chutzpah 14/11/24 19:13:23
Added: openssh-6.7_p1-sctp-x509-glue.patch
openssh-6.7_p1-x509-glue.patch
Log:
Revision bump, add the X509 version 8.2 patch.
(Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key
0xE3F69979BB4B8928DA78E3D17CBF44EF)
Revision Changes Path
1.1 net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/openssh/files/openssh-6.7_p1-sctp-x509-glue.patch?rev=1.1&content-type=text/plain
Index: openssh-6.7_p1-sctp-x509-glue.patch
===================================================================
--- openssh-6.7_p1-sctp.patch.orig 2014-11-24 10:34:31.817538707 -0800
+++ openssh-6.7_p1-sctp.patch 2014-11-24 10:38:52.744990154 -0800
@@ -195,14 +195,6 @@
.Op Fl c Ar cipher
.Op Fl F Ar ssh_config
.Op Fl i Ar identity_file
-@@ -178,6 +178,7 @@ For full details of the options listed b
- .It ServerAliveCountMax
- .It StrictHostKeyChecking
- .It TCPKeepAlive
-+.It Transport
- .It UsePrivilegedPort
- .It User
- .It UserKnownHostsFile
@@ -218,6 +219,8 @@ and
to print debugging messages about their progress.
This is helpful in
@@ -482,14 +474,6 @@
.Op Fl b Ar bind_address
.Op Fl c Ar cipher_spec
.Op Fl D Oo Ar bind_address : Oc Ns Ar port
-@@ -473,6 +473,7 @@ For full details of the options listed b
- .It StreamLocalBindUnlink
- .It StrictHostKeyChecking
- .It TCPKeepAlive
-+.It Transport
- .It Tunnel
- .It TunnelDevice
- .It UsePrivilegedPort
@@ -665,6 +666,8 @@ Trusted X11 forwardings are not subjecte
controls.
.It Fl y
@@ -527,7 +511,7 @@
- again:
+
- while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx"
+ while ((opt = getopt(ac, av, "1246ab:c:e:fgi:kl:m:no:p:qstvx" SCTP_OPT
- "ACD:E:F:I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
+ "ACD:E:F:" ENGCONFIG "I:KL:MNO:PQ:R:S:TVw:W:XYy")) != -1) {
switch (opt) {
case '1':
@@ -732,6 +738,11 @@ main(int ac, char **av)
1.1 net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/net-misc/openssh/files/openssh-6.7_p1-x509-glue.patch?rev=1.1&content-type=text/plain
Index: openssh-6.7_p1-x509-glue.patch
===================================================================
--- openssh-6.7p1.orig/sshd_config.5 2014-11-24 10:24:29.356244415 -0800
+++ openssh-6.7p1/sshd_config.5 2014-11-24 10:23:49.415029039 -0800
@@ -610,21 +610,6 @@
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
-.It Cm GSSAPIStrictAcceptorCheck
-Determines whether to be strict about the identity of the GSSAPI acceptor
-a client authenticates against.
-If set to
-.Dq yes
-then the client must authenticate against the
-.Pa host
-service on the current hostname.
-If set to
-.Dq no
-then the client may authenticate against any service key stored in the
-machine's default store.
-This facility is provided to assist with operation on multi homed machines.
-The default is
-.Dq yes .
.It Cm HostbasedAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful public key client host authentication is allowed
@@ -651,6 +636,21 @@
attempting to resolve the name from the TCP connection itself.
The default is
.Dq no .
+.It Cm GSSAPIStrictAcceptorCheck
+Determines whether to be strict about the identity of the GSSAPI acceptor
+a client authenticates against.
+If set to
+.Dq yes
+then the client must authenticate against the
+.Pa host
+service on the current hostname.
+If set to
+.Dq no
+then the client may authenticate against any service key stored in the
+machine's default store.
+This facility is provided to assist with operation on multi homed machines.
+The default is
+.Dq yes .
.It Cm HostCertificate
Specifies a file containing a public host certificate.
The certificate's public key must match a private host key already specified
