diff options
Diffstat (limited to 'debian')
-rw-r--r-- | debian/.gitlab-ci.yml | 9 | ||||
-rw-r--r-- | debian/changelog | 31 | ||||
-rw-r--r-- | debian/patches/CVE-2021-41617-1.patch | 35 | ||||
-rw-r--r-- | debian/patches/CVE-2021-41617-2.patch | 26 | ||||
-rw-r--r-- | debian/patches/CVE-2023-48795-buster.patch | 12 | ||||
-rw-r--r-- | debian/patches/CVE-2023-48795.patch | 490 | ||||
-rw-r--r-- | debian/patches/CVE-2023-51385.patch | 94 | ||||
-rw-r--r-- | debian/patches/series | 5 | ||||
-rw-r--r-- | debian/salsa-ci.yml | 9 |
9 files changed, 702 insertions, 9 deletions
diff --git a/debian/.gitlab-ci.yml b/debian/.gitlab-ci.yml deleted file mode 100644 index 4816152..0000000 --- a/debian/.gitlab-ci.yml +++ /dev/null @@ -1,9 +0,0 @@ -include: - - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/recipes/debian.yml - -variables: - RELEASE: 'buster' - SALSA_CI_COMPONENTS: 'main contrib non-free' - SALSA_CI_DISABLE_REPROTEST: 1 - SALSA_CI_DISABLE_LINTIAN: 1 - SALSA_CI_DISABLE_PIUPARTS: 1 diff --git a/debian/changelog b/debian/changelog index a67df9f..03aa0ce 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,34 @@ +openssh (1:7.9p1-10+deb10u4) buster-security; urgency=medium + + * Non-maintainer upload by the LTS Team. + * Rename debian/.gitlab-ci.yml to debian/salsa-ci.yml and use + lts-team/pipeline recipe for buster in it. + * [CVE-2023-48795] ssh(1), sshd(8): implement protocol extensions to + thwart the so-called "Terrapin attack" discovered by Fabian Bäumer, + Marcus Brinkmann and Jörg Schwenk. This attack allows a MITM to effect + a limited break of the integrity of the early encrypted SSH transport + protocol by sending extra messages prior to the commencement of + encryption, and deleting an equal number of consecutive messages + immediately after encryption starts. A peer SSH client/server would + not be able to detect that messages were deleted. + * [CVE-2023-51385] ssh(1): if an invalid user or hostname that contained + shell metacharacters was passed to ssh(1), and a ProxyCommand, + LocalCommand directive or "match exec" predicate referenced the user + or hostname via %u, %h or similar expansion token, then an attacker + who could supply arbitrary user/hostnames to ssh(1) could potentially + perform command injection depending on what quoting was present in the + user-supplied ssh_config(5) directive. ssh(1) now bans most shell + metacharacters from user and hostnames supplied via the command-line. + * [CVE-2021-41617]: sshd(8) from OpenSSH 6.2 through 8.7 failed to + correctly initialise supplemental groups when executing an + AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a + AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive + has been set to run the command as a different user. Instead these + commands would inherit the groups that sshd(8) was started with + (closes: #995130). + + -- Santiago Ruano Rincón <santiago@freexian.com> Sun, 24 Dec 2023 15:39:13 -0500 + openssh (1:7.9p1-10+deb10u3progress5u1) engywuck-security; urgency=high * Uploading to engywuck-security, remaining changes: diff --git a/debian/patches/CVE-2021-41617-1.patch b/debian/patches/CVE-2021-41617-1.patch new file mode 100644 index 0000000..042c9bc --- /dev/null +++ b/debian/patches/CVE-2021-41617-1.patch @@ -0,0 +1,35 @@ +From ad2748dee50e4c0040f6efda5eff4a34e4eb5b85 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Sun, 26 Sep 2021 14:01:03 +0000 +Subject: upstream: need initgroups() before setresgid(); reported by anton@, + +ok deraadt@ + +OpenBSD-Commit-ID: 6aa003ee658b316960d94078f2a16edbc25087ce + +Bug-Debian: https://bugs.debian.org/995130 +Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=f3cbe43e28fe71427d41cfe3a17125b972710455 +Last-Update: 2023-12-19 + +Patch-Name: CVE-2021-41617-1.patch +--- + auth.c | 6 ++++++ + 1 file changed, 6 insertions(+) + +Index: openssh/auth.c +=================================================================== +--- openssh.orig/auth.c ++++ openssh/auth.c +@@ -866,6 +866,12 @@ subprocess(const char *tag, struct passw + } + closefrom(STDERR_FILENO + 1); + ++ if (geteuid() == 0 && ++ initgroups(pw->pw_name, pw->pw_gid) == -1) { ++ error("%s: initgroups(%s, %u): %s", tag, ++ pw->pw_name, (u_int)pw->pw_gid, strerror(errno)); ++ _exit(1); ++ } + /* Don't use permanently_set_uid() here to avoid fatal() */ + if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0) { + error("%s: setresgid %u: %s", tag, (u_int)pw->pw_gid, diff --git a/debian/patches/CVE-2021-41617-2.patch b/debian/patches/CVE-2021-41617-2.patch new file mode 100644 index 0000000..62a066b --- /dev/null +++ b/debian/patches/CVE-2021-41617-2.patch @@ -0,0 +1,26 @@ +From 0afd6ea47554dee40d1eaf33fa73d693fb661e64 Mon Sep 17 00:00:00 2001 +From: Damien Miller <djm@mindrot.org> +Date: Mon, 27 Sep 2021 00:03:19 +1000 +Subject: initgroups needs grp.h + +Bug-Debian: https://bugs.debian.org/995130 +Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=bf944e3794eff5413f2df1ef37cddf96918c6bde +Last-Update: 2023-12-19 + +Patch-Name: CVE-2021-41617-2.patch +--- + auth.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/auth.c b/auth.c +index 32870851b..88578ec45 100644 +--- a/auth.c ++++ b/auth.c +@@ -39,6 +39,7 @@ + # include <paths.h> + #endif + #include <pwd.h> ++#include <grp.h> + #ifdef HAVE_LOGIN_H + #include <login.h> + #endif diff --git a/debian/patches/CVE-2023-48795-buster.patch b/debian/patches/CVE-2023-48795-buster.patch new file mode 100644 index 0000000..6a53c5d --- /dev/null +++ b/debian/patches/CVE-2023-48795-buster.patch @@ -0,0 +1,12 @@ +Index: openssh/kex.c +=================================================================== +--- openssh.orig/kex.c ++++ openssh/kex.c +@@ -630,6 +630,7 @@ kex_new(struct ssh *ssh, char *proposal[ + } + if ((r = kex_prop2buf(kex->my, proposal)) != 0) + goto out; ++ kex->flags = KEX_INITIAL; + kex->done = 0; + kex_reset_dispatch(ssh); + ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_input_kexinit); diff --git a/debian/patches/CVE-2023-48795.patch b/debian/patches/CVE-2023-48795.patch new file mode 100644 index 0000000..3495099 --- /dev/null +++ b/debian/patches/CVE-2023-48795.patch @@ -0,0 +1,490 @@ +From 802a7af111c9ddb438ca4fd8c5cc35534e199fda Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Mon, 18 Dec 2023 14:45:17 +0000 +Subject: upstream: implement "strict key exchange" in ssh and sshd + +This adds a protocol extension to improve the integrity of the SSH +transport protocol, particular in and around the initial key exchange +(KEX) phase. + +Full details of the extension are in the PROTOCOL file. + +with markus@ + +OpenBSD-Commit-ID: 2a66ac962f0a630d7945fee54004ed9e9c439f14 + +Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=1edb00c58f8a6875fad6a497aa2bacf37f9e6cd5 +Last-Update: 2023-12-21 + +Patch-Name: CVE-2023-48795.patch +--- + PROTOCOL | 26 +++++++++++++++++ + kex.c | 68 ++++++++++++++++++++++++++++++++----------- + kex.h | 1 + + packet.c | 80 ++++++++++++++++++++++++++++++++++++++------------- + sshconnect2.c | 14 +++------ + sshd.c | 8 ++++-- + 6 files changed, 149 insertions(+), 48 deletions(-) + +Index: openssh/PROTOCOL +=================================================================== +--- openssh.orig/PROTOCOL ++++ openssh/PROTOCOL +@@ -102,6 +102,32 @@ OpenSSH supports the use of ECDH in Curv + described at: + http://git.libssh.org/users/aris/libssh.git/plain/doc/curve25519-sha256@libssh.org.txt?h=curve25519 + ++1.9 transport: strict key exchange extension ++ ++OpenSSH supports a number of transport-layer hardening measures under ++a "strict KEX" feature. This feature is signalled similarly to the ++RFC8308 ext-info feature: by including a additional algorithm in the ++initiial SSH2_MSG_KEXINIT kex_algorithms field. The client may append ++"kex-strict-c-v00@openssh.com" to its kex_algorithms and the server ++may append "kex-strict-s-v00@openssh.com". These pseudo-algorithms ++are only valid in the initial SSH2_MSG_KEXINIT and MUST be ignored ++if they are present in subsequent SSH2_MSG_KEXINIT packets. ++ ++When an endpoint that supports this extension observes this algorithm ++name in a peer's KEXINIT packet, it MUST make the following changes to ++the the protocol: ++ ++a) During initial KEX, terminate the connection if any unexpected or ++ out-of-sequence packet is received. This includes terminating the ++ connection if the first packet received is not SSH2_MSG_KEXINIT. ++ Unexpected packets for the purpose of strict KEX include messages ++ that are otherwise valid at any time during the connection such as ++ SSH2_MSG_DEBUG and SSH2_MSG_IGNORE. ++b) After sending or receiving a SSH2_MSG_NEWKEYS message, reset the ++ packet sequence number to zero. This behaviour persists for the ++ duration of the connection (i.e. not just the first ++ SSH2_MSG_NEWKEYS). ++ + 2. Connection protocol changes + + 2.1. connection: Channel write close extension "eow@openssh.com" +Index: openssh/kex.c +=================================================================== +--- openssh.orig/kex.c ++++ openssh/kex.c +@@ -59,7 +59,7 @@ + #endif + + /* prototype */ +-static int kex_choose_conf(struct ssh *); ++static int kex_choose_conf(struct ssh *, uint32_t seq); + static int kex_input_newkeys(int, u_int32_t, struct ssh *); + + static const char *proposal_names[PROPOSAL_MAX] = { +@@ -179,6 +179,18 @@ kex_names_valid(const char *names) + return 1; + } + ++/* returns non-zero if proposal contains any algorithm from algs */ ++static int ++has_any_alg(const char *proposal, const char *algs) ++{ ++ char *cp; ++ ++ if ((cp = match_list(proposal, algs, NULL)) == NULL) ++ return 0; ++ free(cp); ++ return 1; ++} ++ + /* + * Concatenate algorithm names, avoiding duplicates in the process. + * Caller must free returned string. +@@ -186,7 +198,7 @@ kex_names_valid(const char *names) + char * + kex_names_cat(const char *a, const char *b) + { +- char *ret = NULL, *tmp = NULL, *cp, *p, *m; ++ char *ret = NULL, *tmp = NULL, *cp, *p; + size_t len; + + if (a == NULL || *a == '\0') +@@ -203,10 +215,8 @@ kex_names_cat(const char *a, const char + } + strlcpy(ret, a, len); + for ((p = strsep(&cp, ",")); p && *p != '\0'; (p = strsep(&cp, ","))) { +- if ((m = match_list(ret, p, NULL)) != NULL) { +- free(m); ++ if (has_any_alg(ret, p)) + continue; /* Algorithm already present */ +- } + if (strlcat(ret, ",", len) >= len || + strlcat(ret, p, len) >= len) { + free(tmp); +@@ -396,7 +406,12 @@ kex_protocol_error(int type, u_int32_t s + { + int r; + +- error("kex protocol error: type %d seq %u", type, seq); ++ /* If in strict mode, any unexpected message is an error */ ++ if ((ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) { ++ ssh_packet_disconnect(ssh, "strict KEX violation: " ++ "unexpected packet type %u (seqnr %u)", type, seq); ++ } ++ error("%s: type %u seq %u", __func__, type, seq); + if ((r = sshpkt_start(ssh, SSH2_MSG_UNIMPLEMENTED)) != 0 || + (r = sshpkt_put_u32(ssh, seq)) != 0 || + (r = sshpkt_send(ssh)) != 0) +@@ -443,11 +458,11 @@ kex_send_newkeys(struct ssh *ssh) + (r = sshpkt_send(ssh)) != 0) + return r; + debug("SSH2_MSG_NEWKEYS sent"); +- debug("expecting SSH2_MSG_NEWKEYS"); + ssh_dispatch_set(ssh, SSH2_MSG_NEWKEYS, &kex_input_newkeys); +- if (ssh->kex->ext_info_c) ++ if (ssh->kex->ext_info_c && (ssh->kex->flags & KEX_INITIAL) != 0) + if ((r = kex_send_ext_info(ssh)) != 0) + return r; ++ debug("expecting SSH2_MSG_NEWKEYS"); + return 0; + } + +@@ -465,6 +480,11 @@ kex_input_ext_info(int type, u_int32_t s + ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &kex_protocol_error); + if ((r = sshpkt_get_u32(ssh, &ninfo)) != 0) + return r; ++ if (ninfo >= 1024) { ++ error("SSH2_MSG_EXT_INFO with too many entries, expected " ++ "<=1024, received %u", ninfo); ++ return dispatch_protocol_error(type, seq, ssh); ++ } + for (i = 0; i < ninfo; i++) { + if ((r = sshpkt_get_cstring(ssh, &name, NULL)) != 0) + return r; +@@ -503,6 +523,7 @@ kex_input_newkeys(int type, u_int32_t se + if ((r = ssh_set_newkeys(ssh, MODE_IN)) != 0) + return r; + kex->done = 1; ++ kex->flags &= ~KEX_INITIAL; + sshbuf_reset(kex->peer); + /* sshbuf_reset(kex->my); */ + kex->flags &= ~KEX_INIT_SENT; +@@ -554,7 +575,7 @@ kex_input_kexinit(int type, u_int32_t se + if (kex == NULL) + return SSH_ERR_INVALID_ARGUMENT; + +- ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, NULL); ++ ssh_dispatch_set(ssh, SSH2_MSG_KEXINIT, &kex_protocol_error); + ptr = sshpkt_ptr(ssh, &dlen); + if ((r = sshbuf_put(kex->peer, ptr, dlen)) != 0) + return r; +@@ -584,7 +605,7 @@ kex_input_kexinit(int type, u_int32_t se + if (!(kex->flags & KEX_INIT_SENT)) + if ((r = kex_send_kexinit(ssh)) != 0) + return r; +- if ((r = kex_choose_conf(ssh)) != 0) ++ if ((r = kex_choose_conf(ssh, seq)) != 0) + return r; + + if (kex->kex_type < KEX_MAX && kex->kex[kex->kex_type] != NULL) +@@ -832,7 +853,13 @@ proposals_match(char *my[PROPOSAL_MAX], + } + + static int +-kex_choose_conf(struct ssh *ssh) ++kexalgs_contains(char **peer, const char *ext) ++{ ++ return has_any_alg(peer[PROPOSAL_KEX_ALGS], ext); ++} ++ ++static int ++kex_choose_conf(struct ssh *ssh, uint32_t seq) + { + struct kex *kex = ssh->kex; + struct newkeys *newkeys; +@@ -857,13 +884,23 @@ kex_choose_conf(struct ssh *ssh) + sprop=peer; + } + +- /* Check whether client supports ext_info_c */ +- if (kex->server) { +- char *ext; +- +- ext = match_list("ext-info-c", peer[PROPOSAL_KEX_ALGS], NULL); +- kex->ext_info_c = (ext != NULL); +- free(ext); ++ /* Check whether peer supports ext_info/kex_strict */ ++ if ((kex->flags & KEX_INITIAL) != 0) { ++ if (kex->server) { ++ kex->ext_info_c = kexalgs_contains(peer, "ext-info-c"); ++ kex->kex_strict = kexalgs_contains(peer, ++ "kex-strict-c-v00@openssh.com"); ++ } else { ++ kex->kex_strict = kexalgs_contains(peer, ++ "kex-strict-s-v00@openssh.com"); ++ } ++ if (kex->kex_strict) { ++ debug3("will use strict KEX ordering"); ++ if (seq != 0) ++ ssh_packet_disconnect(ssh, ++ "strict KEX violation: " ++ "KEXINIT was not the first packet"); ++ } + } + + /* Algorithm Negotiation */ +Index: openssh/kex.h +=================================================================== +--- openssh.orig/kex.h ++++ openssh/kex.h +@@ -107,6 +107,7 @@ enum kex_exchange { + }; + + #define KEX_INIT_SENT 0x0001 ++#define KEX_INITIAL 0x0002 + + struct sshenc { + char *name; +@@ -145,6 +146,7 @@ struct kex { + u_int kex_type; + char *server_sig_algs; + int ext_info_c; ++ int kex_strict; + struct sshbuf *my; + struct sshbuf *peer; + sig_atomic_t done; +Index: openssh/packet.c +=================================================================== +--- openssh.orig/packet.c ++++ openssh/packet.c +@@ -1162,8 +1162,13 @@ ssh_packet_send2_wrapped(struct ssh *ssh + sshbuf_dump(state->output, stderr); + #endif + /* increment sequence number for outgoing packets */ +- if (++state->p_send.seqnr == 0) ++ if (++state->p_send.seqnr == 0) { ++ if ((ssh->kex->flags & KEX_INITIAL) != 0) { ++ ssh_packet_disconnect(ssh, "outgoing sequence number " ++ "wrapped during initial key exchange"); ++ } + logit("outgoing seqnr wraps around"); ++ } + if (++state->p_send.packets == 0) + if (!(ssh->compat & SSH_BUG_NOREKEY)) + return SSH_ERR_NEED_REKEY; +@@ -1171,6 +1176,12 @@ ssh_packet_send2_wrapped(struct ssh *ssh + state->p_send.bytes += len; + sshbuf_reset(state->outgoing_packet); + ++ if (type == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) { ++ debug("%s: resetting send seqnr %u", __func__, ++ state->p_send.seqnr); ++ state->p_send.seqnr = 0; ++ } ++ + if (type == SSH2_MSG_NEWKEYS) + r = ssh_set_newkeys(ssh, MODE_OUT); + else if (type == SSH2_MSG_USERAUTH_SUCCESS && state->server_side) +@@ -1304,8 +1315,7 @@ ssh_packet_read_seqnr(struct ssh *ssh, u + /* Stay in the loop until we have received a complete packet. */ + for (;;) { + /* Try to read a packet from the buffer. */ +- r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p); +- if (r != 0) ++ if ((r = ssh_packet_read_poll_seqnr(ssh, typep, seqnr_p)) != 0) + break; + /* If we got a packet, return it. */ + if (*typep != SSH_MSG_NONE) +@@ -1592,10 +1602,16 @@ ssh_packet_read_poll2(struct ssh *ssh, u + if ((r = sshbuf_consume(state->input, mac->mac_len)) != 0) + goto out; + } ++ + if (seqnr_p != NULL) + *seqnr_p = state->p_read.seqnr; +- if (++state->p_read.seqnr == 0) ++ if (++state->p_read.seqnr == 0) { ++ if ((ssh->kex->flags & KEX_INITIAL) != 0) { ++ ssh_packet_disconnect(ssh, "incoming sequence number " ++ "wrapped during initial key exchange"); ++ } + logit("incoming seqnr wraps around"); ++ } + if (++state->p_read.packets == 0) + if (!(ssh->compat & SSH_BUG_NOREKEY)) + return SSH_ERR_NEED_REKEY; +@@ -1661,6 +1677,11 @@ ssh_packet_read_poll2(struct ssh *ssh, u + #endif + /* reset for next packet */ + state->packlen = 0; ++ if (*typep == SSH2_MSG_NEWKEYS && ssh->kex->kex_strict) { ++ debug("%s: resetting read seqnr %u", __func__, ++ state->p_read.seqnr); ++ state->p_read.seqnr = 0; ++ } + + /* do we need to rekey? */ + if (ssh_packet_need_rekeying(ssh, 0)) { +@@ -1685,10 +1706,39 @@ ssh_packet_read_poll_seqnr(struct ssh *s + r = ssh_packet_read_poll2(ssh, typep, seqnr_p); + if (r != 0) + return r; +- if (*typep) { +- state->keep_alive_timeouts = 0; +- DBG(debug("received packet type %d", *typep)); ++ if (*typep == 0) { ++ /* no message ready */ ++ return 0; ++ } ++ state->keep_alive_timeouts = 0; ++ DBG(debug("received packet type %d", *typep)); ++ ++ /* Always process disconnect messages */ ++ if (*typep == SSH2_MSG_DISCONNECT) { ++ if ((r = sshpkt_get_u32(ssh, &reason)) != 0 || ++ (r = sshpkt_get_string(ssh, &msg, NULL)) != 0) ++ return r; ++ /* Ignore normal client exit notifications */ ++ do_log2(ssh->state->server_side && ++ reason == SSH2_DISCONNECT_BY_APPLICATION ? ++ SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, ++ "Received disconnect from %s port %d:" ++ "%u: %.400s", ssh_remote_ipaddr(ssh), ++ ssh_remote_port(ssh), reason, msg); ++ free(msg); ++ return SSH_ERR_DISCONNECTED; + } ++ ++ /* ++ * Do not implicitly handle any messages here during initial ++ * KEX when in strict mode. They will be need to be allowed ++ * explicitly by the KEX dispatch table or they will generate ++ * protocol errors. ++ */ ++ if (ssh->kex != NULL && ++ (ssh->kex->flags & KEX_INITIAL) && ssh->kex->kex_strict) ++ return 0; ++ /* Implicitly handle transport-level messages */ + switch (*typep) { + case SSH2_MSG_IGNORE: + debug3("Received SSH2_MSG_IGNORE"); +@@ -1703,19 +1753,6 @@ ssh_packet_read_poll_seqnr(struct ssh *s + debug("Remote: %.900s", msg); + free(msg); + break; +- case SSH2_MSG_DISCONNECT: +- if ((r = sshpkt_get_u32(ssh, &reason)) != 0 || +- (r = sshpkt_get_string(ssh, &msg, NULL)) != 0) +- return r; +- /* Ignore normal client exit notifications */ +- do_log2(ssh->state->server_side && +- reason == SSH2_DISCONNECT_BY_APPLICATION ? +- SYSLOG_LEVEL_INFO : SYSLOG_LEVEL_ERROR, +- "Received disconnect from %s port %d:" +- "%u: %.400s", ssh_remote_ipaddr(ssh), +- ssh_remote_port(ssh), reason, msg); +- free(msg); +- return SSH_ERR_DISCONNECTED; + case SSH2_MSG_UNIMPLEMENTED: + if ((r = sshpkt_get_u32(ssh, &seqnr)) != 0) + return r; +@@ -2173,6 +2210,7 @@ kex_to_blob(struct sshbuf *m, struct kex + (r = sshbuf_put_u32(m, kex->hostkey_type)) != 0 || + (r = sshbuf_put_u32(m, kex->hostkey_nid)) != 0 || + (r = sshbuf_put_u32(m, kex->kex_type)) != 0 || ++ (r = sshbuf_put_u32(m, kex->kex_strict)) != 0 || + (r = sshbuf_put_stringb(m, kex->my)) != 0 || + (r = sshbuf_put_stringb(m, kex->peer)) != 0 || + (r = sshbuf_put_u32(m, kex->flags)) != 0 || +@@ -2339,6 +2377,7 @@ kex_from_blob(struct sshbuf *m, struct k + (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_type)) != 0 || + (r = sshbuf_get_u32(m, (u_int *)&kex->hostkey_nid)) != 0 || + (r = sshbuf_get_u32(m, &kex->kex_type)) != 0 || ++ (r = sshbuf_get_u32(m, &kex->kex_strict)) != 0 || + (r = sshbuf_get_stringb(m, kex->my)) != 0 || + (r = sshbuf_get_stringb(m, kex->peer)) != 0 || + (r = sshbuf_get_u32(m, &kex->flags)) != 0 || +@@ -2664,6 +2703,7 @@ sshpkt_disconnect(struct ssh *ssh, const + vsnprintf(buf, sizeof(buf), fmt, args); + va_end(args); + ++ debug2("%s: sending SSH2_MSG_DISCONNECT: %s", __func__, buf); + if ((r = sshpkt_start(ssh, SSH2_MSG_DISCONNECT)) != 0 || + (r = sshpkt_put_u32(ssh, SSH2_DISCONNECT_PROTOCOL_ERROR)) != 0 || + (r = sshpkt_put_cstring(ssh, buf)) != 0 || +Index: openssh/sshconnect2.c +=================================================================== +--- openssh.orig/sshconnect2.c ++++ openssh/sshconnect2.c +@@ -170,7 +170,8 @@ ssh_kex2(char *host, struct sockaddr *ho + xxx_host = host; + xxx_hostaddr = hostaddr; + +- if ((s = kex_names_cat(options.kex_algorithms, "ext-info-c")) == NULL) ++ if ((s = kex_names_cat(options.kex_algorithms, ++ "ext-info-c,kex-strict-c-v00@openssh.com")) == NULL) + fatal("%s: kex_names_cat", __func__); + myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); + myproposal[PROPOSAL_ENC_ALGS_CTOS] = +@@ -351,7 +352,6 @@ struct cauthmethod { + }; + + int input_userauth_service_accept(int, u_int32_t, struct ssh *); +-int input_userauth_ext_info(int, u_int32_t, struct ssh *); + int input_userauth_success(int, u_int32_t, struct ssh *); + int input_userauth_success_unexpected(int, u_int32_t, struct ssh *); + int input_userauth_failure(int, u_int32_t, struct ssh *); +@@ -468,7 +468,7 @@ ssh_userauth2(const char *local_user, co + + ssh->authctxt = &authctxt; + ssh_dispatch_init(ssh, &input_userauth_error); +- ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, &input_userauth_ext_info); ++ ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, kex_input_ext_info); + ssh_dispatch_set(ssh, SSH2_MSG_SERVICE_ACCEPT, &input_userauth_service_accept); + ssh_dispatch_run_fatal(ssh, DISPATCH_BLOCK, &authctxt.success); /* loop until success */ + ssh->authctxt = NULL; +@@ -514,13 +514,6 @@ input_userauth_service_accept(int type, + return r; + } + +-/* ARGSUSED */ +-int +-input_userauth_ext_info(int type, u_int32_t seqnr, struct ssh *ssh) +-{ +- return kex_input_ext_info(type, seqnr, ssh); +-} +- + void + userauth(Authctxt *authctxt, char *authlist) + { +@@ -600,6 +593,7 @@ input_userauth_success(int type, u_int32 + free(authctxt->methoddata); + authctxt->methoddata = NULL; + authctxt->success = 1; /* break out */ ++ ssh_dispatch_set(ssh, SSH2_MSG_EXT_INFO, dispatch_protocol_error); + return 0; + } + +Index: openssh/sshd.c +=================================================================== +--- openssh.orig/sshd.c ++++ openssh/sshd.c +@@ -2360,10 +2360,13 @@ do_ssh2_kex(void) + { + char *myproposal[PROPOSAL_MAX] = { KEX_SERVER }; + struct kex *kex; ++ char *s; + int r; + +- myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal( +- options.kex_algorithms); ++ if ((s = kex_names_cat(options.kex_algorithms, ++ "kex-strict-s-v00@openssh.com")) == NULL) ++ fatal("%s: kex_names_cat", __func__); ++ myproposal[PROPOSAL_KEX_ALGS] = compat_kex_proposal(s); + myproposal[PROPOSAL_ENC_ALGS_CTOS] = compat_cipher_proposal( + options.ciphers); + myproposal[PROPOSAL_ENC_ALGS_STOC] = compat_cipher_proposal( +@@ -2469,6 +2472,7 @@ do_ssh2_kex(void) + packet_send(); + packet_write_wait(); + #endif ++ free(s); + debug("KEX done"); + } + diff --git a/debian/patches/CVE-2023-51385.patch b/debian/patches/CVE-2023-51385.patch new file mode 100644 index 0000000..9a35c37 --- /dev/null +++ b/debian/patches/CVE-2023-51385.patch @@ -0,0 +1,94 @@ +From 2bea7434c9fad19f017846adad0e995d8da00642 Mon Sep 17 00:00:00 2001 +From: "djm@openbsd.org" <djm@openbsd.org> +Date: Mon, 18 Dec 2023 14:47:44 +0000 +Subject: upstream: ban user/hostnames with most shell metacharacters + +This makes ssh(1) refuse user or host names provided on the +commandline that contain most shell metacharacters. + +Some programs that invoke ssh(1) using untrusted data do not filter +metacharacters in arguments they supply. This could create +interactions with user-specified ProxyCommand and other directives +that allow shell injection attacks to occur. + +It's a mistake to invoke ssh(1) with arbitrary untrusted arguments, +but getting this stuff right can be tricky, so this should prevent +most obvious ways of creating risky situations. It however is not +and cannot be perfect: ssh(1) has no practical way of interpreting +what shell quoting rules are in use and how they interact with the +user's specified ProxyCommand. + +To allow configurations that use strange user or hostnames to +continue to work, this strictness is applied only to names coming +from the commandline. Names specified using User or Hostname +directives in ssh_config(5) are not affected. + +feedback/ok millert@ markus@ dtucker@ deraadt@ + +OpenBSD-Commit-ID: 3b487348b5964f3e77b6b4d3da4c3b439e94b2d9 + +Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=7ef3787c84b6b524501211b11a26c742f829af1a +Last-Update: 2023-12-19 + +Patch-Name: CVE-2023-51385.patch +--- + ssh.c | 39 +++++++++++++++++++++++++++++++++++++++ + 1 file changed, 39 insertions(+) + +Index: openssh/ssh.c +=================================================================== +--- openssh.orig/ssh.c ++++ openssh/ssh.c +@@ -573,6 +573,41 @@ set_addrinfo_port(struct addrinfo *addrs + } + } + ++static int ++valid_hostname(const char *s) ++{ ++ size_t i; ++ ++ if (*s == '-') ++ return 0; ++ for (i = 0; s[i] != 0; i++) { ++ if (strchr("'`\"$\\;&<>|(){}", s[i]) != NULL || ++ isspace((u_char)s[i]) || iscntrl((u_char)s[i])) ++ return 0; ++ } ++ return 1; ++} ++ ++static int ++valid_ruser(const char *s) ++{ ++ size_t i; ++ ++ if (*s == '-') ++ return 0; ++ for (i = 0; s[i] != 0; i++) { ++ if (strchr("'`\";&<>|(){}", s[i]) != NULL) ++ return 0; ++ /* Disallow '-' after whitespace */ ++ if (isspace((u_char)s[i]) && s[i + 1] == '-') ++ return 0; ++ /* Disallow \ in last position */ ++ if (s[i] == '\\' && s[i + 1] == '\0') ++ return 0; ++ } ++ return 1; ++} ++ + /* + * Main program for the ssh client. + */ +@@ -1034,6 +1069,10 @@ main(int ac, char **av) + if (!host) + usage(); + ++ if (!valid_hostname(host)) ++ fatal("hostname contains invalid characters"); ++ if (options.user != NULL && !valid_ruser(options.user)) ++ fatal("remote username contains invalid characters"); + host_arg = xstrdup(host); + + #ifdef WITH_OPENSSL diff --git a/debian/patches/series b/debian/patches/series index 0a1d885..df46d91 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -37,6 +37,11 @@ sandbox-seccomp-ipc.patch bug2918.patch CVE-2023-38408-1.patch CVE-2023-38408-3.patch +CVE-2023-48795.patch +CVE-2023-48795-buster.patch +CVE-2023-51385.patch +CVE-2021-41617-1.patch +CVE-2021-41617-2.patch progress-linux/0001-ssh-keygen-default-key-type.patch progress-linux/0002-ssh-keygen-default-rsa-size.patch progress-linux/0003-ssh-keygen-default-ecdsa-size.patch diff --git a/debian/salsa-ci.yml b/debian/salsa-ci.yml new file mode 100644 index 0000000..1193ada --- /dev/null +++ b/debian/salsa-ci.yml @@ -0,0 +1,9 @@ +--- +include: + - https://salsa.debian.org/lts-team/pipeline/raw/master/recipes/buster.yml + +variables: + - SALSA_CI_COMPONENTS: 'main contrib non-free' + - SALSA_CI_DISABLE_REPROTEST: 1 + - SALSA_CI_DISABLE_LINTIAN: 1 + - SALSA_CI_DISABLE_PIUPARTS: 1 |