Age | Commit message (Collapse) | Author |
|
Setting this to "no" causes sshd to omit the Debian revision from its
initial protocol handshake, for those scared by package-versioning.patch.
Bug-Debian: http://bugs.debian.org/562048
Forwarded: not-needed
Last-Update: 2015-08-19
Patch-Name: debian-banner.patch
|
|
This makes it easier to audit networks for versions patched against security
vulnerabilities. It has little detrimental effect, as attackers will
generally just try attacks rather than bothering to scan for
vulnerable-looking version strings. (However, see debian-banner.patch.)
Forwarded: not-needed
Last-Update: 2013-09-14
Patch-Name: package-versioning.patch
|
|
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1843
Bug-Ubuntu: https://bugs.launchpad.net/bugs/686607
Last-Update: 2015-09-08
Patch-Name: mention-ssh-keygen-on-keychange.patch
|
|
Bug-Debian: http://bugs.debian.org/630606
Forwarded: no
Last-Update: 2013-09-14
Patch-Name: auth-log-verbosity.patch
|
|
This allows SSHFP DNS records to be verified if glibc 2.11 is installed.
Origin: vendor, https://cvs.fedoraproject.org/viewvc/F-12/openssh/openssh-5.2p1-edns.patch?revision=1.1&view=markup
Bug: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572049
Last-Update: 2010-04-06
Patch-Name: dnssec-sshfp.patch
|
|
There's some debate on the upstream bug about whether POSIX requires this.
I (Colin Watson) agree with Vincent and think it does.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1494
Bug-Debian: http://bugs.debian.org/492728
Last-Update: 2013-09-14
Patch-Name: shell-path.patch
|
|
Tweak scp's reporting of filenames in verbose mode to be a bit less
confusing with spaces.
This should be revised to mimic real shell quoting.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/89945
Last-Update: 2010-02-27
Patch-Name: scp-quoting.patch
|
|
Allow secure files (~/.ssh/config, ~/.ssh/authorized_keys, etc.) to be
group-writable, provided that the group in question contains only the file's
owner. Rejected upstream for IMO incorrect reasons (e.g. a misunderstanding
about the contents of gr->gr_mem). Given that per-user groups and umask 002
are the default setup in Debian (for good reasons - this makes operating in
setgid directories with other groups much easier), we need to permit this by
default.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1060
Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=314347
Last-Update: 2013-09-14
Patch-Name: user-group-modes.patch
|
|
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1450
Last-Updated: 2015-08-19
Patch-Name: consolekit.patch
|
|
Bug-Debian: http://bugs.debian.org/50308
Last-Update: 2010-02-27
Patch-Name: helpful-wait-terminate.patch
|
|
This produces irritating messages when using ProxyCommand or other programs
that use ssh under the covers (e.g. Subversion). These messages are more
normally printed by the calling program, such as the shell.
According to the upstream bug, the right way to avoid this is to use the -q
option, so we may drop this patch after further investigation into whether
any software in Debian is still relying on it.
Author: Colin Watson <cjwatson@debian.org>
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1118
Bug-Debian: http://bugs.debian.org/313371
Last-Update: 2013-09-14
Patch-Name: quieter-signals.patch
|
|
"LogLevel SILENT" (-qq) was introduced in Debian openssh 1:3.0.1p1-1 to
match the behaviour of non-free SSH, in which -q does not suppress fatal
errors. However, this was unintentionally broken in 1:4.6p1-2 and nobody
complained, so we've dropped most of it. The parts that remain are basic
configuration file compatibility, and an adjustment to "Pseudo-terminal will
not be allocated ..." which should be split out into a separate patch.
Author: Matthew Vernon <matthew@debian.org>
Author: Colin Watson <cjwatson@debian.org>
Last-Update: 2013-09-14
Patch-Name: syslog-level-silent.patch
|
|
Add compatibility aliases for ProtocolKeepAlives and SetupTimeOut, supported
in previous versions of Debian's OpenSSH package but since superseded by
ServerAliveInterval. (We're probably stuck with this bit for
compatibility.)
In batch mode, default ServerAliveInterval to five minutes.
Adjust documentation to match and to give some more advice on use of
keepalives.
Author: Ian Jackson <ian@chiark.greenend.org.uk>
Author: Matthew Vernon <matthew@debian.org>
Author: Colin Watson <cjwatson@debian.org>
Last-Update: 2015-08-19
Patch-Name: keepalive-extensions.patch
|
|
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1712
Last-Update: 2013-09-14
Patch-Name: ssh1-keepalive.patch
|
|
These options were used as part of Debian's response to CVE-2008-0166.
Nearly six years later, we no longer need to continue carrying the bulk
of that patch, but we do need to avoid failing when the associated
configuration options are still present.
Last-Update: 2014-02-09
Patch-Name: ssh-vulnkey-compat.patch
|
|
Rejected upstream due to discomfort with magic usernames; a better approach
will need an SSH protocol change. In the meantime, this came from Debian's
SELinux maintainer, so we'll keep it until we have something better.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1641
Bug-Debian: http://bugs.debian.org/394795
Last-Update: 2015-08-19
Patch-Name: selinux-role.patch
|
|
Support for TCP wrappers was dropped in OpenSSH 6.7. See this message
and thread:
https://lists.mindrot.org/pipermail/openssh-unix-dev/2014-April/032497.html
It is true that this reduces preauth attack surface in sshd. On the
other hand, this support seems to be quite widely used, and abruptly
dropping it (from the perspective of users who don't read
openssh-unix-dev) could easily cause more serious problems in practice.
It's not entirely clear what the right long-term answer for Debian is,
but it at least probably doesn't involve dropping this feature shortly
before a freeze.
Forwarded: not-needed
Last-Update: 2014-10-07
Patch-Name: restore-tcp-wrappers.patch
|
|
This patch has been rejected upstream: "None of the OpenSSH developers are
in favour of adding this, and this situation has not changed for several
years. This is not a slight on Simon's patch, which is of fine quality, but
just that a) we don't trust GSSAPI implementations that much and b) we don't
like adding new KEX since they are pre-auth attack surface. This one is
particularly scary, since it requires hooks out to typically root-owned
system resources."
However, quite a lot of people rely on this in Debian, and it's better to
have it merged into the main openssh package rather than having separate
-krb5 packages (as we used to have). It seems to have a generally good
security history.
Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1242
Last-Updated: 2015-09-17
Patch-Name: gssapi.patch
|
|
|
|
|
|
twiddle; (this commit marks the openssh-6.9 release)
Upstream-ID: 78500582819f61dd8adee36ec5cc9b9ac9351234
|
|
better refuse ForwardX11Trusted=no connections attempted
after ForwardX11Timeout expires; reported by Jann Horn
Upstream-ID: bf0fddadc1b46a0334e26c080038313b4b6dea21
|
|
put back default PermitRootLogin=no
Upstream-ID: 7bdedd5cead99c57ed5571f3b6b7840922d5f728
|
|
openssh-6.9
Upstream-ID: 6cfe8e1904812531080e6ab6e752d7001b5b2d45
|
|
reset default PermitRootLogin to 'yes' (momentarily, for
release)
Upstream-ID: cad8513527066e65dd7a1c16363d6903e8cefa24
|
|
|
|
|
|
fatal() when a remote window update causes the window
value to overflow. Reported by Georg Wicherski, ok markus@
Upstream-ID: ead397a9aceb3bf74ebfa5fcaf259d72e569f351
|
|
Fix math error in remote window calculations that causes
eventual stalls for datagram channels. Reported by Georg Wicherski, ok
markus@
Upstream-ID: be54059d11bf64e0d85061f7257f53067842e2ab
|
|
with Tim Rice
|
|
add getpid to sandbox, reachable by grace_alarm_handler
reported by Jakub Jelen; bz#2419
Upstream-ID: d0da1117c16d4c223954995d35b0f47c8f684cd8
|
|
Fix \-escaping bug that caused forward path parsing to skip
two characters and skip past the end of the string.
Based on patch by Salvador Fandino; ok dtucker@
Upstream-ID: 7b879dc446335677cbe4cb549495636a0535f3bd
|
|
patch from Jakub Jelen
|
|
correct test to sshkey_sign(); spotted by Albert S.
Upstream-ID: 5f7347f40f0ca6abdaca2edb3bd62f4776518933
|
|
Revert previous commit. We still want to call setgroups
in the case where there are zero groups to remove any that we might otherwise
inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
to setgroups is always a static global it's always valid to dereference in
this case. ok deraadt@ djm@
Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
|
|
Revert previous commit. We still want to call setgroups in
the case where there are zero groups to remove any that we might otherwise
inherit (as pointed out by grawity at gmail.com) and since the 2nd argument
to setgroups is always a static global it's always valid to dereference in
this case. ok deraadt@ djm@
Upstream-ID: 895b5ac560a10befc6b82afa778641315725fd01
|
|
Don't count successful partial authentication as failures
in monitor; this may have caused the monitor to refuse multiple
authentications that would otherwise have successfully completed; ok markus@
Upstream-ID: eb74b8e506714d0f649bd5c300f762a527af04a3
|
|
Don't call setgroups if we have zero groups; there's no
guarantee that it won't try to deref the pointer. Based on a patch from mail
at quitesimple.org, ok djm deraadt
Upstream-ID: 2fff85e11d7a9a387ef7fddf41fbfaf566708ab1
|
|
|
|
If AuthorizedPrincipalsCommand is specified, however
AuthorizedPrincipalsFile is not (or is set to "none"), authentication will
potentially fail due to key_cert_check_authority() failing to locate a
principal that matches the username, even though an authorized principal has
already been matched in the output of the subprocess. Fix this by using the
same logic to determine if pw->pw_name should be passed, as is used to
determine if a authorized principal must be matched earlier on.
ok djm@
Upstream-ID: 43b42302ec846b0ea68aceb40677245391b9409d
|
|
Make the arguments to match_principals_command() similar
to match_principals_file(), by changing the last argument a struct
sshkey_cert * and dereferencing key->cert in the caller.
No functional change.
ok djm@
Upstream-ID: 533f99b844b21b47342b32b62e198dfffcf8651c
|
|
When doing arg inspection and the syscall doesn't match, skip
past the instruction that reloads the syscall into the accumulator,
since the accumulator hasn't been modified at this point.
|
|
Also resort and tidy syscall list. Based on patches by Jakub Jelen
bz#2361; ok dtucker@
|
|
return failure on RSA signature error; reported by Albert S
Upstream-ID: e61bb93dbe0349625807b0810bc213a6822121fa
|
|
|
|
For "ssh -L 12345:/tmp/sock" don't fail with "No forward host
name." (we have a path, not a host name). Based on a diff from Jared
Yanovich. OK djm@
Upstream-ID: 2846b0a8c7de037e33657f95afbd282837fc213f
|
|
typo: accidental repetition; bz#2386
Upstream-ID: 45e620d99f6bc301e5949d34a54027374991c88b
|
|
Stopgap to resolve bz#2409 because we are so close to release and will
update config.guess and friends shortly after the release. ok djm@
|
|
|
|
|