Blame SOURCES/openssh-8.4p1-debian-compat.patch

943807
--- compat.h.orig	2020-10-05 10:09:02.953505129 -0700
943807
+++ compat.h	2020-10-05 10:10:17.587733113 -0700
943807
@@ -34,7 +34,7 @@
943807
 
943807
 #define SSH_BUG_UTF8TTYMODE	0x00000001
943807
 #define SSH_BUG_SIGTYPE		0x00000002
943807
-/* #define unused		0x00000004 */
943807
+#define SSH_BUG_SIGTYPE74	0x00000004
943807
 /* #define unused		0x00000008 */
943807
 #define SSH_OLD_SESSIONID	0x00000010
943807
 /* #define unused		0x00000020 */
943807
--- compat.c.orig	2020-10-05 10:25:02.088720562 -0700
943807
+++ compat.c	2020-10-05 10:13:11.637282492 -0700
943807
@@ -65,11 +65,12 @@
943807
 		{ "OpenSSH_6.5*,"
943807
 		  "OpenSSH_6.6*",	SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD|
943807
 					SSH_BUG_SIGTYPE},
943807
+		{ "OpenSSH_7.4*",	SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE|
943807
+		  			SSH_BUG_SIGTYPE74},
943807
 		{ "OpenSSH_7.0*,"
943807
 		  "OpenSSH_7.1*,"
943807
 		  "OpenSSH_7.2*,"
943807
 		  "OpenSSH_7.3*,"
943807
-		  "OpenSSH_7.4*,"
943807
 		  "OpenSSH_7.5*,"
943807
 		  "OpenSSH_7.6*,"
943807
 		  "OpenSSH_7.7*",	SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE},
943807
--- sshconnect2.c.orig	2020-09-26 07:26:37.618010545 -0700
943807
+++ sshconnect2.c	2020-10-05 10:47:22.116315148 -0700
943807
@@ -1305,6 +1305,26 @@
943807
 			break;
943807
 	}
943807
 	free(oallowed);
943807
+	/*
943807
+	 * OpenSSH 7.4 supports SHA2 sig types, but fails to indicate its
943807
+	 * support.  For that release, check the local policy against the
943807
+	 * SHA2 signature types.
943807
+	 */
943807
+	if (alg == NULL &&
943807
+	    (key->type == KEY_RSA && (ssh->compat & SSH_BUG_SIGTYPE74))) {
943807
+		oallowed = allowed = xstrdup(options.pubkey_accepted_algos);
943807
+		while ((cp = strsep(&allowed, ",")) != NULL) {
943807
+			if (sshkey_type_from_name(cp) != key->type)
943807
+				continue;
943807
+			tmp = match_list(sshkey_sigalg_by_name(cp), "rsa-sha2-256,rsa-sha2-512", NULL);
943807
+			if (tmp != NULL)
943807
+				alg = xstrdup(cp);
943807
+			free(tmp);
943807
+			if (alg != NULL)
943807
+				break;
943807
+		}
943807
+		free(oallowed);
943807
+	}
943807
 	return alg;
943807
 }
943807
 
943807