From 4265215d7300901fd7097061c7517688ade82f8e Mon Sep 17 00:00:00 2001
From: "djm@openbsd.org" <djm@openbsd.org>
Date: Sun, 6 Jun 2021 03:40:39 +0000
Subject: upstream: Client-side workaround for a bug in OpenSSH 7.4: this
 release

allows RSA/SHA2 signatures for public key authentication but fails to
advertise this correctly via SSH2_MSG_EXT_INFO. This causes clients of these
server to incorrectly match PubkeyAcceptedAlgorithms and potentially refuse
to offer valid keys.

Reported by and based on patch from Gordon Messmer via bz3213, thanks
also for additional analysis by Jakub Jelen. ok dtucker

OpenBSD-Commit-ID: d6d0b7351d5d44c45f3daaa26efac65847a564f7
---
 compat.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'compat.c')

diff --git a/compat.c b/compat.c
index 69befa96..3f153bd4 100644
--- a/compat.c
+++ b/compat.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: compat.c,v 1.117 2021/01/27 09:26:54 djm Exp $ */
+/* $OpenBSD: compat.c,v 1.118 2021/06/06 03:40:39 djm Exp $ */
 /*
  * Copyright (c) 1999, 2000, 2001, 2002 Markus Friedl.  All rights reserved.
  *
@@ -63,6 +63,8 @@ compat_banner(struct ssh *ssh, const char *version)
 		{ "OpenSSH_6.5*,"
 		  "OpenSSH_6.6*",	SSH_NEW_OPENSSH|SSH_BUG_CURVE25519PAD|
 					SSH_BUG_SIGTYPE},
+		{ "OpenSSH_7.4*",	SSH_NEW_OPENSSH|SSH_BUG_SIGTYPE|
+					SSH_BUG_SIGTYPE74},
 		{ "OpenSSH_7.0*,"
 		  "OpenSSH_7.1*,"
 		  "OpenSSH_7.2*,"
-- 
cgit v1.2.1