1 files changed, 24 insertions, 24 deletions
diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch
index 4245319c3..d60816d46 100644
--- a/debian/patches/ssh-vulnkey.patch
+++ b/debian/patches/ssh-vulnkey.patch
@@ -39,9 +39,9 @@ Index: b/Makefile.in
 
 LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
        canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
-@@ -93,8 +95,8 @@
+@@ -94,8 +96,8 @@
-        roaming_common.o roaming_serv.o \
+        sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
-        sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o
+        sandbox-seccomp-filter.o
 
 -MANPAGES       = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
 -MANPAGES_IN    = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@@ -50,7 +50,7 @@ Index: b/Makefile.in
 MANTYPE                = @MANTYPE@
 
 CONFIGFILES=sshd_config.out ssh_config.out moduli.out
-@@ -171,6 +173,9 @@
+@@ -172,6 +174,9 @@
 sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
        $(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
 
@@ -60,7 +60,7 @@ Index: b/Makefile.in
 # test driver for the loginrec code - not built by default
 logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
        $(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
-@@ -259,6 +264,7 @@
+@@ -260,6 +265,7 @@
        $(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
        $(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
        $(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
@@ -68,7 +68,7 @@ Index: b/Makefile.in
        $(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
        $(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
        $(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
-@@ -273,6 +279,7 @@
+@@ -274,6 +280,7 @@
        $(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
        $(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
        $(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
@@ -76,7 +76,7 @@ Index: b/Makefile.in
        -rm -f $(DESTDIR)$(bindir)/slogin
        ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
-@@ -354,6 +361,7 @@
+@@ -355,6 +362,7 @@
        -rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
        -rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
        -rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
@@ -84,7 +84,7 @@ Index: b/Makefile.in
        -rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
        -rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
        -rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
-@@ -366,6 +374,7 @@
+@@ -367,6 +375,7 @@
        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
        -rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
@@ -196,7 +196,7 @@ Index: b/auth2-pubkey.c
 ===================================================================
 --- a/auth2-pubkey.c
 +++ b/auth2-pubkey.c
-@@ -439,9 +439,10 @@
+@@ -440,9 +440,10 @@
        u_int success, i;
        char *file;
 
@@ -418,7 +418,7 @@ Index: b/readconf.c
        { "rsaauthentication", oRSAAuthentication },
        { "pubkeyauthentication", oPubkeyAuthentication },
        { "dsaauthentication", oPubkeyAuthentication },             /* alias */
-@@ -489,6 +491,10 @@
+@@ -490,6 +492,10 @@
                intptr = &options->challenge_response_authentication;
                goto parse_flag;
 
@@ -429,7 +429,7 @@ Index: b/readconf.c
        case oGssAuthentication:
                intptr = &options->gss_authentication;
                goto parse_flag;
-@@ -1180,6 +1186,7 @@
+@@ -1181,6 +1187,7 @@
        options->kbd_interactive_devices = NULL;
        options->rhosts_rsa_authentication = -1;
        options->hostbased_authentication = -1;
@@ -437,7 +437,7 @@ Index: b/readconf.c
        options->batch_mode = -1;
        options->check_host_ip = -1;
        options->strict_host_key_checking = -1;
-@@ -1290,6 +1297,8 @@
+@@ -1291,6 +1298,8 @@
                options->rhosts_rsa_authentication = 0;
        if (options->hostbased_authentication == -1)
                options->hostbased_authentication = 0;
@@ -450,7 +450,7 @@ Index: b/readconf.h
 ===================================================================
 --- a/readconf.h
 +++ b/readconf.h
-@@ -58,6 +58,7 @@
+@@ -59,6 +59,7 @@
        int     kbd_interactive_authentication; /* Try keyboard-interactive auth. */
        char    *kbd_interactive_devices; /* Keyboard-interactive auth devices. */
        int     zero_knowledge_password_authentication; /* Try jpake */
@@ -542,7 +542,7 @@ Index: b/ssh-add.1
 The options are as follows:
 .Bl -tag -width Ds
 .It Fl c
-@@ -183,6 +187,7 @@
+@@ -186,6 +190,7 @@
 .Xr ssh 1 ,
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
@@ -555,12 +555,12 @@ Index: b/ssh-add.c
 --- a/ssh-add.c
 +++ b/ssh-add.c
 @@ -142,7 +142,7 @@
- add_file(AuthenticationConnection *ac, const char *filename)
+ add_file(AuthenticationConnection *ac, const char *filename, int key_only)
 {
        Key *private, *cert;
 -       char *comment = NULL;
 +       char *comment = NULL, *fp;
-        char msg[1024], *certpath;
+        char msg[1024], *certpath = NULL;
        int fd, perms_ok, ret = -1;
        Buffer keyblob;
 @@ -218,6 +218,14 @@
@@ -576,13 +576,13 @@ Index: b/ssh-add.c
 +               return -1;
 +       }
 
- 
+        /* Skip trying to load the cert if requested */
-        /* Now try to add the certificate flavour too */
+        if (key_only)
 Index: b/ssh-keygen.1
 ===================================================================
 --- a/ssh-keygen.1
 +++ b/ssh-keygen.1
-@@ -670,6 +670,7 @@
+@@ -679,6 +679,7 @@
 .Xr ssh 1 ,
 .Xr ssh-add 1 ,
 .Xr ssh-agent 1 ,
@@ -1233,7 +1233,7 @@ Index: b/ssh.1
 ===================================================================
 --- a/ssh.1
 +++ b/ssh.1
-@@ -1407,6 +1407,7 @@
+@@ -1421,6 +1421,7 @@
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
 .Xr ssh-keyscan 1 ,
@@ -1245,7 +1245,7 @@ Index: b/ssh.c
 ===================================================================
 --- a/ssh.c
 +++ b/ssh.c
-@@ -1476,7 +1476,7 @@
+@@ -1492,7 +1492,7 @@
 static void
 load_public_identity_files(void)
 {
@@ -1254,7 +1254,7 @@ Index: b/ssh.c
        char *pwdir = NULL, *pwname = NULL;
        int i = 0;
        Key *public;
-@@ -1533,6 +1533,22 @@
+@@ -1549,6 +1549,22 @@
                public = key_load_public(filename, NULL);
                debug("identity file %s type %d", filename,
                    public ? public->type : -1);
@@ -1331,7 +1331,7 @@ Index: b/sshd.8
 ===================================================================
 --- a/sshd.8
 +++ b/sshd.8
-@@ -948,6 +948,7 @@
+@@ -951,6 +951,7 @@
 .Xr ssh-agent 1 ,
 .Xr ssh-keygen 1 ,
 .Xr ssh-keyscan 1 ,
@@ -1343,7 +1343,7 @@ Index: b/sshd.c
 ===================================================================
 --- a/sshd.c
 +++ b/sshd.c
-@@ -1598,6 +1598,11 @@
+@@ -1602,6 +1602,11 @@
                        sensitive_data.host_keys[i] = NULL;
                        continue;
                }

diff --git a/debian/patches/ssh-vulnkey.patch b/debian/patches/ssh-vulnkey.patch index 4245319c3..d60816d46 100644 --- a/debian/patches/ssh-vulnkey.patch +++ b/debian/patches/ssh-vulnkey.patch
@@ -39,9 +39,9 @@ Index: b/Makefile.in
39		39
40	LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \	40	LIBSSH_OBJS=acss.o authfd.o authfile.o bufaux.o bufbn.o buffer.o \
41	canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \	41	canohost.o channels.o cipher.o cipher-acss.o cipher-aes.o \
42	@@ -93,8 +95,8 @@	42	@@ -94,8 +96,8 @@
43	roaming_common.o roaming_serv.o \	43	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o \
44	sandbox-null.o sandbox-rlimit.o sandbox-systrace.o sandbox-darwin.o	44	sandbox-seccomp-filter.o
45		45
46	-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out	46	-MANPAGES = moduli.5.out scp.1.out ssh-add.1.out ssh-agent.1.out ssh-keygen.1.out ssh-keyscan.1.out ssh.1.out sshd.8.out sftp-server.8.out sftp.1.out ssh-keysign.8.out ssh-pkcs11-helper.8.out sshd_config.5.out ssh_config.5.out
47	-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5	47	-MANPAGES_IN = moduli.5 scp.1 ssh-add.1 ssh-agent.1 ssh-keygen.1 ssh-keyscan.1 ssh.1 sshd.8 sftp-server.8 sftp.1 ssh-keysign.8 ssh-pkcs11-helper.8 sshd_config.5 ssh_config.5
@@ -50,7 +50,7 @@ Index: b/Makefile.in
50	MANTYPE = @MANTYPE@	50	MANTYPE = @MANTYPE@
51		51
52	CONFIGFILES=sshd_config.out ssh_config.out moduli.out	52	CONFIGFILES=sshd_config.out ssh_config.out moduli.out
53	@@ -171,6 +173,9 @@	53	@@ -172,6 +174,9 @@
54	sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o	54	sftp$(EXEEXT): $(LIBCOMPAT) libssh.a sftp.o sftp-client.o sftp-common.o sftp-glob.o progressmeter.o
55	$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)	55	$(LD) -o $@ progressmeter.o sftp.o sftp-client.o sftp-common.o sftp-glob.o $(LDFLAGS) -lssh -lopenbsd-compat $(LIBS) $(LIBEDIT)
56		56
@@ -60,7 +60,7 @@ Index: b/Makefile.in
60	# test driver for the loginrec code - not built by default	60	# test driver for the loginrec code - not built by default
61	logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o	61	logintest: logintest.o $(LIBCOMPAT) libssh.a loginrec.o
62	$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)	62	$(LD) -o $@ logintest.o $(LDFLAGS) loginrec.o -lopenbsd-compat -lssh $(LIBS)
63	@@ -259,6 +264,7 @@	63	@@ -260,6 +265,7 @@
64	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)	64	$(INSTALL) -m 0755 $(STRIP_OPT) ssh-pkcs11-helper$(EXEEXT) $(DESTDIR)$(SSH_PKCS11_HELPER)$(EXEEXT)
65	$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)	65	$(INSTALL) -m 0755 $(STRIP_OPT) sftp$(EXEEXT) $(DESTDIR)$(bindir)/sftp$(EXEEXT)
66	$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)	66	$(INSTALL) -m 0755 $(STRIP_OPT) sftp-server$(EXEEXT) $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
@@ -68,7 +68,7 @@ Index: b/Makefile.in
68	$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1	68	$(INSTALL) -m 644 ssh.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh.1
69	$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1	69	$(INSTALL) -m 644 scp.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/scp.1
70	$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1	70	$(INSTALL) -m 644 ssh-add.1.out $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-add.1
71	@@ -273,6 +279,7 @@	71	@@ -274,6 +280,7 @@
72	$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8	72	$(INSTALL) -m 644 sftp-server.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/sftp-server.8
73	$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8	73	$(INSTALL) -m 644 ssh-keysign.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-keysign.8
74	$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8	74	$(INSTALL) -m 644 ssh-pkcs11-helper.8.out $(DESTDIR)$(mandir)/$(mansubdir)8/ssh-pkcs11-helper.8
@@ -76,7 +76,7 @@ Index: b/Makefile.in
76	-rm -f $(DESTDIR)$(bindir)/slogin	76	-rm -f $(DESTDIR)$(bindir)/slogin
77	ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin	77	ln -s ./ssh$(EXEEXT) $(DESTDIR)$(bindir)/slogin
78	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1	78	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/slogin.1
79	@@ -354,6 +361,7 @@	79	@@ -355,6 +362,7 @@
80	-rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)	80	-rm -f $(DESTDIR)$(bindir)/ssh-agent$(EXEEXT)
81	-rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)	81	-rm -f $(DESTDIR)$(bindir)/ssh-keygen$(EXEEXT)
82	-rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)	82	-rm -f $(DESTDIR)$(bindir)/ssh-keyscan$(EXEEXT)
@@ -84,7 +84,7 @@ Index: b/Makefile.in
84	-rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)	84	-rm -f $(DESTDIR)$(bindir)/sftp$(EXEEXT)
85	-rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)	85	-rm -f $(DESTDIR)$(sbindir)/sshd$(EXEEXT)
86	-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)	86	-rm -r $(DESTDIR)$(SFTP_SERVER)$(EXEEXT)
87	@@ -366,6 +374,7 @@	87	@@ -367,6 +375,7 @@
88	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1	88	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keygen.1
89	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1	89	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/sftp.1
90	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1	90	-rm -f $(DESTDIR)$(mandir)/$(mansubdir)1/ssh-keyscan.1
@@ -196,7 +196,7 @@ Index: b/auth2-pubkey.c
196	===================================================================	196	===================================================================
197	--- a/auth2-pubkey.c	197	--- a/auth2-pubkey.c
198	+++ b/auth2-pubkey.c	198	+++ b/auth2-pubkey.c
199	@@ -439,9 +439,10 @@	199	@@ -440,9 +440,10 @@
200	u_int success, i;	200	u_int success, i;
201	char *file;	201	char *file;
202		202
@@ -418,7 +418,7 @@ Index: b/readconf.c
418	{ "rsaauthentication", oRSAAuthentication },	418	{ "rsaauthentication", oRSAAuthentication },
419	{ "pubkeyauthentication", oPubkeyAuthentication },	419	{ "pubkeyauthentication", oPubkeyAuthentication },
420	{ "dsaauthentication", oPubkeyAuthentication }, /* alias */	420	{ "dsaauthentication", oPubkeyAuthentication }, /* alias */
421	@@ -489,6 +491,10 @@	421	@@ -490,6 +492,10 @@
422	intptr = &options->challenge_response_authentication;	422	intptr = &options->challenge_response_authentication;
423	goto parse_flag;	423	goto parse_flag;
424		424
@@ -429,7 +429,7 @@ Index: b/readconf.c
429	case oGssAuthentication:	429	case oGssAuthentication:
430	intptr = &options->gss_authentication;	430	intptr = &options->gss_authentication;
431	goto parse_flag;	431	goto parse_flag;
432	@@ -1180,6 +1186,7 @@	432	@@ -1181,6 +1187,7 @@
433	options->kbd_interactive_devices = NULL;	433	options->kbd_interactive_devices = NULL;
434	options->rhosts_rsa_authentication = -1;	434	options->rhosts_rsa_authentication = -1;
435	options->hostbased_authentication = -1;	435	options->hostbased_authentication = -1;
@@ -437,7 +437,7 @@ Index: b/readconf.c
437	options->batch_mode = -1;	437	options->batch_mode = -1;
438	options->check_host_ip = -1;	438	options->check_host_ip = -1;
439	options->strict_host_key_checking = -1;	439	options->strict_host_key_checking = -1;
440	@@ -1290,6 +1297,8 @@	440	@@ -1291,6 +1298,8 @@
441	options->rhosts_rsa_authentication = 0;	441	options->rhosts_rsa_authentication = 0;
442	if (options->hostbased_authentication == -1)	442	if (options->hostbased_authentication == -1)
443	options->hostbased_authentication = 0;	443	options->hostbased_authentication = 0;
@@ -450,7 +450,7 @@ Index: b/readconf.h
450	===================================================================	450	===================================================================
451	--- a/readconf.h	451	--- a/readconf.h
452	+++ b/readconf.h	452	+++ b/readconf.h
453	@@ -58,6 +58,7 @@	453	@@ -59,6 +59,7 @@
454	int kbd_interactive_authentication; /* Try keyboard-interactive auth. */	454	int kbd_interactive_authentication; /* Try keyboard-interactive auth. */
455	char kbd_interactive_devices; / Keyboard-interactive auth devices. */	455	char kbd_interactive_devices; / Keyboard-interactive auth devices. */
456	int zero_knowledge_password_authentication; /* Try jpake */	456	int zero_knowledge_password_authentication; /* Try jpake */
@@ -542,7 +542,7 @@ Index: b/ssh-add.1
542	The options are as follows:	542	The options are as follows:
543	.Bl -tag -width Ds	543	.Bl -tag -width Ds
544	.It Fl c	544	.It Fl c
545	@@ -183,6 +187,7 @@	545	@@ -186,6 +190,7 @@
546	.Xr ssh 1 ,	546	.Xr ssh 1 ,
547	.Xr ssh-agent 1 ,	547	.Xr ssh-agent 1 ,
548	.Xr ssh-keygen 1 ,	548	.Xr ssh-keygen 1 ,
@@ -555,12 +555,12 @@ Index: b/ssh-add.c
555	--- a/ssh-add.c	555	--- a/ssh-add.c
556	+++ b/ssh-add.c	556	+++ b/ssh-add.c
557	@@ -142,7 +142,7 @@	557	@@ -142,7 +142,7 @@
558	add_file(AuthenticationConnection ac, const char filename)	558	add_file(AuthenticationConnection ac, const char filename, int key_only)
559	{	559	{
560	Key private, cert;	560	Key private, cert;
561	- char *comment = NULL;	561	- char *comment = NULL;
562	+ char comment = NULL, fp;	562	+ char comment = NULL, fp;
563	char msg[1024], *certpath;	563	char msg[1024], *certpath = NULL;
564	int fd, perms_ok, ret = -1;	564	int fd, perms_ok, ret = -1;
565	Buffer keyblob;	565	Buffer keyblob;
566	@@ -218,6 +218,14 @@	566	@@ -218,6 +218,14 @@
@@ -576,13 +576,13 @@ Index: b/ssh-add.c
576	+ return -1;	576	+ return -1;
577	+ }	577	+ }
578		578
579		579	/* Skip trying to load the cert if requested */
580	/* Now try to add the certificate flavour too */	580	if (key_only)
581	Index: b/ssh-keygen.1	581	Index: b/ssh-keygen.1
582	===================================================================	582	===================================================================
583	--- a/ssh-keygen.1	583	--- a/ssh-keygen.1
584	+++ b/ssh-keygen.1	584	+++ b/ssh-keygen.1
585	@@ -670,6 +670,7 @@	585	@@ -679,6 +679,7 @@
586	.Xr ssh 1 ,	586	.Xr ssh 1 ,
587	.Xr ssh-add 1 ,	587	.Xr ssh-add 1 ,
588	.Xr ssh-agent 1 ,	588	.Xr ssh-agent 1 ,
@@ -1233,7 +1233,7 @@ Index: b/ssh.1
1233	===================================================================	1233	===================================================================
1234	--- a/ssh.1	1234	--- a/ssh.1
1235	+++ b/ssh.1	1235	+++ b/ssh.1
1236	@@ -1407,6 +1407,7 @@	1236	@@ -1421,6 +1421,7 @@
1237	.Xr ssh-agent 1 ,	1237	.Xr ssh-agent 1 ,
1238	.Xr ssh-keygen 1 ,	1238	.Xr ssh-keygen 1 ,
1239	.Xr ssh-keyscan 1 ,	1239	.Xr ssh-keyscan 1 ,
@@ -1245,7 +1245,7 @@ Index: b/ssh.c
1245	===================================================================	1245	===================================================================
1246	--- a/ssh.c	1246	--- a/ssh.c
1247	+++ b/ssh.c	1247	+++ b/ssh.c
1248	@@ -1476,7 +1476,7 @@	1248	@@ -1492,7 +1492,7 @@
1249	static void	1249	static void
1250	load_public_identity_files(void)	1250	load_public_identity_files(void)
1251	{	1251	{
@@ -1254,7 +1254,7 @@ Index: b/ssh.c
1254	char pwdir = NULL, pwname = NULL;	1254	char pwdir = NULL, pwname = NULL;
1255	int i = 0;	1255	int i = 0;
1256	Key *public;	1256	Key *public;
1257	@@ -1533,6 +1533,22 @@	1257	@@ -1549,6 +1549,22 @@
1258	public = key_load_public(filename, NULL);	1258	public = key_load_public(filename, NULL);
1259	debug("identity file %s type %d", filename,	1259	debug("identity file %s type %d", filename,
1260	public ? public->type : -1);	1260	public ? public->type : -1);
@@ -1331,7 +1331,7 @@ Index: b/sshd.8
1331	===================================================================	1331	===================================================================
1332	--- a/sshd.8	1332	--- a/sshd.8
1333	+++ b/sshd.8	1333	+++ b/sshd.8
1334	@@ -948,6 +948,7 @@	1334	@@ -951,6 +951,7 @@
1335	.Xr ssh-agent 1 ,	1335	.Xr ssh-agent 1 ,
1336	.Xr ssh-keygen 1 ,	1336	.Xr ssh-keygen 1 ,
1337	.Xr ssh-keyscan 1 ,	1337	.Xr ssh-keyscan 1 ,
@@ -1343,7 +1343,7 @@ Index: b/sshd.c
1343	===================================================================	1343	===================================================================
1344	--- a/sshd.c	1344	--- a/sshd.c
1345	+++ b/sshd.c	1345	+++ b/sshd.c
1346	@@ -1598,6 +1598,11 @@	1346	@@ -1602,6 +1602,11 @@
1347	sensitive_data.host_keys[i] = NULL;	1347	sensitive_data.host_keys[i] = NULL;
1348	continue;	1348	continue;
1349	}	1349	}