Blame openssh-7.4p1-pkcs11-whitelist.patch
|
Jakub Jelen |
58f79a |
diff -up openssh-7.4p1/ssh-agent.1.pkcs11-whitelist openssh-7.4p1/ssh-agent.1
|
|
Jakub Jelen |
58f79a |
--- openssh-7.4p1/ssh-agent.1.pkcs11-whitelist 2017-01-03 10:41:01.916331710 +0100
|
|
Jakub Jelen |
58f79a |
+++ openssh-7.4p1/ssh-agent.1 2017-01-03 10:40:06.549366029 +0100
|
|
Jakub Jelen |
58f79a |
@@ -129,7 +129,7 @@ that may be added using the
|
|
Jakub Jelen |
58f79a |
option to
|
|
Jakub Jelen |
58f79a |
.Xr ssh-add 1 .
|
|
Jakub Jelen |
58f79a |
The default is to allow loading PKCS#11 libraries from
|
|
Jakub Jelen |
58f79a |
-.Dq /usr/lib/*,/usr/local/lib/* .
|
|
Jakub Jelen |
58f79a |
+.Dq /usr/lib*/*,/usr/local/lib*/* .
|
|
Jakub Jelen |
58f79a |
PKCS#11 libraries that do not match the whitelist will be refused.
|
|
Jakub Jelen |
58f79a |
See PATTERNS in
|
|
Jakub Jelen |
58f79a |
.Xr ssh_config 5
|
|
Jakub Jelen |
58f79a |
diff -up openssh-7.4p1/ssh-agent.c.pkcs11-whitelist openssh-7.4p1/ssh-agent.c
|
|
Jakub Jelen |
58f79a |
--- openssh-7.4p1/ssh-agent.c.pkcs11-whitelist 2017-01-03 10:41:09.324327118 +0100
|
|
Jakub Jelen |
58f79a |
+++ openssh-7.4p1/ssh-agent.c 2017-01-03 10:40:21.212356939 +0100
|
|
Jakub Jelen |
58f79a |
@@ -89,7 +89,7 @@
|
|
Jakub Jelen |
58f79a |
#endif
|
|
Jakub Jelen |
58f79a |
|
|
Jakub Jelen |
58f79a |
#ifndef DEFAULT_PKCS11_WHITELIST
|
|
Jakub Jelen |
58f79a |
-# define DEFAULT_PKCS11_WHITELIST "/usr/lib/*,/usr/local/lib/*"
|
|
Jakub Jelen |
58f79a |
+# define DEFAULT_PKCS11_WHITELIST "/usr/lib*/*,/usr/local/lib*/*"
|
|
Jakub Jelen |
58f79a |
#endif
|
|
Jakub Jelen |
58f79a |
|
|
Jakub Jelen |
58f79a |
typedef enum {
|