canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
@@ -88,8 +88,8 @@
loginrec.o auth-pam.o auth-shadow.o auth-sia.o md5crypt.o \
- audit.o audit-bsm.o platform.o
+ audit.o audit-bsm.o platform.o sftp-server.o sftp-common.o
--MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
--MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
-+MANPAGES = scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out ssh-vulnkey.1.out sshd_config.5.out ssh_config.5.out
-+MANPAGES_IN = scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 ssh-vulnkey.1 sshd_config.5 ssh_config.5
+-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out
+-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5
++MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-rand-helper.8.out ssh-keysign.8.out sshd_config.5.out ssh_config.5.out ssh-vulnkey.1.out
++MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-rand-helper.8 ssh-keysign.8 sshd_config.5 ssh_config.5 ssh-vulnkey.1
MANTYPE = @MANTYPE@
CONFIGFILES=sshd_config.out ssh_config.out moduli.out
perror("unable to set user context (setuser)");
--- openssh-3.7.1p2/sshd_config 2003-09-02 14:51:18.000000000 +0200
+++ openssh-3.7.1p2.pius/sshd_config 2003-10-07 20:49:08.000000000 +0200
-@@ -71,6 +71,10 @@
- # bypass the setting of 'PasswordAuthentication'
- #UsePAM yes
+@@ -91,6 +91,10 @@
+ # and ChallengeResponseAuthentication to 'no'.
+ UsePAM yes
+# Set this to 'yes' to enable support for chrooted user environment.
-+# You must create such environment before you can use this feature.
++# You must create such environment before you can use this feature.
+#UseChroot yes
+
- #AllowTcpForwarding yes
- #GatewayPorts no
- #X11Forwarding no
+ #AllowAgentForwarding yes
+ # Security advisory:
+ # http://securitytracker.com/alerts/2004/Sep/1011143.html
--- openssh-4.4p1/sshd_config.0.orig 2006-09-26 13:03:48.000000000 +0200
+++ openssh-4.4p1/sshd_config.0 2006-10-05 10:11:41.615971000 +0200
@@ -451,6 +451,16 @@
# Set this to 'yes' to enable PAM authentication, account processing,
# and session processing. If this is enabled, PAM authentication will
-@@ -78,8 +79,16 @@
+@@ -89,10 +89,12 @@
+ # If you just want the PAM account and session checks to run without
# PAM authentication, then enable this but set PasswordAuthentication
# and ChallengeResponseAuthentication to 'no'.
- #UsePAM no
+-#UsePAM no
+UsePAM yes
-+
-+# Set this to 'yes' to enable support for chrooted user environment.
-+# You must create such environment before you can use this feature.
-+#UseChroot yes
- #AllowTcpForwarding yes
+ #AllowAgentForwarding yes
+-#AllowTcpForwarding yes
+# Security advisory:
+# http://securitytracker.com/alerts/2004/Sep/1011143.html
+AllowTcpForwarding no
+++ /dev/null
---- openssh.orig/configure.ac 2006-02-02 09:07:47.000000000 +0100
-+++ openssh/configure.ac 2006-02-02 09:11:17.000000000 +0100
-@@ -313,7 +313,6 @@
- no_dev_ptmx=1
- check_for_libcrypt_later=1
- check_for_openpty_ctty_bug=1
-- AC_DEFINE(DONT_TRY_OTHER_AF, 1, [Workaround more Linux IPv6 quirks])
- AC_DEFINE(PAM_TTY_KLUDGE, 1,
- [Work around problematic Linux PAM modules handling of PAM_TTY])
- AC_DEFINE(LOCKED_PASSWD_PREFIX, "!",
" [-D [bind_address:]port] [-e escape_char] [-F configfile]\n"
" [-i identity_file] [-L [bind_address:]port:host:hostport]\n"
" [-l login_name] [-m mac_spec] [-O ctl_cmd] [-o option] [-p port]\n"
-@@ -244,7 +247,7 @@
+@@ -275,7 +275,7 @@
- again:
- while ((opt = getopt(ac, av,
-- "1246ab:c:e:fgi:kl:m:no:p:qstvxACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
-+ "1246ab:c:e:fgi:kl:m:no:p:qstvxABCD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
+ again:
+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
+- "ACD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
++ "ABCD:F:I:KL:MNO:PR:S:TVw:XY")) != -1) {
switch (opt) {
case '1':
options.protocol = SSH_PROTO_1;
+++ /dev/null
-diff -u -p packet.c
---- packet.c 8 May 2008 06:59:01 -0000
-+++ packet.c 19 May 2008 04:00:34 -0000
-@@ -1185,9 +1185,10 @@ packet_read_poll_seqnr(u_int32_t *seqnr_
- for (;;) {
- if (compat20) {
- type = packet_read_poll2(seqnr_p);
-- keep_alive_timeouts = 0;
-- if (type)
-+ if (type) {
-+ keep_alive_timeouts = 0;
- DBG(debug("received packet type %d", type));
-+ }
- switch (type) {
- case SSH2_MSG_IGNORE:
- debug3("Received SSH2_MSG_IGNORE");