | 3708 | userauth_gssapi_cleanup, |
3709 | @@ -716,12 +790,31 @@ userauth_gssapi(struct ssh *ssh) | 3709 | @@ -763,12 +837,31 @@ userauth_gssapi(struct ssh *ssh) |
3710 | OM_uint32 min; | 3710 | OM_uint32 min; |
3711 | int r, ok = 0; | 3711 | int r, ok = 0; |
3712 | gss_OID mech = NULL; | 3712 | gss_OID mech = NULL; |
@@ -3739,7 +3739,7 @@ index 1a6545edf..79a22e600 100644 | |||
3739 | 3739 | ||
3740 | /* Check to see whether the mechanism is usable before we offer it */ | 3740 | /* Check to see whether the mechanism is usable before we offer it */ |
3741 | while (authctxt->mech_tried < authctxt->gss_supported_mechs->count && | 3741 | while (authctxt->mech_tried < authctxt->gss_supported_mechs->count && |
3742 | @@ -730,13 +823,15 @@ userauth_gssapi(struct ssh *ssh) | 3742 | @@ -777,13 +870,15 @@ userauth_gssapi(struct ssh *ssh) |
3743 | elements[authctxt->mech_tried]; | 3743 | elements[authctxt->mech_tried]; |
3744 | /* My DER encoding requires length<128 */ | 3744 | /* My DER encoding requires length<128 */ |
3745 | if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt, | 3745 | if (mech->length < 128 && ssh_gssapi_check_mechanism(&gssctxt, |
@@ -3756,7 +3756,7 @@ index 1a6545edf..79a22e600 100644 | |||
3756 | if (!ok || mech == NULL) | 3756 | if (!ok || mech == NULL) |
3757 | return 0; | 3757 | return 0; |
3758 | 3758 | ||
3759 | @@ -976,6 +1071,55 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) | 3759 | @@ -1023,6 +1118,55 @@ input_gssapi_error(int type, u_int32_t plen, struct ssh *ssh) |
3760 | free(lang); | 3760 | free(lang); |
3761 | return r; | 3761 | return r; |
3762 | } | 3762 | } |
@@ -3813,7 +3813,7 @@ index 1a6545edf..79a22e600 100644 | |||
3813 | 3813 | ||
3814 | static int | 3814 | static int |
3815 | diff --git a/sshd.c b/sshd.c | 3815 | diff --git a/sshd.c b/sshd.c |
3816 | index 6f8f11a3b..02fca5c28 100644 | 3816 | index 8aa7f3df6..8c5d5822e 100644 |
3817 | --- a/sshd.c | 3817 | --- a/sshd.c |
3818 | +++ b/sshd.c | 3818 | +++ b/sshd.c |
3819 | @@ -816,8 +816,8 @@ notify_hostkeys(struct ssh *ssh) | 3819 | @@ -816,8 +816,8 @@ notify_hostkeys(struct ssh *ssh) |
@@ -3827,7 +3827,7 @@ index 6f8f11a3b..02fca5c28 100644 | |||
3827 | sshpkt_fatal(ssh, r, "%s: send", __func__); | 3827 | sshpkt_fatal(ssh, r, "%s: send", __func__); |
3828 | sshbuf_free(buf); | 3828 | sshbuf_free(buf); |
3829 | } | 3829 | } |
3830 | @@ -1851,7 +1851,8 @@ main(int ac, char **av) | 3830 | @@ -1901,7 +1901,8 @@ main(int ac, char **av) |
3831 | free(fp); | 3831 | free(fp); |
3832 | } | 3832 | } |
3833 | accumulate_host_timing_secret(cfg, NULL); | 3833 | accumulate_host_timing_secret(cfg, NULL); |
@@ -3837,7 +3837,7 @@ index 6f8f11a3b..02fca5c28 100644 | |||
3837 | logit("sshd: no hostkeys available -- exiting."); | 3837 | logit("sshd: no hostkeys available -- exiting."); |
3838 | exit(1); | 3838 | exit(1); |
3839 | } | 3839 | } |
3840 | @@ -2342,6 +2343,48 @@ do_ssh2_kex(struct ssh *ssh) | 3840 | @@ -2393,6 +2394,48 @@ do_ssh2_kex(struct ssh *ssh) |
3841 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( | 3841 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( |
3842 | list_hostkey_types()); | 3842 | list_hostkey_types()); |
3843 | 3843 | ||
@@ -3886,7 +3886,7 @@ index 6f8f11a3b..02fca5c28 100644 | |||
3886 | /* start key exchange */ | 3886 | /* start key exchange */ |
3887 | if ((r = kex_setup(ssh, myproposal)) != 0) | 3887 | if ((r = kex_setup(ssh, myproposal)) != 0) |
3888 | fatal("kex_setup: %s", ssh_err(r)); | 3888 | fatal("kex_setup: %s", ssh_err(r)); |
3889 | @@ -2357,7 +2400,18 @@ do_ssh2_kex(struct ssh *ssh) | 3889 | @@ -2408,7 +2451,18 @@ do_ssh2_kex(struct ssh *ssh) |
3890 | # ifdef OPENSSL_HAS_ECC | 3890 | # ifdef OPENSSL_HAS_ECC |
3891 | kex->kex[KEX_ECDH_SHA2] = kex_gen_server; | 3891 | kex->kex[KEX_ECDH_SHA2] = kex_gen_server; |
3892 | # endif | 3892 | # endif |
@@ -3920,7 +3920,7 @@ index 19b7c91a1..2c48105f8 100644 | |||
3920 | # Set this to 'yes' to enable PAM authentication, account processing, | 3920 | # Set this to 'yes' to enable PAM authentication, account processing, |
3921 | # and session processing. If this is enabled, PAM authentication will | 3921 | # and session processing. If this is enabled, PAM authentication will |
3922 | diff --git a/sshd_config.5 b/sshd_config.5 | 3922 | diff --git a/sshd_config.5 b/sshd_config.5 |
3923 | index b294efc2d..360e5fb1a 100644 | 3923 | index 6fa421cae..eabbe9e73 100644 |
3924 | --- a/sshd_config.5 | 3924 | --- a/sshd_config.5 |
3925 | +++ b/sshd_config.5 | 3925 | +++ b/sshd_config.5 |
3926 | @@ -644,6 +644,11 @@ Specifies whether to automatically destroy the user's credentials cache | 3926 | @@ -644,6 +644,11 @@ Specifies whether to automatically destroy the user's credentials cache |
@@ -3968,10 +3968,10 @@ index b294efc2d..360e5fb1a 100644 | |||
3968 | Specifies the key types that will be accepted for hostbased authentication | 3968 | Specifies the key types that will be accepted for hostbased authentication |
3969 | as a list of comma-separated patterns. | 3969 | as a list of comma-separated patterns. |
3970 | diff --git a/sshkey.c b/sshkey.c | 3970 | diff --git a/sshkey.c b/sshkey.c |
3971 | index 1571e3d93..1ac32a0ec 100644 | 3971 | index ac451f1a8..b88282e19 100644 |
3972 | --- a/sshkey.c | 3972 | --- a/sshkey.c |
3973 | +++ b/sshkey.c | 3973 | +++ b/sshkey.c |
3974 | @@ -154,6 +154,7 @@ static const struct keytype keytypes[] = { | 3974 | @@ -156,6 +156,7 @@ static const struct keytype keytypes[] = { |
3975 | KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 }, | 3975 | KEY_ECDSA_SK_CERT, NID_X9_62_prime256v1, 1, 0 }, |
3976 | # endif /* OPENSSL_HAS_ECC */ | 3976 | # endif /* OPENSSL_HAS_ECC */ |
3977 | #endif /* WITH_OPENSSL */ | 3977 | #endif /* WITH_OPENSSL */ |
@@ -3979,7 +3979,7 @@ index 1571e3d93..1ac32a0ec 100644 | |||
3979 | { NULL, NULL, NULL, -1, -1, 0, 0 } | 3979 | { NULL, NULL, NULL, -1, -1, 0, 0 } |
3980 | }; | 3980 | }; |
3981 | 3981 | ||
3982 | @@ -255,7 +256,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) | 3982 | @@ -257,7 +258,7 @@ sshkey_alg_list(int certs_only, int plain_only, int include_sigonly, char sep) |
3983 | const struct keytype *kt; | 3983 | const struct keytype *kt; |
3984 | 3984 | ||
3985 | for (kt = keytypes; kt->type != -1; kt++) { | 3985 | for (kt = keytypes; kt->type != -1; kt++) { |
@@ -3989,7 +3989,7 @@ index 1571e3d93..1ac32a0ec 100644 | |||
3989 | if (!include_sigonly && kt->sigonly) | 3989 | if (!include_sigonly && kt->sigonly) |
3990 | continue; | 3990 | continue; |
3991 | diff --git a/sshkey.h b/sshkey.h | 3991 | diff --git a/sshkey.h b/sshkey.h |
3992 | index 9c1d4f637..f586e8967 100644 | 3992 | index 2d8b62497..dc1c10597 100644 |
3993 | --- a/sshkey.h | 3993 | --- a/sshkey.h |
3994 | +++ b/sshkey.h | 3994 | +++ b/sshkey.h |
3995 | @@ -69,6 +69,7 @@ enum sshkey_types { | 3995 | @@ -69,6 +69,7 @@ enum sshkey_types { |
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch index 4a26d9d31..c9bc83267 100644 --- a/debian/patches/keepalive-extensions.patch +++ b/debian/patches/keepalive-extensions.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 24c9c811bfd227e467ab1ce00503f08dcc22c0f4 Mon Sep 17 00:00:00 2001 | 1 | From 164d1c9f11309d38273ac64e30eda2baa3733f78 Mon Sep 17 00:00:00 2001 |
2 | From: Richard Kettlewell <rjk@greenend.org.uk> | 2 | From: Richard Kettlewell <rjk@greenend.org.uk> |
3 | Date: Sun, 9 Feb 2014 16:09:52 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:52 +0000 |
4 | Subject: Various keepalive extensions | 4 | Subject: Various keepalive extensions |
@@ -26,7 +26,7 @@ Patch-Name: keepalive-extensions.patch | |||
26 | 3 files changed, 34 insertions(+), 4 deletions(-) | 26 | 3 files changed, 34 insertions(+), 4 deletions(-) |
27 | 27 | ||
28 | diff --git a/readconf.c b/readconf.c | 28 | diff --git a/readconf.c b/readconf.c |
29 | index 2ccc48572..431243193 100644 | 29 | index b069333fa..3d0a812b3 100644 |
30 | --- a/readconf.c | 30 | --- a/readconf.c |
31 | +++ b/readconf.c | 31 | +++ b/readconf.c |
32 | @@ -176,6 +176,7 @@ typedef enum { | 32 | @@ -176,6 +176,7 @@ typedef enum { |
@@ -46,7 +46,7 @@ index 2ccc48572..431243193 100644 | |||
46 | 46 | ||
47 | { NULL, oBadOption } | 47 | { NULL, oBadOption } |
48 | }; | 48 | }; |
49 | @@ -1519,6 +1522,8 @@ parse_keytypes: | 49 | @@ -1534,6 +1537,8 @@ parse_keytypes: |
50 | goto parse_flag; | 50 | goto parse_flag; |
51 | 51 | ||
52 | case oServerAliveInterval: | 52 | case oServerAliveInterval: |
@@ -55,7 +55,7 @@ index 2ccc48572..431243193 100644 | |||
55 | intptr = &options->server_alive_interval; | 55 | intptr = &options->server_alive_interval; |
56 | goto parse_time; | 56 | goto parse_time; |
57 | 57 | ||
58 | @@ -2222,8 +2227,13 @@ fill_default_options(Options * options) | 58 | @@ -2266,8 +2271,13 @@ fill_default_options(Options * options) |
59 | options->rekey_interval = 0; | 59 | options->rekey_interval = 0; |
60 | if (options->verify_host_key_dns == -1) | 60 | if (options->verify_host_key_dns == -1) |
61 | options->verify_host_key_dns = 0; | 61 | options->verify_host_key_dns = 0; |
@@ -72,10 +72,10 @@ index 2ccc48572..431243193 100644 | |||
72 | options->server_alive_count_max = 3; | 72 | options->server_alive_count_max = 3; |
73 | if (options->control_master == -1) | 73 | if (options->control_master == -1) |
74 | diff --git a/ssh_config.5 b/ssh_config.5 | 74 | diff --git a/ssh_config.5 b/ssh_config.5 |
75 | index e2a2359f9..85ab7447f 100644 | 75 | index bd86d000c..3ceb800ba 100644 |
76 | --- a/ssh_config.5 | 76 | --- a/ssh_config.5 |
77 | +++ b/ssh_config.5 | 77 | +++ b/ssh_config.5 |
78 | @@ -266,9 +266,13 @@ If set to | 78 | @@ -275,9 +275,13 @@ If set to |
79 | .Cm yes , | 79 | .Cm yes , |
80 | user interaction such as password prompts and host key confirmation requests | 80 | user interaction such as password prompts and host key confirmation requests |
81 | will be disabled. | 81 | will be disabled. |
@@ -90,7 +90,7 @@ index e2a2359f9..85ab7447f 100644 | |||
90 | The argument must be | 90 | The argument must be |
91 | .Cm yes | 91 | .Cm yes |
92 | or | 92 | or |
93 | @@ -1604,7 +1608,14 @@ from the server, | 93 | @@ -1624,7 +1628,14 @@ from the server, |
94 | will send a message through the encrypted | 94 | will send a message through the encrypted |
95 | channel to request a response from the server. | 95 | channel to request a response from the server. |
96 | The default | 96 | The default |
@@ -106,7 +106,7 @@ index e2a2359f9..85ab7447f 100644 | |||
106 | .It Cm SetEnv | 106 | .It Cm SetEnv |
107 | Directly specify one or more environment variables and their contents to | 107 | Directly specify one or more environment variables and their contents to |
108 | be sent to the server. | 108 | be sent to the server. |
109 | @@ -1684,6 +1695,12 @@ Specifies whether the system should send TCP keepalive messages to the | 109 | @@ -1704,6 +1715,12 @@ Specifies whether the system should send TCP keepalive messages to the |
110 | other side. | 110 | other side. |
111 | If they are sent, death of the connection or crash of one | 111 | If they are sent, death of the connection or crash of one |
112 | of the machines will be properly noticed. | 112 | of the machines will be properly noticed. |
@@ -120,10 +120,10 @@ index e2a2359f9..85ab7447f 100644 | |||
120 | connections will die if the route is down temporarily, and some people | 120 | connections will die if the route is down temporarily, and some people |
121 | find it annoying. | 121 | find it annoying. |
122 | diff --git a/sshd_config.5 b/sshd_config.5 | 122 | diff --git a/sshd_config.5 b/sshd_config.5 |
123 | index 360e5fb1a..9f093be1f 100644 | 123 | index eabbe9e73..6457620bb 100644 |
124 | --- a/sshd_config.5 | 124 | --- a/sshd_config.5 |
125 | +++ b/sshd_config.5 | 125 | +++ b/sshd_config.5 |
126 | @@ -1680,6 +1680,9 @@ This avoids infinitely hanging sessions. | 126 | @@ -1691,6 +1691,9 @@ This avoids infinitely hanging sessions. |
127 | .Pp | 127 | .Pp |
128 | To disable TCP keepalive messages, the value should be set to | 128 | To disable TCP keepalive messages, the value should be set to |
129 | .Cm no . | 129 | .Cm no . |
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch index 50b51619c..cb227f839 100644 --- a/debian/patches/mention-ssh-keygen-on-keychange.patch +++ b/debian/patches/mention-ssh-keygen-on-keychange.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 8ec2f85d03524a6b4954f0a29496b5a301f92080 Mon Sep 17 00:00:00 2001 | 1 | From c8da63c601b5d44fd233548385809c9c3a2fa0b8 Mon Sep 17 00:00:00 2001 |
2 | From: Scott Moser <smoser@ubuntu.com> | 2 | From: Scott Moser <smoser@ubuntu.com> |
3 | Date: Sun, 9 Feb 2014 16:10:03 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:03 +0000 |
4 | Subject: Mention ssh-keygen in ssh fingerprint changed warning | 4 | Subject: Mention ssh-keygen in ssh fingerprint changed warning |
@@ -14,10 +14,10 @@ Patch-Name: mention-ssh-keygen-on-keychange.patch | |||
14 | 1 file changed, 8 insertions(+), 1 deletion(-) | 14 | 1 file changed, 8 insertions(+), 1 deletion(-) |
15 | 15 | ||
16 | diff --git a/sshconnect.c b/sshconnect.c | 16 | diff --git a/sshconnect.c b/sshconnect.c |
17 | index bfbf80e92..f20d3e792 100644 | 17 | index 5f8c81b84..3ae20b74e 100644 |
18 | --- a/sshconnect.c | 18 | --- a/sshconnect.c |
19 | +++ b/sshconnect.c | 19 | +++ b/sshconnect.c |
20 | @@ -991,9 +991,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | 20 | @@ -994,9 +994,13 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, |
21 | error("%s. This could either mean that", key_msg); | 21 | error("%s. This could either mean that", key_msg); |
22 | error("DNS SPOOFING is happening or the IP address for the host"); | 22 | error("DNS SPOOFING is happening or the IP address for the host"); |
23 | error("and its host key have changed at the same time."); | 23 | error("and its host key have changed at the same time."); |
@@ -32,7 +32,7 @@ index bfbf80e92..f20d3e792 100644 | |||
32 | } | 32 | } |
33 | /* The host key has changed. */ | 33 | /* The host key has changed. */ |
34 | warn_changed_key(host_key); | 34 | warn_changed_key(host_key); |
35 | @@ -1002,6 +1006,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | 35 | @@ -1005,6 +1009,9 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, |
36 | error("Offending %s key in %s:%lu", | 36 | error("Offending %s key in %s:%lu", |
37 | sshkey_type(host_found->key), | 37 | sshkey_type(host_found->key), |
38 | host_found->file, host_found->line); | 38 | host_found->file, host_found->line); |
diff --git a/debian/patches/no-openssl-version-status.patch b/debian/patches/no-openssl-version-status.patch index b91cbd4ea..e383375c6 100644 --- a/debian/patches/no-openssl-version-status.patch +++ b/debian/patches/no-openssl-version-status.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From a5d0b90bbd2c5a6bdec17b1abc5dca8166ae73f7 Mon Sep 17 00:00:00 2001 | 1 | From cf3ffd6a25d425bed33dd698f92e64953d9769eb Mon Sep 17 00:00:00 2001 |
2 | From: Kurt Roeckx <kurt@roeckx.be> | 2 | From: Kurt Roeckx <kurt@roeckx.be> |
3 | Date: Sun, 9 Feb 2014 16:10:14 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:14 +0000 |
4 | Subject: Don't check the status field of the OpenSSL version | 4 | Subject: Don't check the status field of the OpenSSL version |
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch index 342487057..64405d578 100644 --- a/debian/patches/openbsd-docs.patch +++ b/debian/patches/openbsd-docs.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 34bf12a8e8fcc7720168dac307ef9388af93b947 Mon Sep 17 00:00:00 2001 | 1 | From 6bcbfca92b58917dba48b696dd63529fa5dcbb82 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:09 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:09 +0000 |
4 | Subject: Adjust various OpenBSD-specific references in manual pages | 4 | Subject: Adjust various OpenBSD-specific references in manual pages |
@@ -44,10 +44,10 @@ index ef0de0850..149846c8c 100644 | |||
44 | .Sh SEE ALSO | 44 | .Sh SEE ALSO |
45 | .Xr ssh-keygen 1 , | 45 | .Xr ssh-keygen 1 , |
46 | diff --git a/ssh-keygen.1 b/ssh-keygen.1 | 46 | diff --git a/ssh-keygen.1 b/ssh-keygen.1 |
47 | index 059c1b034..45866f931 100644 | 47 | index 3ae596caa..836174fb6 100644 |
48 | --- a/ssh-keygen.1 | 48 | --- a/ssh-keygen.1 |
49 | +++ b/ssh-keygen.1 | 49 | +++ b/ssh-keygen.1 |
50 | @@ -197,9 +197,7 @@ key in | 50 | @@ -202,9 +202,7 @@ key in |
51 | .Pa ~/.ssh/id_ed25519_sk | 51 | .Pa ~/.ssh/id_ed25519_sk |
52 | or | 52 | or |
53 | .Pa ~/.ssh/id_rsa . | 53 | .Pa ~/.ssh/id_rsa . |
@@ -58,7 +58,7 @@ index 059c1b034..45866f931 100644 | |||
58 | .Pp | 58 | .Pp |
59 | Normally this program generates the key and asks for a file in which | 59 | Normally this program generates the key and asks for a file in which |
60 | to store the private key. | 60 | to store the private key. |
61 | @@ -262,9 +260,7 @@ If | 61 | @@ -269,9 +267,7 @@ If |
62 | .Fl f | 62 | .Fl f |
63 | has also been specified, its argument is used as a prefix to the | 63 | has also been specified, its argument is used as a prefix to the |
64 | default path for the resulting host key files. | 64 | default path for the resulting host key files. |
@@ -69,7 +69,7 @@ index 059c1b034..45866f931 100644 | |||
69 | .It Fl a Ar rounds | 69 | .It Fl a Ar rounds |
70 | When saving a private key, this option specifies the number of KDF | 70 | When saving a private key, this option specifies the number of KDF |
71 | (key derivation function) rounds used. | 71 | (key derivation function) rounds used. |
72 | @@ -787,7 +783,7 @@ option. | 72 | @@ -804,7 +800,7 @@ option. |
73 | Valid generator values are 2, 3, and 5. | 73 | Valid generator values are 2, 3, and 5. |
74 | .Pp | 74 | .Pp |
75 | Screened DH groups may be installed in | 75 | Screened DH groups may be installed in |
@@ -78,7 +78,7 @@ index 059c1b034..45866f931 100644 | |||
78 | It is important that this file contains moduli of a range of bit lengths and | 78 | It is important that this file contains moduli of a range of bit lengths and |
79 | that both ends of a connection share common moduli. | 79 | that both ends of a connection share common moduli. |
80 | .Pp | 80 | .Pp |
81 | @@ -1158,7 +1154,7 @@ on all machines | 81 | @@ -1185,7 +1181,7 @@ on all machines |
82 | where the user wishes to log in using public key authentication. | 82 | where the user wishes to log in using public key authentication. |
83 | There is no need to keep the contents of this file secret. | 83 | There is no need to keep the contents of this file secret. |
84 | .Pp | 84 | .Pp |
@@ -88,7 +88,7 @@ index 059c1b034..45866f931 100644 | |||
88 | The file format is described in | 88 | The file format is described in |
89 | .Xr moduli 5 . | 89 | .Xr moduli 5 . |
90 | diff --git a/ssh.1 b/ssh.1 | 90 | diff --git a/ssh.1 b/ssh.1 |
91 | index a80be8efe..566fdba6b 100644 | 91 | index 5d613076c..1880c032d 100644 |
92 | --- a/ssh.1 | 92 | --- a/ssh.1 |
93 | +++ b/ssh.1 | 93 | +++ b/ssh.1 |
94 | @@ -890,6 +890,10 @@ implements public key authentication protocol automatically, | 94 | @@ -890,6 +890,10 @@ implements public key authentication protocol automatically, |
@@ -103,7 +103,7 @@ index a80be8efe..566fdba6b 100644 | |||
103 | .Pp | 103 | .Pp |
104 | The file | 104 | The file |
105 | diff --git a/sshd.8 b/sshd.8 | 105 | diff --git a/sshd.8 b/sshd.8 |
106 | index 730520231..5ce0ea4fa 100644 | 106 | index 97d547ffa..7895a6a94 100644 |
107 | --- a/sshd.8 | 107 | --- a/sshd.8 |
108 | +++ b/sshd.8 | 108 | +++ b/sshd.8 |
109 | @@ -65,7 +65,7 @@ over an insecure network. | 109 | @@ -65,7 +65,7 @@ over an insecure network. |
@@ -115,7 +115,7 @@ index 730520231..5ce0ea4fa 100644 | |||
115 | It forks a new | 115 | It forks a new |
116 | daemon for each incoming connection. | 116 | daemon for each incoming connection. |
117 | The forked daemons handle | 117 | The forked daemons handle |
118 | @@ -904,7 +904,7 @@ This file is for host-based authentication (see | 118 | @@ -911,7 +911,7 @@ This file is for host-based authentication (see |
119 | .Xr ssh 1 ) . | 119 | .Xr ssh 1 ) . |
120 | It should only be writable by root. | 120 | It should only be writable by root. |
121 | .Pp | 121 | .Pp |
@@ -124,7 +124,7 @@ index 730520231..5ce0ea4fa 100644 | |||
124 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" | 124 | Contains Diffie-Hellman groups used for the "Diffie-Hellman Group Exchange" |
125 | key exchange method. | 125 | key exchange method. |
126 | The file format is described in | 126 | The file format is described in |
127 | @@ -1002,7 +1002,6 @@ The content of this file is not sensitive; it can be world-readable. | 127 | @@ -1009,7 +1009,6 @@ The content of this file is not sensitive; it can be world-readable. |
128 | .Xr ssh-keyscan 1 , | 128 | .Xr ssh-keyscan 1 , |
129 | .Xr chroot 2 , | 129 | .Xr chroot 2 , |
130 | .Xr hosts_access 5 , | 130 | .Xr hosts_access 5 , |
@@ -133,7 +133,7 @@ index 730520231..5ce0ea4fa 100644 | |||
133 | .Xr sshd_config 5 , | 133 | .Xr sshd_config 5 , |
134 | .Xr inetd 8 , | 134 | .Xr inetd 8 , |
135 | diff --git a/sshd_config.5 b/sshd_config.5 | 135 | diff --git a/sshd_config.5 b/sshd_config.5 |
136 | index 753ceda10..c27f99937 100644 | 136 | index 33dc0c675..32ae46476 100644 |
137 | --- a/sshd_config.5 | 137 | --- a/sshd_config.5 |
138 | +++ b/sshd_config.5 | 138 | +++ b/sshd_config.5 |
139 | @@ -385,8 +385,7 @@ Certificates signed using other algorithms will not be accepted for | 139 | @@ -385,8 +385,7 @@ Certificates signed using other algorithms will not be accepted for |
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch index a560ae940..daa1473db 100644 --- a/debian/patches/package-versioning.patch +++ b/debian/patches/package-versioning.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From d66c30698f807ab95aee7ea4a882c192884df047 Mon Sep 17 00:00:00 2001 | 1 | From 707144d399b9fc959a4f6be3fd8e239c208c88ff Mon Sep 17 00:00:00 2001 |
2 | From: Matthew Vernon <matthew@debian.org> | 2 | From: Matthew Vernon <matthew@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:05 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:05 +0000 |
4 | Subject: Include the Debian version in our identification | 4 | Subject: Include the Debian version in our identification |
@@ -18,7 +18,7 @@ Patch-Name: package-versioning.patch | |||
18 | 2 files changed, 7 insertions(+), 2 deletions(-) | 18 | 2 files changed, 7 insertions(+), 2 deletions(-) |
19 | 19 | ||
20 | diff --git a/kex.c b/kex.c | 20 | diff --git a/kex.c b/kex.c |
21 | index 144dee512..0e64bf760 100644 | 21 | index 751cfc710..ce7bb5b3b 100644 |
22 | --- a/kex.c | 22 | --- a/kex.c |
23 | +++ b/kex.c | 23 | +++ b/kex.c |
24 | @@ -1243,7 +1243,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, | 24 | @@ -1243,7 +1243,7 @@ kex_exchange_identification(struct ssh *ssh, int timeout_ms, |
@@ -31,11 +31,11 @@ index 144dee512..0e64bf760 100644 | |||
31 | version_addendum == NULL ? "" : version_addendum)) != 0) { | 31 | version_addendum == NULL ? "" : version_addendum)) != 0) { |
32 | oerrno = errno; | 32 | oerrno = errno; |
33 | diff --git a/version.h b/version.h | 33 | diff --git a/version.h b/version.h |
34 | index a2eca3ec8..158eaee70 100644 | 34 | index c2f9c55bb..480cd59e1 100644 |
35 | --- a/version.h | 35 | --- a/version.h |
36 | +++ b/version.h | 36 | +++ b/version.h |
37 | @@ -3,4 +3,9 @@ | 37 | @@ -3,4 +3,9 @@ |
38 | #define SSH_VERSION "OpenSSH_8.3" | 38 | #define SSH_VERSION "OpenSSH_8.4" |
39 | 39 | ||
40 | #define SSH_PORTABLE "p1" | 40 | #define SSH_PORTABLE "p1" |
41 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 41 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
diff --git a/debian/patches/restore-authorized_keys2.patch b/debian/patches/restore-authorized_keys2.patch index e32c31717..a1f52056f 100644 --- a/debian/patches/restore-authorized_keys2.patch +++ b/debian/patches/restore-authorized_keys2.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From a31d1fdf19480d9a184a27a4d221655f408f74d7 Mon Sep 17 00:00:00 2001 | 1 | From 8dc9bb0d9cf53a35d6003623f1e7c91326d79875 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 5 Mar 2017 02:02:11 +0000 | 3 | Date: Sun, 5 Mar 2017 02:02:11 +0000 |
4 | Subject: Restore reading authorized_keys2 by default | 4 | Subject: Restore reading authorized_keys2 by default |
diff --git a/debian/patches/restore-tcp-wrappers.patch b/debian/patches/restore-tcp-wrappers.patch index e544e3874..7388fadff 100644 --- a/debian/patches/restore-tcp-wrappers.patch +++ b/debian/patches/restore-tcp-wrappers.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 7e3de67f8447064d6963e8299653d8e01baaef1e Mon Sep 17 00:00:00 2001 | 1 | From 6806b85f30244d186206004386a9faddc16b8738 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Tue, 7 Oct 2014 13:22:41 +0100 | 3 | Date: Tue, 7 Oct 2014 13:22:41 +0100 |
4 | Subject: Restore TCP wrappers support | 4 | Subject: Restore TCP wrappers support |
@@ -28,10 +28,10 @@ Patch-Name: restore-tcp-wrappers.patch | |||
28 | 3 files changed, 89 insertions(+) | 28 | 3 files changed, 89 insertions(+) |
29 | 29 | ||
30 | diff --git a/configure.ac b/configure.ac | 30 | diff --git a/configure.ac b/configure.ac |
31 | index d98e6f74a..812b7218f 100644 | 31 | index c8a96deb4..bb435ec1f 100644 |
32 | --- a/configure.ac | 32 | --- a/configure.ac |
33 | +++ b/configure.ac | 33 | +++ b/configure.ac |
34 | @@ -1558,6 +1558,62 @@ else | 34 | @@ -1571,6 +1571,62 @@ else |
35 | AC_MSG_RESULT([no]) | 35 | AC_MSG_RESULT([no]) |
36 | fi | 36 | fi |
37 | 37 | ||
@@ -94,7 +94,7 @@ index d98e6f74a..812b7218f 100644 | |||
94 | # Check whether user wants to use ldns | 94 | # Check whether user wants to use ldns |
95 | LDNS_MSG="no" | 95 | LDNS_MSG="no" |
96 | AC_ARG_WITH(ldns, | 96 | AC_ARG_WITH(ldns, |
97 | @@ -5479,6 +5535,7 @@ echo " PAM support: $PAM_MSG" | 97 | @@ -5536,6 +5592,7 @@ echo " PAM support: $PAM_MSG" |
98 | echo " OSF SIA support: $SIA_MSG" | 98 | echo " OSF SIA support: $SIA_MSG" |
99 | echo " KerberosV support: $KRB5_MSG" | 99 | echo " KerberosV support: $KRB5_MSG" |
100 | echo " SELinux support: $SELINUX_MSG" | 100 | echo " SELinux support: $SELINUX_MSG" |
@@ -103,10 +103,10 @@ index d98e6f74a..812b7218f 100644 | |||
103 | echo " libedit support: $LIBEDIT_MSG" | 103 | echo " libedit support: $LIBEDIT_MSG" |
104 | echo " libldns support: $LDNS_MSG" | 104 | echo " libldns support: $LDNS_MSG" |
105 | diff --git a/sshd.8 b/sshd.8 | 105 | diff --git a/sshd.8 b/sshd.8 |
106 | index c5f8987d2..730520231 100644 | 106 | index b2fad56d3..97d547ffa 100644 |
107 | --- a/sshd.8 | 107 | --- a/sshd.8 |
108 | +++ b/sshd.8 | 108 | +++ b/sshd.8 |
109 | @@ -893,6 +893,12 @@ the user's home directory becomes accessible. | 109 | @@ -900,6 +900,12 @@ the user's home directory becomes accessible. |
110 | This file should be writable only by the user, and need not be | 110 | This file should be writable only by the user, and need not be |
111 | readable by anyone else. | 111 | readable by anyone else. |
112 | .Pp | 112 | .Pp |
@@ -119,7 +119,7 @@ index c5f8987d2..730520231 100644 | |||
119 | .It Pa /etc/hosts.equiv | 119 | .It Pa /etc/hosts.equiv |
120 | This file is for host-based authentication (see | 120 | This file is for host-based authentication (see |
121 | .Xr ssh 1 ) . | 121 | .Xr ssh 1 ) . |
122 | @@ -995,6 +1001,7 @@ The content of this file is not sensitive; it can be world-readable. | 122 | @@ -1002,6 +1008,7 @@ The content of this file is not sensitive; it can be world-readable. |
123 | .Xr ssh-keygen 1 , | 123 | .Xr ssh-keygen 1 , |
124 | .Xr ssh-keyscan 1 , | 124 | .Xr ssh-keyscan 1 , |
125 | .Xr chroot 2 , | 125 | .Xr chroot 2 , |
@@ -128,7 +128,7 @@ index c5f8987d2..730520231 100644 | |||
128 | .Xr moduli 5 , | 128 | .Xr moduli 5 , |
129 | .Xr sshd_config 5 , | 129 | .Xr sshd_config 5 , |
130 | diff --git a/sshd.c b/sshd.c | 130 | diff --git a/sshd.c b/sshd.c |
131 | index 02fca5c28..e96d90809 100644 | 131 | index 8c5d5822e..a50ec3584 100644 |
132 | --- a/sshd.c | 132 | --- a/sshd.c |
133 | +++ b/sshd.c | 133 | +++ b/sshd.c |
134 | @@ -124,6 +124,13 @@ | 134 | @@ -124,6 +124,13 @@ |
@@ -145,7 +145,7 @@ index 02fca5c28..e96d90809 100644 | |||
145 | /* Re-exec fds */ | 145 | /* Re-exec fds */ |
146 | #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) | 146 | #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) |
147 | #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) | 147 | #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) |
148 | @@ -2132,6 +2139,24 @@ main(int ac, char **av) | 148 | @@ -2183,6 +2190,24 @@ main(int ac, char **av) |
149 | #ifdef SSH_AUDIT_EVENTS | 149 | #ifdef SSH_AUDIT_EVENTS |
150 | audit_connection_from(remote_ip, remote_port); | 150 | audit_connection_from(remote_ip, remote_port); |
151 | #endif | 151 | #endif |
diff --git a/debian/patches/revert-ipqos-defaults.patch b/debian/patches/revert-ipqos-defaults.patch index 0ec75419a..b84cef134 100644 --- a/debian/patches/revert-ipqos-defaults.patch +++ b/debian/patches/revert-ipqos-defaults.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 39b8d128ef980a410bb1ea0ee80e95ac9fff59c3 Mon Sep 17 00:00:00 2001 | 1 | From 3728919292c05983372954d27426f7d966813139 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Mon, 8 Apr 2019 10:46:29 +0100 | 3 | Date: Mon, 8 Apr 2019 10:46:29 +0100 |
4 | Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP | 4 | Subject: Revert "upstream: Update default IPQoS in ssh(1), sshd(8) to DSCP |
@@ -24,10 +24,10 @@ Patch-Name: revert-ipqos-defaults.patch | |||
24 | 4 files changed, 8 insertions(+), 12 deletions(-) | 24 | 4 files changed, 8 insertions(+), 12 deletions(-) |
25 | 25 | ||
26 | diff --git a/readconf.c b/readconf.c | 26 | diff --git a/readconf.c b/readconf.c |
27 | index 87b0dc62a..9a646dcaa 100644 | 27 | index e676b6be6..c60df5602 100644 |
28 | --- a/readconf.c | 28 | --- a/readconf.c |
29 | +++ b/readconf.c | 29 | +++ b/readconf.c |
30 | @@ -2254,9 +2254,9 @@ fill_default_options(Options * options) | 30 | @@ -2298,9 +2298,9 @@ fill_default_options(Options * options) |
31 | if (options->visual_host_key == -1) | 31 | if (options->visual_host_key == -1) |
32 | options->visual_host_key = 0; | 32 | options->visual_host_key = 0; |
33 | if (options->ip_qos_interactive == -1) | 33 | if (options->ip_qos_interactive == -1) |
@@ -40,10 +40,10 @@ index 87b0dc62a..9a646dcaa 100644 | |||
40 | options->request_tty = REQUEST_TTY_AUTO; | 40 | options->request_tty = REQUEST_TTY_AUTO; |
41 | if (options->proxy_use_fdpass == -1) | 41 | if (options->proxy_use_fdpass == -1) |
42 | diff --git a/servconf.c b/servconf.c | 42 | diff --git a/servconf.c b/servconf.c |
43 | index cf4e52f3b..c290e9786 100644 | 43 | index f9eb778d6..98afcfcec 100644 |
44 | --- a/servconf.c | 44 | --- a/servconf.c |
45 | +++ b/servconf.c | 45 | +++ b/servconf.c |
46 | @@ -452,9 +452,9 @@ fill_default_server_options(ServerOptions *options) | 46 | @@ -453,9 +453,9 @@ fill_default_server_options(ServerOptions *options) |
47 | if (options->permit_tun == -1) | 47 | if (options->permit_tun == -1) |
48 | options->permit_tun = SSH_TUNMODE_NO; | 48 | options->permit_tun = SSH_TUNMODE_NO; |
49 | if (options->ip_qos_interactive == -1) | 49 | if (options->ip_qos_interactive == -1) |
@@ -56,10 +56,10 @@ index cf4e52f3b..c290e9786 100644 | |||
56 | options->version_addendum = xstrdup(""); | 56 | options->version_addendum = xstrdup(""); |
57 | if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) | 57 | if (options->fwd_opts.streamlocal_bind_mask == (mode_t)-1) |
58 | diff --git a/ssh_config.5 b/ssh_config.5 | 58 | diff --git a/ssh_config.5 b/ssh_config.5 |
59 | index aac3fabb7..2574b1004 100644 | 59 | index 6d6c59521..080d289a7 100644 |
60 | --- a/ssh_config.5 | 60 | --- a/ssh_config.5 |
61 | +++ b/ssh_config.5 | 61 | +++ b/ssh_config.5 |
62 | @@ -1140,11 +1140,9 @@ If one argument is specified, it is used as the packet class unconditionally. | 62 | @@ -1156,11 +1156,9 @@ If one argument is specified, it is used as the packet class unconditionally. |
63 | If two values are specified, the first is automatically selected for | 63 | If two values are specified, the first is automatically selected for |
64 | interactive sessions and the second for non-interactive sessions. | 64 | interactive sessions and the second for non-interactive sessions. |
65 | The default is | 65 | The default is |
@@ -74,7 +74,7 @@ index aac3fabb7..2574b1004 100644 | |||
74 | .It Cm KbdInteractiveAuthentication | 74 | .It Cm KbdInteractiveAuthentication |
75 | Specifies whether to use keyboard-interactive authentication. | 75 | Specifies whether to use keyboard-interactive authentication. |
76 | diff --git a/sshd_config.5 b/sshd_config.5 | 76 | diff --git a/sshd_config.5 b/sshd_config.5 |
77 | index b38025dbf..88db4db07 100644 | 77 | index 472001dd1..a555e7ec3 100644 |
78 | --- a/sshd_config.5 | 78 | --- a/sshd_config.5 |
79 | +++ b/sshd_config.5 | 79 | +++ b/sshd_config.5 |
80 | @@ -925,11 +925,9 @@ If one argument is specified, it is used as the packet class unconditionally. | 80 | @@ -925,11 +925,9 @@ If one argument is specified, it is used as the packet class unconditionally. |
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch index 0166c914a..604e831b3 100644 --- a/debian/patches/scp-quoting.patch +++ b/debian/patches/scp-quoting.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 2520672d1ccfd88744c93bac102f461f9b1e0cf3 Mon Sep 17 00:00:00 2001 | 1 | From 94f06f8888f2e11267120eeebdb931d95bbfb7fd Mon Sep 17 00:00:00 2001 |
2 | From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com> | 2 | From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com> |
3 | Date: Sun, 9 Feb 2014 16:09:59 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:59 +0000 |
4 | Subject: Adjust scp quoting in verbose mode | 4 | Subject: Adjust scp quoting in verbose mode |
@@ -17,7 +17,7 @@ Patch-Name: scp-quoting.patch | |||
17 | 1 file changed, 10 insertions(+), 2 deletions(-) | 17 | 1 file changed, 10 insertions(+), 2 deletions(-) |
18 | 18 | ||
19 | diff --git a/scp.c b/scp.c | 19 | diff --git a/scp.c b/scp.c |
20 | index b4492a062..66b4af8e8 100644 | 20 | index 6ae17061d..2d1b8e9b9 100644 |
21 | --- a/scp.c | 21 | --- a/scp.c |
22 | +++ b/scp.c | 22 | +++ b/scp.c |
23 | @@ -201,8 +201,16 @@ do_local_cmd(arglist *a) | 23 | @@ -201,8 +201,16 @@ do_local_cmd(arglist *a) |
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch index b0088c104..3161999a9 100644 --- a/debian/patches/selinux-role.patch +++ b/debian/patches/selinux-role.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 8641a3f57e67e087b4500beb9916e06c4d0ba94c Mon Sep 17 00:00:00 2001 | 1 | From c574865182e2c5dfa183b577f49ac602d16df5c0 Mon Sep 17 00:00:00 2001 |
2 | From: Manoj Srivastava <srivasta@debian.org> | 2 | From: Manoj Srivastava <srivasta@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:09:49 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:49 +0000 |
4 | Subject: Handle SELinux authorisation roles | 4 | Subject: Handle SELinux authorisation roles |
@@ -9,7 +9,7 @@ SELinux maintainer, so we'll keep it until we have something better. | |||
9 | 9 | ||
10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 | 10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641 |
11 | Bug-Debian: http://bugs.debian.org/394795 | 11 | Bug-Debian: http://bugs.debian.org/394795 |
12 | Last-Update: 2020-02-21 | 12 | Last-Update: 2020-10-18 |
13 | 13 | ||
14 | Patch-Name: selinux-role.patch | 14 | Patch-Name: selinux-role.patch |
15 | --- | 15 | --- |
@@ -43,7 +43,7 @@ index becc672b5..5da9fe75f 100644 | |||
43 | /* Method lists for multiple authentication */ | 43 | /* Method lists for multiple authentication */ |
44 | char **auth_methods; /* modified from server config */ | 44 | char **auth_methods; /* modified from server config */ |
45 | diff --git a/auth2.c b/auth2.c | 45 | diff --git a/auth2.c b/auth2.c |
46 | index a4a5e0069..05d6c2447 100644 | 46 | index 9fa1404b3..d8363bdba 100644 |
47 | --- a/auth2.c | 47 | --- a/auth2.c |
48 | +++ b/auth2.c | 48 | +++ b/auth2.c |
49 | @@ -265,7 +265,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) | 49 | @@ -265,7 +265,7 @@ input_userauth_request(int type, u_int32_t seq, struct ssh *ssh) |
@@ -81,7 +81,7 @@ index a4a5e0069..05d6c2447 100644 | |||
81 | if (auth2_setup_methods_lists(authctxt) != 0) | 81 | if (auth2_setup_methods_lists(authctxt) != 0) |
82 | ssh_packet_disconnect(ssh, | 82 | ssh_packet_disconnect(ssh, |
83 | diff --git a/monitor.c b/monitor.c | 83 | diff --git a/monitor.c b/monitor.c |
84 | index 5347e900d..8002aca86 100644 | 84 | index 11868952b..98362948f 100644 |
85 | --- a/monitor.c | 85 | --- a/monitor.c |
86 | +++ b/monitor.c | 86 | +++ b/monitor.c |
87 | @@ -118,6 +118,7 @@ int mm_answer_sign(struct ssh *, int, struct sshbuf *); | 87 | @@ -118,6 +118,7 @@ int mm_answer_sign(struct ssh *, int, struct sshbuf *); |
@@ -154,7 +154,7 @@ index 5347e900d..8002aca86 100644 | |||
154 | return (0); | 154 | return (0); |
155 | } | 155 | } |
156 | 156 | ||
157 | @@ -1553,7 +1582,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) | 157 | @@ -1566,7 +1595,7 @@ mm_answer_pty(struct ssh *ssh, int sock, struct sshbuf *m) |
158 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 158 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
159 | if (res == 0) | 159 | if (res == 0) |
160 | goto error; | 160 | goto error; |
@@ -177,7 +177,7 @@ index 2b1a2d590..4d87284aa 100644 | |||
177 | 177 | ||
178 | struct ssh; | 178 | struct ssh; |
179 | diff --git a/monitor_wrap.c b/monitor_wrap.c | 179 | diff --git a/monitor_wrap.c b/monitor_wrap.c |
180 | index 6edb509a3..b49c268d3 100644 | 180 | index 0e78cd006..d41d3949d 100644 |
181 | --- a/monitor_wrap.c | 181 | --- a/monitor_wrap.c |
182 | +++ b/monitor_wrap.c | 182 | +++ b/monitor_wrap.c |
183 | @@ -364,10 +364,10 @@ mm_auth2_read_banner(void) | 183 | @@ -364,10 +364,10 @@ mm_auth2_read_banner(void) |
@@ -231,13 +231,13 @@ index 6edb509a3..b49c268d3 100644 | |||
231 | int | 231 | int |
232 | mm_auth_password(struct ssh *ssh, char *password) | 232 | mm_auth_password(struct ssh *ssh, char *password) |
233 | diff --git a/monitor_wrap.h b/monitor_wrap.h | 233 | diff --git a/monitor_wrap.h b/monitor_wrap.h |
234 | index 485590c18..370b08e17 100644 | 234 | index 75aef1c74..c39e5dd8b 100644 |
235 | --- a/monitor_wrap.h | 235 | --- a/monitor_wrap.h |
236 | +++ b/monitor_wrap.h | 236 | +++ b/monitor_wrap.h |
237 | @@ -47,7 +47,8 @@ DH *mm_choose_dh(int, int, int); | 237 | @@ -48,7 +48,8 @@ DH *mm_choose_dh(int, int, int); |
238 | #endif | ||
239 | int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *, | 238 | int mm_sshkey_sign(struct ssh *, struct sshkey *, u_char **, size_t *, |
240 | const u_char *, size_t, const char *, const char *, u_int compat); | 239 | const u_char *, size_t, const char *, const char *, |
240 | const char *, u_int compat); | ||
241 | -void mm_inform_authserv(char *, char *); | 241 | -void mm_inform_authserv(char *, char *); |
242 | +void mm_inform_authserv(char *, char *, char *); | 242 | +void mm_inform_authserv(char *, char *, char *); |
243 | +void mm_inform_authrole(char *); | 243 | +void mm_inform_authrole(char *); |
@@ -363,10 +363,10 @@ index ea4f9c584..60d72ffe7 100644 | |||
363 | char *platform_krb5_get_principal_name(const char *); | 363 | char *platform_krb5_get_principal_name(const char *); |
364 | int platform_sys_dir_uid(uid_t); | 364 | int platform_sys_dir_uid(uid_t); |
365 | diff --git a/session.c b/session.c | 365 | diff --git a/session.c b/session.c |
366 | index f9c2c866e..837a8bacf 100644 | 366 | index 857f17b3c..b1796a803 100644 |
367 | --- a/session.c | 367 | --- a/session.c |
368 | +++ b/session.c | 368 | +++ b/session.c |
369 | @@ -1360,7 +1360,7 @@ safely_chroot(const char *path, uid_t uid) | 369 | @@ -1364,7 +1364,7 @@ safely_chroot(const char *path, uid_t uid) |
370 | 370 | ||
371 | /* Set login name, uid, gid, and groups. */ | 371 | /* Set login name, uid, gid, and groups. */ |
372 | void | 372 | void |
@@ -375,7 +375,7 @@ index f9c2c866e..837a8bacf 100644 | |||
375 | { | 375 | { |
376 | char uidstr[32], *chroot_path, *tmp; | 376 | char uidstr[32], *chroot_path, *tmp; |
377 | 377 | ||
378 | @@ -1388,7 +1388,7 @@ do_setusercontext(struct passwd *pw) | 378 | @@ -1392,7 +1392,7 @@ do_setusercontext(struct passwd *pw) |
379 | endgrent(); | 379 | endgrent(); |
380 | #endif | 380 | #endif |
381 | 381 | ||
@@ -384,7 +384,7 @@ index f9c2c866e..837a8bacf 100644 | |||
384 | 384 | ||
385 | if (!in_chroot && options.chroot_directory != NULL && | 385 | if (!in_chroot && options.chroot_directory != NULL && |
386 | strcasecmp(options.chroot_directory, "none") != 0) { | 386 | strcasecmp(options.chroot_directory, "none") != 0) { |
387 | @@ -1529,7 +1529,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) | 387 | @@ -1536,7 +1536,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) |
388 | 388 | ||
389 | /* Force a password change */ | 389 | /* Force a password change */ |
390 | if (s->authctxt->force_pwchange) { | 390 | if (s->authctxt->force_pwchange) { |
@@ -393,7 +393,7 @@ index f9c2c866e..837a8bacf 100644 | |||
393 | child_close_fds(ssh); | 393 | child_close_fds(ssh); |
394 | do_pwchange(s); | 394 | do_pwchange(s); |
395 | exit(1); | 395 | exit(1); |
396 | @@ -1547,7 +1547,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) | 396 | @@ -1554,7 +1554,7 @@ do_child(struct ssh *ssh, Session *s, const char *command) |
397 | /* When PAM is enabled we rely on it to do the nologin check */ | 397 | /* When PAM is enabled we rely on it to do the nologin check */ |
398 | if (!options.use_pam) | 398 | if (!options.use_pam) |
399 | do_nologin(pw); | 399 | do_nologin(pw); |
@@ -402,7 +402,7 @@ index f9c2c866e..837a8bacf 100644 | |||
402 | /* | 402 | /* |
403 | * PAM session modules in do_setusercontext may have | 403 | * PAM session modules in do_setusercontext may have |
404 | * generated messages, so if this in an interactive | 404 | * generated messages, so if this in an interactive |
405 | @@ -1946,7 +1946,7 @@ session_pty_req(struct ssh *ssh, Session *s) | 405 | @@ -1953,7 +1953,7 @@ session_pty_req(struct ssh *ssh, Session *s) |
406 | sshpkt_fatal(ssh, r, "%s: parse packet", __func__); | 406 | sshpkt_fatal(ssh, r, "%s: parse packet", __func__); |
407 | 407 | ||
408 | if (!use_privsep) | 408 | if (!use_privsep) |
@@ -425,7 +425,7 @@ index ce59dabd9..675c91146 100644 | |||
425 | const char *session_get_remote_name_or_ip(struct ssh *, u_int, int); | 425 | const char *session_get_remote_name_or_ip(struct ssh *, u_int, int); |
426 | 426 | ||
427 | diff --git a/sshd.c b/sshd.c | 427 | diff --git a/sshd.c b/sshd.c |
428 | index e96d90809..e8b332ca4 100644 | 428 | index a50ec3584..38d281ab4 100644 |
429 | --- a/sshd.c | 429 | --- a/sshd.c |
430 | +++ b/sshd.c | 430 | +++ b/sshd.c |
431 | @@ -594,7 +594,7 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt) | 431 | @@ -594,7 +594,7 @@ privsep_postauth(struct ssh *ssh, Authctxt *authctxt) |
diff --git a/debian/patches/series b/debian/patches/series index 9abd84350..8c1046a74 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -23,4 +23,3 @@ debian-config.patch | |||
23 | restore-authorized_keys2.patch | 23 | restore-authorized_keys2.patch |
24 | conch-old-privkey-format.patch | 24 | conch-old-privkey-format.patch |
25 | revert-ipqos-defaults.patch | 25 | revert-ipqos-defaults.patch |
26 | avoid-extra-ports.patch | ||
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch index 4752e2a71..503b08dda 100644 --- a/debian/patches/shell-path.patch +++ b/debian/patches/shell-path.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From b78e6371a98460f5d12683406674e117d64b35f2 Mon Sep 17 00:00:00 2001 | 1 | From a7d2f23b7b86f97749856482233cdc9dd970d1d3 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:00 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:00 +0000 |
4 | Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand | 4 | Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand |
@@ -16,10 +16,10 @@ Patch-Name: shell-path.patch | |||
16 | 1 file changed, 2 insertions(+), 2 deletions(-) | 16 | 1 file changed, 2 insertions(+), 2 deletions(-) |
17 | 17 | ||
18 | diff --git a/sshconnect.c b/sshconnect.c | 18 | diff --git a/sshconnect.c b/sshconnect.c |
19 | index af08be415..bfbf80e92 100644 | 19 | index 9ec0618a9..5f8c81b84 100644 |
20 | --- a/sshconnect.c | 20 | --- a/sshconnect.c |
21 | +++ b/sshconnect.c | 21 | +++ b/sshconnect.c |
22 | @@ -260,7 +260,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg, | 22 | @@ -263,7 +263,7 @@ ssh_proxy_connect(struct ssh *ssh, const char *host, const char *host_arg, |
23 | /* Execute the proxy command. Note that we gave up any | 23 | /* Execute the proxy command. Note that we gave up any |
24 | extra privileges above. */ | 24 | extra privileges above. */ |
25 | ssh_signal(SIGPIPE, SIG_DFL); | 25 | ssh_signal(SIGPIPE, SIG_DFL); |
@@ -28,7 +28,7 @@ index af08be415..bfbf80e92 100644 | |||
28 | perror(argv[0]); | 28 | perror(argv[0]); |
29 | exit(1); | 29 | exit(1); |
30 | } | 30 | } |
31 | @@ -1389,7 +1389,7 @@ ssh_local_cmd(const char *args) | 31 | @@ -1392,7 +1392,7 @@ ssh_local_cmd(const char *args) |
32 | if (pid == 0) { | 32 | if (pid == 0) { |
33 | ssh_signal(SIGPIPE, SIG_DFL); | 33 | ssh_signal(SIGPIPE, SIG_DFL); |
34 | debug3("Executing %s -c \"%s\"", shell, args); | 34 | debug3("Executing %s -c \"%s\"", shell, args); |
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch index ed23334d9..5d7a6c0fb 100644 --- a/debian/patches/ssh-agent-setgid.patch +++ b/debian/patches/ssh-agent-setgid.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 303cbd5533df863d518bc61d837ce56a93166b11 Mon Sep 17 00:00:00 2001 | 1 | From 7a305ed4a0cba43d0d1bc6ebf5737521a0854a9d Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:13 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:13 +0000 |
4 | Subject: Document consequences of ssh-agent being setgid in ssh-agent(1) | 4 | Subject: Document consequences of ssh-agent being setgid in ssh-agent(1) |
@@ -13,10 +13,10 @@ Patch-Name: ssh-agent-setgid.patch | |||
13 | 1 file changed, 15 insertions(+) | 13 | 1 file changed, 15 insertions(+) |
14 | 14 | ||
15 | diff --git a/ssh-agent.1 b/ssh-agent.1 | 15 | diff --git a/ssh-agent.1 b/ssh-agent.1 |
16 | index fff0db6bc..99e4f6d2e 100644 | 16 | index 2cf46160b..272da79b3 100644 |
17 | --- a/ssh-agent.1 | 17 | --- a/ssh-agent.1 |
18 | +++ b/ssh-agent.1 | 18 | +++ b/ssh-agent.1 |
19 | @@ -201,6 +201,21 @@ socket and stores its pathname in this variable. | 19 | @@ -206,6 +206,21 @@ socket and stores its pathname in this variable. |
20 | It is accessible only to the current user, | 20 | It is accessible only to the current user, |
21 | but is easily abused by root or another instance of the same user. | 21 | but is easily abused by root or another instance of the same user. |
22 | .El | 22 | .El |
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch index 52e5bf70b..12f8c1b90 100644 --- a/debian/patches/ssh-argv0.patch +++ b/debian/patches/ssh-argv0.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 81723f749647928d918de21057d9dbfbebaa8e53 Mon Sep 17 00:00:00 2001 | 1 | From 0e71b467fd84b0972c6aa2762d93af1c3defc0dc Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:10:10 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:10 +0000 |
4 | Subject: ssh(1): Refer to ssh-argv0(1) | 4 | Subject: ssh(1): Refer to ssh-argv0(1) |
@@ -18,10 +18,10 @@ Patch-Name: ssh-argv0.patch | |||
18 | 1 file changed, 1 insertion(+) | 18 | 1 file changed, 1 insertion(+) |
19 | 19 | ||
20 | diff --git a/ssh.1 b/ssh.1 | 20 | diff --git a/ssh.1 b/ssh.1 |
21 | index 566fdba6b..5a31b5dde 100644 | 21 | index 1880c032d..76ddd89b5 100644 |
22 | --- a/ssh.1 | 22 | --- a/ssh.1 |
23 | +++ b/ssh.1 | 23 | +++ b/ssh.1 |
24 | @@ -1613,6 +1613,7 @@ if an error occurred. | 24 | @@ -1632,6 +1632,7 @@ if an error occurred. |
25 | .Xr sftp 1 , | 25 | .Xr sftp 1 , |
26 | .Xr ssh-add 1 , | 26 | .Xr ssh-add 1 , |
27 | .Xr ssh-agent 1 , | 27 | .Xr ssh-agent 1 , |
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch index cc2656bda..f4bedfd7b 100644 --- a/debian/patches/ssh-vulnkey-compat.patch +++ b/debian/patches/ssh-vulnkey-compat.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From 6ed578a01fd61f9c930ef46cfefc467203ddd6c0 Mon Sep 17 00:00:00 2001 | 1 | From 61b4d4c07d19cd0816ab5d48da81a75f7adbdf24 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@ubuntu.com> | 2 | From: Colin Watson <cjwatson@ubuntu.com> |
3 | Date: Sun, 9 Feb 2014 16:09:50 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:50 +0000 |
4 | Subject: Accept obsolete ssh-vulnkey configuration options | 4 | Subject: Accept obsolete ssh-vulnkey configuration options |
@@ -17,7 +17,7 @@ Patch-Name: ssh-vulnkey-compat.patch | |||
17 | 2 files changed, 2 insertions(+) | 17 | 2 files changed, 2 insertions(+) |
18 | 18 | ||
19 | diff --git a/readconf.c b/readconf.c | 19 | diff --git a/readconf.c b/readconf.c |
20 | index fb585e248..2ccc48572 100644 | 20 | index 57dae55d1..b069333fa 100644 |
21 | --- a/readconf.c | 21 | --- a/readconf.c |
22 | +++ b/readconf.c | 22 | +++ b/readconf.c |
23 | @@ -191,6 +191,7 @@ static struct { | 23 | @@ -191,6 +191,7 @@ static struct { |
@@ -29,10 +29,10 @@ index fb585e248..2ccc48572 100644 | |||
29 | { "useroaming", oDeprecated }, | 29 | { "useroaming", oDeprecated }, |
30 | { "usersh", oDeprecated }, | 30 | { "usersh", oDeprecated }, |
31 | diff --git a/servconf.c b/servconf.c | 31 | diff --git a/servconf.c b/servconf.c |
32 | index f38ba9e44..ff5b9436c 100644 | 32 | index ded8f4a87..21abe41ac 100644 |
33 | --- a/servconf.c | 33 | --- a/servconf.c |
34 | +++ b/servconf.c | 34 | +++ b/servconf.c |
35 | @@ -656,6 +656,7 @@ static struct { | 35 | @@ -649,6 +649,7 @@ static struct { |
36 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | 36 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, |
37 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | 37 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, |
38 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | 38 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, |
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch index 273f8069f..d6215dea6 100644 --- a/debian/patches/syslog-level-silent.patch +++ b/debian/patches/syslog-level-silent.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From f2c3eb379d31f24de20dc9a2e0089ed84f52055b Mon Sep 17 00:00:00 2001 | 1 | From 33a5f7aadea15899586710c615408045eaaecebd Mon Sep 17 00:00:00 2001 |
2 | From: Natalie Amery <nmamery@chiark.greenend.org.uk> | 2 | From: Natalie Amery <nmamery@chiark.greenend.org.uk> |
3 | Date: Sun, 9 Feb 2014 16:09:54 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:54 +0000 |
4 | Subject: "LogLevel SILENT" compatibility | 4 | Subject: "LogLevel SILENT" compatibility |
@@ -21,7 +21,7 @@ Patch-Name: syslog-level-silent.patch | |||
21 | 2 files changed, 2 insertions(+), 1 deletion(-) | 21 | 2 files changed, 2 insertions(+), 1 deletion(-) |
22 | 22 | ||
23 | diff --git a/log.c b/log.c | 23 | diff --git a/log.c b/log.c |
24 | index d9c2d136c..1749af6d1 100644 | 24 | index 6b1a7a314..5ebae1480 100644 |
25 | --- a/log.c | 25 | --- a/log.c |
26 | +++ b/log.c | 26 | +++ b/log.c |
27 | @@ -93,6 +93,7 @@ static struct { | 27 | @@ -93,6 +93,7 @@ static struct { |
@@ -33,10 +33,10 @@ index d9c2d136c..1749af6d1 100644 | |||
33 | { "FATAL", SYSLOG_LEVEL_FATAL }, | 33 | { "FATAL", SYSLOG_LEVEL_FATAL }, |
34 | { "ERROR", SYSLOG_LEVEL_ERROR }, | 34 | { "ERROR", SYSLOG_LEVEL_ERROR }, |
35 | diff --git a/ssh.c b/ssh.c | 35 | diff --git a/ssh.c b/ssh.c |
36 | index 4a81ef810..7879d4f4d 100644 | 36 | index bb98a7e2d..aa15b8a1f 100644 |
37 | --- a/ssh.c | 37 | --- a/ssh.c |
38 | +++ b/ssh.c | 38 | +++ b/ssh.c |
39 | @@ -1339,7 +1339,7 @@ main(int ac, char **av) | 39 | @@ -1373,7 +1373,7 @@ main(int ac, char **av) |
40 | /* Do not allocate a tty if stdin is not a tty. */ | 40 | /* Do not allocate a tty if stdin is not a tty. */ |
41 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && | 41 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && |
42 | options.request_tty != REQUEST_TTY_FORCE) { | 42 | options.request_tty != REQUEST_TTY_FORCE) { |
diff --git a/debian/patches/systemd-readiness.patch b/debian/patches/systemd-readiness.patch index a85ed6732..37e98c1dc 100644 --- a/debian/patches/systemd-readiness.patch +++ b/debian/patches/systemd-readiness.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From fe8c9983321154a61f4f06be602f925f1fd24ee7 Mon Sep 17 00:00:00 2001 | 1 | From e8453621b2a26f8d6afec405ff60201749b01e5e Mon Sep 17 00:00:00 2001 |
2 | From: Michael Biebl <biebl@debian.org> | 2 | From: Michael Biebl <biebl@debian.org> |
3 | Date: Mon, 21 Dec 2015 16:08:47 +0000 | 3 | Date: Mon, 21 Dec 2015 16:08:47 +0000 |
4 | Subject: Add systemd readiness notification support | 4 | Subject: Add systemd readiness notification support |
@@ -14,10 +14,10 @@ Patch-Name: systemd-readiness.patch | |||
14 | 2 files changed, 33 insertions(+) | 14 | 2 files changed, 33 insertions(+) |
15 | 15 | ||
16 | diff --git a/configure.ac b/configure.ac | 16 | diff --git a/configure.ac b/configure.ac |
17 | index 812b7218f..7e0584d2c 100644 | 17 | index bb435ec1f..5944299fa 100644 |
18 | --- a/configure.ac | 18 | --- a/configure.ac |
19 | +++ b/configure.ac | 19 | +++ b/configure.ac |
20 | @@ -4730,6 +4730,29 @@ AC_ARG_WITH([kerberos5], | 20 | @@ -4785,6 +4785,29 @@ AC_ARG_WITH([kerberos5], |
21 | AC_SUBST([GSSLIBS]) | 21 | AC_SUBST([GSSLIBS]) |
22 | AC_SUBST([K5LIBS]) | 22 | AC_SUBST([K5LIBS]) |
23 | 23 | ||
@@ -47,7 +47,7 @@ index 812b7218f..7e0584d2c 100644 | |||
47 | # Looking for programs, paths and files | 47 | # Looking for programs, paths and files |
48 | 48 | ||
49 | PRIVSEP_PATH=/var/empty | 49 | PRIVSEP_PATH=/var/empty |
50 | @@ -5542,6 +5565,7 @@ echo " libldns support: $LDNS_MSG" | 50 | @@ -5599,6 +5622,7 @@ echo " libldns support: $LDNS_MSG" |
51 | echo " Solaris process contract support: $SPC_MSG" | 51 | echo " Solaris process contract support: $SPC_MSG" |
52 | echo " Solaris project support: $SP_MSG" | 52 | echo " Solaris project support: $SP_MSG" |
53 | echo " Solaris privilege support: $SPP_MSG" | 53 | echo " Solaris privilege support: $SPP_MSG" |
@@ -56,7 +56,7 @@ index 812b7218f..7e0584d2c 100644 | |||
56 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | 56 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" |
57 | echo " BSD Auth support: $BSD_AUTH_MSG" | 57 | echo " BSD Auth support: $BSD_AUTH_MSG" |
58 | diff --git a/sshd.c b/sshd.c | 58 | diff --git a/sshd.c b/sshd.c |
59 | index baee13506..d2d1877d4 100644 | 59 | index 50f2726bf..fb9b7b7fb 100644 |
60 | --- a/sshd.c | 60 | --- a/sshd.c |
61 | +++ b/sshd.c | 61 | +++ b/sshd.c |
62 | @@ -85,6 +85,10 @@ | 62 | @@ -85,6 +85,10 @@ |
@@ -70,7 +70,7 @@ index baee13506..d2d1877d4 100644 | |||
70 | #include "xmalloc.h" | 70 | #include "xmalloc.h" |
71 | #include "ssh.h" | 71 | #include "ssh.h" |
72 | #include "ssh2.h" | 72 | #include "ssh2.h" |
73 | @@ -2026,6 +2030,11 @@ main(int ac, char **av) | 73 | @@ -2076,6 +2080,11 @@ main(int ac, char **av) |
74 | } | 74 | } |
75 | } | 75 | } |
76 | 76 | ||
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 19c1809d9..8f5a8a383 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
@@ -1,4 +1,4 @@ | |||
1 | From cb72edd9757c469f3b5dc9cde374715ae8b54509 Mon Sep 17 00:00:00 2001 | 1 | From d08cd2b0cfbedf3ccd2ec3adaef850b8d9a87e85 Mon Sep 17 00:00:00 2001 |
2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
3 | Date: Sun, 9 Feb 2014 16:09:58 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:58 +0000 |
4 | Subject: Allow harmless group-writability | 4 | Subject: Allow harmless group-writability |
@@ -51,7 +51,7 @@ index e81321b49..3bcc73766 100644 | |||
51 | pw->pw_name, buf); | 51 | pw->pw_name, buf); |
52 | auth_debug_add("Bad file modes for %.200s", buf); | 52 | auth_debug_add("Bad file modes for %.200s", buf); |
53 | diff --git a/auth.c b/auth.c | 53 | diff --git a/auth.c b/auth.c |
54 | index 687c57b42..aed3c13ac 100644 | 54 | index 3d31ec860..4152d9c44 100644 |
55 | --- a/auth.c | 55 | --- a/auth.c |
56 | +++ b/auth.c | 56 | +++ b/auth.c |
57 | @@ -474,8 +474,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, | 57 | @@ -474,8 +474,7 @@ check_key_in_hostfiles(struct passwd *pw, struct sshkey *key, const char *host, |
@@ -65,10 +65,10 @@ index 687c57b42..aed3c13ac 100644 | |||
65 | "bad owner or modes for %.200s", | 65 | "bad owner or modes for %.200s", |
66 | pw->pw_name, user_hostfile); | 66 | pw->pw_name, user_hostfile); |
67 | diff --git a/misc.c b/misc.c | 67 | diff --git a/misc.c b/misc.c |
68 | index 554ceb0b1..75fe4dfea 100644 | 68 | index 4623b5755..c75a795c2 100644 |
69 | --- a/misc.c | 69 | --- a/misc.c |
70 | +++ b/misc.c | 70 | +++ b/misc.c |
71 | @@ -61,8 +61,9 @@ | 71 | @@ -55,8 +55,9 @@ |
72 | #include <netdb.h> | 72 | #include <netdb.h> |
73 | #ifdef HAVE_PATHS_H | 73 | #ifdef HAVE_PATHS_H |
74 | # include <paths.h> | 74 | # include <paths.h> |
@@ -79,8 +79,8 @@ index 554ceb0b1..75fe4dfea 100644 | |||
79 | #ifdef SSH_TUN_OPENBSD | 79 | #ifdef SSH_TUN_OPENBSD |
80 | #include <net/if.h> | 80 | #include <net/if.h> |
81 | #endif | 81 | #endif |
82 | @@ -1124,6 +1125,55 @@ percent_expand(const char *string, ...) | 82 | @@ -1271,6 +1272,55 @@ percent_dollar_expand(const char *string, ...) |
83 | #undef EXPAND_MAX_KEYS | 83 | return ret; |
84 | } | 84 | } |
85 | 85 | ||
86 | +int | 86 | +int |
@@ -135,7 +135,7 @@ index 554ceb0b1..75fe4dfea 100644 | |||
135 | int | 135 | int |
136 | tun_open(int tun, int mode, char **ifname) | 136 | tun_open(int tun, int mode, char **ifname) |
137 | { | 137 | { |
138 | @@ -1909,8 +1959,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, | 138 | @@ -2056,8 +2106,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, |
139 | snprintf(err, errlen, "%s is not a regular file", buf); | 139 | snprintf(err, errlen, "%s is not a regular file", buf); |
140 | return -1; | 140 | return -1; |
141 | } | 141 | } |
@@ -145,7 +145,7 @@ index 554ceb0b1..75fe4dfea 100644 | |||
145 | snprintf(err, errlen, "bad ownership or modes for file %s", | 145 | snprintf(err, errlen, "bad ownership or modes for file %s", |
146 | buf); | 146 | buf); |
147 | return -1; | 147 | return -1; |
148 | @@ -1925,8 +1974,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, | 148 | @@ -2072,8 +2121,7 @@ safe_path(const char *name, struct stat *stp, const char *pw_dir, |
149 | strlcpy(buf, cp, sizeof(buf)); | 149 | strlcpy(buf, cp, sizeof(buf)); |
150 | 150 | ||
151 | if (stat(buf, &st) == -1 || | 151 | if (stat(buf, &st) == -1 || |
@@ -156,10 +156,10 @@ index 554ceb0b1..75fe4dfea 100644 | |||
156 | "bad ownership or modes for directory %s", buf); | 156 | "bad ownership or modes for directory %s", buf); |
157 | return -1; | 157 | return -1; |
158 | diff --git a/misc.h b/misc.h | 158 | diff --git a/misc.h b/misc.h |
159 | index 4a05db2da..5db594b91 100644 | 159 | index ab94a79c0..b34c798e7 100644 |
160 | --- a/misc.h | 160 | --- a/misc.h |
161 | +++ b/misc.h | 161 | +++ b/misc.h |
162 | @@ -188,6 +188,8 @@ struct notifier_ctx *notify_start(int, const char *, ...) | 162 | @@ -192,6 +192,8 @@ struct notifier_ctx *notify_start(int, const char *, ...) |
163 | __attribute__((format(printf, 2, 3))); | 163 | __attribute__((format(printf, 2, 3))); |
164 | void notify_complete(struct notifier_ctx *); | 164 | void notify_complete(struct notifier_ctx *); |
165 | 165 | ||
@@ -169,10 +169,10 @@ index 4a05db2da..5db594b91 100644 | |||
169 | #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) | 169 | #define MAXIMUM(a, b) (((a) > (b)) ? (a) : (b)) |
170 | #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) | 170 | #define ROUNDUP(x, y) ((((x)+((y)-1))/(y))*(y)) |
171 | diff --git a/readconf.c b/readconf.c | 171 | diff --git a/readconf.c b/readconf.c |
172 | index 431243193..5bf0afbb4 100644 | 172 | index 3d0a812b3..f4f273c96 100644 |
173 | --- a/readconf.c | 173 | --- a/readconf.c |
174 | +++ b/readconf.c | 174 | +++ b/readconf.c |
175 | @@ -1926,8 +1926,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, | 175 | @@ -1967,8 +1967,7 @@ read_config_file_depth(const char *filename, struct passwd *pw, |
176 | 176 | ||
177 | if (fstat(fileno(f), &sb) == -1) | 177 | if (fstat(fileno(f), &sb) == -1) |
178 | fatal("fstat %s: %s", filename, strerror(errno)); | 178 | fatal("fstat %s: %s", filename, strerror(errno)); |
@@ -183,10 +183,10 @@ index 431243193..5bf0afbb4 100644 | |||
183 | } | 183 | } |
184 | 184 | ||
185 | diff --git a/ssh.1 b/ssh.1 | 185 | diff --git a/ssh.1 b/ssh.1 |
186 | index 7a3ba31ab..a80be8efe 100644 | 186 | index be8e964f0..5d613076c 100644 |
187 | --- a/ssh.1 | 187 | --- a/ssh.1 |
188 | +++ b/ssh.1 | 188 | +++ b/ssh.1 |
189 | @@ -1509,6 +1509,8 @@ The file format and configuration options are described in | 189 | @@ -1528,6 +1528,8 @@ The file format and configuration options are described in |
190 | .Xr ssh_config 5 . | 190 | .Xr ssh_config 5 . |
191 | Because of the potential for abuse, this file must have strict permissions: | 191 | Because of the potential for abuse, this file must have strict permissions: |
192 | read/write for the user, and not writable by others. | 192 | read/write for the user, and not writable by others. |
@@ -196,10 +196,10 @@ index 7a3ba31ab..a80be8efe 100644 | |||
196 | .It Pa ~/.ssh/environment | 196 | .It Pa ~/.ssh/environment |
197 | Contains additional definitions for environment variables; see | 197 | Contains additional definitions for environment variables; see |
198 | diff --git a/ssh_config.5 b/ssh_config.5 | 198 | diff --git a/ssh_config.5 b/ssh_config.5 |
199 | index 85ab7447f..d814147d4 100644 | 199 | index 3ceb800ba..190e1d927 100644 |
200 | --- a/ssh_config.5 | 200 | --- a/ssh_config.5 |
201 | +++ b/ssh_config.5 | 201 | +++ b/ssh_config.5 |
202 | @@ -1957,6 +1957,8 @@ The format of this file is described above. | 202 | @@ -2010,6 +2010,8 @@ The format of this file is described above. |
203 | This file is used by the SSH client. | 203 | This file is used by the SSH client. |
204 | Because of the potential for abuse, this file must have strict permissions: | 204 | Because of the potential for abuse, this file must have strict permissions: |
205 | read/write for the user, and not writable by others. | 205 | read/write for the user, and not writable by others. |