pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/security/openssh openssh: update to 7.6.1.



details:   https://anonhg.NetBSD.org/pkgsrc/rev/6742cb46f399
branches:  trunk
changeset: 369757:6742cb46f399
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Wed Oct 04 11:44:14 2017 +0000

description:
openssh: update to 7.6.1.


Potentially-incompatible changes
================================

This release includes a number of changes that may affect existing
configurations:

 * ssh(1): delete SSH protocol version 1 support, associated
   configuration options and documentation.

 * ssh(1)/sshd(8): remove support for the hmac-ripemd160 MAC.

 * ssh(1)/sshd(8): remove support for the arcfour, blowfish and CAST
   ciphers.

 * Refuse RSA keys <1024 bits in length and improve reporting for keys
   that do not meet this requirement.

 * ssh(1): do not offer CBC ciphers by default.

Changes since OpenSSH 7.5
=========================

This is primarily a bugfix release. It also contains substantial
internal refactoring.

Security
--------

 * sftp-server(8): in read-only mode, sftp-server was incorrectly
   permitting creation of zero-length files. Reported by Michal
   Zalewski.

New Features
------------

 * ssh(1): add RemoteCommand option to specify a command in the ssh
   config file instead of giving it on the client's command line. This
   allows the configuration file to specify the command that will be
   executed on the remote host.

 * sshd(8): add ExposeAuthInfo option that enables writing details of
   the authentication methods used (including public keys where
   applicable) to a file that is exposed via a $SSH_USER_AUTH
   environment variable in the subsequent session.

 * ssh(1): add support for reverse dynamic forwarding. In this mode,
   ssh will act as a SOCKS4/5 proxy and forward connections
   to destinations requested by the remote SOCKS client. This mode
   is requested using extended syntax for the -R and RemoteForward
   options and, because it is implemented solely at the client,
   does not require the server be updated to be supported.

 * sshd(8): allow LogLevel directive in sshd_config Match blocks;
   bz#2717

 * ssh-keygen(1): allow inclusion of arbitrary string or flag
   certificate extensions and critical options.

 * ssh-keygen(1): allow ssh-keygen to use a key held in ssh-agent as
   a CA when signing certificates. bz#2377

 * ssh(1)/sshd(8): allow IPQoS=none in ssh/sshd to not set an explicit
   ToS/DSCP value and just use the operating system default.

 * ssh-add(1): added -q option to make ssh-add quiet on success.

 * ssh(1): expand the StrictHostKeyChecking option with two new
   settings. The first "accept-new" will automatically accept
   hitherto-unseen keys but will refuse connections for changed or
   invalid hostkeys. This is a safer subset of the current behaviour
   of StrictHostKeyChecking=no. The second setting "off", is a synonym
   for the current behaviour of StrictHostKeyChecking=no: accept new
   host keys, and continue connection for hosts with incorrect
   hostkeys. A future release will change the meaning of
   StrictHostKeyChecking=no to the behaviour of "accept-new". bz#2400

 * ssh(1): add SyslogFacility option to ssh(1) matching the equivalent
   option in sshd(8). bz#2705

Bugfixes
--------

 * ssh(1): use HostKeyAlias if specified instead of hostname for
   matching host certificate principal names; bz#2728

 * sftp(1): implement sorting for globbed ls; bz#2649

 * ssh(1): add a user@host prefix to client's "Permission denied"
   messages, useful in particular when using "stacked" connections
   (e.g. ssh -J) where it's not clear which host is denying. bz#2720

 * ssh(1): accept unknown EXT_INFO extension values that contain \0
   characters. These are legal, but would previously cause fatal
   connection errors if received.

 * ssh(1)/sshd(8): repair compression statistics printed at
   connection exit

 * sftp(1): print '?' instead of incorrect link count (that the
   protocol doesn't provide) for remote listings. bz#2710

 * ssh(1): return failure rather than fatal() for more cases during
   session multiplexing negotiations. Causes the session to fall back
   to a non-mux connection if they occur. bz#2707

 * ssh(1): mention that the server may send debug messages to explain
   public key authentication problems under some circumstances; bz#2709

 * Translate OpenSSL error codes to better report incorrect passphrase
   errors when loading private keys; bz#2699

 * sshd(8): adjust compatibility patterns for WinSCP to correctly
   identify versions that implement only the legacy DH group exchange
   scheme. bz#2748

 * ssh(1): print the "Killed by signal 1" message only at LogLevel
   verbose so that it is not shown at the default level; prevents it
   from appearing during ssh -J and equivalent ProxyCommand configs.
   bz#1906, bz#2744

 * ssh-keygen(1): when generating all hostkeys (ssh-keygen -A), clobber
   existing keys if they exist but are zero length. zero-length keys
   could previously be made if ssh-keygen failed or was interrupted part
   way through generating them. bz#2561

 * ssh(1): fix pledge(2) violation in the escape sequence "~&" used to
   place the current session in the background.

 * ssh-keyscan(1): avoid double-close() on file descriptors; bz#2734

 * sshd(8): avoid reliance on shared use of pointers shared between
   monitor and child sshd processes. bz#2704

 * sshd_config(8): document available AuthenticationMethods; bz#2453

 * ssh(1): avoid truncation in some login prompts; bz#2768

 * sshd(8): Fix various compilations failures, inc bz#2767

 * ssh(1): make "--" before the hostname terminate argument processing
   after the hostname too.

 * ssh-keygen(1): switch from aes256-cbc to aes256-ctr for encrypting
   new-style private keys. Fixes problems related to private key
   handling for no-OpenSSL builds. bz#2754

 * ssh(1): warn and do not attempt to use keys when the public and
   private halves do not match. bz#2737

 * sftp(1): don't print verbose error message when ssh disconnects
   from under sftp. bz#2750

 * sshd(8): fix keepalive scheduling problem: activity on a forwarded
   port from preventing the keepalive from being sent; bz#2756

 * sshd(8): when started without root privileges, don't require the
   privilege separation user or path to exist. Makes running the
   regression tests easier without touching the filesystem.

 * Make integrity.sh regression tests more robust against timeouts.
   bz#2658

 * ssh(1)/sshd(8): correctness fix for channels implementation: accept
   channel IDs greater than 0x7FFFFFFF.

Portability
-----------

 * sshd(9): drop two more privileges in the Solaris sandbox:
   PRIV_DAX_ACCESS and PRIV_SYS_IB_INFO; bz#2723

 * sshd(8): expose list of completed authentication methods to PAM
   via the SSH_AUTH_INFO_0 PAM environment variable. bz#2408

 * ssh(1)/sshd(8): fix several problems in the tun/tap forwarding code,
   mostly to do with host/network byte order confusion. bz#2735

 * Add --with-cflags-after and --with-ldflags-after configure flags to
   allow setting CFLAGS/LDFLAGS after configure has completed. These
   are useful for setting sanitiser/fuzzing options that may interfere
   with configure's operation.

 * sshd(8): avoid Linux seccomp violations on ppc64le over the
   socketcall syscall.

 * Fix use of ldns when using ldns-config; bz#2697

 * configure: set cache variables when cross-compiling. The cross-
   compiling fallback message was saying it assumed the test passed,
   but it wasn't actually set the cache variables and this would
   cause later tests to fail.

 * Add clang libFuzzer harnesses for public key parsing and signature
   verification.

diffstat:

 security/openssh/Makefile             |   5 +--
 security/openssh/distinfo             |  12 +++++-----
 security/openssh/patches/patch-sshd.c |  42 +++++++++++++++++-----------------
 3 files changed, 29 insertions(+), 30 deletions(-)

diffs (150 lines):

diff -r 21b8cb286b3e -r 6742cb46f399 security/openssh/Makefile
--- a/security/openssh/Makefile Wed Oct 04 11:29:48 2017 +0000
+++ b/security/openssh/Makefile Wed Oct 04 11:44:14 2017 +0000
@@ -1,8 +1,7 @@
-# $NetBSD: Makefile,v 1.253 2017/07/24 16:33:22 he Exp $
+# $NetBSD: Makefile,v 1.254 2017/10/04 11:44:14 wiz Exp $
 
-DISTNAME=              openssh-7.5p1
+DISTNAME=              openssh-7.6p1
 PKGNAME=               ${DISTNAME:S/p1/.1/}
-PKGREVISION=           1
 CATEGORIES=            security
 MASTER_SITES=          ${MASTER_SITE_OPENBSD:=OpenSSH/portable/}
 
diff -r 21b8cb286b3e -r 6742cb46f399 security/openssh/distinfo
--- a/security/openssh/distinfo Wed Oct 04 11:29:48 2017 +0000
+++ b/security/openssh/distinfo Wed Oct 04 11:44:14 2017 +0000
@@ -1,9 +1,9 @@
-$NetBSD: distinfo,v 1.104 2017/05/31 09:30:21 jperkin Exp $
+$NetBSD: distinfo,v 1.105 2017/10/04 11:44:14 wiz Exp $
 
-SHA1 (openssh-7.5p1.tar.gz) = 5e8f185d00afb4f4f89801e9b0f8b9cee9d87ebd
-RMD160 (openssh-7.5p1.tar.gz) = c1b176a1fe92495d056edda0c5db54efcfb8764a
-SHA512 (openssh-7.5p1.tar.gz) = 58c542e8a110fb4316a68db94abb663fa1c810becd0638d45281df8aeca62c1f705090437a80e788e6c29121769b72a505feced537d3118c933fde01b5285c81
-Size (openssh-7.5p1.tar.gz) = 1510857 bytes
+SHA1 (openssh-7.6p1.tar.gz) = a6984bc2c72192bed015c8b879b35dd9f5350b3b
+RMD160 (openssh-7.6p1.tar.gz) = 486ae743f51ffbf8197d564aab9ae54f9e2ac9da
+SHA512 (openssh-7.6p1.tar.gz) = de17fdcb8239401f76740c8d689a8761802f6df94e68d953f3c70b9f4f8bdb403617c48c1d01cc8c368d88e9d50aee540bf03d5a36687dfb39dfd28d73029d72
+Size (openssh-7.6p1.tar.gz) = 1489788 bytes
 SHA1 (patch-Makefile.in) = 98960119bda68a663214c8880484552f1207bcfc
 SHA1 (patch-auth-passwd.c) = 5205ca4d15dbcd3f4c574f0a2fb7713ae69af5f7
 SHA1 (patch-auth-rhosts.c) = a5e6131e63b83a7e8a06cd80f22def449d6bc2c4
@@ -25,6 +25,6 @@
 SHA1 (patch-sftp-common.c) = 6819aa040c8f1caa30a704cf6f0588e498df8778
 SHA1 (patch-ssh.c) = 6877d8205d999906c14240d4d112b084609927ca
 SHA1 (patch-sshd.8) = 5bf48cd27cef8e8810b9dc7115f5180102a345d1
-SHA1 (patch-sshd.c) = a1ccf7e54275629965d80d9cf7cd8669d9f1f4cf
+SHA1 (patch-sshd.c) = 040ac961247fdd55bd09b85e65b905b63bc24f7d
 SHA1 (patch-sshpty.c) = cb691d4fbde808927f2fbcc12b87ad983cf21938
 SHA1 (patch-uidswap.c) = 68c4f5ffab7f4c5c9c00b7443a74b2da52809b7e
diff -r 21b8cb286b3e -r 6742cb46f399 security/openssh/patches/patch-sshd.c
--- a/security/openssh/patches/patch-sshd.c     Wed Oct 04 11:29:48 2017 +0000
+++ b/security/openssh/patches/patch-sshd.c     Wed Oct 04 11:44:14 2017 +0000
@@ -1,11 +1,11 @@
-$NetBSD: patch-sshd.c,v 1.8 2016/12/30 04:43:16 taca Exp $
+$NetBSD: patch-sshd.c,v 1.9 2017/10/04 11:44:14 wiz Exp $
 
 * Interix support
 * Revive tcp_wrappers support.
 
---- sshd.c.orig        2016-12-19 04:59:41.000000000 +0000
+--- sshd.c.orig        2017-10-02 19:34:26.000000000 +0000
 +++ sshd.c
-@@ -123,6 +123,13 @@
+@@ -122,6 +122,13 @@
  #include "version.h"
  #include "ssherr.h"
  
@@ -19,7 +19,7 @@
  /* Re-exec fds */
  #define REEXEC_DEVCRYPTO_RESERVED_FD  (STDERR_FILENO + 1)
  #define REEXEC_STARTUP_PIPE_FD                (STDERR_FILENO + 2)
-@@ -220,7 +227,11 @@ int *startup_pipes = NULL;
+@@ -219,7 +226,11 @@ int *startup_pipes = NULL;
  int startup_pipe;             /* in child */
  
  /* variables used for privilege separation */
@@ -30,17 +30,8 @@
 +#endif
  struct monitor *pmonitor = NULL;
  int privsep_is_preauth = 1;
- 
-@@ -541,7 +552,7 @@ privsep_preauth_child(void)
-       demote_sensitive_data();
- 
-       /* Demote the child */
--      if (getuid() == 0 || geteuid() == 0) {
-+      if (getuid() == ROOTUID || geteuid() == ROOTUID) {
-               /* Change our root directory */
-               if (chroot(_PATH_PRIVSEP_CHROOT_DIR) == -1)
-                       fatal("chroot(\"%s\"): %s", _PATH_PRIVSEP_CHROOT_DIR,
-@@ -552,10 +563,15 @@ privsep_preauth_child(void)
+ static int privsep_chroot = 1;
+@@ -550,10 +561,15 @@ privsep_preauth_child(void)
                /* Drop our privileges */
                debug3("privsep user:group %u:%u", (u_int)privsep_pw->pw_uid,
                    (u_int)privsep_pw->pw_gid);
@@ -56,7 +47,7 @@
        }
  }
  
-@@ -619,10 +635,17 @@ privsep_preauth(Authctxt *authctxt)
+@@ -617,10 +633,17 @@ privsep_preauth(Authctxt *authctxt)
                /* Arrange for logging to be sent to the monitor */
                set_log_handler(mm_log_handler, pmonitor);
  
@@ -74,7 +65,7 @@
  
                return 0;
        }
-@@ -634,7 +657,7 @@ privsep_postauth(Authctxt *authctxt)
+@@ -632,7 +655,7 @@ privsep_postauth(Authctxt *authctxt)
  #ifdef DISABLE_FD_PASSING
        if (1) {
  #else
@@ -83,7 +74,7 @@
  #endif
                /* File descriptor passing is broken or root login */
                use_privsep = 0;
-@@ -1389,8 +1412,10 @@ main(int ac, char **av)
+@@ -1393,8 +1416,10 @@ main(int ac, char **av)
        av = saved_argv;
  #endif
  
@@ -95,7 +86,16 @@
  
        /* Ensure that fds 0, 1 and 2 are open or directed to /dev/null */
        sanitise_stdfd();
-@@ -1766,7 +1791,7 @@ main(int ac, char **av)
+@@ -1636,7 +1661,7 @@ main(int ac, char **av)
+       );
+ 
+       /* Store privilege separation user for later use if required. */
+-      privsep_chroot = use_privsep && (getuid() == 0 || geteuid() == 0);
++      privsep_chroot = use_privsep && (getuid() == ROOTUID || geteuid() == ROOTUID);
+       if ((privsep_pw = getpwnam(SSH_PRIVSEP_USER)) == NULL) {
+               if (privsep_chroot || options.kerberos_authentication)
+                       fatal("Privilege separation user %s does not exist",
+@@ -1769,7 +1794,7 @@ main(int ac, char **av)
                    (st.st_uid != getuid () ||
                    (st.st_mode & (S_IWGRP|S_IWOTH)) != 0))
  #else
@@ -104,7 +104,7 @@
  #endif
                        fatal("%s must be owned by root and not group or "
                            "world-writable.", _PATH_PRIVSEP_CHROOT_DIR);
-@@ -1789,8 +1814,10 @@ main(int ac, char **av)
+@@ -1792,8 +1817,10 @@ main(int ac, char **av)
         * to create a file, and we can't control the code in every
         * module which might be used).
         */
@@ -115,7 +115,7 @@
  
        if (rexec_flag) {
                rexec_argv = xcalloc(rexec_argc + 2, sizeof(char *));
-@@ -1972,6 +1999,25 @@ main(int ac, char **av)
+@@ -1981,6 +2008,25 @@ main(int ac, char **av)
        audit_connection_from(remote_ip, remote_port);
  #endif
  



Home | Main Index | Thread Index | Old Index