Package: openssh-client Version: 1:5.8p1-2 Severity: normal Tags: upstream patch
Sometimes, it's nice to have ssh-add read a key from a FIFO instead of writing the key to a file. older versions of ssh (before 5.7p1, i think) would let you do that. 5.8p1-2 doesn't. here's an example (i know, the key is already in the filesystem; this is just an example): ssh-keygen -t rsa -b 1024 -N '' -f test-key umask 077 mfifo test-fifo ssh-add test-fifo & cat test-key > test-fifo This no longer works :( It also means that "monkeysphere subkey-to-ssh-agent" fails for users with openssh-client 5.8p1 installed. I've reported the bug upstream at: https://bugzilla.mindrot.org/show_bug.cgi?id=1869 And i'm attaching a patch that fixes the problem right now by attempting reads of up to 8KiB if ssh-add detects that the file it is reading from is a FIFO. It would be great if debian could adopt this patch so that monkeysphere would work again until upstream adopts it. Thanks for your work on OpenSSH for debian, --dkg -- System Information: Debian Release: wheezy/sid APT prefers testing APT policy: (500, 'testing'), (200, 'unstable'), (1, 'experimental') Architecture: i386 (i686) Kernel: Linux 2.6.37-1-686 (SMP w/1 CPU core) Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/bash Versions of packages openssh-client depends on: ii adduser 3.112+nmu2 add and remove users and groups ii debconf [debconf-2.0 1.5.38 Debian configuration management sy ii dpkg 1.15.8.10 Debian package management system ii libc6 2.11.2-11 Embedded GNU C Library: Shared lib ii libedit2 2.11-20080614-2 BSD editline and history libraries ii libgssapi-krb5-2 1.8.3+dfsg-4 MIT Kerberos runtime libraries - k ii libselinux1 2.0.96-1 SELinux runtime shared libraries ii libssl0.9.8 0.9.8o-5 SSL shared libraries ii passwd 1:4.1.4.2+svn3283-3 change and administer password and ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime Versions of packages openssh-client recommends: ii openssh-blacklist 0.4.1 list of default blacklisted OpenSS ii openssh-blacklist-extra 0.4.1 list of non-default blacklisted Op ii xauth 1:1.0.5-1 X authentication utility Versions of packages openssh-client suggests: pn keychain <none> (no description available) pn libpam-ssh <none> (no description available) ii ssh-askpass 1:1.2.4.1-9 under X, asks user for a passphras -- no debconf information
=== modified file 'authfile.c' --- authfile.c 2011-01-24 12:43:25 +0000 +++ authfile.c 2011-02-24 03:23:59 +0000 @@ -317,7 +317,7 @@ static int key_load_file(int fd, const char *filename, Buffer *blob) { - size_t len; + size_t len,readcount; u_char *cp; struct stat st; @@ -337,11 +337,14 @@ return 0; } len = (size_t)st.st_size; /* truncated */ + if (0 == len && S_ISFIFO(st.st_mode)) + len = 8192; /* we will try reading up to 8KiB from a FIFO */ buffer_init(blob); cp = buffer_append_space(blob, len); - if (atomicio(read, fd, cp, len) != len) { + readcount = atomicio(read, fd, cp, len); + if (readcount != len && !(readcount > 0 && S_ISFIFO(st.st_mode))) { debug("%s: read from key file %.200s%sfailed: %.100s", __func__, filename == NULL ? "" : filename, filename == NULL ? "" : " ",