summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorColin Watson <cjwatson@debian.org>2013-05-16 13:50:50 +0100
committerColin Watson <cjwatson@debian.org>2013-05-16 13:50:50 +0100
commit328b60656f29db6306994d7498dede386ec2d1c3 (patch)
tree7d3a4fd1eb06c355e7122b89b408b51b0b9b6c9b
parent91c1846f2f94bc944f5e8f53b9903cb59ca42adc (diff)
parent79524838f0d5eb1cdf9fc268ec4c0bce46ccb67f (diff)
merge 6.2p2
-rw-r--r--ChangeLog42
-rw-r--r--README4
-rw-r--r--contrib/caldera/openssh.spec4
-rw-r--r--contrib/redhat/openssh.spec2
-rw-r--r--contrib/ssh-copy-id9
-rw-r--r--contrib/suse/openssh.spec2
-rw-r--r--krl.c2
-rw-r--r--openbsd-compat/bsd-cygwin_util.c11
-rw-r--r--openbsd-compat/bsd-cygwin_util.h17
-rw-r--r--packet.c8
-rw-r--r--readconf.c64
-rw-r--r--readconf.h10
-rw-r--r--ssh.c20
-rw-r--r--sshconnect.c9
-rw-r--r--sshconnect2.c4
-rw-r--r--version.h2
16 files changed, 136 insertions, 74 deletions
diff --git a/ChangeLog b/ChangeLog
index dbd8b0aa9..f5e2df0d0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,45 @@
120130516
2 - (djm) [contrib/ssh-copy-id] Fix bug that could cause "rm *" to be
3 executed if mktemp failed; bz#2105 ok dtucker@
4 - (djm) Release 6.2p2
5
620130510
7 - (djm) OpenBSD CVS Cherrypick
8 - djm@cvs.openbsd.org 2013/04/11 02:27:50
9 [packet.c]
10 quiet disconnect notifications on the server from error() back to logit()
11 if it is a normal client closure; bz#2057 ok+feedback dtucker@
12 - (djm) [version.h contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
13 [contrib/suse/openssh.spec] Crank version numbers for release.
14 - (djm) [README] Update release notes URL
15
1620130404
17 - (dtucker) OpenBSD CVS Sync
18 - dtucker@cvs.openbsd.org 2013/02/17 23:16:57
19 [readconf.c ssh.c readconf.h sshconnect2.c]
20 Keep track of which IndentityFile options were manually supplied and which
21 were default options, and don't warn if the latter are missing.
22 ok markus@
23 - dtucker@cvs.openbsd.org 2013/02/19 02:12:47
24 [krl.c]
25 Remove bogus include. ok djm
26 - dtucker@cvs.openbsd.org 2013/02/22 04:45:09
27 [ssh.c readconf.c readconf.h]
28 Don't complain if IdentityFiles specified in system-wide configs are
29 missing. ok djm, deraadt.
30 - markus@cvs.openbsd.org 2013/02/22 19:13:56
31 [sshconnect.c]
32 support ProxyCommand=- (stdin/out already point to the proxy); ok djm@
33 - djm@cvs.openbsd.org 2013/02/22 22:09:01
34 [ssh.c]
35 Allow IdenityFile=none; ok markus deraadt (and dtucker for an earlier
36 version)
37
3820130401
39 - (dtucker) [openbsd-compat/bsd-cygwin_util.{c,h}] Don't include windows.h
40 to avoid conflicting definitions of __int64, adding the required bits.
41 Patch from Corinna Vinschen.
42
120120322 4320120322
2 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil 44 - (djm) [contrib/ssh-copy-id contrib/ssh-copy-id.1] Updated to Phil
3 Hands' greatly revised version. 45 Hands' greatly revised version.
diff --git a/README b/README
index 21dc6e1f7..52bb657d6 100644
--- a/README
+++ b/README
@@ -1,4 +1,4 @@
1See http://www.openssh.com/txt/release-6.2 for the release notes. 1See http://www.openssh.com/txt/release-6.2p2 for the release notes.
2 2
3- A Japanese translation of this document and of the OpenSSH FAQ is 3- A Japanese translation of this document and of the OpenSSH FAQ is
4- available at http://www.unixuser.org/~haruyama/security/openssh/index.html 4- available at http://www.unixuser.org/~haruyama/security/openssh/index.html
@@ -62,4 +62,4 @@ References -
62[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9 62[6] http://www.openbsd.org/cgi-bin/man.cgi?query=style&sektion=9
63[7] http://www.openssh.com/faq.html 63[7] http://www.openssh.com/faq.html
64 64
65$Id: README,v 1.82 2013/02/26 23:48:19 djm Exp $ 65$Id: README,v 1.82.2.1 2013/05/10 06:12:54 djm Exp $
diff --git a/contrib/caldera/openssh.spec b/contrib/caldera/openssh.spec
index 196bd7904..ca34bd23a 100644
--- a/contrib/caldera/openssh.spec
+++ b/contrib/caldera/openssh.spec
@@ -16,7 +16,7 @@
16 16
17#old cvs stuff. please update before use. may be deprecated. 17#old cvs stuff. please update before use. may be deprecated.
18%define use_stable 1 18%define use_stable 1
19%define version 6.2p1 19%define version 6.2p2
20%if %{use_stable} 20%if %{use_stable}
21 %define cvs %{nil} 21 %define cvs %{nil}
22 %define release 1 22 %define release 1
@@ -363,4 +363,4 @@ fi
363* Mon Jan 01 1998 ... 363* Mon Jan 01 1998 ...
364Template Version: 1.31 364Template Version: 1.31
365 365
366$Id: openssh.spec,v 1.79 2013/02/26 23:48:20 djm Exp $ 366$Id: openssh.spec,v 1.79.2.1 2013/05/10 06:02:21 djm Exp $
diff --git a/contrib/redhat/openssh.spec b/contrib/redhat/openssh.spec
index 3898c6c99..cd5378ed2 100644
--- a/contrib/redhat/openssh.spec
+++ b/contrib/redhat/openssh.spec
@@ -1,4 +1,4 @@
1%define ver 6.2p1 1%define ver 6.2p2
2%define rel 1 2%define rel 1
3 3
4# OpenSSH privilege separation requires a user & group ID 4# OpenSSH privilege separation requires a user & group ID
diff --git a/contrib/ssh-copy-id b/contrib/ssh-copy-id
index af18a1929..9f2817b6b 100644
--- a/contrib/ssh-copy-id
+++ b/contrib/ssh-copy-id
@@ -165,6 +165,9 @@ done
165 165
166eval set -- "$SAVEARGS" 166eval set -- "$SAVEARGS"
167 167
168if [ $# == 0 ] ; then
169 usage
170fi
168if [ $# != 1 ] ; then 171if [ $# != 1 ] ; then
169 printf '%s: ERROR: Too many arguments. Expecting a target hostname, got: %s\n\n' "$0" "$SAVEARGS" >&2 172 printf '%s: ERROR: Too many arguments. Expecting a target hostname, got: %s\n\n' "$0" "$SAVEARGS" >&2
170 usage 173 usage
@@ -196,7 +199,11 @@ populate_new_ids() {
196 199
197 umask 0177 200 umask 0177
198 local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX) 201 local L_TMP_ID_FILE=$(mktemp ~/.ssh/ssh-copy-id_id.XXXXXXXXXX)
199 trap "rm -f $L_TMP_ID_FILE*" EXIT TERM INT QUIT 202 if test $? -ne 0 || test "x$L_TMP_ID_FILE" = "x" ; then
203 echo "mktemp failed" 1>&2
204 exit 1
205 fi
206 trap "rm -f $L_TMP_ID_FILE ${L_TMP_ID_FILE}.pub" EXIT TERM INT QUIT
200 printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2 207 printf '%s: INFO: attempting to log in with the new key(s), to filter out any that are already installed\n' "$0" >&2
201 NEW_IDS=$( 208 NEW_IDS=$(
202 eval $GET_ID | { 209 eval $GET_ID | {
diff --git a/contrib/suse/openssh.spec b/contrib/suse/openssh.spec
index 960feae07..bb9e50bd9 100644
--- a/contrib/suse/openssh.spec
+++ b/contrib/suse/openssh.spec
@@ -13,7 +13,7 @@
13 13
14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation 14Summary: OpenSSH, a free Secure Shell (SSH) protocol implementation
15Name: openssh 15Name: openssh
16Version: 6.2p1 16Version: 6.2p2
17URL: http://www.openssh.com/ 17URL: http://www.openssh.com/
18Release: 1 18Release: 1
19Source0: openssh-%{version}.tar.gz 19Source0: openssh-%{version}.tar.gz
diff --git a/krl.c b/krl.c
index 5a6bd14aa..0d9bb5411 100644
--- a/krl.c
+++ b/krl.c
@@ -14,7 +14,7 @@
14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 14 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
15 */ 15 */
16 16
17/* $OpenBSD: krl.c,v 1.9 2013/01/27 10:06:12 djm Exp $ */ 17/* $OpenBSD: krl.c,v 1.10 2013/02/19 02:12:47 dtucker Exp $ */
18 18
19#include "includes.h" 19#include "includes.h"
20 20
diff --git a/openbsd-compat/bsd-cygwin_util.c b/openbsd-compat/bsd-cygwin_util.c
index 6befc016f..d3d2d913a 100644
--- a/openbsd-compat/bsd-cygwin_util.c
+++ b/openbsd-compat/bsd-cygwin_util.c
@@ -1,5 +1,5 @@
1/* 1/*
2 * Copyright (c) 2000, 2001, 2011 Corinna Vinschen <vinschen@redhat.com> 2 * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen@redhat.com>
3 * 3 *
4 * Redistribution and use in source and binary forms, with or without 4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions 5 * modification, are permitted provided that the following conditions
@@ -27,20 +27,15 @@
27 * binary mode on Windows systems. 27 * binary mode on Windows systems.
28 */ 28 */
29 29
30#define NO_BINARY_OPEN /* Avoid redefining open to binary_open for this file */
30#include "includes.h" 31#include "includes.h"
31 32
32#ifdef HAVE_CYGWIN 33#ifdef HAVE_CYGWIN
33 34
34#if defined(open) && open == binary_open
35# undef open
36#endif
37
38#include <sys/types.h> 35#include <sys/types.h>
39
40#include <fcntl.h> 36#include <fcntl.h>
41#include <stdlib.h> 37#include <string.h>
42#include <unistd.h> 38#include <unistd.h>
43#include <windows.h>
44 39
45#include "xmalloc.h" 40#include "xmalloc.h"
46 41
diff --git a/openbsd-compat/bsd-cygwin_util.h b/openbsd-compat/bsd-cygwin_util.h
index b4bcd04b7..6061a6b01 100644
--- a/openbsd-compat/bsd-cygwin_util.h
+++ b/openbsd-compat/bsd-cygwin_util.h
@@ -1,7 +1,7 @@
1/* $Id: bsd-cygwin_util.h,v 1.15 2012/08/28 09:57:19 dtucker Exp $ */ 1/* $Id: bsd-cygwin_util.h,v 1.15.4.1 2013/04/04 23:53:31 dtucker Exp $ */
2 2
3/* 3/*
4 * Copyright (c) 2000, 2001, 2011 Corinna Vinschen <vinschen@redhat.com> 4 * Copyright (c) 2000, 2001, 2011, 2013 Corinna Vinschen <vinschen@redhat.com>
5 * 5 *
6 * Redistribution and use in source and binary forms, with or without 6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions 7 * modification, are permitted provided that the following conditions
@@ -36,24 +36,21 @@
36 36
37#undef ERROR 37#undef ERROR
38 38
39#define WIN32_LEAN_AND_MEAN 39/* Avoid including windows headers. */
40typedef void *HANDLE;
41#define INVALID_HANDLE_VALUE ((HANDLE) -1)
40 42
41#include <windows.h>
42#include <sys/cygwin.h> 43#include <sys/cygwin.h>
43#include <io.h> 44#include <io.h>
44 45
45/* Make sure _WIN32 isn't defined later in the code, otherwise headers from
46 other packages might get the wrong idea about the target system. */
47#ifdef _WIN32
48#undef _WIN32
49#endif
50
51int binary_open(const char *, int , ...); 46int binary_open(const char *, int , ...);
52int check_ntsec(const char *); 47int check_ntsec(const char *);
53char **fetch_windows_environment(void); 48char **fetch_windows_environment(void);
54void free_windows_environment(char **); 49void free_windows_environment(char **);
55 50
51#ifndef NO_BINARY_OPEN
56#define open binary_open 52#define open binary_open
53#endif
57 54
58#endif /* HAVE_CYGWIN */ 55#endif /* HAVE_CYGWIN */
59 56
diff --git a/packet.c b/packet.c
index 9326ddea6..3e835d360 100644
--- a/packet.c
+++ b/packet.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: packet.c,v 1.181 2013/02/10 23:35:24 djm Exp $ */ 1/* $OpenBSD: packet.c,v 1.182 2013/04/11 02:27:50 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -1460,7 +1460,11 @@ packet_read_poll_seqnr(u_int32_t *seqnr_p)
1460 case SSH2_MSG_DISCONNECT: 1460 case SSH2_MSG_DISCONNECT:
1461 reason = packet_get_int(); 1461 reason = packet_get_int();
1462 msg = packet_get_string(NULL); 1462 msg = packet_get_string(NULL);
1463 error("Received disconnect from %s: %u: %.400s", 1463 /* Ignore normal client exit notifications */
1464 do_log2(active_state->server_side &&
1465 reason == SSH2_DISCONNECT_BY_APPLICATION ?
1466 SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR,
1467 "Received disconnect from %s: %u: %.400s",
1464 get_remote_ipaddr(), reason, msg); 1468 get_remote_ipaddr(), reason, msg);
1465 xfree(msg); 1469 xfree(msg);
1466 cleanup_exit(255); 1470 cleanup_exit(255);
diff --git a/readconf.c b/readconf.c
index 99c04a9de..375ca32cc 100644
--- a/readconf.c
+++ b/readconf.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.c,v 1.194 2011/09/23 07:45:05 markus Exp $ */ 1/* $OpenBSD: readconf.c,v 1.196 2013/02/22 04:45:08 dtucker Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -337,6 +337,26 @@ clear_forwardings(Options *options)
337 options->tun_open = SSH_TUNMODE_NO; 337 options->tun_open = SSH_TUNMODE_NO;
338} 338}
339 339
340void
341add_identity_file(Options *options, const char *dir, const char *filename,
342 int userprovided)
343{
344 char *path;
345
346 if (options->num_identity_files >= SSH_MAX_IDENTITY_FILES)
347 fatal("Too many identity files specified (max %d)",
348 SSH_MAX_IDENTITY_FILES);
349
350 if (dir == NULL) /* no dir, filename is absolute */
351 path = xstrdup(filename);
352 else
353 (void)xasprintf(&path, "%.100s%.100s", dir, filename);
354
355 options->identity_file_userprovided[options->num_identity_files] =
356 userprovided;
357 options->identity_files[options->num_identity_files++] = path;
358}
359
340/* 360/*
341 * Returns the number of the token pointed to by cp or oBadOption. 361 * Returns the number of the token pointed to by cp or oBadOption.
342 */ 362 */
@@ -364,7 +384,7 @@ parse_token(const char *cp, const char *filename, int linenum)
364int 384int
365process_config_line(Options *options, const char *host, 385process_config_line(Options *options, const char *host,
366 char *line, const char *filename, int linenum, 386 char *line, const char *filename, int linenum,
367 int *activep) 387 int *activep, int userconfig)
368{ 388{
369 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2; 389 char *s, **charptr, *endofnumber, *keyword, *arg, *arg2;
370 char **cpptr, fwdarg[256]; 390 char **cpptr, fwdarg[256];
@@ -617,9 +637,7 @@ parse_yesnoask:
617 if (*intptr >= SSH_MAX_IDENTITY_FILES) 637 if (*intptr >= SSH_MAX_IDENTITY_FILES)
618 fatal("%.200s line %d: Too many identity files specified (max %d).", 638 fatal("%.200s line %d: Too many identity files specified (max %d).",
619 filename, linenum, SSH_MAX_IDENTITY_FILES); 639 filename, linenum, SSH_MAX_IDENTITY_FILES);
620 charptr = &options->identity_files[*intptr]; 640 add_identity_file(options, NULL, arg, userconfig);
621 *charptr = xstrdup(arg);
622 *intptr = *intptr + 1;
623 } 641 }
624 break; 642 break;
625 643
@@ -1106,7 +1124,7 @@ parse_int:
1106 1124
1107int 1125int
1108read_config_file(const char *filename, const char *host, Options *options, 1126read_config_file(const char *filename, const char *host, Options *options,
1109 int checkperm) 1127 int flags)
1110{ 1128{
1111 FILE *f; 1129 FILE *f;
1112 char line[1024]; 1130 char line[1024];
@@ -1116,7 +1134,7 @@ read_config_file(const char *filename, const char *host, Options *options,
1116 if ((f = fopen(filename, "r")) == NULL) 1134 if ((f = fopen(filename, "r")) == NULL)
1117 return 0; 1135 return 0;
1118 1136
1119 if (checkperm) { 1137 if (flags & SSHCONF_CHECKPERM) {
1120 struct stat sb; 1138 struct stat sb;
1121 1139
1122 if (fstat(fileno(f), &sb) == -1) 1140 if (fstat(fileno(f), &sb) == -1)
@@ -1137,7 +1155,8 @@ read_config_file(const char *filename, const char *host, Options *options,
1137 while (fgets(line, sizeof(line), f)) { 1155 while (fgets(line, sizeof(line), f)) {
1138 /* Update line number counter. */ 1156 /* Update line number counter. */
1139 linenum++; 1157 linenum++;
1140 if (process_config_line(options, host, line, filename, linenum, &active) != 0) 1158 if (process_config_line(options, host, line, filename, linenum,
1159 &active, flags & SSHCONF_USERCONF) != 0)
1141 bad_options++; 1160 bad_options++;
1142 } 1161 }
1143 fclose(f); 1162 fclose(f);
@@ -1322,30 +1341,17 @@ fill_default_options(Options * options)
1322 options->protocol = SSH_PROTO_2; 1341 options->protocol = SSH_PROTO_2;
1323 if (options->num_identity_files == 0) { 1342 if (options->num_identity_files == 0) {
1324 if (options->protocol & SSH_PROTO_1) { 1343 if (options->protocol & SSH_PROTO_1) {
1325 len = 2 + strlen(_PATH_SSH_CLIENT_IDENTITY) + 1; 1344 add_identity_file(options, "~/",
1326 options->identity_files[options->num_identity_files] = 1345 _PATH_SSH_CLIENT_IDENTITY, 0);
1327 xmalloc(len);
1328 snprintf(options->identity_files[options->num_identity_files++],
1329 len, "~/%.100s", _PATH_SSH_CLIENT_IDENTITY);
1330 } 1346 }
1331 if (options->protocol & SSH_PROTO_2) { 1347 if (options->protocol & SSH_PROTO_2) {
1332 len = 2 + strlen(_PATH_SSH_CLIENT_ID_RSA) + 1; 1348 add_identity_file(options, "~/",
1333 options->identity_files[options->num_identity_files] = 1349 _PATH_SSH_CLIENT_ID_RSA, 0);
1334 xmalloc(len); 1350 add_identity_file(options, "~/",
1335 snprintf(options->identity_files[options->num_identity_files++], 1351 _PATH_SSH_CLIENT_ID_DSA, 0);
1336 len, "~/%.100s", _PATH_SSH_CLIENT_ID_RSA);
1337
1338 len = 2 + strlen(_PATH_SSH_CLIENT_ID_DSA) + 1;
1339 options->identity_files[options->num_identity_files] =
1340 xmalloc(len);
1341 snprintf(options->identity_files[options->num_identity_files++],
1342 len, "~/%.100s", _PATH_SSH_CLIENT_ID_DSA);
1343#ifdef OPENSSL_HAS_ECC 1352#ifdef OPENSSL_HAS_ECC
1344 len = 2 + strlen(_PATH_SSH_CLIENT_ID_ECDSA) + 1; 1353 add_identity_file(options, "~/",
1345 options->identity_files[options->num_identity_files] = 1354 _PATH_SSH_CLIENT_ID_ECDSA, 0);
1346 xmalloc(len);
1347 snprintf(options->identity_files[options->num_identity_files++],
1348 len, "~/%.100s", _PATH_SSH_CLIENT_ID_ECDSA);
1349#endif 1355#endif
1350 } 1356 }
1351 } 1357 }
diff --git a/readconf.h b/readconf.h
index 41f1befae..0835cb671 100644
--- a/readconf.h
+++ b/readconf.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: readconf.h,v 1.91 2011/09/23 07:45:05 markus Exp $ */ 1/* $OpenBSD: readconf.h,v 1.93 2013/02/22 04:45:09 dtucker Exp $ */
2 2
3/* 3/*
4 * Author: Tatu Ylonen <ylo@cs.hut.fi> 4 * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -101,6 +101,7 @@ typedef struct {
101 101
102 int num_identity_files; /* Number of files for RSA/DSA identities. */ 102 int num_identity_files; /* Number of files for RSA/DSA identities. */
103 char *identity_files[SSH_MAX_IDENTITY_FILES]; 103 char *identity_files[SSH_MAX_IDENTITY_FILES];
104 int identity_file_userprovided[SSH_MAX_IDENTITY_FILES];
104 Key *identity_keys[SSH_MAX_IDENTITY_FILES]; 105 Key *identity_keys[SSH_MAX_IDENTITY_FILES];
105 106
106 /* Local TCP/IP forward requests. */ 107 /* Local TCP/IP forward requests. */
@@ -153,15 +154,20 @@ typedef struct {
153#define REQUEST_TTY_YES 2 154#define REQUEST_TTY_YES 2
154#define REQUEST_TTY_FORCE 3 155#define REQUEST_TTY_FORCE 3
155 156
157#define SSHCONF_CHECKPERM 1 /* check permissions on config file */
158#define SSHCONF_USERCONF 2 /* user provided config file not system */
159
156void initialize_options(Options *); 160void initialize_options(Options *);
157void fill_default_options(Options *); 161void fill_default_options(Options *);
158int read_config_file(const char *, const char *, Options *, int); 162int read_config_file(const char *, const char *, Options *, int);
159int parse_forward(Forward *, const char *, int, int); 163int parse_forward(Forward *, const char *, int, int);
160 164
161int 165int
162process_config_line(Options *, const char *, char *, const char *, int, int *); 166process_config_line(Options *, const char *, char *, const char *, int, int *,
167 int);
163 168
164void add_local_forward(Options *, const Forward *); 169void add_local_forward(Options *, const Forward *);
165void add_remote_forward(Options *, const Forward *); 170void add_remote_forward(Options *, const Forward *);
171void add_identity_file(Options *, const char *, const char *, int);
166 172
167#endif /* READCONF_H */ 173#endif /* READCONF_H */
diff --git a/ssh.c b/ssh.c
index 3f61eb028..5ec89f2cc 100644
--- a/ssh.c
+++ b/ssh.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: ssh.c,v 1.370 2012/07/06 01:47:38 djm Exp $ */ 1/* $OpenBSD: ssh.c,v 1.373 2013/02/22 22:09:01 djm Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -405,12 +405,7 @@ main(int ac, char **av)
405 strerror(errno)); 405 strerror(errno));
406 break; 406 break;
407 } 407 }
408 if (options.num_identity_files >= 408 add_identity_file(&options, NULL, optarg, 1);
409 SSH_MAX_IDENTITY_FILES)
410 fatal("Too many identity files specified "
411 "(max %d)", SSH_MAX_IDENTITY_FILES);
412 options.identity_files[options.num_identity_files++] =
413 xstrdup(optarg);
414 break; 409 break;
415 case 'I': 410 case 'I':
416#ifdef ENABLE_PKCS11 411#ifdef ENABLE_PKCS11
@@ -584,7 +579,8 @@ main(int ac, char **av)
584 dummy = 1; 579 dummy = 1;
585 line = xstrdup(optarg); 580 line = xstrdup(optarg);
586 if (process_config_line(&options, host ? host : "", 581 if (process_config_line(&options, host ? host : "",
587 line, "command-line", 0, &dummy) != 0) 582 line, "command-line", 0, &dummy, SSHCONF_USERCONF)
583 != 0)
588 exit(255); 584 exit(255);
589 xfree(line); 585 xfree(line);
590 break; 586 break;
@@ -678,14 +674,15 @@ main(int ac, char **av)
678 * file if the user specifies a config file on the command line. 674 * file if the user specifies a config file on the command line.
679 */ 675 */
680 if (config != NULL) { 676 if (config != NULL) {
681 if (!read_config_file(config, host, &options, 0)) 677 if (!read_config_file(config, host, &options, SSHCONF_USERCONF))
682 fatal("Can't open user config file %.100s: " 678 fatal("Can't open user config file %.100s: "
683 "%.100s", config, strerror(errno)); 679 "%.100s", config, strerror(errno));
684 } else { 680 } else {
685 r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir, 681 r = snprintf(buf, sizeof buf, "%s/%s", pw->pw_dir,
686 _PATH_SSH_USER_CONFFILE); 682 _PATH_SSH_USER_CONFFILE);
687 if (r > 0 && (size_t)r < sizeof(buf)) 683 if (r > 0 && (size_t)r < sizeof(buf))
688 (void)read_config_file(buf, host, &options, 1); 684 (void)read_config_file(buf, host, &options,
685 SSHCONF_CHECKPERM|SSHCONF_USERCONF);
689 686
690 /* Read systemwide configuration file after user config. */ 687 /* Read systemwide configuration file after user config. */
691 (void)read_config_file(_PATH_HOST_CONFIG_FILE, host, 688 (void)read_config_file(_PATH_HOST_CONFIG_FILE, host,
@@ -1539,7 +1536,8 @@ load_public_identity_files(void)
1539 fatal("load_public_identity_files: gethostname: %s", 1536 fatal("load_public_identity_files: gethostname: %s",
1540 strerror(errno)); 1537 strerror(errno));
1541 for (i = 0; i < options.num_identity_files; i++) { 1538 for (i = 0; i < options.num_identity_files; i++) {
1542 if (n_ids >= SSH_MAX_IDENTITY_FILES) { 1539 if (n_ids >= SSH_MAX_IDENTITY_FILES ||
1540 strcasecmp(options.identity_files[i], "none") == 0) {
1543 xfree(options.identity_files[i]); 1541 xfree(options.identity_files[i]);
1544 continue; 1542 continue;
1545 } 1543 }
diff --git a/sshconnect.c b/sshconnect.c
index 07800a65f..cf0711285 100644
--- a/sshconnect.c
+++ b/sshconnect.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect.c,v 1.236 2012/09/14 16:51:34 markus Exp $ */ 1/* $OpenBSD: sshconnect.c,v 1.237 2013/02/22 19:13:56 markus Exp $ */
2/* 2/*
3 * Author: Tatu Ylonen <ylo@cs.hut.fi> 3 * Author: Tatu Ylonen <ylo@cs.hut.fi>
4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland 4 * Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -89,6 +89,13 @@ ssh_proxy_connect(const char *host, u_short port, const char *proxy_command)
89 pid_t pid; 89 pid_t pid;
90 char *shell, strport[NI_MAXSERV]; 90 char *shell, strport[NI_MAXSERV];
91 91
92 if (!strcmp(proxy_command, "-")) {
93 packet_set_connection(STDIN_FILENO, STDOUT_FILENO);
94 packet_set_timeout(options.server_alive_interval,
95 options.server_alive_count_max);
96 return 0;
97 }
98
92 if ((shell = getenv("SHELL")) == NULL || *shell == '\0') 99 if ((shell = getenv("SHELL")) == NULL || *shell == '\0')
93 shell = _PATH_BSHELL; 100 shell = _PATH_BSHELL;
94 101
diff --git a/sshconnect2.c b/sshconnect2.c
index 8015b1bdf..1aa8523e1 100644
--- a/sshconnect2.c
+++ b/sshconnect2.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: sshconnect2.c,v 1.191 2013/02/15 00:21:01 dtucker Exp $ */ 1/* $OpenBSD: sshconnect2.c,v 1.192 2013/02/17 23:16:57 dtucker Exp $ */
2/* 2/*
3 * Copyright (c) 2000 Markus Friedl. All rights reserved. 3 * Copyright (c) 2000 Markus Friedl. All rights reserved.
4 * Copyright (c) 2008 Damien Miller. All rights reserved. 4 * Copyright (c) 2008 Damien Miller. All rights reserved.
@@ -1500,7 +1500,7 @@ pubkey_prepare(Authctxt *authctxt)
1500 id = xcalloc(1, sizeof(*id)); 1500 id = xcalloc(1, sizeof(*id));
1501 id->key = key; 1501 id->key = key;
1502 id->filename = xstrdup(options.identity_files[i]); 1502 id->filename = xstrdup(options.identity_files[i]);
1503 id->userprovided = 1; 1503 id->userprovided = options.identity_file_userprovided[i];
1504 TAILQ_INSERT_TAIL(&files, id, next); 1504 TAILQ_INSERT_TAIL(&files, id, next);
1505 } 1505 }
1506 /* Prefer PKCS11 keys that are explicitly listed */ 1506 /* Prefer PKCS11 keys that are explicitly listed */
diff --git a/version.h b/version.h
index 784f707a6..8f64c4629 100644
--- a/version.h
+++ b/version.h
@@ -2,5 +2,5 @@
2 2
3#define SSH_VERSION "OpenSSH_6.2" 3#define SSH_VERSION "OpenSSH_6.2"
4 4
5#define SSH_PORTABLE "p1" 5#define SSH_PORTABLE "p2"
6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE 6#define SSH_RELEASE SSH_VERSION SSH_PORTABLE