openssh: move inbound NEWKEYS handling to kex layer; otherwise early NEWKEYS causes...

see: https://anongit.mindrot.org/openssh.git/commit/?id=28652bca29046f62c7045e933e6b931de1d16737

Signed-off-by: Peter Wagner <tripolar@gmx.at>

diff --git a/net/openssh/Makefile b/net/openssh/Makefile
index 3134e92907ca3f8e88643ee13c763a35141ee839..10eb434f5b5e253a3861e97f17b1a2a880c43af2 100644 (file)
--- a/net/openssh/Makefile
+++ b/net/openssh/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
 
 PKG_NAME:=openssh
 PKG_VERSION:=7.3p1
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 
 PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
 PKG_SOURCE_URL:=http://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/ \

diff --git a/net/openssh/patches/100-openssh-7.3_p1-NEWKEYS_null_deref.patch b/net/openssh/patches/100-openssh-7.3_p1-NEWKEYS_null_deref.patch
new file mode 100644 (file)
index 0000000..27e99b2
--- /dev/null
+++ b/net/openssh/patches/100-openssh-7.3_p1-NEWKEYS_null_deref.patch
@@ -0,0 +1,27 @@
+Backport of
+https://anongit.mindrot.org/openssh.git/patch/?id=28652bca29046f62c7045e933e6b931de1d16737
+
+--- openssh-7.3p1/kex.c
++++ openssh-7.3p1/kex.c
+@@ -419,6 +419,8 @@
+       ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_protocol_error);
+       if ((r = sshpkt_get_end(ssh)) != 0)
+               return r;
++      if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0)
++              return r;
+       kex->done = 1;
+       sshbuf_reset(kex->peer);
+       /* sshbuf_reset(kex->my); */
+--- openssh-7.3p1/packet.c
++++ openssh-7.3p1/packet.c
+@@ -1919,9 +1919,7 @@
+                       return r;
+               return SSH_ERR_PROTOCOL_ERROR;
+       }
+-      if (*typep == SSH2_MSG_NEWKEYS)
+-              r = ssh_set_newkeys(ssh, MODE_IN);
+-      else if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side)
++      if (*typep == SSH2_MSG_USERAUTH_SUCCESS && !state->server_side)
+               r = ssh_packet_enable_delayed_compress(ssh);
+       else
+               r = 0;