Fix DH GEX against non-default group sizes (openssh-7.2) (#1332082)
This commit is contained in:
parent
10f391c509
commit
0a18e4800e
13
openssh-6.9p1-compat-7.2.patch
Normal file
13
openssh-6.9p1-compat-7.2.patch
Normal file
@ -0,0 +1,13 @@
|
||||
diff --git a/kexgexs.c b/kexgexs.c
|
||||
index a81fd1e..f69068c 100644
|
||||
--- a/kexgexs.c
|
||||
+++ b/kexgexs.c
|
||||
@@ -81,7 +81,7 @@ input_kex_dh_gex_request(int type, u_int32_t seq, void *ctxt)
|
||||
(r = sshpkt_get_end(ssh)) != 0)
|
||||
goto out;
|
||||
kex->nbits = nbits;
|
||||
- kex->min = min = FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN;
|
||||
+ kex->min = min;
|
||||
kex->max = max;
|
||||
min = MAX(FIPS_mode() ? DH_GRP_MIN_FIPS : DH_GRP_MIN, min);
|
||||
max = MIN(DH_GRP_MAX, max);
|
@ -242,6 +242,7 @@ Patch934: openssh-6.9p1-gssKexAlgorithms.patch
|
||||
Patch935: openssh-6.9p1-security-7.1.patch
|
||||
# Fix for security issue (openssh-7.2p2): sanitise characters destined for xauth(1)
|
||||
Patch936: openssh-6.9p1-xauth.patch
|
||||
Patch937: openssh-6.9p1-compat-7.2.patch
|
||||
|
||||
|
||||
License: BSD
|
||||
@ -474,6 +475,7 @@ popd
|
||||
|
||||
%patch200 -p1 -b .audit
|
||||
%patch700 -p1 -b .fips
|
||||
%patch937 -p1 -b .compat-7.2
|
||||
|
||||
%patch100 -p1 -b .coverity
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user