From 47608c17e64138f8d16aa2bdc49a0eb00e1c3549 Mon Sep 17 00:00:00 2001
From: Colin Watson <cjwatson@debian.org>
Date: Mon, 12 May 2008 23:33:01 +0000
Subject: * Mitigate OpenSSL security vulnerability:   - Add key blacklisting
 support. Keys listed in     /etc/ssh/blacklist.TYPE-LENGTH will be rejected
 for authentication by     sshd, unless "PermitBlacklistedKeys yes" is set in 
    /etc/ssh/sshd_config.   - Add a new program, ssh-vulnkey, which can be
 used to check keys     against these blacklists.   - Depend on
 openssh-blacklist.   - Force dependencies on libssl0.9.8 /
 libcrypto0.9.8-udeb to at least     0.9.8g-9.   - Automatically regenerate
 known-compromised host keys, with a     critical-priority debconf note. (I
 regret that there was no time to     gather translations.)

---
 pathnames.h | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'pathnames.h')

diff --git a/pathnames.h b/pathnames.h
index f2571e274..8886e8edd 100644
--- a/pathnames.h
+++ b/pathnames.h
@@ -43,6 +43,8 @@
 /* Backwards compatibility */
 #define _PATH_DH_PRIMES			SSHDIR "/primes"
 
+#define _PATH_BLACKLIST			SSHDIR "/blacklist"
+
 #ifndef _PATH_SSH_PROGRAM
 #define _PATH_SSH_PROGRAM		"/usr/bin/ssh"
 #endif
-- 
cgit v1.2.3