diff options
| author | Colin Watson <cjwatson@debian.org> | 2013-05-07 11:47:26 +0100 |
|---|---|---|
| committer | Colin Watson <cjwatson@debian.org> | 2013-05-07 11:47:26 +0100 |
| commit | 2ea3f720daeb1ca9f765365fce3a9546961fe624 (patch) | |
| tree | c4fb7d1f51fa51e7677232de806aae150e29e2ac /debian/patches/ssh-vulnkey.patch | |
| parent | f5efcd3450bbf8261915e0c4a6f851229dddaa79 (diff) | |
| parent | ecebda56da46a03dafff923d91c382f31faa9eec (diff) | |
* New upstream release (http://www.openssh.com/txt/release-6.2).
- Add support for multiple required authentication in SSH protocol 2 via
an AuthenticationMethods option (closes: #195716).
- Fix Sophie Germain formula in moduli(5) (closes: #698612).
- Update ssh-copy-id to Phil Hands' greatly revised version (closes:
#99785, #322228, #620428; LP: #518883, #835901, #1074798).
Diffstat (limited to 'debian/patches/ssh-vulnkey.patch')
| -rw-r--r-- | debian/patches/ssh-vulnkey.patch | 74 |
1 files changed, 38 insertions, 36 deletions
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch index c13cb3412..b7531cce0 100644 --- a/debian/patches/ssh-vulnkey.patch +++ b/debian/patches/ssh-vulnkey.patch | |||
| @@ -8,7 +8,7 @@ Description: Reject vulnerable keys to mitigate Debian OpenSSL flaw | |||
| 8 | See CVE-2008-0166. | 8 | See CVE-2008-0166. |
| 9 | Author: Colin Watson <cjwatson@ubuntu.com> | 9 | Author: Colin Watson <cjwatson@ubuntu.com> |
| 10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469 | 10 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1469 |
| 11 | Last-Update: 2010-02-27 | 11 | Last-Update: 2013-05-07 |
| 12 | 12 | ||
| 13 | Index: b/Makefile.in | 13 | Index: b/Makefile.in |
| 14 | =================================================================== | 14 | =================================================================== |
| @@ -22,24 +22,26 @@ Index: b/Makefile.in | |||
| 22 | PRIVSEP_PATH=@PRIVSEP_PATH@ | 22 | PRIVSEP_PATH=@PRIVSEP_PATH@ |
| 23 | SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ | 23 | SSH_PRIVSEP_USER=@SSH_PRIVSEP_USER@ |
| 24 | STRIP_OPT=@STRIP_OPT@ | 24 | STRIP_OPT=@STRIP_OPT@ |
| 25 | @@ -38,6 +39,7 @@ | 25 | @@ -37,7 +38,8 @@ |
| 26 | -D_PATH_SSH_KEY_SIGN=\"$(SSH_KEYSIGN)\" \ | ||
| 26 | -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \ | 27 | -D_PATH_SSH_PKCS11_HELPER=\"$(SSH_PKCS11_HELPER)\" \ |
| 27 | -D_PATH_SSH_PIDDIR=\"$(piddir)\" \ | 28 | -D_PATH_SSH_PIDDIR=\"$(piddir)\" \ |
| 28 | -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \ | 29 | - -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" |
| 29 | + -D_PATH_SSH_DATADIR=\"$(SSH_DATADIR)\" \ | 30 | + -D_PATH_PRIVSEP_CHROOT_DIR=\"$(PRIVSEP_PATH)\" \ |
| 31 | + -D_PATH_SSH_DATADIR=\"$(SSH_DATADIR)\" | ||
| 30 | 32 | ||
| 31 | CC=@CC@ | 33 | CC=@CC@ |
| 32 | LD=@LD@ | 34 | LD=@LD@ |
| 33 | @@ -59,7 +61,7 @@ | 35 | @@ -61,7 +63,7 @@ |
| 34 | EXEEXT=@EXEEXT@ | 36 | EXEEXT=@EXEEXT@ |
| 35 | MANFMT=@MANFMT@ | 37 | MANFMT=@MANFMT@ |
| 36 | 38 | ||
| 37 | -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) | 39 | -TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) |
| 38 | +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-vulnkey$(EXEEXT) | 40 | +TARGETS=ssh$(EXEEXT) sshd$(EXEEXT) ssh-add$(EXEEXT) ssh-keygen$(EXEEXT) ssh-keyscan${EXEEXT} ssh-keysign${EXEEXT} ssh-pkcs11-helper$(EXEEXT) ssh-agent$(EXEEXT) scp$(EXEEXT) sftp-server$(EXEEXT) sftp$(EXEEXT) ssh-vulnkey$(EXEEXT) |
| 39 | 41 | ||
| 40 | LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \ | 42 | LIBSSH_OBJS=authfd.o authfile.o bufaux.o bufbn.o buffer.o \ |
| 41 | canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \ | 43 | canohost.o channels.o cipher.o cipher-aes.o \ |
| 42 | @@ -94,8 +96,8 @@ | 44 | @@ -96,8 +98,8 @@ |
| 43 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ | 45 | sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \ |
| 44 | sandbox-seccomp-filter.o | 46 | sandbox-seccomp-filter.o |
| 45 | 47 | ||
| @@ -50,7 +52,7 @@ Index: b/Makefile.in | |||
| 50 | MANTYPE = @MANTYPE@ | 52 | MANTYPE = @MANTYPE@ |
| 51 | 53 | ||
| 52 | CONFIGFILES=sshd_config.out ssh_config.out moduli.out | 54 | CONFIGFILES=sshd_config.out ssh_config.out moduli.out |
| 53 | @@ -172,6 +174,9 @@ | 55 | @@ -174,6 +176,9 @@ |
| 54 | sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o | 56 | sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o |
| 55 | $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) | 57 | $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT) |
| 56 | 58 | ||
| @@ -60,7 +62,7 @@ Index: b/Makefile.in | |||
| 60 | # test driver for the loginrec code - not built by default | 62 | # test driver for the loginrec code - not built by default |
| 61 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o | 63 | logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o |
| 62 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) | 64 | $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS) |
| 63 | @@ -260,6 +265,7 @@ | 65 | @@ -269,6 +274,7 @@ |
| 64 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) | 66 | $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT) |
| 65 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) | 67 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
| 66 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | 68 | $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
| @@ -68,7 +70,7 @@ Index: b/Makefile.in | |||
| 68 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 | 70 | $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1 |
| 69 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 | 71 | $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1 |
| 70 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 | 72 | $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1 |
| 71 | @@ -274,6 +280,7 @@ | 73 | @@ -283,6 +289,7 @@ |
| 72 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 | 74 | $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8 |
| 73 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 | 75 | $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8 |
| 74 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 | 76 | $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8 |
| @@ -76,7 +78,7 @@ Index: b/Makefile.in | |||
| 76 | -rm -f $(DESTDIR)$(bindir)/slogin | 78 | -rm -f $(DESTDIR)$(bindir)/slogin |
| 77 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin | 79 | ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin |
| 78 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 | 80 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1 |
| 79 | @@ -355,6 +362,7 @@ | 81 | @@ -364,6 +371,7 @@ |
| 80 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) | 82 | -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT) |
| 81 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) | 83 | -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT) |
| 82 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) | 84 | -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT) |
| @@ -84,7 +86,7 @@ Index: b/Makefile.in | |||
| 84 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) | 86 | -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT) |
| 85 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) | 87 | -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT) |
| 86 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) | 88 | -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT) |
| 87 | @@ -367,6 +375,7 @@ | 89 | @@ -376,6 +384,7 @@ |
| 88 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 | 90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1 |
| 89 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 | 91 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1 |
| 90 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 | 92 | -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1 |
| @@ -130,7 +132,7 @@ Index: b/auth.c | |||
| 130 | #include "auth.h" | 132 | #include "auth.h" |
| 131 | #include "auth-options.h" | 133 | #include "auth-options.h" |
| 132 | #include "canohost.h" | 134 | #include "canohost.h" |
| 133 | @@ -608,10 +609,34 @@ | 135 | @@ -635,10 +636,34 @@ |
| 134 | 136 | ||
| 135 | /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ | 137 | /* Returns 1 if key is revoked by revoked_keys_file, 0 otherwise */ |
| 136 | int | 138 | int |
| @@ -165,12 +167,12 @@ Index: b/auth.c | |||
| 165 | + | 167 | + |
| 166 | if (options.revoked_keys_file == NULL) | 168 | if (options.revoked_keys_file == NULL) |
| 167 | return 0; | 169 | return 0; |
| 168 | 170 | switch (ssh_krl_file_contains_key(options.revoked_keys_file, key)) { | |
| 169 | Index: b/auth.h | 171 | Index: b/auth.h |
| 170 | =================================================================== | 172 | =================================================================== |
| 171 | --- a/auth.h | 173 | --- a/auth.h |
| 172 | +++ b/auth.h | 174 | +++ b/auth.h |
| 173 | @@ -174,7 +174,7 @@ | 175 | @@ -185,7 +185,7 @@ |
| 174 | 176 | ||
| 175 | FILE *auth_openkeyfile(const char *, struct passwd *, int); | 177 | FILE *auth_openkeyfile(const char *, struct passwd *, int); |
| 176 | FILE *auth_openprincipals(const char *, struct passwd *, int); | 178 | FILE *auth_openprincipals(const char *, struct passwd *, int); |
| @@ -196,7 +198,7 @@ Index: b/auth2-pubkey.c | |||
| 196 | =================================================================== | 198 | =================================================================== |
| 197 | --- a/auth2-pubkey.c | 199 | --- a/auth2-pubkey.c |
| 198 | +++ b/auth2-pubkey.c | 200 | +++ b/auth2-pubkey.c |
| 199 | @@ -440,9 +440,10 @@ | 201 | @@ -608,9 +608,10 @@ |
| 200 | u_int success, i; | 202 | u_int success, i; |
| 201 | char *file; | 203 | char *file; |
| 202 | 204 | ||
| @@ -462,7 +464,7 @@ Index: b/servconf.c | |||
| 462 | =================================================================== | 464 | =================================================================== |
| 463 | --- a/servconf.c | 465 | --- a/servconf.c |
| 464 | +++ b/servconf.c | 466 | +++ b/servconf.c |
| 465 | @@ -107,6 +107,7 @@ | 467 | @@ -109,6 +109,7 @@ |
| 466 | options->password_authentication = -1; | 468 | options->password_authentication = -1; |
| 467 | options->kbd_interactive_authentication = -1; | 469 | options->kbd_interactive_authentication = -1; |
| 468 | options->challenge_response_authentication = -1; | 470 | options->challenge_response_authentication = -1; |
| @@ -470,7 +472,7 @@ Index: b/servconf.c | |||
| 470 | options->permit_empty_passwd = -1; | 472 | options->permit_empty_passwd = -1; |
| 471 | options->permit_user_env = -1; | 473 | options->permit_user_env = -1; |
| 472 | options->use_login = -1; | 474 | options->use_login = -1; |
| 473 | @@ -246,6 +247,8 @@ | 475 | @@ -250,6 +251,8 @@ |
| 474 | options->kbd_interactive_authentication = 0; | 476 | options->kbd_interactive_authentication = 0; |
| 475 | if (options->challenge_response_authentication == -1) | 477 | if (options->challenge_response_authentication == -1) |
| 476 | options->challenge_response_authentication = 1; | 478 | options->challenge_response_authentication = 1; |
| @@ -479,7 +481,7 @@ Index: b/servconf.c | |||
| 479 | if (options->permit_empty_passwd == -1) | 481 | if (options->permit_empty_passwd == -1) |
| 480 | options->permit_empty_passwd = 0; | 482 | options->permit_empty_passwd = 0; |
| 481 | if (options->permit_user_env == -1) | 483 | if (options->permit_user_env == -1) |
| 482 | @@ -323,7 +326,7 @@ | 484 | @@ -327,7 +330,7 @@ |
| 483 | sListenAddress, sAddressFamily, | 485 | sListenAddress, sAddressFamily, |
| 484 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, | 486 | sPrintMotd, sPrintLastLog, sIgnoreRhosts, |
| 485 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, | 487 | sX11Forwarding, sX11DisplayOffset, sX11UseLocalhost, |
| @@ -488,7 +490,7 @@ Index: b/servconf.c | |||
| 488 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, | 490 | sPermitUserEnvironment, sUseLogin, sAllowTcpForwarding, sCompression, |
| 489 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, | 491 | sAllowUsers, sDenyUsers, sAllowGroups, sDenyGroups, |
| 490 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, | 492 | sIgnoreUserKnownHosts, sCiphers, sMacs, sProtocol, sPidFile, |
| 491 | @@ -433,6 +436,7 @@ | 493 | @@ -439,6 +442,7 @@ |
| 492 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, | 494 | { "x11uselocalhost", sX11UseLocalhost, SSHCFG_ALL }, |
| 493 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, | 495 | { "xauthlocation", sXAuthLocation, SSHCFG_GLOBAL }, |
| 494 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, | 496 | { "strictmodes", sStrictModes, SSHCFG_GLOBAL }, |
| @@ -496,7 +498,7 @@ Index: b/servconf.c | |||
| 496 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, | 498 | { "permitemptypasswords", sEmptyPasswd, SSHCFG_ALL }, |
| 497 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, | 499 | { "permituserenvironment", sPermitUserEnvironment, SSHCFG_GLOBAL }, |
| 498 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, | 500 | { "uselogin", sUseLogin, SSHCFG_GLOBAL }, |
| 499 | @@ -1116,6 +1120,10 @@ | 501 | @@ -1134,6 +1138,10 @@ |
| 500 | intptr = &options->tcp_keep_alive; | 502 | intptr = &options->tcp_keep_alive; |
| 501 | goto parse_flag; | 503 | goto parse_flag; |
| 502 | 504 | ||
| @@ -507,7 +509,7 @@ Index: b/servconf.c | |||
| 507 | case sEmptyPasswd: | 509 | case sEmptyPasswd: |
| 508 | intptr = &options->permit_empty_passwd; | 510 | intptr = &options->permit_empty_passwd; |
| 509 | goto parse_flag; | 511 | goto parse_flag; |
| 510 | @@ -1921,6 +1929,7 @@ | 512 | @@ -1980,6 +1988,7 @@ |
| 511 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); | 513 | dump_cfg_fmtint(sX11UseLocalhost, o->x11_use_localhost); |
| 512 | dump_cfg_fmtint(sStrictModes, o->strict_modes); | 514 | dump_cfg_fmtint(sStrictModes, o->strict_modes); |
| 513 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); | 515 | dump_cfg_fmtint(sTCPKeepAlive, o->tcp_keep_alive); |
| @@ -519,7 +521,7 @@ Index: b/servconf.h | |||
| 519 | =================================================================== | 521 | =================================================================== |
| 520 | --- a/servconf.h | 522 | --- a/servconf.h |
| 521 | +++ b/servconf.h | 523 | +++ b/servconf.h |
| 522 | @@ -113,6 +113,7 @@ | 524 | @@ -120,6 +120,7 @@ |
| 523 | int challenge_response_authentication; | 525 | int challenge_response_authentication; |
| 524 | int zero_knowledge_password_authentication; | 526 | int zero_knowledge_password_authentication; |
| 525 | /* If true, permit jpake auth */ | 527 | /* If true, permit jpake auth */ |
| @@ -554,7 +556,7 @@ Index: b/ssh-add.c | |||
| 554 | =================================================================== | 556 | =================================================================== |
| 555 | --- a/ssh-add.c | 557 | --- a/ssh-add.c |
| 556 | +++ b/ssh-add.c | 558 | +++ b/ssh-add.c |
| 557 | @@ -142,7 +142,7 @@ | 559 | @@ -167,7 +167,7 @@ |
| 558 | add_file(AuthenticationConnection *ac, const char *filename, int key_only) | 560 | add_file(AuthenticationConnection *ac, const char *filename, int key_only) |
| 559 | { | 561 | { |
| 560 | Key *private, *cert; | 562 | Key *private, *cert; |
| @@ -563,7 +565,7 @@ Index: b/ssh-add.c | |||
| 563 | char msg[1024], *certpath = NULL; | 565 | char msg[1024], *certpath = NULL; |
| 564 | int fd, perms_ok, ret = -1; | 566 | int fd, perms_ok, ret = -1; |
| 565 | Buffer keyblob; | 567 | Buffer keyblob; |
| 566 | @@ -218,6 +218,14 @@ | 568 | @@ -243,6 +243,14 @@ |
| 567 | } else { | 569 | } else { |
| 568 | fprintf(stderr, "Could not add identity: %s\n", filename); | 570 | fprintf(stderr, "Could not add identity: %s\n", filename); |
| 569 | } | 571 | } |
| @@ -582,7 +584,7 @@ Index: b/ssh-keygen.1 | |||
| 582 | =================================================================== | 584 | =================================================================== |
| 583 | --- a/ssh-keygen.1 | 585 | --- a/ssh-keygen.1 |
| 584 | +++ b/ssh-keygen.1 | 586 | +++ b/ssh-keygen.1 |
| 585 | @@ -691,6 +691,7 @@ | 587 | @@ -810,6 +810,7 @@ |
| 586 | .Xr ssh 1 , | 588 | .Xr ssh 1 , |
| 587 | .Xr ssh-add 1 , | 589 | .Xr ssh-add 1 , |
| 588 | .Xr ssh-agent 1 , | 590 | .Xr ssh-agent 1 , |
| @@ -1233,7 +1235,7 @@ Index: b/ssh.1 | |||
| 1233 | =================================================================== | 1235 | =================================================================== |
| 1234 | --- a/ssh.1 | 1236 | --- a/ssh.1 |
| 1235 | +++ b/ssh.1 | 1237 | +++ b/ssh.1 |
| 1236 | @@ -1421,6 +1421,7 @@ | 1238 | @@ -1429,6 +1429,7 @@ |
| 1237 | .Xr ssh-agent 1 , | 1239 | .Xr ssh-agent 1 , |
| 1238 | .Xr ssh-keygen 1 , | 1240 | .Xr ssh-keygen 1 , |
| 1239 | .Xr ssh-keyscan 1 , | 1241 | .Xr ssh-keyscan 1 , |
| @@ -1281,7 +1283,7 @@ Index: b/ssh_config.5 | |||
| 1281 | =================================================================== | 1283 | =================================================================== |
| 1282 | --- a/ssh_config.5 | 1284 | --- a/ssh_config.5 |
| 1283 | +++ b/ssh_config.5 | 1285 | +++ b/ssh_config.5 |
| 1284 | @@ -1187,6 +1187,23 @@ | 1286 | @@ -1201,6 +1201,23 @@ |
| 1285 | .Dq any . | 1287 | .Dq any . |
| 1286 | The default is | 1288 | The default is |
| 1287 | .Dq any:any . | 1289 | .Dq any:any . |
| @@ -1309,24 +1311,24 @@ Index: b/sshconnect2.c | |||
| 1309 | =================================================================== | 1311 | =================================================================== |
| 1310 | --- a/sshconnect2.c | 1312 | --- a/sshconnect2.c |
| 1311 | +++ b/sshconnect2.c | 1313 | +++ b/sshconnect2.c |
| 1312 | @@ -1489,6 +1489,8 @@ | 1314 | @@ -1491,6 +1491,8 @@ |
| 1313 | 1315 | ||
| 1314 | /* list of keys stored in the filesystem */ | 1316 | /* list of keys stored in the filesystem and PKCS#11 */ |
| 1315 | for (i = 0; i < options.num_identity_files; i++) { | 1317 | for (i = 0; i < options.num_identity_files; i++) { |
| 1316 | + if (options.identity_files[i] == NULL) | 1318 | + if (options.identity_files[i] == NULL) |
| 1317 | + continue; | 1319 | + continue; |
| 1318 | key = options.identity_keys[i]; | 1320 | key = options.identity_keys[i]; |
| 1319 | if (key && key->type == KEY_RSA1) | 1321 | if (key && key->type == KEY_RSA1) |
| 1320 | continue; | 1322 | continue; |
| 1321 | @@ -1582,7 +1584,7 @@ | 1323 | @@ -1609,7 +1611,7 @@ |
| 1322 | debug("Offering %s public key: %s", key_type(id->key), | 1324 | debug("Offering %s public key: %s", key_type(id->key), |
| 1323 | id->filename); | 1325 | id->filename); |
| 1324 | sent = send_pubkey_test(authctxt, id); | 1326 | sent = send_pubkey_test(authctxt, id); |
| 1325 | - } else if (id->key == NULL) { | 1327 | - } else if (id->key == NULL) { |
| 1326 | + } else if (id->key == NULL && id->filename) { | 1328 | + } else if (id->key == NULL && id->filename) { |
| 1327 | debug("Trying private key: %s", id->filename); | 1329 | debug("Trying private key: %s", id->filename); |
| 1328 | id->key = load_identity_file(id->filename); | 1330 | id->key = load_identity_file(id->filename, |
| 1329 | if (id->key != NULL) { | 1331 | id->userprovided); |
| 1330 | Index: b/sshd.8 | 1332 | Index: b/sshd.8 |
| 1331 | =================================================================== | 1333 | =================================================================== |
| 1332 | --- a/sshd.8 | 1334 | --- a/sshd.8 |
| @@ -1343,7 +1345,7 @@ Index: b/sshd.c | |||
| 1343 | =================================================================== | 1345 | =================================================================== |
| 1344 | --- a/sshd.c | 1346 | --- a/sshd.c |
| 1345 | +++ b/sshd.c | 1347 | +++ b/sshd.c |
| 1346 | @@ -1593,6 +1593,11 @@ | 1348 | @@ -1631,6 +1631,11 @@ |
| 1347 | sensitive_data.host_keys[i] = NULL; | 1349 | sensitive_data.host_keys[i] = NULL; |
| 1348 | continue; | 1350 | continue; |
| 1349 | } | 1351 | } |
| @@ -1359,7 +1361,7 @@ Index: b/sshd_config.5 | |||
| 1359 | =================================================================== | 1361 | =================================================================== |
| 1360 | --- a/sshd_config.5 | 1362 | --- a/sshd_config.5 |
| 1361 | +++ b/sshd_config.5 | 1363 | +++ b/sshd_config.5 |
| 1362 | @@ -803,6 +803,20 @@ | 1364 | @@ -870,6 +870,20 @@ |
| 1363 | Specifies whether password authentication is allowed. | 1365 | Specifies whether password authentication is allowed. |
| 1364 | The default is | 1366 | The default is |
| 1365 | .Dq yes . | 1367 | .Dq yes . |