[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#882061: marked as done (jessie-pu: package openssh/1:6.7p1-5+deb8u4)

Your message dated Sat, 09 Dec 2017 10:47:53 +0000
with message-id <1512816473.1994.32.camel@adam-barratt.org.uk>
and subject line Closing bugs for updates included in jessie point release
has caused the Debian Bug report #882061,
regarding jessie-pu: package openssh/1:6.7p1-5+deb8u4
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
882061: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882061
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems
--- Begin Message --- 
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu

This is the jessie version of #865986.  The WinSCP change isn't
applicable to jessie, but the fixes for #865770 and #873201 are.

I had to do some minor git surgery to integrate the previous security
updates into git-dpm's view of the world (including changing one patch
to have a proper name rather than an automatically-generated one);
apologies for the resulting noise, but I think it's still short enough
to be reasonably reviewable.  I ran the "git-dpm update-patches" step in
a jessie chroot to avoid further noise from patches generated by
different git versions.

diff -Nru openssh-6.7p1/debian/.git-dpm openssh-6.7p1/debian/.git-dpm
--- openssh-6.7p1/debian/.git-dpm	2016-04-14 18:53:01.000000000 +0100
+++ openssh-6.7p1/debian/.git-dpm	2017-11-18 10:52:00.000000000 +0000
@@ -1,6 +1,6 @@
 # see git-dpm(1) from git-dpm package
-d6139ee6bbf3bda83ebefc73d8079d0897488d1d
-d6139ee6bbf3bda83ebefc73d8079d0897488d1d
+1ec1d66c12c333a99a10d399b5f47e5636d2bcff
+1ec1d66c12c333a99a10d399b5f47e5636d2bcff
 487bdb3a5ef6075887b830ccb8a0b14f6da78e93
 487bdb3a5ef6075887b830ccb8a0b14f6da78e93
 openssh_6.7p1.orig.tar.gz
diff -Nru openssh-6.7p1/debian/changelog openssh-6.7p1/debian/changelog
--- openssh-6.7p1/debian/changelog	2016-07-22 18:22:20.000000000 +0100
+++ openssh-6.7p1/debian/changelog	2017-11-18 10:56:29.000000000 +0000
@@ -1,3 +1,12 @@
+openssh (1:6.7p1-5+deb8u4) jessie; urgency=medium
+
+  * Test configuration before starting or reloading sshd under systemd
+    (closes: #865770).
+  * Make "--" before the hostname terminate argument processing after the
+    hostname too (closes: #873201).
+
+ -- Colin Watson <cjwatson@debian.org>  Sat, 18 Nov 2017 10:56:29 +0000
+
 openssh (1:6.7p1-5+deb8u3) jessie-security; urgency=high
 
   * Non-maintainer upload by the Security Team.
diff -Nru openssh-6.7p1/debian/openssh-server.ssh.service openssh-6.7p1/debian/openssh-server.ssh.service
--- openssh-6.7p1/debian/openssh-server.ssh.service	2016-04-14 18:53:01.000000000 +0100
+++ openssh-6.7p1/debian/openssh-server.ssh.service	2017-11-18 10:52:00.000000000 +0000
@@ -5,7 +5,9 @@
 
 [Service]
 EnvironmentFile=-/etc/default/ssh
+ExecStartPre=/usr/sbin/sshd -t
 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
+ExecReload=/usr/sbin/sshd -t
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure
diff -Nru openssh-6.7p1/debian/patches/0030-disable-roaming-in-ssh-client.patch openssh-6.7p1/debian/patches/0030-disable-roaming-in-ssh-client.patch
--- openssh-6.7p1/debian/patches/0030-disable-roaming-in-ssh-client.patch	2016-04-14 18:53:01.000000000 +0100
+++ openssh-6.7p1/debian/patches/0030-disable-roaming-in-ssh-client.patch	1970-01-01 01:00:00.000000000 +0100
@@ -1,36 +0,0 @@
-From d6139ee6bbf3bda83ebefc73d8079d0897488d1d Mon Sep 17 00:00:00 2001
-From: Yves-Alexis Perez <corsac@debian.org>
-Date: Tue, 12 Jan 2016 17:14:33 -0800
-Subject: disable roaming in ssh client
-
-SSH roaming implementation in openssh client is vulnerable to an
-information leak (CVE-2016-0777) and heap-based buffer overflow
-(CVE-2016-0778). The information leak is somehow attacker-controller,
-and it is for example possible to extract the ssh client private keys.
----
- readconf.c | 5 ++---
- 1 file changed, 2 insertions(+), 3 deletions(-)
-
-diff --git a/readconf.c b/readconf.c
-index 29338b6..337d914 100644
---- a/readconf.c
-+++ b/readconf.c
-@@ -1640,7 +1640,7 @@ initialize_options(Options * options)
- 	options->tun_remote = -1;
- 	options->local_command = NULL;
- 	options->permit_local_command = -1;
--	options->use_roaming = -1;
-+	options->use_roaming = 0;
- 	options->visual_host_key = -1;
- 	options->ip_qos_interactive = -1;
- 	options->ip_qos_bulk = -1;
-@@ -1822,8 +1822,7 @@ fill_default_options(Options * options)
- 		options->tun_remote = SSH_TUNID_ANY;
- 	if (options->permit_local_command == -1)
- 		options->permit_local_command = 0;
--	if (options->use_roaming == -1)
--		options->use_roaming = 1;
-+	options->use_roaming = 0;
- 	if (options->visual_host_key == -1)
- 		options->visual_host_key = 0;
- 	if (options->ip_qos_interactive == -1)
diff -Nru openssh-6.7p1/debian/patches/CVE-2015-8325.patch openssh-6.7p1/debian/patches/CVE-2015-8325.patch
--- openssh-6.7p1/debian/patches/CVE-2015-8325.patch	2016-04-14 18:53:01.000000000 +0100
+++ openssh-6.7p1/debian/patches/CVE-2015-8325.patch	2017-11-18 10:52:00.000000000 +0000
@@ -1,7 +1,7 @@
-From 85bdcd7c92fe7ff133bbc4e10a65c91810f88755 Mon Sep 17 00:00:00 2001
+From df02ed53cf4f3df6ef0bba7fd271d72360b19b0a Mon Sep 17 00:00:00 2001
 From: Damien Miller <djm@mindrot.org>
 Date: Wed, 13 Apr 2016 10:39:57 +1000
-Subject: [PATCH] ignore PAM environment vars when UseLogin=yes
+Subject: ignore PAM environment vars when UseLogin=yes
 
 If PAM is configured to read user-specified environment variables
 and UseLogin=yes in sshd_config, then a hostile local user may
@@ -9,13 +9,17 @@
 set via PAM.
 
 CVE-2015-8325, found by Shayan Sadigh, via Colin Watson
+
+Patch-Name: CVE-2015-8325.patch
 ---
  session.c | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
+diff --git a/session.c b/session.c
+index 6250c20..e341512 100644
 --- a/session.c
 +++ b/session.c
-@@ -1301,7 +1301,7 @@ do_setup_env(Session *s, const char *she
+@@ -1301,7 +1301,7 @@ do_setup_env(Session *s, const char *shell)
  	 * Pull in any environment variables that may have
  	 * been set by PAM.
  	 */
diff -Nru openssh-6.7p1/debian/patches/CVE-2016-6210-1.patch openssh-6.7p1/debian/patches/CVE-2016-6210-1.patch
--- openssh-6.7p1/debian/patches/CVE-2016-6210-1.patch	2016-07-22 18:20:48.000000000 +0100
+++ openssh-6.7p1/debian/patches/CVE-2016-6210-1.patch	2017-11-18 10:52:00.000000000 +0000
@@ -1,4 +1,4 @@
-From 9286875a73b2de7736b5e50692739d314cd8d9dc Mon Sep 17 00:00:00 2001
+From 3f40a5c09c405270a7f118855cc959dc8beac835 Mon Sep 17 00:00:00 2001
 From: Darren Tucker <dtucker@zip.com.au>
 Date: Fri, 15 Jul 2016 13:32:45 +1000
 Subject: Determine appropriate salt for invalid users.
@@ -14,6 +14,8 @@
 
 To mitigate, use the same hash algorithm that root uses for hashing
 passwords for users that do not exist on the system.  ok djm@
+
+Patch-Name: CVE-2016-6210-1.patch
 ---
  auth-passwd.c           | 12 ++++++++----
  openbsd-compat/xcrypt.c | 34 ++++++++++++++++++++++++++++++++++
@@ -50,7 +52,7 @@
  	/*
  	 * Authentication is accepted if the encrypted passwords
 diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
-index 8577cbd..8913bb8 100644
+index c8aea46..53cb9c8 100644
 --- a/openbsd-compat/xcrypt.c
 +++ b/openbsd-compat/xcrypt.c
 @@ -25,6 +25,7 @@
@@ -106,6 +108,3 @@
  # ifdef HAVE_MD5_PASSWORDS
          if (is_md5_salt(salt))
                  crypted = md5_crypt(password, salt);
--- 
-cgit v0.12
-
diff -Nru openssh-6.7p1/debian/patches/CVE-2016-6210-2.patch openssh-6.7p1/debian/patches/CVE-2016-6210-2.patch
--- openssh-6.7p1/debian/patches/CVE-2016-6210-2.patch	2016-07-22 18:20:48.000000000 +0100
+++ openssh-6.7p1/debian/patches/CVE-2016-6210-2.patch	2017-11-18 10:52:00.000000000 +0000
@@ -1,4 +1,4 @@
-From 283b97ff33ea2c641161950849931bd578de6946 Mon Sep 17 00:00:00 2001
+From 0be96ff6eb447fb8b249c54211fd2f637ba1a989 Mon Sep 17 00:00:00 2001
 From: Darren Tucker <dtucker@zip.com.au>
 Date: Fri, 15 Jul 2016 13:49:44 +1000
 Subject: Mitigate timing of disallowed users PAM logins.
@@ -12,12 +12,14 @@
 Mitigate by constructing an invalid password that is the same length
 as the one from the client and thus takes the same time to hash.
 Diff from djm@
+
+Patch-Name: CVE-2016-6210-2.patch
 ---
  auth-pam.c | 35 +++++++++++++++++++++++++++++++----
  1 file changed, 31 insertions(+), 4 deletions(-)
 
 diff --git a/auth-pam.c b/auth-pam.c
-index 451de78..465b5a7 100644
+index d789bad..55cd77a 100644
 --- a/auth-pam.c
 +++ b/auth-pam.c
 @@ -231,7 +231,6 @@ static int sshpam_account_status = -1;
@@ -103,6 +105,3 @@
  	if (sshpam_err == PAM_SUCCESS && authctxt->valid) {
  		debug("PAM: password authentication accepted for %.100s",
  		    authctxt->user);
--- 
-cgit v0.12
-
diff -Nru openssh-6.7p1/debian/patches/CVE-2016-6210-3.patch openssh-6.7p1/debian/patches/CVE-2016-6210-3.patch
--- openssh-6.7p1/debian/patches/CVE-2016-6210-3.patch	2016-07-22 18:20:48.000000000 +0100
+++ openssh-6.7p1/debian/patches/CVE-2016-6210-3.patch	2017-11-18 10:52:00.000000000 +0000
@@ -1,4 +1,4 @@
-From dbf788b4d9d9490a5fff08a7b09888272bb10fcc Mon Sep 17 00:00:00 2001
+From 625547cd45e339b60949dd79d4692ac76fc457a0 Mon Sep 17 00:00:00 2001
 From: Darren Tucker <dtucker@zip.com.au>
 Date: Thu, 21 Jul 2016 14:17:31 +1000
 Subject: Search users for one with a valid salt.
@@ -6,12 +6,14 @@
 If the root account is locked (eg password "!!" or "*LK*") keep looking
 until we find a user with a valid salt to use for crypting passwords of
 invalid users.  ok djm@
+
+Patch-Name: CVE-2016-6210-3.patch
 ---
  openbsd-compat/xcrypt.c | 24 +++++++++++++++---------
  1 file changed, 15 insertions(+), 9 deletions(-)
 
 diff --git a/openbsd-compat/xcrypt.c b/openbsd-compat/xcrypt.c
-index 8913bb8..cf6a9b9 100644
+index 53cb9c8..7a72345 100644
 --- a/openbsd-compat/xcrypt.c
 +++ b/openbsd-compat/xcrypt.c
 @@ -65,7 +65,9 @@
@@ -52,6 +54,3 @@
  	return salt;
  }
  
--- 
-cgit v0.12
-
diff -Nru openssh-6.7p1/debian/patches/dash-dash-before-hostname.patch openssh-6.7p1/debian/patches/dash-dash-before-hostname.patch
--- openssh-6.7p1/debian/patches/dash-dash-before-hostname.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssh-6.7p1/debian/patches/dash-dash-before-hostname.patch	2017-11-18 10:52:00.000000000 +0000
@@ -0,0 +1,63 @@
+From 1ec1d66c12c333a99a10d399b5f47e5636d2bcff Mon Sep 17 00:00:00 2001
+From: "djm@openbsd.org" <djm@openbsd.org>
+Date: Sat, 12 Aug 2017 06:46:01 +0000
+Subject: Make "--" before hostname end option processing
+
+make "--" before the hostname terminate command-line
+option processing completely; previous behaviour would not prevent further
+options appearing after the hostname (ssh has a supported options after the
+hostname for >20 years, so that's too late to change).
+
+ok deraadt@
+
+Upstream-ID: ef5ee50571b98ad94dcdf8282204e877ec88ad89
+
+Origin: backport, https://anongit.mindrot.org/openssh.git/commit/?id=643c2ad82910691b2240551ea8b14472f60b5078
+Bug: https://bugzilla.mindrot.org/show_bug.cgi?id=2766
+Bug-Debian: https://bugs.debian.org/873201
+Last-Update: 2017-11-18
+
+Patch-Name: dash-dash-before-hostname.patch
+---
+ ssh.c | 9 ++++++---
+ 1 file changed, 6 insertions(+), 3 deletions(-)
+
+diff --git a/ssh.c b/ssh.c
+index 5bce695..9d70230 100644
+--- a/ssh.c
++++ b/ssh.c
+@@ -414,13 +414,13 @@ process_config_files(struct passwd *pw)
+ int
+ main(int ac, char **av)
+ {
+-	int i, r, opt, exit_status, use_syslog;
++	int i, r, opt, exit_status, use_syslog, timeout_ms;
++	int opt_terminated = 0;
+ 	char *p, *cp, *line, *argv0, buf[MAXPATHLEN], *host_arg, *logfile;
+ 	char thishost[NI_MAXHOST], shorthost[NI_MAXHOST], portstr[NI_MAXSERV];
+ 	char cname[NI_MAXHOST];
+ 	struct stat st;
+ 	struct passwd *pw;
+-	int timeout_ms;
+ 	extern int optind, optreset;
+ 	extern char *optarg;
+ 	struct Forward fwd;
+@@ -813,6 +813,9 @@ main(int ac, char **av)
+ 		}
+ 	}
+ 
++	if (optind > 1 && strcmp(av[optind - 1], "--") == 0)
++		opt_terminated = 1;
++
+ 	ac -= optind;
+ 	av += optind;
+ 
+@@ -827,7 +830,7 @@ main(int ac, char **av)
+ 			host = xstrdup(++cp);
+ 		} else
+ 			host = xstrdup(*av);
+-		if (ac > 1) {
++		if (ac > 1 && !opt_terminated) {
+ 			optind = optreset = 1;
+ 			goto again;
+ 		}
diff -Nru openssh-6.7p1/debian/patches/disable-roaming.patch openssh-6.7p1/debian/patches/disable-roaming.patch
--- openssh-6.7p1/debian/patches/disable-roaming.patch	1970-01-01 01:00:00.000000000 +0100
+++ openssh-6.7p1/debian/patches/disable-roaming.patch	2017-11-18 10:52:00.000000000 +0000
@@ -0,0 +1,38 @@
+From beb5d60922b914b095b75b1ce30196062e574d87 Mon Sep 17 00:00:00 2001
+From: Yves-Alexis Perez <corsac@debian.org>
+Date: Tue, 12 Jan 2016 17:14:33 -0800
+Subject: disable roaming in ssh client
+
+SSH roaming implementation in openssh client is vulnerable to an
+information leak (CVE-2016-0777) and heap-based buffer overflow
+(CVE-2016-0778). The information leak is somehow attacker-controller,
+and it is for example possible to extract the ssh client private keys.
+
+Patch-Name: disable-roaming.patch
+---
+ readconf.c | 5 ++---
+ 1 file changed, 2 insertions(+), 3 deletions(-)
+
+diff --git a/readconf.c b/readconf.c
+index 29338b6..337d914 100644
+--- a/readconf.c
++++ b/readconf.c
+@@ -1640,7 +1640,7 @@ initialize_options(Options * options)
+ 	options->tun_remote = -1;
+ 	options->local_command = NULL;
+ 	options->permit_local_command = -1;
+-	options->use_roaming = -1;
++	options->use_roaming = 0;
+ 	options->visual_host_key = -1;
+ 	options->ip_qos_interactive = -1;
+ 	options->ip_qos_bulk = -1;
+@@ -1822,8 +1822,7 @@ fill_default_options(Options * options)
+ 		options->tun_remote = SSH_TUNID_ANY;
+ 	if (options->permit_local_command == -1)
+ 		options->permit_local_command = 0;
+-	if (options->use_roaming == -1)
+-		options->use_roaming = 1;
++	options->use_roaming = 0;
+ 	if (options->visual_host_key == -1)
+ 		options->visual_host_key = 0;
+ 	if (options->ip_qos_interactive == -1)
diff -Nru openssh-6.7p1/debian/patches/series openssh-6.7p1/debian/patches/series
--- openssh-6.7p1/debian/patches/series	2016-07-22 18:20:48.000000000 +0100
+++ openssh-6.7p1/debian/patches/series	2017-11-18 10:52:00.000000000 +0000
@@ -27,8 +27,9 @@
 gnome-ssh-askpass2-icon.patch
 sigstop.patch
 debian-config.patch
-0030-disable-roaming-in-ssh-client.patch
+disable-roaming.patch
 CVE-2015-8325.patch
 CVE-2016-6210-1.patch
 CVE-2016-6210-2.patch
 CVE-2016-6210-3.patch
+dash-dash-before-hostname.patch
diff -Nru openssh-6.7p1/debian/systemd/ssh.service openssh-6.7p1/debian/systemd/ssh.service
--- openssh-6.7p1/debian/systemd/ssh.service	2016-04-14 18:53:01.000000000 +0100
+++ openssh-6.7p1/debian/systemd/ssh.service	2017-11-18 10:52:00.000000000 +0000
@@ -5,7 +5,9 @@
 
 [Service]
 EnvironmentFile=-/etc/default/ssh
+ExecStartPre=/usr/sbin/sshd -t
 ExecStart=/usr/sbin/sshd -D $SSHD_OPTS
+ExecReload=/usr/sbin/sshd -t
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
 Restart=on-failure

Thanks,

-- 
Colin Watson                                       [cjwatson@debian.org]

--- End Message ---
--- Begin Message --- 
Version: 8.10

Hi,

Each of the updates referenced in these bugs was included in this
morning's jessie point release. Thanks!

Regards,

Adam

--- End Message ---
Reply to: