pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/pkgsrc-2017Q3]: pkgsrc/security/openssh Pullup ticket #5649 - request...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/49544488e368
branches:  pkgsrc-2017Q3
changeset: 408613:49544488e368
user:      bsiegert <bsiegert%pkgsrc.org@localhost>
date:      Sat Nov 25 08:49:32 2017 +0000

description:
Pullup ticket #5649 - requested by maya
security/openssh: security fix

Revisions pulled up:
- security/openssh/Makefile                                     1.254
- security/openssh/distinfo                                     1.105
- security/openssh/patches/patch-sshd.c                         1.9

---
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Wed Oct  4 11:44:14 UTC 2017

   Modified Files:
           pkgsrc/security/openssh: Makefile distinfo
           pkgsrc/security/openssh/patches: patch-sshd.c

   Log Message:
   openssh: update to 7.6.1.

   Potentially-incompatible changes
   ================================

   This release includes a number of changes that may affect existing
   configurations:

    * ssh(1): delete SSH protocol version 1 support, associated
      configuration options and documentation.

    * ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.

    * ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
      ciphers.

    * Refuse RSA keys <1024 bits in length and improve reporting for keys
      that do not meet this requirement.

    * ssh(1): do not offer CBC ciphers by default.

   Changes since OpenSSH 7.5
   =========================

   This is primarily a bugfix release. It also contains substantial
   internal refactoring.

   Security
   --------

    * sftp-server(8): in read-only mode, sftp-server was incorrectly
      permitting creation of zero-length files. Reported by Michal
      Zalewski.

   New Features
   ------------

    * ssh(1): add RemoteCommand option to specify a command in the ssh
      config file instead of giving it on the client's command line. This
      allows the configuration file to specify the command that will be
      executed on the remote host.

    * sshd(8): add ExposeAuthInfo option that enables writing details of
      the authentication methods used (including public keys where
      applicable) to a file that is exposed via a $SSH_USER_AUTH
      environment variable in the subsequent session.

    * ssh(1): add support for reverse dynamic forwarding. In this mode,
      ssh will act as a SOCKS4/5 proxy and forward connections
      to destinations requested by the remote SOCKS client. This mode
      is requested using extended syntax for the -R and RemoteForward
      options and, because it is implemented solely at the client,
      does not require the server be updated to be supported.

    * sshd(8): allow LogLevel directive in sshd_config Match blocks;
      bz#2717

    * ssh-keygen(1): allow inclusion of arbitrary string or flag
      certificate extensions and critical options.

    * ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
      a CA when signing certificates. bz#2377

    * ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
      ToS/DSCP value and just use the operating system default.

    * ssh-add(1): added -q option to make ssh-add quiet on success.

    * ssh(1): expand the StrictHostKeyChecking option with two new
      settings. The first "accept-new" will automatically accept
      hitherto-unseen keys but will refuse connections for changed or
      invalid hostkeys. This is a safer subset of the current behaviour
      of StrictHostKeyChecking=no. The second setting "off", is a synonym
      for the current behaviour of StrictHostKeyChecking=no: accept new
      host keys, and continue connection for hosts with incorrect
      hostkeys. A future release will change the meaning of
      StrictHostKeyChecking=no to the behaviour of "accept-new". bz#2400

    * ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
      option in sshd(8). bz#2705

   Bugfixes
   --------

    * ssh(1): use HostKeyAlias if specified instead of hostname for
      matching host certificate principal names; bz#2728

    * sftp(1): implement sorting for globbed ls; bz#2649

    * ssh(1): add a user@host prefix to client's "Permission denied"
      messages, useful in particular when using "stacked" connections
      (e.g. ssh -J) where it's not clear which host is denying. bz#2720

    * ssh(1): accept unknown EXT_INFO extension values that contain \0
      characters. These are legal, but would previously cause fatal
      connection errors if received.

    * ssh(1)/sshd(8): repair compression statistics printed at
      connection exit

    * sftp(1): print '?' instead of incorrect link count (that the
      protocol doesn't provide) for remote listings. bz#2710

    * ssh(1): return failure rather than fatal() for more cases during
      session multiplexing negotiations. Causes the session to fall back
      to a non-mux connection if they occur. bz#2707

    * ssh(1): mention that the server may send debug messages to explain
      public key authentication problems under some circumstances; bz#2709

    * Translate OpenSSL error codes to better report incorrect passphrase
      errors when loading private keys; bz#2699

    * sshd(8): adjust compatibility patterns for WinSCP to correctly
      identify versions that implement only the legacy DH group exchange
      scheme. bz#2748

    * ssh(1): print the "Killed by signal 1" message only at LogLevel
      verbose so that it is not shown at the default level; prevents it
      from appearing during ssh -J and equivalent ProxyCommand configs.
      bz#1906, bz#2744

    * ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
      existing keys if they exist but are zero length. zero-length keys
      could previously be made if ssh-keygen failed or was interrupted part
      way through generating them. bz#2561

    * ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
      place the current session in the background.

    * ssh-keyscan(1): avoid double-close() on file descriptors; bz#2734

    * sshd(8): avoid reliance on shared use of pointers shared between
      monitor and child sshd processes. bz#2704

    * sshd_config(8): document available AuthenticationMethods; bz#2453

    * ssh(1): avoid truncation in some login prompts; bz#2768

    * sshd(8): Fix various compilations failures, inc bz#2767

    * ssh(1): make "--" before the hostname terminate argument processing
      after the hostname too.

    * ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
      new-style private keys. Fixes problems related to private key
      handling for no-OpenSSL builds. bz#2754

    * ssh(1): warn and do not attempt to use keys when the public and
      private halves do not match. bz#2737

    * sftp(1): don't print verbose error message when ssh disconnects
      from under sftp. bz#2750

    * sshd(8): fix keepalive scheduling problem: activity on a forwarded
      port from preventing the keepalive from being sent; bz#2756

    * sshd(8): when started without root privileges, don't require the
      privilege separation user or path to exist. Makes running the
      regression tests easier without touching the filesystem.

    * Make integrity.sh regression tests more robust against timeouts.
      bz#2658

    * ssh(1)/sshd(8): correctness fix for channels implementation: accept
      channel IDs greater than 0x7FFFFFFF.

   Portability
   -----------

    * sshd(9): drop two more privileges in the Solaris sandbox:
      PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO; bz#2723

    * sshd(8): expose list of completed authentication methods to PAM
      via the SSH_AUTH_INFO_0 PAM environment variable. bz#2408

    * ssh(1)/sshd(8): fix several problems in the tun/tap forwarding code,
      mostly to do with host/network byte order confusion. bz#2735

    * Add --with-cflags-after and --with-ldflags-after configure flags to
      allow setting CFLAGS/LDFLAGS after configure has completed. These
      are useful for setting sanitiser/fuzzing options that may interfere
      with configure's operation.

    * sshd(8): avoid Linux seccomp violations on ppc64le over the
      socketcall syscall.

    * Fix use of ldns when using ldns-config; bz#2697

    * configure: set cache variables when cross-compiling. The cross-
      compiling fallback message was saying it assumed the test passed,
      but it wasn't actually set the cache variables and this would
      cause later tests to fail.

    * Add clang libFuzzer harnesses for public key parsing and signature
      verification.

diffstat:

 security/openssh/Makefile             |   5 +--
 security/openssh/distinfo             |  12 +++++-----
 security/openssh/patches/patch-sshd.c |  42 +++++++++++++++++-----------------
 3 files changed, 29 insertions(+), 30 deletions(-)

diffs (150 lines):

diff -r 5116cb7a8887 -r 49544488e368 security/openssh/Makefile
--- a/security/openssh/Makefile Sat Nov 25 08:49:25 2017 +0000
+++ b/security/openssh/Makefile Sat Nov 25 08:49:32 2017 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.253 2017/07/24 16:33:22 he Exp $
+# $NetBSD: Makefile,v 1.253.4.1 2017/11/25 08:49:32 bsiegert Exp $
 
-DISTNAME=              openssh-7.5p1
+DISTNAME=              openssh-7.6p1
 PKGNAME=               ${DISTNAME:S/p1/.1/}
-PKGREVISION=           1
 CATEGORIES=            security
 MASTER_SITES=          ${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
 
diff -r 5116cb7a8887 -r 49544488e368 security/openssh/distinfo
--- a/security/openssh/distinfo Sat Nov 25 08:49:25 2017 +0000
+++ b/security/openssh/distinfo Sat Nov 25 08:49:32 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.104 2017/05/31 09:30:21 jperkin Exp $
+$NetBSD: distinfo,v 1.104.6.1 2017/11/25 08:49:32 bsiegert Exp $
 
-SHA1 (openssh-7.5p1.tar.gz) = 5e8f185d00afb4f4f89801e9b0f8b9cee9d87ebd
-RMD160 (openssh-7.5p1.tar.gz) = c1b176a1fe92495d056edda0c5db54efcfb8764a
-SHA512 (openssh-7.5p1.tar.gz) = 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81
-Size (openssh-7.5p1.tar.gz) = 1510857 bytes
+SHA1 (openssh-7.6p1.tar.gz) = a6984bc2c72192bed015c8b879b35dd9f5350b3b
+RMD160 (openssh-7.6p1.tar.gz) = 486ae743f51ffbf8197d564aab9ae54f9e2ac9da
+SHA512 (openssh-7.6p1.tar.gz) = de17fdcb8239401f76740c8d689a8761802f6df94e68d953f3c70b9f4f8bdb403617c48c1d01cc8c368d88e9d50aee540bf03d5a36687dfb39dfd28d73029d72
+Size (openssh-7.6p1.tar.gz) = 1489788 bytes
 SHA1 (patch-Makefile.in) = 98960119bda68a663214c8880484552f1207bcfc
 SHA1 (patch-auth-passwd.c) = 5205ca4d15dbcd3f4c574f0a2fb7713ae69af5f7
 SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4
@@ -25,6 +25,6 @@
 SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778
 SHA1 (patch-ssh.c) = 6877d8205d999906c14240d4d112b084609927ca
 SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
-SHA1 (patch-sshd.c) = a1ccf7e54275629965d80d9cf7cd8669d9f1f4cf
+SHA1 (patch-sshd.c) = 040ac961247fdd55bd09b85e65b905b63bc24f7d
 SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938
 SHA1 (patch-uidswap.c) = 68c4f5ffab7f4c5c9c00b7443a74b2da52809b7e
diff -r 5116cb7a8887 -r 49544488e368 security/openssh/patches/patch-sshd.c
--- a/security/openssh/patches/patch-sshd.c     Sat Nov 25 08:49:25 2017 +0000
+++ b/security/openssh/patches/patch-sshd.c     Sat Nov 25 08:49:32 2017 +0000
@@ -1,11 +1,11 @@
-$NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $
+$NetBSD: patch-sshd.c,v 1.8.8.1 2017/11/25 08:49:32 bsiegert Exp $
 
 * Interix support
 * Revive tcp_wrappers support.
 
---- sshd.c.orig        2016-12-19 04:59:41.000000000 +0000
+--- sshd.c.orig        2017-10-02 19:34:26.000000000 +0000
 +++ sshd.c
-@@ -123,6 +123,13 @@
+@@ -122,6 +122,13 @@
  #include "version.h"
  #include "ssherr.h"
  
@@ -19,7 +19,7 @@
  /* Re-exec fds */
  #define REEXEC_DEVCRYPTO_RESERVED_FD  (STDERR_FILENO + 1)
  #define REEXEC_STARTUP_PIPE_FD                (STDERR_FILENO + 2)
-@@ -220,7 +227,11 @@ int *startup_pipes = NULL;
+@@ -219,7 +226,11 @@ int *startup_pipes = NULL;
  int startup_pipe;             /* in child */
  
  /* variables used for privilege separation */
@@ -30,17 +30,8 @@
 +#endif
  struct monitor *pmonitor = NULL;
  int privsep_is_preauth = 1;
- 
-@@ -541,7 +552,7 @@ privsep_preauth_child(void)
-       demote_sensitive_data();
- 
-       /* Demote the child */
--      if (getuid() == 0 || geteuid() == 0) {
-+      if (getuid() == ROOTUID || geteuid() == ROOTUID) {
-               /* Change our root directory */
-               if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
-                       fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
-@@ -552,10 +563,15 @@ privsep_preauth_child(void)
+ static int privsep_chroot = 1;
+@@ -550,10 +561,15 @@ privsep_preauth_child(void)
                /* Drop our privileges */
                debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
                    (u_int)privsep_pw->pw_gid);
@@ -56,7 +47,7 @@
        }
  }
  
-@@ -619,10 +635,17 @@ privsep_preauth(Authctxt *authctxt)
+@@ -617,10 +633,17 @@ privsep_preauth(Authctxt *authctxt)
                /* Arrange for logging to be sent to the monitor */
                set_log_handler(mm_log_handler, pmonitor);
  
@@ -74,7 +65,7 @@
  
                return 0;
        }
-@@ -634,7 +657,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -632,7 +655,7 @@ privsep_postauth(Authctxt *authctxt)
  #ifdef DISABLE_FD_PASSING
        if (1) {
  #else
@@ -83,7 +74,7 @@
  #endif
                /* File descriptor passing is broken or root login */
                use_privsep = 0;
-@@ -1389,8 +1412,10 @@ main(int ac, char **av)
+@@ -1393,8 +1416,10 @@ main(int ac, char **av)
        av = saved_argv;
  #endif
  
@@ -95,7 +86,16 @@
  
        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
        sanitise_stdfd();
-@@ -1766,7 +1791,7 @@ main(int ac, char **av)
+@@ -1636,7 +1661,7 @@ main(int ac, char **av)
+       );
+ 
+       /* Store privilege separation user for later use if required. */
+-      privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
++      privsep_chroot = use_privsep && (getuid() == ROOTUID || geteuid() == ROOTUID);
+       if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+               if (privsep_chroot || options.kerberos_authentication)
+                       fatal("Privilege separation user %s does not exist",
+@@ -1769,7 +1794,7 @@ main(int ac, char **av)
                    (st.st_uid != getuid () ||
                    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
  #else
@@ -104,7 +104,7 @@
  #endif
                        fatal("%s must be owned by root and not group or "
                            "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
-@@ -1789,8 +1814,10 @@ main(int ac, char **av)
+@@ -1792,8 +1817,10 @@ main(int ac, char **av)
         * to create a file, and we can't control the code in every
         * module which might be used).
         */
@@ -115,7 +115,7 @@
  
        if (rexec_flag) {
                rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
-@@ -1972,6 +1999,25 @@ main(int ac, char **av)
+@@ -1981,6 +2008,25 @@ main(int ac, char **av)
        audit_connection_from(remote_ip, remote_port);
  #endif
  



Home | Main Index | Thread Index | Old Index