fix ssh-keygen -Y check novalidate requires name
This commit is contained in:
renmingshuai
parent
f1294d9bf6
commit
f91326ebce
@ -0,0 +1,41 @@
|
||||
From a0b5816f8f1f645acdf74f7bc11b34455ec30bac Mon Sep 17 00:00:00 2001
|
||||
From: "djm@openbsd.org" <djm@openbsd.org>
|
||||
Date: Fri, 18 Mar 2022 02:31:25 +0000
|
||||
Subject: [PATCH] upstream: ssh-keygen -Y check-novalidate requires namespace
|
||||
or SEGV
|
||||
|
||||
will ensue. Patch from Mateusz Adamowski via GHPR#307
|
||||
|
||||
OpenBSD-Commit-ID: 99e8ec38f9feb38bce6de240335be34aedeba5fd
|
||||
Reference:https://github.com/openssh/openssh-portable/commit/a0b5816f8f1f645acdf74f7bc11b34455ec30bac
|
||||
Conflict:NA
|
||||
---
|
||||
ssh-keygen.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ssh-keygen.c b/ssh-keygen.c
|
||||
index 7fc616c..bd6ea16 100644
|
||||
--- a/ssh-keygen.c
|
||||
+++ b/ssh-keygen.c
|
||||
@@ -1,4 +1,4 @@
|
||||
-/* $OpenBSD: ssh-keygen.c,v 1.437 2021/09/08 03:23:44 djm Exp $ */
|
||||
+/* $OpenBSD: ssh-keygen.c,v 1.449 2022/03/18 02:31:25 djm Exp $ */
|
||||
/*
|
||||
* Author: Tatu Ylonen <ylo@cs.hut.fi>
|
||||
* Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
||||
@@ -3489,6 +3489,12 @@ main(int argc, char **argv)
|
||||
return sig_sign(identity_file, cert_principals,
|
||||
argc, argv);
|
||||
} else if (strncmp(sign_op, "check-novalidate", 16) == 0) {
|
||||
+ if (cert_principals == NULL ||
|
||||
+ *cert_principals == '\0') {
|
||||
+ error("Too few arguments for check-novalidate: "
|
||||
+ "missing namespace");
|
||||
+ exit(1);
|
||||
+ }
|
||||
if (ca_key_path == NULL) {
|
||||
error("Too few arguments for check-novalidate: "
|
||||
"missing signature file");
|
||||
--
|
||||
2.23.0
|
||||
|
||||
10
openssh.spec
10
openssh.spec
@ -6,7 +6,7 @@
|
||||
%{?no_gtk2:%global gtk2 0}
|
||||
|
||||
%global sshd_uid 74
|
||||
%global openssh_release 9
|
||||
%global openssh_release 10
|
||||
|
||||
Name: openssh
|
||||
Version: 8.8p1
|
||||
@ -92,6 +92,7 @@ Patch6001: backport-fix-possible-NULL-deref-when-built-without-FIDO.patch
|
||||
Patch60: feature-add-SMx-support.patch
|
||||
Patch61: backport-upstream-a-little-extra-debugging.patch
|
||||
Patch62: backport-upstream-better-debugging-for-connect_next.patch
|
||||
Patch63: backport-upstream-ssh-keygen-Y-check-novalidate-requires-name.patch
|
||||
|
||||
Requires: /sbin/nologin
|
||||
Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8
|
||||
@ -233,6 +234,7 @@ popd
|
||||
%patch60 -p1
|
||||
%patch61 -p1
|
||||
%patch62 -p1
|
||||
%patch63 -p1
|
||||
|
||||
autoreconf
|
||||
pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4
|
||||
@ -434,6 +436,12 @@ getent passwd sshd >/dev/null || \
|
||||
%attr(0644,root,root) %{_mandir}/man8/sftp-server.8*
|
||||
|
||||
%changelog
|
||||
* Thu Dec 29 2022 renmingshuai<renmingshuai@huawei.com> - 8.8p1-10
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
- SUG:NA
|
||||
- DESC:fix ssh-keygen -Y check novalidate requires name
|
||||
|
||||
* Wed Dec 7 2022 duyiwei<duyiwei@kylinos.cn> - 8.8P1-9
|
||||
- Type:bugfix
|
||||
- CVE:NA
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user