forked from rpms/openssh
FIX pam_ssh_agent_auth auth for RSA keys
Related: rhbz#2070113
This commit is contained in:
parent
9697eecfeb
commit
9591af3b1d
11
openssh.spec
11
openssh.spec
@ -51,9 +51,9 @@
|
|||||||
|
|
||||||
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
# Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1
|
||||||
%global openssh_ver 8.7p1
|
%global openssh_ver 8.7p1
|
||||||
%global openssh_rel 18
|
%global openssh_rel 19
|
||||||
%global pam_ssh_agent_ver 0.10.4
|
%global pam_ssh_agent_ver 0.10.4
|
||||||
%global pam_ssh_agent_rel 4
|
%global pam_ssh_agent_rel 5
|
||||||
|
|
||||||
Summary: An open source implementation of SSH protocol version 2
|
Summary: An open source implementation of SSH protocol version 2
|
||||||
Name: openssh
|
Name: openssh
|
||||||
@ -102,6 +102,8 @@ Patch306: pam_ssh_agent_auth-0.10.2-compat.patch
|
|||||||
# Fix NULL dereference from getpwuid() return value
|
# Fix NULL dereference from getpwuid() return value
|
||||||
# https://sourceforge.net/p/pamsshagentauth/bugs/22/
|
# https://sourceforge.net/p/pamsshagentauth/bugs/22/
|
||||||
Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
|
Patch307: pam_ssh_agent_auth-0.10.2-dereference.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2070113
|
||||||
|
Patch308: pam_ssh_agent_auth-0.10.4-rsasha2.patch
|
||||||
|
|
||||||
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
|
#https://bugzilla.mindrot.org/show_bug.cgi?id=1641 (WONTFIX)
|
||||||
Patch400: openssh-7.8p1-role-mls.patch
|
Patch400: openssh-7.8p1-role-mls.patch
|
||||||
@ -377,6 +379,7 @@ pushd pam_ssh_agent_auth-pam_ssh_agent_auth-%{pam_ssh_agent_ver}
|
|||||||
%patch306 -p2 -b .psaa-compat
|
%patch306 -p2 -b .psaa-compat
|
||||||
%patch305 -p2 -b .psaa-agent
|
%patch305 -p2 -b .psaa-agent
|
||||||
%patch307 -p2 -b .psaa-deref
|
%patch307 -p2 -b .psaa-deref
|
||||||
|
%patch308 -p2 -b .rsasha2
|
||||||
# Remove duplicate headers and library files
|
# Remove duplicate headers and library files
|
||||||
rm -f $(cat %{SOURCE5})
|
rm -f $(cat %{SOURCE5})
|
||||||
popd
|
popd
|
||||||
@ -725,6 +728,10 @@ test -f %{sysconfig_anaconda} && \
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Fri Jul 15 2022 Dmitry Belyavskiy <dbelyavs@redhat.com> - 8.7p1-19 + 0.10.4-5
|
||||||
|
- FIX pam_ssh_agent_auth auth for RSA keys
|
||||||
|
Related: rhbz#2070113
|
||||||
|
|
||||||
* Thu Jul 14 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-18
|
* Thu Jul 14 2022 Zoltan Fridrich <zfridric@redhat.com> - 8.7p1-18
|
||||||
- Fix new coverity issues
|
- Fix new coverity issues
|
||||||
Related: rhbz#2068423
|
Related: rhbz#2068423
|
||||||
|
19
pam_ssh_agent_auth-0.10.4-rsasha2.patch
Normal file
19
pam_ssh_agent_auth-0.10.4-rsasha2.patch
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
diff -up openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.rsasha2 openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c
|
||||||
|
--- openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c.rsasha2 2022-07-15 15:08:12.865585410 +0200
|
||||||
|
+++ openssh-8.7p1/pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4/userauth_pubkey_from_id.c 2022-07-15 15:16:25.164282372 +0200
|
||||||
|
@@ -87,8 +87,13 @@ userauth_pubkey_from_id(const char *ruse
|
||||||
|
(r = sshbuf_put_string(b, pkblob, blen)) != 0)
|
||||||
|
fatal("%s: buffer error: %s", __func__, ssh_err(r));
|
||||||
|
|
||||||
|
- if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
|
||||||
|
- goto user_auth_clean_exit;
|
||||||
|
+ if (sshkey_type_plain(id->key->type) == KEY_RSA
|
||||||
|
+ && ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), "rsa-sha2-256", 0) == 0) {
|
||||||
|
+ /* Do nothing */
|
||||||
|
+ } else {
|
||||||
|
+ if (ssh_agent_sign(id->ac->fd, id->key, &sig, &slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0) != 0)
|
||||||
|
+ goto user_auth_clean_exit;
|
||||||
|
+ }
|
||||||
|
|
||||||
|
/* test for correct signature */
|
||||||
|
if (sshkey_verify(id->key, sig, slen, sshbuf_ptr(b), sshbuf_len(b), NULL, 0, NULL) == 0)
|
Loading…
Reference in New Issue
Block a user