diff options
| author | bsiegert <bsiegert@pkgsrc.org> | 2017-11-25 08:49:32 +0000 |
|---|---|---|
| committer | bsiegert <bsiegert@pkgsrc.org> | 2017-11-25 08:49:32 +0000 |
| commit | 04d163b54dc9d8353e6e4a23ba445656b53129ef (patch) | |
| tree | 0a10b847658faf6258aff246e22af8bc38889aef | |
| parent | 032f86e95fac5dcc5a50dc3d76d4c9a92ad7df6b (diff) | |
| download | pkgsrc-04d163b54dc9d8353e6e4a23ba445656b53129ef.tar.gz | |
Pullup ticket #5649 - requested by maya
security/openssh: security fix
Revisions pulled up:
- security/openssh/Makefile 1.254
- security/openssh/distinfo 1.105
- security/openssh/patches/patch-sshd.c 1.9
---
Module Name: pkgsrc
Committed By: wiz
Date: Wed Oct 4 11:44:14 UTC 2017
Modified Files:
pkgsrc/security/openssh: Makefile distinfo
pkgsrc/security/openssh/patches: patch-sshd.c
Log Message:
openssh: update to 7.6.1.
Potentially-incompatible changes
================================
This release includes a number of changes that may affect existing
configurations:
* ssh(1): delete SSH protocol version 1 support, associated
configuration options and documentation.
* ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.
* ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
ciphers.
* Refuse RSA keys <1024 bits in length and improve reporting for keys
that do not meet this requirement.
* ssh(1): do not offer CBC ciphers by default.
Changes since OpenSSH 7.5
=========================
This is primarily a bugfix release. It also contains substantial
internal refactoring.
Security
--------
* sftp-server(8): in read-only mode, sftp-server was incorrectly
permitting creation of zero-length files. Reported by Michal
Zalewski.
New Features
------------
* ssh(1): add RemoteCommand option to specify a command in the ssh
config file instead of giving it on the client's command line. This
allows the configuration file to specify the command that will be
executed on the remote host.
* sshd(8): add ExposeAuthInfo option that enables writing details of
the authentication methods used (including public keys where
applicable) to a file that is exposed via a $SSH_USER_AUTH
environment variable in the subsequent session.
* ssh(1): add support for reverse dynamic forwarding. In this mode,
ssh will act as a SOCKS4/5 proxy and forward connections
to destinations requested by the remote SOCKS client. This mode
is requested using extended syntax for the -R and RemoteForward
options and, because it is implemented solely at the client,
does not require the server be updated to be supported.
* sshd(8): allow LogLevel directive in sshd_config Match blocks;
bz#2717
* ssh-keygen(1): allow inclusion of arbitrary string or flag
certificate extensions and critical options.
* ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
a CA when signing certificates. bz#2377
* ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
ToS/DSCP value and just use the operating system default.
* ssh-add(1): added -q option to make ssh-add quiet on success.
* ssh(1): expand the StrictHostKeyChecking option with two new
settings. The first "accept-new" will automatically accept
hitherto-unseen keys but will refuse connections for changed or
invalid hostkeys. This is a safer subset of the current behaviour
of StrictHostKeyChecking=no. The second setting "off", is a synonym
for the current behaviour of StrictHostKeyChecking=no: accept new
host keys, and continue connection for hosts with incorrect
hostkeys. A future release will change the meaning of
StrictHostKeyChecking=no to the behaviour of "accept-new". bz#2400
* ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
option in sshd(8). bz#2705
Bugfixes
--------
* ssh(1): use HostKeyAlias if specified instead of hostname for
matching host certificate principal names; bz#2728
* sftp(1): implement sorting for globbed ls; bz#2649
* ssh(1): add a user@host prefix to client's "Permission denied"
messages, useful in particular when using "stacked" connections
(e.g. ssh -J) where it's not clear which host is denying. bz#2720
* ssh(1): accept unknown EXT_INFO extension values that contain \0
characters. These are legal, but would previously cause fatal
connection errors if received.
* ssh(1)/sshd(8): repair compression statistics printed at
connection exit
* sftp(1): print '?' instead of incorrect link count (that the
protocol doesn't provide) for remote listings. bz#2710
* ssh(1): return failure rather than fatal() for more cases during
session multiplexing negotiations. Causes the session to fall back
to a non-mux connection if they occur. bz#2707
* ssh(1): mention that the server may send debug messages to explain
public key authentication problems under some circumstances; bz#2709
* Translate OpenSSL error codes to better report incorrect passphrase
errors when loading private keys; bz#2699
* sshd(8): adjust compatibility patterns for WinSCP to correctly
identify versions that implement only the legacy DH group exchange
scheme. bz#2748
* ssh(1): print the "Killed by signal 1" message only at LogLevel
verbose so that it is not shown at the default level; prevents it
from appearing during ssh -J and equivalent ProxyCommand configs.
bz#1906, bz#2744
* ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
existing keys if they exist but are zero length. zero-length keys
could previously be made if ssh-keygen failed or was interrupted part
way through generating them. bz#2561
* ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
place the current session in the background.
* ssh-keyscan(1): avoid double-close() on file descriptors; bz#2734
* sshd(8): avoid reliance on shared use of pointers shared between
monitor and child sshd processes. bz#2704
* sshd_config(8): document available AuthenticationMethods; bz#2453
* ssh(1): avoid truncation in some login prompts; bz#2768
* sshd(8): Fix various compilations failures, inc bz#2767
* ssh(1): make "--" before the hostname terminate argument processing
after the hostname too.
* ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
new-style private keys. Fixes problems related to private key
handling for no-OpenSSL builds. bz#2754
* ssh(1): warn and do not attempt to use keys when the public and
private halves do not match. bz#2737
* sftp(1): don't print verbose error message when ssh disconnects
from under sftp. bz#2750
* sshd(8): fix keepalive scheduling problem: activity on a forwarded
port from preventing the keepalive from being sent; bz#2756
* sshd(8): when started without root privileges, don't require the
privilege separation user or path to exist. Makes running the
regression tests easier without touching the filesystem.
* Make integrity.sh regression tests more robust against timeouts.
bz#2658
* ssh(1)/sshd(8): correctness fix for channels implementation: accept
channel IDs greater than 0x7FFFFFFF.
Portability
-----------
* sshd(9): drop two more privileges in the Solaris sandbox:
PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO; bz#2723
* sshd(8): expose list of completed authentication methods to PAM
via the SSH_AUTH_INFO_0 PAM environment variable. bz#2408
* ssh(1)/sshd(8): fix several problems in the tun/tap forwarding code,
mostly to do with host/network byte order confusion. bz#2735
* Add --with-cflags-after and --with-ldflags-after configure flags to
allow setting CFLAGS/LDFLAGS after configure has completed. These
are useful for setting sanitiser/fuzzing options that may interfere
with configure's operation.
* sshd(8): avoid Linux seccomp violations on ppc64le over the
socketcall syscall.
* Fix use of ldns when using ldns-config; bz#2697
* configure: set cache variables when cross-compiling. The cross-
compiling fallback message was saying it assumed the test passed,
but it wasn't actually set the cache variables and this would
cause later tests to fail.
* Add clang libFuzzer harnesses for public key parsing and signature
verification.
| -rw-r--r-- | security/openssh/Makefile | 5 | ||||
| -rw-r--r-- | security/openssh/distinfo | 12 | ||||
| -rw-r--r-- | security/openssh/patches/patch-sshd.c | 42 |
3 files changed, 29 insertions, 30 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index fe04938d06f..85194ed7b44 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.253 2017/07/24 16:33:22 he Exp $ +# $NetBSD: Makefile,v 1.253.4.1 2017/11/25 08:49:32 bsiegert Exp $ -DISTNAME= openssh-7.5p1 +DISTNAME= openssh-7.6p1 PKGNAME= ${DISTNAME:S/p1/.1/} -PKGREVISION= 1 CATEGORIES= security MASTER_SITES= ${MASTER_SITE_OPENBSD:=OpenSSH/portable/} diff --git a/security/openssh/distinfo b/security/openssh/distinfo index 95acaedf14e..4ad08bbfd97 100644 --- a/security/openssh/distinfo +++ b/security/openssh/distinfo @@ -1,9 +1,9 @@ -$NetBSD: distinfo,v 1.104 2017/05/31 09:30:21 jperkin Exp $ +$NetBSD: distinfo,v 1.104.6.1 2017/11/25 08:49:32 bsiegert Exp $ -SHA1 (openssh-7.5p1.tar.gz) = 5e8f185d00afb4f4f89801e9b0f8b9cee9d87ebd -RMD160 (openssh-7.5p1.tar.gz) = c1b176a1fe92495d056edda0c5db54efcfb8764a -SHA512 (openssh-7.5p1.tar.gz) = 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81 -Size (openssh-7.5p1.tar.gz) = 1510857 bytes +SHA1 (openssh-7.6p1.tar.gz) = a6984bc2c72192bed015c8b879b35dd9f5350b3b +RMD160 (openssh-7.6p1.tar.gz) = 486ae743f51ffbf8197d564aab9ae54f9e2ac9da +SHA512 (openssh-7.6p1.tar.gz) = de17fdcb8239401f76740c8d689a8761802f6df94e68d953f3c70b9f4f8bdb403617c48c1d01cc8c368d88e9d50aee540bf03d5a36687dfb39dfd28d73029d72 +Size (openssh-7.6p1.tar.gz) = 1489788 bytes SHA1 (patch-Makefile.in) = 98960119bda68a663214c8880484552f1207bcfc SHA1 (patch-auth-passwd.c) = 5205ca4d15dbcd3f4c574f0a2fb7713ae69af5f7 SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4 @@ -25,6 +25,6 @@ SHA1 (patch-session.c) = c67d649dc66a65ff39d701135a2f2dab6ba2fb93 SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778 SHA1 (patch-ssh.c) = 6877d8205d999906c14240d4d112b084609927ca SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1 -SHA1 (patch-sshd.c) = a1ccf7e54275629965d80d9cf7cd8669d9f1f4cf +SHA1 (patch-sshd.c) = 040ac961247fdd55bd09b85e65b905b63bc24f7d SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938 SHA1 (patch-uidswap.c) = 68c4f5ffab7f4c5c9c00b7443a74b2da52809b7e diff --git a/security/openssh/patches/patch-sshd.c b/security/openssh/patches/patch-sshd.c index e21d7700b8f..3da0d391364 100644 --- a/security/openssh/patches/patch-sshd.c +++ b/security/openssh/patches/patch-sshd.c @@ -1,11 +1,11 @@ -$NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $ +$NetBSD: patch-sshd.c,v 1.8.8.1 2017/11/25 08:49:32 bsiegert Exp $ * Interix support * Revive tcp_wrappers support. ---- sshd.c.orig 2016-12-19 04:59:41.000000000 +0000 +--- sshd.c.orig 2017-10-02 19:34:26.000000000 +0000 +++ sshd.c -@@ -123,6 +123,13 @@ +@@ -122,6 +122,13 @@ #include "version.h" #include "ssherr.h" @@ -19,7 +19,7 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $ /* Re-exec fds */ #define REEXEC_DEVCRYPTO_RESERVED_FD (STDERR_FILENO + 1) #define REEXEC_STARTUP_PIPE_FD (STDERR_FILENO + 2) -@@ -220,7 +227,11 @@ int *startup_pipes = NULL; +@@ -219,7 +226,11 @@ int *startup_pipes = NULL; int startup_pipe; /* in child */ /* variables used for privilege separation */ @@ -30,17 +30,8 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $ +#endif struct monitor *pmonitor = NULL; int privsep_is_preauth = 1; - -@@ -541,7 +552,7 @@ privsep_preauth_child(void) - demote_sensitive_data(); - - /* Demote the child */ -- if (getuid() == 0 || geteuid() == 0) { -+ if (getuid() == ROOTUID || geteuid() == ROOTUID) { - /* Change our root directory */ - if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1) - fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR, -@@ -552,10 +563,15 @@ privsep_preauth_child(void) + static int privsep_chroot = 1; +@@ -550,10 +561,15 @@ privsep_preauth_child(void) /* Drop our privileges */ debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid, (u_int)privsep_pw->pw_gid); @@ -56,7 +47,7 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $ } } -@@ -619,10 +635,17 @@ privsep_preauth(Authctxt *authctxt) +@@ -617,10 +633,17 @@ privsep_preauth(Authctxt *authctxt) /* Arrange for logging to be sent to the monitor */ set_log_handler(mm_log_handler, pmonitor); @@ -74,7 +65,7 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $ return 0; } -@@ -634,7 +657,7 @@ privsep_postauth(Authctxt *authctxt) +@@ -632,7 +655,7 @@ privsep_postauth(Authctxt *authctxt) #ifdef DISABLE_FD_PASSING if (1) { #else @@ -83,7 +74,7 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $ #endif /* File descriptor passing is broken or root login */ use_privsep = 0; -@@ -1389,8 +1412,10 @@ main(int ac, char **av) +@@ -1393,8 +1416,10 @@ main(int ac, char **av) av = saved_argv; #endif @@ -95,7 +86,16 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $ /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */ sanitise_stdfd(); -@@ -1766,7 +1791,7 @@ main(int ac, char **av) +@@ -1636,7 +1661,7 @@ main(int ac, char **av) + ); + + /* Store privilege separation user for later use if required. */ +- privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0); ++ privsep_chroot = use_privsep && (getuid() == ROOTUID || geteuid() == ROOTUID); + if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) { + if (privsep_chroot || options.kerberos_authentication) + fatal("Privilege separation user %s does not exist", +@@ -1769,7 +1794,7 @@ main(int ac, char **av) (st.st_uid != getuid () || (st.st_mode & (S_IWGRP|S_IWOTH)) != 0)) #else @@ -104,7 +104,7 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $ #endif fatal("%s must be owned by root and not group or " "world-writable.", _PATH_PRIVSEP_CHROOT_DIR); -@@ -1789,8 +1814,10 @@ main(int ac, char **av) +@@ -1792,8 +1817,10 @@ main(int ac, char **av) * to create a file, and we can't control the code in every * module which might be used). */ @@ -115,7 +115,7 @@ $NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $ if (rexec_flag) { rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *)); -@@ -1972,6 +1999,25 @@ main(int ac, char **av) +@@ -1981,6 +2008,25 @@ main(int ac, char **av) audit_connection_from(remote_ip, remote_port); #endif |