Resolves: #1824926 - SSH: use new ECDSA key types to check known hosts
This commit is contained in:
		
							parent
							
								
									53c8c93125
								
							
						
					
					
						commit
						6a752013d0
					
				
							
								
								
									
										47
									
								
								0001-curl-7.69.1-ssh-ecdsa-keys.patch
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										47
									
								
								0001-curl-7.69.1-ssh-ecdsa-keys.patch
									
									
									
									
									
										Normal file
									
								
							| @ -0,0 +1,47 @@ | ||||
| From e7bd08d289e55c9080590c1147df6584ec881523 Mon Sep 17 00:00:00 2001 | ||||
| From: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | ||||
| Date: Thu, 16 Apr 2020 19:26:06 +0200 | ||||
| Subject: [PATCH] libssh: Use new ECDSA key types to check known hosts | ||||
| 
 | ||||
| From libssh 0.9.0, ssh_key_type() returns different key types for ECDSA | ||||
| keys depending on the curve. | ||||
| 
 | ||||
| Signed-off-by: Anderson Toshiyuki Sasaki <ansasaki@redhat.com> | ||||
| Fixes #5252 | ||||
| Closes #5253 | ||||
| 
 | ||||
| Upstream-commit: 14bf7eb6e526f7ce0c60c1c972b4d935c1c5132d | ||||
| Signed-off-by: Kamil Dudka <kdudka@redhat.com> | ||||
| ---
 | ||||
|  lib/vssh/libssh.c | 8 ++++++++ | ||||
|  1 file changed, 8 insertions(+) | ||||
| 
 | ||||
| diff --git a/lib/vssh/libssh.c b/lib/vssh/libssh.c
 | ||||
| index 08d9f9e0f..54bc5e019 100644
 | ||||
| --- a/lib/vssh/libssh.c
 | ||||
| +++ b/lib/vssh/libssh.c
 | ||||
| @@ -403,6 +403,9 @@ static int myssh_is_known(struct connectdata *conn)
 | ||||
|            knownkey.keytype = CURLKHTYPE_RSA1; | ||||
|            break; | ||||
|          case SSH_KEYTYPE_ECDSA: | ||||
| +        case SSH_KEYTYPE_ECDSA_P256:
 | ||||
| +        case SSH_KEYTYPE_ECDSA_P384:
 | ||||
| +        case SSH_KEYTYPE_ECDSA_P521:
 | ||||
|            knownkey.keytype = CURLKHTYPE_ECDSA; | ||||
|            break; | ||||
|          case SSH_KEYTYPE_ED25519: | ||||
| @@ -470,6 +473,11 @@ static int myssh_is_known(struct connectdata *conn)
 | ||||
|          foundkey.keytype = CURLKHTYPE_RSA1; | ||||
|          break; | ||||
|        case SSH_KEYTYPE_ECDSA: | ||||
| +#if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0,9,0)
 | ||||
| +      case SSH_KEYTYPE_ECDSA_P256:
 | ||||
| +      case SSH_KEYTYPE_ECDSA_P384:
 | ||||
| +      case SSH_KEYTYPE_ECDSA_P521:
 | ||||
| +#endif
 | ||||
|          foundkey.keytype = CURLKHTYPE_ECDSA; | ||||
|          break; | ||||
|  #if LIBSSH_VERSION_INT >= SSH_VERSION_INT(0,7,0) | ||||
| -- 
 | ||||
| 2.21.1 | ||||
| 
 | ||||
| @ -1,10 +1,13 @@ | ||||
| Summary: A utility for getting files from remote servers (FTP, HTTP, and others) | ||||
| Name: curl | ||||
| Version: 7.69.1 | ||||
| Release: 2%{?dist} | ||||
| Release: 3%{?dist} | ||||
| License: MIT | ||||
| Source: https://curl.haxx.se/download/%{name}-%{version}.tar.xz | ||||
| 
 | ||||
| # SSH: use new ECDSA key types to check known hosts (#1824926) | ||||
| Patch1:   0001-curl-7.69.1-ssh-ecdsa-keys.patch | ||||
| 
 | ||||
| # patch making libcurl multilib ready | ||||
| Patch101: 0101-curl-7.32.0-multilib.patch | ||||
| 
 | ||||
| @ -169,6 +172,7 @@ be installed. | ||||
| 
 | ||||
| %prep | ||||
| %setup -q | ||||
| %patch1 -p1 | ||||
| 
 | ||||
| # upstream patches | ||||
| 
 | ||||
| @ -346,6 +350,9 @@ rm -f ${RPM_BUILD_ROOT}%{_libdir}/libcurl.la | ||||
| %{_libdir}/libcurl.so.4.[0-9].[0-9].minimal | ||||
| 
 | ||||
| %changelog | ||||
| * Mon Apr 20 2020 Kamil Dudka <kdudka@redhat.com> - 7.69.1-3 | ||||
| - SSH: use new ECDSA key types to check known hosts (#1824926) | ||||
| 
 | ||||
| * Fri Apr 17 2020 Tom Stellard <tstellar@redhat.com> - 7.69.1-2 | ||||
| - Prevent discarding of -g when compiling with clang | ||||
| 
 | ||||
|  | ||||
		Loading…
	
		Reference in New Issue
	
	Block a user