From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: ** X-Spam-Status: No, score=2.7 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM,RDNS_NONE, SPOOFED_FREEMAIL_NO_RDNS autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 29503 invoked from network); 1 Sep 2021 01:28:01 -0000 Received: from unknown (HELO 4ess.inri.net) (216.126.196.42) by inbox.vuxu.org with ESMTPUTF8; 1 Sep 2021 01:28:01 -0000 Received: from mail-ot1-f43.google.com ([209.85.210.43]) by 4ess; Tue Aug 31 20:22:28 -0400 2021 Received: by mail-ot1-f43.google.com with SMTP id k12-20020a056830150c00b0051abe7f680bso1463680otp.1 for <9front@9front.org>; Tue, 31 Aug 2021 17:22:21 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=HcA+b2B4zb23xdPJxyNIjD29pkd8X8hog/8Gny/DTJw=; b=gMPyRk0/Xlt/CNaL5IZg3SQixsSLpJeDjBNdqdW5kVSXCHiHn+0fCvfReQaW4TjuPN IOG+Kcyb6wINmSaDtUWEKqRmlQXmiLX24WaWdpJqWtL+t+mFKTKP7JArZpx+cPDkVvHZ a5sEegNHg+EcP7WO5RdB5lj1ySNWgyi2RnC2mIwRsO9a8bKexi7W3i8f05aMSoFJiSYS nRU/AXXVBuLH/xhBcMvD+uLjj2LZ9e+cSBvXlLNfKp7FiJVoKpmQRF+FpLZH/c3BeHL2 VDScnZZTN0i0BXgtTEAx5mYW4/u91jn9EoD4bqabbiFbtZo5sQSWs3dm5jTETObuykfG JRcg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=HcA+b2B4zb23xdPJxyNIjD29pkd8X8hog/8Gny/DTJw=; b=R+2KVTulXuiTcd+P09qmfpDORf8kuKtJs/dI/TvLcetD50Nf2iXeHrcfoj8BY3Mui/ asBLVe/3yQRKsOfe39c91QEjLVXKZwBcZZhODJd3H8K2PAb0ToFPThxEm05jwkdAK31m 9eiwlvbi6rDstkPq6jTdpUjdm94/mfS7RG9cK86XydnTX/N4rZddHoaajHm/v81DsOzl 3VKOx9wBtSCZQGEIft8K7mQ6InXdHMQSmB0BWaXzvENxt7oDe7lgrXbAwCBSGsa/eYV2 ZKFtBuzmM3JiCZlhx28CttFpIj4lrjTDUzc+lByH2xE6eI13zNuL8Y1tOmAHIv+RVusI 8ZaQ== X-Gm-Message-State: AOAM533KoJbcpdU2UnOphEQLpUjtsOcj0AqHKoLlM9N6oEEJqU3dXkWu fj5vAUucBAe3Bk8JmqNYyJXX3/8JFARBtFBQiIwBKFmR2O0= X-Google-Smtp-Source: ABdhPJyA7edwIiNwoN288bvKZQDxJEcFLa01ar0xpssmTnKIxKJpP1ILeoTIO8U3Hc+4ftGsDPJUyVl+R+YuaxKnUdM= X-Received: by 2002:a9d:bea:: with SMTP id 97mr27269563oth.149.1630455740801; Tue, 31 Aug 2021 17:22:20 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:ac9:43c5:0:0:0:0:0 with HTTP; Tue, 31 Aug 2021 17:22:20 -0700 (PDT) From: kemal Date: Wed, 1 Sep 2021 00:22:20 +0000 Message-ID: To: 9front@9front.org Content-Type: multipart/mixed; boundary="00000000000040f39f05cae40f31" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: standard browser Subject: [9front] ssh: use RSA/SHA-256 instead of RSA/SHA-1 as the public key algorithm Reply-To: 9front@9front.org Precedence: bulk --00000000000040f39f05cae40f31 Content-Type: text/plain; charset="UTF-8" openssh now disables RSA/SHA-1 by default, so using RSA/SHA-1 will eventually cause us problems: https://undeadly.org/cgi?action=article;sid=20210830113413 this patch modifies ssh.c to use RSA/SHA-256 (aka rsa-sha2-256) instead of RSA/SHA-1 (aka ssh-rsa) as the public key algorithm. NOTE: public rsa keys and thumbprints are ***NOT AFFECTED*** by this patch. patch attached. --00000000000040f39f05cae40f31 Content-Type: text/plain; charset="US-ASCII"; name="patch.txt" Content-Disposition: attachment; filename="patch.txt" Content-Transfer-Encoding: base64 X-Attachment-Id: file0 RnJvbToga2VtYWwgPGtlbWFsaW5hbmM4QGdtYWlsLmNvbT4KRGF0ZTogV2VkLCAwMSBTZXAgMjAy MSAwMDoxMzoyMSArMDAwMApTdWJqZWN0OiBbUEFUQ0hdIHNzaDogdXNlIFJTQS9TSEEtMjU2IGlu c3RlYWQgb2YgUlNBL1NIQS0xIGFzIHRoZSBwdWJsaWMga2V5IGFsZ29yaXRobQoKCm9wZW5zc2gg bm93IGRpc2FibGVzIFJTQS9TSEEtMSBieSBkZWZhdWx0LCBzbyB1c2luZyBSU0EvU0hBLTEgd2ls bApldmVudHVhbGx5IGNhdXNlIHVzIHByb2JsZW1zOgoKaHR0cHM6Ly91bmRlYWRseS5vcmcvY2dp P2FjdGlvbj1hcnRpY2xlO3NpZD0yMDIxMDgzMDExMzQxMwoKdGhpcyBwYXRjaCBtb2RpZmllcyBz c2guYyB0byB1c2UgUlNBL1NIQS0yNTYgKGFrYSByc2Etc2hhMi0yNTYpCmluc3RlYWQgb2YgUlNB L1NIQS0xIChha2Egc3NoLXJzYSkgYXMgdGhlIHB1YmxpYyBrZXkgYWxnb3JpdGhtLgoKTk9URTog cHVibGljIHJzYSBrZXlzIGFuZCB0aHVtYnByaW50cyBhcmUgKioqTk9UIEFGRkVDVEVEKioqCmJ5 IHRoaXMgcGF0Y2guCi0tLQpkaWZmIDZjOTQ2MjcxMDUzOWJkMzVhZTVjNTFkZTI3ZTc4OTQ1MjI2 ODNiZDcgNDRiMzgwOGFjYjA5Y2JjMzlmNGZkYWMyZjI4NWY3ZWZhNjJjZDBkMAotLS0gYS9zeXMv c3JjL2NtZC9zc2guYwlUdWUgQXVnIDMxIDE4OjUzOjM3IDIwMjEKKysrIGIvc3lzL3NyYy9jbWQv c3NoLmMJV2VkIFNlcCAgMSAwMzoxMzoyMSAyMDIxCkBAIC0zNzMsNiArMzczLDcgQEAKIH0KIAog c3RhdGljIGNoYXIgc3NocnNhW10gPSAic3NoLXJzYSI7CitzdGF0aWMgY2hhciByc2FzaGEyXzI1 NltdID0gInJzYS1zaGEyLTI1NiI7CiAKIGludAogcnNhcHViMnNzaChSU0FwdWIgKnJzYSwgdWNo YXIgKmRhdGEsIGludCBsZW4pCkBAIC00MDIsMTAgKzQwMywxMCBAQAogcnNhc2lnMnNzaChSU0Fw dWIgKnB1YiwgbXBpbnQgKlMsIHVjaGFyICpkYXRhLCBpbnQgbGVuKQogewogCWludCBsID0gKG1w c2lnbmlmKHB1Yi0+bikrNykvODsKLQlpZig0KzcrNCtsID4gbGVuKQorCWlmKDQrMTIrNCtsID4g bGVuKQogCQlyZXR1cm4gLTE7Ci0JbXB0b2JlcihTLCBkYXRhKzQrNys0LCBsKTsKLQlyZXR1cm4g cGFjayhkYXRhLCBsZW4sICJzcyIsIHNzaHJzYSwgc2l6ZW9mKHNzaHJzYSktMSwgZGF0YSs0Kzcr NCwgbCk7CisJbXB0b2JlcihTLCBkYXRhKzQrMTIrNCwgbCk7CisJcmV0dXJuIHBhY2soZGF0YSwg bGVuLCAic3MiLCByc2FzaGEyXzI1Niwgc2l6ZW9mKHJzYXNoYTJfMjU2KS0xLCBkYXRhKzQrMTIr NCwgbCk7CiB9CiAKIG1waW50KgpAQCAtNDE3LDcgKzQxOCw3IEBACiAKIAltID0gbXBuZXcoMCk7 CiAJaWYodW5wYWNrKGRhdGEsIGxlbiwgInNtIiwgJnMsICZuLCBtKSA8IDAKLQl8fCBuICE9IHNp emVvZihzc2hyc2EpLTEgfHwgbWVtY21wKHMsIHNzaHJzYSwgbikgIT0gMCl7CisJfHwgbiAhPSBz aXplb2YocnNhc2hhMl8yNTYpLTEgfHwgbWVtY21wKHMsIHJzYXNoYTJfMjU2LCBuKSAhPSAwKXsK IAkJbXBmcmVlKG0pOwogCQlyZXR1cm4gbmlsOwogCX0KQEAgLTQyNywxMCArNDI4LDEwIEBACiBt cGludCoKIHBrY3MxZGlnZXN0KHVjaGFyICpkYXRhLCBpbnQgbGVuLCBSU0FwdWIgKnB1YikKIHsK LQl1Y2hhciBkaWdlc3RbU0hBMWRsZW5dLCBidWZbMjU2XTsKKwl1Y2hhciBkaWdlc3RbU0hBMl8y NTZkbGVuXSwgYnVmWzI1Nl07CiAKLQlzaGExKGRhdGEsIGxlbiwgZGlnZXN0LCBuaWwpOwotCXJl dHVybiBwa2NzMXBhZGJ1ZihidWYsIGFzbjFlbmNvZGVkaWdlc3Qoc2hhMSwgZGlnZXN0LCBidWYs IHNpemVvZihidWYpKSwgcHViLT5uLCAxKTsKKwlzaGEyXzI1NihkYXRhLCBsZW4sIGRpZ2VzdCwg bmlsKTsKKwlyZXR1cm4gcGtjczFwYWRidWYoYnVmLCBhc24xZW5jb2RlZGlnZXN0KHNoYTJfMjU2 LCBkaWdlc3QsIGJ1Ziwgc2l6ZW9mKGJ1ZikpLCBwdWItPm4sIDEpOwogfQogCiBpbnQKQEAgLTUw Niw3ICs1MDcsNyBAQAogCXNlbmRwa3QoImJbc3Nzc3Nzc3Nzc2J1IiwgTVNHX0tFWElOSVQsCiAJ CWNvb2tpZSwgc2l6ZW9mKGNvb2tpZSksCiAJCWtleGFsZ3MsIHNpemVvZihrZXhhbGdzKS0xLAot CQlzc2hyc2EsIHNpemVvZihzc2hyc2EpLTEsCisJCXJzYXNoYTJfMjU2LCBzaXplb2YocnNhc2hh Ml8yNTYpLTEsCiAJCWNpcGhlcmFsZ3MsIHNpemVvZihjaXBoZXJhbGdzKS0xLAogCQljaXBoZXJh bGdzLCBzaXplb2YoY2lwaGVyYWxncyktMSwKIAkJbWFjYWxncywgc2l6ZW9mKG1hY2FsZ3MpLTEs CkBAIC03NDQsNyArNzQ1LDcgQEAKIAkJCXNlcnZpY2UsIHN0cmxlbihzZXJ2aWNlKSwKIAkJCWF1 dGhtZXRoLCBzaXplb2YoYXV0aG1ldGgpLTEsCiAJCQkwLAotCQkJc3NocnNhLCBzaXplb2Yoc3No cnNhKS0xLAorCQkJcnNhc2hhMl8yNTYsIHNpemVvZihyc2FzaGEyXzI1NiktMSwKIAkJCXBrLCBu cGspOwogTmV4dDE6CQlzd2l0Y2gocmVjdnBrdCgpKXsKIAkJZGVmYXVsdDoKQEAgLTc2Nyw3ICs3 NjgsNyBAQAogCQkJc2VydmljZSwgc3RybGVuKHNlcnZpY2UpLAogCQkJYXV0aG1ldGgsIHNpemVv ZihhdXRobWV0aCktMSwKIAkJCTEsCi0JCQlzc2hyc2EsIHNpemVvZihzc2hyc2EpLTEsCisJCQly c2FzaGEyXzI1Niwgc2l6ZW9mKHJzYXNoYTJfMjU2KS0xLAogCQkJcGssIG5wayk7CiAJCVMgPSBw a2NzMWRpZ2VzdChzZW5kLmIsIG4sIHB1Yik7CiAJCW4gPSBzbnByaW50KChjaGFyKilzZW5kLmIs IHNpemVvZihzZW5kLmIpLCAiJUIiLCBTKTsKQEAgLTc4OCw3ICs3ODksNyBAQAogCQkJc2Vydmlj ZSwgc3RybGVuKHNlcnZpY2UpLAogCQkJYXV0aG1ldGgsIHNpemVvZihhdXRobWV0aCktMSwKIAkJ CTEsCi0JCQlzc2hyc2EsIHNpemVvZihzc2hyc2EpLTEsCisJCQlyc2FzaGEyXzI1Niwgc2l6ZW9m KHJzYXNoYTJfMjU2KS0xLAogCQkJcGssIG5waywKIAkJCXNpZywgbnNpZyk7CiBOZXh0MjoJCXN3 aXRjaChyZWN2cGt0KCkpewo= --00000000000040f39f05cae40f31--