rpms/curl
8
0
Fork 1
Code Issues Pull Requests Releases Activity

Resolves: #1824926 - SSH: use new ECDSA key types to check known hosts

Browse Source
This commit is contained in:
Kamil Dudka 2020-04-20 11:21:23 +02:00
parent 53c8c93125
commit 6a752013d0
2 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

47
0001-curl-7.69.1-ssh-ecdsa-keys.patch Normal file
View File

@ -0,0 +1,47 @@
From e7bd08d289e55c9080590c1147df6584ec881523 Mon Sep 17 00:00:00 2001
From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Date: Thu, 16 Apr 2020 19:26:06 +0200
Subject: [PATCH] libssh: Use new ECDSA key types to check known hosts
From libssh 0.9.0, ssh_key_type() returns different key types for ECDSA
keys depending on the curve.
Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com>
Fixes #5252
Closes #5253
Upstream-commit: 14bf7eb6e526f7ce0c60c1c972b4d935c1c5132d
Signed-off-by: Kamil Dudka <kdudka@redhat.com>
---
lib/vssh/libssh.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
index 08d9f9e0f..54bc5e019 100644
--- a/lib/vssh/libssh.c
+++ b/lib/vssh/libssh.c
@@ -403,6 +403,9 @@ static int myssh_is_known(struct connectdata *conn)
knownkey.keytype = CURLKHTYPE_RSA1;
break;
case SSH_KEYTYPE_ECDSA:
+ case SSH_KEYTYPE_ECDSA_P256:
+ case SSH_KEYTYPE_ECDSA_P384:
+ case SSH_KEYTYPE_ECDSA_P521:
knownkey.keytype = CURLKHTYPE_ECDSA;
break;
case SSH_KEYTYPE_ED25519:
@@ -470,6 +473,11 @@ static int myssh_is_known(struct connectdata *conn)
foundkey.keytype = CURLKHTYPE_RSA1;
break;
case SSH_KEYTYPE_ECDSA:
+#if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0,9,0)
+ case SSH_KEYTYPE_ECDSA_P256:
+ case SSH_KEYTYPE_ECDSA_P384:
+ case SSH_KEYTYPE_ECDSA_P521:
+#endif
foundkey.keytype = CURLKHTYPE_ECDSA;
break;
#if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0,7,0)
--
2.21.1

9
curl.spec
View File

@ -1,10 +1,13 @@
Summary: A utility for getting files from remote servers (FTP, HTTP, and others) Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
Name: curl Name: curl
Version: 7.69.1 Version: 7.69.1
Release: 2%{?dist} Release: 3%{?dist}
License: MIT License: MIT
Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz
# SSH: use new ECDSA key types to check known hosts (#1824926)
Patch1: 0001-curl-7.69.1-ssh-ecdsa-keys.patch
# patch making libcurl multilib ready # patch making libcurl multilib ready
Patch101: 0101-curl-7.32.0-multilib.patch Patch101: 0101-curl-7.32.0-multilib.patch
@ -169,6 +172,7 @@ be installed.
%prep %prep
%setup -q %setup -q
%patch1 -p1
# upstream patches # upstream patches
@ -346,6 +350,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la
%{_libdir}/libcurl.so.4.[0-9].[0-9].minimal %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal
%changelog %changelog
* Mon Apr 20 2020 Kamil Dudka <kdudka@redhat.com> - 7.69.1-3
- SSH: use new ECDSA key types to check known hosts (#1824926)
* Fri Apr 17 2020 Tom Stellard <tstellar@redhat.com> - 7.69.1-2 * Fri Apr 17 2020 Tom Stellard <tstellar@redhat.com> - 7.69.1-2
- Prevent discarding of -g when compiling with clang - Prevent discarding of -g when compiling with clang