diff options
-rw-r--r-- | debian/.git-dpm | 4 | ||||
-rw-r--r-- | debian/changelog | 2 | ||||
-rw-r--r-- | debian/patches/series | 1 | ||||
-rw-r--r-- | debian/patches/ssh-keyscan-hash-port.patch | 48 | ||||
-rw-r--r-- | ssh-keyscan.c | 11 |
5 files changed, 59 insertions, 7 deletions
diff --git a/debian/.git-dpm b/debian/.git-dpm index 0acd19a85..9ddb5b008 100644 --- a/debian/.git-dpm +++ b/debian/.git-dpm | |||
@@ -1,6 +1,6 @@ | |||
1 | # see git-dpm(1) from git-dpm package | 1 | # see git-dpm(1) from git-dpm package |
2 | 78800aa252da1ebbfb55f7e593f43c337e694cc3 | 2 | a0f9daa9c3cc2b37b9707b228263eb717d201371 |
3 | 78800aa252da1ebbfb55f7e593f43c337e694cc3 | 3 | a0f9daa9c3cc2b37b9707b228263eb717d201371 |
4 | 971a7653746a6972b907dfe0ce139c06e4a6f482 | 4 | 971a7653746a6972b907dfe0ce139c06e4a6f482 |
5 | 971a7653746a6972b907dfe0ce139c06e4a6f482 | 5 | 971a7653746a6972b907dfe0ce139c06e4a6f482 |
6 | openssh_7.4p1.orig.tar.gz | 6 | openssh_7.4p1.orig.tar.gz |
diff --git a/debian/changelog b/debian/changelog index 0920286dd..b0a965c15 100644 --- a/debian/changelog +++ b/debian/changelog | |||
@@ -2,6 +2,8 @@ openssh (1:7.4p1-8) UNRELEASED; urgency=medium | |||
2 | 2 | ||
3 | * Fix ssh-keygen -H accidentally corrupting known_hosts that contained | 3 | * Fix ssh-keygen -H accidentally corrupting known_hosts that contained |
4 | already-hashed entries (closes: #851734, LP: #1668093). | 4 | already-hashed entries (closes: #851734, LP: #1668093). |
5 | * Fix ssh-keyscan to correctly hash hosts with a port number (closes: | ||
6 | #857736, LP: #1670745). | ||
5 | 7 | ||
6 | -- Colin Watson <cjwatson@debian.org> Thu, 09 Mar 2017 11:25:55 +0000 | 8 | -- Colin Watson <cjwatson@debian.org> Thu, 09 Mar 2017 11:25:55 +0000 |
7 | 9 | ||
diff --git a/debian/patches/series b/debian/patches/series index 7ddc4a772..2d9d2bc12 100644 --- a/debian/patches/series +++ b/debian/patches/series | |||
@@ -31,3 +31,4 @@ sandbox-x32-workaround.patch | |||
31 | no-dsa-host-key-by-default.patch | 31 | no-dsa-host-key-by-default.patch |
32 | restore-authorized_keys2.patch | 32 | restore-authorized_keys2.patch |
33 | ssh-keygen-hash-corruption.patch | 33 | ssh-keygen-hash-corruption.patch |
34 | ssh-keyscan-hash-port.patch | ||
diff --git a/debian/patches/ssh-keyscan-hash-port.patch b/debian/patches/ssh-keyscan-hash-port.patch new file mode 100644 index 000000000..32a2f6a01 --- /dev/null +++ b/debian/patches/ssh-keyscan-hash-port.patch | |||
@@ -0,0 +1,48 @@ | |||
1 | From a0f9daa9c3cc2b37b9707b228263eb717d201371 Mon Sep 17 00:00:00 2001 | ||
2 | From: "djm@openbsd.org" <djm@openbsd.org> | ||
3 | Date: Fri, 10 Mar 2017 03:18:24 +0000 | ||
4 | Subject: upstream commit | ||
5 | |||
6 | correctly hash hosts with a port number. Reported by Josh | ||
7 | Powers in bz#2692; ok dtucker@ | ||
8 | |||
9 | Upstream-ID: 468e357ff143e00acc05bdd2803a696b3d4b6442 | ||
10 | |||
11 | Origin: https://anongit.mindrot.org/openssh.git/commit/?id=8a2834454c73dfc1eb96453c0e97690595f3f4c2 | ||
12 | Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2692 | ||
13 | Bug-Debian: https://bugs.debian.org/857736 | ||
14 | Bug-Ubuntu: https://bugs.launchpad.net/bugs/1670745 | ||
15 | Last-Update: 2017-03-14 | ||
16 | |||
17 | Patch-Name: ssh-keyscan-hash-port.patch | ||
18 | --- | ||
19 | ssh-keyscan.c | 11 ++++++----- | ||
20 | 1 file changed, 6 insertions(+), 5 deletions(-) | ||
21 | |||
22 | diff --git a/ssh-keyscan.c b/ssh-keyscan.c | ||
23 | index c30d54e6..24b51ff1 100644 | ||
24 | --- a/ssh-keyscan.c | ||
25 | +++ b/ssh-keyscan.c | ||
26 | @@ -321,16 +321,17 @@ keygrab_ssh2(con *c) | ||
27 | } | ||
28 | |||
29 | static void | ||
30 | -keyprint_one(char *host, struct sshkey *key) | ||
31 | +keyprint_one(const char *host, struct sshkey *key) | ||
32 | { | ||
33 | char *hostport; | ||
34 | - | ||
35 | - if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) | ||
36 | - fatal("host_hash failed"); | ||
37 | + const char *known_host, *hashed; | ||
38 | |||
39 | hostport = put_host_port(host, ssh_port); | ||
40 | + if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) | ||
41 | + fatal("host_hash failed"); | ||
42 | + known_host = hash_hosts ? hashed : hostport; | ||
43 | if (!get_cert) | ||
44 | - fprintf(stdout, "%s ", hostport); | ||
45 | + fprintf(stdout, "%s ", known_host); | ||
46 | sshkey_write(key, stdout); | ||
47 | fputs("\n", stdout); | ||
48 | free(hostport); | ||
diff --git a/ssh-keyscan.c b/ssh-keyscan.c index c30d54e62..24b51ff12 100644 --- a/ssh-keyscan.c +++ b/ssh-keyscan.c | |||
@@ -321,16 +321,17 @@ keygrab_ssh2(con *c) | |||
321 | } | 321 | } |
322 | 322 | ||
323 | static void | 323 | static void |
324 | keyprint_one(char *host, struct sshkey *key) | 324 | keyprint_one(const char *host, struct sshkey *key) |
325 | { | 325 | { |
326 | char *hostport; | 326 | char *hostport; |
327 | 327 | const char *known_host, *hashed; | |
328 | if (hash_hosts && (host = host_hash(host, NULL, 0)) == NULL) | ||
329 | fatal("host_hash failed"); | ||
330 | 328 | ||
331 | hostport = put_host_port(host, ssh_port); | 329 | hostport = put_host_port(host, ssh_port); |
330 | if (hash_hosts && (hashed = host_hash(host, NULL, 0)) == NULL) | ||
331 | fatal("host_hash failed"); | ||
332 | known_host = hash_hosts ? hashed : hostport; | ||
332 | if (!get_cert) | 333 | if (!get_cert) |
333 | fprintf(stdout, "%s ", hostport); | 334 | fprintf(stdout, "%s ", known_host); |
334 | sshkey_write(key, stdout); | 335 | sshkey_write(key, stdout); |
335 | fputs("\n", stdout); | 336 | fputs("\n", stdout); |
336 | free(hostport); | 337 | free(hostport); |