* New upstream release (LP: #535029).

  - After a transition period of about 10 years, this release disables SSH
    protocol 1 by default.  Clients and servers that need to use the
    legacy protocol must explicitly enable it in ssh_config / sshd_config
    or on the command-line.
  - Remove the libsectok/OpenSC-based smartcard code and add support for
    PKCS#11 tokens.  This support is enabled by default in the Debian
    packaging, since it now doesn't involve additional library
    dependencies (closes: #231472, LP: #16918).
  - Add support for certificate authentication of users and hosts using a
    new, minimal OpenSSH certificate format (closes: #482806).
  - Added a 'netcat mode' to ssh(1): "ssh -W host:port ...".
  - Add the ability to revoke keys in sshd(8) and ssh(1).  (For the Debian
    package, this overlaps with the key blacklisting facility added in
    openssh 1:4.7p1-9, but with different file formats and slightly
    different scopes; for the moment, I've roughly merged the two.)
  - Various multiplexing improvements, including support for requesting
    port-forwardings via the multiplex protocol (closes: #360151).
  - Allow setting an explicit umask on the sftp-server(8) commandline to
    override whatever default the user has (closes: #496843).
  - Many sftp client improvements, including tab-completion, more options,
    and recursive transfer support for get/put (LP: #33378).  The old
    mget/mput commands never worked properly and have been removed
    (closes: #270399, #428082).
  - Do not prompt for a passphrase if we fail to open a keyfile, and log
    the reason why the open failed to debug (closes: #431538).
  - Prevent sftp from crashing when given a "-" without a command.  Also,
    allow whitespace to follow a "-" (closes: #531561).

1 files changed, 3 insertions, 17 deletions

diff --git a/monitor.c b/monitor.c
index cd2ca4057..a1f4a2e05 100644
--- a/monitor.c
+++ b/monitor.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: monitor.c,v 1.104 2009/06/12 20:43:22 andreas Exp $ */
+/* $OpenBSD: monitor.c,v 1.106 2010/03/07 11:57:13 dtucker Exp $ */
 /*
  * Copyright 2002 Niels Provos <provos@citi.umich.edu>
  * Copyright 2002 Markus Friedl <markus@openbsd.org>
@@ -1040,17 +1040,6 @@ mm_answer_pam_free_ctx(int sock, Buffer *m)
 }
 #endif
 
-static void
-mm_append_debug(Buffer *m)
-{
-        if (auth_debug_init && buffer_len(&auth_debug)) {
-                debug3("%s: Appending debug messages for child", __func__);
-                buffer_append(m, buffer_ptr(&auth_debug),
-                    buffer_len(&auth_debug));
-                buffer_clear(&auth_debug);
-        }
-}
-
 int
 mm_answer_keyallowed(int sock, Buffer *m)
 {
@@ -1133,8 +1122,6 @@ mm_answer_keyallowed(int sock, Buffer *m)
         buffer_put_int(m, allowed);
         buffer_put_int(m, forced_command != NULL);
 
-        mm_append_debug(m);
-
         mm_request_send(sock, MONITOR_ANS_KEYALLOWED, m);
 
         if (type == MM_RSAHOSTKEY)
@@ -1518,8 +1505,6 @@ mm_answer_rsa_keyallowed(int sock, Buffer *m)
         if (key != NULL)
                 key_free(key);
 
-        mm_append_debug(m);
-
         mm_request_send(sock, MONITOR_ANS_RSAKEYALLOWED, m);
 
         monitor_permit(mon_dispatch, MONITOR_REQ_RSACHALLENGE, allowed);
@@ -1771,7 +1756,8 @@ mm_get_kex(Buffer *m)
         kex->flags = buffer_get_int(m);
         kex->client_version_string = buffer_get_string(m, NULL);
         kex->server_version_string = buffer_get_string(m, NULL);
-        kex->load_host_key=&get_hostkey_by_type;
+        kex->load_host_public_key=&get_hostkey_public_by_type;
+        kex->load_host_private_key=&get_hostkey_private_by_type;
         kex->host_key_index=&get_hostkey_index;
 
         return (kex);