diff options
Diffstat (limited to 'debian')
21 files changed, 47 insertions, 165 deletions
diff --git a/debian/changelog b/debian/changelog index 29a5c76f2..a116a76eb 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,16 @@ | |||
1 | openssh (1:5.5p1-1) UNRELEASED; urgency=low | ||
2 | |||
3 | * New upstream release: | ||
4 | - Unbreak sshd_config's AuthorizedKeysFile option for $HOME-relative | ||
5 | paths. | ||
6 | - Include a language tag when sending a protocol 2 disconnection | ||
7 | message. | ||
8 | - Make logging of certificates used for user authentication more clear | ||
9 | and consistent between CAs specified using TrustedUserCAKeys and | ||
10 | authorized_keys. | ||
11 | |||
12 | -- Colin Watson <cjwatson@ubuntu.com> Fri, 16 Apr 2010 10:21:10 +0100 | ||
13 | |||
1 | openssh (1:5.4p1-2) unstable; urgency=low | 14 | openssh (1:5.4p1-2) unstable; urgency=low |
2 | 15 | ||
3 | * Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 is | 16 | * Borrow patch from Fedora to add DNSSEC support: if glibc 2.11 is |
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch index 32b1dcc72..34535f001 100644 --- a/debian/patches/authorized-keys-man-symlink.patch +++ b/debian/patches/authorized-keys-man-symlink.patch | |||
@@ -8,7 +8,7 @@ Index: b/Makefile.in | |||
8 | =================================================================== | 8 | =================================================================== |
9 | --- a/Makefile.in | 9 | --- a/Makefile.in |
10 | +++ b/Makefile.in | 10 | +++ b/Makefile.in |
11 | @@ -285,6 +285,7 @@ | 11 | @@ -284,6 +284,7 @@ |
12 | $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 | 12 | $(INSTALL) -m 644 sshd_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/sshd_config.5 |
13 | $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 | 13 | $(INSTALL) -m 644 ssh_config.5.out $(DESTDIR)$(mandir)/$(mansubdir)5/ssh_config.5 |
14 | $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 | 14 | $(INSTALL) -m 644 sshd.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sshd.8 |
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index c0567f264..e608bd20d 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch | |||
@@ -43,7 +43,7 @@ Index: b/servconf.c | |||
43 | { NULL, sBadOption, 0 } | 43 | { NULL, sBadOption, 0 } |
44 | }; | 44 | }; |
45 | 45 | ||
46 | @@ -1377,6 +1382,10 @@ | 46 | @@ -1386,6 +1391,10 @@ |
47 | charptr = &options->revoked_keys_file; | 47 | charptr = &options->revoked_keys_file; |
48 | goto parse_filename; | 48 | goto parse_filename; |
49 | 49 | ||
diff --git a/debian/patches/doc-connection-sharing.patch b/debian/patches/doc-connection-sharing.patch deleted file mode 100644 index d08f3d01f..000000000 --- a/debian/patches/doc-connection-sharing.patch +++ /dev/null | |||
@@ -1,23 +0,0 @@ | |||
1 | Description: ssh(1): Document that '-S none' disables connection sharing. | ||
2 | Author: martin f krafft <madduck@debian.org> | ||
3 | Author: Colin Watson <cjwatson@debian.org> | ||
4 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1724 | ||
5 | Bug-Debian: http://bugs.debian.org/471437 | ||
6 | Last-Update: 2010-03-01 | ||
7 | |||
8 | Index: b/ssh.1 | ||
9 | =================================================================== | ||
10 | --- a/ssh.1 | ||
11 | +++ b/ssh.1 | ||
12 | @@ -558,7 +558,10 @@ | ||
13 | the listen port will be dynamically allocated on the server and reported | ||
14 | to the client at run time. | ||
15 | .It Fl S Ar ctl_path | ||
16 | -Specifies the location of a control socket for connection sharing. | ||
17 | +Specifies the location of a control socket for connection sharing, | ||
18 | +or the string | ||
19 | +.Dq none | ||
20 | +to disable connection sharing. | ||
21 | Refer to the description of | ||
22 | .Cm ControlPath | ||
23 | and | ||
diff --git a/debian/patches/gnome-ssh-askpass2-link.patch b/debian/patches/gnome-ssh-askpass2-link.patch deleted file mode 100644 index 6b9909641..000000000 --- a/debian/patches/gnome-ssh-askpass2-link.patch +++ /dev/null | |||
@@ -1,23 +0,0 @@ | |||
1 | Description: Use x11.pc when compiling/linking gnome-ssh-askpass2 | ||
2 | This fixes linking with binutils-gold. | ||
3 | Author: Colin Watson <cjwatson@debian.org> | ||
4 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1725 | ||
5 | Bug-Debian: http://bugs.debian.org/555951 | ||
6 | Last-Update: 2010-03-01 | ||
7 | |||
8 | Index: b/contrib/Makefile | ||
9 | =================================================================== | ||
10 | --- a/contrib/Makefile | ||
11 | +++ b/contrib/Makefile | ||
12 | @@ -7,9 +7,9 @@ | ||
13 | `gnome-config --libs gnome gnomeui` | ||
14 | |||
15 | gnome-ssh-askpass2: gnome-ssh-askpass2.c | ||
16 | - $(CC) `pkg-config --cflags gtk+-2.0` \ | ||
17 | + $(CC) `pkg-config --cflags gtk+-2.0 x11` \ | ||
18 | gnome-ssh-askpass2.c -o gnome-ssh-askpass2 \ | ||
19 | - `pkg-config --libs gtk+-2.0` | ||
20 | + `pkg-config --libs gtk+-2.0 x11` | ||
21 | |||
22 | clean: | ||
23 | rm -f *.o gnome-ssh-askpass1 gnome-ssh-askpass2 gnome-ssh-askpass | ||
diff --git a/debian/patches/gssapi-autoconf.patch b/debian/patches/gssapi-autoconf.patch index 5ef959de7..3ea221834 100644 --- a/debian/patches/gssapi-autoconf.patch +++ b/debian/patches/gssapi-autoconf.patch | |||
@@ -7,7 +7,7 @@ Index: b/config.h.in | |||
7 | =================================================================== | 7 | =================================================================== |
8 | --- a/config.h.in | 8 | --- a/config.h.in |
9 | +++ b/config.h.in | 9 | +++ b/config.h.in |
10 | @@ -1378,6 +1378,9 @@ | 10 | @@ -1384,6 +1384,9 @@ |
11 | /* Use btmp to log bad logins */ | 11 | /* Use btmp to log bad logins */ |
12 | #undef USE_BTMP | 12 | #undef USE_BTMP |
13 | 13 | ||
@@ -17,7 +17,7 @@ Index: b/config.h.in | |||
17 | /* Use libedit for sftp */ | 17 | /* Use libedit for sftp */ |
18 | #undef USE_LIBEDIT | 18 | #undef USE_LIBEDIT |
19 | 19 | ||
20 | @@ -1390,6 +1393,9 @@ | 20 | @@ -1396,6 +1399,9 @@ |
21 | /* Use PIPES instead of a socketpair() */ | 21 | /* Use PIPES instead of a socketpair() */ |
22 | #undef USE_PIPES | 22 | #undef USE_PIPES |
23 | 23 | ||
diff --git a/debian/patches/gssapi-dump.patch b/debian/patches/gssapi-dump.patch index 9ed033359..6e09df484 100644 --- a/debian/patches/gssapi-dump.patch +++ b/debian/patches/gssapi-dump.patch | |||
@@ -11,7 +11,7 @@ Index: b/servconf.c | |||
11 | =================================================================== | 11 | =================================================================== |
12 | --- a/servconf.c | 12 | --- a/servconf.c |
13 | +++ b/servconf.c | 13 | +++ b/servconf.c |
14 | @@ -1668,7 +1668,10 @@ | 14 | @@ -1677,7 +1677,10 @@ |
15 | #endif | 15 | #endif |
16 | #ifdef GSSAPI | 16 | #ifdef GSSAPI |
17 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 17 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index 5c1b83415..e39239fbd 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
@@ -1918,7 +1918,7 @@ Index: b/key.c | |||
1918 | =================================================================== | 1918 | =================================================================== |
1919 | --- a/key.c | 1919 | --- a/key.c |
1920 | +++ b/key.c | 1920 | +++ b/key.c |
1921 | @@ -969,6 +969,8 @@ | 1921 | @@ -982,6 +982,8 @@ |
1922 | return KEY_RSA_CERT; | 1922 | return KEY_RSA_CERT; |
1923 | } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { | 1923 | } else if (strcmp(name, "ssh-dss-cert-v00@openssh.com") == 0) { |
1924 | return KEY_DSA_CERT; | 1924 | return KEY_DSA_CERT; |
@@ -2387,7 +2387,7 @@ Index: b/servconf.c | |||
2387 | #endif | 2387 | #endif |
2388 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 2388 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
2389 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 2389 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
2390 | @@ -925,10 +942,22 @@ | 2390 | @@ -924,10 +941,22 @@ |
2391 | intptr = &options->gss_authentication; | 2391 | intptr = &options->gss_authentication; |
2392 | goto parse_flag; | 2392 | goto parse_flag; |
2393 | 2393 | ||
diff --git a/debian/patches/hurd-epfnosupport.patch b/debian/patches/hurd-epfnosupport.patch deleted file mode 100644 index e06b46309..000000000 --- a/debian/patches/hurd-epfnosupport.patch +++ /dev/null | |||
@@ -1,24 +0,0 @@ | |||
1 | Description: Fix X forwarding on the Hurd | ||
2 | socket() may return EPFNOSUPPORT, which != EAFNOSUPPORT on the Hurd. | ||
3 | Author: Robert Bihlmeyer <robbe@orcus.priv.at> | ||
4 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1721 | ||
5 | Bug-Debian: http://bugs.debian.org/102991 | ||
6 | Last-Update: 2010-03-01 | ||
7 | |||
8 | Index: b/channels.c | ||
9 | =================================================================== | ||
10 | --- a/channels.c | ||
11 | +++ b/channels.c | ||
12 | @@ -3252,7 +3252,11 @@ | ||
13 | sock = socket(ai->ai_family, ai->ai_socktype, | ||
14 | ai->ai_protocol); | ||
15 | if (sock < 0) { | ||
16 | - if ((errno != EINVAL) && (errno != EAFNOSUPPORT)) { | ||
17 | + if ((errno != EINVAL) && (errno != EAFNOSUPPORT) | ||
18 | +#ifdef EPFNOSUPPORT | ||
19 | + && (errno != EPFNOSUPPORT) | ||
20 | +#endif | ||
21 | + ) { | ||
22 | error("socket: %.100s", strerror(errno)); | ||
23 | freeaddrinfo(aitop); | ||
24 | return -1; | ||
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch index 55d07e0d6..36335f475 100644 --- a/debian/patches/keepalive-extensions.patch +++ b/debian/patches/keepalive-extensions.patch | |||
@@ -68,8 +68,8 @@ Index: b/ssh_config.5 | |||
68 | If set to | 68 | If set to |
69 | .Dq yes , | 69 | .Dq yes , |
70 | passphrase/password querying will be disabled. | 70 | passphrase/password querying will be disabled. |
71 | +In addition, the | 71 | +In addition, the |
72 | +.Cm ServerAliveInterval | 72 | +.Cm ServerAliveInterval |
73 | +option will be set to 300 seconds by default. | 73 | +option will be set to 300 seconds by default. |
74 | This option is useful in scripts and other batch jobs where no user | 74 | This option is useful in scripts and other batch jobs where no user |
75 | -is present to supply the password. | 75 | -is present to supply the password. |
@@ -78,7 +78,7 @@ Index: b/ssh_config.5 | |||
78 | The argument must be | 78 | The argument must be |
79 | .Dq yes | 79 | .Dq yes |
80 | or | 80 | or |
81 | @@ -967,8 +971,15 @@ | 81 | @@ -963,8 +967,15 @@ |
82 | will send a message through the encrypted | 82 | will send a message through the encrypted |
83 | channel to request a response from the server. | 83 | channel to request a response from the server. |
84 | The default | 84 | The default |
@@ -95,7 +95,7 @@ Index: b/ssh_config.5 | |||
95 | .It Cm StrictHostKeyChecking | 95 | .It Cm StrictHostKeyChecking |
96 | If this flag is set to | 96 | If this flag is set to |
97 | .Dq yes , | 97 | .Dq yes , |
98 | @@ -1007,6 +1018,12 @@ | 98 | @@ -1003,6 +1014,12 @@ |
99 | other side. | 99 | other side. |
100 | If they are sent, death of the connection or crash of one | 100 | If they are sent, death of the connection or crash of one |
101 | of the machines will be properly noticed. | 101 | of the machines will be properly noticed. |
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch index 5949e3b94..955d38b50 100644 --- a/debian/patches/lintian-symlink-pickiness.patch +++ b/debian/patches/lintian-symlink-pickiness.patch | |||
@@ -9,7 +9,7 @@ Index: b/Makefile.in | |||
9 | =================================================================== | 9 | =================================================================== |
10 | --- a/Makefile.in | 10 | --- a/Makefile.in |
11 | +++ b/Makefile.in | 11 | +++ b/Makefile.in |
12 | @@ -295,9 +295,9 @@ | 12 | @@ -294,9 +294,9 @@ |
13 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 13 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
14 | $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 | 14 | $(INSTALL) -m 644 ssh-vulnkey.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-vulnkey.1 |
15 | -rm -f $(DESTDIR)$(bindir)/slogin | 15 | -rm -f $(DESTDIR)$(bindir)/slogin |
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch index 0898c6ed3..dea370a1b 100644 --- a/debian/patches/openbsd-docs.patch +++ b/debian/patches/openbsd-docs.patch | |||
@@ -45,7 +45,7 @@ Index: b/ssh-keygen.1 | |||
45 | .Pp | 45 | .Pp |
46 | Normally this program generates the key and asks for a file in which | 46 | Normally this program generates the key and asks for a file in which |
47 | to store the private key. | 47 | to store the private key. |
48 | @@ -368,9 +366,7 @@ | 48 | @@ -367,9 +365,7 @@ |
49 | .It Fl q | 49 | .It Fl q |
50 | Silence | 50 | Silence |
51 | .Nm ssh-keygen . | 51 | .Nm ssh-keygen . |
@@ -60,7 +60,7 @@ Index: b/ssh.1 | |||
60 | =================================================================== | 60 | =================================================================== |
61 | --- a/ssh.1 | 61 | --- a/ssh.1 |
62 | +++ b/ssh.1 | 62 | +++ b/ssh.1 |
63 | @@ -759,6 +759,10 @@ | 63 | @@ -762,6 +762,10 @@ |
64 | .Sx HISTORY | 64 | .Sx HISTORY |
65 | section of | 65 | section of |
66 | .Xr ssl 8 | 66 | .Xr ssl 8 |
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch index b1162bfec..f45cc6968 100644 --- a/debian/patches/package-versioning.patch +++ b/debian/patches/package-versioning.patch | |||
@@ -38,7 +38,7 @@ Index: b/version.h | |||
38 | --- a/version.h | 38 | --- a/version.h |
39 | +++ b/version.h | 39 | +++ b/version.h |
40 | @@ -3,4 +3,9 @@ | 40 | @@ -3,4 +3,9 @@ |
41 | #define SSH_VERSION "OpenSSH_5.4" | 41 | #define SSH_VERSION "OpenSSH_5.5" |
42 | 42 | ||
43 | #define SSH_PORTABLE "p1" | 43 | #define SSH_PORTABLE "p1" |
44 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 44 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch index 572a6e67c..96a26cf7e 100644 --- a/debian/patches/quieter-signals.patch +++ b/debian/patches/quieter-signals.patch | |||
@@ -16,7 +16,7 @@ Index: b/clientloop.c | |||
16 | =================================================================== | 16 | =================================================================== |
17 | --- a/clientloop.c | 17 | --- a/clientloop.c |
18 | +++ b/clientloop.c | 18 | +++ b/clientloop.c |
19 | @@ -1529,8 +1529,10 @@ | 19 | @@ -1530,8 +1530,10 @@ |
20 | exit_status = 0; | 20 | exit_status = 0; |
21 | } | 21 | } |
22 | 22 | ||
diff --git a/debian/patches/selinux-fix-chroot-directory.patch b/debian/patches/selinux-fix-chroot-directory.patch deleted file mode 100644 index 03942392b..000000000 --- a/debian/patches/selinux-fix-chroot-directory.patch +++ /dev/null | |||
@@ -1,36 +0,0 @@ | |||
1 | Description: Make ChrootDirectory work with SELinux | ||
2 | After chroot() is called the SE Linux context setting won't work unless | ||
3 | /selinux and /proc are mounted in the chroot environment. Even worse, if | ||
4 | the user has control over the chroot environment then they may be able to | ||
5 | control the context that they get (I haven't verified this). | ||
6 | Author: Russell Coker <russell@coker.com.au> | ||
7 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1726 | ||
8 | Bug-Debian: http://bugs.debian.org/556644 | ||
9 | Last-Update: 2010-03-01 | ||
10 | |||
11 | Index: b/session.c | ||
12 | =================================================================== | ||
13 | --- a/session.c | ||
14 | +++ b/session.c | ||
15 | @@ -1551,6 +1551,10 @@ | ||
16 | } | ||
17 | #endif /* HAVE_SETPCRED */ | ||
18 | |||
19 | +#ifdef WITH_SELINUX | ||
20 | + ssh_selinux_setup_exec_context(pw->pw_name); | ||
21 | +#endif | ||
22 | + | ||
23 | if (options.chroot_directory != NULL && | ||
24 | strcasecmp(options.chroot_directory, "none") != 0) { | ||
25 | tmp = tilde_expand_filename(options.chroot_directory, | ||
26 | @@ -1575,10 +1579,6 @@ | ||
27 | |||
28 | if (getuid() != pw->pw_uid || geteuid() != pw->pw_uid) | ||
29 | fatal("Failed to set uids to %u.", (u_int) pw->pw_uid); | ||
30 | - | ||
31 | -#ifdef WITH_SELINUX | ||
32 | - ssh_selinux_setup_exec_context(pw->pw_name); | ||
33 | -#endif | ||
34 | } | ||
35 | |||
36 | static void | ||
diff --git a/debian/patches/series b/debian/patches/series index a75b0a0f5..699dbaa98 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -6,7 +6,6 @@ gssapi-dump.patch | |||
6 | 6 | ||
7 | # SELinux | 7 | # SELinux |
8 | selinux-role.patch | 8 | selinux-role.patch |
9 | selinux-fix-chroot-directory.patch | ||
10 | 9 | ||
11 | # Key blacklisting | 10 | # Key blacklisting |
12 | ssh-vulnkey.patch | 11 | ssh-vulnkey.patch |
@@ -21,12 +20,9 @@ quieter-signals.patch | |||
21 | helpful-wait-terminate.patch | 20 | helpful-wait-terminate.patch |
22 | 21 | ||
23 | # Miscellaneous bug fixes | 22 | # Miscellaneous bug fixes |
24 | gnome-ssh-askpass2-link.patch | ||
25 | user-group-modes.patch | 23 | user-group-modes.patch |
26 | hurd-epfnosupport.patch | ||
27 | scp-quoting.patch | 24 | scp-quoting.patch |
28 | shell-path.patch | 25 | shell-path.patch |
29 | ssh-copy-id-status-check.patch | ||
30 | ssh-copy-id-trailing-colons.patch | 26 | ssh-copy-id-trailing-colons.patch |
31 | dnssec-sshfp.patch | 27 | dnssec-sshfp.patch |
32 | 28 | ||
@@ -41,7 +37,6 @@ lintian-symlink-pickiness.patch | |||
41 | # Documentation | 37 | # Documentation |
42 | openbsd-docs.patch | 38 | openbsd-docs.patch |
43 | ssh-argv0.patch | 39 | ssh-argv0.patch |
44 | doc-connection-sharing.patch | ||
45 | doc-hash-tab-completion.patch | 40 | doc-hash-tab-completion.patch |
46 | 41 | ||
47 | # Debian-specific configuration | 42 | # Debian-specific configuration |
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch index 7caeff704..851687dfd 100644 --- a/debian/patches/ssh-argv0.patch +++ b/debian/patches/ssh-argv0.patch | |||
@@ -11,7 +11,7 @@ Index: b/ssh.1 | |||
11 | =================================================================== | 11 | =================================================================== |
12 | --- a/ssh.1 | 12 | --- a/ssh.1 |
13 | +++ b/ssh.1 | 13 | +++ b/ssh.1 |
14 | @@ -1427,6 +1427,7 @@ | 14 | @@ -1430,6 +1430,7 @@ |
15 | .Xr sftp 1 , | 15 | .Xr sftp 1 , |
16 | .Xr ssh-add 1 , | 16 | .Xr ssh-add 1 , |
17 | .Xr ssh-agent 1 , | 17 | .Xr ssh-agent 1 , |
diff --git a/debian/patches/ssh-copy-id-status-check.patch b/debian/patches/ssh-copy-id-status-check.patch deleted file mode 100644 index efc76d0fc..000000000 --- a/debian/patches/ssh-copy-id-status-check.patch +++ /dev/null | |||
@@ -1,20 +0,0 @@ | |||
1 | Description: ssh-copy-id: Check exit status of 'ssh-add -L' | ||
2 | This fixes behaviour when an agent is running with no identities loaded. | ||
3 | Author: Adeodato Simó <asp16@alu.ua.es> | ||
4 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1723 | ||
5 | Bug-Debian: http://bugs.debian.org/221675 | ||
6 | Last-Update: 2010-03-01 | ||
7 | |||
8 | Index: b/contrib/ssh-copy-id | ||
9 | =================================================================== | ||
10 | --- a/contrib/ssh-copy-id | ||
11 | +++ b/contrib/ssh-copy-id | ||
12 | @@ -19,7 +19,7 @@ | ||
13 | shift # and this should leave $1 as the target name | ||
14 | fi | ||
15 | else | ||
16 | - if [ x$SSH_AUTH_SOCK != x ] ; then | ||
17 | + if [ x$SSH_AUTH_SOCK != x ] && ssh-add -L >/dev/null 2>&1; then | ||
18 | GET_ID="$GET_ID ssh-add -L" | ||
19 | fi | ||
20 | fi | ||
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch index 73a30186b..af56dc031 100644 --- a/debian/patches/ssh-vulnkey.patch +++ b/debian/patches/ssh-vulnkey.patch | |||
@@ -62,15 +62,15 @@ Index: b/Makefile.in | |||
62 | # test driver for the loginrec code - not built by default | 62 | # test driver for the loginrec code - not built by default |
63 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o | 63 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o |
64 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) | 64 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) |
65 | @@ -269,6 +274,7 @@ | 65 | @@ -268,6 +273,7 @@ |
66 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper $(DESTDIR)$(SSH_PKCS11_HELPER) | 66 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) |
67 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp $(DESTDIR)$(bindir)/sftp | 67 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
68 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server $(DESTDIR)$(SFTP_SERVER) | 68 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
69 | + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-vulnkey $(DESTDIR)$(bindir)/ssh-vulnkey | 69 | + $(INSTALL) -m 0755 $(STRIP_OPT) ssh-vulnkey$(EXEEXT) $(DESTDIR)$(bindir)/ssh-vulnkey$(EXEEXT) |
70 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 | 70 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 |
71 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 | 71 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 |
72 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 | 72 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 |
73 | @@ -286,6 +292,7 @@ | 73 | @@ -285,6 +291,7 @@ |
74 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 74 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
75 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 | 75 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 |
76 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 76 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
@@ -78,7 +78,7 @@ Index: b/Makefile.in | |||
78 | -rm -f $(DESTDIR)$(bindir)/slogin | 78 | -rm -f $(DESTDIR)$(bindir)/slogin |
79 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | 79 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin |
80 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | 80 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
81 | @@ -367,6 +374,7 @@ | 81 | @@ -366,6 +373,7 @@ |
82 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) | 82 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) |
83 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) | 83 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) |
84 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) | 84 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) |
@@ -86,7 +86,7 @@ Index: b/Makefile.in | |||
86 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) | 86 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
87 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) | 87 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) |
88 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | 88 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
89 | @@ -380,6 +388,7 @@ | 89 | @@ -379,6 +387,7 @@ |
90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 | 90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 |
91 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 | 91 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 |
92 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 | 92 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 |
@@ -198,7 +198,7 @@ Index: b/auth2-pubkey.c | |||
198 | =================================================================== | 198 | =================================================================== |
199 | --- a/auth2-pubkey.c | 199 | --- a/auth2-pubkey.c |
200 | +++ b/auth2-pubkey.c | 200 | +++ b/auth2-pubkey.c |
201 | @@ -325,9 +325,10 @@ | 201 | @@ -328,9 +328,10 @@ |
202 | int success; | 202 | int success; |
203 | char *file; | 203 | char *file; |
204 | 204 | ||
@@ -498,7 +498,7 @@ Index: b/servconf.c | |||
498 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, | 498 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, |
499 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 499 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
500 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 500 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
501 | @@ -1010,6 +1014,10 @@ | 501 | @@ -1009,6 +1013,10 @@ |
502 | intptr = &options->tcp_keep_alive; | 502 | intptr = &options->tcp_keep_alive; |
503 | goto parse_flag; | 503 | goto parse_flag; |
504 | 504 | ||
@@ -509,7 +509,7 @@ Index: b/servconf.c | |||
509 | case sEmptyPasswd: | 509 | case sEmptyPasswd: |
510 | intptr = &options->permit_empty_passwd; | 510 | intptr = &options->permit_empty_passwd; |
511 | goto parse_flag; | 511 | goto parse_flag; |
512 | @@ -1688,6 +1696,7 @@ | 512 | @@ -1697,6 +1705,7 @@ |
513 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 513 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
514 | dump_cfg_fmtint(sStrictModes, o->strict_modes); | 514 | dump_cfg_fmtint(sStrictModes, o->strict_modes); |
515 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); | 515 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); |
@@ -584,7 +584,7 @@ Index: b/ssh-keygen.1 | |||
584 | =================================================================== | 584 | =================================================================== |
585 | --- a/ssh-keygen.1 | 585 | --- a/ssh-keygen.1 |
586 | +++ b/ssh-keygen.1 | 586 | +++ b/ssh-keygen.1 |
587 | @@ -629,6 +629,7 @@ | 587 | @@ -628,6 +628,7 @@ |
588 | .Xr ssh 1 , | 588 | .Xr ssh 1 , |
589 | .Xr ssh-add 1 , | 589 | .Xr ssh-add 1 , |
590 | .Xr ssh-agent 1 , | 590 | .Xr ssh-agent 1 , |
@@ -1236,7 +1236,7 @@ Index: b/ssh.1 | |||
1236 | =================================================================== | 1236 | =================================================================== |
1237 | --- a/ssh.1 | 1237 | --- a/ssh.1 |
1238 | +++ b/ssh.1 | 1238 | +++ b/ssh.1 |
1239 | @@ -1423,6 +1423,7 @@ | 1239 | @@ -1426,6 +1426,7 @@ |
1240 | .Xr ssh-agent 1 , | 1240 | .Xr ssh-agent 1 , |
1241 | .Xr ssh-keygen 1 , | 1241 | .Xr ssh-keygen 1 , |
1242 | .Xr ssh-keyscan 1 , | 1242 | .Xr ssh-keyscan 1 , |
@@ -1284,7 +1284,7 @@ Index: b/ssh_config.5 | |||
1284 | =================================================================== | 1284 | =================================================================== |
1285 | --- a/ssh_config.5 | 1285 | --- a/ssh_config.5 |
1286 | +++ b/ssh_config.5 | 1286 | +++ b/ssh_config.5 |
1287 | @@ -1055,6 +1055,23 @@ | 1287 | @@ -1051,6 +1051,23 @@ |
1288 | .Dq any . | 1288 | .Dq any . |
1289 | The default is | 1289 | The default is |
1290 | .Dq any:any . | 1290 | .Dq any:any . |
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch index ccd9a668e..7682c0761 100644 --- a/debian/patches/ssh1-keepalive.patch +++ b/debian/patches/ssh1-keepalive.patch | |||
@@ -52,7 +52,7 @@ Index: b/ssh_config.5 | |||
52 | =================================================================== | 52 | =================================================================== |
53 | --- a/ssh_config.5 | 53 | --- a/ssh_config.5 |
54 | +++ b/ssh_config.5 | 54 | +++ b/ssh_config.5 |
55 | @@ -956,7 +956,10 @@ | 55 | @@ -952,7 +952,10 @@ |
56 | .Cm ServerAliveCountMax | 56 | .Cm ServerAliveCountMax |
57 | is left at the default, if the server becomes unresponsive, | 57 | is left at the default, if the server becomes unresponsive, |
58 | ssh will disconnect after approximately 45 seconds. | 58 | ssh will disconnect after approximately 45 seconds. |
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 22cb3084a..4d7ebe566 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
@@ -60,7 +60,7 @@ Index: b/ssh.1 | |||
60 | =================================================================== | 60 | =================================================================== |
61 | --- a/ssh.1 | 61 | --- a/ssh.1 |
62 | +++ b/ssh.1 | 62 | +++ b/ssh.1 |
63 | @@ -1321,6 +1321,8 @@ | 63 | @@ -1324,6 +1324,8 @@ |
64 | .Xr ssh_config 5 . | 64 | .Xr ssh_config 5 . |
65 | Because of the potential for abuse, this file must have strict permissions: | 65 | Because of the potential for abuse, this file must have strict permissions: |
66 | read/write for the user, and not accessible by others. | 66 | read/write for the user, and not accessible by others. |
@@ -73,7 +73,7 @@ Index: b/ssh_config.5 | |||
73 | =================================================================== | 73 | =================================================================== |
74 | --- a/ssh_config.5 | 74 | --- a/ssh_config.5 |
75 | +++ b/ssh_config.5 | 75 | +++ b/ssh_config.5 |
76 | @@ -1208,6 +1208,8 @@ | 76 | @@ -1204,6 +1204,8 @@ |
77 | This file is used by the SSH client. | 77 | This file is used by the SSH client. |
78 | Because of the potential for abuse, this file must have strict permissions: | 78 | Because of the potential for abuse, this file must have strict permissions: |
79 | read/write for the user, and not accessible by others. | 79 | read/write for the user, and not accessible by others. |