diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | debian/patches/hostbased-ecdsa.patch | 71 | ||||
-rw-r--r-- | debian/patches/series | 1 |
3 files changed, 74 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog index 02933e934..7980e1d1f 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -3,6 +3,8 @@ openssh (1:5.8p1-5) UNRELEASED; urgency=low | |||
3 | * Drop openssh-server's dependency on openssh-blacklist to a | 3 | * Drop openssh-server's dependency on openssh-blacklist to a |
4 | recommendation (closes: #622604). | 4 | recommendation (closes: #622604). |
5 | * Update Vcs-* fields and README.source for Alioth changes. | 5 | * Update Vcs-* fields and README.source for Alioth changes. |
6 | * Backport from upstream: | ||
7 | - Make hostbased auth with ECDSA keys work correctly (closes: #633368). | ||
6 | 8 | ||
7 | -- Colin Watson <cjwatson@debian.org> Wed, 13 Apr 2011 13:05:43 +0100 | 9 | -- Colin Watson <cjwatson@debian.org> Wed, 13 Apr 2011 13:05:43 +0100 |
8 | 10 | ||
diff --git a/debian/patches/hostbased-ecdsa.patch b/debian/patches/hostbased-ecdsa.patch new file mode 100644 index 000000000..fb618940a --- /dev/null +++ b/debian/patches/hostbased-ecdsa.patch | |||
@@ -0,0 +1,71 @@ | |||
1 | Description: Make hostbased auth with ECDSA keys work correctly | ||
2 | Author: Harv <harvey.eneman@oracle.com> | ||
3 | Author: Damien Miller <djm@mindrot.org> | ||
4 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1858 | ||
5 | Bug-Debian: http://bugs.debian.org/633368 | ||
6 | Origin: upstream, http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/6327 | ||
7 | Applied-Upstream: yes | ||
8 | Forwarded: not-needed | ||
9 | Last-Update: 2011-07-17 | ||
10 | |||
11 | Index: b/ssh-keysign.c | ||
12 | =================================================================== | ||
13 | --- a/ssh-keysign.c | ||
14 | +++ b/ssh-keysign.c | ||
15 | @@ -150,9 +150,10 @@ | ||
16 | { | ||
17 | Buffer b; | ||
18 | Options options; | ||
19 | - Key *keys[2], *key = NULL; | ||
20 | +#define NUM_KEYTYPES 3 | ||
21 | + Key *keys[NUM_KEYTYPES], *key = NULL; | ||
22 | struct passwd *pw; | ||
23 | - int key_fd[2], i, found, version = 2, fd; | ||
24 | + int key_fd[NUM_KEYTYPES], i, found, version = 2, fd; | ||
25 | u_char *signature, *data; | ||
26 | char *host; | ||
27 | u_int slen, dlen; | ||
28 | @@ -165,8 +166,10 @@ | ||
29 | if (fd > 2) | ||
30 | close(fd); | ||
31 | |||
32 | - key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | ||
33 | - key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); | ||
34 | + i = 0; | ||
35 | + key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); | ||
36 | + key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY); | ||
37 | + key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY); | ||
38 | |||
39 | original_real_uid = getuid(); /* XXX readconf.c needs this */ | ||
40 | if ((pw = getpwuid(original_real_uid)) == NULL) | ||
41 | @@ -191,7 +194,11 @@ | ||
42 | fatal("ssh-keysign not enabled in %s", | ||
43 | _PATH_HOST_CONFIG_FILE); | ||
44 | |||
45 | - if (key_fd[0] == -1 && key_fd[1] == -1) | ||
46 | + for (i = found = 0; i < NUM_KEYTYPES; i++) { | ||
47 | + if (key_fd[i] != -1) | ||
48 | + found = 1; | ||
49 | + } | ||
50 | + if (found == 0) | ||
51 | fatal("could not open any host key"); | ||
52 | |||
53 | OpenSSL_add_all_algorithms(); | ||
54 | @@ -200,7 +207,7 @@ | ||
55 | RAND_seed(rnd, sizeof(rnd)); | ||
56 | |||
57 | found = 0; | ||
58 | - for (i = 0; i < 2; i++) { | ||
59 | + for (i = 0; i < NUM_KEYTYPES; i++) { | ||
60 | keys[i] = NULL; | ||
61 | if (key_fd[i] == -1) | ||
62 | continue; | ||
63 | @@ -230,7 +237,7 @@ | ||
64 | xfree(host); | ||
65 | |||
66 | found = 0; | ||
67 | - for (i = 0; i < 2; i++) { | ||
68 | + for (i = 0; i < NUM_KEYTYPES; i++) { | ||
69 | if (keys[i] != NULL && | ||
70 | key_equal_public(key, keys[i])) { | ||
71 | found = 1; | ||
diff --git a/debian/patches/series b/debian/patches/series index 0a21f8ead..01ef70076 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -39,6 +39,7 @@ doc-hash-tab-completion.patch | |||
39 | # Miscellaneous bug fixes | 39 | # Miscellaneous bug fixes |
40 | selinux-build-failure.patch | 40 | selinux-build-failure.patch |
41 | ssh-add-fifo.patch | 41 | ssh-add-fifo.patch |
42 | hostbased-ecdsa.patch | ||
42 | 43 | ||
43 | # Debian-specific configuration | 44 | # Debian-specific configuration |
44 | gnome-ssh-askpass2-icon.patch | 45 | gnome-ssh-askpass2-icon.patch |