diff -ru openssh-3.0.1p1/ChangeLog openssh-3.0.2p1/ChangeLog --- openssh-3.0.1p1/ChangeLog 2001-11-15 23:16:50.000000000 +1100 +++ openssh-3.0.2p1/ChangeLog 2001-12-02 10:37:07.000000000 +1100 @@ -1,3 +1,10 @@ +20011202 + - (djm) Syn with OpenBSD OpenSSH-3.0.2 + - markus@cvs.openbsd.org + [session.c sshd.8 version.h] + Don't allow authorized_keys specified environment variables when + UseLogin in active + 20011115 - (djm) Fix IPv4 default in ssh-keyscan. Spotted by Dan Astoorian Fix from markus@ @@ -6912,4 +6919,4 @@ - Wrote replacements for strlcpy and mkdtemp - Released 1.0pre1 -$Id: ChangeLog,v 1.1665 2001/11/15 12:16:50 djm Exp $ +$Id: ChangeLog,v 1.1665.4.1 2001/12/01 23:37:07 djm Exp $ diff -ru openssh-3.0.1p1/contrib/caldera/openssh.spec openssh-3.0.2p1/contrib/caldera/openssh.spec --- openssh-3.0.1p1/contrib/caldera/openssh.spec 2001-11-14 00:05:58.000000000 +1100 +++ openssh-3.0.2p1/contrib/caldera/openssh.spec 2001-12-02 10:37:19.000000000 +1100 @@ -1,6 +1,6 @@ %define use-stable 1 %if %{use-stable} - %define version 3.0.1p1 + %define version 3.0.2p1 %define cvs %{nil} %define release 1 %else @@ -224,4 +224,4 @@ %ChangeLog * Mon Jan 01 1998 ... -$Id: openssh.spec,v 1.25 2001/11/13 13:05:58 djm Exp $ +$Id: openssh.spec,v 1.25.4.1 2001/12/01 23:37:19 djm Exp $ diff -ru openssh-3.0.1p1/contrib/redhat/openssh.spec openssh-3.0.2p1/contrib/redhat/openssh.spec --- openssh-3.0.1p1/contrib/redhat/openssh.spec 2001-11-14 00:05:58.000000000 +1100 +++ openssh-3.0.2p1/contrib/redhat/openssh.spec 2001-12-02 10:37:19.000000000 +1100 @@ -1,5 +1,5 @@ # Version of OpenSSH -%define oversion 3.0.1p1 +%define oversion 3.0.2p1 # Version of ssh-askpass %define aversion 1.2.4.1 diff -ru openssh-3.0.1p1/contrib/suse/openssh.spec openssh-3.0.2p1/contrib/suse/openssh.spec --- openssh-3.0.1p1/contrib/suse/openssh.spec 2001-11-14 00:05:58.000000000 +1100 +++ openssh-3.0.2p1/contrib/suse/openssh.spec 2001-12-02 10:37:19.000000000 +1100 @@ -1,6 +1,6 @@ Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation Name: openssh -Version: 3.0.1p1 +Version: 3.0.2p1 URL: http://www.openssh.com/ Release: 1 Source0: openssh-%{version}.tar.gz diff -ru openssh-3.0.1p1/session.c openssh-3.0.2p1/session.c --- openssh-3.0.1p1/session.c 2001-11-13 23:46:19.000000000 +1100 +++ openssh-3.0.2p1/session.c 2001-12-02 10:37:08.000000000 +1100 @@ -1247,18 +1247,21 @@ child_set_env(&env, &envsize, "TZ", getenv("TZ")); /* Set custom environment options from RSA authentication. */ - while (custom_environment) { - struct envstring *ce = custom_environment; - char *s = ce->s; - int i; - for (i = 0; s[i] != '=' && s[i]; i++); - if (s[i] == '=') { - s[i] = 0; - child_set_env(&env, &envsize, s, s + i + 1); + if (!options.use_login) { + while (custom_environment) { + struct envstring *ce = custom_environment; + char *s = ce->s; + int i; + for (i = 0; s[i] != '=' && s[i]; i++) + ; + if (s[i] == '=') { + s[i] = 0; + child_set_env(&env, &envsize, s, s + i + 1); + } + custom_environment = ce->next; + xfree(ce->s); + xfree(ce); } - custom_environment = ce->next; - xfree(ce->s); - xfree(ce); } snprintf(buf, sizeof buf, "%.50s %d %d", diff -ru openssh-3.0.1p1/sshd.0 openssh-3.0.2p1/sshd.0 --- openssh-3.0.1p1/sshd.0 2001-11-15 23:27:19.000000000 +1100 +++ openssh-3.0.2p1/sshd.0 2001-12-02 10:38:47.000000000 +1100 @@ -650,7 +650,8 @@ Specifies that the string is to be added to the environment when logging in using this key. Environment variables set this way override other default environment values. Multiple options of - this type are permitted. + this type are permitted. This option is automatically disabled + if UseLogin is enabled. no-port-forwarding Forbids TCP/IP forwarding when this key is used for authenticaM-- diff -ru openssh-3.0.1p1/sshd.8 openssh-3.0.2p1/sshd.8 --- openssh-3.0.1p1/sshd.8 2001-11-12 11:04:06.000000000 +1100 +++ openssh-3.0.2p1/sshd.8 2001-12-02 10:37:08.000000000 +1100 @@ -1014,6 +1014,9 @@ Environment variables set this way override other default environment values. Multiple options of this type are permitted. +This option is automatically disabled if +.Cm UseLogin +is enabled. .It Cm no-port-forwarding Forbids TCP/IP forwarding when this key is used for authentication. Any port forward requests by the client will return an error. diff -ru openssh-3.0.1p1/version.h openssh-3.0.2p1/version.h --- openssh-3.0.1p1/version.h 2001-11-14 00:05:30.000000000 +1100 +++ openssh-3.0.2p1/version.h 2001-12-02 10:37:08.000000000 +1100 @@ -1,3 +1,3 @@ /* $OpenBSD: version.h,v 1.25 2001/10/15 16:10:50 deraadt Exp $ */ -#define SSH_VERSION "OpenSSH_3.0.1p1" +#define SSH_VERSION "OpenSSH_3.0.2p1"