packages/openssh
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix ssh-keygen -Y check novalidate requires name

Browse Source
This commit is contained in:
renmingshuai 2022-12-16 16:29:09 +08:00
parent 9f74b5684d
commit 4b9333059e
2 changed files with 50 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
backport-upstream-ssh-keygen-Y-check-novalidate-requires-name.patch Normal file
View File

@ -0,0 +1,41 @@
From a0b5816f8f1f645acdf74f7bc11b34455ec30bac Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Fri, 18 Mar 2022 02:31:25 +0000
Subject: [PATCH] upstream: ssh-keygen -Y check-novalidate requires namespace
or SEGV
will ensue. Patch from Mateusz Adamowski via GHPR#307
OpenBSD-Commit-ID: 99e8ec38f9feb38bce6de240335be34aedeba5fd
Reference:https://github.com/openssh/openssh-portable/commit/a0b5816f8f1f645acdf74f7bc11b34455ec30bac
Conflict:NA
---
ssh-keygen.c | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git a/ssh-keygen.c b/ssh-keygen.c
index 7fc616c..bd6ea16 100644
--- a/ssh-keygen.c
+++ b/ssh-keygen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssh-keygen.c,v 1.437 2021/09/08 03:23:44 djm Exp $ */
+/* $OpenBSD: ssh-keygen.c,v 1.449 2022/03/18 02:31:25 djm Exp $ */
/*
* Author: Tatu Ylonen <ylo@cs.hut.fi>
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
@@ -3489,6 +3489,12 @@ main(int argc, char **argv)
return sig_sign(identity_file, cert_principals,
argc, argv);
} else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
+ if (cert_principals == NULL ||
+ *cert_principals == '\0') {
+ error("Too few arguments for check-novalidate: "
+ "missing namespace");
+ exit(1);
+ }
if (ca_key_path == NULL) {
error("Too few arguments for check-novalidate: "
"missing signature file");
--
2.23.0

10
openssh.spec
View File

@ -6,7 +6,7 @@
%{?no_gtk2:%global gtk2 0} %{?no_gtk2:%global gtk2 0}
%global sshd_uid 74 %global sshd_uid 74
%global openssh_release 9 %global openssh_release 10
Name: openssh Name: openssh
Version: 8.8p1 Version: 8.8p1
@ -91,6 +91,7 @@ Patch60: feature-add-SMx-support.patch
Patch61: backport-upstream-a-little-extra-debugging.patch Patch61: backport-upstream-a-little-extra-debugging.patch
Patch62: backport-upstream-better-debugging-for-connect_next.patch Patch62: backport-upstream-better-debugging-for-connect_next.patch
Patch63: add-loongarch.patch Patch63: add-loongarch.patch
Patch64: backport-upstream-ssh-keygen-Y-check-novalidate-requires-name.patch
Requires: /sbin/nologin Requires: /sbin/nologin
Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8
@ -232,6 +233,7 @@ popd
%patch61 -p1 %patch61 -p1
%patch62 -p1 %patch62 -p1
%patch63 -p1 %patch63 -p1
%patch64 -p1
autoreconf autoreconf
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4 pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
@ -433,6 +435,12 @@ getent passwd sshd >/dev/null || \
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
%changelog %changelog
* Fri Dec 16 2022 renmingshuai <renmingshuai@huawei.com> - 8.8p1-10
- Type:bugfix
- CVE:NA
- SUG:NA
- DESC:Fix ssh-keygen -Y check novalidate requires name
* Mon Nov 28 2022 zhaozhen <zhaozhen@loongson.cn> - 8.8p1-9 * Mon Nov 28 2022 zhaozhen <zhaozhen@loongson.cn> - 8.8p1-9
- Type:feature - Type:feature
- CVE:NA - CVE:NA