]> git.ipfire.org Git - people/ms/ipfire-3.x.git/blobdiff - openssh/patches/openssh-5.9p1-ipfire.patch
projects / people / ms / ipfire-3.x.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
openssh: Update to 5.9p1.
[people/ms/ipfire-3.x.git] / openssh / patches / openssh-5.9p1-ipfire.patch
diff --git a/openssh/patches/openssh-5.9p1-ipfire.patch b/openssh/patches/openssh-5.9p1-ipfire.patch
new file mode 100644 (file)
index 0000000..cdb49c6
--- /dev/null
+++ b/openssh/patches/openssh-5.9p1-ipfire.patch
@@ -0,0 +1,108 @@
+diff -up openssh-5.9p0/ssh_config.redhat openssh-5.9p0/ssh_config
+--- openssh-5.9p0/ssh_config.redhat    2010-01-12 09:40:27.000000000 +0100
++++ openssh-5.9p0/ssh_config   2011-09-05 14:48:16.386439023 +0200
+@@ -45,3 +45,14 @@
+ #   PermitLocalCommand no
+ #   VisualHostKey no
+ #   ProxyCommand ssh -q -W %h:%p gateway.example.com
++Host *
++      GSSAPIAuthentication yes
++# If this option is set to yes then remote X11 clients will have full access
++# to the original X11 display. As virtually no X11 client supports the untrusted
++# mode correctly we set this to yes.
++      ForwardX11Trusted yes
++# Send locale-related environment variables
++      SendEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES 
++      SendEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT 
++      SendEnv LC_IDENTIFICATION LC_ALL LANGUAGE
++      SendEnv XMODIFIERS
+diff -up openssh-5.9p0/sshd_config.0.redhat openssh-5.9p0/sshd_config.0
+--- openssh-5.9p0/sshd_config.0.redhat 2011-09-05 14:48:08.522441255 +0200
++++ openssh-5.9p0/sshd_config.0        2011-09-05 14:48:16.477443868 +0200
+@@ -581,9 +581,9 @@ DESCRIPTION
+      SyslogFacility
+              Gives the facility code that is used when logging messages from
+-             sshd(8).  The possible values are: DAEMON, USER, AUTH, LOCAL0,
+-             LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.  The
+-             default is AUTH.
++             sshd(8).  The possible values are: DAEMON, USER, AUTH, AUTHPRIV,
++             LOCAL0, LOCAL1, LOCAL2, LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
++             The default is AUTH.
+      TCPKeepAlive
+              Specifies whether the system should send TCP keepalive messages
+diff -up openssh-5.9p0/sshd_config.5.redhat openssh-5.9p0/sshd_config.5
+--- openssh-5.9p0/sshd_config.5.redhat 2011-09-05 14:48:08.657564688 +0200
++++ openssh-5.9p0/sshd_config.5        2011-09-05 14:48:16.589501736 +0200
+@@ -1029,7 +1029,7 @@ Note that this option applies to protoco
+ .It Cm SyslogFacility
+ Gives the facility code that is used when logging messages from
+ .Xr sshd 8 .
+-The possible values are: DAEMON, USER, AUTH, LOCAL0, LOCAL1, LOCAL2,
++The possible values are: DAEMON, USER, AUTH, AUTHPRIV, LOCAL0, LOCAL1, LOCAL2,
+ LOCAL3, LOCAL4, LOCAL5, LOCAL6, LOCAL7.
+ The default is AUTH.
+ .It Cm TCPKeepAlive
+diff -up openssh-5.9p0/sshd_config.redhat openssh-5.9p0/sshd_config
+--- openssh-5.9p0/sshd_config.redhat   2011-09-05 14:48:16.250626793 +0200
++++ openssh-5.9p0/sshd_config  2011-09-05 15:06:01.513443553 +0200
+@@ -32,6 +32,7 @@
+ # Logging
+ # obsoletes QuietMode and FascistLogging
+ #SyslogFacility AUTH
++SyslogFacility AUTHPRIV
+ #LogLevel INFO
+ # Authentication:
+@@ -65,9 +66,11 @@ AuthorizedKeysFile  .ssh/authorized_keys
+ # To disable tunneled clear text passwords, change to no here!
+ #PasswordAuthentication yes
+ #PermitEmptyPasswords no
++PasswordAuthentication yes
+ # Change to no to disable s/key passwords
+ #ChallengeResponseAuthentication yes
++ChallengeResponseAuthentication no
+ # Kerberos options
+ #KerberosAuthentication no
+@@ -77,7 +80,9 @@ AuthorizedKeysFile   .ssh/authorized_keys
+ # GSSAPI options
+ #GSSAPIAuthentication no
++GSSAPIAuthentication yes
+ #GSSAPICleanupCredentials yes
++GSSAPICleanupCredentials yes
+ # Set this to 'yes' to enable PAM authentication, account processing, 
+ # and session processing. If this is enabled, PAM authentication will 
+@@ -89,6 +94,7 @@ AuthorizedKeysFile   .ssh/authorized_keys
+ # PAM authentication, then enable this but set PasswordAuthentication
+ # and ChallengeResponseAuthentication to 'no'.
+ #UsePAM no
++UsePAM yes
+ #TwoFactorAuthentication no
+ #SecondPubkeyAuthentication yes
+@@ -101,6 +107,7 @@ AuthorizedKeysFile .ssh/authorized_keys
+ #AllowTcpForwarding yes
+ #GatewayPorts no
+ #X11Forwarding no
++X11Forwarding yes
+ #X11DisplayOffset 10
+ #X11UseLocalhost yes
+ #PrintMotd yes
+@@ -121,6 +128,12 @@ AuthorizedKeysFile        .ssh/authorized_keys
+ # no default banner path
+ #Banner none
++# Accept locale-related environment variables
++AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
++AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
++AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
++AcceptEnv XMODIFIERS
++
+ # override default of no subsystems
+ Subsystem     sftp    /usr/libexec/sftp-server
Michael's tree of IPFire 3.x.