1 files changed, 46 insertions, 0 deletions
diff --git a/debian/patches/unbreak-certificate-auth.patch b/debian/patches/unbreak-certificate-auth.patch
new file mode 100644
index 000000000..cbf7c1800
--- /dev/null
+++ b/debian/patches/unbreak-certificate-auth.patch
@@ -0,0 +1,46 @@
+From 43a633de1cabe77e652125dac394a99ad9cac3b4 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Mon, 14 Mar 2016 16:20:54 +0000
+Subject: upstream commit
+unbreak authentication using lone certificate keys in
+ ssh-agent: when attempting pubkey auth with a certificate, if no separate
+ private key is found among the keys then try with the certificate key itself.
+bz#2550 reported by Peter Moody
+Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
+Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=c38905ba391434834da86abfc988a2b8b9b62477
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1575961
+Last-Update: 2016-04-28
+Patch-Name: unbreak-certificate-auth.patch
+---
+ sshconnect2.c | 8 ++------
+ 1 file changed, 2 insertions(+), 6 deletions(-)
+diff --git a/sshconnect2.c b/sshconnect2.c
+index b452eae..40facda 100644
+--- a/sshconnect2.c
+++ b/sshconnect2.c
+@@ -1,4 +1,4 @@
+-/* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */
+/* $OpenBSD: sshconnect2.c,v 1.240 2016/03/14 16:20:54 djm Exp $ */
+ /*
+  * Copyright (c) 2000 Markus Friedl.  All rights reserved.
+  * Copyright (c) 2008 Damien Miller.  All rights reserved.
+@@ -1224,12 +1224,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id)
+                            "certificate", __func__, id->filename,
+                            id->agent_fd != -1 ? " from agent" : "");
+                } else {
+-                       /* XXX maybe verbose/error? */
+-                       debug("%s: no private key for certificate "
+                       debug("%s: no separate private key for certificate "
+                            "\"%s\"", __func__, id->filename);
+-                       free(blob);
+-                       buffer_free(&b);
+-                       return 0;
+                }
+        }
+

diff --git a/debian/patches/unbreak-certificate-auth.patch b/debian/patches/unbreak-certificate-auth.patch new file mode 100644 index 000000000..cbf7c1800 --- /dev/null +++ b/debian/patches/unbreak-certificate-auth.patch
@@ -0,0 +1,46 @@
	1	From 43a633de1cabe77e652125dac394a99ad9cac3b4 Mon Sep 17 00:00:00 2001
	2	From: "djm@openbsd.org" <djm@openbsd.org>
	3	Date: Mon, 14 Mar 2016 16:20:54 +0000
	4	Subject: upstream commit
	5
	6	unbreak authentication using lone certificate keys in
	7	ssh-agent: when attempting pubkey auth with a certificate, if no separate
	8	private key is found among the keys then try with the certificate key itself.
	9
	10	bz#2550 reported by Peter Moody
	11
	12	Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966
	13
	14	Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=c38905ba391434834da86abfc988a2b8b9b62477
	15	Bug-Ubuntu: https://bugs.launchpad.net/bugs/1575961
	16	Last-Update: 2016-04-28
	17
	18	Patch-Name: unbreak-certificate-auth.patch
	19	---
	20	sshconnect2.c \| 8 ++------
	21	1 file changed, 2 insertions(+), 6 deletions(-)
	22
	23	diff --git a/sshconnect2.c b/sshconnect2.c
	24	index b452eae..40facda 100644
	25	--- a/sshconnect2.c
	26	+++ b/sshconnect2.c
	27	@@ -1,4 +1,4 @@
	28	-/* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */
	29	+/* $OpenBSD: sshconnect2.c,v 1.240 2016/03/14 16:20:54 djm Exp $ */
	30	/*
	31	* Copyright (c) 2000 Markus Friedl. All rights reserved.
	32	* Copyright (c) 2008 Damien Miller. All rights reserved.
	33	@@ -1224,12 +1224,8 @@ sign_and_send_pubkey(Authctxt authctxt, Identity id)
	34	"certificate", __func__, id->filename,
	35	id->agent_fd != -1 ? " from agent" : "");
	36	} else {
	37	- /* XXX maybe verbose/error? */
	38	- debug("%s: no private key for certificate "
	39	+ debug("%s: no separate private key for certificate "
	40	"\"%s\"", __func__, id->filename);
	41	- free(blob);
	42	- buffer_free(&b);
	43	- return 0;
	44	}
	45	}
	46