gnu: openssh: Update to 7.3p1.
* gnu/packages/ssh.scm (openssh): Update to 7.3p1. [source]: Remove patches. * gnu/packages/patches/openssh-CVE-2015-8325.patch, gnu/packages/patches/openssh-CVE-2016-6210-1.patch, gnu/packages/patches/openssh-CVE-2016-6210-2.patch, gnu/packages/patches/openssh-CVE-2016-6210-3.patch: Delete files. * gnu/local.mk (dist_patch_DATA): Remove them.
This commit is contained in:
parent
660e005c21
commit
742effef56
|
@ -694,10 +694,6 @@ dist_patch_DATA = \
|
|||
%D%/packages/patches/openexr-missing-samples.patch \
|
||||
%D%/packages/patches/openjpeg-CVE-2015-6581.patch \
|
||||
%D%/packages/patches/openjpeg-use-after-free-fix.patch \
|
||||
%D%/packages/patches/openssh-CVE-2015-8325.patch \
|
||||
%D%/packages/patches/openssh-CVE-2016-6210-1.patch \
|
||||
%D%/packages/patches/openssh-CVE-2016-6210-2.patch \
|
||||
%D%/packages/patches/openssh-CVE-2016-6210-3.patch \
|
||||
%D%/packages/patches/openssl-runpath.patch \
|
||||
%D%/packages/patches/openssl-c-rehash-in.patch \
|
||||
%D%/packages/patches/openssl-CVE-2016-2177.patch \
|
||||
|
|
|
@ -1,31 +0,0 @@
|
|||
From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
|
||||
From: Damien Miller <djm@mindrot.org>
|
||||
Date: Wed, 13 Apr 2016 10:39:57 +1000
|
||||
Subject: ignore PAM environment vars when UseLogin=yes
|
||||
|
||||
If PAM is configured to read user-specified environment variables
|
||||
and UseLogin=yes in sshd_config, then a hostile local user may
|
||||
attack /bin/login via LD_PRELOAD or similar environment variables
|
||||
set via PAM.
|
||||
|
||||
CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
|
||||
---
|
||||
session.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/session.c b/session.c
|
||||
index 4859245..4653b09 100644
|
||||
--- a/session.c
|
||||
+++ b/session.c
|
||||
@@ -1322,7 +1322,7 @@ do_setup_env(Session *s, const char *shell)
|
||||
* Pull in any environment variables that may have
|
||||
* been set by PAM.
|
||||
*/
|
||||
- if (options.use_pam) {
|
||||
+ if (options.use_pam && !options.use_login) {
|
||||
char **p;
|
||||
|
||||
p = fetch_pam_child_environment();
|
||||
--
|
||||
cgit v0.11.2
|
||||
|
|
@ -1,114 +0,0 @@
|
|||
From e5ef9d3942cebda819a6fd81647b51c8d87d23df Mon Sep 17 00:00:00 2001
|
||||
From: Darren Tucker <dtucker@zip.com.au>
|
||||
Date: Fri, 15 Jul 2016 13:32:45 +1000
|
||||
Subject: Determine appropriate salt for invalid users.
|
||||
|
||||
When sshd is processing a non-PAM login for a non-existent user it uses
|
||||
the string from the fakepw structure as the salt for crypt(3)ing the
|
||||
password supplied by the client. That string has a Blowfish prefix, so on
|
||||
systems that don't understand that crypt will fail fast due to an invalid
|
||||
salt, and even on those that do it may have significantly different timing
|
||||
from the hash methods used for real accounts (eg sha512). This allows
|
||||
user enumeration by, eg, sending large password strings. This was noted
|
||||
by EddieEzra.Harari at verint.com (CVE-2016-6210).
|
||||
|
||||
To mitigate, use the same hash algorithm that root uses for hashing
|
||||
passwords for users that do not exist on the system. ok djm@
|
||||
|
||||
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=9286875a73b2de7736b5e50692739d314cd8d9dc
|
||||
Bug-Debian: https://bugs.debian.org/831902
|
||||
Last-Update: 2016-07-22
|
||||
|
||||
Patch-Name: CVE-2016-6210-1.patch
|
||||
---
|
||||
auth-passwd.c | 12 ++++++++----
|
||||
openbsd-compat/xcrypt.c | 34 ++++++++++++++++++++++++++++++++++
|
||||
2 files changed, 42 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/auth-passwd.c b/auth-passwd.c
|
||||
index 63ccf3c..530b5d4 100644
|
||||
--- a/auth-passwd.c
|
||||
+++ b/auth-passwd.c
|
||||
@@ -193,7 +193,7 @@ int
|
||||
sys_auth_passwd(Authctxt *authctxt, const char *password)
|
||||
{
|
||||
struct passwd *pw = authctxt->pw;
|
||||
- char *encrypted_password;
|
||||
+ char *encrypted_password, *salt = NULL;
|
||||
|
||||
/* Just use the supplied fake password if authctxt is invalid */
|
||||
char *pw_password = authctxt->valid ? shadow_pw(pw) : pw->pw_passwd;
|
||||
@@ -202,9 +202,13 @@ sys_auth_passwd(Authctxt *authctxt, const char *password)
|
||||
if (strcmp(pw_password, "") == 0 && strcmp(password, "") == 0)
|
||||
return (1);
|
||||
|
||||
- /* Encrypt the candidate password using the proper salt. */
|
||||
- encrypted_password = xcrypt(password,
|
||||
- (pw_password[0] && pw_password[1]) ? pw_password : "xx");
|
||||
+ /*
|
||||
+ * Encrypt the candidate password using the proper salt, or pass a
|
||||
+ * NULL and let xcrypt pick one.
|
||||
+ */
|
||||
+ if (authctxt->valid && pw_password[0] && pw_password[1])
|
||||
+ salt = pw_password;
|
||||
+ encrypted_password = xcrypt(password, salt);
|
||||
|
||||
/*
|
||||
* Authentication is accepted if the encrypted passwords
|
||||
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
|
||||
index 8577cbd..8913bb8 100644
|
||||
--- a/openbsd-compat/xcrypt.c
|
||||
+++ b/openbsd-compat/xcrypt.c
|
||||
@@ -25,6 +25,7 @@
|
||||
#include "includes.h"
|
||||
|
||||
#include <sys/types.h>
|
||||
+#include <string.h>
|
||||
#include <unistd.h>
|
||||
#include <pwd.h>
|
||||
|
||||
@@ -62,11 +63,44 @@
|
||||
# define crypt DES_crypt
|
||||
# endif
|
||||
|
||||
+/*
|
||||
+ * Pick an appropriate password encryption type and salt for the running
|
||||
+ * system.
|
||||
+ */
|
||||
+static const char *
|
||||
+pick_salt(void)
|
||||
+{
|
||||
+ struct passwd *pw;
|
||||
+ char *passwd, *p;
|
||||
+ size_t typelen;
|
||||
+ static char salt[32];
|
||||
+
|
||||
+ if (salt[0] != '\0')
|
||||
+ return salt;
|
||||
+ strlcpy(salt, "xx", sizeof(salt));
|
||||
+ if ((pw = getpwuid(0)) == NULL)
|
||||
+ return salt;
|
||||
+ passwd = shadow_pw(pw);
|
||||
+ if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL)
|
||||
+ return salt; /* no $, DES */
|
||||
+ typelen = p - passwd + 1;
|
||||
+ strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
|
||||
+ explicit_bzero(passwd, strlen(passwd));
|
||||
+ return salt;
|
||||
+}
|
||||
+
|
||||
char *
|
||||
xcrypt(const char *password, const char *salt)
|
||||
{
|
||||
char *crypted;
|
||||
|
||||
+ /*
|
||||
+ * If we don't have a salt we are encrypting a fake password for
|
||||
+ * for timing purposes. Pick an appropriate salt.
|
||||
+ */
|
||||
+ if (salt == NULL)
|
||||
+ salt = pick_salt();
|
||||
+
|
||||
# ifdef HAVE_MD5_PASSWORDS
|
||||
if (is_md5_salt(salt))
|
||||
crypted = md5_crypt(password, salt);
|
|
@ -1,111 +0,0 @@
|
|||
From dde63f7f998ac3812a26bbb2c1b2947f24fcd060 Mon Sep 17 00:00:00 2001
|
||||
From: Darren Tucker <dtucker@zip.com.au>
|
||||
Date: Fri, 15 Jul 2016 13:49:44 +1000
|
||||
Subject: Mitigate timing of disallowed users PAM logins.
|
||||
|
||||
When sshd decides to not allow a login (eg PermitRootLogin=no) and
|
||||
it's using PAM, it sends a fake password to PAM so that the timing for
|
||||
the failure is not noticeably different whether or not the password
|
||||
is correct. This behaviour can be detected by sending a very long
|
||||
password string which is slower to hash than the fake password.
|
||||
|
||||
Mitigate by constructing an invalid password that is the same length
|
||||
as the one from the client and thus takes the same time to hash.
|
||||
Diff from djm@
|
||||
|
||||
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=283b97ff33ea2c641161950849931bd578de6946
|
||||
Bug-Debian: https://bugs.debian.org/831902
|
||||
Last-Update: 2016-07-22
|
||||
|
||||
Patch-Name: CVE-2016-6210-2.patch
|
||||
---
|
||||
auth-pam.c | 35 +++++++++++++++++++++++++++++++----
|
||||
1 file changed, 31 insertions(+), 4 deletions(-)
|
||||
|
||||
diff --git a/auth-pam.c b/auth-pam.c
|
||||
index 8425af1..abd6a5e 100644
|
||||
--- a/auth-pam.c
|
||||
+++ b/auth-pam.c
|
||||
@@ -232,7 +232,6 @@ static int sshpam_account_status = -1;
|
||||
static char **sshpam_env = NULL;
|
||||
static Authctxt *sshpam_authctxt = NULL;
|
||||
static const char *sshpam_password = NULL;
|
||||
-static char badpw[] = "\b\n\r\177INCORRECT";
|
||||
|
||||
/* Some PAM implementations don't implement this */
|
||||
#ifndef HAVE_PAM_GETENVLIST
|
||||
@@ -810,12 +809,35 @@ sshpam_query(void *ctx, char **name, char **info,
|
||||
return (-1);
|
||||
}
|
||||
|
||||
+/*
|
||||
+ * Returns a junk password of identical length to that the user supplied.
|
||||
+ * Used to mitigate timing attacks against crypt(3)/PAM stacks that
|
||||
+ * vary processing time in proportion to password length.
|
||||
+ */
|
||||
+static char *
|
||||
+fake_password(const char *wire_password)
|
||||
+{
|
||||
+ const char junk[] = "\b\n\r\177INCORRECT";
|
||||
+ char *ret = NULL;
|
||||
+ size_t i, l = wire_password != NULL ? strlen(wire_password) : 0;
|
||||
+
|
||||
+ if (l >= INT_MAX)
|
||||
+ fatal("%s: password length too long: %zu", __func__, l);
|
||||
+
|
||||
+ ret = malloc(l + 1);
|
||||
+ for (i = 0; i < l; i++)
|
||||
+ ret[i] = junk[i % (sizeof(junk) - 1)];
|
||||
+ ret[i] = '\0';
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/* XXX - see also comment in auth-chall.c:verify_response */
|
||||
static int
|
||||
sshpam_respond(void *ctx, u_int num, char **resp)
|
||||
{
|
||||
Buffer buffer;
|
||||
struct pam_ctxt *ctxt = ctx;
|
||||
+ char *fake;
|
||||
|
||||
debug2("PAM: %s entering, %u responses", __func__, num);
|
||||
switch (ctxt->pam_done) {
|
||||
@@ -836,8 +858,11 @@ sshpam_respond(void *ctx, u_int num, char **resp)
|
||||
(sshpam_authctxt->pw->pw_uid != 0 ||
|
||||
options.permit_root_login == PERMIT_YES))
|
||||
buffer_put_cstring(&buffer, *resp);
|
||||
- else
|
||||
- buffer_put_cstring(&buffer, badpw);
|
||||
+ else {
|
||||
+ fake = fake_password(*resp);
|
||||
+ buffer_put_cstring(&buffer, fake);
|
||||
+ free(fake);
|
||||
+ }
|
||||
if (ssh_msg_send(ctxt->pam_psock, PAM_AUTHTOK, &buffer) == -1) {
|
||||
buffer_free(&buffer);
|
||||
return (-1);
|
||||
@@ -1181,6 +1206,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
|
||||
{
|
||||
int flags = (options.permit_empty_passwd == 0 ?
|
||||
PAM_DISALLOW_NULL_AUTHTOK : 0);
|
||||
+ char *fake = NULL;
|
||||
|
||||
if (!options.use_pam || sshpam_handle == NULL)
|
||||
fatal("PAM: %s called when PAM disabled or failed to "
|
||||
@@ -1196,7 +1222,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
|
||||
*/
|
||||
if (!authctxt->valid || (authctxt->pw->pw_uid == 0 &&
|
||||
options.permit_root_login != PERMIT_YES))
|
||||
- sshpam_password = badpw;
|
||||
+ sshpam_password = fake = fake_password(password);
|
||||
|
||||
sshpam_err = pam_set_item(sshpam_handle, PAM_CONV,
|
||||
(const void *)&passwd_conv);
|
||||
@@ -1206,6 +1232,7 @@ sshpam_auth_passwd(Authctxt *authctxt, const char *password)
|
||||
|
||||
sshpam_err = pam_authenticate(sshpam_handle, flags);
|
||||
sshpam_password = NULL;
|
||||
+ free(fake);
|
||||
if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
|
||||
debug("PAM: password authentication accepted for %.100s",
|
||||
authctxt->user);
|
|
@ -1,60 +0,0 @@
|
|||
From abde8dda29c2db2405d6fbca2fe022430e2c1177 Mon Sep 17 00:00:00 2001
|
||||
From: Darren Tucker <dtucker@zip.com.au>
|
||||
Date: Thu, 21 Jul 2016 14:17:31 +1000
|
||||
Subject: Search users for one with a valid salt.
|
||||
|
||||
If the root account is locked (eg password "!!" or "*LK*") keep looking
|
||||
until we find a user with a valid salt to use for crypting passwords of
|
||||
invalid users. ok djm@
|
||||
|
||||
Origin: upstream, https://anongit.mindrot.org/openssh.git/commit/?id=dbf788b4d9d9490a5fff08a7b09888272bb10fcc
|
||||
Bug-Debian: https://bugs.debian.org/831902
|
||||
Last-Update: 2016-07-22
|
||||
|
||||
Patch-Name: CVE-2016-6210-3.patch
|
||||
---
|
||||
openbsd-compat/xcrypt.c | 24 +++++++++++++++---------
|
||||
1 file changed, 15 insertions(+), 9 deletions(-)
|
||||
|
||||
diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
|
||||
index 8913bb8..cf6a9b9 100644
|
||||
--- a/openbsd-compat/xcrypt.c
|
||||
+++ b/openbsd-compat/xcrypt.c
|
||||
@@ -65,7 +65,9 @@
|
||||
|
||||
/*
|
||||
* Pick an appropriate password encryption type and salt for the running
|
||||
- * system.
|
||||
+ * system by searching through accounts until we find one that has a valid
|
||||
+ * salt. Usually this will be root unless the root account is locked out.
|
||||
+ * If we don't find one we return a traditional DES-based salt.
|
||||
*/
|
||||
static const char *
|
||||
pick_salt(void)
|
||||
@@ -78,14 +80,18 @@ pick_salt(void)
|
||||
if (salt[0] != '\0')
|
||||
return salt;
|
||||
strlcpy(salt, "xx", sizeof(salt));
|
||||
- if ((pw = getpwuid(0)) == NULL)
|
||||
- return salt;
|
||||
- passwd = shadow_pw(pw);
|
||||
- if (passwd[0] != '$' || (p = strrchr(passwd + 1, '$')) == NULL)
|
||||
- return salt; /* no $, DES */
|
||||
- typelen = p - passwd + 1;
|
||||
- strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
|
||||
- explicit_bzero(passwd, strlen(passwd));
|
||||
+ setpwent();
|
||||
+ while ((pw = getpwent()) != NULL) {
|
||||
+ passwd = shadow_pw(pw);
|
||||
+ if (passwd[0] == '$' && (p = strrchr(passwd+1, '$')) != NULL) {
|
||||
+ typelen = p - passwd + 1;
|
||||
+ strlcpy(salt, passwd, MIN(typelen, sizeof(salt)));
|
||||
+ explicit_bzero(passwd, strlen(passwd));
|
||||
+ goto out;
|
||||
+ }
|
||||
+ }
|
||||
+ out:
|
||||
+ endpwent();
|
||||
return salt;
|
||||
}
|
||||
|
|
@ -124,7 +124,7 @@ a server that supports the SSH-2 protocol.")
|
|||
(define-public openssh
|
||||
(package
|
||||
(name "openssh")
|
||||
(version "7.2p2")
|
||||
(version "7.3p1")
|
||||
(source (origin
|
||||
(method url-fetch)
|
||||
(uri (let ((tail (string-append name "-" version ".tar.gz")))
|
||||
|
@ -135,11 +135,7 @@ a server that supports the SSH-2 protocol.")
|
|||
(string-append "http://ftp2.fr.openbsd.org/pub/OpenBSD/OpenSSH/portable/"
|
||||
tail))))
|
||||
(sha256 (base32
|
||||
"132lh9aanb0wkisji1d6cmsxi520m8nh7c7i9wi6m1s3l38q29x7"))
|
||||
(patches (search-patches "openssh-CVE-2015-8325.patch"
|
||||
"openssh-CVE-2016-6210-1.patch"
|
||||
"openssh-CVE-2016-6210-2.patch"
|
||||
"openssh-CVE-2016-6210-3.patch"))))
|
||||
"1k5y1wi29d47cgizbryxrhc1fbjsba2x8l5mqfa9b9nadnd9iyrz"))))
|
||||
(build-system gnu-build-system)
|
||||
(inputs `(("groff" ,groff)
|
||||
("openssl" ,openssl)
|
||||
|
|
Loading…
Reference in New Issue