diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/.git-dpm | 4 | ||||
-rw-r--r-- | debian/changelog | 9 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | debian/patches/unbreak-certificate-auth.patch | 46 |
4 files changed, 58 insertions, 2 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm index 589d66c5c..4d6e084d7 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm | |||
@@ -1,6 +1,6 @@ | |||
1 | # see git-dpm(1) from git-dpm package | 1 | # see git-dpm(1) from git-dpm package |
2 | 7f3fb4e5fdddc6600e70ae663c21511fbcf2c64c | 2 | 43a633de1cabe77e652125dac394a99ad9cac3b4 |
3 | 7f3fb4e5fdddc6600e70ae663c21511fbcf2c64c | 3 | 43a633de1cabe77e652125dac394a99ad9cac3b4 |
4 | f0329aac23c61e1a5197d6d57349a63f459bccb0 | 4 | f0329aac23c61e1a5197d6d57349a63f459bccb0 |
5 | f0329aac23c61e1a5197d6d57349a63f459bccb0 | 5 | f0329aac23c61e1a5197d6d57349a63f459bccb0 |
6 | openssh_7.2p2.orig.tar.gz | 6 | openssh_7.2p2.orig.tar.gz |
diff --git a/debian/changelog b/debian/changelog index 748efee5b..efaa766ae 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -1,3 +1,12 @@ | |||
1 | openssh (1:7.2p2-5) UNRELEASED; urgency=medium | ||
2 | |||
3 | * Backport upstream patch to unbreak authentication using lone certificate | ||
4 | keys in ssh-agent: when attempting pubkey auth with a certificate, if no | ||
5 | separate private key is found among the keys then try with the | ||
6 | certificate key itself (thanks, Paul Querna; LP: #1575961). | ||
7 | |||
8 | -- Colin Watson <cjwatson@debian.org> Thu, 28 Apr 2016 01:46:20 +0100 | ||
9 | |||
1 | openssh (1:7.2p2-4) unstable; urgency=medium | 10 | openssh (1:7.2p2-4) unstable; urgency=medium |
2 | 11 | ||
3 | * Drop dependency on libnss-files-udeb (closes: #819686). | 12 | * Drop dependency on libnss-files-udeb (closes: #819686). |
diff --git a/debian/patches/series b/debian/patches/series index b5c9fb392..d2d89669f 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -26,3 +26,4 @@ sigstop.patch | |||
26 | systemd-readiness.patch | 26 | systemd-readiness.patch |
27 | debian-config.patch | 27 | debian-config.patch |
28 | CVE-2015-8325.patch | 28 | CVE-2015-8325.patch |
29 | unbreak-certificate-auth.patch | ||
diff --git a/debian/patches/unbreak-certificate-auth.patch b/debian/patches/unbreak-certificate-auth.patch new file mode 100644 index 000000000..cbf7c1800 --- /dev/null +++ b/debian/patches/unbreak-certificate-auth.patch | |||
@@ -0,0 +1,46 @@ | |||
1 | From 43a633de1cabe77e652125dac394a99ad9cac3b4 Mon Sep 17 00:00:00 2001 | ||
2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
3 | Date: Mon, 14 Mar 2016 16:20:54 +0000 | ||
4 | Subject: upstream commit | ||
5 | |||
6 | unbreak authentication using lone certificate keys in | ||
7 | ssh-agent: when attempting pubkey auth with a certificate, if no separate | ||
8 | private key is found among the keys then try with the certificate key itself. | ||
9 | |||
10 | bz#2550 reported by Peter Moody | ||
11 | |||
12 | Upstream-ID: f939cd76d68e6a9a3d1711b5a943d6ed1e623966 | ||
13 | |||
14 | Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=c38905ba391434834da86abfc988a2b8b9b62477 | ||
15 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/1575961 | ||
16 | Last-Update: 2016-04-28 | ||
17 | |||
18 | Patch-Name: unbreak-certificate-auth.patch | ||
19 | --- | ||
20 | sshconnect2.c | 8 ++------ | ||
21 | 1 file changed, 2 insertions(+), 6 deletions(-) | ||
22 | |||
23 | diff --git a/sshconnect2.c b/sshconnect2.c | ||
24 | index b452eae..40facda 100644 | ||
25 | --- a/sshconnect2.c | ||
26 | +++ b/sshconnect2.c | ||
27 | @@ -1,4 +1,4 @@ | ||
28 | -/* $OpenBSD: sshconnect2.c,v 1.239 2016/02/23 01:34:14 djm Exp $ */ | ||
29 | +/* $OpenBSD: sshconnect2.c,v 1.240 2016/03/14 16:20:54 djm Exp $ */ | ||
30 | /* | ||
31 | * Copyright (c) 2000 Markus Friedl. All rights reserved. | ||
32 | * Copyright (c) 2008 Damien Miller. All rights reserved. | ||
33 | @@ -1224,12 +1224,8 @@ sign_and_send_pubkey(Authctxt *authctxt, Identity *id) | ||
34 | "certificate", __func__, id->filename, | ||
35 | id->agent_fd != -1 ? " from agent" : ""); | ||
36 | } else { | ||
37 | - /* XXX maybe verbose/error? */ | ||
38 | - debug("%s: no private key for certificate " | ||
39 | + debug("%s: no separate private key for certificate " | ||
40 | "\"%s\"", __func__, id->filename); | ||
41 | - free(blob); | ||
42 | - buffer_free(&b); | ||
43 | - return 0; | ||
44 | } | ||
45 | } | ||
46 | |||