From 9b39d7d2413c31158c93cc5cd07f9c0f478c3c6b Mon Sep 17 00:00:00 2001 From: renmingshuai Date: Fri, 16 Dec 2022 16:22:07 +0800 Subject: [PATCH] ssh-keygen -Y check novalidate requires name --- ...gen-Y-check-novalidate-requires-name.patch | 41 +++++++++++++++++++ openssh.spec | 10 ++++- 2 files changed, 50 insertions(+), 1 deletion(-) create mode 100644 backport-upstream-ssh-keygen-Y-check-novalidate-requires-name.patch diff --git a/backport-upstream-ssh-keygen-Y-check-novalidate-requires-name.patch b/backport-upstream-ssh-keygen-Y-check-novalidate-requires-name.patch new file mode 100644 index 0000000..aa9f80c --- /dev/null +++ b/backport-upstream-ssh-keygen-Y-check-novalidate-requires-name.patch @@ -0,0 +1,41 @@ +From a0b5816f8f1f645acdf74f7bc11b34455ec30bac Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 18 Mar 2022 02:31:25 +0000 +Subject: [PATCH] upstream: ssh-keygen -Y check-novalidate requires namespace + or SEGV + +will ensue. Patch from Mateusz Adamowski via GHPR#307 + +OpenBSD-Commit-ID: 99e8ec38f9feb38bce6de240335be34aedeba5fd +Reference:https://github.com/openssh/openssh-portable/commit/a0b5816f8f1f645acdf74f7bc11b34455ec30bac +Conflict:NA +--- + ssh-keygen.c | 8 +++++++- + 1 file changed, 7 insertions(+), 1 deletion(-) + +diff --git a/ssh-keygen.c b/ssh-keygen.c +index 7fc616c..bd6ea16 100644 +--- a/ssh-keygen.c ++++ b/ssh-keygen.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: ssh-keygen.c,v 1.437 2021/09/08 03:23:44 djm Exp $ */ ++/* $OpenBSD: ssh-keygen.c,v 1.449 2022/03/18 02:31:25 djm Exp $ */ + /* + * Author: Tatu Ylonen + * Copyright (c) 1994 Tatu Ylonen , Espoo, Finland +@@ -3489,6 +3489,12 @@ main(int argc, char **argv) + return sig_sign(identity_file, cert_principals, + argc, argv); + } else if (strncmp(sign_op, "check-novalidate", 16) == 0) { ++ if (cert_principals == NULL || ++ *cert_principals == '\0') { ++ error("Too few arguments for check-novalidate: " ++ "missing namespace"); ++ exit(1); ++ } + if (ca_key_path == NULL) { + error("Too few arguments for check-novalidate: " + "missing signature file"); +-- +2.23.0 + diff --git a/openssh.spec b/openssh.spec index fbd6da0..6f2e7e8 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 13 +%global openssh_release 14 Name: openssh Version: 8.8p1 @@ -104,6 +104,7 @@ Patch71: openssh-Add-sw64-architecture.patch Patch72: backport-upstream-a-little-extra-debugging.patch Patch73: backport-upstream-better-debugging-for-connect_next.patch Patch74: add-loongarch.patch +Patch75: backport-upstream-ssh-keygen-Y-check-novalidate-requires-name.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -256,6 +257,7 @@ popd %patch72 -p1 %patch73 -p1 %patch74 -p1 +%patch75 -p1 autoreconf pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4 @@ -457,6 +459,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Fri Dec 16 2022 renmingshuai - 8.8p1-14 +- Type:bugfix +- CVE:NA +- SUG:NA +- DESC:Fix ssh-keygen -Y check novalidate requires name + * Mon Nov 28 2022 zhaozhen - 8.8p1-13 - Type:feature - CVE:NA -- Gitee