From 0151e10b627fbfb82b7d633f3fc9703678ed4eaf Mon Sep 17 00:00:00 2001
From: Paul Holzinger <pholzing@redhat.com>
Date: Thu, 6 Jan 2022 14:50:12 +0100
Subject: update buildah to latest and use new network stack

Make sure buildah uses the new network stack.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
---
 vendor/golang.org/x/crypto/ssh/client.go | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

(limited to 'vendor/golang.org/x/crypto/ssh/client.go')

diff --git a/vendor/golang.org/x/crypto/ssh/client.go b/vendor/golang.org/x/crypto/ssh/client.go
index 99f68bd32..ba8621a89 100644
--- a/vendor/golang.org/x/crypto/ssh/client.go
+++ b/vendor/golang.org/x/crypto/ssh/client.go
@@ -115,12 +115,25 @@ func (c *connection) clientHandshake(dialAddress string, config *ClientConfig) e
 
 // verifyHostKeySignature verifies the host key obtained in the key
 // exchange.
-func verifyHostKeySignature(hostKey PublicKey, result *kexResult) error {
+func verifyHostKeySignature(hostKey PublicKey, algo string, result *kexResult) error {
 	sig, rest, ok := parseSignatureBody(result.Signature)
 	if len(rest) > 0 || !ok {
 		return errors.New("ssh: signature parse error")
 	}
 
+	// For keys, underlyingAlgo is exactly algo. For certificates,
+	// we have to look up the underlying key algorithm that SSH
+	// uses to evaluate signatures.
+	underlyingAlgo := algo
+	for sigAlgo, certAlgo := range certAlgoNames {
+		if certAlgo == algo {
+			underlyingAlgo = sigAlgo
+		}
+	}
+	if sig.Format != underlyingAlgo {
+		return fmt.Errorf("ssh: invalid signature algorithm %q, expected %q", sig.Format, underlyingAlgo)
+	}
+
 	return hostKey.Verify(result.H, sig)
 }
 
-- 
cgit v1.2.3-54-g00ecf