| |
@@ -0,0 +1,70 @@
|
| |
+ From ca0e455b9331213ff9505a21b94c38e34faa2bba Mon Sep 17 00:00:00 2001
|
| |
+ From: "djm@openbsd.org" <djm@openbsd.org>
|
| |
+ Date: Tue, 7 Sep 2021 06:03:51 +0000
|
| |
+ Subject: [PATCH 1/2] upstream: avoid NULL deref in -Y find-principals. Report
|
| |
+ and fix
|
| |
+ MIME-Version: 1.0
|
| |
+ Content-Type: text/plain; charset=UTF-8
|
| |
+ Content-Transfer-Encoding: 8bit
|
| |
+
|
| |
+ from Carlo Marcelo Arenas Belón
|
| |
+ MIME-Version: 1.0
|
| |
+ Content-Type: text/plain; charset=UTF-8
|
| |
+ Content-Transfer-Encoding: 8bit
|
| |
+
|
| |
+ OpenBSD-Commit-ID: 6238486f8ecc888d6ccafcd9ad99e621bb41f1e0
|
| |
+ ---
|
| |
+ ssh-keygen.c | 5 +++--
|
| |
+ 1 file changed, 3 insertions(+), 2 deletions(-)
|
| |
+
|
| |
+ diff --git a/ssh-keygen.c b/ssh-keygen.c
|
| |
+ index 18e9f1d1..cf5d95af 100644
|
| |
+ --- a/ssh-keygen.c
|
| |
+ +++ b/ssh-keygen.c
|
| |
+ @@ -1,4 +1,4 @@
|
| |
+ -/* $OpenBSD: ssh-keygen.c,v 1.435 2021/08/11 08:54:17 djm Exp $ */
|
| |
+ +/* $OpenBSD: ssh-keygen.c,v 1.436 2021/09/07 06:03:51 djm Exp $ */
|
| |
+ /*
|
| |
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
|
| |
+ * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
| |
+ @@ -2680,7 +2680,8 @@ sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep,
|
| |
+ time_t now;
|
| |
+
|
| |
+ *verify_timep = 0;
|
| |
+ - *print_pubkey = 0;
|
| |
+ + if (print_pubkey == NULL)
|
| |
+ + *print_pubkey = 0;
|
| |
+ for (i = 0; i < nopts; i++) {
|
| |
+ if (strncasecmp(opts[i], "verify-time=", 12) == 0) {
|
| |
+ if (parse_absolute_time(opts[i] + 12,
|
| |
+
|
| |
+ From 4afe431da98ec1cf6a2933fe5658f4fd68dee9e2 Mon Sep 17 00:00:00 2001
|
| |
+ From: "djm@openbsd.org" <djm@openbsd.org>
|
| |
+ Date: Wed, 8 Sep 2021 03:23:44 +0000
|
| |
+ Subject: [PATCH 2/2] upstream: correct my mistake in previous fix; spotted by
|
| |
+ halex
|
| |
+
|
| |
+ OpenBSD-Commit-ID: 3cc62d92e3f70006bf02468fc146bfc36fffa183
|
| |
+ ---
|
| |
+ ssh-keygen.c | 4 ++--
|
| |
+ 1 file changed, 2 insertions(+), 2 deletions(-)
|
| |
+
|
| |
+ diff --git a/ssh-keygen.c b/ssh-keygen.c
|
| |
+ index cf5d95af..4b40768d 100644
|
| |
+ --- a/ssh-keygen.c
|
| |
+ +++ b/ssh-keygen.c
|
| |
+ @@ -1,4 +1,4 @@
|
| |
+ -/* $OpenBSD: ssh-keygen.c,v 1.436 2021/09/07 06:03:51 djm Exp $ */
|
| |
+ +/* $OpenBSD: ssh-keygen.c,v 1.437 2021/09/08 03:23:44 djm Exp $ */
|
| |
+ /*
|
| |
+ * Author: Tatu Ylonen <ylo@cs.hut.fi>
|
| |
+ * Copyright (c) 1994 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland
|
| |
+ @@ -2680,7 +2680,7 @@ sig_process_opts(char * const *opts, size_t nopts, uint64_t *verify_timep,
|
| |
+ time_t now;
|
| |
+
|
| |
+ *verify_timep = 0;
|
| |
+ - if (print_pubkey == NULL)
|
| |
+ + if (print_pubkey != NULL)
|
| |
+ *print_pubkey = 0;
|
| |
+ for (i = 0; i < nopts; i++) {
|
| |
+ if (strncasecmp(opts[i], "verify-time=", 12) == 0) {
|
| |
In openssh-8.7, the ssh-keygen command crashes when the -Y
find-principals option is used. This is fixed in openssh-8.8, as
mentioned in the Bugfixes section of the release notes¹:
Apply the trivial upstream patch(es)².
¹ https://www.openssh.com/txt/release-8.8
² https://github.com/openssh/openssh-portable/commit/ca0e455b9
https://github.com/openssh/openssh-portable/commit/4afe431da and/or
https://www.mail-archive.com/source-changes@openbsd.org/msg127496.html
(and follow-ups regarding the '==' versus '!=' typo)