Accepting request 407066 from home:pcerny:factory

- enable support for SSHv1 protocol and discourage its usage
  (bsc#983307)
- enable DSA by default for backward compatibility and discourage
  its usage (bsc#983784)
  [openssh-7.2p2-allow_DSS_by_default.patch]

- upgrade to 7.2p2
  upstream package without any SUSE patches
  Distilled upstream log:
- OpenSSH 6.7
  Potentially-incompatible changes:
  * sshd(8): The default set of ciphers and MACs has been
    altered to remove unsafe algorithms. In particular, CBC
    ciphers and arcfour* are disabled by default.
    The full set of algorithms remains available if configured
    explicitly via the Ciphers and MACs sshd_config options.
  * sshd(8): Support for tcpwrappers/libwrap has been removed.
  * OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of
    connections using the curve25519-sha256@libssh.org KEX
    exchange method to fail when connecting with something that
    implements the specification correctly. OpenSSH 6.7 disables
    this KEX method when speaking to one of the affected
    versions.
  New Features:
  * ssh(1), sshd(8): Add support for Unix domain socket
    forwarding. A remote TCP port may be forwarded to a local
    Unix domain socket and vice versa or both ends may be a Unix
    domain socket.
  * ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for
    ED25519 key types.

OBS-URL: https://build.opensuse.org/request/show/407066
OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=107
This commit is contained in:
Petr Cerny 2016-07-07 07:07:23 +00:00 committed by Git OBS Bridge
parent b22c39e677
commit 6dac324cb7
19 changed files with 677 additions and 30 deletions

View File

@ -13,5 +13,14 @@ There are following changes in default settings of ssh client and server:
either "prohibit-password" or even better to "no" (which disables direct
remote root login entirely).
* SSH protocol version 1 is enabled for maximum compatibility.
NOTE: do not use protocol version 1. It is less secure then v2 and should
generally be phased out.
* DSA authentication is enabled by default for maximum compatibility.
NOTE: do not use DSA authentication since it is being phased out for a reason
- the size of DSA keys is limited by the standard to 1024 bits which cannot
be considered safe any more.
For more information on differences in SUSE OpenSSH package see README.FIPS

View File

@ -1,5 +1,5 @@
# HG changeset patch
# Parent e75958369c26f618744c229ef1a9925d8ccb1dcb
# Parent 48bbbfeff186061b7fd4795bff15f15f571e2c8f
# enable trusted X11 forwarding by default in both sshd and sshsystem-wide
# configuration
# bnc#50836 (was suse #35836)

View File

@ -0,0 +1,129 @@
# HG changeset patch
# Parent 2730f36bee0d6e141d8391b414a702e1add5a853
Enable DSS authentication by default to maintain compatibility with older
versions.
bsc#983784
diff --git a/openssh-7.2p2/myproposal.h b/openssh-7.2p2/myproposal.h
--- a/openssh-7.2p2/myproposal.h
+++ b/openssh-7.2p2/myproposal.h
@@ -94,21 +94,23 @@
#define KEX_CLIENT_KEX KEX_COMMON_KEX \
"diffie-hellman-group-exchange-sha1," \
"diffie-hellman-group14-sha1"
#define KEX_DEFAULT_PK_ALG \
HOSTKEY_ECDSA_CERT_METHODS \
"ssh-ed25519-cert-v01@openssh.com," \
"ssh-rsa-cert-v01@openssh.com," \
+ "ssh-dss-cert-v01@openssh.com," \
HOSTKEY_ECDSA_METHODS \
"ssh-ed25519," \
"rsa-sha2-512," \
"rsa-sha2-256," \
- "ssh-rsa"
+ "ssh-rsa," \
+ "ssh-dss"
/* the actual algorithms */
#define KEX_SERVER_ENCRYPT \
"chacha20-poly1305@openssh.com," \
"aes128-ctr,aes192-ctr,aes256-ctr" \
AESGCM_CIPHER_MODES
diff --git a/openssh-7.2p2/ssh_config.5 b/openssh-7.2p2/ssh_config.5
--- a/openssh-7.2p2/ssh_config.5
+++ b/openssh-7.2p2/ssh_config.5
@@ -887,19 +887,19 @@ Alternately if the specified value begin
character, then the specified key types will be appended to the default set
instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
-ssh-rsa-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-ed25519,ssh-rsa,ssh-dss
.Ed
.Pp
If hostkeys are known for the destination host then this default is modified
to prefer their algorithms.
.Pp
The list of available key types may also be obtained using the
.Fl Q
option of
@@ -1325,19 +1325,19 @@ Alternately if the specified value begin
character, then the key types after it will be appended to the default
instead of replacing it.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
-ssh-rsa-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-ed25519,ssh-rsa,ssh-dss
.Ed
.Pp
The
.Fl Q
option of
.Xr ssh 1
may be used to list supported key types.
.It Cm PubkeyAuthentication
diff --git a/openssh-7.2p2/sshd_config.5 b/openssh-7.2p2/sshd_config.5
--- a/openssh-7.2p2/sshd_config.5
+++ b/openssh-7.2p2/sshd_config.5
@@ -651,19 +651,19 @@ Alternately if the specified value begin
character, then the specified key types will be appended to the default set
instead of replacing them.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
-ssh-rsa-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-ed25519,ssh-rsa,ssh-dss
.Ed
.Pp
The
.Fl Q
option of
.Xr ssh 1
may be used to list supported key types.
.It Cm HostbasedAuthentication
@@ -743,19 +743,19 @@ environment variable.
Specifies the host key algorithms
that the server offers.
The default for this option is:
.Bd -literal -offset 3n
ecdsa-sha2-nistp256-cert-v01@openssh.com,
ecdsa-sha2-nistp384-cert-v01@openssh.com,
ecdsa-sha2-nistp521-cert-v01@openssh.com,
ssh-ed25519-cert-v01@openssh.com,
-ssh-rsa-cert-v01@openssh.com,
+ssh-rsa-cert-v01@openssh.com,ssh-dss-cert-v01@openssh.com,
ecdsa-sha2-nistp256,ecdsa-sha2-nistp384,ecdsa-sha2-nistp521,
-ssh-ed25519,ssh-rsa
+ssh-ed25519,ssh-rsa,ssh-dss
.Ed
.Pp
The list of available key types may also be obtained using the
.Fl Q
option of
.Xr ssh 1
with an argument of
.Dq key .

View File

@ -1,5 +1,5 @@
# HG changeset patch
# Parent dff5e86b989543049cc51bb57e75a63c1942cda3
# Parent 8cf6984812ab2211ce60c0a9156892b3a7ee3aaf
Allow root login with password by default. While less secure than upstream
default of forbidding access to the root account with a password, we are
temporarily introducing this change to keep the default used in older OpenSSH

View File

@ -1,5 +1,5 @@
# HG changeset patch
# Parent a80e23747c8fbba7302c5a7ccb6b206d96093e42
# Parent 5469eb754184144e42c341ccc038309e2880cadc
block SIGALRM while logging through syslog to prevent deadlocks
(through grace_alarm_handler())

View File

@ -1,5 +1,5 @@
# HG changeset patch
# Parent 7e46491ef372d47617499c58acf2ea66216858d2
# Parent c924f46e3639b3646e42dd7505c206d43d7180fa
Raise minimal size of DH group parameters to 2048 bits like upstream did in
7.2. 1024b values are believed to be in breaking range for state adversaries

View File

@ -1,7 +1,8 @@
# HG changeset patch
# Parent 779a907d59d4907d10a8f0b3f52a38d8bdf115b6
# Parent 2aa634b7522f34ddbd380c96df4e750df0608604
# posix threads are generally not supported nor safe
# (see upstream log from 2005-05-24)
# --used to be called '-pam-fix3'
diff --git a/openssh-7.2p2/auth-pam.c b/openssh-7.2p2/auth-pam.c
--- a/openssh-7.2p2/auth-pam.c

View File

@ -1,5 +1,5 @@
# HG changeset patch
# Parent 8a9b47df710e3a0bbea4af0f9274bb175944a8a9
# Parent bbb49b3f344cf24e9bbd7eb7a7c40fea21be77eb
fix paths and references in sshd man pages
diff --git a/openssh-7.2p2/sshd.8 b/openssh-7.2p2/sshd.8

View File

@ -1,7 +1,8 @@
# HG changeset patch
# Parent 40536816550c893d5ee67f90f3a917e79f73a163
# Parent 477d43e9a3889d36b58ff19cf3cb9583e1abf9ce
# force PAM in defaullt install (this was removed from upstream in 3.8p1)
# bnc#46749
# --used to be called '-pam-fix2'
diff --git a/openssh-7.2p2/sshd_config b/openssh-7.2p2/sshd_config
--- a/openssh-7.2p2/sshd_config

View File

@ -1,5 +1,6 @@
# HG changeset patch
# Parent d5e9457ee640bdd816edb9c67792cddb00c229b9
# Parent b5245fb016a3b83611d4b4ae0c1fe3423cadd6fe
# -- uset do be called '-xauthlocalhostname'
handle hostname changes when forwarding X
bnc#98627

View File

@ -1,5 +1,5 @@
# HG changeset patch
# Parent 9b5b0f2772591aaeb0ecd4c982a9d64242ed6c8b
# Parent 2ee086fa64dd40d0d50b13fa3a784717bfdd7e4b
# set uid for functions that use it to seek in lastlog and wtmp files
# bnc#18024 (was suse #3024)

View File

@ -1,5 +1,5 @@
# HG changeset patch
# Parent 9b211a1de83fa39e4b7bb36c8bd1b5fdc2bd8085
# Parent 5b217a9abc32fa963a125ae29c766c015db53bde
new option UsePAMCheckLocks to enforce checking for locked accounts while
UsePAM is used

View File

@ -1,7 +1,8 @@
# HG changeset patch
# Parent 94fb9a9ff763462af43304fc73c2913a07829226
# Parent 870f97b01b9ed00bac9ff0b8014a998434a6161b
# use same lines naming as utempter (prevents problems with using different
# formats in ?tmp? files)
# --used to be called '-pts'
diff --git a/openssh-7.2p2/loginrec.c b/openssh-7.2p2/loginrec.c
--- a/openssh-7.2p2/loginrec.c

View File

@ -1,5 +1,6 @@
# HG changeset patch
# Parent c7d5ac7548d3bc695559aee7e28569e422b6aadf
# Parent 07998e381c9867b8b6f7b9205261811934bef40f
# --used to be called '-xauth'
try to remove xauth cookies on logout
bnc#98815

View File

@ -1,5 +1,5 @@
# HG changeset patch
# Parent 4f03a27aa55b0beebf232844353779e182cd2497
# Parent 3582dd949a01d8eca2816986ca4bc0c87c96bed3
add 'getuid' syscall to list of allowed ones to prevent the sanboxed thread
from being killed by the seccomp filter

View File

@ -1,5 +1,5 @@
# HG changeset patch
# Parent 51a94ce61ff5c6908d747d8bc5806e18c6f5c114
# Parent d3afe6b01f8769713bde6c175e29a50412799e27
Allow the stat() syscall for OpenSSL re-seed patch
(which causes OpenSSL use stat() on some file)

View File

@ -1,5 +1,5 @@
# HG changeset patch
# Parent fdeedfd2266d642837d86b9b7b3cdc6c00e9535d
# Parent 505927e61d1a7848f0003adb3619cc726b8e5d15
send locales in default configuration
bnc#65747

View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Tue Jun 7 16:52:45 UTC 2016 - pcerny@suse.com
- enable support for SSHv1 protocol and discourage its usage
(bsc#983307)
- enable DSA by default for backward compatibility and discourage
its usage (bsc#983784)
[openssh-7.2p2-allow_DSS_by_default.patch]
-------------------------------------------------------------------
Mon May 30 00:30:16 UTC 2016 - pcerny@suse.com
@ -41,7 +50,499 @@ Mon May 30 00:30:16 UTC 2016 - pcerny@suse.com
-------------------------------------------------------------------
Fri May 27 23:27:51 UTC 2016 - pcerny@suse.com
- upgrade to 7.2p2 - upstream package without any SUSE patches
- upgrade to 7.2p2
upstream package without any SUSE patches
Distilled upstream log:
- OpenSSH 6.7
Potentially-incompatible changes:
* sshd(8): The default set of ciphers and MACs has been
altered to remove unsafe algorithms. In particular, CBC
ciphers and arcfour* are disabled by default.
The full set of algorithms remains available if configured
explicitly via the Ciphers and MACs sshd_config options.
* sshd(8): Support for tcpwrappers/libwrap has been removed.
* OpenSSH 6.5 and 6.6 have a bug that causes ~0.2% of
connections using the curve25519-sha256@libssh.org KEX
exchange method to fail when connecting with something that
implements the specification correctly. OpenSSH 6.7 disables
this KEX method when speaking to one of the affected
versions.
New Features:
* ssh(1), sshd(8): Add support for Unix domain socket
forwarding. A remote TCP port may be forwarded to a local
Unix domain socket and vice versa or both ends may be a Unix
domain socket.
* ssh(1), ssh-keygen(1): Add support for SSHFP DNS records for
ED25519 key types.
* sftp(1): Allow resumption of interrupted uploads.
* ssh(1): When rekeying, skip file/DNS lookups of the hostkey
if it is the same as the one sent during initial key exchange
* sshd(8): Allow explicit ::1 and 127.0.0.1 forwarding bind
addresses when GatewayPorts=no; allows client to choose
address family
* sshd(8): Add a sshd_config PermitUserRC option to control
whether ~/.ssh/rc is executed, mirroring the no-user-rc
authorized_keys option
* ssh(1): Add a %C escape sequence for LocalCommand and
ControlPath that expands to a unique identifer based on a
hash of the tuple of (local host, remote user, hostname,
port). Helps avoid exceeding miserly pathname limits for Unix
domain sockets in multiplexing control paths
* sshd(8): Make the "Too many authentication failures" message
include the user, source address, port and protocol in a
format similar to the authentication success / failure
messages
Bugfixes:
* sshd(8): Fix remote forwarding with the same listen port but
different listen address.
* ssh(1): Fix inverted test that caused PKCS#11 keys that were
explicitly listed in ssh_config or on the commandline not to
be preferred.
* ssh-keygen(1): Fix bug in KRL generation: multiple
consecutive revoked certificate serial number ranges could be
serialised to an invalid format. Readers of a broken KRL
caused by this bug will fail closed, so no
should-have-been-revoked key will be accepted.
* ssh(1): Reflect stdio-forward ("ssh -W host:port ...")
failures in exit status. Previously we were always returning 0
* ssh(1), ssh-keygen(1): Make Ed25519 keys' title fit properly
in the randomart border
* ssh-agent(1): Only cleanup agent socket in the main agent
process and not in any subprocesses it may have started (e.g.
forked askpass). Fixes agent sockets being zapped when
askpass processes fatal()
* ssh-add(1): Make stdout line-buffered; saves partial output
getting lost when ssh-add fatal()s part-way through (e.g.
when listing keys from an agent that supports key types that
ssh-add doesn't)
* ssh-keygen(1): When hashing or removing hosts, don't choke on
@revoked markers and don't remove @cert-authority markers
* ssh(1): Don't fatal when hostname canonicalisation fails and
a ProxyCommand is in use; continue and allow the ProxyCommand
to connect anyway (e.g. to a host with a name outside the DNS
behind a bastion)
* scp(1): When copying local->remote fails during read, don't
send uninitialised heap to the remote end.
* sftp(1): Fix fatal "el_insertstr failed" errors when
tab-completing filenames with a single quote char somewhere
in the string
* ssh-keyscan(1): Scan for Ed25519 keys by default.
* ssh(1): When using VerifyHostKeyDNS with a DNSSEC resolver,
down-convert any certificate keys to plain keys and attempt
SSHFP resolution. Prevents a server from skipping SSHFP
lookup and forcing a new-hostkey dialog by offering only
certificate keys.
- OpenSSH 6.8
Potentially-incompatible changes:
* sshd(8): UseDNS now defaults to 'no'. Configurations that
match against the client host name (via sshd_config or
authorized_keys) may need to re-enable it or convert to
matching against addresses.
New Features:
* Add FingerprintHash option to ssh(1) and sshd(8), and
equivalent command-line flags to the other tools to control
algorithm used for key fingerprints. The default changes from
MD5 to SHA256 and format from hex to base64.
Fingerprints now have the hash algorithm prepended. An
example of the new format:
SHA256:mVPwvezndPv/ARoIadVY98vAC0g+P/5633yTC4d/wXE Please
note that visual host keys will also be different.
* ssh(1), sshd(8): Experimental host key rotation support. Add
a protocol extension for a server to inform a client of all
its available host keys after authentication has completed.
The client may record the keys in known_hosts, allowing it to
upgrade to better host key algorithms and a server to
gracefully rotate its keys.
The client side of this is controlled by a UpdateHostkeys
config option (default off).
* ssh(1): Add a ssh_config HostbasedKeyType option to control
which host public key types are tried during host-based
authentication.
* ssh(1), sshd(8): fix connection-killing host key mismatch
errors when sshd offers multiple ECDSA keys of different
lengths.
* ssh(1): when host name canonicalisation is enabled, try to
parse host names as addresses before looking them up for
canonicalisation. fixes bz#2074 and avoiding needless DNS
lookups in some cases.
* ssh-keygen(1), sshd(8): Key Revocation Lists (KRLs) no longer
require OpenSSH to be compiled with OpenSSL support.
* ssh(1), ssh-keysign(8): Make ed25519 keys work for host based
authentication.
* sshd(8): SSH protocol v.1 workaround for the Meyer, et al,
Bleichenbacher Side Channel Attack. Fake up a bignum key
before RSA decryption.
* sshd(8): Remember which public keys have been used for
authentication and refuse to accept previously-used keys.
This allows AuthenticationMethods=publickey,publickey to
require that users authenticate using two _different_ public
keys.
* sshd(8): add sshd_config HostbasedAcceptedKeyTypes and
PubkeyAcceptedKeyTypes options to allow sshd to control what
public key types will be accepted. Currently defaults to all.
* sshd(8): Don't count partial authentication success as a
failure against MaxAuthTries.
* ssh(1): Add RevokedHostKeys option for the client to allow
text-file or KRL-based revocation of host keys.
* ssh-keygen(1), sshd(8): Permit KRLs that revoke certificates
by serial number or key ID without scoping to a particular
CA.
* ssh(1): Add a "Match canonical" criteria that allows
ssh_config Match blocks to trigger only in the second config
pass.
* ssh(1): Add a -G option to ssh that causes it to parse its
configuration and dump the result to stdout, similar to
"sshd -T".
* ssh(1): Allow Match criteria to be negated.
E.g. "Match !host".
* The regression test suite has been extended to cover more
OpenSSH features. The unit tests have been expanded and now
cover key exchange.
Bugfixes:
* ssh-keyscan(1): ssh-keyscan has been made much more robust
again servers that hang or violate the SSH protocol.
* ssh(1), ssh-keygen(1): Fix regression: Key path names were
being lost as comment fields.
* ssh(1): Allow ssh_config Port options set in the second
config parse phase to be applied (they were being ignored).
* ssh(1): Tweak config re-parsing with host canonicalisation - make
the second pass through the config files always run when host name
canonicalisation is enabled (and not whenever the host name
changes)
* ssh(1): Fix passing of wildcard forward bind addresses when
connection multiplexing is in use
* ssh-keygen(1): Fix broken private key conversion from
non-OpenSSH formats.
* ssh-keygen(1): Fix KRL generation bug when multiple CAs are
in use.
* Various fixes to manual pages
- OpenSSH 6.9
Security:
* ssh(1): when forwarding X11 connections with
ForwardX11Trusted=no, connections made after
ForwardX11Timeout expired could be permitted and no longer
subject to XSECURITY restrictions because of an ineffective
timeout check in ssh(1) coupled with "fail open" behaviour in
the X11 server when clients attempted connections with
expired credentials. This problem was reported by Jann Horn.
* ssh-agent(1): fix weakness of agent locking (ssh-add -x) to
password guessing by implementing an increasing failure
delay, storing a salted hash of the password rather than the
password itself and using a timing-safe comparison function
for verifying unlock attempts. This problem was reported by
Ryan Castellucci.
New Features:
* ssh(1), sshd(8): promote chacha20-poly1305@openssh.com to be
the default cipher
* sshd(8): support admin-specified arguments to
AuthorizedKeysCommand
* sshd(8): add AuthorizedPrincipalsCommand that allows
retrieving authorized principals information from a
subprocess rather than a file.
* ssh(1), ssh-add(1): support PKCS#11 devices with external PIN
entry devices
* sshd(8): allow GSSAPI host credential check to be relaxed for
multihomed hosts via GSSAPIStrictAcceptorCheck option
* ssh-keygen(1): support "ssh-keygen -lF hostname" to search
known_hosts and print key hashes rather than full keys.
* ssh-agent(1): add -D flag to leave ssh-agent in foreground
without enabling debug mode
Bugfixes:
* ssh(1), sshd(8): deprecate legacy
SSH2_MSG_KEX_DH_GEX_REQUEST_OLD message and do not try to use
it against some 3rd-party SSH implementations that use it
(older PuTTY, WinSCP).
* Many fixes for problems caused by compile-time deactivation
of SSH1 support (including bz#2369)
* ssh(1), sshd(8): cap DH-GEX group size at 4Kbits for Cisco
implementations as some would fail when attempting to use
group sizes >4K
* ssh(1): fix out-of-bound read in EscapeChar configuration
option parsing
* sshd(8): fix application of PermitTunnel, LoginGraceTime,
AuthenticationMethods and StreamLocalBindMask options in
Match blocks
* ssh(1), sshd(8): improve disconnection message on TCP reset;
bz#2257
* ssh(1): remove failed remote forwards established by
muliplexing from the list of active forwards
* sshd(8): make parsing of authorized_keys "environment="
options independent of PermitUserEnv being enabled
* sshd(8): fix post-auth crash with permitopen=none
* ssh(1), ssh-add(1), ssh-keygen(1): allow new-format private
keys to be encrypted with AEAD ciphers
* ssh(1): allow ListenAddress, Port and AddressFamily
configuration options to appear in any order
* sshd(8): check for and reject missing arguments for
VersionAddendum and ForceCommand
* ssh(1), sshd(8): don't treat unknown certificate extensions
as fatal
* ssh-keygen(1): make stdout and stderr output consistent
* ssh(1): mention missing DISPLAY environment in debug log when
X11 forwarding requested
* sshd(8): correctly record login when UseLogin is set
* sshd(8): Add some missing options to sshd -T output and fix
output of VersionAddendum and HostCertificate. bz#2346
* Document and improve consistency of options that accept a
"none" argument" TrustedUserCAKeys, RevokedKeys (bz#2382),
AuthorizedPrincipalsFile (bz#2288)
* ssh(1): include remote username in debug output
* sshd(8): avoid compatibility problem with some versions of
Tera Term, which would crash when they received the hostkeys
notification message (hostkeys-00@openssh.com)
* sshd(8): mention ssh-keygen -E as useful when comparing
legacy MD5 host key fingerprints
* ssh(1): clarify pseudo-terminal request behaviour and use
make manual language consistent
* ssh(1): document that the TERM environment variable is not
subject to SendEnv and AcceptEnv
- OpenSSH 7.0:
This focuses primarily on deprecating weak, legacy and/or
unsafe cryptography.
Security:
* sshd(8): OpenSSH 6.8 and 6.9 incorrectly set TTYs to be
world- writable. Local attackers may be able to write
arbitrary messages to logged-in users, including terminal
escape sequences. Reported by Nikolay Edigaryev.
* sshd(8): Portable OpenSSH only: Fixed a privilege separation
weakness related to PAM support. Attackers who could
successfully compromise the pre-authentication process for
remote code execution and who had valid credentials on the
host could impersonate other users. Reported by Moritz
Jodeit.
* sshd(8): Portable OpenSSH only: Fixed a use-after-free bug
related to PAM support that was reachable by attackers who
could compromise the pre-authentication process for remote
code execution. Also reported by Moritz Jodeit.
* sshd(8): fix circumvention of MaxAuthTries using keyboard-
interactive authentication. By specifying a long, repeating
keyboard-interactive "devices" string, an attacker could
request the same authentication method be tried thousands of
times in a single pass. The LoginGraceTime timeout in sshd(8)
and any authentication failure delays implemented by the
authentication mechanism itself were still applied. Found by
Kingcope.
Potentially-incompatible Changes:
* Support for the legacy SSH version 1 protocol is disabled by
default at compile time.
* Support for the 1024-bit diffie-hellman-group1-sha1 key
exchange is disabled by default at run-time. It may be
re-enabled using the instructions in README.legacy or
http://www.openssh.com/legacy.html
* Support for ssh-dss, ssh-dss-cert-* host and user keys is
disabled by default at run-time. These may be re-enabled
using the instructions at http://www.openssh.com/legacy.html
* Support for the legacy v00 cert format has been removed.
* The default for the sshd_config(5) PermitRootLogin option has
changed from "yes" to "prohibit-password".
* PermitRootLogin=without-password/prohibit-password now bans
all interactive authentication methods, allowing only
public-key, hostbased and GSSAPI authentication (previously
it permitted keyboard-interactive and password-less
authentication if those were enabled).
New Features:
* ssh_config(5): add PubkeyAcceptedKeyTypes option to control
which public key types are available for user authentication.
* sshd_config(5): add HostKeyAlgorithms option to control which
public key types are offered for host authentications.
* ssh(1), sshd(8): extend Ciphers, MACs, KexAlgorithms,
HostKeyAlgorithms, PubkeyAcceptedKeyTypes and
HostbasedKeyTypes options to allow appending to the default
set of algorithms instead of replacing it. Options may now be
prefixed with a '+' to append to the default, e.g.
"HostKeyAlgorithms=+ssh-dss".
* sshd_config(5): PermitRootLogin now accepts an argument of
'prohibit-password' as a less-ambiguous synonym of 'without-
password'.
Bugfixes:
* ssh(1), sshd(8): add compatability workarounds for Cisco and
more PuTTY versions.
* Fix some omissions and errors in the PROTOCOL and
PROTOCOL.mux documentation relating to Unix domain socket
forwarding
* ssh(1): Improve the ssh(1) manual page to include a better
description of Unix domain socket forwarding
* ssh(1), ssh-agent(1): skip uninitialised PKCS#11 slots,
fixing failures to load keys when they are present.
* ssh(1), ssh-agent(1): do not ignore PKCS#11 hosted keys that
wth empty CKA_ID
* sshd(8): clarify documentation for UseDNS option
- OpenSSH 7.1:
Security:
* sshd(8): OpenSSH 7.0 contained a logic error in
PermitRootLogin= prohibit-password/without-password that
could, depending on compile-time configuration, permit
password authentication to root while preventing other forms
of authentication. This problem was reported by Mantas
Mikulenas.
Bugfixes:
* ssh(1), sshd(8): add compatability workarounds for FuTTY
* ssh(1), sshd(8): refine compatability workarounds for WinSCP
* Fix a number of memory faults (double-free, free of
uninitialised memory, etc) in ssh(1) and ssh-keygen(1).
Reported by Mateusz Kocielski.
- OpenSSH 7.1p2:
* SECURITY: ssh(1): The OpenSSH client code between 5.4 and 7.1
contains experimential support for resuming SSH-connections
(roaming).
The matching server code has never been shipped, but the
client code was enabled by default and could be tricked by a
malicious server into leaking client memory to the server,
including private client user keys.
The authentication of the server host key prevents
exploitation by a man-in-the-middle, so this information leak
is restricted to connections to malicious or compromised
servers.
MITIGATION: For OpenSSH >= 5.4 the vulnerable code in the
client can be completely disabled by adding 'UseRoaming no'
to the gobal ssh_config(5) file, or to user configuration in
~/.ssh/config, or by passing -oUseRoaming=no on the command
line.
PATCH: See below for a patch to disable this feature
(Disabling Roaming in the Source Code).
This problem was reported by the Qualys Security Advisory
team.
* SECURITY: Eliminate the fallback from untrusted
X11-forwarding to trusted forwarding for cases when the X
server disables the SECURITY extension. Reported by Thomas
Hoger.
* SECURITY: Fix an out of-bound read access in the packet
handling code. Reported by Ben Hawkes.
* PROTOCOL: Correctly interpret the 'first_kex_follows' option
during the intial key exchange. Reported by Matt Johnston.
* Further use of explicit_bzero has been added in various
buffer handling code paths to guard against compilers
aggressively doing dead-store removal.
Potentially-incompatible changes:
* This release disables a number of legacy cryptographic
algorithms by default in ssh:
+ Several ciphers blowfish-cbc, cast128-cbc, all arcfour
variants and the rijndael-cbc aliases for AES.
+ MD5-based and truncated HMAC algorithms.
- OpenSSH 7.2:
Security:
* ssh(1), sshd(8): remove unfinished and unused roaming code
(was already forcibly disabled in OpenSSH 7.1p2).
* ssh(1): eliminate fallback from untrusted X11 forwarding to
trusted forwarding when the X server disables the SECURITY
extension.
* ssh(1), sshd(8): increase the minimum modulus size supported
for diffie-hellman-group-exchange to 2048 bits.
* sshd(8): pre-auth sandboxing is now enabled by default
(previous releases enabled it for new installations via
sshd_config).
New Features:
* all: add support for RSA signatures using SHA-256/512 hash
algorithms based on draft-rsa-dsa-sha2-256-03.txt and
draft-ssh-ext-info-04.txt.
* ssh(1): Add an AddKeysToAgent client option which can be set
to 'yes', 'no', 'ask', or 'confirm', and defaults to 'no'.
When enabled, a private key that is used during
authentication will be added to ssh-agent if it is running
(with confirmation enabled if set to 'confirm').
* sshd(8): add a new authorized_keys option "restrict" that
includes all current and future key restrictions
(no-*-forwarding, etc.). Also add permissive versions of the
existing restrictions, e.g. "no-pty" -> "pty". This
simplifies the task of setting up restricted keys and ensures
they are maximally-restricted, regardless of any permissions
we might implement in the future.
* ssh(1): add ssh_config CertificateFile option to explicitly
list certificates. bz#2436
* ssh-keygen(1): allow ssh-keygen to change the key comment for
all supported formats.
* ssh-keygen(1): allow fingerprinting from standard input, e.g.
"ssh-keygen -lf -"
* ssh-keygen(1): allow fingerprinting multiple public keys in a
file, e.g. "ssh-keygen -lf ~/.ssh/authorized_keys" bz#1319
* sshd(8): support "none" as an argument for sshd_config
Foreground and ChrootDirectory. Useful inside Match blocks to
override a global default. bz#2486
* ssh-keygen(1): support multiple certificates (one per line)
and reading from standard input (using "-f -") for
"ssh-keygen -L"
* ssh-keyscan(1): add "ssh-keyscan -c ..." flag to allow
fetching certificates instead of plain keys.
* ssh(1): better handle anchored FQDNs (e.g. 'cvs.openbsd.org')
in hostname canonicalisation - treat them as already
canonical and remove the trailing '.' before matching
ssh_config.
Bugfixes:
* sftp(1): existing destination directories should not
terminate recursive uploads (regression in openssh 6.8)
* ssh(1), sshd(8): correctly send back SSH2_MSG_UNIMPLEMENTED
replies to unexpected messages during key exchange.
* ssh(1): refuse attempts to set ConnectionAttempts=0, which
does not make sense and would cause ssh to print an
uninitialised stack variable.
* ssh(1): fix errors when attempting to connect to scoped IPv6
addresses with hostname canonicalisation enabled.
* sshd_config(5): list a couple more options usable in Match
blocks.
* sshd(8): fix "PubkeyAcceptedKeyTypes +..." inside a Match
block.
* ssh(1): expand tilde characters in filenames passed to -i
options before checking whether or not the identity file
exists. Avoids confusion for cases where shell doesn't expand
(e.g. "-i ~/file" vs. "-i~/file").
* ssh(1): do not prepend "exec" to the shell command run by
"Match exec" in a config file, which could cause some
commands to fail in certain environments.
* ssh-keyscan(1): fix output for multiple hosts/addrs on one
line when host hashing or a non standard port is in use
* sshd(8): skip "Could not chdir to home directory" message
when ChrootDirectory is active.
* ssh(1): include PubkeyAcceptedKeyTypes in ssh -G config dump.
* sshd(8): avoid changing TunnelForwarding device flags if they
are already what is needed; makes it possible to use tun/tap
networking as non-root user if device permissions and
interface flags are pre-established
* ssh(1), sshd(8): RekeyLimits could be exceeded by one packet.
* ssh(1): fix multiplexing master failure to notice client
exit.
* ssh(1), ssh-agent(1): avoid fatal() for PKCS11 tokens that
present empty key IDs.
* sshd(8): avoid printf of NULL argument.
* ssh(1), sshd(8): allow RekeyLimits larger than 4GB.
* ssh-keygen(1): sshd(8): fix several bugs in (unused) KRL
signature support.
* ssh(1), sshd(8): fix connections with peers that use the key
exchange guess feature of the protocol.
* sshd(8): include remote port number in log messages.
* ssh(1): don't try to load SSHv1 private key when compiled
without SSHv1 support.
* ssh-agent(1), ssh(1): fix incorrect error messages during key
loading and signing errors.
* ssh-keygen(1): don't leave empty temporary files when
performing known_hosts file edits when known_hosts doesn't
exist.
* sshd(8): correct packet format for tcpip-forward replies for
requests that don't allocate a port
* ssh(1), sshd(8): fix possible hang on closed output.
* ssh(1): expand %i in ControlPath to UID.
* ssh(1), sshd(8): fix return type of openssh_RSA_verify.
* ssh(1), sshd(8): fix some option parsing memory leaks.
* ssh(1): add a some debug output before DNS resolution; it's a
place where ssh could previously silently stall in cases of
unresponsive DNS servers.
* ssh(1): remove spurious newline in visual hostkey.
* ssh(1): fix printing (ssh -G ...) of HostKeyAlgorithms=+...
* ssh(1): fix expansion of HostkeyAlgorithms=+...
Documentation:
* ssh_config(5), sshd_config(5): update default algorithm lists
to match current reality.
* ssh(1): mention -Q key-plain and -Q key-cert query options.
* sshd_config(8): more clearly describe what
AuthorizedKeysFile=none does.
* ssh_config(5): better document ExitOnForwardFailure.
* sshd(5): mention internal DH-GEX fallback groups in manual.
* sshd_config(5): better description for MaxSessions option.
Portability:
* sshd(8): fix multiple authentication using S/Key.
- OpenSSH 7.2p2:
Security:
* sshd(8): sanitise X11 authentication credentials to avoid
xauth command injection when X11Forwarding is enabled.
(removing patches from previous version:
* CVE-2016-0777_CVE-2016-0778.patch
* openssh-6.6p1-X11-forwarding.patch

View File

@ -109,20 +109,21 @@ Source10: sshd.service
Source11: README.FIPS
Source12: cavs_driver-ssh.pl
Patch00: openssh-7.2p2-allow_root_password_login.patch
Patch01: openssh-7.2p2-X11_trusted_forwarding.patch
Patch02: openssh-7.2p2-lastlog.patch
Patch03: openssh-7.2p2-enable_PAM_by_default.patch
Patch04: openssh-7.2p2-dont_use_pthreads_in_PAM.patch
Patch05: openssh-7.2p2-eal3.patch
Patch06: openssh-7.2p2-blocksigalrm.patch
Patch07: openssh-7.2p2-send_locale.patch
Patch08: openssh-7.2p2-hostname_changes_when_forwarding_X.patch
Patch09: openssh-7.2p2-remove_xauth_cookies_on_exit.patch
Patch10: openssh-7.2p2-pts_names_formatting.patch
Patch11: openssh-7.2p2-pam_check_locks.patch
Patch12: openssh-7.2p2-disable_short_DH_parameters.patch
Patch13: openssh-7.2p2-seccomp_getuid.patch
Patch14: openssh-7.2p2-seccomp_stat.patch
Patch01: openssh-7.2p2-allow_DSS_by_default.patch
Patch02: openssh-7.2p2-X11_trusted_forwarding.patch
Patch03: openssh-7.2p2-lastlog.patch
Patch04: openssh-7.2p2-enable_PAM_by_default.patch
Patch05: openssh-7.2p2-dont_use_pthreads_in_PAM.patch
Patch06: openssh-7.2p2-eal3.patch
Patch07: openssh-7.2p2-blocksigalrm.patch
Patch08: openssh-7.2p2-send_locale.patch
Patch09: openssh-7.2p2-hostname_changes_when_forwarding_X.patch
Patch10: openssh-7.2p2-remove_xauth_cookies_on_exit.patch
Patch11: openssh-7.2p2-pts_names_formatting.patch
Patch12: openssh-7.2p2-pam_check_locks.patch
Patch13: openssh-7.2p2-disable_short_DH_parameters.patch
Patch14: openssh-7.2p2-seccomp_getuid.patch
Patch15: openssh-7.2p2-seccomp_stat.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
Conflicts: nonfreessh
Recommends: audit
@ -189,6 +190,7 @@ FIPS140 CAVS tests related parts of the OpenSSH package
%patch12 -p2
%patch13 -p2
%patch14 -p2
%patch15 -p2
cp %{SOURCE3} %{SOURCE4} %{SOURCE11} .
%build
@ -241,6 +243,7 @@ export LDFLAGS CFLAGS CXXFLAGS CPPFLAGS
%if %{needs_libedit}
--with-libedit \
%endif
--with-ssh1 \
--target=%{_target_cpu}-suse-linux \
### configure end