Backport upstream patch to unbreak connections with peers that set first_kex_follows (LP: #1526357).

author: Colin Watson <cjwatson@debian.org> 2015-12-15 15:27:13 +0000
committer: Colin Watson <cjwatson@debian.org> 2015-12-15 15:39:57 +0000
commit: a1e1d4f1dd7d232df4c233da37987458676136f3 (patch)
tree: c4415e10ee5aaa56ca244d0146eb69fe34856a4d /debian/patches
parent: d9e39e5a672108d60865e73d6f510e813991c337 (diff)
parent: ed5dcc5819cd53636938bd5c30b8c5acdd1615e1 (diff)
2 files changed, 37 insertions, 0 deletions
diff --git a/debian/patches/backport-fix-first-kex-follows.patch b/debian/patches/backport-fix-first-kex-follows.patch
new file mode 100644
index 000000000..0333adad1
--- /dev/null
+++ b/debian/patches/backport-fix-first-kex-follows.patch
@@ -0,0 +1,36 @@
+From ed5dcc5819cd53636938bd5c30b8c5acdd1615e1 Mon Sep 17 00:00:00 2001
+From: Damien Miller <djm@mindrot.org>
+Date: Tue, 15 Dec 2015 15:25:04 +0000
+Subject: upstream commit
+unbreak connections with peers that set first_kex_follows;
+fix from Matt Johnston va bz#2515
+Origin: backport, http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.114&r2=1.115
+Forwarded: not-needed
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1526357
+Patch-Name: backport-fix-first-kex-follows.patch
+---
+ kex.c | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+diff --git a/kex.c b/kex.c
+index 39a6f98..12f3e41 100644
+--- a/kex.c
+++ b/kex.c
+@@ -286,11 +286,11 @@ kex_buf2prop(struct sshbuf *raw, int *first_kex_follows, char ***propp)
+                debug2("kex_parse_kexinit: %s", proposal[i]);
+        }
+        /* first kex follows / reserved */
+-       if ((r = sshbuf_get_u8(b, &v)) != 0 ||
+-           (r = sshbuf_get_u32(b, &i)) != 0)
+       if ((r = sshbuf_get_u8(b, &v)) != 0 ||  /* first_kex_follows */
+           (r = sshbuf_get_u32(b, &i)) != 0)   /* reserved */
+                goto out;
+        if (first_kex_follows != NULL)
+-               *first_kex_follows = i;
+               *first_kex_follows = v;
+        debug2("kex_parse_kexinit: first_kex_follows %d ", v);
+        debug2("kex_parse_kexinit: reserved %u ", i);
+        r = 0;
diff --git a/debian/patches/series b/debian/patches/series
index 816f65cc3..340077745 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -25,3 +25,4 @@ no-openssl-version-status.patch
 gnome-ssh-askpass2-icon.patch
 sigstop.patch
 debian-config.patch
+backport-fix-first-kex-follows.patch
author	Colin Watson <cjwatson@debian.org>	2015-12-15 15:27:13 +0000
committer	Colin Watson <cjwatson@debian.org>	2015-12-15 15:39:57 +0000
commit	a1e1d4f1dd7d232df4c233da37987458676136f3 (patch)
tree	c4415e10ee5aaa56ca244d0146eb69fe34856a4d /debian/patches
parent	d9e39e5a672108d60865e73d6f510e813991c337 (diff)
parent	ed5dcc5819cd53636938bd5c30b8c5acdd1615e1 (diff)

diff --git a/debian/patches/backport-fix-first-kex-follows.patch b/debian/patches/backport-fix-first-kex-follows.patch new file mode 100644 index 000000000..0333adad1 --- /dev/null +++ b/debian/patches/backport-fix-first-kex-follows.patch
@@ -0,0 +1,36 @@
		1	From ed5dcc5819cd53636938bd5c30b8c5acdd1615e1 Mon Sep 17 00:00:00 2001
		2	From: Damien Miller <djm@mindrot.org>
		3	Date: Tue, 15 Dec 2015 15:25:04 +0000
		4	Subject: upstream commit
		5
		6	unbreak connections with peers that set first_kex_follows;
		7	fix from Matt Johnston va bz#2515
		8
		9	Origin: backport, http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/kex.c.diff?r1=1.114&r2=1.115
		10	Forwarded: not-needed
		11	Bug-Ubuntu: https://bugs.launchpad.net/bugs/1526357
		12
		13	Patch-Name: backport-fix-first-kex-follows.patch
		14	---
		15	kex.c \| 6 +++---
		16	1 file changed, 3 insertions(+), 3 deletions(-)
		17
		18	diff --git a/kex.c b/kex.c
		19	index 39a6f98..12f3e41 100644
		20	--- a/kex.c
		21	+++ b/kex.c
		22	@@ -286,11 +286,11 @@ kex_buf2prop(struct sshbuf raw, int first_kex_follows, char ***propp)
		23	debug2("kex_parse_kexinit: %s", proposal[i]);
		24	}
		25	/* first kex follows / reserved */
		26	- if ((r = sshbuf_get_u8(b, &v)) != 0 \|\|
		27	- (r = sshbuf_get_u32(b, &i)) != 0)
		28	+ if ((r = sshbuf_get_u8(b, &v)) != 0 \|\| /* first_kex_follows */
		29	+ (r = sshbuf_get_u32(b, &i)) != 0) /* reserved */
		30	goto out;
		31	if (first_kex_follows != NULL)
		32	- *first_kex_follows = i;
		33	+ *first_kex_follows = v;
		34	debug2("kex_parse_kexinit: first_kex_follows %d ", v);
		35	debug2("kex_parse_kexinit: reserved %u ", i);
		36	r = 0;


diff --git a/debian/patches/series b/debian/patches/series index 816f65cc3..340077745 100644 --- a/debian/patches/series +++ b/debian/patches/series
@@ -25,3 +25,4 @@ no-openssl-version-status.patch
25	gnome-ssh-askpass2-icon.patch	25	gnome-ssh-askpass2-icon.patch
26	sigstop.patch	26	sigstop.patch
27	debian-config.patch	27	debian-config.patch
		28	backport-fix-first-kex-follows.patch