diff options
Diffstat (limited to 'debian')
33 files changed, 247 insertions, 322 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm index 3deb8d58e..cd9486a07 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm | |||
| @@ -1,7 +1,7 @@ | |||
| 1 | # see git-dpm(1) from git-dpm package | 1 | # see git-dpm(1) from git-dpm package |
| 2 | 6dbd954a28d3fc2631f1c0b42c23452e1e493e6f | 2 | 9cbb60f5e4932634db04c330c88abc49cc5567bd |
| 3 | 6dbd954a28d3fc2631f1c0b42c23452e1e493e6f | 3 | 9cbb60f5e4932634db04c330c88abc49cc5567bd |
| 4 | 9a975a9faed7c4f334e8c8490db3e77e102f2b21 | 4 | 796ba4fd011b5d0d9d78d592ba2f30fc9d5ed2e7 |
| 5 | 796ba4fd011b5d0d9d78d592ba2f30fc9d5ed2e7 | 5 | 796ba4fd011b5d0d9d78d592ba2f30fc9d5ed2e7 |
| 6 | openssh_6.6p1.orig.tar.gz | 6 | openssh_6.6p1.orig.tar.gz |
| 7 | b850fd1af704942d9b3c2eff7ef6b3a59b6a6b6e | 7 | b850fd1af704942d9b3c2eff7ef6b3a59b6a6b6e |
diff --git a/debian/changelog b/debian/changelog index 7bc3c6046..eccc51410 100644 --- a/debian/changelog +++ b/debian/changelog | |||
| @@ -1,9 +1,10 @@ | |||
| 1 | openssh (1:6.5p1-7) UNRELEASED; urgency=medium | 1 | openssh (1:6.6p1-1) UNRELEASED; urgency=medium |
| 2 | 2 | ||
| 3 | * Apply various warning-suppression and regression-test fixes to | 3 | * Apply various warning-suppression and regression-test fixes to |
| 4 | gssapi.patch from Damien Miller. | 4 | gssapi.patch from Damien Miller. |
| 5 | * New upstream release (http://www.openssh.com/txt/release-6.6). | ||
| 5 | 6 | ||
| 6 | -- Colin Watson <cjwatson@debian.org> Wed, 19 Mar 2014 16:40:52 +0000 | 7 | -- Colin Watson <cjwatson@debian.org> Thu, 20 Mar 2014 00:32:46 +0000 |
| 7 | 8 | ||
| 8 | openssh (1:6.5p1-6) unstable; urgency=medium | 9 | openssh (1:6.5p1-6) unstable; urgency=medium |
| 9 | 10 | ||
diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch index 3de03e861..8d26d7b6f 100644 --- a/debian/patches/auth-log-verbosity.patch +++ b/debian/patches/auth-log-verbosity.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 72aaec921b802c4f1dd73cac0fb21f149e443fc5 Mon Sep 17 00:00:00 2001 | 1 | From 283322f493ee7dc75511f6cf9e9b88e536de0874 Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:10:02 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:02 +0000 |
| 4 | Subject: Quieten logs when multiple from= restrictions are used | 4 | Subject: Quieten logs when multiple from= restrictions are used |
| @@ -91,10 +91,10 @@ index 7455c94..a3f0a02 100644 | |||
| 91 | void auth_clear_options(void); | 91 | void auth_clear_options(void); |
| 92 | int auth_cert_options(Key *, struct passwd *); | 92 | int auth_cert_options(Key *, struct passwd *); |
| 93 | diff --git a/auth-rsa.c b/auth-rsa.c | 93 | diff --git a/auth-rsa.c b/auth-rsa.c |
| 94 | index 545aa49..4624c15 100644 | 94 | index 5dad6c3..260ce2f 100644 |
| 95 | --- a/auth-rsa.c | 95 | --- a/auth-rsa.c |
| 96 | +++ b/auth-rsa.c | 96 | +++ b/auth-rsa.c |
| 97 | @@ -174,6 +174,8 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file, | 97 | @@ -178,6 +178,8 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file, |
| 98 | if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL) | 98 | if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL) |
| 99 | return 0; | 99 | return 0; |
| 100 | 100 | ||
diff --git a/debian/patches/authorized-keys-man-symlink.patch b/debian/patches/authorized-keys-man-symlink.patch index 39e63e33b..74bfb46e6 100644 --- a/debian/patches/authorized-keys-man-symlink.patch +++ b/debian/patches/authorized-keys-man-symlink.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 6384f890f732a0967590e37ad402ace6505799ea Mon Sep 17 00:00:00 2001 | 1 | From 71448da5ce75ba50bcb10dbbd3b8c7633f633e8f Mon Sep 17 00:00:00 2001 |
| 2 | From: Tomas Pospisek <tpo_deb@sourcepole.ch> | 2 | From: Tomas Pospisek <tpo_deb@sourcepole.ch> |
| 3 | Date: Sun, 9 Feb 2014 16:10:07 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:07 +0000 |
| 4 | Subject: Install authorized_keys(5) as a symlink to sshd(8) | 4 | Subject: Install authorized_keys(5) as a symlink to sshd(8) |
| @@ -13,7 +13,7 @@ Patch-Name: authorized-keys-man-symlink.patch | |||
| 13 | 1 file changed, 1 insertion(+) | 13 | 1 file changed, 1 insertion(+) |
| 14 | 14 | ||
| 15 | diff --git a/Makefile.in b/Makefile.in | 15 | diff --git a/Makefile.in b/Makefile.in |
| 16 | index 598d55a..5cf8100 100644 | 16 | index 3d96c05..feee0b2 100644 |
| 17 | --- a/Makefile.in | 17 | --- a/Makefile.in |
| 18 | +++ b/Makefile.in | 18 | +++ b/Makefile.in |
| 19 | @@ -287,6 +287,7 @@ install-files: | 19 | @@ -287,6 +287,7 @@ install-files: |
diff --git a/debian/patches/consolekit.patch b/debian/patches/consolekit.patch index 7492daca8..e3ff4d7e4 100644 --- a/debian/patches/consolekit.patch +++ b/debian/patches/consolekit.patch | |||
| @@ -1,10 +1,10 @@ | |||
| 1 | From f4858fd1a10d1621e5e3ad5f2400dd17d156ced7 Mon Sep 17 00:00:00 2001 | 1 | From 7a26d16efb4ee303c8d66ee82caf9d0686f4a074 Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@ubuntu.com> | 2 | From: Colin Watson <cjwatson@ubuntu.com> |
| 3 | Date: Sun, 9 Feb 2014 16:09:57 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:57 +0000 |
| 4 | Subject: Add support for registering ConsoleKit sessions on login | 4 | Subject: Add support for registering ConsoleKit sessions on login |
| 5 | 5 | ||
| 6 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1450 | 6 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1450 |
| 7 | Last-Updated: 2013-09-14 | 7 | Last-Updated: 2014-03-20 |
| 8 | 8 | ||
| 9 | Patch-Name: consolekit.patch | 9 | Patch-Name: consolekit.patch |
| 10 | --- | 10 | --- |
| @@ -13,18 +13,18 @@ Patch-Name: consolekit.patch | |||
| 13 | configure.ac | 25 ++++++ | 13 | configure.ac | 25 ++++++ |
| 14 | consolekit.c | 240 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ | 14 | consolekit.c | 240 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++ |
| 15 | consolekit.h | 24 ++++++ | 15 | consolekit.h | 24 ++++++ |
| 16 | monitor.c | 43 +++++++++++ | 16 | monitor.c | 42 ++++++++++ |
| 17 | monitor.h | 2 + | 17 | monitor.h | 2 + |
| 18 | monitor_wrap.c | 31 ++++++++ | 18 | monitor_wrap.c | 30 ++++++++ |
| 19 | monitor_wrap.h | 4 + | 19 | monitor_wrap.h | 4 + |
| 20 | session.c | 13 ++++ | 20 | session.c | 13 ++++ |
| 21 | session.h | 6 ++ | 21 | session.h | 6 ++ |
| 22 | 11 files changed, 522 insertions(+), 1 deletion(-) | 22 | 11 files changed, 520 insertions(+), 1 deletion(-) |
| 23 | create mode 100644 consolekit.c | 23 | create mode 100644 consolekit.c |
| 24 | create mode 100644 consolekit.h | 24 | create mode 100644 consolekit.h |
| 25 | 25 | ||
| 26 | diff --git a/Makefile.in b/Makefile.in | 26 | diff --git a/Makefile.in b/Makefile.in |
| 27 | index 35c6fd6..598d55a 100644 | 27 | index ee1d2c3..3d96c05 100644 |
| 28 | --- a/Makefile.in | 28 | --- a/Makefile.in |
| 29 | +++ b/Makefile.in | 29 | +++ b/Makefile.in |
| 30 | @@ -97,7 +97,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ | 30 | @@ -97,7 +97,8 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ |
| @@ -38,7 +38,7 @@ index 35c6fd6..598d55a 100644 | |||
| 38 | MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out | 38 | MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out |
| 39 | MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 | 39 | MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5 |
| 40 | diff --git a/configure b/configure | 40 | diff --git a/configure b/configure |
| 41 | index 5a9db2d..57b68e2 100755 | 41 | index b6b5b6d..e2f12cd 100755 |
| 42 | --- a/configure | 42 | --- a/configure |
| 43 | +++ b/configure | 43 | +++ b/configure |
| 44 | @@ -740,6 +740,7 @@ with_privsep_user | 44 | @@ -740,6 +740,7 @@ with_privsep_user |
| @@ -57,7 +57,7 @@ index 5a9db2d..57b68e2 100755 | |||
| 57 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) | 57 | --with-privsep-path=xxx Path for privilege separation chroot (default=/var/empty) |
| 58 | --with-xauth=PATH Specify path to xauth program | 58 | --with-xauth=PATH Specify path to xauth program |
| 59 | --with-maildir=/path/to/mail Specify your system mail directory | 59 | --with-maildir=/path/to/mail Specify your system mail directory |
| 60 | @@ -17215,6 +17217,135 @@ fi | 60 | @@ -17217,6 +17219,135 @@ fi |
| 61 | 61 | ||
| 62 | 62 | ||
| 63 | 63 | ||
| @@ -193,7 +193,7 @@ index 5a9db2d..57b68e2 100755 | |||
| 193 | # Looking for programs, paths and files | 193 | # Looking for programs, paths and files |
| 194 | 194 | ||
| 195 | PRIVSEP_PATH=/var/empty | 195 | PRIVSEP_PATH=/var/empty |
| 196 | @@ -19744,6 +19875,7 @@ echo " MD5 password support: $MD5_MSG" | 196 | @@ -19746,6 +19877,7 @@ echo " MD5 password support: $MD5_MSG" |
| 197 | echo " libedit support: $LIBEDIT_MSG" | 197 | echo " libedit support: $LIBEDIT_MSG" |
| 198 | echo " Solaris process contract support: $SPC_MSG" | 198 | echo " Solaris process contract support: $SPC_MSG" |
| 199 | echo " Solaris project support: $SP_MSG" | 199 | echo " Solaris project support: $SP_MSG" |
| @@ -202,10 +202,10 @@ index 5a9db2d..57b68e2 100755 | |||
| 202 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" | 202 | echo " Translate v4 in v6 hack: $IPV4_IN6_HACK_MSG" |
| 203 | echo " BSD Auth support: $BSD_AUTH_MSG" | 203 | echo " BSD Auth support: $BSD_AUTH_MSG" |
| 204 | diff --git a/configure.ac b/configure.ac | 204 | diff --git a/configure.ac b/configure.ac |
| 205 | index 90eebf5..e2289cd 100644 | 205 | index d235fb0..8669271 100644 |
| 206 | --- a/configure.ac | 206 | --- a/configure.ac |
| 207 | +++ b/configure.ac | 207 | +++ b/configure.ac |
| 208 | @@ -4070,6 +4070,30 @@ AC_ARG_WITH([kerberos5], | 208 | @@ -4072,6 +4072,30 @@ AC_ARG_WITH([kerberos5], |
| 209 | AC_SUBST([GSSLIBS]) | 209 | AC_SUBST([GSSLIBS]) |
| 210 | AC_SUBST([K5LIBS]) | 210 | AC_SUBST([K5LIBS]) |
| 211 | 211 | ||
| @@ -236,7 +236,7 @@ index 90eebf5..e2289cd 100644 | |||
| 236 | # Looking for programs, paths and files | 236 | # Looking for programs, paths and files |
| 237 | 237 | ||
| 238 | PRIVSEP_PATH=/var/empty | 238 | PRIVSEP_PATH=/var/empty |
| 239 | @@ -4871,6 +4895,7 @@ echo " MD5 password support: $MD5_MSG" | 239 | @@ -4873,6 +4897,7 @@ echo " MD5 password support: $MD5_MSG" |
| 240 | echo " libedit support: $LIBEDIT_MSG" | 240 | echo " libedit support: $LIBEDIT_MSG" |
| 241 | echo " Solaris process contract support: $SPC_MSG" | 241 | echo " Solaris process contract support: $SPC_MSG" |
| 242 | echo " Solaris project support: $SP_MSG" | 242 | echo " Solaris project support: $SP_MSG" |
| @@ -521,11 +521,11 @@ index 0000000..8ce3716 | |||
| 521 | + | 521 | + |
| 522 | +#endif /* USE_CONSOLEKIT */ | 522 | +#endif /* USE_CONSOLEKIT */ |
| 523 | diff --git a/monitor.c b/monitor.c | 523 | diff --git a/monitor.c b/monitor.c |
| 524 | index 88f472e..8ffea4f 100644 | 524 | index 11eac63..7c105e6 100644 |
| 525 | --- a/monitor.c | 525 | --- a/monitor.c |
| 526 | +++ b/monitor.c | 526 | +++ b/monitor.c |
| 527 | @@ -98,6 +98,9 @@ | 527 | @@ -97,6 +97,9 @@ |
| 528 | #include "jpake.h" | 528 | #include "ssh2.h" |
| 529 | #include "roaming.h" | 529 | #include "roaming.h" |
| 530 | #include "authfd.h" | 530 | #include "authfd.h" |
| 531 | +#ifdef USE_CONSOLEKIT | 531 | +#ifdef USE_CONSOLEKIT |
| @@ -534,7 +534,7 @@ index 88f472e..8ffea4f 100644 | |||
| 534 | 534 | ||
| 535 | #ifdef GSSAPI | 535 | #ifdef GSSAPI |
| 536 | static Gssctxt *gsscontext = NULL; | 536 | static Gssctxt *gsscontext = NULL; |
| 537 | @@ -193,6 +196,10 @@ int mm_answer_audit_command(int, Buffer *); | 537 | @@ -187,6 +190,10 @@ int mm_answer_audit_command(int, Buffer *); |
| 538 | 538 | ||
| 539 | static int monitor_read_log(struct monitor *); | 539 | static int monitor_read_log(struct monitor *); |
| 540 | 540 | ||
| @@ -545,7 +545,7 @@ index 88f472e..8ffea4f 100644 | |||
| 545 | static Authctxt *authctxt; | 545 | static Authctxt *authctxt; |
| 546 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ | 546 | static BIGNUM *ssh1_challenge = NULL; /* used for ssh1 rsa auth */ |
| 547 | 547 | ||
| 548 | @@ -285,6 +292,9 @@ struct mon_table mon_dispatch_postauth20[] = { | 548 | @@ -272,6 +279,9 @@ struct mon_table mon_dispatch_postauth20[] = { |
| 549 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | 549 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, |
| 550 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, | 550 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT, mm_answer_audit_command}, |
| 551 | #endif | 551 | #endif |
| @@ -555,7 +555,7 @@ index 88f472e..8ffea4f 100644 | |||
| 555 | {0, 0, NULL} | 555 | {0, 0, NULL} |
| 556 | }; | 556 | }; |
| 557 | 557 | ||
| 558 | @@ -327,6 +337,9 @@ struct mon_table mon_dispatch_postauth15[] = { | 558 | @@ -314,6 +324,9 @@ struct mon_table mon_dispatch_postauth15[] = { |
| 559 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, | 559 | {MONITOR_REQ_AUDIT_EVENT, MON_PERMIT, mm_answer_audit_event}, |
| 560 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, | 560 | {MONITOR_REQ_AUDIT_COMMAND, MON_PERMIT|MON_ONCE, mm_answer_audit_command}, |
| 561 | #endif | 561 | #endif |
| @@ -565,7 +565,7 @@ index 88f472e..8ffea4f 100644 | |||
| 565 | {0, 0, NULL} | 565 | {0, 0, NULL} |
| 566 | }; | 566 | }; |
| 567 | 567 | ||
| 568 | @@ -514,6 +527,9 @@ monitor_child_postauth(struct monitor *pmonitor) | 568 | @@ -492,6 +505,9 @@ monitor_child_postauth(struct monitor *pmonitor) |
| 569 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); | 569 | monitor_permit(mon_dispatch, MONITOR_REQ_PTY, 1); |
| 570 | monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); | 570 | monitor_permit(mon_dispatch, MONITOR_REQ_PTYCLEANUP, 1); |
| 571 | } | 571 | } |
| @@ -575,11 +575,10 @@ index 88f472e..8ffea4f 100644 | |||
| 575 | 575 | ||
| 576 | for (;;) | 576 | for (;;) |
| 577 | monitor_read(pmonitor, mon_dispatch, NULL); | 577 | monitor_read(pmonitor, mon_dispatch, NULL); |
| 578 | @@ -2493,3 +2509,30 @@ mm_answer_jpake_check_confirm(int sock, Buffer *m) | 578 | @@ -2269,3 +2285,29 @@ mm_answer_gss_updatecreds(int socket, Buffer *m) { |
| 579 | } | 579 | |
| 580 | #endif /* GSSAPI */ | ||
| 580 | 581 | ||
| 581 | #endif /* JPAKE */ | ||
| 582 | + | ||
| 583 | +#ifdef USE_CONSOLEKIT | 582 | +#ifdef USE_CONSOLEKIT |
| 584 | +int | 583 | +int |
| 585 | +mm_answer_consolekit_register(int sock, Buffer *m) | 584 | +mm_answer_consolekit_register(int sock, Buffer *m) |
| @@ -607,10 +606,10 @@ index 88f472e..8ffea4f 100644 | |||
| 607 | +} | 606 | +} |
| 608 | +#endif /* USE_CONSOLEKIT */ | 607 | +#endif /* USE_CONSOLEKIT */ |
| 609 | diff --git a/monitor.h b/monitor.h | 608 | diff --git a/monitor.h b/monitor.h |
| 610 | index 3c13706..cd83428 100644 | 609 | index 4d5e8fa..10ba59e 100644 |
| 611 | --- a/monitor.h | 610 | --- a/monitor.h |
| 612 | +++ b/monitor.h | 611 | +++ b/monitor.h |
| 613 | @@ -75,6 +75,8 @@ enum monitor_reqtype { | 612 | @@ -70,6 +70,8 @@ enum monitor_reqtype { |
| 614 | 613 | ||
| 615 | MONITOR_REQ_AUTHROLE = 154, | 614 | MONITOR_REQ_AUTHROLE = 154, |
| 616 | 615 | ||
| @@ -620,14 +619,13 @@ index 3c13706..cd83428 100644 | |||
| 620 | 619 | ||
| 621 | struct mm_master; | 620 | struct mm_master; |
| 622 | diff --git a/monitor_wrap.c b/monitor_wrap.c | 621 | diff --git a/monitor_wrap.c b/monitor_wrap.c |
| 623 | index 69bc324..670b62d 100644 | 622 | index f75dc9d..a8fb07b 100644 |
| 624 | --- a/monitor_wrap.c | 623 | --- a/monitor_wrap.c |
| 625 | +++ b/monitor_wrap.c | 624 | +++ b/monitor_wrap.c |
| 626 | @@ -1516,3 +1516,34 @@ mm_jpake_check_confirm(const BIGNUM *k, | 625 | @@ -1353,3 +1353,33 @@ mm_ssh_gssapi_update_creds(ssh_gssapi_ccache *store) |
| 627 | return success; | 626 | |
| 628 | } | 627 | #endif /* GSSAPI */ |
| 629 | #endif /* JPAKE */ | 628 | |
| 630 | + | ||
| 631 | +#ifdef USE_CONSOLEKIT | 629 | +#ifdef USE_CONSOLEKIT |
| 632 | +char * | 630 | +char * |
| 633 | +mm_consolekit_register(Session *s, const char *display) | 631 | +mm_consolekit_register(Session *s, const char *display) |
| @@ -659,10 +657,10 @@ index 69bc324..670b62d 100644 | |||
| 659 | +} | 657 | +} |
| 660 | +#endif /* USE_CONSOLEKIT */ | 658 | +#endif /* USE_CONSOLEKIT */ |
| 661 | diff --git a/monitor_wrap.h b/monitor_wrap.h | 659 | diff --git a/monitor_wrap.h b/monitor_wrap.h |
| 662 | index 4d12e29..360fb9f 100644 | 660 | index 9c2ee49..00e93fe 100644 |
| 663 | --- a/monitor_wrap.h | 661 | --- a/monitor_wrap.h |
| 664 | +++ b/monitor_wrap.h | 662 | +++ b/monitor_wrap.h |
| 665 | @@ -131,4 +131,8 @@ void *mm_zalloc(struct mm_master *, u_int, u_int); | 663 | @@ -111,4 +111,8 @@ void *mm_zalloc(struct mm_master *, u_int, u_int); |
| 666 | void mm_zfree(struct mm_master *, void *); | 664 | void mm_zfree(struct mm_master *, void *); |
| 667 | void mm_init_compression(struct mm_master *); | 665 | void mm_init_compression(struct mm_master *); |
| 668 | 666 | ||
| @@ -672,7 +670,7 @@ index 4d12e29..360fb9f 100644 | |||
| 672 | + | 670 | + |
| 673 | #endif /* _MM_WRAP_H_ */ | 671 | #endif /* _MM_WRAP_H_ */ |
| 674 | diff --git a/session.c b/session.c | 672 | diff --git a/session.c b/session.c |
| 675 | index 5ddd82a..14df226 100644 | 673 | index 6848df4..9d43fc3 100644 |
| 676 | --- a/session.c | 674 | --- a/session.c |
| 677 | +++ b/session.c | 675 | +++ b/session.c |
| 678 | @@ -92,6 +92,7 @@ | 676 | @@ -92,6 +92,7 @@ |
| @@ -683,7 +681,7 @@ index 5ddd82a..14df226 100644 | |||
| 683 | 681 | ||
| 684 | #if defined(KRB5) && defined(USE_AFS) | 682 | #if defined(KRB5) && defined(USE_AFS) |
| 685 | #include <kafs.h> | 683 | #include <kafs.h> |
| 686 | @@ -1155,6 +1156,9 @@ do_setup_env(Session *s, const char *shell) | 684 | @@ -1160,6 +1161,9 @@ do_setup_env(Session *s, const char *shell) |
| 687 | #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) | 685 | #if !defined (HAVE_LOGIN_CAP) && !defined (HAVE_CYGWIN) |
| 688 | char *path = NULL; | 686 | char *path = NULL; |
| 689 | #endif | 687 | #endif |
| @@ -693,7 +691,7 @@ index 5ddd82a..14df226 100644 | |||
| 693 | 691 | ||
| 694 | /* Initialize the environment. */ | 692 | /* Initialize the environment. */ |
| 695 | envsize = 100; | 693 | envsize = 100; |
| 696 | @@ -1299,6 +1303,11 @@ do_setup_env(Session *s, const char *shell) | 694 | @@ -1304,6 +1308,11 @@ do_setup_env(Session *s, const char *shell) |
| 697 | child_set_env(&env, &envsize, "KRB5CCNAME", | 695 | child_set_env(&env, &envsize, "KRB5CCNAME", |
| 698 | s->authctxt->krb5_ccname); | 696 | s->authctxt->krb5_ccname); |
| 699 | #endif | 697 | #endif |
| @@ -705,7 +703,7 @@ index 5ddd82a..14df226 100644 | |||
| 705 | #ifdef USE_PAM | 703 | #ifdef USE_PAM |
| 706 | /* | 704 | /* |
| 707 | * Pull in any environment variables that may have | 705 | * Pull in any environment variables that may have |
| 708 | @@ -2348,6 +2357,10 @@ session_pty_cleanup2(Session *s) | 706 | @@ -2353,6 +2362,10 @@ session_pty_cleanup2(Session *s) |
| 709 | 707 | ||
| 710 | debug("session_pty_cleanup: session %d release %s", s->self, s->tty); | 708 | debug("session_pty_cleanup: session %d release %s", s->self, s->tty); |
| 711 | 709 | ||
diff --git a/debian/patches/debian-banner.patch b/debian/patches/debian-banner.patch index 39cab81e7..49219cf93 100644 --- a/debian/patches/debian-banner.patch +++ b/debian/patches/debian-banner.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 75e44c43679e8b888b7ef55ce7abe432eb57ef1c Mon Sep 17 00:00:00 2001 | 1 | From 9fcad888f4dbf0ecc0c7e87b6ef0f8d88d7ac3ec Mon Sep 17 00:00:00 2001 |
| 2 | From: Kees Cook <kees@debian.org> | 2 | From: Kees Cook <kees@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:10:06 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:06 +0000 |
| 4 | Subject: Add DebianBanner server configuration option | 4 | Subject: Add DebianBanner server configuration option |
| @@ -19,10 +19,10 @@ Patch-Name: debian-banner.patch | |||
| 19 | 4 files changed, 18 insertions(+), 1 deletion(-) | 19 | 4 files changed, 18 insertions(+), 1 deletion(-) |
| 20 | 20 | ||
| 21 | diff --git a/servconf.c b/servconf.c | 21 | diff --git a/servconf.c b/servconf.c |
| 22 | index 65f71ad..63ff4ff 100644 | 22 | index 90de888..37fd2de 100644 |
| 23 | --- a/servconf.c | 23 | --- a/servconf.c |
| 24 | +++ b/servconf.c | 24 | +++ b/servconf.c |
| 25 | @@ -157,6 +157,7 @@ initialize_server_options(ServerOptions *options) | 25 | @@ -156,6 +156,7 @@ initialize_server_options(ServerOptions *options) |
| 26 | options->ip_qos_interactive = -1; | 26 | options->ip_qos_interactive = -1; |
| 27 | options->ip_qos_bulk = -1; | 27 | options->ip_qos_bulk = -1; |
| 28 | options->version_addendum = NULL; | 28 | options->version_addendum = NULL; |
| @@ -30,7 +30,7 @@ index 65f71ad..63ff4ff 100644 | |||
| 30 | } | 30 | } |
| 31 | 31 | ||
| 32 | void | 32 | void |
| 33 | @@ -312,6 +313,8 @@ fill_default_server_options(ServerOptions *options) | 33 | @@ -309,6 +310,8 @@ fill_default_server_options(ServerOptions *options) |
| 34 | options->ip_qos_bulk = IPTOS_THROUGHPUT; | 34 | options->ip_qos_bulk = IPTOS_THROUGHPUT; |
| 35 | if (options->version_addendum == NULL) | 35 | if (options->version_addendum == NULL) |
| 36 | options->version_addendum = xstrdup(""); | 36 | options->version_addendum = xstrdup(""); |
| @@ -39,7 +39,7 @@ index 65f71ad..63ff4ff 100644 | |||
| 39 | /* Turn privilege separation on by default */ | 39 | /* Turn privilege separation on by default */ |
| 40 | if (use_privsep == -1) | 40 | if (use_privsep == -1) |
| 41 | use_privsep = PRIVSEP_NOSANDBOX; | 41 | use_privsep = PRIVSEP_NOSANDBOX; |
| 42 | @@ -362,6 +365,7 @@ typedef enum { | 42 | @@ -359,6 +362,7 @@ typedef enum { |
| 43 | sKexAlgorithms, sIPQoS, sVersionAddendum, | 43 | sKexAlgorithms, sIPQoS, sVersionAddendum, |
| 44 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, | 44 | sAuthorizedKeysCommand, sAuthorizedKeysCommandUser, |
| 45 | sAuthenticationMethods, sHostKeyAgent, | 45 | sAuthenticationMethods, sHostKeyAgent, |
| @@ -47,7 +47,7 @@ index 65f71ad..63ff4ff 100644 | |||
| 47 | sDeprecated, sUnsupported | 47 | sDeprecated, sUnsupported |
| 48 | } ServerOpCodes; | 48 | } ServerOpCodes; |
| 49 | 49 | ||
| 50 | @@ -504,6 +508,7 @@ static struct { | 50 | @@ -496,6 +500,7 @@ static struct { |
| 51 | { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, | 51 | { "authorizedkeyscommanduser", sAuthorizedKeysCommandUser, SSHCFG_ALL }, |
| 52 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, | 52 | { "versionaddendum", sVersionAddendum, SSHCFG_GLOBAL }, |
| 53 | { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, | 53 | { "authenticationmethods", sAuthenticationMethods, SSHCFG_ALL }, |
| @@ -55,7 +55,7 @@ index 65f71ad..63ff4ff 100644 | |||
| 55 | { NULL, sBadOption, 0 } | 55 | { NULL, sBadOption, 0 } |
| 56 | }; | 56 | }; |
| 57 | 57 | ||
| 58 | @@ -1666,6 +1671,10 @@ process_server_config_line(ServerOptions *options, char *line, | 58 | @@ -1654,6 +1659,10 @@ process_server_config_line(ServerOptions *options, char *line, |
| 59 | } | 59 | } |
| 60 | return 0; | 60 | return 0; |
| 61 | 61 | ||
| @@ -67,10 +67,10 @@ index 65f71ad..63ff4ff 100644 | |||
| 67 | logit("%s line %d: Deprecated option %s", | 67 | logit("%s line %d: Deprecated option %s", |
| 68 | filename, linenum, arg); | 68 | filename, linenum, arg); |
| 69 | diff --git a/servconf.h b/servconf.h | 69 | diff --git a/servconf.h b/servconf.h |
| 70 | index eba76ee..98d68ce 100644 | 70 | index c922eb5..dcd1c2a 100644 |
| 71 | --- a/servconf.h | 71 | --- a/servconf.h |
| 72 | +++ b/servconf.h | 72 | +++ b/servconf.h |
| 73 | @@ -188,6 +188,8 @@ typedef struct { | 73 | @@ -186,6 +186,8 @@ typedef struct { |
| 74 | 74 | ||
| 75 | u_int num_auth_methods; | 75 | u_int num_auth_methods; |
| 76 | char *auth_methods[MAX_AUTH_METHODS]; | 76 | char *auth_methods[MAX_AUTH_METHODS]; |
| @@ -80,7 +80,7 @@ index eba76ee..98d68ce 100644 | |||
| 80 | 80 | ||
| 81 | /* Information about the incoming connection as used by Match */ | 81 | /* Information about the incoming connection as used by Match */ |
| 82 | diff --git a/sshd.c b/sshd.c | 82 | diff --git a/sshd.c b/sshd.c |
| 83 | index 82168a1..c49a877 100644 | 83 | index af9b8f1..665c0b9 100644 |
| 84 | --- a/sshd.c | 84 | --- a/sshd.c |
| 85 | +++ b/sshd.c | 85 | +++ b/sshd.c |
| 86 | @@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out) | 86 | @@ -440,7 +440,8 @@ sshd_exchange_identification(int sock_in, int sock_out) |
| @@ -94,7 +94,7 @@ index 82168a1..c49a877 100644 | |||
| 94 | options.version_addendum, newline); | 94 | options.version_addendum, newline); |
| 95 | 95 | ||
| 96 | diff --git a/sshd_config.5 b/sshd_config.5 | 96 | diff --git a/sshd_config.5 b/sshd_config.5 |
| 97 | index 39643de..bdca797 100644 | 97 | index 2164d58..8f078f6 100644 |
| 98 | --- a/sshd_config.5 | 98 | --- a/sshd_config.5 |
| 99 | +++ b/sshd_config.5 | 99 | +++ b/sshd_config.5 |
| 100 | @@ -413,6 +413,11 @@ or | 100 | @@ -413,6 +413,11 @@ or |
diff --git a/debian/patches/debian-config.patch b/debian/patches/debian-config.patch index 77be015fa..9bb0c6520 100644 --- a/debian/patches/debian-config.patch +++ b/debian/patches/debian-config.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 54a7935863c3e6b3f08f620b3bd75571bb90470c Mon Sep 17 00:00:00 2001 | 1 | From 9cbb60f5e4932634db04c330c88abc49cc5567bd Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:10:18 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:18 +0000 |
| 4 | Subject: Various Debian-specific configuration changes | 4 | Subject: Various Debian-specific configuration changes |
| @@ -34,10 +34,10 @@ Patch-Name: debian-config.patch | |||
| 34 | 5 files changed, 51 insertions(+), 3 deletions(-) | 34 | 5 files changed, 51 insertions(+), 3 deletions(-) |
| 35 | 35 | ||
| 36 | diff --git a/readconf.c b/readconf.c | 36 | diff --git a/readconf.c b/readconf.c |
| 37 | index 273552d..6ac8bea 100644 | 37 | index 32c4b42..5429fc2 100644 |
| 38 | --- a/readconf.c | 38 | --- a/readconf.c |
| 39 | +++ b/readconf.c | 39 | +++ b/readconf.c |
| 40 | @@ -1618,7 +1618,7 @@ fill_default_options(Options * options) | 40 | @@ -1640,7 +1640,7 @@ fill_default_options(Options * options) |
| 41 | if (options->forward_x11 == -1) | 41 | if (options->forward_x11 == -1) |
| 42 | options->forward_x11 = 0; | 42 | options->forward_x11 = 0; |
| 43 | if (options->forward_x11_trusted == -1) | 43 | if (options->forward_x11_trusted == -1) |
| @@ -71,7 +71,7 @@ index 228e5ab..c9386aa 100644 | |||
| 71 | + GSSAPIAuthentication yes | 71 | + GSSAPIAuthentication yes |
| 72 | + GSSAPIDelegateCredentials no | 72 | + GSSAPIDelegateCredentials no |
| 73 | diff --git a/ssh_config.5 b/ssh_config.5 | 73 | diff --git a/ssh_config.5 b/ssh_config.5 |
| 74 | index 85f306c..cc91a5c 100644 | 74 | index 1d500e9..22e6372 100644 |
| 75 | --- a/ssh_config.5 | 75 | --- a/ssh_config.5 |
| 76 | +++ b/ssh_config.5 | 76 | +++ b/ssh_config.5 |
| 77 | @@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more | 77 | @@ -71,6 +71,22 @@ Since the first obtained value for each parameter is used, more |
| @@ -97,7 +97,7 @@ index 85f306c..cc91a5c 100644 | |||
| 97 | The configuration file has the following format: | 97 | The configuration file has the following format: |
| 98 | .Pp | 98 | .Pp |
| 99 | Empty lines and lines starting with | 99 | Empty lines and lines starting with |
| 100 | @@ -648,7 +664,8 @@ token used for the session will be set to expire after 20 minutes. | 100 | @@ -654,7 +670,8 @@ token used for the session will be set to expire after 20 minutes. |
| 101 | Remote clients will be refused access after this time. | 101 | Remote clients will be refused access after this time. |
| 102 | .Pp | 102 | .Pp |
| 103 | The default is | 103 | The default is |
| @@ -120,7 +120,7 @@ index d9b8594..4db32f5 100644 | |||
| 120 | #StrictModes yes | 120 | #StrictModes yes |
| 121 | #MaxAuthTries 6 | 121 | #MaxAuthTries 6 |
| 122 | diff --git a/sshd_config.5 b/sshd_config.5 | 122 | diff --git a/sshd_config.5 b/sshd_config.5 |
| 123 | index 9fa6086..496530b 100644 | 123 | index 908e0bb..90fd3f4 100644 |
| 124 | --- a/sshd_config.5 | 124 | --- a/sshd_config.5 |
| 125 | +++ b/sshd_config.5 | 125 | +++ b/sshd_config.5 |
| 126 | @@ -57,6 +57,31 @@ Arguments may optionally be enclosed in double quotes | 126 | @@ -57,6 +57,31 @@ Arguments may optionally be enclosed in double quotes |
diff --git a/debian/patches/dnssec-sshfp.patch b/debian/patches/dnssec-sshfp.patch index 3d33a91f9..bc89c50fc 100644 --- a/debian/patches/dnssec-sshfp.patch +++ b/debian/patches/dnssec-sshfp.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 231608bce9f439366bc2d2c7537f48920f3dd852 Mon Sep 17 00:00:00 2001 | 1 | From 912129ba92bea401d8cdeadc7aa7084fbf7625a1 Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:10:01 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:01 +0000 |
| 4 | Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf | 4 | Subject: Force use of DNSSEC even if "options edns0" isn't in resolv.conf |
diff --git a/debian/patches/doc-hash-tab-completion.patch b/debian/patches/doc-hash-tab-completion.patch index df957fca2..16c40b05f 100644 --- a/debian/patches/doc-hash-tab-completion.patch +++ b/debian/patches/doc-hash-tab-completion.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 465d1a333520edbd2f0fac77c76e06bdd1d94cb9 Mon Sep 17 00:00:00 2001 | 1 | From 1d108ef62050b4368e24e1efada16ec88c177fb8 Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:10:11 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:11 +0000 |
| 4 | Subject: Document that HashKnownHosts may break tab-completion | 4 | Subject: Document that HashKnownHosts may break tab-completion |
| @@ -13,10 +13,10 @@ Patch-Name: doc-hash-tab-completion.patch | |||
| 13 | 1 file changed, 3 insertions(+) | 13 | 1 file changed, 3 insertions(+) |
| 14 | 14 | ||
| 15 | diff --git a/ssh_config.5 b/ssh_config.5 | 15 | diff --git a/ssh_config.5 b/ssh_config.5 |
| 16 | index 3c6b9d4..85f306c 100644 | 16 | index 4bf7cbb..1d500e9 100644 |
| 17 | --- a/ssh_config.5 | 17 | --- a/ssh_config.5 |
| 18 | +++ b/ssh_config.5 | 18 | +++ b/ssh_config.5 |
| 19 | @@ -734,6 +734,9 @@ Note that existing names and addresses in known hosts files | 19 | @@ -740,6 +740,9 @@ Note that existing names and addresses in known hosts files |
| 20 | will not be converted automatically, | 20 | will not be converted automatically, |
| 21 | but may be manually hashed using | 21 | but may be manually hashed using |
| 22 | .Xr ssh-keygen 1 . | 22 | .Xr ssh-keygen 1 . |
diff --git a/debian/patches/doc-upstart.patch b/debian/patches/doc-upstart.patch index a09ac77e4..da8fc7ed4 100644 --- a/debian/patches/doc-upstart.patch +++ b/debian/patches/doc-upstart.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From faf2466c7933f1c4225c8a8ceb503e24e4228ab9 Mon Sep 17 00:00:00 2001 | 1 | From 111de26347496af3f6ed04849fd29bc4bf1c2cea Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@ubuntu.com> | 2 | From: Colin Watson <cjwatson@ubuntu.com> |
| 3 | Date: Sun, 9 Feb 2014 16:10:12 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:12 +0000 |
| 4 | Subject: Refer to ssh's Upstart job as well as its init script | 4 | Subject: Refer to ssh's Upstart job as well as its init script |
diff --git a/debian/patches/fix-case-sensitive-matching.patch b/debian/patches/fix-case-sensitive-matching.patch deleted file mode 100644 index c721b5a0a..000000000 --- a/debian/patches/fix-case-sensitive-matching.patch +++ /dev/null | |||
| @@ -1,41 +0,0 @@ | |||
| 1 | From efb58a7258484c31c702f9093b7a726da9eab682 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Damien Miller <djm@mindrot.org> | ||
| 3 | Date: Tue, 4 Feb 2014 11:26:04 +1100 | ||
| 4 | Subject: Unbreak case-sensitive matching of ssh_config | ||
| 5 | |||
| 6 | - djm@cvs.openbsd.org 2014/02/04 00:24:29 | ||
| 7 | [ssh.c] | ||
| 8 | delay lowercasing of hostname until right before hostname | ||
| 9 | canonicalisation to unbreak case-sensitive matching of ssh_config; | ||
| 10 | reported by Ike Devolder; ok markus@ | ||
| 11 | |||
| 12 | Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=d56b44d2dfa093883a5c4e91be3f72d99946b170 | ||
| 13 | Bug-Debian: http://bugs.debian.org/738619 | ||
| 14 | Forwarded: not-needed | ||
| 15 | Last-Update: 2014-02-11 | ||
| 16 | |||
| 17 | Patch-Name: fix-case-sensitive-matching.patch | ||
| 18 | --- | ||
| 19 | ssh.c | 2 +- | ||
| 20 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 21 | |||
| 22 | diff --git a/ssh.c b/ssh.c | ||
| 23 | index 0cea713..5d5d4de 100644 | ||
| 24 | --- a/ssh.c | ||
| 25 | +++ b/ssh.c | ||
| 26 | @@ -780,7 +780,6 @@ main(int ac, char **av) | ||
| 27 | if (!host) | ||
| 28 | usage(); | ||
| 29 | |||
| 30 | - lowercase(host); | ||
| 31 | host_arg = xstrdup(host); | ||
| 32 | |||
| 33 | OpenSSL_add_all_algorithms(); | ||
| 34 | @@ -914,6 +913,7 @@ main(int ac, char **av) | ||
| 35 | } | ||
| 36 | |||
| 37 | /* If canonicalization requested then try to apply it */ | ||
| 38 | + lowercase(host); | ||
| 39 | if (options.canonicalize_hostname != SSH_CANONICALISE_NO) | ||
| 40 | addrs = resolve_canonicalize(&host, options.port); | ||
| 41 | /* | ||
diff --git a/debian/patches/getsockname-error.patch b/debian/patches/getsockname-error.patch deleted file mode 100644 index 300151cab..000000000 --- a/debian/patches/getsockname-error.patch +++ /dev/null | |||
| @@ -1,27 +0,0 @@ | |||
| 1 | From 6dbd954a28d3fc2631f1c0b42c23452e1e493e6f Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Damien Miller <djm@mindrot.org> | ||
| 3 | Date: Sat, 15 Feb 2014 02:08:20 +0000 | ||
| 4 | Subject: Skip get_sock_port call for c->sock==-1 | ||
| 5 | |||
| 6 | Origin: upstream, https://bugzilla.mindrot.org/show_bug.cgi?id=2200 | ||
| 7 | Bug-Debian: http://bugs.debian.org/738693 | ||
| 8 | Last-Update: 2014-02-15 | ||
| 9 | |||
| 10 | Patch-Name: getsockname-error.patch | ||
| 11 | --- | ||
| 12 | channels.c | 2 +- | ||
| 13 | 1 file changed, 1 insertion(+), 1 deletion(-) | ||
| 14 | |||
| 15 | diff --git a/channels.c b/channels.c | ||
| 16 | index e741f29..8e66265 100644 | ||
| 17 | --- a/channels.c | ||
| 18 | +++ b/channels.c | ||
| 19 | @@ -1386,7 +1386,7 @@ port_open_helper(Channel *c, char *rtype) | ||
| 20 | int direct; | ||
| 21 | char buf[1024]; | ||
| 22 | char *local_ipaddr = get_local_ipaddr(c->sock); | ||
| 23 | - int local_port = get_sock_port(c->sock, 1); | ||
| 24 | + int local_port = c->sock == -1 ? 65536 : get_sock_port(c->sock, 1); | ||
| 25 | char *remote_ipaddr = get_peer_ipaddr(c->sock); | ||
| 26 | int remote_port = get_peer_port(c->sock); | ||
| 27 | |||
diff --git a/debian/patches/gnome-ssh-askpass2-icon.patch b/debian/patches/gnome-ssh-askpass2-icon.patch index 951284cf5..dab518f65 100644 --- a/debian/patches/gnome-ssh-askpass2-icon.patch +++ b/debian/patches/gnome-ssh-askpass2-icon.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From fd8d46990dfe572955a6eda524fcbf9e9efefa75 Mon Sep 17 00:00:00 2001 | 1 | From b7df8fdb32f3d33b70ff8733cb0c39417e367534 Mon Sep 17 00:00:00 2001 |
| 2 | From: Vincent Untz <vuntz@ubuntu.com> | 2 | From: Vincent Untz <vuntz@ubuntu.com> |
| 3 | Date: Sun, 9 Feb 2014 16:10:16 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:16 +0000 |
| 4 | Subject: Give the ssh-askpass-gnome window a default icon | 4 | Subject: Give the ssh-askpass-gnome window a default icon |
diff --git a/debian/patches/gssapi.patch b/debian/patches/gssapi.patch index 90a21db99..d8439bf03 100644 --- a/debian/patches/gssapi.patch +++ b/debian/patches/gssapi.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 429c595dbaff7f7c2b3a53fe4235211f6d788025 Mon Sep 17 00:00:00 2001 | 1 | From 9dfcd1a0e691c1cad34b168e27b3ed31ab6986cd Mon Sep 17 00:00:00 2001 |
| 2 | From: Simon Wilkinson <simon@sxw.org.uk> | 2 | From: Simon Wilkinson <simon@sxw.org.uk> |
| 3 | Date: Sun, 9 Feb 2014 16:09:48 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:48 +0000 |
| 4 | Subject: GSSAPI key exchange support | 4 | Subject: GSSAPI key exchange support |
| @@ -179,7 +179,7 @@ index 0000000..f117a33 | |||
| 179 | + (from jbasney AT ncsa.uiuc.edu) | 179 | + (from jbasney AT ncsa.uiuc.edu) |
| 180 | + <gssapi-with-mic support is Bugzilla #1008> | 180 | + <gssapi-with-mic support is Bugzilla #1008> |
| 181 | diff --git a/Makefile.in b/Makefile.in | 181 | diff --git a/Makefile.in b/Makefile.in |
| 182 | index a8aa127..35c6fd6 100644 | 182 | index 28a8ec4..ee1d2c3 100644 |
| 183 | --- a/Makefile.in | 183 | --- a/Makefile.in |
| 184 | +++ b/Makefile.in | 184 | +++ b/Makefile.in |
| 185 | @@ -72,6 +72,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \ | 185 | @@ -72,6 +72,7 @@ LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \ |
| @@ -188,10 +188,10 @@ index a8aa127..35c6fd6 100644 | |||
| 188 | kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ | 188 | kexdh.o kexgex.o kexdhc.o kexgexc.o bufec.o kexecdh.o kexecdhc.o \ |
| 189 | + kexgssc.o \ | 189 | + kexgssc.o \ |
| 190 | msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ | 190 | msg.o progressmeter.o dns.o entropy.o gss-genr.o umac.o umac128.o \ |
| 191 | jpake.o schnorr.o ssh-pkcs11.o krl.o smult_curve25519_ref.o \ | 191 | ssh-pkcs11.o krl.o smult_curve25519_ref.o \ |
| 192 | kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \ | 192 | kexc25519.o kexc25519c.o poly1305.o chacha.o cipher-chachapoly.o \ |
| 193 | @@ -91,7 +92,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ | 193 | @@ -91,7 +92,7 @@ SSHDOBJS=sshd.o auth-rhosts.o auth-passwd.o auth-rsa.o auth-rh-rsa.o \ |
| 194 | auth2-none.o auth2-passwd.o auth2-pubkey.o auth2-jpake.o \ | 194 | auth2-none.o auth2-passwd.o auth2-pubkey.o \ |
| 195 | monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \ | 195 | monitor_mm.o monitor.o monitor_wrap.o kexdhs.o kexgexs.o kexecdhs.o \ |
| 196 | kexc25519s.o auth-krb5.o \ | 196 | kexc25519s.o auth-krb5.o \ |
| 197 | - auth2-gss.o gss-serv.o gss-serv-krb5.o \ | 197 | - auth2-gss.o gss-serv.o gss-serv-krb5.o \ |
| @@ -251,11 +251,11 @@ index 6c62bdf..69a1a53 100644 | |||
| 251 | return (krb5_cc_resolve(ctx, ccname, ccache)); | 251 | return (krb5_cc_resolve(ctx, ccname, ccache)); |
| 252 | } | 252 | } |
| 253 | diff --git a/auth2-gss.c b/auth2-gss.c | 253 | diff --git a/auth2-gss.c b/auth2-gss.c |
| 254 | index 638d8f8..b8db820 100644 | 254 | index c28a705..3ff2d72 100644 |
| 255 | --- a/auth2-gss.c | 255 | --- a/auth2-gss.c |
| 256 | +++ b/auth2-gss.c | 256 | +++ b/auth2-gss.c |
| 257 | @@ -1,7 +1,7 @@ | 257 | @@ -1,7 +1,7 @@ |
| 258 | /* $OpenBSD: auth2-gss.c,v 1.20 2013/05/17 00:13:13 djm Exp $ */ | 258 | /* $OpenBSD: auth2-gss.c,v 1.21 2014/02/26 20:28:44 djm Exp $ */ |
| 259 | 259 | ||
| 260 | /* | 260 | /* |
| 261 | - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 261 | - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
| @@ -304,7 +304,7 @@ index 638d8f8..b8db820 100644 | |||
| 304 | /* | 304 | /* |
| 305 | * We only support those mechanisms that we know about (ie ones that we know | 305 | * We only support those mechanisms that we know about (ie ones that we know |
| 306 | * how to check local user kuserok and the like) | 306 | * how to check local user kuserok and the like) |
| 307 | @@ -240,7 +274,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) | 307 | @@ -235,7 +269,8 @@ input_gssapi_exchange_complete(int type, u_int32_t plen, void *ctxt) |
| 308 | 308 | ||
| 309 | packet_check_eom(); | 309 | packet_check_eom(); |
| 310 | 310 | ||
| @@ -314,7 +314,7 @@ index 638d8f8..b8db820 100644 | |||
| 314 | 314 | ||
| 315 | authctxt->postponed = 0; | 315 | authctxt->postponed = 0; |
| 316 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); | 316 | dispatch_set(SSH2_MSG_USERAUTH_GSSAPI_TOKEN, NULL); |
| 317 | @@ -275,7 +310,8 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) | 317 | @@ -270,7 +305,8 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) |
| 318 | gssbuf.length = buffer_len(&b); | 318 | gssbuf.length = buffer_len(&b); |
| 319 | 319 | ||
| 320 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) | 320 | if (!GSS_ERROR(PRIVSEP(ssh_gssapi_checkmic(gssctxt, &gssbuf, &mic)))) |
| @@ -324,7 +324,7 @@ index 638d8f8..b8db820 100644 | |||
| 324 | else | 324 | else |
| 325 | logit("GSSAPI MIC check failed"); | 325 | logit("GSSAPI MIC check failed"); |
| 326 | 326 | ||
| 327 | @@ -290,6 +326,12 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) | 327 | @@ -285,6 +321,12 @@ input_gssapi_mic(int type, u_int32_t plen, void *ctxt) |
| 328 | userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL); | 328 | userauth_finish(authctxt, authenticated, "gssapi-with-mic", NULL); |
| 329 | } | 329 | } |
| 330 | 330 | ||
| @@ -338,7 +338,7 @@ index 638d8f8..b8db820 100644 | |||
| 338 | "gssapi-with-mic", | 338 | "gssapi-with-mic", |
| 339 | userauth_gssapi, | 339 | userauth_gssapi, |
| 340 | diff --git a/auth2.c b/auth2.c | 340 | diff --git a/auth2.c b/auth2.c |
| 341 | index f0cab8c..6ed8f04 100644 | 341 | index a5490c0..fbe3e1b 100644 |
| 342 | --- a/auth2.c | 342 | --- a/auth2.c |
| 343 | +++ b/auth2.c | 343 | +++ b/auth2.c |
| 344 | @@ -69,6 +69,7 @@ extern Authmethod method_passwd; | 344 | @@ -69,6 +69,7 @@ extern Authmethod method_passwd; |
| @@ -348,17 +348,17 @@ index f0cab8c..6ed8f04 100644 | |||
| 348 | +extern Authmethod method_gsskeyex; | 348 | +extern Authmethod method_gsskeyex; |
| 349 | extern Authmethod method_gssapi; | 349 | extern Authmethod method_gssapi; |
| 350 | #endif | 350 | #endif |
| 351 | #ifdef JPAKE | 351 | |
| 352 | @@ -79,6 +80,7 @@ Authmethod *authmethods[] = { | 352 | @@ -76,6 +77,7 @@ Authmethod *authmethods[] = { |
| 353 | &method_none, | 353 | &method_none, |
| 354 | &method_pubkey, | 354 | &method_pubkey, |
| 355 | #ifdef GSSAPI | 355 | #ifdef GSSAPI |
| 356 | + &method_gsskeyex, | 356 | + &method_gsskeyex, |
| 357 | &method_gssapi, | 357 | &method_gssapi, |
| 358 | #endif | 358 | #endif |
| 359 | #ifdef JPAKE | 359 | &method_passwd, |
| 360 | diff --git a/clientloop.c b/clientloop.c | 360 | diff --git a/clientloop.c b/clientloop.c |
| 361 | index f30c8b6..cc23e35 100644 | 361 | index 59ad3a2..6d8cd7d 100644 |
| 362 | --- a/clientloop.c | 362 | --- a/clientloop.c |
| 363 | +++ b/clientloop.c | 363 | +++ b/clientloop.c |
| 364 | @@ -111,6 +111,10 @@ | 364 | @@ -111,6 +111,10 @@ |
| @@ -389,10 +389,10 @@ index f30c8b6..cc23e35 100644 | |||
| 389 | debug("need rekeying"); | 389 | debug("need rekeying"); |
| 390 | xxx_kex->done = 0; | 390 | xxx_kex->done = 0; |
| 391 | diff --git a/config.h.in b/config.h.in | 391 | diff --git a/config.h.in b/config.h.in |
| 392 | index 075c619..906e549 100644 | 392 | index 0401ad1..6bc422c 100644 |
| 393 | --- a/config.h.in | 393 | --- a/config.h.in |
| 394 | +++ b/config.h.in | 394 | +++ b/config.h.in |
| 395 | @@ -1616,6 +1616,9 @@ | 395 | @@ -1622,6 +1622,9 @@ |
| 396 | /* Use btmp to log bad logins */ | 396 | /* Use btmp to log bad logins */ |
| 397 | #undef USE_BTMP | 397 | #undef USE_BTMP |
| 398 | 398 | ||
| @@ -402,7 +402,7 @@ index 075c619..906e549 100644 | |||
| 402 | /* Use libedit for sftp */ | 402 | /* Use libedit for sftp */ |
| 403 | #undef USE_LIBEDIT | 403 | #undef USE_LIBEDIT |
| 404 | 404 | ||
| 405 | @@ -1631,6 +1634,9 @@ | 405 | @@ -1637,6 +1640,9 @@ |
| 406 | /* Use PIPES instead of a socketpair() */ | 406 | /* Use PIPES instead of a socketpair() */ |
| 407 | #undef USE_PIPES | 407 | #undef USE_PIPES |
| 408 | 408 | ||
| @@ -413,7 +413,7 @@ index 075c619..906e549 100644 | |||
| 413 | #undef USE_SOLARIS_PROCESS_CONTRACTS | 413 | #undef USE_SOLARIS_PROCESS_CONTRACTS |
| 414 | 414 | ||
| 415 | diff --git a/configure b/configure | 415 | diff --git a/configure b/configure |
| 416 | index 2d714ac..5a9db2d 100755 | 416 | index d690393..b6b5b6d 100755 |
| 417 | --- a/configure | 417 | --- a/configure |
| 418 | +++ b/configure | 418 | +++ b/configure |
| 419 | @@ -7170,6 +7170,63 @@ $as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h | 419 | @@ -7170,6 +7170,63 @@ $as_echo "#define SSH_TUN_COMPAT_AF 1" >>confdefs.h |
| @@ -481,7 +481,7 @@ index 2d714ac..5a9db2d 100755 | |||
| 481 | ac_fn_c_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default" | 481 | ac_fn_c_check_decl "$LINENO" "AU_IPv4" "ac_cv_have_decl_AU_IPv4" "$ac_includes_default" |
| 482 | if test "x$ac_cv_have_decl_AU_IPv4" = xyes; then : | 482 | if test "x$ac_cv_have_decl_AU_IPv4" = xyes; then : |
| 483 | diff --git a/configure.ac b/configure.ac | 483 | diff --git a/configure.ac b/configure.ac |
| 484 | index dfd32cd..90eebf5 100644 | 484 | index 7c6ce08..d235fb0 100644 |
| 485 | --- a/configure.ac | 485 | --- a/configure.ac |
| 486 | +++ b/configure.ac | 486 | +++ b/configure.ac |
| 487 | @@ -584,6 +584,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) | 487 | @@ -584,6 +584,30 @@ main() { if (NSVersionOfRunTimeLibrary("System") >= (60 << 16)) |
| @@ -992,11 +992,11 @@ index 759fa10..e678a27 100644 | |||
| 992 | 992 | ||
| 993 | #endif /* KRB5 */ | 993 | #endif /* KRB5 */ |
| 994 | diff --git a/gss-serv.c b/gss-serv.c | 994 | diff --git a/gss-serv.c b/gss-serv.c |
| 995 | index 95348e2..feb1ed7 100644 | 995 | index e61b37b..c33463b 100644 |
| 996 | --- a/gss-serv.c | 996 | --- a/gss-serv.c |
| 997 | +++ b/gss-serv.c | 997 | +++ b/gss-serv.c |
| 998 | @@ -1,7 +1,7 @@ | 998 | @@ -1,7 +1,7 @@ |
| 999 | /* $OpenBSD: gss-serv.c,v 1.24 2013/07/20 01:55:13 djm Exp $ */ | 999 | /* $OpenBSD: gss-serv.c,v 1.26 2014/02/26 20:28:44 djm Exp $ */ |
| 1000 | 1000 | ||
| 1001 | /* | 1001 | /* |
| 1002 | - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 1002 | - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
| @@ -1028,7 +1028,7 @@ index 95348e2..feb1ed7 100644 | |||
| 1028 | 1028 | ||
| 1029 | #ifdef KRB5 | 1029 | #ifdef KRB5 |
| 1030 | extern ssh_gssapi_mech gssapi_kerberos_mech; | 1030 | extern ssh_gssapi_mech gssapi_kerberos_mech; |
| 1031 | @@ -81,25 +87,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) | 1031 | @@ -100,25 +106,32 @@ ssh_gssapi_acquire_cred(Gssctxt *ctx) |
| 1032 | char lname[MAXHOSTNAMELEN]; | 1032 | char lname[MAXHOSTNAMELEN]; |
| 1033 | gss_OID_set oidset; | 1033 | gss_OID_set oidset; |
| 1034 | 1034 | ||
| @@ -1075,7 +1075,7 @@ index 95348e2..feb1ed7 100644 | |||
| 1075 | } | 1075 | } |
| 1076 | 1076 | ||
| 1077 | /* Privileged */ | 1077 | /* Privileged */ |
| 1078 | @@ -114,6 +127,29 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) | 1078 | @@ -133,6 +146,29 @@ ssh_gssapi_server_ctx(Gssctxt **ctx, gss_OID oid) |
| 1079 | } | 1079 | } |
| 1080 | 1080 | ||
| 1081 | /* Unprivileged */ | 1081 | /* Unprivileged */ |
| @@ -1105,7 +1105,7 @@ index 95348e2..feb1ed7 100644 | |||
| 1105 | void | 1105 | void |
| 1106 | ssh_gssapi_supported_oids(gss_OID_set *oidset) | 1106 | ssh_gssapi_supported_oids(gss_OID_set *oidset) |
| 1107 | { | 1107 | { |
| 1108 | @@ -123,7 +159,9 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) | 1108 | @@ -142,7 +178,9 @@ ssh_gssapi_supported_oids(gss_OID_set *oidset) |
| 1109 | gss_OID_set supported; | 1109 | gss_OID_set supported; |
| 1110 | 1110 | ||
| 1111 | gss_create_empty_oid_set(&min_status, oidset); | 1111 | gss_create_empty_oid_set(&min_status, oidset); |
| @@ -1116,7 +1116,7 @@ index 95348e2..feb1ed7 100644 | |||
| 1116 | 1116 | ||
| 1117 | while (supported_mechs[i]->name != NULL) { | 1117 | while (supported_mechs[i]->name != NULL) { |
| 1118 | if (GSS_ERROR(gss_test_oid_set_member(&min_status, | 1118 | if (GSS_ERROR(gss_test_oid_set_member(&min_status, |
| 1119 | @@ -249,8 +287,48 @@ OM_uint32 | 1119 | @@ -268,8 +306,48 @@ OM_uint32 |
| 1120 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | 1120 | ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) |
| 1121 | { | 1121 | { |
| 1122 | int i = 0; | 1122 | int i = 0; |
| @@ -1166,7 +1166,7 @@ index 95348e2..feb1ed7 100644 | |||
| 1166 | 1166 | ||
| 1167 | client->mech = NULL; | 1167 | client->mech = NULL; |
| 1168 | 1168 | ||
| 1169 | @@ -265,6 +343,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | 1169 | @@ -284,6 +362,13 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) |
| 1170 | if (client->mech == NULL) | 1170 | if (client->mech == NULL) |
| 1171 | return GSS_S_FAILURE; | 1171 | return GSS_S_FAILURE; |
| 1172 | 1172 | ||
| @@ -1180,7 +1180,7 @@ index 95348e2..feb1ed7 100644 | |||
| 1180 | if ((ctx->major = gss_display_name(&ctx->minor, ctx->client, | 1180 | if ((ctx->major = gss_display_name(&ctx->minor, ctx->client, |
| 1181 | &client->displayname, NULL))) { | 1181 | &client->displayname, NULL))) { |
| 1182 | ssh_gssapi_error(ctx); | 1182 | ssh_gssapi_error(ctx); |
| 1183 | @@ -282,6 +367,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) | 1183 | @@ -301,6 +386,8 @@ ssh_gssapi_getclient(Gssctxt *ctx, ssh_gssapi_client *client) |
| 1184 | return (ctx->major); | 1184 | return (ctx->major); |
| 1185 | } | 1185 | } |
| 1186 | 1186 | ||
| @@ -1189,7 +1189,7 @@ index 95348e2..feb1ed7 100644 | |||
| 1189 | /* We can't copy this structure, so we just move the pointer to it */ | 1189 | /* We can't copy this structure, so we just move the pointer to it */ |
| 1190 | client->creds = ctx->client_creds; | 1190 | client->creds = ctx->client_creds; |
| 1191 | ctx->client_creds = GSS_C_NO_CREDENTIAL; | 1191 | ctx->client_creds = GSS_C_NO_CREDENTIAL; |
| 1192 | @@ -329,7 +416,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) | 1192 | @@ -348,7 +435,7 @@ ssh_gssapi_do_child(char ***envp, u_int *envsizep) |
| 1193 | 1193 | ||
| 1194 | /* Privileged */ | 1194 | /* Privileged */ |
| 1195 | int | 1195 | int |
| @@ -1198,7 +1198,7 @@ index 95348e2..feb1ed7 100644 | |||
| 1198 | { | 1198 | { |
| 1199 | OM_uint32 lmin; | 1199 | OM_uint32 lmin; |
| 1200 | 1200 | ||
| 1201 | @@ -339,9 +426,11 @@ ssh_gssapi_userok(char *user) | 1201 | @@ -358,9 +445,11 @@ ssh_gssapi_userok(char *user) |
| 1202 | return 0; | 1202 | return 0; |
| 1203 | } | 1203 | } |
| 1204 | if (gssapi_client.mech && gssapi_client.mech->userok) | 1204 | if (gssapi_client.mech && gssapi_client.mech->userok) |
| @@ -1212,7 +1212,7 @@ index 95348e2..feb1ed7 100644 | |||
| 1212 | /* Destroy delegated credentials if userok fails */ | 1212 | /* Destroy delegated credentials if userok fails */ |
| 1213 | gss_release_buffer(&lmin, &gssapi_client.displayname); | 1213 | gss_release_buffer(&lmin, &gssapi_client.displayname); |
| 1214 | gss_release_buffer(&lmin, &gssapi_client.exportedname); | 1214 | gss_release_buffer(&lmin, &gssapi_client.exportedname); |
| 1215 | @@ -354,14 +443,90 @@ ssh_gssapi_userok(char *user) | 1215 | @@ -374,14 +463,90 @@ ssh_gssapi_userok(char *user) |
| 1216 | return (0); | 1216 | return (0); |
| 1217 | } | 1217 | } |
| 1218 | 1218 | ||
| @@ -1310,7 +1310,7 @@ index 95348e2..feb1ed7 100644 | |||
| 1310 | 1310 | ||
| 1311 | #endif | 1311 | #endif |
| 1312 | diff --git a/kex.c b/kex.c | 1312 | diff --git a/kex.c b/kex.c |
| 1313 | index 616484b..49d0fc8 100644 | 1313 | index 74e2b86..d114ee3 100644 |
| 1314 | --- a/kex.c | 1314 | --- a/kex.c |
| 1315 | +++ b/kex.c | 1315 | +++ b/kex.c |
| 1316 | @@ -51,6 +51,10 @@ | 1316 | @@ -51,6 +51,10 @@ |
| @@ -1351,7 +1351,7 @@ index 616484b..49d0fc8 100644 | |||
| 1351 | } | 1351 | } |
| 1352 | 1352 | ||
| 1353 | diff --git a/kex.h b/kex.h | 1353 | diff --git a/kex.h b/kex.h |
| 1354 | index 1aa3ec2..8fbcb2b 100644 | 1354 | index c85680e..ea698c4 100644 |
| 1355 | --- a/kex.h | 1355 | --- a/kex.h |
| 1356 | +++ b/kex.h | 1356 | +++ b/kex.h |
| 1357 | @@ -76,6 +76,9 @@ enum kex_exchange { | 1357 | @@ -76,6 +76,9 @@ enum kex_exchange { |
| @@ -1364,7 +1364,7 @@ index 1aa3ec2..8fbcb2b 100644 | |||
| 1364 | KEX_MAX | 1364 | KEX_MAX |
| 1365 | }; | 1365 | }; |
| 1366 | 1366 | ||
| 1367 | @@ -136,6 +139,12 @@ struct Kex { | 1367 | @@ -135,6 +138,12 @@ struct Kex { |
| 1368 | int flags; | 1368 | int flags; |
| 1369 | int hash_alg; | 1369 | int hash_alg; |
| 1370 | int ec_nid; | 1370 | int ec_nid; |
| @@ -1377,7 +1377,7 @@ index 1aa3ec2..8fbcb2b 100644 | |||
| 1377 | char *client_version_string; | 1377 | char *client_version_string; |
| 1378 | char *server_version_string; | 1378 | char *server_version_string; |
| 1379 | int (*verify_host_key)(Key *); | 1379 | int (*verify_host_key)(Key *); |
| 1380 | @@ -168,6 +177,11 @@ void kexecdh_server(Kex *); | 1380 | @@ -167,6 +176,11 @@ void kexecdh_server(Kex *); |
| 1381 | void kexc25519_client(Kex *); | 1381 | void kexc25519_client(Kex *); |
| 1382 | void kexc25519_server(Kex *); | 1382 | void kexc25519_server(Kex *); |
| 1383 | 1383 | ||
| @@ -2023,7 +2023,7 @@ index 0000000..8095259 | |||
| 2023 | +} | 2023 | +} |
| 2024 | +#endif /* GSSAPI */ | 2024 | +#endif /* GSSAPI */ |
| 2025 | diff --git a/key.c b/key.c | 2025 | diff --git a/key.c b/key.c |
| 2026 | index 9142338..7ac844c 100644 | 2026 | index 168e1b7..3d640e7 100644 |
| 2027 | --- a/key.c | 2027 | --- a/key.c |
| 2028 | +++ b/key.c | 2028 | +++ b/key.c |
| 2029 | @@ -985,6 +985,7 @@ static const struct keytype keytypes[] = { | 2029 | @@ -985,6 +985,7 @@ static const struct keytype keytypes[] = { |
| @@ -2056,10 +2056,10 @@ index d8ad13d..c8aeba2 100644 | |||
| 2056 | }; | 2056 | }; |
| 2057 | enum fp_type { | 2057 | enum fp_type { |
| 2058 | diff --git a/monitor.c b/monitor.c | 2058 | diff --git a/monitor.c b/monitor.c |
| 2059 | index 03baf1e..a777c4c 100644 | 2059 | index 531c4f9..2918814 100644 |
| 2060 | --- a/monitor.c | 2060 | --- a/monitor.c |
| 2061 | +++ b/monitor.c | 2061 | +++ b/monitor.c |
| 2062 | @@ -181,6 +181,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *); | 2062 | @@ -175,6 +175,8 @@ int mm_answer_gss_setup_ctx(int, Buffer *); |
| 2063 | int mm_answer_gss_accept_ctx(int, Buffer *); | 2063 | int mm_answer_gss_accept_ctx(int, Buffer *); |
| 2064 | int mm_answer_gss_userok(int, Buffer *); | 2064 | int mm_answer_gss_userok(int, Buffer *); |
| 2065 | int mm_answer_gss_checkmic(int, Buffer *); | 2065 | int mm_answer_gss_checkmic(int, Buffer *); |
| @@ -2068,15 +2068,13 @@ index 03baf1e..a777c4c 100644 | |||
| 2068 | #endif | 2068 | #endif |
| 2069 | 2069 | ||
| 2070 | #ifdef SSH_AUDIT_EVENTS | 2070 | #ifdef SSH_AUDIT_EVENTS |
| 2071 | @@ -253,6 +255,7 @@ struct mon_table mon_dispatch_proto20[] = { | 2071 | @@ -247,11 +249,18 @@ struct mon_table mon_dispatch_proto20[] = { |
| 2072 | {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, | 2072 | {MONITOR_REQ_GSSSTEP, MON_ISAUTH, mm_answer_gss_accept_ctx}, |
| 2073 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, | 2073 | {MONITOR_REQ_GSSUSEROK, MON_AUTH, mm_answer_gss_userok}, |
| 2074 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, | 2074 | {MONITOR_REQ_GSSCHECKMIC, MON_ISAUTH, mm_answer_gss_checkmic}, |
| 2075 | + {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign}, | 2075 | + {MONITOR_REQ_GSSSIGN, MON_ONCE, mm_answer_gss_sign}, |
| 2076 | #endif | 2076 | #endif |
| 2077 | #ifdef JPAKE | 2077 | {0, 0, NULL} |
| 2078 | {MONITOR_REQ_JPAKE_GET_PWDATA, MON_ONCE, mm_answer_jpake_get_pwdata}, | ||
| 2079 | @@ -265,6 +268,12 @@ struct mon_table mon_dispatch_proto20[] = { | ||
| 2080 | }; | 2078 | }; |
| 2081 | 2079 | ||
| 2082 | struct mon_table mon_dispatch_postauth20[] = { | 2080 | struct mon_table mon_dispatch_postauth20[] = { |
| @@ -2089,7 +2087,7 @@ index 03baf1e..a777c4c 100644 | |||
| 2089 | {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, | 2087 | {MONITOR_REQ_MODULI, 0, mm_answer_moduli}, |
| 2090 | {MONITOR_REQ_SIGN, 0, mm_answer_sign}, | 2088 | {MONITOR_REQ_SIGN, 0, mm_answer_sign}, |
| 2091 | {MONITOR_REQ_PTY, 0, mm_answer_pty}, | 2089 | {MONITOR_REQ_PTY, 0, mm_answer_pty}, |
| 2092 | @@ -373,6 +382,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) | 2090 | @@ -360,6 +369,10 @@ monitor_child_preauth(Authctxt *_authctxt, struct monitor *pmonitor) |
| 2093 | /* Permit requests for moduli and signatures */ | 2091 | /* Permit requests for moduli and signatures */ |
| 2094 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | 2092 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); |
| 2095 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | 2093 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
| @@ -2100,7 +2098,7 @@ index 03baf1e..a777c4c 100644 | |||
| 2100 | } else { | 2098 | } else { |
| 2101 | mon_dispatch = mon_dispatch_proto15; | 2099 | mon_dispatch = mon_dispatch_proto15; |
| 2102 | 2100 | ||
| 2103 | @@ -487,6 +500,10 @@ monitor_child_postauth(struct monitor *pmonitor) | 2101 | @@ -465,6 +478,10 @@ monitor_child_postauth(struct monitor *pmonitor) |
| 2104 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); | 2102 | monitor_permit(mon_dispatch, MONITOR_REQ_MODULI, 1); |
| 2105 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); | 2103 | monitor_permit(mon_dispatch, MONITOR_REQ_SIGN, 1); |
| 2106 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | 2104 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); |
| @@ -2111,7 +2109,7 @@ index 03baf1e..a777c4c 100644 | |||
| 2111 | } else { | 2109 | } else { |
| 2112 | mon_dispatch = mon_dispatch_postauth15; | 2110 | mon_dispatch = mon_dispatch_postauth15; |
| 2113 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); | 2111 | monitor_permit(mon_dispatch, MONITOR_REQ_TERM, 1); |
| 2114 | @@ -1856,6 +1873,13 @@ mm_get_kex(Buffer *m) | 2112 | @@ -1834,6 +1851,13 @@ mm_get_kex(Buffer *m) |
| 2115 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 2113 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
| 2116 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; | 2114 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
| 2117 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; | 2115 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
| @@ -2125,7 +2123,7 @@ index 03baf1e..a777c4c 100644 | |||
| 2125 | kex->server = 1; | 2123 | kex->server = 1; |
| 2126 | kex->hostkey_type = buffer_get_int(m); | 2124 | kex->hostkey_type = buffer_get_int(m); |
| 2127 | kex->kex_type = buffer_get_int(m); | 2125 | kex->kex_type = buffer_get_int(m); |
| 2128 | @@ -2063,6 +2087,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) | 2126 | @@ -2041,6 +2065,9 @@ mm_answer_gss_setup_ctx(int sock, Buffer *m) |
| 2129 | OM_uint32 major; | 2127 | OM_uint32 major; |
| 2130 | u_int len; | 2128 | u_int len; |
| 2131 | 2129 | ||
| @@ -2135,7 +2133,7 @@ index 03baf1e..a777c4c 100644 | |||
| 2135 | goid.elements = buffer_get_string(m, &len); | 2133 | goid.elements = buffer_get_string(m, &len); |
| 2136 | goid.length = len; | 2134 | goid.length = len; |
| 2137 | 2135 | ||
| 2138 | @@ -2090,6 +2117,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | 2136 | @@ -2068,6 +2095,9 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) |
| 2139 | OM_uint32 flags = 0; /* GSI needs this */ | 2137 | OM_uint32 flags = 0; /* GSI needs this */ |
| 2140 | u_int len; | 2138 | u_int len; |
| 2141 | 2139 | ||
| @@ -2145,7 +2143,7 @@ index 03baf1e..a777c4c 100644 | |||
| 2145 | in.value = buffer_get_string(m, &len); | 2143 | in.value = buffer_get_string(m, &len); |
| 2146 | in.length = len; | 2144 | in.length = len; |
| 2147 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); | 2145 | major = ssh_gssapi_accept_ctx(gsscontext, &in, &out, &flags); |
| 2148 | @@ -2107,6 +2137,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) | 2146 | @@ -2085,6 +2115,7 @@ mm_answer_gss_accept_ctx(int sock, Buffer *m) |
| 2149 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); | 2147 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSSTEP, 0); |
| 2150 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); | 2148 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSUSEROK, 1); |
| 2151 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); | 2149 | monitor_permit(mon_dispatch, MONITOR_REQ_GSSCHECKMIC, 1); |
| @@ -2153,7 +2151,7 @@ index 03baf1e..a777c4c 100644 | |||
| 2153 | } | 2151 | } |
| 2154 | return (0); | 2152 | return (0); |
| 2155 | } | 2153 | } |
| 2156 | @@ -2118,6 +2149,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m) | 2154 | @@ -2096,6 +2127,9 @@ mm_answer_gss_checkmic(int sock, Buffer *m) |
| 2157 | OM_uint32 ret; | 2155 | OM_uint32 ret; |
| 2158 | u_int len; | 2156 | u_int len; |
| 2159 | 2157 | ||
| @@ -2163,7 +2161,7 @@ index 03baf1e..a777c4c 100644 | |||
| 2163 | gssbuf.value = buffer_get_string(m, &len); | 2161 | gssbuf.value = buffer_get_string(m, &len); |
| 2164 | gssbuf.length = len; | 2162 | gssbuf.length = len; |
| 2165 | mic.value = buffer_get_string(m, &len); | 2163 | mic.value = buffer_get_string(m, &len); |
| 2166 | @@ -2144,7 +2178,11 @@ mm_answer_gss_userok(int sock, Buffer *m) | 2164 | @@ -2122,7 +2156,11 @@ mm_answer_gss_userok(int sock, Buffer *m) |
| 2167 | { | 2165 | { |
| 2168 | int authenticated; | 2166 | int authenticated; |
| 2169 | 2167 | ||
| @@ -2176,7 +2174,7 @@ index 03baf1e..a777c4c 100644 | |||
| 2176 | 2174 | ||
| 2177 | buffer_clear(m); | 2175 | buffer_clear(m); |
| 2178 | buffer_put_int(m, authenticated); | 2176 | buffer_put_int(m, authenticated); |
| 2179 | @@ -2157,6 +2195,74 @@ mm_answer_gss_userok(int sock, Buffer *m) | 2177 | @@ -2135,5 +2173,73 @@ mm_answer_gss_userok(int sock, Buffer *m) |
| 2180 | /* Monitor loop will terminate if authenticated */ | 2178 | /* Monitor loop will terminate if authenticated */ |
| 2181 | return (authenticated); | 2179 | return (authenticated); |
| 2182 | } | 2180 | } |
| @@ -2250,12 +2248,11 @@ index 03baf1e..a777c4c 100644 | |||
| 2250 | + | 2248 | + |
| 2251 | #endif /* GSSAPI */ | 2249 | #endif /* GSSAPI */ |
| 2252 | 2250 | ||
| 2253 | #ifdef JPAKE | ||
| 2254 | diff --git a/monitor.h b/monitor.h | 2251 | diff --git a/monitor.h b/monitor.h |
| 2255 | index 2caa469..315ef99 100644 | 2252 | index 5bc41b5..7f32b0c 100644 |
| 2256 | --- a/monitor.h | 2253 | --- a/monitor.h |
| 2257 | +++ b/monitor.h | 2254 | +++ b/monitor.h |
| 2258 | @@ -70,6 +70,9 @@ enum monitor_reqtype { | 2255 | @@ -65,6 +65,9 @@ enum monitor_reqtype { |
| 2259 | MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, | 2256 | MONITOR_REQ_PAM_FREE_CTX = 110, MONITOR_ANS_PAM_FREE_CTX = 111, |
| 2260 | MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, | 2257 | MONITOR_REQ_AUDIT_EVENT = 112, MONITOR_REQ_AUDIT_COMMAND = 113, |
| 2261 | 2258 | ||
| @@ -2266,10 +2263,10 @@ index 2caa469..315ef99 100644 | |||
| 2266 | 2263 | ||
| 2267 | struct mm_master; | 2264 | struct mm_master; |
| 2268 | diff --git a/monitor_wrap.c b/monitor_wrap.c | 2265 | diff --git a/monitor_wrap.c b/monitor_wrap.c |
| 2269 | index 4ce4696..44019f3 100644 | 2266 | index 1a47e41..60b987d 100644 |
| 2270 | --- a/monitor_wrap.c | 2267 | --- a/monitor_wrap.c |
| 2271 | +++ b/monitor_wrap.c | 2268 | +++ b/monitor_wrap.c |
| 2272 | @@ -1273,7 +1273,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) | 2269 | @@ -1271,7 +1271,7 @@ mm_ssh_gssapi_checkmic(Gssctxt *ctx, gss_buffer_t gssbuf, gss_buffer_t gssmic) |
| 2273 | } | 2270 | } |
| 2274 | 2271 | ||
| 2275 | int | 2272 | int |
| @@ -2278,7 +2275,7 @@ index 4ce4696..44019f3 100644 | |||
| 2278 | { | 2275 | { |
| 2279 | Buffer m; | 2276 | Buffer m; |
| 2280 | int authenticated = 0; | 2277 | int authenticated = 0; |
| 2281 | @@ -1290,6 +1290,51 @@ mm_ssh_gssapi_userok(char *user) | 2278 | @@ -1288,5 +1288,50 @@ mm_ssh_gssapi_userok(char *user) |
| 2282 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); | 2279 | debug3("%s: user %sauthenticated",__func__, authenticated ? "" : "not "); |
| 2283 | return (authenticated); | 2280 | return (authenticated); |
| 2284 | } | 2281 | } |
| @@ -2329,9 +2326,8 @@ index 4ce4696..44019f3 100644 | |||
| 2329 | + | 2326 | + |
| 2330 | #endif /* GSSAPI */ | 2327 | #endif /* GSSAPI */ |
| 2331 | 2328 | ||
| 2332 | #ifdef JPAKE | ||
| 2333 | diff --git a/monitor_wrap.h b/monitor_wrap.h | 2329 | diff --git a/monitor_wrap.h b/monitor_wrap.h |
| 2334 | index 0c7f2e3..ec9b9b1 100644 | 2330 | index 18c2501..a4e9d24 100644 |
| 2335 | --- a/monitor_wrap.h | 2331 | --- a/monitor_wrap.h |
| 2336 | +++ b/monitor_wrap.h | 2332 | +++ b/monitor_wrap.h |
| 2337 | @@ -58,8 +58,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(Key *); | 2333 | @@ -58,8 +58,10 @@ BIGNUM *mm_auth_rsa_generate_challenge(Key *); |
| @@ -2347,10 +2343,10 @@ index 0c7f2e3..ec9b9b1 100644 | |||
| 2347 | 2343 | ||
| 2348 | #ifdef USE_PAM | 2344 | #ifdef USE_PAM |
| 2349 | diff --git a/readconf.c b/readconf.c | 2345 | diff --git a/readconf.c b/readconf.c |
| 2350 | index 9c7e73d..cb8bcb2 100644 | 2346 | index dc884c9..7613ff2 100644 |
| 2351 | --- a/readconf.c | 2347 | --- a/readconf.c |
| 2352 | +++ b/readconf.c | 2348 | +++ b/readconf.c |
| 2353 | @@ -140,6 +140,8 @@ typedef enum { | 2349 | @@ -141,6 +141,8 @@ typedef enum { |
| 2354 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, | 2350 | oClearAllForwardings, oNoHostAuthenticationForLocalhost, |
| 2355 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, | 2351 | oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, |
| 2356 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, | 2352 | oAddressFamily, oGssAuthentication, oGssDelegateCreds, |
| @@ -2359,7 +2355,7 @@ index 9c7e73d..cb8bcb2 100644 | |||
| 2359 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, | 2355 | oServerAliveInterval, oServerAliveCountMax, oIdentitiesOnly, |
| 2360 | oSendEnv, oControlPath, oControlMaster, oControlPersist, | 2356 | oSendEnv, oControlPath, oControlMaster, oControlPersist, |
| 2361 | oHashKnownHosts, | 2357 | oHashKnownHosts, |
| 2362 | @@ -182,10 +184,19 @@ static struct { | 2358 | @@ -183,10 +185,19 @@ static struct { |
| 2363 | { "afstokenpassing", oUnsupported }, | 2359 | { "afstokenpassing", oUnsupported }, |
| 2364 | #if defined(GSSAPI) | 2360 | #if defined(GSSAPI) |
| 2365 | { "gssapiauthentication", oGssAuthentication }, | 2361 | { "gssapiauthentication", oGssAuthentication }, |
| @@ -2379,7 +2375,7 @@ index 9c7e73d..cb8bcb2 100644 | |||
| 2379 | #endif | 2375 | #endif |
| 2380 | { "fallbacktorsh", oDeprecated }, | 2376 | { "fallbacktorsh", oDeprecated }, |
| 2381 | { "usersh", oDeprecated }, | 2377 | { "usersh", oDeprecated }, |
| 2382 | @@ -839,10 +850,30 @@ parse_time: | 2378 | @@ -841,10 +852,30 @@ parse_time: |
| 2383 | intptr = &options->gss_authentication; | 2379 | intptr = &options->gss_authentication; |
| 2384 | goto parse_flag; | 2380 | goto parse_flag; |
| 2385 | 2381 | ||
| @@ -2410,7 +2406,7 @@ index 9c7e73d..cb8bcb2 100644 | |||
| 2410 | case oBatchMode: | 2406 | case oBatchMode: |
| 2411 | intptr = &options->batch_mode; | 2407 | intptr = &options->batch_mode; |
| 2412 | goto parse_flag; | 2408 | goto parse_flag; |
| 2413 | @@ -1488,7 +1519,12 @@ initialize_options(Options * options) | 2409 | @@ -1497,7 +1528,12 @@ initialize_options(Options * options) |
| 2414 | options->pubkey_authentication = -1; | 2410 | options->pubkey_authentication = -1; |
| 2415 | options->challenge_response_authentication = -1; | 2411 | options->challenge_response_authentication = -1; |
| 2416 | options->gss_authentication = -1; | 2412 | options->gss_authentication = -1; |
| @@ -2423,7 +2419,7 @@ index 9c7e73d..cb8bcb2 100644 | |||
| 2423 | options->password_authentication = -1; | 2419 | options->password_authentication = -1; |
| 2424 | options->kbd_interactive_authentication = -1; | 2420 | options->kbd_interactive_authentication = -1; |
| 2425 | options->kbd_interactive_devices = NULL; | 2421 | options->kbd_interactive_devices = NULL; |
| 2426 | @@ -1594,8 +1630,14 @@ fill_default_options(Options * options) | 2422 | @@ -1616,8 +1652,14 @@ fill_default_options(Options * options) |
| 2427 | options->challenge_response_authentication = 1; | 2423 | options->challenge_response_authentication = 1; |
| 2428 | if (options->gss_authentication == -1) | 2424 | if (options->gss_authentication == -1) |
| 2429 | options->gss_authentication = 0; | 2425 | options->gss_authentication = 0; |
| @@ -2439,7 +2435,7 @@ index 9c7e73d..cb8bcb2 100644 | |||
| 2439 | options->password_authentication = 1; | 2435 | options->password_authentication = 1; |
| 2440 | if (options->kbd_interactive_authentication == -1) | 2436 | if (options->kbd_interactive_authentication == -1) |
| 2441 | diff --git a/readconf.h b/readconf.h | 2437 | diff --git a/readconf.h b/readconf.h |
| 2442 | index 2d7ea9f..826c676 100644 | 2438 | index 75e3f8f..5cc97f0 100644 |
| 2443 | --- a/readconf.h | 2439 | --- a/readconf.h |
| 2444 | +++ b/readconf.h | 2440 | +++ b/readconf.h |
| 2445 | @@ -54,7 +54,12 @@ typedef struct { | 2441 | @@ -54,7 +54,12 @@ typedef struct { |
| @@ -2456,7 +2452,7 @@ index 2d7ea9f..826c676 100644 | |||
| 2456 | * authentication. */ | 2452 | * authentication. */ |
| 2457 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ | 2453 | int kbd_interactive_authentication; /* Try keyboard-interactive auth. */ |
| 2458 | diff --git a/servconf.c b/servconf.c | 2454 | diff --git a/servconf.c b/servconf.c |
| 2459 | index 9bcd05b..29209e4 100644 | 2455 | index 7ba65d5..0083cf8 100644 |
| 2460 | --- a/servconf.c | 2456 | --- a/servconf.c |
| 2461 | +++ b/servconf.c | 2457 | +++ b/servconf.c |
| 2462 | @@ -108,7 +108,10 @@ initialize_server_options(ServerOptions *options) | 2458 | @@ -108,7 +108,10 @@ initialize_server_options(ServerOptions *options) |
| @@ -2470,7 +2466,7 @@ index 9bcd05b..29209e4 100644 | |||
| 2470 | options->password_authentication = -1; | 2466 | options->password_authentication = -1; |
| 2471 | options->kbd_interactive_authentication = -1; | 2467 | options->kbd_interactive_authentication = -1; |
| 2472 | options->challenge_response_authentication = -1; | 2468 | options->challenge_response_authentication = -1; |
| 2473 | @@ -245,8 +248,14 @@ fill_default_server_options(ServerOptions *options) | 2469 | @@ -244,8 +247,14 @@ fill_default_server_options(ServerOptions *options) |
| 2474 | options->kerberos_get_afs_token = 0; | 2470 | options->kerberos_get_afs_token = 0; |
| 2475 | if (options->gss_authentication == -1) | 2471 | if (options->gss_authentication == -1) |
| 2476 | options->gss_authentication = 0; | 2472 | options->gss_authentication = 0; |
| @@ -2485,7 +2481,7 @@ index 9bcd05b..29209e4 100644 | |||
| 2485 | if (options->password_authentication == -1) | 2481 | if (options->password_authentication == -1) |
| 2486 | options->password_authentication = 1; | 2482 | options->password_authentication = 1; |
| 2487 | if (options->kbd_interactive_authentication == -1) | 2483 | if (options->kbd_interactive_authentication == -1) |
| 2488 | @@ -343,7 +352,9 @@ typedef enum { | 2484 | @@ -340,7 +349,9 @@ typedef enum { |
| 2489 | sBanner, sUseDNS, sHostbasedAuthentication, | 2485 | sBanner, sUseDNS, sHostbasedAuthentication, |
| 2490 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, | 2486 | sHostbasedUsesNameFromPacketOnly, sClientAliveInterval, |
| 2491 | sClientAliveCountMax, sAuthorizedKeysFile, | 2487 | sClientAliveCountMax, sAuthorizedKeysFile, |
| @@ -2495,8 +2491,8 @@ index 9bcd05b..29209e4 100644 | |||
| 2495 | + sAcceptEnv, sPermitTunnel, | 2491 | + sAcceptEnv, sPermitTunnel, |
| 2496 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, | 2492 | sMatch, sPermitOpen, sForceCommand, sChrootDirectory, |
| 2497 | sUsePrivilegeSeparation, sAllowAgentForwarding, | 2493 | sUsePrivilegeSeparation, sAllowAgentForwarding, |
| 2498 | sZeroKnowledgePasswordAuthentication, sHostCertificate, | 2494 | sHostCertificate, |
| 2499 | @@ -410,10 +421,20 @@ static struct { | 2495 | @@ -407,10 +418,20 @@ static struct { |
| 2500 | #ifdef GSSAPI | 2496 | #ifdef GSSAPI |
| 2501 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, | 2497 | { "gssapiauthentication", sGssAuthentication, SSHCFG_ALL }, |
| 2502 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, | 2498 | { "gssapicleanupcredentials", sGssCleanupCreds, SSHCFG_GLOBAL }, |
| @@ -2517,7 +2513,7 @@ index 9bcd05b..29209e4 100644 | |||
| 2517 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, | 2513 | { "passwordauthentication", sPasswordAuthentication, SSHCFG_ALL }, |
| 2518 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, | 2514 | { "kbdinteractiveauthentication", sKbdInteractiveAuthentication, SSHCFG_ALL }, |
| 2519 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, | 2515 | { "challengeresponseauthentication", sChallengeResponseAuthentication, SSHCFG_GLOBAL }, |
| 2520 | @@ -1094,10 +1115,22 @@ process_server_config_line(ServerOptions *options, char *line, | 2516 | @@ -1086,10 +1107,22 @@ process_server_config_line(ServerOptions *options, char *line, |
| 2521 | intptr = &options->gss_authentication; | 2517 | intptr = &options->gss_authentication; |
| 2522 | goto parse_flag; | 2518 | goto parse_flag; |
| 2523 | 2519 | ||
| @@ -2540,7 +2536,7 @@ index 9bcd05b..29209e4 100644 | |||
| 2540 | case sPasswordAuthentication: | 2536 | case sPasswordAuthentication: |
| 2541 | intptr = &options->password_authentication; | 2537 | intptr = &options->password_authentication; |
| 2542 | goto parse_flag; | 2538 | goto parse_flag; |
| 2543 | @@ -2008,7 +2041,10 @@ dump_config(ServerOptions *o) | 2539 | @@ -1995,7 +2028,10 @@ dump_config(ServerOptions *o) |
| 2544 | #endif | 2540 | #endif |
| 2545 | #ifdef GSSAPI | 2541 | #ifdef GSSAPI |
| 2546 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); | 2542 | dump_cfg_fmtint(sGssAuthentication, o->gss_authentication); |
| @@ -2549,10 +2545,10 @@ index 9bcd05b..29209e4 100644 | |||
| 2549 | + dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); | 2545 | + dump_cfg_fmtint(sGssStrictAcceptor, o->gss_strict_acceptor); |
| 2550 | + dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); | 2546 | + dump_cfg_fmtint(sGssStoreRekey, o->gss_store_rekey); |
| 2551 | #endif | 2547 | #endif |
| 2552 | #ifdef JPAKE | 2548 | dump_cfg_fmtint(sPasswordAuthentication, o->password_authentication); |
| 2553 | dump_cfg_fmtint(sZeroKnowledgePasswordAuthentication, | 2549 | dump_cfg_fmtint(sKbdInteractiveAuthentication, |
| 2554 | diff --git a/servconf.h b/servconf.h | 2550 | diff --git a/servconf.h b/servconf.h |
| 2555 | index 8812c5a..eba76ee 100644 | 2551 | index 752d1c5..c922eb5 100644 |
| 2556 | --- a/servconf.h | 2552 | --- a/servconf.h |
| 2557 | +++ b/servconf.h | 2553 | +++ b/servconf.h |
| 2558 | @@ -112,7 +112,10 @@ typedef struct { | 2554 | @@ -112,7 +112,10 @@ typedef struct { |
| @@ -2567,11 +2563,11 @@ index 8812c5a..eba76ee 100644 | |||
| 2567 | * authentication. */ | 2563 | * authentication. */ |
| 2568 | int kbd_interactive_authentication; /* If true, permit */ | 2564 | int kbd_interactive_authentication; /* If true, permit */ |
| 2569 | diff --git a/ssh-gss.h b/ssh-gss.h | 2565 | diff --git a/ssh-gss.h b/ssh-gss.h |
| 2570 | index 077e13c..885e481 100644 | 2566 | index a99d7f0..914701b 100644 |
| 2571 | --- a/ssh-gss.h | 2567 | --- a/ssh-gss.h |
| 2572 | +++ b/ssh-gss.h | 2568 | +++ b/ssh-gss.h |
| 2573 | @@ -1,6 +1,6 @@ | 2569 | @@ -1,6 +1,6 @@ |
| 2574 | /* $OpenBSD: ssh-gss.h,v 1.10 2007/06/12 08:20:00 djm Exp $ */ | 2570 | /* $OpenBSD: ssh-gss.h,v 1.11 2014/02/26 20:28:44 djm Exp $ */ |
| 2575 | /* | 2571 | /* |
| 2576 | - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. | 2572 | - * Copyright (c) 2001-2003 Simon Wilkinson. All rights reserved. |
| 2577 | + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. | 2573 | + * Copyright (c) 2001-2009 Simon Wilkinson. All rights reserved. |
| @@ -2634,7 +2630,7 @@ index 077e13c..885e481 100644 | |||
| 2634 | 2630 | ||
| 2635 | int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); | 2631 | int ssh_gssapi_check_oid(Gssctxt *, void *, size_t); |
| 2636 | void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); | 2632 | void ssh_gssapi_set_oid_data(Gssctxt *, void *, size_t); |
| 2637 | @@ -117,16 +134,32 @@ void ssh_gssapi_build_ctx(Gssctxt **); | 2633 | @@ -119,16 +136,32 @@ void ssh_gssapi_build_ctx(Gssctxt **); |
| 2638 | void ssh_gssapi_delete_ctx(Gssctxt **); | 2634 | void ssh_gssapi_delete_ctx(Gssctxt **); |
| 2639 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); | 2635 | OM_uint32 ssh_gssapi_sign(Gssctxt *, gss_buffer_t, gss_buffer_t); |
| 2640 | void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); | 2636 | void ssh_gssapi_buildmic(Buffer *, const char *, const char *, const char *); |
| @@ -2683,10 +2679,10 @@ index 03a228f..228e5ab 100644 | |||
| 2683 | # CheckHostIP yes | 2679 | # CheckHostIP yes |
| 2684 | # AddressFamily any | 2680 | # AddressFamily any |
| 2685 | diff --git a/ssh_config.5 b/ssh_config.5 | 2681 | diff --git a/ssh_config.5 b/ssh_config.5 |
| 2686 | index 3cadcd7..49505ae 100644 | 2682 | index b580392..e7accd6 100644 |
| 2687 | --- a/ssh_config.5 | 2683 | --- a/ssh_config.5 |
| 2688 | +++ b/ssh_config.5 | 2684 | +++ b/ssh_config.5 |
| 2689 | @@ -676,11 +676,43 @@ Specifies whether user authentication based on GSSAPI is allowed. | 2685 | @@ -682,11 +682,43 @@ Specifies whether user authentication based on GSSAPI is allowed. |
| 2690 | The default is | 2686 | The default is |
| 2691 | .Dq no . | 2687 | .Dq no . |
| 2692 | Note that this option applies to protocol version 2 only. | 2688 | Note that this option applies to protocol version 2 only. |
| @@ -2732,10 +2728,10 @@ index 3cadcd7..49505ae 100644 | |||
| 2732 | Indicates that | 2728 | Indicates that |
| 2733 | .Xr ssh 1 | 2729 | .Xr ssh 1 |
| 2734 | diff --git a/sshconnect2.c b/sshconnect2.c | 2730 | diff --git a/sshconnect2.c b/sshconnect2.c |
| 2735 | index 8acffc5..21a269d 100644 | 2731 | index 7f4ff41..66cb035 100644 |
| 2736 | --- a/sshconnect2.c | 2732 | --- a/sshconnect2.c |
| 2737 | +++ b/sshconnect2.c | 2733 | +++ b/sshconnect2.c |
| 2738 | @@ -160,9 +160,34 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | 2734 | @@ -158,9 +158,34 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) |
| 2739 | { | 2735 | { |
| 2740 | Kex *kex; | 2736 | Kex *kex; |
| 2741 | 2737 | ||
| @@ -2770,7 +2766,7 @@ index 8acffc5..21a269d 100644 | |||
| 2770 | if (options.ciphers == (char *)-1) { | 2766 | if (options.ciphers == (char *)-1) { |
| 2771 | logit("No valid ciphers for protocol version 2 given, using defaults."); | 2767 | logit("No valid ciphers for protocol version 2 given, using defaults."); |
| 2772 | options.ciphers = NULL; | 2768 | options.ciphers = NULL; |
| 2773 | @@ -198,6 +223,17 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | 2769 | @@ -196,6 +221,17 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) |
| 2774 | if (options.kex_algorithms != NULL) | 2770 | if (options.kex_algorithms != NULL) |
| 2775 | myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; | 2771 | myproposal[PROPOSAL_KEX_ALGS] = options.kex_algorithms; |
| 2776 | 2772 | ||
| @@ -2788,7 +2784,7 @@ index 8acffc5..21a269d 100644 | |||
| 2788 | if (options.rekey_limit || options.rekey_interval) | 2784 | if (options.rekey_limit || options.rekey_interval) |
| 2789 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, | 2785 | packet_set_rekey_limits((u_int32_t)options.rekey_limit, |
| 2790 | (time_t)options.rekey_interval); | 2786 | (time_t)options.rekey_interval); |
| 2791 | @@ -210,10 +246,30 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) | 2787 | @@ -208,10 +244,30 @@ ssh_kex2(char *host, struct sockaddr *hostaddr, u_short port) |
| 2792 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; | 2788 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_client; |
| 2793 | kex->kex[KEX_ECDH_SHA2] = kexecdh_client; | 2789 | kex->kex[KEX_ECDH_SHA2] = kexecdh_client; |
| 2794 | kex->kex[KEX_C25519_SHA256] = kexc25519_client; | 2790 | kex->kex[KEX_C25519_SHA256] = kexc25519_client; |
| @@ -2819,7 +2815,7 @@ index 8acffc5..21a269d 100644 | |||
| 2819 | xxx_kex = kex; | 2815 | xxx_kex = kex; |
| 2820 | 2816 | ||
| 2821 | dispatch_run(DISPATCH_BLOCK, &kex->done, kex); | 2817 | dispatch_run(DISPATCH_BLOCK, &kex->done, kex); |
| 2822 | @@ -309,6 +365,7 @@ void input_gssapi_token(int type, u_int32_t, void *); | 2818 | @@ -301,6 +357,7 @@ void input_gssapi_token(int type, u_int32_t, void *); |
| 2823 | void input_gssapi_hash(int type, u_int32_t, void *); | 2819 | void input_gssapi_hash(int type, u_int32_t, void *); |
| 2824 | void input_gssapi_error(int, u_int32_t, void *); | 2820 | void input_gssapi_error(int, u_int32_t, void *); |
| 2825 | void input_gssapi_errtok(int, u_int32_t, void *); | 2821 | void input_gssapi_errtok(int, u_int32_t, void *); |
| @@ -2827,7 +2823,7 @@ index 8acffc5..21a269d 100644 | |||
| 2827 | #endif | 2823 | #endif |
| 2828 | 2824 | ||
| 2829 | void userauth(Authctxt *, char *); | 2825 | void userauth(Authctxt *, char *); |
| 2830 | @@ -324,6 +381,11 @@ static char *authmethods_get(void); | 2826 | @@ -316,6 +373,11 @@ static char *authmethods_get(void); |
| 2831 | 2827 | ||
| 2832 | Authmethod authmethods[] = { | 2828 | Authmethod authmethods[] = { |
| 2833 | #ifdef GSSAPI | 2829 | #ifdef GSSAPI |
| @@ -2839,7 +2835,7 @@ index 8acffc5..21a269d 100644 | |||
| 2839 | {"gssapi-with-mic", | 2835 | {"gssapi-with-mic", |
| 2840 | userauth_gssapi, | 2836 | userauth_gssapi, |
| 2841 | NULL, | 2837 | NULL, |
| 2842 | @@ -627,19 +689,31 @@ userauth_gssapi(Authctxt *authctxt) | 2838 | @@ -612,19 +674,31 @@ userauth_gssapi(Authctxt *authctxt) |
| 2843 | static u_int mech = 0; | 2839 | static u_int mech = 0; |
| 2844 | OM_uint32 min; | 2840 | OM_uint32 min; |
| 2845 | int ok = 0; | 2841 | int ok = 0; |
| @@ -2873,7 +2869,7 @@ index 8acffc5..21a269d 100644 | |||
| 2873 | ok = 1; /* Mechanism works */ | 2869 | ok = 1; /* Mechanism works */ |
| 2874 | } else { | 2870 | } else { |
| 2875 | mech++; | 2871 | mech++; |
| 2876 | @@ -736,8 +810,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) | 2872 | @@ -721,8 +795,8 @@ input_gssapi_response(int type, u_int32_t plen, void *ctxt) |
| 2877 | { | 2873 | { |
| 2878 | Authctxt *authctxt = ctxt; | 2874 | Authctxt *authctxt = ctxt; |
| 2879 | Gssctxt *gssctxt; | 2875 | Gssctxt *gssctxt; |
| @@ -2884,7 +2880,7 @@ index 8acffc5..21a269d 100644 | |||
| 2884 | 2880 | ||
| 2885 | if (authctxt == NULL) | 2881 | if (authctxt == NULL) |
| 2886 | fatal("input_gssapi_response: no authentication context"); | 2882 | fatal("input_gssapi_response: no authentication context"); |
| 2887 | @@ -846,6 +920,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt) | 2883 | @@ -831,6 +905,48 @@ input_gssapi_error(int type, u_int32_t plen, void *ctxt) |
| 2888 | free(msg); | 2884 | free(msg); |
| 2889 | free(lang); | 2885 | free(lang); |
| 2890 | } | 2886 | } |
| @@ -2934,7 +2930,7 @@ index 8acffc5..21a269d 100644 | |||
| 2934 | 2930 | ||
| 2935 | int | 2931 | int |
| 2936 | diff --git a/sshd.c b/sshd.c | 2932 | diff --git a/sshd.c b/sshd.c |
| 2937 | index 25380c9..fe65132 100644 | 2933 | index 7523de9..d787fea 100644 |
| 2938 | --- a/sshd.c | 2934 | --- a/sshd.c |
| 2939 | +++ b/sshd.c | 2935 | +++ b/sshd.c |
| 2940 | @@ -122,6 +122,10 @@ | 2936 | @@ -122,6 +122,10 @@ |
| @@ -2948,7 +2944,7 @@ index 25380c9..fe65132 100644 | |||
| 2948 | #ifdef LIBWRAP | 2944 | #ifdef LIBWRAP |
| 2949 | #include <tcpd.h> | 2945 | #include <tcpd.h> |
| 2950 | #include <syslog.h> | 2946 | #include <syslog.h> |
| 2951 | @@ -1721,10 +1725,13 @@ main(int ac, char **av) | 2947 | @@ -1728,10 +1732,13 @@ main(int ac, char **av) |
| 2952 | logit("Disabling protocol version 1. Could not load host key"); | 2948 | logit("Disabling protocol version 1. Could not load host key"); |
| 2953 | options.protocol &= ~SSH_PROTO_1; | 2949 | options.protocol &= ~SSH_PROTO_1; |
| 2954 | } | 2950 | } |
| @@ -2962,7 +2958,7 @@ index 25380c9..fe65132 100644 | |||
| 2962 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { | 2958 | if (!(options.protocol & (SSH_PROTO_1|SSH_PROTO_2))) { |
| 2963 | logit("sshd: no hostkeys available -- exiting."); | 2959 | logit("sshd: no hostkeys available -- exiting."); |
| 2964 | exit(1); | 2960 | exit(1); |
| 2965 | @@ -2051,6 +2058,60 @@ main(int ac, char **av) | 2961 | @@ -2058,6 +2065,60 @@ main(int ac, char **av) |
| 2966 | remote_ip, remote_port, | 2962 | remote_ip, remote_port, |
| 2967 | get_local_ipaddr(sock_in), get_local_port()); | 2963 | get_local_ipaddr(sock_in), get_local_port()); |
| 2968 | 2964 | ||
| @@ -3023,7 +3019,7 @@ index 25380c9..fe65132 100644 | |||
| 3023 | /* | 3019 | /* |
| 3024 | * We don't want to listen forever unless the other side | 3020 | * We don't want to listen forever unless the other side |
| 3025 | * successfully authenticates itself. So we set up an alarm which is | 3021 | * successfully authenticates itself. So we set up an alarm which is |
| 3026 | @@ -2456,6 +2517,48 @@ do_ssh2_kex(void) | 3022 | @@ -2469,6 +2530,48 @@ do_ssh2_kex(void) |
| 3027 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( | 3023 | myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS] = compat_pkalg_proposal( |
| 3028 | list_hostkey_types()); | 3024 | list_hostkey_types()); |
| 3029 | 3025 | ||
| @@ -3072,7 +3068,7 @@ index 25380c9..fe65132 100644 | |||
| 3072 | /* start key exchange */ | 3068 | /* start key exchange */ |
| 3073 | kex = kex_setup(myproposal); | 3069 | kex = kex_setup(myproposal); |
| 3074 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; | 3070 | kex->kex[KEX_DH_GRP1_SHA1] = kexdh_server; |
| 3075 | @@ -2464,6 +2567,13 @@ do_ssh2_kex(void) | 3071 | @@ -2477,6 +2580,13 @@ do_ssh2_kex(void) |
| 3076 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; | 3072 | kex->kex[KEX_DH_GEX_SHA256] = kexgex_server; |
| 3077 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; | 3073 | kex->kex[KEX_ECDH_SHA2] = kexecdh_server; |
| 3078 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; | 3074 | kex->kex[KEX_C25519_SHA256] = kexc25519_server; |
| @@ -3100,7 +3096,7 @@ index e9045bc..d9b8594 100644 | |||
| 3100 | # Set this to 'yes' to enable PAM authentication, account processing, | 3096 | # Set this to 'yes' to enable PAM authentication, account processing, |
| 3101 | # and session processing. If this is enabled, PAM authentication will | 3097 | # and session processing. If this is enabled, PAM authentication will |
| 3102 | diff --git a/sshd_config.5 b/sshd_config.5 | 3098 | diff --git a/sshd_config.5 b/sshd_config.5 |
| 3103 | index 3b21ea6..9aa9eba 100644 | 3099 | index ce71efe..ceed88a 100644 |
| 3104 | --- a/sshd_config.5 | 3100 | --- a/sshd_config.5 |
| 3105 | +++ b/sshd_config.5 | 3101 | +++ b/sshd_config.5 |
| 3106 | @@ -493,12 +493,40 @@ Specifies whether user authentication based on GSSAPI is allowed. | 3102 | @@ -493,12 +493,40 @@ Specifies whether user authentication based on GSSAPI is allowed. |
diff --git a/debian/patches/helpful-wait-terminate.patch b/debian/patches/helpful-wait-terminate.patch index 6f28f7db5..e79f4990f 100644 --- a/debian/patches/helpful-wait-terminate.patch +++ b/debian/patches/helpful-wait-terminate.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 29a3d408fe0b8e91aed47ec4ad26d0c0a16e8f65 Mon Sep 17 00:00:00 2001 | 1 | From ef912859a4300360164292abe47b5516c8ee4a13 Mon Sep 17 00:00:00 2001 |
| 2 | From: Matthew Vernon <matthew@debian.org> | 2 | From: Matthew Vernon <matthew@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:09:56 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:56 +0000 |
| 4 | Subject: Mention ~& when waiting for forwarded connections to terminate | 4 | Subject: Mention ~& when waiting for forwarded connections to terminate |
| @@ -12,7 +12,7 @@ Patch-Name: helpful-wait-terminate.patch | |||
| 12 | 1 file changed, 1 insertion(+), 1 deletion(-) | 12 | 1 file changed, 1 insertion(+), 1 deletion(-) |
| 13 | 13 | ||
| 14 | diff --git a/serverloop.c b/serverloop.c | 14 | diff --git a/serverloop.c b/serverloop.c |
| 15 | index 5b2f802..d3079d2 100644 | 15 | index 2f8e3a0..441d73b 100644 |
| 16 | --- a/serverloop.c | 16 | --- a/serverloop.c |
| 17 | +++ b/serverloop.c | 17 | +++ b/serverloop.c |
| 18 | @@ -687,7 +687,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) | 18 | @@ -687,7 +687,7 @@ server_loop(pid_t pid, int fdin_arg, int fdout_arg, int fderr_arg) |
diff --git a/debian/patches/keepalive-extensions.patch b/debian/patches/keepalive-extensions.patch index 149821283..680701f3d 100644 --- a/debian/patches/keepalive-extensions.patch +++ b/debian/patches/keepalive-extensions.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 89a797b303eb5ed9edeb122a15b9dedf152cdd02 Mon Sep 17 00:00:00 2001 | 1 | From 81540b7886fdc73c7be304706ea33d6d87b5fc81 Mon Sep 17 00:00:00 2001 |
| 2 | From: Richard Kettlewell <rjk@greenend.org.uk> | 2 | From: Richard Kettlewell <rjk@greenend.org.uk> |
| 3 | Date: Sun, 9 Feb 2014 16:09:52 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:52 +0000 |
| 4 | Subject: Various keepalive extensions | 4 | Subject: Various keepalive extensions |
| @@ -26,10 +26,10 @@ Patch-Name: keepalive-extensions.patch | |||
| 26 | 3 files changed, 34 insertions(+), 4 deletions(-) | 26 | 3 files changed, 34 insertions(+), 4 deletions(-) |
| 27 | 27 | ||
| 28 | diff --git a/readconf.c b/readconf.c | 28 | diff --git a/readconf.c b/readconf.c |
| 29 | index 2a1fe8e..e79e355 100644 | 29 | index bcd8cad..6409937 100644 |
| 30 | --- a/readconf.c | 30 | --- a/readconf.c |
| 31 | +++ b/readconf.c | 31 | +++ b/readconf.c |
| 32 | @@ -150,6 +150,7 @@ typedef enum { | 32 | @@ -151,6 +151,7 @@ typedef enum { |
| 33 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, | 33 | oKexAlgorithms, oIPQoS, oRequestTTY, oIgnoreUnknown, oProxyUseFdpass, |
| 34 | oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, | 34 | oCanonicalDomains, oCanonicalizeHostname, oCanonicalizeMaxDots, |
| 35 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, | 35 | oCanonicalizeFallbackLocal, oCanonicalizePermittedCNAMEs, |
| @@ -37,7 +37,7 @@ index 2a1fe8e..e79e355 100644 | |||
| 37 | oIgnoredUnknownOption, oDeprecated, oUnsupported | 37 | oIgnoredUnknownOption, oDeprecated, oUnsupported |
| 38 | } OpCodes; | 38 | } OpCodes; |
| 39 | 39 | ||
| 40 | @@ -279,6 +280,8 @@ static struct { | 40 | @@ -274,6 +275,8 @@ static struct { |
| 41 | { "canonicalizemaxdots", oCanonicalizeMaxDots }, | 41 | { "canonicalizemaxdots", oCanonicalizeMaxDots }, |
| 42 | { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs }, | 42 | { "canonicalizepermittedcnames", oCanonicalizePermittedCNAMEs }, |
| 43 | { "ignoreunknown", oIgnoreUnknown }, | 43 | { "ignoreunknown", oIgnoreUnknown }, |
| @@ -46,7 +46,7 @@ index 2a1fe8e..e79e355 100644 | |||
| 46 | 46 | ||
| 47 | { NULL, oBadOption } | 47 | { NULL, oBadOption } |
| 48 | }; | 48 | }; |
| 49 | @@ -1245,6 +1248,8 @@ parse_int: | 49 | @@ -1247,6 +1250,8 @@ parse_int: |
| 50 | goto parse_flag; | 50 | goto parse_flag; |
| 51 | 51 | ||
| 52 | case oServerAliveInterval: | 52 | case oServerAliveInterval: |
| @@ -55,7 +55,7 @@ index 2a1fe8e..e79e355 100644 | |||
| 55 | intptr = &options->server_alive_interval; | 55 | intptr = &options->server_alive_interval; |
| 56 | goto parse_time; | 56 | goto parse_time; |
| 57 | 57 | ||
| 58 | @@ -1724,8 +1729,13 @@ fill_default_options(Options * options) | 58 | @@ -1746,8 +1751,13 @@ fill_default_options(Options * options) |
| 59 | options->rekey_interval = 0; | 59 | options->rekey_interval = 0; |
| 60 | if (options->verify_host_key_dns == -1) | 60 | if (options->verify_host_key_dns == -1) |
| 61 | options->verify_host_key_dns = 0; | 61 | options->verify_host_key_dns = 0; |
| @@ -72,7 +72,7 @@ index 2a1fe8e..e79e355 100644 | |||
| 72 | options->server_alive_count_max = 3; | 72 | options->server_alive_count_max = 3; |
| 73 | if (options->control_master == -1) | 73 | if (options->control_master == -1) |
| 74 | diff --git a/ssh_config.5 b/ssh_config.5 | 74 | diff --git a/ssh_config.5 b/ssh_config.5 |
| 75 | index 617a312..b3c5dc6 100644 | 75 | index 473971e..3172fd4 100644 |
| 76 | --- a/ssh_config.5 | 76 | --- a/ssh_config.5 |
| 77 | +++ b/ssh_config.5 | 77 | +++ b/ssh_config.5 |
| 78 | @@ -205,8 +205,12 @@ Valid arguments are | 78 | @@ -205,8 +205,12 @@ Valid arguments are |
| @@ -89,7 +89,7 @@ index 617a312..b3c5dc6 100644 | |||
| 89 | The argument must be | 89 | The argument must be |
| 90 | .Dq yes | 90 | .Dq yes |
| 91 | or | 91 | or |
| 92 | @@ -1299,8 +1303,15 @@ from the server, | 92 | @@ -1305,8 +1309,15 @@ from the server, |
| 93 | will send a message through the encrypted | 93 | will send a message through the encrypted |
| 94 | channel to request a response from the server. | 94 | channel to request a response from the server. |
| 95 | The default | 95 | The default |
| @@ -106,7 +106,7 @@ index 617a312..b3c5dc6 100644 | |||
| 106 | .It Cm StrictHostKeyChecking | 106 | .It Cm StrictHostKeyChecking |
| 107 | If this flag is set to | 107 | If this flag is set to |
| 108 | .Dq yes , | 108 | .Dq yes , |
| 109 | @@ -1339,6 +1350,12 @@ Specifies whether the system should send TCP keepalive messages to the | 109 | @@ -1345,6 +1356,12 @@ Specifies whether the system should send TCP keepalive messages to the |
| 110 | other side. | 110 | other side. |
| 111 | If they are sent, death of the connection or crash of one | 111 | If they are sent, death of the connection or crash of one |
| 112 | of the machines will be properly noticed. | 112 | of the machines will be properly noticed. |
| @@ -120,10 +120,10 @@ index 617a312..b3c5dc6 100644 | |||
| 120 | connections will die if the route is down temporarily, and some people | 120 | connections will die if the route is down temporarily, and some people |
| 121 | find it annoying. | 121 | find it annoying. |
| 122 | diff --git a/sshd_config.5 b/sshd_config.5 | 122 | diff --git a/sshd_config.5 b/sshd_config.5 |
| 123 | index 9aa9eba..39643de 100644 | 123 | index ceed88a..2164d58 100644 |
| 124 | --- a/sshd_config.5 | 124 | --- a/sshd_config.5 |
| 125 | +++ b/sshd_config.5 | 125 | +++ b/sshd_config.5 |
| 126 | @@ -1168,6 +1168,9 @@ This avoids infinitely hanging sessions. | 126 | @@ -1183,6 +1183,9 @@ This avoids infinitely hanging sessions. |
| 127 | .Pp | 127 | .Pp |
| 128 | To disable TCP keepalive messages, the value should be set to | 128 | To disable TCP keepalive messages, the value should be set to |
| 129 | .Dq no . | 129 | .Dq no . |
diff --git a/debian/patches/lintian-symlink-pickiness.patch b/debian/patches/lintian-symlink-pickiness.patch index 97f9b0759..09e09ecf8 100644 --- a/debian/patches/lintian-symlink-pickiness.patch +++ b/debian/patches/lintian-symlink-pickiness.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From b25d3b37e89fb73b5fa86d19bc22f67f64dd0ad9 Mon Sep 17 00:00:00 2001 | 1 | From eb567100ef178f4395c95cc1f37b921e02c3dd5b Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:10:08 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:08 +0000 |
| 4 | Subject: Fix picky lintian errors about slogin symlinks | 4 | Subject: Fix picky lintian errors about slogin symlinks |
| @@ -15,7 +15,7 @@ Patch-Name: lintian-symlink-pickiness.patch | |||
| 15 | 1 file changed, 2 insertions(+), 2 deletions(-) | 15 | 1 file changed, 2 insertions(+), 2 deletions(-) |
| 16 | 16 | ||
| 17 | diff --git a/Makefile.in b/Makefile.in | 17 | diff --git a/Makefile.in b/Makefile.in |
| 18 | index 5cf8100..b7de26f 100644 | 18 | index feee0b2..7d192bb 100644 |
| 19 | --- a/Makefile.in | 19 | --- a/Makefile.in |
| 20 | +++ b/Makefile.in | 20 | +++ b/Makefile.in |
| 21 | @@ -293,9 +293,9 @@ install-files: | 21 | @@ -293,9 +293,9 @@ install-files: |
diff --git a/debian/patches/mention-ssh-keygen-on-keychange.patch b/debian/patches/mention-ssh-keygen-on-keychange.patch index ab0505834..e00b6c345 100644 --- a/debian/patches/mention-ssh-keygen-on-keychange.patch +++ b/debian/patches/mention-ssh-keygen-on-keychange.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 1ad5769e5d1d878125c48c6bb4a8bea7225940fc Mon Sep 17 00:00:00 2001 | 1 | From 8ab8f1465980856291f215c7b7184a4456398fb4 Mon Sep 17 00:00:00 2001 |
| 2 | From: Scott Moser <smoser@ubuntu.com> | 2 | From: Scott Moser <smoser@ubuntu.com> |
| 3 | Date: Sun, 9 Feb 2014 16:10:03 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:03 +0000 |
| 4 | Subject: Mention ssh-keygen in ssh fingerprint changed warning | 4 | Subject: Mention ssh-keygen in ssh fingerprint changed warning |
| @@ -13,10 +13,10 @@ Patch-Name: mention-ssh-keygen-on-keychange.patch | |||
| 13 | 1 file changed, 6 insertions(+), 1 deletion(-) | 13 | 1 file changed, 6 insertions(+), 1 deletion(-) |
| 14 | 14 | ||
| 15 | diff --git a/sshconnect.c b/sshconnect.c | 15 | diff --git a/sshconnect.c b/sshconnect.c |
| 16 | index ef4d9e0..4ff5c73 100644 | 16 | index 9e02837..e0a5db9 100644 |
| 17 | --- a/sshconnect.c | 17 | --- a/sshconnect.c |
| 18 | +++ b/sshconnect.c | 18 | +++ b/sshconnect.c |
| 19 | @@ -1062,9 +1062,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | 19 | @@ -1065,9 +1065,12 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, |
| 20 | error("%s. This could either mean that", key_msg); | 20 | error("%s. This could either mean that", key_msg); |
| 21 | error("DNS SPOOFING is happening or the IP address for the host"); | 21 | error("DNS SPOOFING is happening or the IP address for the host"); |
| 22 | error("and its host key have changed at the same time."); | 22 | error("and its host key have changed at the same time."); |
| @@ -30,7 +30,7 @@ index ef4d9e0..4ff5c73 100644 | |||
| 30 | } | 30 | } |
| 31 | /* The host key has changed. */ | 31 | /* The host key has changed. */ |
| 32 | warn_changed_key(host_key); | 32 | warn_changed_key(host_key); |
| 33 | @@ -1072,6 +1075,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, | 33 | @@ -1075,6 +1078,8 @@ check_host_key(char *hostname, struct sockaddr *hostaddr, u_short port, |
| 34 | user_hostfiles[0]); | 34 | user_hostfiles[0]); |
| 35 | error("Offending %s key in %s:%lu", key_type(host_found->key), | 35 | error("Offending %s key in %s:%lu", key_type(host_found->key), |
| 36 | host_found->file, host_found->line); | 36 | host_found->file, host_found->line); |
diff --git a/debian/patches/no-openssl-version-check.patch b/debian/patches/no-openssl-version-check.patch index 590259750..56fa46aac 100644 --- a/debian/patches/no-openssl-version-check.patch +++ b/debian/patches/no-openssl-version-check.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 4edb6872515344a0b137fe835ea7f76dcb0325ad Mon Sep 17 00:00:00 2001 | 1 | From 20690ea4b33e8ff81fea287492270df3a7029777 Mon Sep 17 00:00:00 2001 |
| 2 | From: Philip Hands <phil@hands.com> | 2 | From: Philip Hands <phil@hands.com> |
| 3 | Date: Sun, 9 Feb 2014 16:10:14 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:14 +0000 |
| 4 | Subject: Disable OpenSSL version check | 4 | Subject: Disable OpenSSL version check |
diff --git a/debian/patches/openbsd-docs.patch b/debian/patches/openbsd-docs.patch index ea9f290ad..9a34a4182 100644 --- a/debian/patches/openbsd-docs.patch +++ b/debian/patches/openbsd-docs.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From ddca9737b50bd2ec15dc166434e312ae2fbd1196 Mon Sep 17 00:00:00 2001 | 1 | From ec9bfd62211fdf5a3004ef2045c2eb3baccfd375 Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:10:09 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:09 +0000 |
| 4 | Subject: Adjust various OpenBSD-specific references in manual pages | 4 | Subject: Adjust various OpenBSD-specific references in manual pages |
| @@ -44,7 +44,7 @@ index ef0de08..149846c 100644 | |||
| 44 | .Sh SEE ALSO | 44 | .Sh SEE ALSO |
| 45 | .Xr ssh-keygen 1 , | 45 | .Xr ssh-keygen 1 , |
| 46 | diff --git a/ssh-keygen.1 b/ssh-keygen.1 | 46 | diff --git a/ssh-keygen.1 b/ssh-keygen.1 |
| 47 | index 0e0ed98..299ccf8 100644 | 47 | index 12e00d4..a71de74 100644 |
| 48 | --- a/ssh-keygen.1 | 48 | --- a/ssh-keygen.1 |
| 49 | +++ b/ssh-keygen.1 | 49 | +++ b/ssh-keygen.1 |
| 50 | @@ -172,9 +172,7 @@ key in | 50 | @@ -172,9 +172,7 @@ key in |
| @@ -133,7 +133,7 @@ index e6a900b..b016e90 100644 | |||
| 133 | .Xr sshd_config 5 , | 133 | .Xr sshd_config 5 , |
| 134 | .Xr inetd 8 , | 134 | .Xr inetd 8 , |
| 135 | diff --git a/sshd_config.5 b/sshd_config.5 | 135 | diff --git a/sshd_config.5 b/sshd_config.5 |
| 136 | index bdca797..9fa6086 100644 | 136 | index 8f078f6..908e0bb 100644 |
| 137 | --- a/sshd_config.5 | 137 | --- a/sshd_config.5 |
| 138 | +++ b/sshd_config.5 | 138 | +++ b/sshd_config.5 |
| 139 | @@ -283,8 +283,7 @@ This option is only available for protocol version 2. | 139 | @@ -283,8 +283,7 @@ This option is only available for protocol version 2. |
diff --git a/debian/patches/package-versioning.patch b/debian/patches/package-versioning.patch index 67e54ccf3..c9c20d1c0 100644 --- a/debian/patches/package-versioning.patch +++ b/debian/patches/package-versioning.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 07b738d2bf93a5e3c57ab242b666a5f58484c7a3 Mon Sep 17 00:00:00 2001 | 1 | From 6de70b95f5005447ae23532d4f3ee41a9338479f Mon Sep 17 00:00:00 2001 |
| 2 | From: Matthew Vernon <matthew@debian.org> | 2 | From: Matthew Vernon <matthew@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:10:05 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:05 +0000 |
| 4 | Subject: Include the Debian version in our identification | 4 | Subject: Include the Debian version in our identification |
| @@ -19,10 +19,10 @@ Patch-Name: package-versioning.patch | |||
| 19 | 3 files changed, 9 insertions(+), 4 deletions(-) | 19 | 3 files changed, 9 insertions(+), 4 deletions(-) |
| 20 | 20 | ||
| 21 | diff --git a/sshconnect.c b/sshconnect.c | 21 | diff --git a/sshconnect.c b/sshconnect.c |
| 22 | index 4ff5c73..a2fbf9e 100644 | 22 | index e0a5db9..87c3770 100644 |
| 23 | --- a/sshconnect.c | 23 | --- a/sshconnect.c |
| 24 | +++ b/sshconnect.c | 24 | +++ b/sshconnect.c |
| 25 | @@ -517,10 +517,10 @@ send_client_banner(int connection_out, int minor1) | 25 | @@ -520,10 +520,10 @@ send_client_banner(int connection_out, int minor1) |
| 26 | /* Send our own protocol version identification. */ | 26 | /* Send our own protocol version identification. */ |
| 27 | if (compat20) { | 27 | if (compat20) { |
| 28 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", | 28 | xasprintf(&client_version_string, "SSH-%d.%d-%.100s\r\n", |
| @@ -36,7 +36,7 @@ index 4ff5c73..a2fbf9e 100644 | |||
| 36 | if (roaming_atomicio(vwrite, connection_out, client_version_string, | 36 | if (roaming_atomicio(vwrite, connection_out, client_version_string, |
| 37 | strlen(client_version_string)) != strlen(client_version_string)) | 37 | strlen(client_version_string)) != strlen(client_version_string)) |
| 38 | diff --git a/sshd.c b/sshd.c | 38 | diff --git a/sshd.c b/sshd.c |
| 39 | index 0a30101..82168a1 100644 | 39 | index e343d90..af9b8f1 100644 |
| 40 | --- a/sshd.c | 40 | --- a/sshd.c |
| 41 | +++ b/sshd.c | 41 | +++ b/sshd.c |
| 42 | @@ -440,7 +440,7 @@ sshd_exchange_identification(int sock_in, int sock_out) | 42 | @@ -440,7 +440,7 @@ sshd_exchange_identification(int sock_in, int sock_out) |
| @@ -49,11 +49,11 @@ index 0a30101..82168a1 100644 | |||
| 49 | options.version_addendum, newline); | 49 | options.version_addendum, newline); |
| 50 | 50 | ||
| 51 | diff --git a/version.h b/version.h | 51 | diff --git a/version.h b/version.h |
| 52 | index 83d70c6..0c6ea0f 100644 | 52 | index a1579ac..a97c337 100644 |
| 53 | --- a/version.h | 53 | --- a/version.h |
| 54 | +++ b/version.h | 54 | +++ b/version.h |
| 55 | @@ -3,4 +3,9 @@ | 55 | @@ -3,4 +3,9 @@ |
| 56 | #define SSH_VERSION "OpenSSH_6.5" | 56 | #define SSH_VERSION "OpenSSH_6.6" |
| 57 | 57 | ||
| 58 | #define SSH_PORTABLE "p1" | 58 | #define SSH_PORTABLE "p1" |
| 59 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE | 59 | -#define SSH_RELEASE SSH_VERSION SSH_PORTABLE |
diff --git a/debian/patches/quieter-signals.patch b/debian/patches/quieter-signals.patch index 168b05a34..075b59823 100644 --- a/debian/patches/quieter-signals.patch +++ b/debian/patches/quieter-signals.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 4ba49a8d770618307867a73769ebba62bf553961 Mon Sep 17 00:00:00 2001 | 1 | From 9875e47079abff55f8d2c1e958e9d50de6eae7ec Mon Sep 17 00:00:00 2001 |
| 2 | From: Peter Samuelson <peter@p12n.org> | 2 | From: Peter Samuelson <peter@p12n.org> |
| 3 | Date: Sun, 9 Feb 2014 16:09:55 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:55 +0000 |
| 4 | Subject: Reduce severity of "Killed by signal %d" | 4 | Subject: Reduce severity of "Killed by signal %d" |
| @@ -22,7 +22,7 @@ Patch-Name: quieter-signals.patch | |||
| 22 | 1 file changed, 4 insertions(+), 2 deletions(-) | 22 | 1 file changed, 4 insertions(+), 2 deletions(-) |
| 23 | 23 | ||
| 24 | diff --git a/clientloop.c b/clientloop.c | 24 | diff --git a/clientloop.c b/clientloop.c |
| 25 | index cd1739f..30097cd 100644 | 25 | index 73a800c..4bc5b57 100644 |
| 26 | --- a/clientloop.c | 26 | --- a/clientloop.c |
| 27 | +++ b/clientloop.c | 27 | +++ b/clientloop.c |
| 28 | @@ -1717,8 +1717,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) | 28 | @@ -1717,8 +1717,10 @@ client_loop(int have_pty, int escape_char_arg, int ssh2_chan_id) |
diff --git a/debian/patches/scp-quoting.patch b/debian/patches/scp-quoting.patch index d4755c6b3..ff037a43a 100644 --- a/debian/patches/scp-quoting.patch +++ b/debian/patches/scp-quoting.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 882d0c4c4403674eebd4ec525fe368ecc2100bfc Mon Sep 17 00:00:00 2001 | 1 | From 8ab204ee192e655d5a8f4d599adb3d99eeabedc6 Mon Sep 17 00:00:00 2001 |
| 2 | From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com> | 2 | From: =?UTF-8?q?Nicolas=20Valc=C3=A1rcel?= <nvalcarcel@ubuntu.com> |
| 3 | Date: Sun, 9 Feb 2014 16:09:59 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:59 +0000 |
| 4 | Subject: Adjust scp quoting in verbose mode | 4 | Subject: Adjust scp quoting in verbose mode |
diff --git a/debian/patches/selinux-role.patch b/debian/patches/selinux-role.patch index 1f924dfad..e0ca12fb0 100644 --- a/debian/patches/selinux-role.patch +++ b/debian/patches/selinux-role.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 7afb9ad9307191397a3ccf3d7cc90dfe474b09e8 Mon Sep 17 00:00:00 2001 | 1 | From ae32d626ed3d15cfd7f432358b63c005961921df Mon Sep 17 00:00:00 2001 |
| 2 | From: Manoj Srivastava <srivasta@debian.org> | 2 | From: Manoj Srivastava <srivasta@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:09:49 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:49 +0000 |
| 4 | Subject: Handle SELinux authorisation roles | 4 | Subject: Handle SELinux authorisation roles |
| @@ -32,7 +32,7 @@ Patch-Name: selinux-role.patch | |||
| 32 | 16 files changed, 104 insertions(+), 31 deletions(-) | 32 | 16 files changed, 104 insertions(+), 31 deletions(-) |
| 33 | 33 | ||
| 34 | diff --git a/auth.h b/auth.h | 34 | diff --git a/auth.h b/auth.h |
| 35 | index 80f0898..5b6824f 100644 | 35 | index 124e597..79e4ea5 100644 |
| 36 | --- a/auth.h | 36 | --- a/auth.h |
| 37 | +++ b/auth.h | 37 | +++ b/auth.h |
| 38 | @@ -59,6 +59,7 @@ struct Authctxt { | 38 | @@ -59,6 +59,7 @@ struct Authctxt { |
| @@ -42,9 +42,9 @@ index 80f0898..5b6824f 100644 | |||
| 42 | + char *role; | 42 | + char *role; |
| 43 | void *kbdintctxt; | 43 | void *kbdintctxt; |
| 44 | char *info; /* Extra info for next auth_log */ | 44 | char *info; /* Extra info for next auth_log */ |
| 45 | void *jpake_ctx; | 45 | #ifdef BSD_AUTH |
| 46 | diff --git a/auth1.c b/auth1.c | 46 | diff --git a/auth1.c b/auth1.c |
| 47 | index f1ac598..2803a3c 100644 | 47 | index 0f870b3..c707390 100644 |
| 48 | --- a/auth1.c | 48 | --- a/auth1.c |
| 49 | +++ b/auth1.c | 49 | +++ b/auth1.c |
| 50 | @@ -380,7 +380,7 @@ void | 50 | @@ -380,7 +380,7 @@ void |
| @@ -75,10 +75,10 @@ index f1ac598..2803a3c 100644 | |||
| 75 | /* Verify that the user is a valid user. */ | 75 | /* Verify that the user is a valid user. */ |
| 76 | if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) | 76 | if ((authctxt->pw = PRIVSEP(getpwnamallow(user))) != NULL) |
| 77 | diff --git a/auth2.c b/auth2.c | 77 | diff --git a/auth2.c b/auth2.c |
| 78 | index 6ed8f04..b55bbcd 100644 | 78 | index fbe3e1b..70f2925 100644 |
| 79 | --- a/auth2.c | 79 | --- a/auth2.c |
| 80 | +++ b/auth2.c | 80 | +++ b/auth2.c |
| 81 | @@ -222,7 +222,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | 81 | @@ -216,7 +216,7 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) |
| 82 | { | 82 | { |
| 83 | Authctxt *authctxt = ctxt; | 83 | Authctxt *authctxt = ctxt; |
| 84 | Authmethod *m = NULL; | 84 | Authmethod *m = NULL; |
| @@ -87,7 +87,7 @@ index 6ed8f04..b55bbcd 100644 | |||
| 87 | int authenticated = 0; | 87 | int authenticated = 0; |
| 88 | 88 | ||
| 89 | if (authctxt == NULL) | 89 | if (authctxt == NULL) |
| 90 | @@ -234,8 +234,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | 90 | @@ -228,8 +228,13 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) |
| 91 | debug("userauth-request for user %s service %s method %s", user, service, method); | 91 | debug("userauth-request for user %s service %s method %s", user, service, method); |
| 92 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); | 92 | debug("attempt %d failures %d", authctxt->attempt, authctxt->failures); |
| 93 | 93 | ||
| @@ -101,7 +101,7 @@ index 6ed8f04..b55bbcd 100644 | |||
| 101 | 101 | ||
| 102 | if (authctxt->attempt++ == 0) { | 102 | if (authctxt->attempt++ == 0) { |
| 103 | /* setup auth context */ | 103 | /* setup auth context */ |
| 104 | @@ -259,8 +264,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) | 104 | @@ -253,8 +258,9 @@ input_userauth_request(int type, u_int32_t seq, void *ctxt) |
| 105 | use_privsep ? " [net]" : ""); | 105 | use_privsep ? " [net]" : ""); |
| 106 | authctxt->service = xstrdup(service); | 106 | authctxt->service = xstrdup(service); |
| 107 | authctxt->style = style ? xstrdup(style) : NULL; | 107 | authctxt->style = style ? xstrdup(style) : NULL; |
| @@ -113,10 +113,10 @@ index 6ed8f04..b55bbcd 100644 | |||
| 113 | if (auth2_setup_methods_lists(authctxt) != 0) | 113 | if (auth2_setup_methods_lists(authctxt) != 0) |
| 114 | packet_disconnect("no authentication methods enabled"); | 114 | packet_disconnect("no authentication methods enabled"); |
| 115 | diff --git a/monitor.c b/monitor.c | 115 | diff --git a/monitor.c b/monitor.c |
| 116 | index a777c4c..88f472e 100644 | 116 | index 2918814..11eac63 100644 |
| 117 | --- a/monitor.c | 117 | --- a/monitor.c |
| 118 | +++ b/monitor.c | 118 | +++ b/monitor.c |
| 119 | @@ -146,6 +146,7 @@ int mm_answer_sign(int, Buffer *); | 119 | @@ -145,6 +145,7 @@ int mm_answer_sign(int, Buffer *); |
| 120 | int mm_answer_pwnamallow(int, Buffer *); | 120 | int mm_answer_pwnamallow(int, Buffer *); |
| 121 | int mm_answer_auth2_read_banner(int, Buffer *); | 121 | int mm_answer_auth2_read_banner(int, Buffer *); |
| 122 | int mm_answer_authserv(int, Buffer *); | 122 | int mm_answer_authserv(int, Buffer *); |
| @@ -124,7 +124,7 @@ index a777c4c..88f472e 100644 | |||
| 124 | int mm_answer_authpassword(int, Buffer *); | 124 | int mm_answer_authpassword(int, Buffer *); |
| 125 | int mm_answer_bsdauthquery(int, Buffer *); | 125 | int mm_answer_bsdauthquery(int, Buffer *); |
| 126 | int mm_answer_bsdauthrespond(int, Buffer *); | 126 | int mm_answer_bsdauthrespond(int, Buffer *); |
| 127 | @@ -227,6 +228,7 @@ struct mon_table mon_dispatch_proto20[] = { | 127 | @@ -221,6 +222,7 @@ struct mon_table mon_dispatch_proto20[] = { |
| 128 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, | 128 | {MONITOR_REQ_SIGN, MON_ONCE, mm_answer_sign}, |
| 129 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, | 129 | {MONITOR_REQ_PWNAM, MON_ONCE, mm_answer_pwnamallow}, |
| 130 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, | 130 | {MONITOR_REQ_AUTHSERV, MON_ONCE, mm_answer_authserv}, |
| @@ -132,7 +132,7 @@ index a777c4c..88f472e 100644 | |||
| 132 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, | 132 | {MONITOR_REQ_AUTH2_READ_BANNER, MON_ONCE, mm_answer_auth2_read_banner}, |
| 133 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, | 133 | {MONITOR_REQ_AUTHPASSWORD, MON_AUTH, mm_answer_authpassword}, |
| 134 | #ifdef USE_PAM | 134 | #ifdef USE_PAM |
| 135 | @@ -844,6 +846,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) | 135 | @@ -822,6 +824,7 @@ mm_answer_pwnamallow(int sock, Buffer *m) |
| 136 | else { | 136 | else { |
| 137 | /* Allow service/style information on the auth context */ | 137 | /* Allow service/style information on the auth context */ |
| 138 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); | 138 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTHSERV, 1); |
| @@ -140,7 +140,7 @@ index a777c4c..88f472e 100644 | |||
| 140 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); | 140 | monitor_permit(mon_dispatch, MONITOR_REQ_AUTH2_READ_BANNER, 1); |
| 141 | } | 141 | } |
| 142 | #ifdef USE_PAM | 142 | #ifdef USE_PAM |
| 143 | @@ -874,14 +877,37 @@ mm_answer_authserv(int sock, Buffer *m) | 143 | @@ -852,14 +855,37 @@ mm_answer_authserv(int sock, Buffer *m) |
| 144 | 144 | ||
| 145 | authctxt->service = buffer_get_string(m, NULL); | 145 | authctxt->service = buffer_get_string(m, NULL); |
| 146 | authctxt->style = buffer_get_string(m, NULL); | 146 | authctxt->style = buffer_get_string(m, NULL); |
| @@ -180,7 +180,7 @@ index a777c4c..88f472e 100644 | |||
| 180 | return (0); | 180 | return (0); |
| 181 | } | 181 | } |
| 182 | 182 | ||
| 183 | @@ -1486,7 +1512,7 @@ mm_answer_pty(int sock, Buffer *m) | 183 | @@ -1464,7 +1490,7 @@ mm_answer_pty(int sock, Buffer *m) |
| 184 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); | 184 | res = pty_allocate(&s->ptyfd, &s->ttyfd, s->tty, sizeof(s->tty)); |
| 185 | if (res == 0) | 185 | if (res == 0) |
| 186 | goto error; | 186 | goto error; |
| @@ -190,10 +190,10 @@ index a777c4c..88f472e 100644 | |||
| 190 | buffer_put_int(m, 1); | 190 | buffer_put_int(m, 1); |
| 191 | buffer_put_cstring(m, s->tty); | 191 | buffer_put_cstring(m, s->tty); |
| 192 | diff --git a/monitor.h b/monitor.h | 192 | diff --git a/monitor.h b/monitor.h |
| 193 | index 315ef99..3c13706 100644 | 193 | index 7f32b0c..4d5e8fa 100644 |
| 194 | --- a/monitor.h | 194 | --- a/monitor.h |
| 195 | +++ b/monitor.h | 195 | +++ b/monitor.h |
| 196 | @@ -73,6 +73,8 @@ enum monitor_reqtype { | 196 | @@ -68,6 +68,8 @@ enum monitor_reqtype { |
| 197 | MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151, | 197 | MONITOR_REQ_GSSSIGN = 150, MONITOR_ANS_GSSSIGN = 151, |
| 198 | MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153, | 198 | MONITOR_REQ_GSSUPCREDS = 152, MONITOR_ANS_GSSUPCREDS = 153, |
| 199 | 199 | ||
| @@ -203,10 +203,10 @@ index 315ef99..3c13706 100644 | |||
| 203 | 203 | ||
| 204 | struct mm_master; | 204 | struct mm_master; |
| 205 | diff --git a/monitor_wrap.c b/monitor_wrap.c | 205 | diff --git a/monitor_wrap.c b/monitor_wrap.c |
| 206 | index 44019f3..69bc324 100644 | 206 | index 60b987d..f75dc9d 100644 |
| 207 | --- a/monitor_wrap.c | 207 | --- a/monitor_wrap.c |
| 208 | +++ b/monitor_wrap.c | 208 | +++ b/monitor_wrap.c |
| 209 | @@ -320,10 +320,10 @@ mm_auth2_read_banner(void) | 209 | @@ -318,10 +318,10 @@ mm_auth2_read_banner(void) |
| 210 | return (banner); | 210 | return (banner); |
| 211 | } | 211 | } |
| 212 | 212 | ||
| @@ -219,7 +219,7 @@ index 44019f3..69bc324 100644 | |||
| 219 | { | 219 | { |
| 220 | Buffer m; | 220 | Buffer m; |
| 221 | 221 | ||
| 222 | @@ -332,12 +332,30 @@ mm_inform_authserv(char *service, char *style) | 222 | @@ -330,12 +330,30 @@ mm_inform_authserv(char *service, char *style) |
| 223 | buffer_init(&m); | 223 | buffer_init(&m); |
| 224 | buffer_put_cstring(&m, service); | 224 | buffer_put_cstring(&m, service); |
| 225 | buffer_put_cstring(&m, style ? style : ""); | 225 | buffer_put_cstring(&m, style ? style : ""); |
| @@ -251,7 +251,7 @@ index 44019f3..69bc324 100644 | |||
| 251 | int | 251 | int |
| 252 | mm_auth_password(Authctxt *authctxt, char *password) | 252 | mm_auth_password(Authctxt *authctxt, char *password) |
| 253 | diff --git a/monitor_wrap.h b/monitor_wrap.h | 253 | diff --git a/monitor_wrap.h b/monitor_wrap.h |
| 254 | index ec9b9b1..4d12e29 100644 | 254 | index a4e9d24..9c2ee49 100644 |
| 255 | --- a/monitor_wrap.h | 255 | --- a/monitor_wrap.h |
| 256 | +++ b/monitor_wrap.h | 256 | +++ b/monitor_wrap.h |
| 257 | @@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *); | 257 | @@ -41,7 +41,8 @@ void mm_log_handler(LogLevel, const char *, void *); |
| @@ -396,10 +396,10 @@ index 1c7a45d..436ae7c 100644 | |||
| 396 | char *platform_krb5_get_principal_name(const char *); | 396 | char *platform_krb5_get_principal_name(const char *); |
| 397 | int platform_sys_dir_uid(uid_t); | 397 | int platform_sys_dir_uid(uid_t); |
| 398 | diff --git a/session.c b/session.c | 398 | diff --git a/session.c b/session.c |
| 399 | index 12dd9ab..5ddd82a 100644 | 399 | index 2bcf818..6848df4 100644 |
| 400 | --- a/session.c | 400 | --- a/session.c |
| 401 | +++ b/session.c | 401 | +++ b/session.c |
| 402 | @@ -1497,7 +1497,7 @@ safely_chroot(const char *path, uid_t uid) | 402 | @@ -1502,7 +1502,7 @@ safely_chroot(const char *path, uid_t uid) |
| 403 | 403 | ||
| 404 | /* Set login name, uid, gid, and groups. */ | 404 | /* Set login name, uid, gid, and groups. */ |
| 405 | void | 405 | void |
| @@ -408,7 +408,7 @@ index 12dd9ab..5ddd82a 100644 | |||
| 408 | { | 408 | { |
| 409 | char *chroot_path, *tmp; | 409 | char *chroot_path, *tmp; |
| 410 | 410 | ||
| 411 | @@ -1525,7 +1525,7 @@ do_setusercontext(struct passwd *pw) | 411 | @@ -1530,7 +1530,7 @@ do_setusercontext(struct passwd *pw) |
| 412 | endgrent(); | 412 | endgrent(); |
| 413 | #endif | 413 | #endif |
| 414 | 414 | ||
| @@ -417,7 +417,7 @@ index 12dd9ab..5ddd82a 100644 | |||
| 417 | 417 | ||
| 418 | if (options.chroot_directory != NULL && | 418 | if (options.chroot_directory != NULL && |
| 419 | strcasecmp(options.chroot_directory, "none") != 0) { | 419 | strcasecmp(options.chroot_directory, "none") != 0) { |
| 420 | @@ -1674,7 +1674,7 @@ do_child(Session *s, const char *command) | 420 | @@ -1679,7 +1679,7 @@ do_child(Session *s, const char *command) |
| 421 | 421 | ||
| 422 | /* Force a password change */ | 422 | /* Force a password change */ |
| 423 | if (s->authctxt->force_pwchange) { | 423 | if (s->authctxt->force_pwchange) { |
| @@ -426,7 +426,7 @@ index 12dd9ab..5ddd82a 100644 | |||
| 426 | child_close_fds(); | 426 | child_close_fds(); |
| 427 | do_pwchange(s); | 427 | do_pwchange(s); |
| 428 | exit(1); | 428 | exit(1); |
| 429 | @@ -1701,7 +1701,7 @@ do_child(Session *s, const char *command) | 429 | @@ -1706,7 +1706,7 @@ do_child(Session *s, const char *command) |
| 430 | /* When PAM is enabled we rely on it to do the nologin check */ | 430 | /* When PAM is enabled we rely on it to do the nologin check */ |
| 431 | if (!options.use_pam) | 431 | if (!options.use_pam) |
| 432 | do_nologin(pw); | 432 | do_nologin(pw); |
| @@ -435,7 +435,7 @@ index 12dd9ab..5ddd82a 100644 | |||
| 435 | /* | 435 | /* |
| 436 | * PAM session modules in do_setusercontext may have | 436 | * PAM session modules in do_setusercontext may have |
| 437 | * generated messages, so if this in an interactive | 437 | * generated messages, so if this in an interactive |
| 438 | @@ -2112,7 +2112,7 @@ session_pty_req(Session *s) | 438 | @@ -2117,7 +2117,7 @@ session_pty_req(Session *s) |
| 439 | tty_parse_modes(s->ttyfd, &n_bytes); | 439 | tty_parse_modes(s->ttyfd, &n_bytes); |
| 440 | 440 | ||
| 441 | if (!use_privsep) | 441 | if (!use_privsep) |
| @@ -458,11 +458,11 @@ index 6a2f35e..ef6593c 100644 | |||
| 458 | const char *value); | 458 | const char *value); |
| 459 | 459 | ||
| 460 | diff --git a/sshd.c b/sshd.c | 460 | diff --git a/sshd.c b/sshd.c |
| 461 | index fe65132..0a30101 100644 | 461 | index d787fea..e343d90 100644 |
| 462 | --- a/sshd.c | 462 | --- a/sshd.c |
| 463 | +++ b/sshd.c | 463 | +++ b/sshd.c |
| 464 | @@ -763,7 +763,7 @@ privsep_postauth(Authctxt *authctxt) | 464 | @@ -769,7 +769,7 @@ privsep_postauth(Authctxt *authctxt) |
| 465 | bzero(rnd, sizeof(rnd)); | 465 | explicit_bzero(rnd, sizeof(rnd)); |
| 466 | 466 | ||
| 467 | /* Drop privileges */ | 467 | /* Drop privileges */ |
| 468 | - do_setusercontext(authctxt->pw); | 468 | - do_setusercontext(authctxt->pw); |
diff --git a/debian/patches/series b/debian/patches/series index 5048e254d..5d21e57d1 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
| @@ -26,5 +26,3 @@ no-openssl-version-check.patch | |||
| 26 | gnome-ssh-askpass2-icon.patch | 26 | gnome-ssh-askpass2-icon.patch |
| 27 | sigstop.patch | 27 | sigstop.patch |
| 28 | debian-config.patch | 28 | debian-config.patch |
| 29 | fix-case-sensitive-matching.patch | ||
| 30 | getsockname-error.patch | ||
diff --git a/debian/patches/shell-path.patch b/debian/patches/shell-path.patch index 71d52e0bc..48c16d2a2 100644 --- a/debian/patches/shell-path.patch +++ b/debian/patches/shell-path.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 43dbfc0c515e0adeddb097a9996dea382cc9e582 Mon Sep 17 00:00:00 2001 | 1 | From 6103c29d855e82c098e88ee12f05a6eb41f659ce Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:10:00 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:00 +0000 |
| 4 | Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand | 4 | Subject: Look for $SHELL on the path for ProxyCommand/LocalCommand |
| @@ -16,7 +16,7 @@ Patch-Name: shell-path.patch | |||
| 16 | 1 file changed, 2 insertions(+), 2 deletions(-) | 16 | 1 file changed, 2 insertions(+), 2 deletions(-) |
| 17 | 17 | ||
| 18 | diff --git a/sshconnect.c b/sshconnect.c | 18 | diff --git a/sshconnect.c b/sshconnect.c |
| 19 | index d21781e..ef4d9e0 100644 | 19 | index 573d7a8..9e02837 100644 |
| 20 | --- a/sshconnect.c | 20 | --- a/sshconnect.c |
| 21 | +++ b/sshconnect.c | 21 | +++ b/sshconnect.c |
| 22 | @@ -227,7 +227,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) | 22 | @@ -227,7 +227,7 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command) |
| @@ -28,7 +28,7 @@ index d21781e..ef4d9e0 100644 | |||
| 28 | perror(argv[0]); | 28 | perror(argv[0]); |
| 29 | exit(1); | 29 | exit(1); |
| 30 | } | 30 | } |
| 31 | @@ -1384,7 +1384,7 @@ ssh_local_cmd(const char *args) | 31 | @@ -1387,7 +1387,7 @@ ssh_local_cmd(const char *args) |
| 32 | if (pid == 0) { | 32 | if (pid == 0) { |
| 33 | signal(SIGPIPE, SIG_DFL); | 33 | signal(SIGPIPE, SIG_DFL); |
| 34 | debug3("Executing %s -c \"%s\"", shell, args); | 34 | debug3("Executing %s -c \"%s\"", shell, args); |
diff --git a/debian/patches/sigstop.patch b/debian/patches/sigstop.patch index b34dbcda0..ac9eb4794 100644 --- a/debian/patches/sigstop.patch +++ b/debian/patches/sigstop.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From b0d3fe663d6a54b1348934946bbf8678b7470d14 Mon Sep 17 00:00:00 2001 | 1 | From d9ac4d127f53d92cf3426fba28ff351e5e165ae2 Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:10:17 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:17 +0000 |
| 4 | Subject: Support synchronisation with service supervisor using SIGSTOP | 4 | Subject: Support synchronisation with service supervisor using SIGSTOP |
| @@ -12,10 +12,10 @@ Patch-Name: sigstop.patch | |||
| 12 | 1 file changed, 4 insertions(+) | 12 | 1 file changed, 4 insertions(+) |
| 13 | 13 | ||
| 14 | diff --git a/sshd.c b/sshd.c | 14 | diff --git a/sshd.c b/sshd.c |
| 15 | index c49a877..23e8c2d 100644 | 15 | index 665c0b9..ffe360c 100644 |
| 16 | --- a/sshd.c | 16 | --- a/sshd.c |
| 17 | +++ b/sshd.c | 17 | +++ b/sshd.c |
| 18 | @@ -1924,6 +1924,10 @@ main(int ac, char **av) | 18 | @@ -1931,6 +1931,10 @@ main(int ac, char **av) |
| 19 | } | 19 | } |
| 20 | } | 20 | } |
| 21 | 21 | ||
diff --git a/debian/patches/ssh-agent-setgid.patch b/debian/patches/ssh-agent-setgid.patch index 1eedfe297..af23075b3 100644 --- a/debian/patches/ssh-agent-setgid.patch +++ b/debian/patches/ssh-agent-setgid.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 5708dae528688dd06c784773f0e05f5e3739d0e5 Mon Sep 17 00:00:00 2001 | 1 | From d53483ab71ac2a9195c8f171da5a5dcf54ec16ec Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:10:13 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:13 +0000 |
| 4 | Subject: Document consequences of ssh-agent being setgid in ssh-agent(1) | 4 | Subject: Document consequences of ssh-agent being setgid in ssh-agent(1) |
diff --git a/debian/patches/ssh-argv0.patch b/debian/patches/ssh-argv0.patch index 9afa12a88..d456facea 100644 --- a/debian/patches/ssh-argv0.patch +++ b/debian/patches/ssh-argv0.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From ce4c3e861126520177b929d3d04e57c0dc9cb70d Mon Sep 17 00:00:00 2001 | 1 | From d4ac61d918775f629eff9a389d0f7bb0f8426b48 Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:10:10 +0000 | 3 | Date: Sun, 9 Feb 2014 16:10:10 +0000 |
| 4 | Subject: ssh(1): Refer to ssh-argv0(1) | 4 | Subject: ssh(1): Refer to ssh-argv0(1) |
diff --git a/debian/patches/ssh-vulnkey-compat.patch b/debian/patches/ssh-vulnkey-compat.patch index 9939dda8c..fa738b084 100644 --- a/debian/patches/ssh-vulnkey-compat.patch +++ b/debian/patches/ssh-vulnkey-compat.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 9ae199bbd2484aed4fd61535221a96f1ae478712 Mon Sep 17 00:00:00 2001 | 1 | From d422205e757aaf23e8e0e787f842ef37f6a170a2 Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@ubuntu.com> | 2 | From: Colin Watson <cjwatson@ubuntu.com> |
| 3 | Date: Sun, 9 Feb 2014 16:09:50 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:50 +0000 |
| 4 | Subject: Accept obsolete ssh-vulnkey configuration options | 4 | Subject: Accept obsolete ssh-vulnkey configuration options |
| @@ -17,10 +17,10 @@ Patch-Name: ssh-vulnkey-compat.patch | |||
| 17 | 2 files changed, 2 insertions(+) | 17 | 2 files changed, 2 insertions(+) |
| 18 | 18 | ||
| 19 | diff --git a/readconf.c b/readconf.c | 19 | diff --git a/readconf.c b/readconf.c |
| 20 | index cb8bcb2..2a1fe8e 100644 | 20 | index 7613ff2..bcd8cad 100644 |
| 21 | --- a/readconf.c | 21 | --- a/readconf.c |
| 22 | +++ b/readconf.c | 22 | +++ b/readconf.c |
| 23 | @@ -171,6 +171,7 @@ static struct { | 23 | @@ -172,6 +172,7 @@ static struct { |
| 24 | { "passwordauthentication", oPasswordAuthentication }, | 24 | { "passwordauthentication", oPasswordAuthentication }, |
| 25 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, | 25 | { "kbdinteractiveauthentication", oKbdInteractiveAuthentication }, |
| 26 | { "kbdinteractivedevices", oKbdInteractiveDevices }, | 26 | { "kbdinteractivedevices", oKbdInteractiveDevices }, |
| @@ -29,10 +29,10 @@ index cb8bcb2..2a1fe8e 100644 | |||
| 29 | { "pubkeyauthentication", oPubkeyAuthentication }, | 29 | { "pubkeyauthentication", oPubkeyAuthentication }, |
| 30 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ | 30 | { "dsaauthentication", oPubkeyAuthentication }, /* alias */ |
| 31 | diff --git a/servconf.c b/servconf.c | 31 | diff --git a/servconf.c b/servconf.c |
| 32 | index 29209e4..65f71ad 100644 | 32 | index 0083cf8..90de888 100644 |
| 33 | --- a/servconf.c | 33 | --- a/servconf.c |
| 34 | +++ b/servconf.c | 34 | +++ b/servconf.c |
| 35 | @@ -456,6 +456,7 @@ static struct { | 35 | @@ -448,6 +448,7 @@ static struct { |
| 36 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | 36 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, |
| 37 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | 37 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, |
| 38 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | 38 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, |
diff --git a/debian/patches/ssh1-keepalive.patch b/debian/patches/ssh1-keepalive.patch index 4456498bf..ded7c122a 100644 --- a/debian/patches/ssh1-keepalive.patch +++ b/debian/patches/ssh1-keepalive.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 40a23637b9cb6364c8baeb2c25b1d8115bc740c0 Mon Sep 17 00:00:00 2001 | 1 | From 789d58ed3df120c7b80d07fb2d259c216194a29c Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:09:51 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:51 +0000 |
| 4 | Subject: Partial server keep-alive implementation for SSH1 | 4 | Subject: Partial server keep-alive implementation for SSH1 |
| @@ -13,7 +13,7 @@ Patch-Name: ssh1-keepalive.patch | |||
| 13 | 2 files changed, 19 insertions(+), 11 deletions(-) | 13 | 2 files changed, 19 insertions(+), 11 deletions(-) |
| 14 | 14 | ||
| 15 | diff --git a/clientloop.c b/clientloop.c | 15 | diff --git a/clientloop.c b/clientloop.c |
| 16 | index cc23e35..cd1739f 100644 | 16 | index 6d8cd7d..73a800c 100644 |
| 17 | --- a/clientloop.c | 17 | --- a/clientloop.c |
| 18 | +++ b/clientloop.c | 18 | +++ b/clientloop.c |
| 19 | @@ -563,16 +563,21 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt) | 19 | @@ -563,16 +563,21 @@ client_global_request_reply(int type, u_int32_t seq, void *ctxt) |
| @@ -57,10 +57,10 @@ index cc23e35..cd1739f 100644 | |||
| 57 | server_alive_time = now + options.server_alive_interval; | 57 | server_alive_time = now + options.server_alive_interval; |
| 58 | } | 58 | } |
| 59 | diff --git a/ssh_config.5 b/ssh_config.5 | 59 | diff --git a/ssh_config.5 b/ssh_config.5 |
| 60 | index 49505ae..617a312 100644 | 60 | index e7accd6..473971e 100644 |
| 61 | --- a/ssh_config.5 | 61 | --- a/ssh_config.5 |
| 62 | +++ b/ssh_config.5 | 62 | +++ b/ssh_config.5 |
| 63 | @@ -1288,7 +1288,10 @@ If, for example, | 63 | @@ -1294,7 +1294,10 @@ If, for example, |
| 64 | .Cm ServerAliveCountMax | 64 | .Cm ServerAliveCountMax |
| 65 | is left at the default, if the server becomes unresponsive, | 65 | is left at the default, if the server becomes unresponsive, |
| 66 | ssh will disconnect after approximately 45 seconds. | 66 | ssh will disconnect after approximately 45 seconds. |
diff --git a/debian/patches/syslog-level-silent.patch b/debian/patches/syslog-level-silent.patch index 30ba118e8..7cbd3a7e3 100644 --- a/debian/patches/syslog-level-silent.patch +++ b/debian/patches/syslog-level-silent.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 3afa62c176aa4ea42a87372f10f355efa48f582b Mon Sep 17 00:00:00 2001 | 1 | From b8ed36cdf2dbebc01e52e83eece4bb1d78607e84 Mon Sep 17 00:00:00 2001 |
| 2 | From: Jonathan David Amery <jdamery@ysolde.ucam.org> | 2 | From: Jonathan David Amery <jdamery@ysolde.ucam.org> |
| 3 | Date: Sun, 9 Feb 2014 16:09:54 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:54 +0000 |
| 4 | Subject: "LogLevel SILENT" compatibility | 4 | Subject: "LogLevel SILENT" compatibility |
| @@ -33,10 +33,10 @@ index 32e1d2e..53e7b65 100644 | |||
| 33 | { "FATAL", SYSLOG_LEVEL_FATAL }, | 33 | { "FATAL", SYSLOG_LEVEL_FATAL }, |
| 34 | { "ERROR", SYSLOG_LEVEL_ERROR }, | 34 | { "ERROR", SYSLOG_LEVEL_ERROR }, |
| 35 | diff --git a/ssh.c b/ssh.c | 35 | diff --git a/ssh.c b/ssh.c |
| 36 | index 5de8fcf..0cea713 100644 | 36 | index 1e6cb90..3e63708 100644 |
| 37 | --- a/ssh.c | 37 | --- a/ssh.c |
| 38 | +++ b/ssh.c | 38 | +++ b/ssh.c |
| 39 | @@ -889,7 +889,7 @@ main(int ac, char **av) | 39 | @@ -965,7 +965,7 @@ main(int ac, char **av) |
| 40 | /* Do not allocate a tty if stdin is not a tty. */ | 40 | /* Do not allocate a tty if stdin is not a tty. */ |
| 41 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && | 41 | if ((!isatty(fileno(stdin)) || stdin_null_flag) && |
| 42 | options.request_tty != REQUEST_TTY_FORCE) { | 42 | options.request_tty != REQUEST_TTY_FORCE) { |
diff --git a/debian/patches/user-group-modes.patch b/debian/patches/user-group-modes.patch index 5062d7d80..3cdb9d8a1 100644 --- a/debian/patches/user-group-modes.patch +++ b/debian/patches/user-group-modes.patch | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | From 0879622ccc5a92902c6ffd88391824cfb2d27924 Mon Sep 17 00:00:00 2001 | 1 | From 77638f6662ecd8500e1b97e537233b1277ca829f Mon Sep 17 00:00:00 2001 |
| 2 | From: Colin Watson <cjwatson@debian.org> | 2 | From: Colin Watson <cjwatson@debian.org> |
| 3 | Date: Sun, 9 Feb 2014 16:09:58 +0000 | 3 | Date: Sun, 9 Feb 2014 16:09:58 +0000 |
| 4 | Subject: Allow harmless group-writability | 4 | Subject: Allow harmless group-writability |
| @@ -216,10 +216,10 @@ index 4aab9a9..f99de7f 100644 | |||
| 216 | - return 0; | 216 | - return 0; |
| 217 | -} | 217 | -} |
| 218 | diff --git a/readconf.c b/readconf.c | 218 | diff --git a/readconf.c b/readconf.c |
| 219 | index e79e355..273552d 100644 | 219 | index 6409937..32c4b42 100644 |
| 220 | --- a/readconf.c | 220 | --- a/readconf.c |
| 221 | +++ b/readconf.c | 221 | +++ b/readconf.c |
| 222 | @@ -36,6 +36,8 @@ | 222 | @@ -37,6 +37,8 @@ |
| 223 | #include <stdio.h> | 223 | #include <stdio.h> |
| 224 | #include <string.h> | 224 | #include <string.h> |
| 225 | #include <unistd.h> | 225 | #include <unistd.h> |
| @@ -228,7 +228,7 @@ index e79e355..273552d 100644 | |||
| 228 | #ifdef HAVE_UTIL_H | 228 | #ifdef HAVE_UTIL_H |
| 229 | #include <util.h> | 229 | #include <util.h> |
| 230 | #endif | 230 | #endif |
| 231 | @@ -1475,8 +1477,7 @@ read_config_file(const char *filename, struct passwd *pw, const char *host, | 231 | @@ -1477,8 +1479,7 @@ read_config_file(const char *filename, struct passwd *pw, const char *host, |
| 232 | 232 | ||
| 233 | if (fstat(fileno(f), &sb) == -1) | 233 | if (fstat(fileno(f), &sb) == -1) |
| 234 | fatal("fstat %s: %s", filename, strerror(errno)); | 234 | fatal("fstat %s: %s", filename, strerror(errno)); |
| @@ -252,10 +252,10 @@ index 27794e2..ff5e6ac 100644 | |||
| 252 | .It Pa ~/.ssh/environment | 252 | .It Pa ~/.ssh/environment |
| 253 | Contains additional definitions for environment variables; see | 253 | Contains additional definitions for environment variables; see |
| 254 | diff --git a/ssh_config.5 b/ssh_config.5 | 254 | diff --git a/ssh_config.5 b/ssh_config.5 |
| 255 | index b3c5dc6..3c6b9d4 100644 | 255 | index 3172fd4..4bf7cbb 100644 |
| 256 | --- a/ssh_config.5 | 256 | --- a/ssh_config.5 |
| 257 | +++ b/ssh_config.5 | 257 | +++ b/ssh_config.5 |
| 258 | @@ -1523,6 +1523,8 @@ The format of this file is described above. | 258 | @@ -1529,6 +1529,8 @@ The format of this file is described above. |
| 259 | This file is used by the SSH client. | 259 | This file is used by the SSH client. |
| 260 | Because of the potential for abuse, this file must have strict permissions: | 260 | Because of the potential for abuse, this file must have strict permissions: |
| 261 | read/write for the user, and not accessible by others. | 261 | read/write for the user, and not accessible by others. |