diff --git a/backport-CVE-2021-36368-added-option-to-disable-trivial-auth.patch b/backport-CVE-2021-36368-added-option-to-disable-trivial-auth.patch new file mode 100644 index 0000000000000000000000000000000000000000..48e61f01c0a4840e3f8513bdd1db90bf759ed906 --- /dev/null +++ b/backport-CVE-2021-36368-added-option-to-disable-trivial-auth.patch @@ -0,0 +1,220 @@ +Conflict:NA +Reference:https://github.com/openssh/openssh-portable/pull/258/files + +--- + readconf.c | 11 ++++++++++- + readconf.h | 2 ++ + scp.1 | 1 + + sftp.1 | 1 + + ssh.1 | 1 + + ssh_config | 1 + + ssh_config.5 | 7 +++++++ + sshconnect2.c | 13 ++++++++++++- + 8 files changed, 35 insertions(+), 2 deletions(-) + +diff --git a/readconf.c b/readconf.c +index d25f983..45c1c22 100644 +--- a/readconf.c ++++ b/readconf.c +@@ -157,7 +157,7 @@ typedef enum { + oLogFacility, oLogLevel, oLogVerbose, oCiphers, oMacs, + oPubkeyAuthentication, + oKbdInteractiveAuthentication, oKbdInteractiveDevices, oHostKeyAlias, +- oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, ++ oDynamicForward, oPreferredAuthentications, oHostbasedAuthentication, oDisableTrivialAuth, + oHostKeyAlgorithms, oBindAddress, oBindInterface, oPKCS11Provider, + oClearAllForwardings, oNoHostAuthenticationForLocalhost, + oEnableSSHKeysign, oRekeyLimit, oVerifyHostKeyDNS, oConnectTimeout, +@@ -250,6 +250,7 @@ static struct { + { "pubkeyauthentication", oPubkeyAuthentication }, + { "dsaauthentication", oPubkeyAuthentication }, /* alias */ + { "hostbasedauthentication", oHostbasedAuthentication }, ++ { "disabletrivialauth", oDisableTrivialAuth}, + { "identityfile", oIdentityFile }, + { "identityfile2", oIdentityFile }, /* obsolete */ + { "identitiesonly", oIdentitiesOnly }, +@@ -1124,6 +1125,10 @@ parse_time: + intptr = &options->hostbased_authentication; + goto parse_flag; + ++ case oDisableTrivialAuth: ++ intptr = &options->disable_trivial_auth; ++ goto parse_flag; ++ + case oGssAuthentication: + intptr = &options->gss_authentication; + goto parse_flag; +@@ -2392,6 +2397,7 @@ initialize_options(Options * options) + options->kbd_interactive_authentication = -1; + options->kbd_interactive_devices = NULL; + options->hostbased_authentication = -1; ++ options->disable_trivial_auth = -1; + options->batch_mode = -1; + options->check_host_ip = -1; + options->strict_host_key_checking = -1; +@@ -2562,6 +2568,8 @@ fill_default_options(Options * options) + options->kbd_interactive_authentication = 1; + if (options->hostbased_authentication == -1) + options->hostbased_authentication = 0; ++ if (options->disable_trivial_auth == -1) ++ options->disable_trivial_auth = 0; + if (options->batch_mode == -1) + options->batch_mode = 0; + if (options->check_host_ip == -1) +@@ -3362,6 +3370,7 @@ dump_client_config(Options *o, const char *host) + #endif /* GSSAPI */ + dump_cfg_fmtint(oHashKnownHosts, o->hash_known_hosts); + dump_cfg_fmtint(oHostbasedAuthentication, o->hostbased_authentication); ++ dump_cfg_fmtint(oDisableTrivialAuth, o->disable_trivial_auth); + dump_cfg_fmtint(oIdentitiesOnly, o->identities_only); + dump_cfg_fmtint(oKbdInteractiveAuthentication, o->kbd_interactive_authentication); + dump_cfg_fmtint(oNoHostAuthenticationForLocalhost, o->no_host_authentication_for_localhost); +diff --git a/readconf.h b/readconf.h +index 00895ad..b391bd6 100644 +--- a/readconf.h ++++ b/readconf.h +@@ -38,6 +38,8 @@ typedef struct { + struct ForwardOptions fwd_opts; /* forwarding options */ + int pubkey_authentication; /* Try ssh2 pubkey authentication. */ + int hostbased_authentication; /* ssh2's rhosts_rsa */ ++ ++ int disable_trivial_auth; /* disable trivial authentications */ + int gss_authentication; /* Try GSS authentication */ + int gss_keyex; /* Try GSS key exchange */ + int gss_deleg_creds; /* Delegate GSS credentials */ +diff --git a/scp.1 b/scp.1 +index 874c5c2..e1f8191 100644 +--- a/scp.1 ++++ b/scp.1 +@@ -187,6 +187,7 @@ For full details of the options listed below, and their possible values, see + .It Host + .It HostbasedAcceptedAlgorithms + .It HostbasedAuthentication ++.It DisableTrivialAuth + .It HostKeyAlgorithms + .It HostKeyAlias + .It Hostname +diff --git a/sftp.1 b/sftp.1 +index 7eebeea..89b6773 100644 +--- a/sftp.1 ++++ b/sftp.1 +@@ -247,6 +247,7 @@ For full details of the options listed below, and their possible values, see + .It Host + .It HostbasedAcceptedAlgorithms + .It HostbasedAuthentication ++.It DisableTrivialAuth + .It HostKeyAlgorithms + .It HostKeyAlias + .It Hostname +diff --git a/ssh.1 b/ssh.1 +index 975ab39..1cb8d5c 100644 +--- a/ssh.1 ++++ b/ssh.1 +@@ -541,6 +541,7 @@ For full details of the options listed below, and their possible values, see + .It Host + .It HostbasedAcceptedAlgorithms + .It HostbasedAuthentication ++.It DisableTrivialAuth + .It HostKeyAlgorithms + .It HostKeyAlias + .It Hostname +diff --git a/ssh_config b/ssh_config +index b3a4922..169f30c 100644 +--- a/ssh_config ++++ b/ssh_config +@@ -22,6 +22,7 @@ + # ForwardX11 no + # PasswordAuthentication yes + # HostbasedAuthentication no ++# DisableTrivialAuth no + # GSSAPIAuthentication no + # GSSAPIDelegateCredentials no + # GSSAPIKeyExchange no +diff --git a/ssh_config.5 b/ssh_config.5 +index 6735401..fd82e05 100644 +--- a/ssh_config.5 ++++ b/ssh_config.5 +@@ -955,6 +955,13 @@ The argument must be + or + .Cm no + (the default). ++.It Cm DisableTrivialAuth ++Disables trivial or incomplete authentications. ++The argument must be ++.Cm yes ++or ++.Cm no ++(the default). + .It Cm HostKeyAlgorithms + Specifies the host key signature algorithms + that the client wants to use in order of preference. +diff --git a/sshconnect2.c b/sshconnect2.c +index e90eb89..150d419 100644 +--- a/sshconnect2.c ++++ b/sshconnect2.c +@@ -403,6 +403,7 @@ struct identity { + TAILQ_HEAD(idlist, identity); + + struct cauthctxt { ++ int is_trivial_auth; + const char *server_user; + const char *local_user; + const char *host; +@@ -531,6 +532,7 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, + /* setup authentication context */ + memset(&authctxt, 0, sizeof(authctxt)); + authctxt.server_user = server_user; ++ authctxt.is_trivial_auth = 1; + authctxt.local_user = local_user; + authctxt.host = host; + authctxt.service = "ssh-connection"; /* service name */ +@@ -570,6 +572,10 @@ ssh_userauth2(struct ssh *ssh, const char *local_user, + + if (!authctxt.success) + fatal("Authentication failed."); ++ if (authctxt.is_trivial_auth == 1 && options.disable_trivial_auth == 1) { ++ fatal("Trivial authentication disabled."); ++ } ++ debug("Authentication succeeded (%s).", authctxt.method->name); + if (ssh_packet_connection_is_on_socket(ssh)) { + verbose("Authenticated to %s ([%s]:%d) using \"%s\".", host, + ssh_remote_ipaddr(ssh), ssh_remote_port(ssh), +@@ -968,6 +974,7 @@ process_gssapi_token(struct ssh *ssh, gss_buffer_t recv_tok) + fatal_fr(r, "send %u packet", type); + + gss_release_buffer(&ms, &send_tok); ++ authctxt->is_trivial_auth = 0; + } + + if (status == GSS_S_COMPLETE) { +@@ -1213,6 +1220,7 @@ static int + userauth_passwd(struct ssh *ssh) + { + Authctxt *authctxt = (Authctxt *)ssh->authctxt; ++ authctxt->is_trivial_auth = 0; + char *password, *prompt = NULL; + const char *host = options.host_key_alias ? options.host_key_alias : + authctxt->host; +@@ -2023,8 +2031,10 @@ userauth_pubkey(struct ssh *ssh) + id->isprivate = 0; + } + } +- if (sent) ++ if (sent) { ++ authctxt->is_trivial_auth = 0; + return (sent); ++ } + } + return (0); + } +@@ -2105,6 +2115,7 @@ input_userauth_info_req(int type, u_int32_t seq, struct ssh *ssh) + + debug2_f("num_prompts %d", num_prompts); + for (i = 0; i < num_prompts; i++) { ++ authctxt->is_trivial_auth = 0; + if ((r = sshpkt_get_cstring(ssh, &prompt, NULL)) != 0 || + (r = sshpkt_get_u8(ssh, &echo)) != 0) + goto out; +-- +2.27.0 + diff --git a/backport-openssh-6.6p1-keyperm.patch b/backport-openssh-6.6p1-keyperm.patch new file mode 100644 index 0000000000000000000000000000000000000000..333d106cd20a572bda6e26ec70ebc45c53a82a04 --- /dev/null +++ b/backport-openssh-6.6p1-keyperm.patch @@ -0,0 +1,33 @@ +diff -up openssh-8.2p1/authfile.c.keyperm openssh-8.2p1/authfile.c +--- openssh-8.2p1/authfile.c.keyperm 2020-02-14 01:40:54.000000000 +0100 ++++ openssh-8.2p1/authfile.c 2020-02-17 11:55:12.841729758 +0100 +Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/backport-openssh-6.6p1-keyperm.patch +Conflict:NA +@@ -31,6 +31,7 @@ + + #include + #include ++#include + #include + #include + #include +@@ -101,7 +102,19 @@ sshkey_perm_ok(int fd, const char *filen + #ifdef HAVE_CYGWIN + if (check_ntsec(filename)) + #endif ++ + if ((st.st_uid == getuid()) && (st.st_mode & 077) != 0) { ++ if (st.st_mode & 040) { ++ struct group *gr; ++ ++ if ((gr = getgrnam("ssh_keys")) && (st.st_gid == gr->gr_gid)) { ++ /* The only additional bit is read ++ * for ssh_keys group, which is fine */ ++ if ((st.st_mode & 077) == 040 ) { ++ return 0; ++ } ++ } ++ } + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); + error("@ WARNING: UNPROTECTED PRIVATE KEY FILE! @"); + error("@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"); diff --git a/backport-openssh-7.7p1-fips.patch b/backport-openssh-7.7p1-fips.patch new file mode 100644 index 0000000000000000000000000000000000000000..fd8de20c6432cec10e75bc215370f870c57bc738 --- /dev/null +++ b/backport-openssh-7.7p1-fips.patch @@ -0,0 +1,537 @@ +From 94f3898f43a7ef0c53dd50c60ce6d6f884de28e1 Mon Sep 17 00:00:00 2001 +Date: Tue, 20 Aug 2024 20:17:01 +0800 +Subject: [PATCH] backport-openssh-7.7p1-fips + +Reference:https://src.fedoraproject.org/rpms/openssh/blob/rawhide/f/backport-openssh-7.7p1-fips.patch +Conflict:NA +--- + cipher-aes.c | 3 +- + dh.c | 41 +++++++++++++++++++++++++++ + dh.h | 1 + + kex.c | 6 +++- + kexgexc.c | 5 ++++ + myproposal.h | 33 ++++++++++++++++++++++ + readconf.c | 16 +++++++---- + sandbox-seccomp-filter.c | 3 ++ + servconf.c | 16 +++++++---- + ssh-keygen.c | 17 ++++++++++- + ssh-rsa.c | 3 ++ + ssh.c | 5 ++++ + sshconnect2.c | 61 ++++++++++++++++++++++------------------ + sshd.c | 19 ++++++++++--- + sshkey.c | 1 + + 15 files changed, 186 insertions(+), 44 deletions(-) + +diff --git a/cipher-aes.c b/cipher-aes.c +index 8b10172..1a07697 100644 +--- a/cipher-aes.c ++++ b/cipher-aes.c +@@ -154,7 +154,8 @@ evp_rijndael(void) + rijndal_cbc.do_cipher = ssh_rijndael_cbc; + #ifndef SSH_OLD_EVP + rijndal_cbc.flags = EVP_CIPH_CBC_MODE | EVP_CIPH_VARIABLE_LENGTH | +- EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV; ++ EVP_CIPH_ALWAYS_CALL_INIT | EVP_CIPH_CUSTOM_IV | ++ EVP_CIPH_FLAG_FIPS; + #endif + return (&rijndal_cbc); + } +diff --git a/dh.c b/dh.c +index ce2eb47..166cb02 100644 +--- a/dh.c ++++ b/dh.c +@@ -36,6 +36,7 @@ + + #include + #include ++#include + + #include "dh.h" + #include "pathnames.h" +@@ -164,6 +165,12 @@ choose_dh(int min, int wantbits, int max) + int best, bestcount, which, linenum; + struct dhgroup dhg; + ++ if (FIPS_mode()) { ++ logit("Using arbitrary primes is not allowed in FIPS mode." ++ " Falling back to known groups."); ++ return (dh_new_group_fallback(max)); ++ } ++ + if ((f = fopen(get_moduli_filename(), "r")) == NULL) { + logit("WARNING: could not open %s (%s), using fixed modulus", + get_moduli_filename(), strerror(errno)); +@@ -502,4 +509,38 @@ dh_estimate(int bits) + return 8192; + } + ++/* ++ * Compares the received DH parameters with known-good groups, ++ * which might be either from group14, group16 or group18. ++ */ ++int ++dh_is_known_group(const DH *dh) ++{ ++ const BIGNUM *p, *g; ++ const BIGNUM *known_p, *known_g; ++ DH *known = NULL; ++ int bits = 0, rv = 0; ++ ++ DH_get0_pqg(dh, &p, NULL, &g); ++ bits = BN_num_bits(p); ++ ++ if (bits <= 3072) { ++ known = dh_new_group14(); ++ } else if (bits <= 6144) { ++ known = dh_new_group16(); ++ } else { ++ known = dh_new_group18(); ++ } ++ ++ DH_get0_pqg(known, &known_p, NULL, &known_g); ++ ++ if (BN_cmp(g, known_g) == 0 && ++ BN_cmp(p, known_p) == 0) { ++ rv = 1; ++ } ++ ++ DH_free(known); ++ return rv; ++} ++ + #endif /* WITH_OPENSSL */ +diff --git a/dh.h b/dh.h +index c6326a3..e51e292 100644 +--- a/dh.h ++++ b/dh.h +@@ -45,6 +45,7 @@ DH *dh_new_group_fallback(int); + + int dh_gen_key(DH *, int); + int dh_pub_is_valid(const DH *, const BIGNUM *); ++int dh_is_known_group(const DH *); + + u_int dh_estimate(int); + void dh_set_moduli_file(const char *); +diff --git a/kex.c b/kex.c +index 36ae36c..1636f25 100644 +--- a/kex.c ++++ b/kex.c +@@ -40,6 +40,7 @@ + #ifdef WITH_OPENSSL + #include + #include ++#include + # ifdef HAVE_EVP_KDF_CTX_NEW_ID + # include + # endif +@@ -205,7 +206,10 @@ kex_names_valid(const char *names) + for ((p = strsep(&cp, ",")); p && *p != '\0'; + (p = strsep(&cp, ","))) { + if (kex_alg_by_name(p) == NULL) { +- error("Unsupported KEX algorithm \"%.100s\"", p); ++ if (FIPS_mode()) ++ error("\"%.100s\" is not allowed in FIPS mode", p); ++ else ++ error("Unsupported KEX algorithm \"%.100s\"", p); + free(s); + return 0; + } +diff --git a/kexgexc.c b/kexgexc.c +index e99e0cf..4c3feae 100644 +--- a/kexgexc.c ++++ b/kexgexc.c +@@ -28,6 +28,7 @@ + + #ifdef WITH_OPENSSL + ++#include + #include + + #include +@@ -115,6 +116,10 @@ input_kex_dh_gex_group(int type, u_int32_t seq, struct ssh *ssh) + r = SSH_ERR_ALLOC_FAIL; + goto out; + } ++ if (FIPS_mode() && dh_is_known_group(kex->dh) == 0) { ++ r = SSH_ERR_INVALID_ARGUMENT; ++ goto out; ++ } + p = g = NULL; /* belong to kex->dh now */ + + /* generate and send 'e', client DH public key */ +diff --git a/myproposal.h b/myproposal.h +index ee6e9f7..ff8dfa8 100644 +--- a/myproposal.h ++++ b/myproposal.h +@@ -56,6 +56,18 @@ + "rsa-sha2-512," \ + "rsa-sha2-256" + ++#define KEX_FIPS_PK_ALG \ ++ "ecdsa-sha2-nistp256-cert-v01@openssh.com," \ ++ "ecdsa-sha2-nistp384-cert-v01@openssh.com," \ ++ "ecdsa-sha2-nistp521-cert-v01@openssh.com," \ ++ "rsa-sha2-512-cert-v01@openssh.com," \ ++ "rsa-sha2-256-cert-v01@openssh.com," \ ++ "ecdsa-sha2-nistp256," \ ++ "ecdsa-sha2-nistp384," \ ++ "ecdsa-sha2-nistp521," \ ++ "rsa-sha2-512," \ ++ "rsa-sha2-256," \ ++ + #define KEX_SERVER_ENCRYPT \ + "chacha20-poly1305@openssh.com," \ + "aes128-ctr,aes192-ctr,aes256-ctr," \ +@@ -77,6 +89,27 @@ + + #define KEX_CLIENT_MAC KEX_SERVER_MAC + ++#define KEX_FIPS_ENCRYPT \ ++ "aes128-ctr,aes192-ctr,aes256-ctr," \ ++ "aes128-cbc,3des-cbc," \ ++ "aes192-cbc,aes256-cbc,rijndael-cbc@lysator.liu.se," \ ++ "aes128-gcm@openssh.com,aes256-gcm@openssh.com" ++#define KEX_DEFAULT_KEX_FIPS \ ++ "ecdh-sha2-nistp256," \ ++ "ecdh-sha2-nistp384," \ ++ "ecdh-sha2-nistp521," \ ++ "diffie-hellman-group-exchange-sha256," \ ++ "diffie-hellman-group16-sha512," \ ++ "diffie-hellman-group18-sha512," \ ++ "diffie-hellman-group14-sha256" ++#define KEX_FIPS_MAC \ ++ "hmac-sha1," \ ++ "hmac-sha2-256," \ ++ "hmac-sha2-512," \ ++ "hmac-sha1-etm@openssh.com," \ ++ "hmac-sha2-256-etm@openssh.com," \ ++ "hmac-sha2-512-etm@openssh.com" ++ + /* Not a KEX value, but here so all the algorithm defaults are together */ + #define SSH_ALLOWED_CA_SIGALGS \ + "ssh-ed25519," \ +diff --git a/readconf.c b/readconf.c +index bd8627c..dd22c3c 100644 +--- a/readconf.c ++++ b/readconf.c +@@ -24,6 +24,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -2711,11 +2712,16 @@ fill_default_options(Options * options) + all_key = sshkey_alg_list(0, 0, 1, ','); + all_sig = sshkey_alg_list(0, 1, 1, ','); + /* remove unsupported algos from default lists */ +- def_cipher = match_filter_allowlist(KEX_CLIENT_ENCRYPT, all_cipher); +- def_mac = match_filter_allowlist(KEX_CLIENT_MAC, all_mac); +- def_kex = match_filter_allowlist(KEX_CLIENT_KEX, all_kex); +- def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key); +- def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig); ++ def_cipher = match_filter_allowlist((FIPS_mode() ? ++ KEX_FIPS_ENCRYPT : KEX_CLIENT_ENCRYPT), all_cipher); ++ def_mac = match_filter_allowlist((FIPS_mode() ? ++ KEX_FIPS_MAC : KEX_CLIENT_MAC), all_mac); ++ def_kex = match_filter_allowlist((FIPS_mode() ? ++ KEX_DEFAULT_KEX_FIPS : KEX_CLIENT_KEX), all_kex); ++ def_key = match_filter_allowlist((FIPS_mode() ? ++ KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG), all_key); ++ def_sig = match_filter_allowlist((FIPS_mode() ? ++ KEX_FIPS_PK_ALG : SSH_ALLOWED_CA_SIGALGS), all_sig); + #define ASSEMBLE(what, defaults, all) \ + do { \ + if ((r = kex_assemble_names(&options->what, \ +diff --git a/sandbox-seccomp-filter.c b/sandbox-seccomp-filter.c +index 139b6fb..5376800 100644 +--- a/sandbox-seccomp-filter.c ++++ b/sandbox-seccomp-filter.c +@@ -230,6 +230,9 @@ static const struct sock_filter preauth_insns[] = { + #ifdef __NR_open + SC_DENY(__NR_open, EACCES), + #endif ++#ifdef __NR_socket ++ SC_DENY(__NR_socket, EACCES), ++#endif + #ifdef __NR_openat + SC_DENY(__NR_openat, EACCES), + #endif +diff --git a/servconf.c b/servconf.c +index 0dbf90c..24db0cc 100644 +--- a/servconf.c ++++ b/servconf.c +@@ -26,6 +26,7 @@ + #ifdef HAVE_NET_ROUTE_H + #include + #endif ++#include + + #include + #include +@@ -230,11 +231,16 @@ assemble_algorithms(ServerOptions *o) + all_key = sshkey_alg_list(0, 0, 1, ','); + all_sig = sshkey_alg_list(0, 1, 1, ','); + /* remove unsupported algos from default lists */ +- def_cipher = match_filter_allowlist(KEX_SERVER_ENCRYPT, all_cipher); +- def_mac = match_filter_allowlist(KEX_SERVER_MAC, all_mac); +- def_kex = match_filter_allowlist(KEX_SERVER_KEX, all_kex); +- def_key = match_filter_allowlist(KEX_DEFAULT_PK_ALG, all_key); +- def_sig = match_filter_allowlist(SSH_ALLOWED_CA_SIGALGS, all_sig); ++ def_cipher = match_filter_allowlist((FIPS_mode() ? ++ KEX_FIPS_ENCRYPT : KEX_SERVER_ENCRYPT), all_cipher); ++ def_mac = match_filter_allowlist((FIPS_mode() ? ++ KEX_FIPS_MAC : KEX_SERVER_MAC), all_mac); ++ def_kex = match_filter_allowlist((FIPS_mode() ? ++ KEX_DEFAULT_KEX_FIPS : KEX_SERVER_KEX), all_kex); ++ def_key = match_filter_allowlist((FIPS_mode() ? ++ KEX_FIPS_PK_ALG : KEX_DEFAULT_PK_ALG), all_key); ++ def_sig = match_filter_allowlist((FIPS_mode() ? ++ KEX_FIPS_PK_ALG : SSH_ALLOWED_CA_SIGALGS), all_sig); + #define ASSEMBLE(what, defaults, all) \ + do { \ + if ((r = kex_assemble_names(&o->what, defaults, all)) != 0) \ +diff --git a/ssh-keygen.c b/ssh-keygen.c +index 46f4998..5c48ee0 100644 +--- a/ssh-keygen.c ++++ b/ssh-keygen.c +@@ -23,6 +23,7 @@ + #include + #include "openbsd-compat/openssl-compat.h" + #endif ++#include + + #ifdef HAVE_STDINT_H + # include +@@ -207,6 +208,12 @@ type_bits_valid(int type, const char *name, u_int32_t *bitsp) + #endif + } + #ifdef WITH_OPENSSL ++ if (FIPS_mode()) { ++ if (type == KEY_DSA) ++ fatal("DSA keys are not allowed in FIPS mode"); ++ if (type == KEY_ED25519) ++ fatal("ED25519 keys are not allowed in FIPS mode"); ++ } + switch (type) { + case KEY_DSA: + if (*bitsp != 1024) +@@ -1113,9 +1120,17 @@ do_gen_all_hostkeys(struct passwd *pw) + first = 1; + printf("%s: generating new host keys: ", __progname); + } ++ type = sshkey_type_from_name(key_types[i].key_type); ++ ++ /* Skip the keys that are not supported in FIPS mode */ ++ if (FIPS_mode() && (type == KEY_DSA || type == KEY_ED25519)) { ++ logit("Skipping %s key in FIPS mode", ++ key_types[i].key_type_display); ++ goto next; ++ } ++ + printf("%s ", key_types[i].key_type_display); + fflush(stdout); +- type = sshkey_type_from_name(key_types[i].key_type); + if ((fd = mkstemp(prv_tmp)) == -1) { + error("Could not save your private key in %s: %s", + prv_tmp, strerror(errno)); +diff --git a/ssh-rsa.c b/ssh-rsa.c +index 88a98fd..17662be 100644 +--- a/ssh-rsa.c ++++ b/ssh-rsa.c +@@ -25,6 +25,7 @@ + #include + #include + #include ++#include + + #include + #include +@@ -162,6 +163,8 @@ ssh_rsa_generate(struct sshkey *k, int bits) + goto out; + + if (EVP_PKEY_keygen(ctx, &res) <= 0) { ++ if (FIPS_mode()) ++ logit_f("the key length might be unsupported by FIPS mode approved key generation method"); + ret = SSH_ERR_LIBCRYPTO_ERROR; + goto out; + } +diff --git a/ssh.c b/ssh.c +index 4caa6e1..d144a25 100644 +--- a/ssh.c ++++ b/ssh.c +@@ -77,6 +77,7 @@ + #include + #include + #endif ++#include + #include "openbsd-compat/openssl-compat.h" + #include "openbsd-compat/sys-queue.h" + +@@ -1564,6 +1565,10 @@ main(int ac, char **av) + exit(0); + } + ++ if (FIPS_mode()) { ++ debug("FIPS mode initialized"); ++ } ++ + /* Expand SecurityKeyProvider if it refers to an environment variable */ + if (options.sk_provider != NULL && *options.sk_provider == '$' && + strlen(options.sk_provider) > 1) { +diff --git a/sshconnect2.c b/sshconnect2.c +index 1e217e4..1d72a91 100644 +--- a/sshconnect2.c ++++ b/sshconnect2.c +@@ -45,6 +45,8 @@ + #include + #endif + ++#include ++ + #include "openbsd-compat/sys-queue.h" + + #include "xmalloc.h" +@@ -276,36 +278,41 @@ ssh_kex2(struct ssh *ssh, char *host, struct sockaddr *hostaddr, u_short port, + + #if defined(GSSAPI) && defined(WITH_OPENSSL) + if (options.gss_keyex) { +- /* Add the GSSAPI mechanisms currently supported on this +- * client to the key exchange algorithm proposal */ +- orig = myproposal[PROPOSAL_KEX_ALGS]; +- +- if (options.gss_server_identity) { +- gss_host = xstrdup(options.gss_server_identity); +- } else if (options.gss_trust_dns) { +- gss_host = remote_hostname(ssh); +- /* Fall back to specified host if we are using proxy command +- * and can not use DNS on that socket */ +- if (strcmp(gss_host, "UNKNOWN") == 0) { +- free(gss_host); ++ if (FIPS_mode()) { ++ logit("Disabling GSSAPIKeyExchange. Not usable in FIPS mode"); ++ options.gss_keyex = 0; ++ } else { ++ /* Add the GSSAPI mechanisms currently supported on this ++ * client to the key exchange algorithm proposal */ ++ orig = myproposal[PROPOSAL_KEX_ALGS]; ++ ++ if (options.gss_server_identity) { ++ gss_host = xstrdup(options.gss_server_identity); ++ } else if (options.gss_trust_dns) { ++ gss_host = remote_hostname(ssh); ++ /* Fall back to specified host if we are using proxy command ++ * and can not use DNS on that socket */ ++ if (strcmp(gss_host, "UNKNOWN") == 0) { ++ free(gss_host); ++ gss_host = xstrdup(host); ++ } ++ } else { + gss_host = xstrdup(host); + } +- } else { +- gss_host = xstrdup(host); +- } + +- gss = ssh_gssapi_client_mechanisms(gss_host, +- options.gss_client_identity, options.gss_kex_algorithms); +- if (gss) { +- debug("Offering GSSAPI proposal: %s", gss); +- xasprintf(&myproposal[PROPOSAL_KEX_ALGS], +- "%s,%s", gss, orig); +- +- /* If we've got GSSAPI algorithms, then we also support the +- * 'null' hostkey, as a last resort */ +- orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; +- xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], +- "%s,null", orig); ++ gss = ssh_gssapi_client_mechanisms(gss_host, ++ options.gss_client_identity, options.gss_kex_algorithms); ++ if (gss) { ++ debug("Offering GSSAPI proposal: %s", gss); ++ xasprintf(&myproposal[PROPOSAL_KEX_ALGS], ++ "%s,%s", gss, orig); ++ ++ /* If we've got GSSAPI algorithms, then we also support the ++ * 'null' hostkey, as a last resort */ ++ orig = myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]; ++ xasprintf(&myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS], ++ "%s,null", orig); ++ } + } + } + #endif +diff --git a/sshd.c b/sshd.c +index 595e44a..f49e2e5 100644 +--- a/sshd.c ++++ b/sshd.c +@@ -69,6 +69,7 @@ + #endif + #include + #include ++#include + #include + #include + #include +@@ -80,6 +81,7 @@ + #include + #include + #include ++#include + #include "openbsd-compat/openssl-compat.h" + #endif + +@@ -1665,6 +1667,7 @@ main(int ac, char **av) + sigemptyset(&sigmask); + sigprocmask(SIG_SETMASK, &sigmask, NULL); + ++ OpenSSL_add_all_algorithms(); + /* Save argv. Duplicate so setproctitle emulation doesn't clobber it */ + saved_argc = ac; + rexec_argc = ac; +@@ -2160,6 +2163,10 @@ main(int ac, char **av) + /* Reinitialize the log (because of the fork above). */ + log_init(__progname, options.log_level, options.log_facility, log_stderr); + ++ if (FIPS_mode()) { ++ debug("FIPS mode initialized"); ++ } ++ + /* + * Chdir to the root directory so that the current disk can be + * unmounted if desired. +@@ -2535,10 +2542,14 @@ do_ssh2_kex(struct ssh *ssh) + if (strlen(myproposal[PROPOSAL_SERVER_HOST_KEY_ALGS]) == 0) + orig = NULL; + +- if (options.gss_keyex) +- gss = ssh_gssapi_server_mechanisms(); +- else +- gss = NULL; ++ if (options.gss_keyex) { ++ if (FIPS_mode()) { ++ logit("Disabling GSSAPIKeyExchange. Not usable in FIPS mode"); ++ options.gss_keyex = 0; ++ } else { ++ gss = ssh_gssapi_server_mechanisms(); ++ } ++ } + + if (gss && orig) + xasprintf(&newstr, "%s,%s", gss, orig); +diff --git a/sshkey.c b/sshkey.c +index 1aee244..be2c399 100644 +--- a/sshkey.c ++++ b/sshkey.c +@@ -34,6 +34,7 @@ + #include + #include + #include ++#include + #include + #include + #endif +-- +2.33.0 + diff --git a/backport-upstream-Do-not-apply-authorized_keys-options-when-signature.patch b/backport-upstream-Do-not-apply-authorized_keys-options-when-signature.patch new file mode 100644 index 0000000000000000000000000000000000000000..3c71a47bacca4bfea51dd1a2f67bcc84821c6b88 --- /dev/null +++ b/backport-upstream-Do-not-apply-authorized_keys-options-when-signature.patch @@ -0,0 +1,29 @@ +From 62bbf8f825cc390ecb0523752ddac1435006f206 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Sun, 15 Sep 2024 00:41:18 +0000 +Subject: [PATCH] upstream: Do not apply authorized_keys options when signature + verification fails. Prevents restrictive key options being incorrectly + applied to subsequent keys in authorized_keys. + +Conflict:NA +Reference:https://anongit.mindrot.org/openssh.git/commit/62bbf8f825cc390ecb0523752ddac1435006f206 +--- + monitor.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/monitor.c b/monitor.c +index ceeb035..a2647fd 100644 +--- a/monitor.c ++++ b/monitor.c +@@ -1564,7 +1564,7 @@ mm_answer_keyverify(struct ssh *ssh, int sock, struct sshbuf *m) + } + auth2_record_key(authctxt, ret == 0, key); + +- if (key_blobtype == MM_USERKEY) ++ if (key_blobtype == MM_USERKEY && ret == 0) + auth_activate_options(ssh, key_opts); + monitor_reset_key_state(); + +-- +2.43.0 + diff --git a/backport-upstream-Fix-proxy-multiplexing-O-proxy-bug.patch b/backport-upstream-Fix-proxy-multiplexing-O-proxy-bug.patch new file mode 100644 index 0000000000000000000000000000000000000000..1acb3a9d62a12c5a987205d2f6b11f119b6e81b4 --- /dev/null +++ b/backport-upstream-Fix-proxy-multiplexing-O-proxy-bug.patch @@ -0,0 +1,157 @@ +From 29fb6f6d46b67770084b4f12bcf8a01bd535041b Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Thu, 25 Jul 2024 22:40:08 +0000 +Subject: [PATCH] upstream: Fix proxy multiplexing (-O proxy) bug + + If a mux started with ControlPersist then later has a forwarding added using + mux proxy connection and the forwarding was used, then when the mux proxy + session terminates, the mux master process will send a channel close to the + server with a bad channel ID and crash the connection. + + This was caused by my stupidly reusing c->remote_id for mux channel + associations when I should have just added another member to struct channel. + +OpenBSD-Commit-ID: c9f474e0124e3fe456c5e43749b97d75e65b82b2 +Reference:https://anongit.mindrot.org/openssh.git/commit/29fb6f6d46b67770084b4f12bcf8a01bd535041b +Conflict:NA +--- + channels.c | 6 ++++-- + channels.h | 2 ++ + mux.c | 26 +++++++++++++------------- + nchan.c | 4 +++- + 4 files changed, 22 insertions(+), 16 deletions(-) + +diff --git a/channels.c b/channels.c +index 2c0aa65..02f5441 100644 +--- a/channels.c ++++ b/channels.c +@@ -964,14 +964,16 @@ channel_format_status(const Channel *c) + { + char *ret = NULL; + +- xasprintf(&ret, "t%d [%s] %s%u i%u/%zu o%u/%zu e[%s]/%zu " +- "fd %d/%d/%d sock %d cc %d io 0x%02x/0x%02x", ++ xasprintf(&ret, "t%d [%s] %s%u %s%u i%u/%zu o%u/%zu e[%s]/%zu " ++ "fd %d/%d/%d sock %d cc %d %s%u io 0x%02x/0x%02x", + c->type, c->xctype != NULL ? c->xctype : c->ctype, + c->have_remote_id ? "r" : "nr", c->remote_id, ++ c->mux_ctx != NULL ? "m" : "nm", c->mux_downstream_id, + c->istate, sshbuf_len(c->input), + c->ostate, sshbuf_len(c->output), + channel_format_extended_usage(c), sshbuf_len(c->extended), + c->rfd, c->wfd, c->efd, c->sock, c->ctl_chan, ++ c->have_ctl_child_id ? "c" : "nc", c->ctl_child_id, + c->io_want, c->io_ready); + return ret; + } +diff --git a/channels.h b/channels.h +index 7e59914..f3dd87d 100644 +--- a/channels.h ++++ b/channels.h +@@ -140,6 +140,8 @@ struct Channel { + u_int io_ready; /* bitmask of SSH_CHAN_IO_* */ + int pfds[4]; /* pollfd entries for rfd/wfd/efd/sock */ + int ctl_chan; /* control channel (multiplexed connections) */ ++ uint32_t ctl_child_id; /* child session for mux controllers */ ++ int have_ctl_child_id; /* non-zero if ctl_child_id is valid */ + int isatty; /* rfd is a tty */ + #ifdef _AIX + int wfd_isatty; /* wfd is a tty */ +diff --git a/mux.c b/mux.c +index b3ffde9..f391892 100644 +--- a/mux.c ++++ b/mux.c +@@ -199,8 +199,8 @@ mux_master_session_cleanup_cb(struct ssh *ssh, int cid, int force, void *unused) + fatal_f("channel %d missing control channel %d", + c->self, c->ctl_chan); + c->ctl_chan = -1; +- cc->remote_id = 0; +- cc->have_remote_id = 0; ++ cc->ctl_child_id = 0; ++ cc->have_ctl_child_id = 0; + chan_rcvd_oclose(ssh, cc); + } + channel_cancel_cleanup(ssh, c->self); +@@ -215,12 +215,12 @@ mux_master_control_cleanup_cb(struct ssh *ssh, int cid, int force, void *unused) + debug3_f("entering for channel %d", cid); + if (c == NULL) + fatal_f("channel_by_id(%i) == NULL", cid); +- if (c->have_remote_id) { +- if ((sc = channel_by_id(ssh, c->remote_id)) == NULL) ++ if (c->have_ctl_child_id) { ++ if ((sc = channel_by_id(ssh, c->ctl_child_id)) == NULL) + fatal_f("channel %d missing session channel %u", +- c->self, c->remote_id); +- c->remote_id = 0; +- c->have_remote_id = 0; ++ c->self, c->ctl_child_id); ++ c->ctl_child_id = 0; ++ c->have_ctl_child_id = 0; + sc->ctl_chan = -1; + if (sc->type != SSH_CHANNEL_OPEN && + sc->type != SSH_CHANNEL_OPENING) { +@@ -416,7 +416,7 @@ mux_master_process_new_session(struct ssh *ssh, u_int rid, + new_fd[0], new_fd[1], new_fd[2]); + + /* XXX support multiple child sessions in future */ +- if (c->have_remote_id) { ++ if (c->have_ctl_child_id) { + debug2_f("session already open"); + reply_error(reply, MUX_S_FAILURE, rid, + "Multiple sessions not supported"); +@@ -461,8 +461,8 @@ mux_master_process_new_session(struct ssh *ssh, u_int rid, + CHAN_EXTENDED_WRITE, "client-session", CHANNEL_NONBLOCK_STDIO); + + nc->ctl_chan = c->self; /* link session -> control channel */ +- c->remote_id = nc->self; /* link control -> session channel */ +- c->have_remote_id = 1; ++ c->ctl_child_id = nc->self; /* link control -> session channel */ ++ c->have_ctl_child_id = 1; + + if (cctx->want_tty && escape_char != 0xffffffff) { + channel_register_filter(ssh, nc->self, +@@ -992,7 +992,7 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid, + debug3_f("got fds stdin %d, stdout %d", new_fd[0], new_fd[1]); + + /* XXX support multiple child sessions in future */ +- if (c->have_remote_id) { ++ if (c->have_ctl_child_id) { + debug2_f("session already open"); + reply_error(reply, MUX_S_FAILURE, rid, + "Multiple sessions not supported"); +@@ -1019,8 +1019,8 @@ mux_master_process_stdio_fwd(struct ssh *ssh, u_int rid, + free(chost); + + nc->ctl_chan = c->self; /* link session -> control channel */ +- c->remote_id = nc->self; /* link control -> session channel */ +- c->have_remote_id = 1; ++ c->ctl_child_id = nc->self; /* link control -> session channel */ ++ c->have_ctl_child_id = 1; + + debug2_f("channel_new: %d control %d", nc->self, nc->ctl_chan); + +diff --git a/nchan.c b/nchan.c +index d33426f..715feeb 100644 +--- a/nchan.c ++++ b/nchan.c +@@ -208,7 +208,7 @@ chan_send_close2(struct ssh *ssh, Channel *c) + { + int r; + +- debug2("channel %d: send close", c->self); ++ debug2("channel %d: send close2", c->self); + if (c->ostate != CHAN_OUTPUT_CLOSED || + c->istate != CHAN_INPUT_CLOSED) { + error("channel %d: cannot send close for istate/ostate %d/%d", +@@ -218,6 +218,8 @@ chan_send_close2(struct ssh *ssh, Channel *c) + } else { + if (!c->have_remote_id) + fatal_f("channel %d: no remote_id", c->self); ++ debug2("channel %d: send close for remote id %u", c->self, ++ c->remote_id); + if ((r = sshpkt_start(ssh, SSH2_MSG_CHANNEL_CLOSE)) != 0 || + (r = sshpkt_put_u32(ssh, c->remote_id)) != 0 || + (r = sshpkt_send(ssh)) != 0) +-- +2.43.0 + diff --git a/backport-upstream-Make-sure-sftp_get_limits-only-returns-0-if.patch b/backport-upstream-Make-sure-sftp_get_limits-only-returns-0-if.patch new file mode 100644 index 0000000000000000000000000000000000000000..75a704e7c7b419ff6f7bb81300e51b1a2d841149 --- /dev/null +++ b/backport-upstream-Make-sure-sftp_get_limits-only-returns-0-if.patch @@ -0,0 +1,42 @@ +From 676377ce67807a24e08a54cd60ec832946cc6cae Mon Sep 17 00:00:00 2001 +From: "tobhe@openbsd.org" +Date: Mon, 13 Nov 2023 09:18:19 +0000 +Subject: [PATCH] upstream: Make sure sftp_get_limits() only returns 0 if + 'limits' + +was initialized. This fixes a potential uninitialized use of 'limits' in +sftp_init() if sftp_get_limits() returned early because of an unexpected +message type. + +ok djm@ + +OpenBSD-Commit-ID: 1c177d7c3becc1d71bc8763eecf61873a1d3884c + +Reference:https://github.com/openssh/openssh-portable/commit/676377ce67807a24e08a54cd60ec832946cc6cae +Conflict:2de990142(Rename do_limits to sftp_get_limits) +--- + sftp-client.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sftp-client.c b/sftp-client.c +index 2598029f7..5cc8bb539 100644 +--- a/sftp-client.c ++++ b/sftp-client.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: sftp-client.c,v 1.169 2023/03/08 04:43:12 guenther Exp $ */ ++/* $OpenBSD: sftp-client.c,v 1.175 2023/11/13 09:18:19 tobhe Exp $ */ + /* + * Copyright (c) 2001-2004 Damien Miller + * +@@ -656,7 +656,7 @@ do_limits(struct sftp_conn *conn, struct sftp_limits *limits) + /* Disable the limits extension */ + conn->exts &= ~SFTP_EXT_LIMITS; + sshbuf_free(msg); +- return 0; ++ return -1; + } + + memset(limits, 0, sizeof(*limits)); +-- +2.33.0 + diff --git a/backport-upstream-ensure-key_fd-is-filled-when-DSA-is-disable.patch b/backport-upstream-ensure-key_fd-is-filled-when-DSA-is-disable.patch new file mode 100644 index 0000000000000000000000000000000000000000..1a01f348633c79444d659fff0644301c9d1affd0 --- /dev/null +++ b/backport-upstream-ensure-key_fd-is-filled-when-DSA-is-disable.patch @@ -0,0 +1,39 @@ +From f9311e8921d92c5efca767227a497ab63280ac39 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Thu, 11 Jan 2024 01:51:16 +0000 +Subject: upstream: ensure key_fd is filled when DSA is disabled; spotted by + +tb@ + +OpenBSD-Commit-ID: 9dd417b6eec3cf67e870f147464a8d93f076dce7 + +Reference:https://anongit.mindrot.org/openssh.git/patch/?id=f9311e8921d92c5efca767227a497ab63280ac39 +Conflict:4e838120a759(upstream: make DSA key support compile-time optional) +--- + ssh-keysign.c | 5 ++++- + 1 files changed, 4 insertions(+), 1 deletion(-) + create mode 100644 ssh-keysign.c.rej + +diff --git a/ssh-keysign.c b/ssh-keysign.c +index 8b3c9a2..d4f9fd9 100644 +--- a/ssh-keysign.c ++++ b/ssh-keysign.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: ssh-keysign.c,v 1.71 2022/08/01 11:09:26 djm Exp $ */ ++/* $OpenBSD: ssh-keysign.c,v 1.73 2024/01/11 01:51:16 djm Exp $ */ + /* + * Copyright (c) 2002 Markus Friedl. All rights reserved. + * +@@ -186,6 +186,9 @@ main(int argc, char **argv) + if (fd > 2) + close(fd); + ++ for (i = 0; i < NUM_KEYTYPES; i++) ++ key_fd[i] = -1; ++ + i = 0; + /* XXX This really needs to read sshd_config for the paths */ + key_fd[i++] = open(_PATH_HOST_DSA_KEY_FILE, O_RDONLY); +-- +2.33.0 + diff --git a/backport-upstream-fix-memory-leak-in-mux-proxy-mode-when-requ.patch b/backport-upstream-fix-memory-leak-in-mux-proxy-mode-when-requ.patch new file mode 100644 index 0000000000000000000000000000000000000000..83a9f99363b2df8b5699c434365ac456ac874e26 --- /dev/null +++ b/backport-upstream-fix-memory-leak-in-mux-proxy-mode-when-requ.patch @@ -0,0 +1,41 @@ +From c47e1c9c7911f38b2fc2fb01b1f6ae3a3121a838 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 6 Mar 2024 02:59:59 +0000 +Subject: [PATCH] upstream: fix memory leak in mux proxy mode when requesting + forwarding. + +found by RASU JSC, reported by Maks Mishin in GHPR#467 + +OpenBSD-Commit-ID: 97d96a166b1ad4b8d229864a553e3e56d3116860 + +Reference:https://github.com/openssh/openssh-portable/commit/c47e1c9c7911f38b2fc2fb01b1f6ae3a3121a838 +Conflict:NA +--- + channels.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/channels.c b/channels.c +index 6862556be..ece8d30d6 100644 +--- a/channels.c ++++ b/channels.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: channels.c,v 1.430 2023/03/10 03:01:51 dtucker Exp $ */ ++/* $OpenBSD: channels.c,v 1.437 2024/03/06 02:59:59 djm Exp $ */ + /* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -3245,9 +3245,8 @@ channel_proxy_downstream(struct ssh *ssh, Channel *downstream) + goto out; + } + /* Record that connection to this host/port is permitted. */ +- permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "", -1, +- listen_host, NULL, (int)listen_port, downstream); +- listen_host = NULL; ++ permission_set_add(ssh, FORWARD_USER, FORWARD_LOCAL, "", ++ -1, listen_host, NULL, (int)listen_port, downstream); + break; + case SSH2_MSG_CHANNEL_CLOSE: + if (have < 4) +-- +2.33.0 + diff --git a/backport-upstream-make-parsing-user-host-consistently-look-for-the-last-in.patch b/backport-upstream-make-parsing-user-host-consistently-look-for-the-last-in.patch new file mode 100644 index 0000000000000000000000000000000000000000..0955217f434146316713cefa5fbd6c3e6c285d80 --- /dev/null +++ b/backport-upstream-make-parsing-user-host-consistently-look-for-the-last-in.patch @@ -0,0 +1,56 @@ +From a8ad7a2952111c6ce32949a775df94286550af6b Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Fri, 6 Sep 2024 02:30:44 +0000 +Subject: [PATCH] upstream: make parsing user@host consistently look for the + last '@' in the string rather than the first. This makes it possible to + use usernames that contain '@' characters. + +Conflict:NA +Reference:https://anongit.mindrot.org/openssh.git/commit/a8ad7a2952111c6ce32949a775df94286550af6b + +--- + match.c | 6 +++--- + ssh-add.c | 2 +- + 2 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/match.c b/match.c +index 3ac854d..b9a8225 100644 +--- a/match.c ++++ b/match.c +@@ -241,17 +241,17 @@ match_user(const char *user, const char *host, const char *ipaddr, + + /* test mode */ + if (user == NULL && host == NULL && ipaddr == NULL) { +- if ((p = strchr(pattern, '@')) != NULL && ++ if ((p = strrchr(pattern, '@')) != NULL && + match_host_and_ip(NULL, NULL, p + 1) < 0) + return -1; + return 0; + } + +- if ((p = strchr(pattern, '@')) == NULL) ++ if (strrchr(pattern, '@') == NULL) + return match_pattern(user, pattern); + + pat = xstrdup(pattern); +- p = strchr(pat, '@'); ++ p = strrchr(pat, '@'); + *p++ = '\0'; + + if ((ret = match_pattern(user, pat)) == 1) +diff --git a/ssh-add.c b/ssh-add.c +index 8cba0a7..2b081d6 100644 +--- a/ssh-add.c ++++ b/ssh-add.c +@@ -712,7 +712,7 @@ parse_dest_constraint_hop(const char *s, struct dest_constraint_hop *dch, + + memset(dch, '\0', sizeof(*dch)); + os = xstrdup(s); +- if ((host = strchr(os, '@')) == NULL) ++ if ((host = strrchr(os, '@')) == NULL) + host = os; + else { + *host++ = '\0'; +-- +2.43.0 + diff --git a/backport-upstream-set-errno-EAFNOSUPPORT-when-filtering-addre.patch b/backport-upstream-set-errno-EAFNOSUPPORT-when-filtering-addre.patch new file mode 100644 index 0000000000000000000000000000000000000000..2ba8172bf4451ab833318710e33de271753f5c4c --- /dev/null +++ b/backport-upstream-set-errno-EAFNOSUPPORT-when-filtering-addre.patch @@ -0,0 +1,39 @@ +From c52db0114826d73eff6cdbf205e9c1fa4f7ca6c6 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Mon, 20 Nov 2023 02:50:00 +0000 +Subject: [PATCH] upstream: set errno=EAFNOSUPPORT when filtering addresses + that don't + +match AddressFamily; yields slightly better error message if no address +matches. bz#3526 + +OpenBSD-Commit-ID: 29cea900ddd8b04a4d1968da5c4a893be2ebd9e6 + +Reference:https://github.com/openssh/openssh-portable/commit/c52db0114826d73eff6cdbf205e9c1fa4f7ca6c6 +Conflict:NA +--- + sshconnect.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sshconnect.c b/sshconnect.c +index ff3d3501f..bd077c75c 100644 +--- a/sshconnect.c ++++ b/sshconnect.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: sshconnect.c,v 1.364 2023/11/15 23:03:38 djm Exp $ */ ++/* $OpenBSD: sshconnect.c,v 1.365 2023/11/20 02:50:00 djm Exp $ */ + /* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -485,7 +485,7 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, + ai->ai_family != options.address_family) { + debug2_f("skipping address [%s]:%s: " + "wrong address family", ntop, strport); +- errno = 0; ++ errno = EAFNOSUPPORT; + continue; + } + +-- +2.33.0 + diff --git a/backport-upstream-some-extra-paranoia.patch b/backport-upstream-some-extra-paranoia.patch new file mode 100644 index 0000000000000000000000000000000000000000..bdbdef3baa8f12a2f8474998f157c2fbc2b4b762 --- /dev/null +++ b/backport-upstream-some-extra-paranoia.patch @@ -0,0 +1,30 @@ +From 9517cc58577f85a0ba5f8bb46778dff625f0688f Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Tue, 24 Sep 2024 02:28:17 +0000 +Subject: [PATCH] upstream: some extra paranoia, reminded by jsg@ + +Conflict:NA +Reference:https://anongit.mindrot.org/openssh.git/commit/9517cc58577f85a0ba5f8bb46778dff625f0688f + +--- + ssh-agent.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/ssh-agent.c b/ssh-agent.c +index cc58e6e..3d685e9 100644 +--- a/ssh-agent.c ++++ b/ssh-agent.c +@@ -1578,6 +1578,10 @@ process_ext_session_bind(SocketEntry *e) + error_fr(r, "parse"); + goto out; + } ++ if (sshbuf_len(sid) > AGENT_MAX_SID_LEN) { ++ error_f("session ID too long"); ++ goto out; ++ } + if ((fp = sshkey_fingerprint(key, SSH_FP_HASH_DEFAULT, + SSH_FP_DEFAULT)) == NULL) + fatal_f("fingerprint failed"); +-- +2.43.0 + diff --git a/backport-upstream-when-connecting-via-socket-the-default-case.patch b/backport-upstream-when-connecting-via-socket-the-default-case.patch new file mode 100644 index 0000000000000000000000000000000000000000..d026ccf055aff864e55983e37ec2e56bf7ff7741 --- /dev/null +++ b/backport-upstream-when-connecting-via-socket-the-default-case.patch @@ -0,0 +1,46 @@ +From 26f3f3bbc69196d908cad6558c8c7dc5beb8d74a Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 15 Nov 2023 23:03:38 +0000 +Subject: [PATCH] upstream: when connecting via socket (the default case), + filter + +addresses by AddressFamily if one was specified. Fixes the case where, if +CanonicalizeHostname is enabled, ssh may ignore AddressFamily. bz5326; ok +dtucker + +OpenBSD-Commit-ID: 6c7d7751f6cd055126b2b268a7b64dcafa447439 + +Reference:https://github.com/openssh/openssh-portable/commit/26f3f3bbc69196d908cad6558c8c7dc5beb8d74a +Conflict:NA +--- + sshconnect.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/sshconnect.c b/sshconnect.c +index e6012f01e..ff3d3501f 100644 +--- a/sshconnect.c ++++ b/sshconnect.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: sshconnect.c,v 1.363 2023/03/10 07:17:08 dtucker Exp $ */ ++/* $OpenBSD: sshconnect.c,v 1.364 2023/11/15 23:03:38 djm Exp $ */ + /* + * Author: Tatu Ylonen + * Copyright (c) 1995 Tatu Ylonen , Espoo, Finland +@@ -481,6 +481,14 @@ ssh_connect_direct(struct ssh *ssh, const char *host, struct addrinfo *aitop, + errno = oerrno; + continue; + } ++ if (options.address_family != AF_UNSPEC && ++ ai->ai_family != options.address_family) { ++ debug2_f("skipping address [%s]:%s: " ++ "wrong address family", ntop, strport); ++ errno = 0; ++ continue; ++ } ++ + debug("Connecting to %.200s [%.100s] port %s.", + host, ntop, strport); + +-- +2.33.0 + diff --git a/backport-upstream-when-invoking-KnownHostsCommand-to-determin.patch b/backport-upstream-when-invoking-KnownHostsCommand-to-determin.patch new file mode 100644 index 0000000000000000000000000000000000000000..e727a7cfbd5ef2c2c1c697e95963ad7a30ad6f09 --- /dev/null +++ b/backport-upstream-when-invoking-KnownHostsCommand-to-determin.patch @@ -0,0 +1,44 @@ +From aa7b21708511a6d4aed3839fc9f6e82e849dd4a1 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" +Date: Wed, 13 Dec 2023 03:28:19 +0000 +Subject: [PATCH] upstream: when invoking KnownHostsCommand to determine the + order of + +host key algorithms to request, ensure that the hostname passed to the +command is decorated with the port number for ports other than 22. + +This matches the behaviour of KnownHostsCommand when invoked to look +up the actual host key. + +bz3643, ok dtucker@ + +OpenBSD-Commit-ID: 5cfabc0b7c6c7ab473666df314f377b1f15420b1 + +Reference:https://github.com/openssh/openssh-portable/commit/aa7b21708511a6d4aed3839fc9f6e82e849dd4a1 +Conflict:NA +--- + sshconnect2.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/sshconnect2.c b/sshconnect2.c +index 5831a00c6..df6caf817 100644 +--- a/sshconnect2.c ++++ b/sshconnect2.c +@@ -1,4 +1,4 @@ +-/* $OpenBSD: sshconnect2.c,v 1.370 2023/12/18 14:45:17 djm Exp $ */ ++/* $OpenBSD: sshconnect2.c,v 1.369 2023/12/13 03:28:19 djm Exp $ */ + /* + * Copyright (c) 2000 Markus Friedl. All rights reserved. + * Copyright (c) 2008 Damien Miller. All rights reserved. +@@ -140,7 +140,7 @@ order_hostkeyalgs(char *host, struct sockaddr *hostaddr, u_short port, + } + if (options.known_hosts_command != NULL) { + load_hostkeys_command(hostkeys, options.known_hosts_command, +- "ORDER", cinfo, NULL, host); ++ "ORDER", cinfo, NULL, hostname); + } + /* + * If a plain public key exists that matches the type of the best +-- +2.33.0 + diff --git a/openssh.spec b/openssh.spec index 50b2c374d06d49eb503ec60952c3d3fb7b9b1b68..f8d9b0549429e9e5e57701f124e49f46c9004ee9 100644 --- a/openssh.spec +++ b/openssh.spec @@ -6,7 +6,7 @@ %{?no_gtk2:%global gtk2 0} %global sshd_uid 74 -%global openssh_release 5 +%global openssh_release 6 Name: openssh Version: 9.3p2 @@ -101,6 +101,19 @@ Patch78: backport-CVE-2023-48795-upstream-implement-strict-key-exchange-i Patch79: backport-CVE-2023-51385-upstream-ban-user-hostnames-with-most-shell-metachar.patch Patch80: backport-fix-CVE-2024-6387.patch Patch81: backport-CVE-2023-51384-upstream-apply-destination-constraints-to-all-p11-ke.patch +Patch82: backport-upstream-Make-sure-sftp_get_limits-only-returns-0-if.patch +Patch83: backport-upstream-when-connecting-via-socket-the-default-case.patch +Patch84: backport-upstream-set-errno-EAFNOSUPPORT-when-filtering-addre.patch +Patch85: backport-upstream-when-invoking-KnownHostsCommand-to-determin.patch +Patch86: backport-upstream-ensure-key_fd-is-filled-when-DSA-is-disable.patch +Patch87: backport-upstream-fix-memory-leak-in-mux-proxy-mode-when-requ.patch +Patch88: backport-openssh-7.7p1-fips.patch +Patch89: backport-CVE-2021-36368-added-option-to-disable-trivial-auth.patch +Patch90: backport-upstream-Fix-proxy-multiplexing-O-proxy-bug.patch +Patch91: backport-openssh-6.6p1-keyperm.patch +Patch92: backport-upstream-make-parsing-user-host-consistently-look-for-the-last-in.patch +Patch93: backport-upstream-Do-not-apply-authorized_keys-options-when-signature.patch +Patch94: backport-upstream-some-extra-paranoia.patch Requires: /sbin/nologin Requires: libselinux >= 2.3-5 audit-libs >= 1.0.8 @@ -251,6 +264,19 @@ popd %patch79 -p1 %patch80 -p1 %patch81 -p1 +%patch82 -p1 +%patch83 -p1 +%patch84 -p1 +%patch85 -p1 +%patch86 -p1 +%patch87 -p1 +%patch88 -p1 +%patch89 -p1 +%patch90 -p1 +%patch91 -p1 +%patch92 -p1 +%patch93 -p1 +%patch94 -p1 autoreconf pushd pam_ssh_agent_auth-pam_ssh_agent_auth-0.10.4 @@ -467,6 +493,12 @@ getent passwd sshd >/dev/null || \ %attr(0644,root,root) %{_mandir}/man8/sftp-server.8* %changelog +* Tue Oct 29 2024 bitianyuan - 9.3p2-6 +- Type:bugfix +- ID:NA +- SUG:NA +- DESC:backport some upstream patches + * Fri Jul 12 2024 renmingshuai - 9.3p2-5 - Type:CVE - CVE:CVE-2023-51384