forked from rpms/openssh
Provide better error for non-supported private keys
Resolves: RHEL-68124 Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
This commit is contained in:
parent
f4e43bc272
commit
86023c8a72
12
openssh-9.9p1-non-supported-keys-err-msg.patch
Normal file
12
openssh-9.9p1-non-supported-keys-err-msg.patch
Normal file
@ -0,0 +1,12 @@
|
||||
diff --color -ruNp a/sshkey.c b/sshkey.c
|
||||
--- a/sshkey.c 2025-04-29 11:20:59.484832762 +0200
|
||||
+++ b/sshkey.c 2025-04-29 11:28:32.349323029 +0200
|
||||
@@ -3599,6 +3599,8 @@ translate_libcrypto_error(unsigned long
|
||||
}
|
||||
case ERR_LIB_ASN1:
|
||||
return SSH_ERR_INVALID_FORMAT;
|
||||
+ case ERR_LIB_OSSL_DECODER:
|
||||
+ return SSH_ERR_INVALID_FORMAT;
|
||||
}
|
||||
return SSH_ERR_LIBCRYPTO_ERROR;
|
||||
}
|
@ -210,6 +210,7 @@ Patch1022: openssh-9.9p1-openssl-mlkem.patch
|
||||
Patch1023: openssh-9.9p1-compression-directive.patch
|
||||
# upstream fc86875e6acb36401dfc1dfb6b628a9d1460f367
|
||||
Patch1024: openssh-9.9p1-disable-forwarding.patch
|
||||
Patch1025: openssh-9.9p1-non-supported-keys-err-msg.patch
|
||||
|
||||
License: BSD-3-Clause AND BSD-2-Clause AND ISC AND SSH-OpenSSH AND ssh-keyscan AND sprintf AND LicenseRef-Fedora-Public-Domain AND X11-distribute-modifications-variant
|
||||
Requires: /sbin/nologin
|
||||
@ -399,6 +400,7 @@ gpgv2 --quiet --keyring %{SOURCE3} %{SOURCE1} %{SOURCE0}
|
||||
%patch -P 1022 -p1 -b .openssl-mlkem
|
||||
%patch -P 1023 -p1 -b .compression
|
||||
%patch -P 1024 -p1 -b .disable-forwarding
|
||||
%patch -P 1025 -p1 -b .non-supported-keys-err-msg
|
||||
|
||||
%patch -P 100 -p1 -b .coverity
|
||||
|
||||
@ -682,6 +684,8 @@ test -f %{sysconfig_anaconda} && \
|
||||
* Tue Apr 29 2025 Zoltan Fridrich <zfridric@redhat.com> - 9.9p1-9
|
||||
- CVE-2025-32728: Fix logic error in DisableForwarding option
|
||||
Resolves: RHEL-86819
|
||||
- Provide better error for non-supported private keys
|
||||
Resolves: RHEL-68124
|
||||
|
||||
* Thu Mar 20 2025 Dmitry Belyavskiy <dbelyavs@redhat.com> - 9.9p1-8
|
||||
- OpenSSH should not use its own implementation of MLKEM
|
||||
|
Loading…
Reference in New Issue
Block a user