From 10e85cd595595c29b150f9ea3c894f91e7a19c0e Mon Sep 17 00:00:00 2001
From: Petr Lautrbach <plautrba@redhat.com>
Date: Tue, 14 Feb 2012 16:52:50 +0100
Subject: [PATCH] Fill fields in legacy certificates with random data (#784641)

---
 openssh-5.6p1-legacy-certificate.patch | 14 ++++++++++++++
 openssh.spec                           |  3 +++
 2 files changed, 17 insertions(+)
 create mode 100644 openssh-5.6p1-legacy-certificate.patch

diff --git a/openssh-5.6p1-legacy-certificate.patch b/openssh-5.6p1-legacy-certificate.patch
new file mode 100644
index 0000000..57c512c
--- /dev/null
+++ b/openssh-5.6p1-legacy-certificate.patch
@@ -0,0 +1,14 @@
+diff --git a/key.c b/key.c
+index 57ad9fd..5886d44 100644
+--- a/key.c
++++ b/key.c
+@@ -1517,8 +1517,8 @@ key_certify(Key *k, Key *ca)
+ 	buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
+ 
+ 	/* -v01 certs put nonce first */
++	arc4random_buf(&nonce, sizeof(nonce));
+ 	if (k->type == KEY_DSA_CERT || k->type == KEY_RSA_CERT) {
+-		arc4random_buf(&nonce, sizeof(nonce));
+ 		buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));
+ 	}
+ 
diff --git a/openssh.spec b/openssh.spec
index a5ca0dd..640db97 100644
--- a/openssh.spec
+++ b/openssh.spec
@@ -143,6 +143,8 @@ Patch81: openssh-5.6p1-clientloop.patch
 Patch82:openssh-5.6p1-getaddrinfo.patch
 #https://bugzilla.mindrot.org/show_bug.cgi?id=1838
 Patch83:openssh-5.6p1-linux-oomkiller.patch
+#https://bugzilla.redhat.com//show_bug.cgi?id=784641
+Patch84:openssh-5.6p1-legacy-certificate.patch
 
 License: BSD
 Group: Applications/Internet
@@ -328,6 +330,7 @@ popd
 %patch81 -p1 -b .clientloop
 %patch82 -p1 -b .getaddrinfo
 %patch83 -p0 -b .oomkiller
+%patch84 -p1 -b .legacy
 
 autoreconf
 pushd pam_ssh_agent_auth-%{pam_ssh_agent_ver}