Hi, I've uploaded the attached NMU to DELAYED/5.
Cheers, Balint Alexander Barton <a...@barton.de> ezt írta (időpont: 2021. dec. 26., V, 14:30): > > Hi! > > I’m seeing this as well, any chance to get this patch merged? > It fixes the issue for me. > > Thanks! > Alex
diff -Nru pam-ssh-agent-auth-0.10.3/debian/changelog pam-ssh-agent-auth-0.10.3/debian/changelog --- pam-ssh-agent-auth-0.10.3/debian/changelog 2019-01-26 16:58:57.000000000 +0100 +++ pam-ssh-agent-auth-0.10.3/debian/changelog 2021-12-31 19:08:41.000000000 +0100 @@ -1,3 +1,13 @@ +pam-ssh-agent-auth (0.10.3-3.1) unstable; urgency=medium + + [Balint Reczey] + * Non-maintainer upload. + + [Marc Deslauriers] + * Fix segfault when using ECDSA keys (LP: #1869512) (Closes: #956399) + + -- Balint Reczey <bal...@balintreczey.hu> Fri, 31 Dec 2021 19:08:41 +0100 + pam-ssh-agent-auth (0.10.3-3) unstable; urgency=medium * Remove myself from uploaders diff -Nru pam-ssh-agent-auth-0.10.3/debian/patches/0002-fix-segfault-when-using-ECDSA-keys.patch pam-ssh-agent-auth-0.10.3/debian/patches/0002-fix-segfault-when-using-ECDSA-keys.patch --- pam-ssh-agent-auth-0.10.3/debian/patches/0002-fix-segfault-when-using-ECDSA-keys.patch 1970-01-01 01:00:00.000000000 +0100 +++ pam-ssh-agent-auth-0.10.3/debian/patches/0002-fix-segfault-when-using-ECDSA-keys.patch 2021-12-31 18:53:19.000000000 +0100 @@ -0,0 +1,58 @@ +From 1b0d9bcc5f5cd78b0bb1357d6a11da5d616ad26f Mon Sep 17 00:00:00 2001 +From: Wout Mertens <wout.mert...@gmail.com> +Date: Thu, 11 Jun 2020 18:08:13 +0200 +Subject: [PATCH] fix segfault when using ECDSA keys. + +Author: Marc Deslauriers <marc.deslauri...@canonical.com> +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1869512 +--- + ssh-ecdsa.c | 15 +++++++++++---- + 1 file changed, 11 insertions(+), 4 deletions(-) + +diff --git a/ssh-ecdsa.c b/ssh-ecdsa.c +index 5b13b30..5bf29cc 100644 +--- a/ssh-ecdsa.c ++++ b/ssh-ecdsa.c +@@ -46,7 +46,7 @@ ssh_ecdsa_sign(const Key *key, u_char **sigp, u_int *lenp, + u_int len, dlen; + Buffer b, bb; + #if OPENSSL_VERSION_NUMBER >= 0x10100005L +- BIGNUM *r, *s; ++ BIGNUM *r = NULL, *s = NULL; + #endif + + if (key == NULL || key->type != KEY_ECDSA || key->ecdsa == NULL) { +@@ -137,20 +137,27 @@ ssh_ecdsa_verify(const Key *key, const u_char *signature, u_int signaturelen, + + /* parse signature */ + if ((sig = ECDSA_SIG_new()) == NULL) +- pamsshagentauth_fatal("ssh_ecdsa_verify: DSA_SIG_new failed"); ++ pamsshagentauth_fatal("ssh_ecdsa_verify: ECDSA_SIG_new failed"); + + pamsshagentauth_buffer_init(&b); + pamsshagentauth_buffer_append(&b, sigblob, len); + #if OPENSSL_VERSION_NUMBER < 0x10100005L + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, sig->r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, sig->s) == -1)) ++ pamsshagentauth_fatal("ssh_ecdsa_verify:" ++ "pamsshagentauth_buffer_get_bignum2_ret failed"); + #else +- DSA_SIG_get0(sig, &r, &s); ++ if ((r = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_ecdsa_verify: BN_new failed"); ++ if ((s = BN_new()) == NULL) ++ pamsshagentauth_fatal("ssh_ecdsa_verify: BN_new failed"); + if ((pamsshagentauth_buffer_get_bignum2_ret(&b, r) == -1) || + (pamsshagentauth_buffer_get_bignum2_ret(&b, s) == -1)) +-#endif + pamsshagentauth_fatal("ssh_ecdsa_verify:" + "pamsshagentauth_buffer_get_bignum2_ret failed"); ++ if (ECDSA_SIG_set0(sig, r, s) != 1) ++ pamsshagentauth_fatal("ssh_ecdsa_verify: ECDSA_SIG_set0 failed"); ++#endif + + /* clean up */ + memset(sigblob, 0, len); +-- +2.30.2 + diff -Nru pam-ssh-agent-auth-0.10.3/debian/patches/series pam-ssh-agent-auth-0.10.3/debian/patches/series --- pam-ssh-agent-auth-0.10.3/debian/patches/series 2019-01-26 16:40:32.000000000 +0100 +++ pam-ssh-agent-auth-0.10.3/debian/patches/series 2021-12-31 19:08:41.000000000 +0100 @@ -1,3 +1,4 @@ 0001-authfd.c-check-return-value-of-seteuid-2.patch openssl-1.1.1-1.patch openssl-1.1.1-2.patch +0002-fix-segfault-when-using-ECDSA-keys.patch