summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/changelog2
-rw-r--r--debian/patches/hostbased-ecdsa.patch71
-rw-r--r--debian/patches/series1
3 files changed, 74 insertions, 0 deletions
diff --git a/debian/changelog b/debian/changelog
index 02933e934..7980e1d1f 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,8 @@ openssh (1:5.8p1-5) UNRELEASED; urgency=low
3 * Drop openssh-server's dependency on openssh-blacklist to a 3 * Drop openssh-server's dependency on openssh-blacklist to a
4 recommendation (closes: #622604). 4 recommendation (closes: #622604).
5 * Update Vcs-* fields and README.source for Alioth changes. 5 * Update Vcs-* fields and README.source for Alioth changes.
6 * Backport from upstream:
7 - Make hostbased auth with ECDSA keys work correctly (closes: #633368).
6 8
7 -- Colin Watson <cjwatson@debian.org> Wed, 13 Apr 2011 13:05:43 +0100 9 -- Colin Watson <cjwatson@debian.org> Wed, 13 Apr 2011 13:05:43 +0100
8 10
diff --git a/debian/patches/hostbased-ecdsa.patch b/debian/patches/hostbased-ecdsa.patch
new file mode 100644
index 000000000..fb618940a
--- /dev/null
+++ b/debian/patches/hostbased-ecdsa.patch
@@ -0,0 +1,71 @@
1Description: Make hostbased auth with ECDSA keys work correctly
2Author: Harv <harvey.eneman@oracle.com>
3Author: Damien Miller <djm@mindrot.org>
4Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=1858
5Bug-Debian: http://bugs.debian.org/633368
6Origin: upstream, http://bazaar.launchpad.net/~vcs-imports/openssh/main/revision/6327
7Applied-Upstream: yes
8Forwarded: not-needed
9Last-Update: 2011-07-17
10
11Index: b/ssh-keysign.c
12===================================================================
13--- a/ssh-keysign.c
14+++ b/ssh-keysign.c
15@@ -150,9 +150,10 @@
16 {
17 Buffer b;
18 Options options;
19- Key *keys[2], *key = NULL;
20+#define NUM_KEYTYPES 3
21+ Key *keys[NUM_KEYTYPES], *key = NULL;
22 struct passwd *pw;
23- int key_fd[2], i, found, version = 2, fd;
24+ int key_fd[NUM_KEYTYPES], i, found, version = 2, fd;
25 u_char *signature, *data;
26 char *host;
27 u_int slen, dlen;
28@@ -165,8 +166,10 @@
29 if (fd > 2)
30 close(fd);
31
32- key_fd[0] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
33- key_fd[1] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
34+ i = 0;
35+ key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY);
36+ key_fd[i++] = open(_PATH_HOST_ECDSA_KEY_FILE, O_RDONLY);
37+ key_fd[i++] = open(_PATH_HOST_RSA_KEY_FILE, O_RDONLY);
38
39 original_real_uid = getuid(); /* XXX readconf.c needs this */
40 if ((pw = getpwuid(original_real_uid)) == NULL)
41@@ -191,7 +194,11 @@
42 fatal("ssh-keysign not enabled in %s",
43 _PATH_HOST_CONFIG_FILE);
44
45- if (key_fd[0] == -1 && key_fd[1] == -1)
46+ for (i = found = 0; i < NUM_KEYTYPES; i++) {
47+ if (key_fd[i] != -1)
48+ found = 1;
49+ }
50+ if (found == 0)
51 fatal("could not open any host key");
52
53 OpenSSL_add_all_algorithms();
54@@ -200,7 +207,7 @@
55 RAND_seed(rnd, sizeof(rnd));
56
57 found = 0;
58- for (i = 0; i < 2; i++) {
59+ for (i = 0; i < NUM_KEYTYPES; i++) {
60 keys[i] = NULL;
61 if (key_fd[i] == -1)
62 continue;
63@@ -230,7 +237,7 @@
64 xfree(host);
65
66 found = 0;
67- for (i = 0; i < 2; i++) {
68+ for (i = 0; i < NUM_KEYTYPES; i++) {
69 if (keys[i] != NULL &&
70 key_equal_public(key, keys[i])) {
71 found = 1;
diff --git a/debian/patches/series b/debian/patches/series
index 0a21f8ead..01ef70076 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -39,6 +39,7 @@ doc-hash-tab-completion.patch
39# Miscellaneous bug fixes 39# Miscellaneous bug fixes
40selinux-build-failure.patch 40selinux-build-failure.patch
41ssh-add-fifo.patch 41ssh-add-fifo.patch
42hostbased-ecdsa.patch
42 43
43# Debian-specific configuration 44# Debian-specific configuration
44gnome-ssh-askpass2-icon.patch 45gnome-ssh-askpass2-icon.patch