From 2ee26b431f98cf1dc0e4fb9809ad1e0c879b8c08 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 1 Sep 2003 01:34:19 +0000
Subject: Debian release 3.4p1-4.

---
 debian/README.Debian  |  3 +++
 debian/changelog      | 17 +++++++++++++++++
 debian/control        |  9 +++++----
 debian/copyright.head |  2 +-
 debian/rules          |  9 +--------
 ssh-keysign.c         |  2 +-
 ssh_config.5          |  6 +++---
 7 files changed, 31 insertions(+), 17 deletions(-)

diff --git a/debian/README.Debian b/debian/README.Debian
index fd969d7c9..614dd08f6 100644
--- a/debian/README.Debian
+++ b/debian/README.Debian
@@ -114,6 +114,9 @@ root, before enabling X11.  I strongly recommend that you do this on a
 machine-by-machine basis, rather than just enabling it in the default
 host settings.
 
+In order for X11 forwarding to work, you need to install xauth on the
+server. In Debian this is in the xbase-clients package.
+
 Authorization Forwarding:
 -------------------------
 Similarly, root on a remote server could make use of your ssh-agent
diff --git a/debian/changelog b/debian/changelog
index 71a950772..e5651eb28 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,20 @@
+openssh (1:3.4p1-4) unstable; urgency=low
+
+  * Allow ssh-krb5 in ssh-askpass-gnome's dependencies (closes: #129532).
+  * Restore Russia to list of countries where encryption is problematic (see
+    #148951 and http://www.average.org/freecrypto/).
+  * Drop ssh-askpass-gnome's priority to optional, per the override file.
+  * Drop the PAM special case for hurd-i386 (closes: #99157).
+  * s/dile/idle/ in ssh_config(5) (closes: #118331).
+  * Note in README.Debian that you need xauth from xbase-clients on the
+    server for X11 forwarding (closes: #140269).
+  * Use correct path to upstream README in copyright file (closes: #146037).
+  * Document the units for ProtocolKeepAlives (closes: #159479).
+  * Backport upstream patch to fix hostbased auth (closes: #117114).
+  * Add -g to CFLAGS.
+
+ -- Colin Watson <cjwatson@debian.org>  Sun, 13 Oct 2002 18:58:53 +0100
+
 openssh (1:3.4p1-3) unstable; urgency=low
 
   * Add myself to Uploaders: and begin acting as temporary maintainer, at
diff --git a/debian/control b/debian/control
index acda7997a..2fe062623 100644
--- a/debian/control
+++ b/debian/control
@@ -8,7 +8,7 @@ Uploaders: Colin Watson <cjwatson@debian.org>
 
 Package: ssh
 Architecture: any
-Depends: ${shlibs:Depends}, ${pam-depend}, debconf, adduser
+Depends: ${shlibs:Depends}, libpam-modules (>= 0.72-9), debconf, adduser
 Conflicts: ssh-nonfree (<<2), ssh-socks, ssh2, debconf (<<0.2.17), debconf-tiny (<<0.2.17), sftp, rsh-client (<<0.16.1-1)
 Suggests: ssh-askpass, xbase-clients, dpkg (>=1.8.3.1), dnsutils
 Provides: rsh-client
@@ -27,13 +27,14 @@ Description: Secure rlogin/rsh/rcp replacement (OpenSSH)
  .
  --------------------------------------------------------------------
  .
- In some countries, particularly Iraq, and Pakistan, it may be illegal 
- to use any encryption at all without a special permit.
+ In some countries, particularly Russia, Iraq, and Pakistan, it may
+ be illegal to use any encryption at all without a special permit.
 
 Package: ssh-askpass-gnome
 Section: x11
+Priority: optional
 Architecture: any
-Depends: ${shlibs:Depends}, ssh (>=1:1.2pre7-4)
+Depends: ${shlibs:Depends}, ssh (>=1:1.2pre7-4) | ssh-krb5
 Provides: ssh-askpass
 Description: under X, asks user for a passphrase for ssh-add
  This has been split out of the main ssh package, so that the ssh will
diff --git a/debian/copyright.head b/debian/copyright.head
index cd4d45b24..1e1282f98 100644
--- a/debian/copyright.head
+++ b/debian/copyright.head
@@ -17,7 +17,7 @@ branch that is being maintained by the OpenBSD team (starting from
 the last version of SSH that was distributed under a free license),
 and porting work by Damien Miller <damien@ibs.com.au> to get it
 working on Linux.  Other people also contributed to this, and are
-credited in README.openssh.
+credited in /usr/share/doc/ssh/README.
 
 Copyright:
 
diff --git a/debian/rules b/debian/rules
index 365872d3d..7615c8708 100755
--- a/debian/rules
+++ b/debian/rules
@@ -11,8 +11,6 @@ export DH_OPTIONS
 
 #PKG_VER = $(shell perl -e 'print <> =~ /\((.*)\)/' debian/changelog)
 
-DEB_HOST_ARCH = $(shell dpkg-architecture -qDEB_HOST_ARCH)
-
 build: build-stamp
 build-stamp:
 	dh_testdir
@@ -23,7 +21,7 @@ build-stamp:
 	fi
 	./configure --prefix=/usr --sysconfdir=/etc/ssh --libexecdir=/usr/lib --mandir=/usr/share/man --with-tcp-wrappers --with-xauth=/usr/bin/X11/xauth --with-default-path=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin --with-pam --with-4in6 --with-ipv4-default \
 		--with-privsep-path=/var/run/sshd  --without-rand-helper
-	$(MAKE) -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-O2 -Wall -DLOGIN_PROGRAM=\"/bin/login\" -DSSHD_PAM_SERVICE=\"ssh\" -D__FILE_OFFSET_BITS=64 -DHAVE_MMAP_ANON_SHARED' \
+	$(MAKE) -j 2 ASKPASS_PROGRAM='/usr/bin/ssh-askpass' CFLAGS='-O2 -g -Wall -DLOGIN_PROGRAM=\"/bin/login\" -DSSHD_PAM_SERVICE=\"ssh\" -D__FILE_OFFSET_BITS=64 -DHAVE_MMAP_ANON_SHARED' \
 		SSH_KEYSIGN='/usr/lib/ssh-keysign'
 	gcc -O2 `gnome-config --cflags gnome gnomeui` \
 	   contrib/gnome-ssh-askpass.c -o contrib/gnome-ssh-askpass \
@@ -93,11 +91,6 @@ binary-arch: build install
 	test ! -e debian/tmp/etc/ssh/ssh_prng_cmds \
 	  || echo "/etc/ssh/ssh_prng_cmds" >> debian/tmp/DEBIAN/conffiles
 	dh_shlibdeps
-ifeq ($(DEB_HOST_ARCH),hurd-i386)
-	echo "pam-depend=" >> debian/substvars
-else
-	echo "pam-depend=libpam-modules (>= 0.72-9), " >> debian/substvars
-endif
 	dh_gencontrol
 	dh_md5sums
 	dh_builddeb
diff --git a/ssh-keysign.c b/ssh-keysign.c
index 7f1d25d8c..fffa7bbdc 100644
--- a/ssh-keysign.c
+++ b/ssh-keysign.c
@@ -192,7 +192,6 @@ main(int argc, char **argv)
 	data = buffer_get_string(&b, &dlen);
 	if (valid_request(pw, host, &key, data, dlen) < 0)
 		fatal("not a valid request");
-	xfree(data);
 	xfree(host);
 
 	found = 0;
@@ -208,6 +207,7 @@ main(int argc, char **argv)
 
 	if (key_sign(keys[i], &signature, &slen, data, dlen) != 0)
 		fatal("key_sign failed");
+	xfree(data);
 
 	/* send reply */
 	buffer_clear(&b);
diff --git a/ssh_config.5 b/ssh_config.5
index 801a7e88a..6d94220b0 100644
--- a/ssh_config.5
+++ b/ssh_config.5
@@ -448,8 +448,8 @@ This means that
 tries version 2 and falls back to version 1
 if version 2 is not available.
 .It Cm ProtocolKeepAlives
-Specifies the interval at which IGNORE packets will be sent to
-the server during dile periods. Use this option in scripts to detect
+Specifies the interval in seconds at which IGNORE packets will be sent to
+the server during idle periods. Use this option in scripts to detect
 when the network fails. The argument must be an integer. The default
 is 0 (disabled), or 300 if the 
 .Cm BatchMode
@@ -540,7 +540,7 @@ Note that this option applies to protocol version 1 only.
 .It Cm SetupTimeOut
 Normally,
 .Nm ssh
-blocks indefinitly whilst waiting to receive the ssh banner and other
+blocks indefinitely whilst waiting to receive the ssh banner and other
 setup protocol from the server, during the session setup.  This can cause
 .Nm ssh
 to hang under certain circumstances.  If this option is set,
-- 
cgit v1.2.3