Fix ssh-keyscan to correctly hash hosts with a port number (closes: #857736, LP: #1670745).

author: Colin Watson <cjwatson@debian.org> 2017-03-14 13:41:34 +0000
committer: Colin Watson <cjwatson@debian.org> 2017-03-14 13:43:04 +0000
commit: 4b128b76f5e0e41c3edb950ec503cf04bdd83028 (patch)
tree: 2faa96a0c1ff1a6019f0a007bb69599edccc0531 /debian/patches
parent: 5e90171e0d3f39624c922a06e434423b31f6f9b9 (diff)
parent: a0f9daa9c3cc2b37b9707b228263eb717d201371 (diff)
2 files changed, 49 insertions, 0 deletions
diff --git a/debian/patches/series b/debian/patches/series
index 7ddc4a772..2d9d2bc12 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -31,3 +31,4 @@ sandbox-x32-workaround.patch
 no-dsa-host-key-by-default.patch
 restore-authorized_keys2.patch
 ssh-keygen-hash-corruption.patch
+ssh-keyscan-hash-port.patch
diff --git a/debian/patches/ssh-keyscan-hash-port.patch b/debian/patches/ssh-keyscan-hash-port.patch
new file mode 100644
index 000000000..32a2f6a01
--- /dev/null
+++ b/debian/patches/ssh-keyscan-hash-port.patch
@@ -0,0 +1,48 @@
+From a0f9daa9c3cc2b37b9707b228263eb717d201371 Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Fri, 10 Mar 2017 03:18:24 +0000
+Subject: upstream commit
+correctly hash hosts with a port number. Reported by Josh
+Powers in bz#2692; ok dtucker@
+Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
+Origin: https://anongit.mindrot.org/openssh.git/commit/?id=8a2834454c73dfc1eb96453c0e97690595f3f4c2
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2692
+Bug-Debian: https://bugs.debian.org/857736
+Bug-Ubuntu: https://bugs.launchpad.net/bugs/1670745
+Last-Update: 2017-03-14
+Patch-Name: ssh-keyscan-hash-port.patch
+---
+ ssh-keyscan.c | 11 ++++++-----
+ 1 file changed, 6 insertions(+), 5 deletions(-)
+diff --git a/ssh-keyscan.c b/ssh-keyscan.c
+index c30d54e6..24b51ff1 100644
+--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
+@@ -321,16 +321,17 @@ keygrab_ssh2(con *c)
+ }
+ 
+ static void
+-keyprint_one(char *host, struct sshkey *key)
+keyprint_one(const char *host, struct sshkey *key)
+ {
+        char *hostport;
+-
+-       if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
+-               fatal("host_hash failed");
+       const char *known_host, *hashed;
+ 
+        hostport = put_host_port(host, ssh_port);
+       if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
+               fatal("host_hash failed");
+       known_host = hash_hosts ? hashed : hostport;
+        if (!get_cert)
+-               fprintf(stdout, "%s ", hostport);
+               fprintf(stdout, "%s ", known_host);
+        sshkey_write(key, stdout);
+        fputs("\n", stdout);
+        free(hostport);
author	Colin Watson <cjwatson@debian.org>	2017-03-14 13:41:34 +0000
committer	Colin Watson <cjwatson@debian.org>	2017-03-14 13:43:04 +0000
commit	4b128b76f5e0e41c3edb950ec503cf04bdd83028 (patch)
tree	2faa96a0c1ff1a6019f0a007bb69599edccc0531 /debian/patches
parent	5e90171e0d3f39624c922a06e434423b31f6f9b9 (diff)
parent	a0f9daa9c3cc2b37b9707b228263eb717d201371 (diff)

diff --git a/debian/patches/series b/debian/patches/series index 7ddc4a772..2d9d2bc12 100644 --- a/debian/patches/series +++ b/debian/patches/series
@@ -31,3 +31,4 @@ sandbox-x32-workaround.patch
31	no-dsa-host-key-by-default.patch	31	no-dsa-host-key-by-default.patch
32	restore-authorized_keys2.patch	32	restore-authorized_keys2.patch
33	ssh-keygen-hash-corruption.patch	33	ssh-keygen-hash-corruption.patch
		34	ssh-keyscan-hash-port.patch


diff --git a/debian/patches/ssh-keyscan-hash-port.patch b/debian/patches/ssh-keyscan-hash-port.patch new file mode 100644 index 000000000..32a2f6a01 --- /dev/null +++ b/debian/patches/ssh-keyscan-hash-port.patch
@@ -0,0 +1,48 @@
		1	From a0f9daa9c3cc2b37b9707b228263eb717d201371 Mon Sep 17 00:00:00 2001
		2	From: "djm@openbsd.org" <djm@openbsd.org>
		3	Date: Fri, 10 Mar 2017 03:18:24 +0000
		4	Subject: upstream commit
		5
		6	correctly hash hosts with a port number. Reported by Josh
		7	Powers in bz#2692; ok dtucker@
		8
		9	Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
		10
		11	Origin: https://anongit.mindrot.org/openssh.git/commit/?id=8a2834454c73dfc1eb96453c0e97690595f3f4c2
		12	Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2692
		13	Bug-Debian: https://bugs.debian.org/857736
		14	Bug-Ubuntu: https://bugs.launchpad.net/bugs/1670745
		15	Last-Update: 2017-03-14
		16
		17	Patch-Name: ssh-keyscan-hash-port.patch
		18	---
		19	ssh-keyscan.c \| 11 ++++++-----
		20	1 file changed, 6 insertions(+), 5 deletions(-)
		21
		22	diff --git a/ssh-keyscan.c b/ssh-keyscan.c
		23	index c30d54e6..24b51ff1 100644
		24	--- a/ssh-keyscan.c
		25	+++ b/ssh-keyscan.c
		26	@@ -321,16 +321,17 @@ keygrab_ssh2(con *c)
		27	}
		28
		29	static void
		30	-keyprint_one(char host, struct sshkey key)
		31	+keyprint_one(const char host, struct sshkey key)
		32	{
		33	char *hostport;
		34	-
		35	- if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
		36	- fatal("host_hash failed");
		37	+ const char known_host, hashed;
		38
		39	hostport = put_host_port(host, ssh_port);
		40	+ if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
		41	+ fatal("host_hash failed");
		42	+ known_host = hash_hosts ? hashed : hostport;
		43	if (!get_cert)
		44	- fprintf(stdout, "%s ", hostport);
		45	+ fprintf(stdout, "%s ", known_host);
		46	sshkey_write(key, stdout);
		47	fputs("\n", stdout);
		48	free(hostport);