summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/.git-dpm4
-rw-r--r--debian/changelog2
-rw-r--r--debian/patches/series1
-rw-r--r--debian/patches/ssh-keyscan-hash-port.patch48
-rw-r--r--ssh-keyscan.c11
5 files changed, 59 insertions, 7 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm
index 0acd19a85..9ddb5b008 100644
--- a/debian/.git-dpm
+++ b/debian/.git-dpm
@@ -1,6 +1,6 @@
1# see git-dpm(1) from git-dpm package 1# see git-dpm(1) from git-dpm package
278800aa252da1ebbfb55f7e593f43c337e694cc3 2a0f9daa9c3cc2b37b9707b228263eb717d201371
378800aa252da1ebbfb55f7e593f43c337e694cc3 3a0f9daa9c3cc2b37b9707b228263eb717d201371
4971a7653746a6972b907dfe0ce139c06e4a6f482 4971a7653746a6972b907dfe0ce139c06e4a6f482
5971a7653746a6972b907dfe0ce139c06e4a6f482 5971a7653746a6972b907dfe0ce139c06e4a6f482
6openssh_7.4p1.orig.tar.gz 6openssh_7.4p1.orig.tar.gz
diff --git a/debian/changelog b/debian/changelog
index 0920286dd..b0a965c15 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,6 +2,8 @@ openssh (1:7.4p1-8) UNRELEASED; urgency=medium
2 2
3 * Fix ssh-keygen -H accidentally corrupting known_hosts that contained 3 * Fix ssh-keygen -H accidentally corrupting known_hosts that contained
4 already-hashed entries (closes: #851734, LP: #1668093). 4 already-hashed entries (closes: #851734, LP: #1668093).
5 * Fix ssh-keyscan to correctly hash hosts with a port number (closes:
6 #857736, LP: #1670745).
5 7
6 -- Colin Watson <cjwatson@debian.org> Thu, 09 Mar 2017 11:25:55 +0000 8 -- Colin Watson <cjwatson@debian.org> Thu, 09 Mar 2017 11:25:55 +0000
7 9
diff --git a/debian/patches/series b/debian/patches/series
index 7ddc4a772..2d9d2bc12 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -31,3 +31,4 @@ sandbox-x32-workaround.patch
31no-dsa-host-key-by-default.patch 31no-dsa-host-key-by-default.patch
32restore-authorized_keys2.patch 32restore-authorized_keys2.patch
33ssh-keygen-hash-corruption.patch 33ssh-keygen-hash-corruption.patch
34ssh-keyscan-hash-port.patch
diff --git a/debian/patches/ssh-keyscan-hash-port.patch b/debian/patches/ssh-keyscan-hash-port.patch
new file mode 100644
index 000000000..32a2f6a01
--- /dev/null
+++ b/debian/patches/ssh-keyscan-hash-port.patch
@@ -0,0 +1,48 @@
1From a0f9daa9c3cc2b37b9707b228263eb717d201371 Mon Sep 17 00:00:00 2001
2From: "djm@openbsd.org" <djm@openbsd.org>
3Date: Fri, 10 Mar 2017 03:18:24 +0000
4Subject: upstream commit
5
6correctly hash hosts with a port number. Reported by Josh
7Powers in bz#2692; ok dtucker@
8
9Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442
10
11Origin: https://anongit.mindrot.org/openssh.git/commit/?id=8a2834454c73dfc1eb96453c0e97690595f3f4c2
12Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2692
13Bug-Debian: https://bugs.debian.org/857736
14Bug-Ubuntu: https://bugs.launchpad.net/bugs/1670745
15Last-Update: 2017-03-14
16
17Patch-Name: ssh-keyscan-hash-port.patch
18---
19 ssh-keyscan.c | 11 ++++++-----
20 1 file changed, 6 insertions(+), 5 deletions(-)
21
22diff --git a/ssh-keyscan.c b/ssh-keyscan.c
23index c30d54e6..24b51ff1 100644
24--- a/ssh-keyscan.c
25+++ b/ssh-keyscan.c
26@@ -321,16 +321,17 @@ keygrab_ssh2(con *c)
27 }
28
29 static void
30-keyprint_one(char *host, struct sshkey *key)
31+keyprint_one(const char *host, struct sshkey *key)
32 {
33 char *hostport;
34-
35- if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
36- fatal("host_hash failed");
37+ const char *known_host, *hashed;
38
39 hostport = put_host_port(host, ssh_port);
40+ if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
41+ fatal("host_hash failed");
42+ known_host = hash_hosts ? hashed : hostport;
43 if (!get_cert)
44- fprintf(stdout, "%s ", hostport);
45+ fprintf(stdout, "%s ", known_host);
46 sshkey_write(key, stdout);
47 fputs("\n", stdout);
48 free(hostport);
diff --git a/ssh-keyscan.c b/ssh-keyscan.c
index c30d54e62..24b51ff12 100644
--- a/ssh-keyscan.c
+++ b/ssh-keyscan.c
@@ -321,16 +321,17 @@ keygrab_ssh2(con *c)
321} 321}
322 322
323static void 323static void
324keyprint_one(char *host, struct sshkey *key) 324keyprint_one(const char *host, struct sshkey *key)
325{ 325{
326 char *hostport; 326 char *hostport;
327 327 const char *known_host, *hashed;
328 if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL)
329 fatal("host_hash failed");
330 328
331 hostport = put_host_port(host, ssh_port); 329 hostport = put_host_port(host, ssh_port);
330 if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL)
331 fatal("host_hash failed");
332 known_host = hash_hosts ? hashed : hostport;
332 if (!get_cert) 333 if (!get_cert)
333 fprintf(stdout, "%s ", hostport); 334 fprintf(stdout, "%s ", known_host);
334 sshkey_write(key, stdout); 335 sshkey_write(key, stdout);
335 fputs("\n", stdout); 336 fputs("\n", stdout);
336 free(hostport); 337 free(hostport);