New upstream release (7.4p1).

1 files changed, 12 insertions, 26 deletions

diff --git a/debian/patches/auth-log-verbosity.patch b/debian/patches/auth-log-verbosity.patch
index 7abed3704..55c5e84ff 100644
--- a/debian/patches/auth-log-verbosity.patch
+++ b/debian/patches/auth-log-verbosity.patch
@@ -1,4 +1,4 @@
-From b4b79ae5a16f73426b54c6394a29b2b49da4dc16 Mon Sep 17 00:00:00 2001
+From 69e0307a3bc73d5d360c19aeb61133c126cf63bf Mon Sep 17 00:00:00 2001
 From: Colin Watson <cjwatson@debian.org>
 Date: Sun, 9 Feb 2014 16:10:02 +0000
 Subject: Quieten logs when multiple from= restrictions are used
@@ -11,12 +11,11 @@ Patch-Name: auth-log-verbosity.patch
 ---
  auth-options.c | 35 ++++++++++++++++++++++++++---------
  auth-options.h |  1 +
- auth-rsa.c     |  2 ++
  auth2-pubkey.c |  3 +++
- 4 files changed, 32 insertions(+), 9 deletions(-)
+ 3 files changed, 30 insertions(+), 9 deletions(-)
 
 diff --git a/auth-options.c b/auth-options.c
-index b399b91..a9d9a81 100644
+index 57b49f7f..7eb87b35 100644
 --- a/auth-options.c
 +++ b/auth-options.c
 @@ -59,9 +59,20 @@ int forced_tun_device = -1;
@@ -79,7 +78,7 @@ index b399b91..a9d9a81 100644
                                             "is not permitted to use this "
                                             "certificate for login.",
 diff --git a/auth-options.h b/auth-options.h
-index 34852e5..1653855 100644
+index 52cbb42a..82355276 100644
 --- a/auth-options.h
 +++ b/auth-options.h
 @@ -33,6 +33,7 @@ extern int forced_tun_device;
@@ -89,22 +88,9 @@ index 34852e5..1653855 100644
 +void   auth_start_parse_options(void);
  int    auth_parse_options(struct passwd *, char *, char *, u_long);
  void   auth_clear_options(void);
- int    auth_cert_options(struct sshkey *, struct passwd *);
-diff --git a/auth-rsa.c b/auth-rsa.c
-index cbd971b..4cf2163 100644
---- a/auth-rsa.c
-+++ b/auth-rsa.c
-@@ -181,6 +181,8 @@ rsa_key_allowed_in_file(struct passwd *pw, char *file,
-        if ((f = auth_openkeyfile(file, pw, options.strict_modes)) == NULL)
-                return 0;
- 
-+       auth_start_parse_options();
-+
-        /*
-         * Go though the accepted keys, looking for the current key.  If
-         * found, perform a challenge-response dialog to verify that the
+ int    auth_cert_options(struct sshkey *, struct passwd *, const char **);
 diff --git a/auth2-pubkey.c b/auth2-pubkey.c
-index 41b34ae..aace7ca 100644
+index 20f3309e..add77136 100644
 --- a/auth2-pubkey.c
 +++ b/auth2-pubkey.c
 @@ -566,6 +566,7 @@ process_principals(FILE *f, char *file, struct passwd *pw,
@@ -115,19 +101,19 @@ index 41b34ae..aace7ca 100644
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
                 /* Skip leading whitespace. */
                 for (cp = line; *cp == ' ' || *cp == '\t'; cp++)
-@@ -731,6 +732,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
+@@ -764,6 +765,7 @@ check_authkeys_file(FILE *f, char *file, Key* key, struct passwd *pw)
         found_key = 0;
  
         found = NULL;
 +       auth_start_parse_options();
         while (read_keyfile_line(f, file, line, sizeof(line), &linenum) != -1) {
-                char *cp, *key_options = NULL;
-                if (found != NULL)
-@@ -878,6 +880,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
+                char *cp, *key_options = NULL, *fp = NULL;
+                const char *reason = NULL;
+@@ -911,6 +913,7 @@ user_cert_trusted_ca(struct passwd *pw, Key *key)
         if (key_cert_check_authority(key, 0, 1,
             use_authorized_principals ? NULL : pw->pw_name, &reason) != 0)
                 goto fail_reason;
 +       auth_start_parse_options();
-        if (auth_cert_options(key, pw) != 0)
-                goto out;
+        if (auth_cert_options(key, pw, &reason) != 0)
+                goto fail_reason;