vishalmishra434 / rpms / openssh

Forked from rpms/openssh a month ago
Clone
Source Code
GIT

Blame openssh-8.4p1-debian-compat.patch

c10s-sig-hyperscale c10s-sig-hyperscale-2 c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   2f2c30932efa661dd7c33862049aeeb755c11453
  2.   openssh-8.4p1-debian-compat.patch
Blob History Raw
Jakub Jelen 6a0769 
--- compat.h.orig	2020-10-05 10:09:02.953505129 -0700
Jakub Jelen 6a0769 
+++ compat.h	2020-10-05 10:10:17.587733113 -0700
Jakub Jelen 6a0769 
@@ -34,7 +34,7 @@
Jakub Jelen 6a0769
Jakub Jelen 6a0769 
 #define SSH_BUG_UTF8TTYMODE	0x00000001
Jakub Jelen 6a0769 
 #define SSH_BUG_SIGTYPE		0x00000002
Jakub Jelen 6a0769 
-/* #define unused		0x00000004 */
Jakub Jelen 6a0769 
+#define SSH_BUG_SIGTYPE74	0x00000004
Jakub Jelen 6a0769 
 /* #define unused		0x00000008 */
Jakub Jelen 6a0769 
 #define SSH_OLD_SESSIONID	0x00000010
Jakub Jelen 6a0769 
 /* #define unused		0x00000020 */
Jakub Jelen 6a0769 
--- compat.c.orig	2020-10-05 10:25:02.088720562 -0700
Jakub Jelen 6a0769 
+++ compat.c	2020-10-05 10:13:11.637282492 -0700
Jakub Jelen 6a0769 
@@ -65,11 +65,12 @@
Jakub Jelen 6a0769 
 		{ "OpenSSH_6.5*,"
Jakub Jelen 6a0769 
 		  "OpenSSH_6.6*",	SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD|
Jakub Jelen 6a0769 
 					SSH_BUG_SIGTYPE},
Jakub Jelen 6a0769 
+		{ "OpenSSH_7.4*",	SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE|
Jakub Jelen 6a0769 
+		  			SSH_BUG_SIGTYPE74},
Jakub Jelen 6a0769 
 		{ "OpenSSH_7.0*,"
Jakub Jelen 6a0769 
 		  "OpenSSH_7.1*,"
Jakub Jelen 6a0769 
 		  "OpenSSH_7.2*,"
Jakub Jelen 6a0769 
 		  "OpenSSH_7.3*,"
Jakub Jelen 6a0769 
-		  "OpenSSH_7.4*,"
Jakub Jelen 6a0769 
 		  "OpenSSH_7.5*,"
Jakub Jelen 6a0769 
 		  "OpenSSH_7.6*,"
Jakub Jelen 6a0769 
 		  "OpenSSH_7.7*",	SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE},
Jakub Jelen 6a0769 
--- sshconnect2.c.orig	2020-09-26 07:26:37.618010545 -0700
Jakub Jelen 6a0769 
+++ sshconnect2.c	2020-10-05 10:47:22.116315148 -0700
Jakub Jelen 6a0769 
@@ -1305,6 +1305,26 @@
Jakub Jelen 6a0769 
 			break;
Jakub Jelen 6a0769 
 	}
Jakub Jelen 6a0769 
 	free(oallowed);
Jakub Jelen 6a0769 
+	/*
Jakub Jelen 6a0769 
+	 * OpenSSH 7.4 supports SHA2 sig types, but fails to indicate its
Jakub Jelen 6a0769 
+	 * support.  For that release, check the local policy against the
Jakub Jelen 6a0769 
+	 * SHA2 signature types.
Jakub Jelen 6a0769 
+	 */
Jakub Jelen 6a0769 
+	if (alg == NULL &&
Jakub Jelen 25c16c 
+	    (key->type == KEY_RSA && (ssh->compat & SSH_BUG_SIGTYPE74))) {
Jakub Jelen 25c16c 
+		oallowed = allowed = xstrdup(options.pubkey_accepted_algos);
Jakub Jelen 6a0769 
+		while ((cp = strsep(&allowed, ",")) != NULL) {
Jakub Jelen 6a0769 
+			if (sshkey_type_from_name(cp) != key->type)
Jakub Jelen 6a0769 
+				continue;
Jakub Jelen 6a0769 
+			tmp = match_list(sshkey_sigalg_by_name(cp), "rsa-sha2-256,rsa-sha2-512", NULL);
Jakub Jelen 6a0769 
+			if (tmp != NULL)
Jakub Jelen 6a0769 
+				alg = xstrdup(cp);
Jakub Jelen 6a0769 
+			free(tmp);
Jakub Jelen 6a0769 
+			if (alg != NULL)
Jakub Jelen 6a0769 
+				break;
Jakub Jelen 6a0769 
+		}
Jakub Jelen 6a0769 
+		free(oallowed);
Jakub Jelen 6a0769 
+	}
Jakub Jelen 6a0769 
 	return alg;
Jakub Jelen 6a0769 
 }
Jakub Jelen 6a0769
Jakub Jelen 6a0769

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation