From 72f50c904f2464b75d152679f99042b794ca724a Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Fri, 22 Jan 2021 12:21:03 +0100 Subject: [PATCH 1/2] Accept empty labels (#1919007) --- openssh-8.0p1-pkcs11-uri.patch | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/openssh-8.0p1-pkcs11-uri.patch b/openssh-8.0p1-pkcs11-uri.patch index d55df23..0713ffe 100644 --- a/openssh-8.0p1-pkcs11-uri.patch +++ b/openssh-8.0p1-pkcs11-uri.patch @@ -2159,12 +2159,13 @@ index a302c79c..879fe917 100644 if (rv != CKR_OK) { error("C_GetAttributeValue failed: %lu", rv); return (NULL); -@@ -717,18 +874,19 @@ pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, +@@ -717,19 +874,19 @@ pkcs11_fetch_ecdsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, + * ensure that none of the others are zero length. * XXX assumes CKA_ID is always first. */ - if (key_attr[1].ulValueLen == 0 || +- if (key_attr[1].ulValueLen == 0 || - key_attr[2].ulValueLen == 0) { -+ key_attr[2].ulValueLen == 0 || ++ if (key_attr[2].ulValueLen == 0 || + key_attr[3].ulValueLen == 0) { error("invalid attribute length"); return (NULL); @@ -2259,12 +2260,13 @@ index a302c79c..879fe917 100644 if (rv != CKR_OK) { error("C_GetAttributeValue failed: %lu", rv); return (NULL); -@@ -838,18 +998,19 @@ pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, +@@ -838,19 +998,19 @@ pkcs11_fetch_rsa_pubkey(struct pkcs11_provider *p, CK_ULONG slotidx, + * ensure that none of the others are zero length. * XXX assumes CKA_ID is always first. */ - if (key_attr[1].ulValueLen == 0 || +- if (key_attr[1].ulValueLen == 0 || - key_attr[2].ulValueLen == 0) { -+ key_attr[2].ulValueLen == 0 || ++ if (key_attr[2].ulValueLen == 0 || + key_attr[3].ulValueLen == 0) { error("invalid attribute length"); return (NULL); From 6c897f6328c8278649fb99ae7adc6bc52517a082 Mon Sep 17 00:00:00 2001 From: Jakub Jelen Date: Wed, 3 Feb 2021 17:26:30 +0100 Subject: [PATCH 2/2] 8.4p1-5 + 0.10.4-1 --- openssh.spec | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/openssh.spec b/openssh.spec index 578a2eb..d0d8890 100644 --- a/openssh.spec +++ b/openssh.spec @@ -51,7 +51,7 @@ # Do not forget to bump pam_ssh_agent_auth release if you rewind the main package release to 1 %global openssh_ver 8.4p1 -%global openssh_rel 4 +%global openssh_rel 5 %global pam_ssh_agent_ver 0.10.4 %global pam_ssh_agent_rel 1 @@ -669,6 +669,9 @@ test -f %{sysconfig_anaconda} && \ %endif %changelog +* Wed Feb 03 2021 Jakub Jelen - 8.4p1-5 + 0.10.4-1 +- Accept empty labels for keys from PKCS#11 (#1919007) + * Tue Dec 01 2020 Jakub Jelen - 8.4p1-4 + 0.10.4-1 - Remove "PasswordAuthentication yes" from vendor configuration as it is already default and it might be hard to override.